User(s) Viewing This Thread: 1 Guest(s)
[ Tags: about | userfields ]
Post Thread  Post Reply 
Thread Rating:
  • 1 Votes - 1 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[MyBB] About userfields
10-30-2009, 10:21 PM
Post: #1
[MyBB] About userfields
  • MyBB Version: 1.4.9
  • PHP Version:
  • MySQL(i) Version:
  • Forumlink: localhost
  • Screenshot:
  • Actions that lead to this issue:
  • Other Usefull Info:

I want to ask about Custom Profile Fields.

I have a default custom profile fields. It is fid1 (Location) field. And I use {$userfields['fid1']} to display this field value.

I fill a simple javascript code in the field via usercp:

<script type="text/javascript">
document.write("Example Scripts");

And the result is: Example Script.

So, I think {$userfields['fidx']} will render the script that filled in the custom user fields. It doesn't happen with {$profilefields}.

So, is it secure if we use {$userfields['fidx']} code in member profile page?
Find all posts by this user
Quote this message in a reply
[ Tags: about | userfields ]
Post Reply 

Messages In This Thread
[MyBB] About userfields - RateU - 10-30-2009 10:21 PM
RE: [MyBB] About userfields - LeX- - 10-30-2009, 10:32 PM
RE: [MyBB] About userfields - RateU - 10-30-2009, 10:39 PM

Forum Jump:

Permissions Box
You cannot Post Threads.
You cannot Post Replies.
You cannot Post Attachments.
You cannot Edit Your Posts.
HTML is off
MyCode is on
Smilies is on
[img]-code is on