Using ZBBlock

Report issues with Enuuk Auction Platform or Mods here - remember to raise a ticket with phpauction.net as well
Post Reply
RWAP
Site Admin
Posts: 750
Joined: Fri Jan 08, 2010 2:23 am
Location: Stoke-on-Trent
Contact:

Using ZBBlock

Post by RWAP » Mon Apr 29, 2013 9:30 pm

Having installed ZBBlock to help cut down spam on my server - an interesting point has come up, in that some URLs were being seen as dangerous and potential issues for SQL injection attacks.

In this instance it was seeing an issue with the URL for an item titled:
ZX81XRAM - 32k memory kit (unsoldered) for ZX81 or TS1000/1500
The resulting URL is:
http://www.sellmyretro.com/offer/detail ... %1500-2703

This was seen as dangerous as it contains the %15 ascii character code ( a non-printable character).

The easiest solution to this would be to convert the / character in an item title to a double tilde mark instead of a % mark.

This can be achieved with a search and replace function to search for:

str_replace('%','/',
replace this with:
str_replace('~~','/',

str_replace('/','%',
replace this with:
str_replace('/','~~',

str_replace('%', '/',
replace this with:
str_replace('~~','/',

str_replace("/","%",
replace this with:
str_replace('/','~~',

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest