I was playing around with one of my test installations and discovered you can submit HTML formated descriptions. I think this is bad because any one can take advantage of this for malicious use. Whats worse any novice can forget to close their tags and ruin your build pages.

Also I found I could completely screw up my directory (or any one elses for that matter) by simply submitting descriptions that use the character "|".

This is the character used in the database file as the delimiter so when ever that character appears in the description the script will think it's reading a new field. The result is that you will end up with ID numbers that contain descriptions, decription fields that will contain email data, and Tittle fields that contain rating results etc. It totally messes it up.

If there is a way to disallow the use of html formatted descriptions or the use of special craracters such as the "|" please let me know. For every one else I would suggest staying away from the auto update type of builds and take take the time to inspect their entries as they are submitted.

regexp...either client-side or server-side checking or replacement of characters.

Search the forums for HTML regexp (regular expressions). Widgetz (jerry su) among others have posted codes that will do want you want...

See ya.
========================================
Buh Bye!

Cheers,
Me

We all love Jerry Su

....a possible solution would be to add this is add.cgi under

if ($status eq 'ok') {


....for html you could either change all html tags to show up as plain text using:

$rec{Description} =~ s/</&lt;/sg;

....or remove html with:

$rec{Description} =~ s/<[^>]+>//sg;

Glad to hear it guys, feel safer already