Beta Forums

Beta Forums > MyBB Help Forum > MyBB Help > [MyBB] About userfields
Full Version: [MyBB] About userfields
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

RateU

10-31-2009, 05:21 AM
  • MyBB Version: 1.4.9
  • PHP Version:
  • MySQL(i) Version:
  • Forumlink: localhost
  • Screenshot:
  • Actions that lead to this issue:
  • Other Usefull Info:


I want to ask about Custom Profile Fields.

I have a default custom profile fields. It is fid1 (Location) field. And I use {$userfields['fid1']} to display this field value.

I fill a simple javascript code in the field via usercp:

Code:
<script type="text/javascript">
document.write("Example Scripts");
</script>

And the result is: Example Script.

So, I think {$userfields['fidx']} will render the script that filled in the custom user fields. It doesn't happen with {$profilefields}.

So, is it secure if we use {$userfields['fidx']} code in member profile page?

LeX-

10-31-2009, 05:32 AM
Don't know if script-tags are allowed in Custom Profile Fields ( can cause troubles? if someone fills in a bad script ), could be they're filtered out by MyBB, but its secure to use {$userfields['fidX']} in the memberprofile.

RateU

10-31-2009, 05:39 AM
(10-31-2009 05:32 AM)LeX- Wrote: [ -> ]but its secure to use {$userfields['fidX']} in the memberprofile.

Thank you very much, LeX-. I'm very happy to hear that. Because when i try to use the other tag in the field, img tag, {$userfields['fidx']} show the images. The {$profilefields} will not render any script in the fields. This makes me worry if a member put a bad script there. But now, I don't worry anymore.
Beta Forums > MyBB Help Forum > MyBB Help > [MyBB] About userfields
Reference URL's