[FIX V1.2] UTF-8 for category names

LOCKED, NO MORE REPORTS PLEASE, UPGRADE TO 1.2

Re: UTF-8 for category names

Postby smiffy6969 » Mon Oct 03, 2011 4:52 pm

Hi,

Looking at this issue, can we not push this into the blade packs, don't like the idea of altering the core just for translations, when you upgrade, you will loose these changes.

Lets ensure while im working on ver 1.2 that we have enough sockets in, then add this to the language blade packs. We can release a new type of langauge blade pack, that adds all the translations, and for that language, it re-writes any chars to usable chars.

I will ensure all all sockets are available, and we can change the language blade packs to add this.

smiffy
smiffy6969
 
Posts: 1866
Joined: Sat May 24, 2008 8:18 am
Location: Loughborough, UK

Re: UTF-8 for category names

Postby smiffy6969 » Mon Oct 03, 2011 5:00 pm

also,

this change makes you open to xss attack, you have removed the signature check on the forms.

I put this in place to ensure all form submissions originate from the domain that served them, a big help in stopping xss attacks, a random signature is created and then verified on submission, you need to add this back in


Code: Select all
        // get form signature //
        $random = false;
        if(isset($_POST['random'])){
            $randomV = htmlspecialchars(stripslashes($_POST['random']), ENT_QUOTES);
            $randomVC = htmlspecialchars(stripslashes($_SESSION['random']), ENT_QUOTES);
            if($randomV == $randomVC){
                $random = true;
            }
        }
smiffy6969
 
Posts: 1866
Joined: Sat May 24, 2008 8:18 am
Location: Loughborough, UK

Re: UTF-8 for category names

Postby Adminer » Tue Oct 04, 2011 12:44 pm

smiffy6969 wrote:also,
this change makes you open to xss attack, you have removed the signature check on the forms.


Probably, it's only the problem of russian mod ;-) My polish version is updated and secured with this block of php code - sometimes people may use an old version Razor to mod, without good patches from 1.1 secured. This alghoritm works good with conversion and is foolproof with keyboard code keys too for me in my polish fork of Razor, but can not be universal for all. Too many charset in the world...

Regards
Adminer
 
Posts: 578
Joined: Wed Apr 08, 2009 9:52 pm
Location: Poland

Re: [FIX V1.2] UTF-8 for category names

Postby smiffy6969 » Fri Oct 14, 2011 7:39 am

Extra sockets now placed in version 1.2 to help you. When you create language blade pack now, you can manipulate the chars in the cat name, substituting them by using the extra sockets. Please refer to release notes.
smiffy6969
 
Posts: 1866
Joined: Sat May 24, 2008 8:18 am
Location: Loughborough, UK

Previous

Return to Bugs - Core V1.1 STABLE [DEPRECATED]



Who is online

Users browsing this forum: No registered users and 1 guest

cron