The script in general is pretty bad, and we're trying to improve it. :) The shoutbox script, if I'm not mistaken, is made by me - and I have to admit, it's a pretty bad error. However, in future versions, I have the following code in functions.php:
Code:
// clean all our data
$_POST = array_map('secure',$_POST);
$_GET = array_map('secure',$_GET);
And then later, the function:
Code:
function secure($data) {
//This function performs security checks on all incoming form data
if(is_array($data)) {
die("Hacking Attempt!");
}
$data = htmlentities($data);
$data = mysql_real_escape_string($data);
$data = strip_tags($data, '');
return $data;
}
So rather than sanitizing the $_POST data every time we get a variable, it just does it once.
As for object-oriented-ness, I actually previously recoded the whole script in OOP for my own site. The thing is that people have been working on the current version, so either the edits made to this would need to be scrapped, or it would need to be programmed from scratch. :/
Anyway, you make very good suggestions, especially because the script is really flawed in the first place. As Kaeliah and HoF have already said, a lot of these have been/are being corrected for 1.2.x, but some issues you brought up haven't been thought over in detail yet. Thank you. :)
02-06-2011, 04:54 AM
Similar Threads
Threaded Mode