Snitz Forums 2000
Snitz Forums 2000
Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
 Password:
Save Password
Forgot your Password?

 All Forums
 Snitz Forums 2000 DEV-Group
 DEV Bug Reports (Closed)
 V33(.02)+V33(.03) BUG+FIX Problem in pop_pword.asp		  Forum Locked  Topic Locked
 Printer Friendly
Author Previous Topic Topic Next Topic  

c1541
Starting Member

1 Posts
Posted - 20 August 2001 :  16:23:31  Show Profile
Hi,

I told the developers about a security problem with pop_pword.asp via email while v3.3.02 was the current release but this hasn't been fixed in v3.3.03 so I'm posting some fixes for the problem here.

Change line #68 of pop_pword.asp:
strRecipients = "" & rs("M_EMAIL")


Richard Kinser recommended adding the following to line #45 of pop_pword.asp:
if not IsValidString(Request.Form("Name")) then
    Err_Msg = Err_Msg & "<li> You may not use any of these chars in your username !#$%^&*()=+{}[]|\;:/?<,> </li>"
end if


and for good measure you might as well add:
if not IsValidString(Request.Form("email")) then
    Err_Msg = Err_Msg & "<li> You may not use any of these chars in your email address !#$%^&*()=+{}[]|\;:/?<,> </li>"
end if

gor
Retired Admin

Netherlands
5511 Posts
Posted - 20 August 2001 :  18:06:27  Show Profile  Visit gor's Homepage
Fixed in the source.

If you download(ed) version 3.3.03 and the zip-file was named sf2k_v33_033.zip
the bug is fixed. If you have got an older zip-file, then please re-download.

Pierre
Join a Snitz Mailinglist
Go to Top of Page
  Previous Topic Topic Next Topic  
 Forum Locked  Topic Locked
 Printer Friendly
Jump To:
Snitz Forums 2000 © 2000-2021 Snitz™ Communications Go To Top Of Page
This page was generated in 0.1 seconds. Powered By: Snitz Forums 2000 Version 3.4.07