I was playing around with one of my test installations and discovered you can submit HTML formated descriptions. I think this is bad because any one can take advantage of this for malicious use. Whats worse any novice can forget to close their tags and ruin your build pages.
Also I found I could completely screw up my directory (or any one elses for that matter) by simply submitting descriptions that use the character "|".
This is the character used in the database file as the delimiter so when ever that character appears in the description the script will think it's reading a new field. The result is that you will end up with ID numbers that contain descriptions, decription fields that will contain email data, and Tittle fields that contain rating results etc. It totally messes it up.
If there is a way to disallow the use of html formatted descriptions or the use of special craracters such as the "|" please let me know. For every one else I would suggest staying away from the auto update type of builds and take take the time to inspect their entries as they are submitted.
Also I found I could completely screw up my directory (or any one elses for that matter) by simply submitting descriptions that use the character "|".
This is the character used in the database file as the delimiter so when ever that character appears in the description the script will think it's reading a new field. The result is that you will end up with ID numbers that contain descriptions, decription fields that will contain email data, and Tittle fields that contain rating results etc. It totally messes it up.
If there is a way to disallow the use of html formatted descriptions or the use of special craracters such as the "|" please let me know. For every one else I would suggest staying away from the auto update type of builds and take take the time to inspect their entries as they are submitted.