Demo Discussion

Forum Config Examples Contributions Vulnerabilities

Discussion forum about ELOG  Not logged in

Back  |  Find  |  Login  |  Help

Can't set Author attribute properly in reply?, posted by Chris Green on Mon Jul 25 23:39:16 2005        Re: Can't set Author attribute properly in reply?, posted by Emiliano Gabrielli on Tue Jul 26 10:00:34 2005        Re: Can't set Author attribute properly in reply?, posted by Stefan Ritt on Tue Jul 26 10:02:58 2005           Re: Can't set Author attribute properly in reply?, posted by Emiliano Gabrielli on Tue Jul 26 10:49:12 2005              Re: Can't set Author attribute properly in reply?, posted by Stefan Ritt on Tue Jul 26 10:51:12 2005                 Re: Can't set Author attribute properly in reply?, posted by Emiliano Gabrielli on Tue Jul 26 10:55:03 2005                    Re: Can't set Author attribute properly in reply?, posted by Stefan Ritt on Tue Jul 26 10:59:45 2005                       Re: Can't set Author attribute properly in reply?, posted by Emiliano Gabrielli on Tue Jul 26 12:02:35 2005        Re: Can't set Author attribute properly in reply?, posted by Chris Green on Tue Jul 26 17:32:59 2005

Message ID: 1328     Entry time: Tue Jul 26 12:02:35 2005     In reply to: 1327 Icon:   Author: Emiliano Gabrielli  Author Email: AlberT@SuperAlberT.it  Category: Question  OS: Linux  ELOG Version: 2.6.0b  Subject: Re: Can't set Author attribute properly in reply?

Stefan Ritt wrote: Emiliano Gabrielli wrote: The following code will assure that, if the HTML generated by elog would be modified by hand by a malicious user the server can still preset the author field with the right $long_name? Ok, you're right. But that requires quite some knowledge to change the generated HTML by hand. So for paranoiac people the "Subst" might be better. Actually you could have both the "Preset on Reply" and the "Subst on Reply", so on the reply entry form one sees already the correct author. It's my actual configuration infact

ELOG V3.1.5-3fb85fa6