I see some moron has decided that it would be fun to put a font tag in their user name, and it's screwing up the database...

EDIT: I deleted the account, because it was really screwing things up. I'm not sure if it worked properly, though. The user was "hihihi"

[ This Message was edited by: cowsarenotevil on 2003-10-01 06:26 ]

Yeah! I saw that their name was in orange.. I thought it was kinda cool...but guess not if it causes problems. [addsig]

Yeah, I tried to private message the person about the tag, but everything got weird...

That's probly b/c the persons "real" name was like whatever the tag was, and if you just PM'd "hihihi" it would be like they didnt exist, or atleast that is my best guess =/ [addsig]

No, I PM'd them from their profile, but the tag effected the private message page. A bit like some of the ranks in the admin panel.

Yeah, the tags are invisible a since, so the system thought you wanted to PM "hihihi" when it was really something like "" that you wanted to PM. Its an interesting trick =/ [addsig]

I'll make sure it doesn't happen in YPNgine. [addsig]

Quote:
On 2003-10-01 11:45, ItinitI wrote:
Yeah, the tags are invisible a since, so the system thought you wanted to PM "hihihi" when it was really something like "" that you wanted to PM. Its an interesting trick =/



No... the PM link from the profile, which inserts the whole name. But the tags in the HTML (in his name) were read strangely. The feild had part of the tag in it, and part of it was just kind of there.

I checked out the HTML for the Special Chars section of the user profile screen: <font color = "orange">hihihi</font>. I want to know how in blazes he was able to do that

EDIT: Forgot to turn off HTML

_________________
May the Force (of programming) be with you.

[ This Message was edited by: dxprog on 2003-10-02 12:29 ]

He probly saw my post explaining the reason why users couldnt choose ranks themselves [b/c they could use images], and realized the exploit would work with font colour aswell. [addsig]