Status
Not open for further replies.

CheeSie

New member
When buying user title style changes a new span tag gets added for everytime you buy a style change..
So if you bought bold, then underlined, then changed the colour.. you would have 3 extra span tags surrounding your user title.. why not combine all the styling in one span tag??

Example from my own site:
HTML:
<span class="usertitle"><span style="color:#642345; "><span style="color:#642345; "><span style="color:#642345; "><span style="color:#642345; "><span style="color:#642345; ">Administrator</span></span></span></span></span></span>

I bought several customizations just to try it out.. And this is the result..

Furthermore it can still be exploited!!!
If you input this as your "new" colour
Code:
black; font-size:20px; background:red
Then your text will be black, 20px tall and have a red background!
Would it be so hard to simply split the submitted string by spaces and then just grab the first string and then htmlspecialchars it?
PHP:
<?php

$usertitlecolor = htmlspecialchars(str_replace(';','',explode(' ', $_POST['newusertitlecolour'])[0]), ENT_QUOTES);

?>

Something like that.. You take the first "word", strip any ; because they separate the styling properties and then you add htmlspecialchars just to be sure that quotes cant be used..
 
Last edited:
It's not possible to gather them in one span tag because they function as completely separate items, that don't know about eachother.

That being said, for 1.3 I'm going to be introducing more advanced item management, which means I'll ensure that it's not possible to have multiples of the same style property.
 
Status
Not open for further replies.
Back
Top