Mystics
Fri 21st Jun '02, 10:24am
Hi,
Harvey, an user of www.vbulletin-germany.com recently detected a bug in the Edit Profile (http://www.vbulletin.com/forum/member.php?s=&action=editprofile)-Section.
You are able to insert HTML Code into your signature and make the "Edit Profile" Section in your User CP inaccessible, for example, if you use an unclosed comment tag (<!-- -->).
I have found out, that it's only a little bug in the template modifyprofile.
In this template, the variable $bbuserinfo[signature] is used, instead of the right variable $signature.
(Explanation: in member.php is the following code:
$signature=htmlspecialchars($bbuserinfo[signature]); )
Mystics
Harvey, an user of www.vbulletin-germany.com recently detected a bug in the Edit Profile (http://www.vbulletin.com/forum/member.php?s=&action=editprofile)-Section.
You are able to insert HTML Code into your signature and make the "Edit Profile" Section in your User CP inaccessible, for example, if you use an unclosed comment tag (<!-- -->).
I have found out, that it's only a little bug in the template modifyprofile.
In this template, the variable $bbuserinfo[signature] is used, instead of the right variable $signature.
(Explanation: in member.php is the following code:
$signature=htmlspecialchars($bbuserinfo[signature]); )
Mystics