#537
10-31-2009, 05:21 AM
|
[color=green]MyBBs[/color]
|
Regdate: Oct 2009
Posts: 2
Age: N/A
Reputation: 5
|
- MyBB Version: 1.4.9
- PHP Version:
- MySQL(i) Version:
- Forumlink: localhost
- Screenshot:
- Actions that lead to this issue:
- Other Usefull Info:
I want to ask about Custom Profile Fields.
I have a default custom profile fields. It is fid1 (Location) field. And I use {$userfields['fid1']} to display this field value.
I fill a simple javascript code in the field via usercp:
Code:
<script type="text/javascript">
document.write("Example Scripts");
</script>And the result is: Example Script.
So, I think {$userfields['fidx']} will render the script that filled in the custom user fields. It doesn't happen with {$profilefields}.
So, is it secure if we use {$userfields['fidx']} code in member profile page?
