QuoteReplyTopic: Problem with urls containing | or [] Posted: 18 December 2005 at 9:12pm
I want to ask some question. Some URLs have special characters like | or [ or ]. When I type the URL containing this characters in the wyswyg editor it ignores them after submiting a post. So there is URL with all characters except those one, mentioned above. Of course such URLs are not valid.
You could edit the filters file in the functions directory and remove
the part of the filter that filters out [ and ], but you leave a
security whole that could mean your forum is hacked by an XSS hacker.
Is it possible to make some mod, letting only administrator to have special rights, so only administrators (or only one administrator) would be able to use special characters in URLs?
I believe (but I won't bet much money on it) that the vertical line, and square bracket characters are among the "national" characters that could have different meanings depending on the user's (or the host server's) selected national character variant 7 bit set. As such, according to W3C, those characters should not be used in a URL. They should be escaped. Some simple changes to the the formatLink function in functions_filters.asp would probably do the trick.
I haven't tested these suggestions in any way and I haven't analyzed their possible impact on security. I haven't even verified the escape codes are exactly correct. I THINK security will be uneffected and I'm pretty sure the codes are accurate. But I don't accept any responsibility should anyone choose to test my theory. If you have problems with it, I will gladly help via this forum.
Edited by JJLatWebWiz - 29 December 2005 at 6:44pm
p.s. I'm not affiliated with Web Wiz Guide in any way. I'm just an average Web Wiz user repaying my debt for the use of their fine forum by trying to help other Web Wiz Guide users.
Now, I'm not sure if you should use the hash ASCII HTML Encoding or the URL Encoding escape codes. I think, probably the latter. So you should probably use this instead:
p.s. I'm not affiliated with Web Wiz Guide in any way. I'm just an average Web Wiz user repaying my debt for the use of their fine forum by trying to help other Web Wiz Guide users.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum
Web Wiz is the trading name of Web Wiz Ltd. Company registration No. 05977755. Registered in England and Wales.
Registered office: Web Wiz Ltd, Unit 18, The Glenmore Centre, Fancy Road, Poole, Dorset, BH12 4FB, UK.
Prices exclude VAT at 20% unless otherwise stated. VAT No. GB988999105 - $, € prices shown as a guideline only.
![RSS Feed - Problem with urls containing | or []](forum_images/rss.png "RSS Feed: Problem with urls containing | or []")
Topic Options
Post Options
Thanks(0)
