Beta Testers Needed | CookieCommons

Talk about anything in here.
bowersbros
Posts: 534
Joined: Thu May 05, 2011 8:19 pm

Re: Beta Testers Needed | CookieCommons

Post by bowersbros »

jacek wrote:
bowersbros wrote:Our idea behind not doing that, was that if somebody manually changes the template, then if it fucks up, its their fault.
True, but looking from the point of someone trying to exploit the system. Finding that they can enter any value in the theme field might make them dig deeper instead of giving up.

Keep going, we have defended against XSS, all it does it use the value you pass to change the name of the file it fetches.

It uses the passed value as a variable

The file name system is:

cookiecommons.[colour].css

So, if the user changes the variable to something not supported, all it will do is throw a nonexistent file (404)
I don't like to brag, but I wasn't circumcised. I was circumnavigated. ;)

Want to learn something new? Or maybe reinforce what you already know? Or just help out? Please subscribe to my videos: http://goo.gl/58pN9
Post Reply