Bug HTML Comment tags parsing?

Status
Not open for further replies.
W

Webbstre

Customer
I have just discovered after a message from a user that when he tried to make an arrow using these three symbols it cut off his description from that point on: <--

Obviously, this means that the <-- is parsing as a comment tag, and breaking the description. I fear it may even be a vulnerability that other code may be parsed as well, despite that I have HTML posting turned off for everyone who isn't staff on my site. Hopefully you can find the problem. ;)
 
I can confirm this on 1.3.8 but not on my local 1.4.0b1 development files.

There's no known vulnerabilities and it has been tested for HTML/SQL injections - are you able to get actual HTML working on your installation?
 
I haven't tested for vulnerabilities, but I thought it would be worth a look at in case it was a sign of a bigger problem. Looking forward to your update ;)
 
Status
Not open for further replies.

Similar threads

Nirjonadda
  • Locked
  • Support ticket Support ticket
Bug Search Engine Optimization
Tags Tags
file order page site
Replies
5
Views
2K
Fillip H.
Fillip H.
bzcomputers
  • Locked
  • Support ticket Support ticket
Bug Thumbnail issues on upgrade
Tags Tags
3.8 box cache database download downloads hide image images issue member new number only permissions seo template ten thumbnails total update upgrade upload user version view
Replies
6
Views
1K
Fillip H.
Fillip H.
J
  • Locked
  • Support ticket Support ticket
Bug Buttons missing in version 3.0.3 vbulletin 4.2.0
Tags Tags
addon admincp advanced post thanks advanced post thanks/like button buttons choose chrome comment display document documentation download firefox folder forum forums functionality html install installation internet explorer issue link manage manual missing permissions php post question section settings support test thread upgrade upload url vbulletin view
Replies
7
Views
2K
jdj
J
V
  • Locked
  • Support ticket Support ticket
Question make a edit to suhosin
Tags Tags
admincp button chat chatbox counter error flag forum guide help htaccess html issue link lite more number only options php prefix question request server shoutbox specific staff support thread update url user usergroups variables vbshout vbulletin
Replies
9
Views
3K
Cosmic
Cosmic
naijafinder
  • Locked
  • Support ticket Support ticket
Bug Data base error (MySQL Error : Unknown column 'phrasegroup_global' in 'field list')
Tags Tags
admincp database database error description different disable error folder forum forums free help homepage html install issue language mods mysql number only php postbit question staff update upgrade url user vbulletin view
Replies
10
Views
7K
naijafinder
naijafinder

Legacy vBDownloads

vBulletin 3.8.x vBulletin 4.x.x
Seller
DragonByte Technologies
Release date
Last update
Total downloads
1,716
Customer rating
0.00 star(s) 0 ratings
Back
Top