Do you think I could just leave this part blank and it'd be okay? We're just going to replace the whole thing with a header image anyway, right?
You are not logged in.
Pages: 1
I have no idea at all if it's possible but if we could create our own using hh, mm, ss, dd, yyyy, etc. that'd be cool. Like "Mmm". "dd", "yyyy" at "hh":"mm":"ss" "tt" would be Oct. 26, 2016 at 5:47:35 PM
Or boxes like BBCode but with different month/day/time formats to mix and match like this:
Offline
I don't have time to look through FluxBB itself right now but this is probably plenty doable with php's date function. Not sure about errors though so it might be necessary to add extra validation for this option. Good luck diff.
Offline
I don't have time to look through FluxBB itself right now but this is probably plenty doable with php's date function. Not sure about errors though so it might be necessary to add extra validation for this option. Good luck diff.
is it possible to do like try/catch for all potential errors and just set the user's custom datestring if they clean scot-free? Guess it becomes the user's fault if they do something incoherent
Offline
perhaps, but when it comes to php the concerning errors tend to not work quite that conveniently
Offline
Supporting http://strftime.net/ would be nice
Offline
but what if i use my date time format for shell injection
Offline
fluxbb has a db escape function used for ****, so for database there's no reason for this to be more of a vulnerability than any other custom text unless diff messes up, the only worry should be an issue with the function itself unless I am messing up a lot by not thinking of something right now
Offline
but what if i use my date time format for shell injection
well I mean I'll be honest and say I've never heard of that. I'll further my honesty and say if it was or was not a thing, my expertise is not expansive enough to call you out on that. Google says that's not a thing, though.
but yeah. kinda like rat(burn(tro)) said... seems like diff would be apt for the task... something something seashells (thanks EB)
Offline
well I mean I'll be honest and say I've never heard of that.
shell -> leet php code to do whatever you want including destroy the pc of the server
( which happened to me yeay )
Offline
oh well i mean for date format if you just plain old have
date("blah blah blah $userinput");
or date("blah blah blah " . $userinput . ");
or something you could theoretically do
");
//INSERT SHELL
echo "shell";
echo date("aaaa
or something like
"x");
//INSERT SHELL
echo "shell";
echo date("a"
if website is not secure enough.
obv this won't be an issue as the forums havn't been hacked yet by these text boxes
Offline
Offline
Might be possible. IIRC the forums have a hardcoded array of time/date formats and each user has a number that matches up with an entry in that array, which is then fed into the date format probably. Don't see why we couldn't cut out the middle man there.
oh well i mean for date format if you just plain old have
date("blah blah blah $userinput");
or date("blah blah blah " . $userinput . ");
or something you could theoretically do
"); //INSERT SHELL echo "shell"; echo date("aaaa
or something like
"x"); //INSERT SHELL echo "shell"; echo date("a"
if website is not secure enough.
obv this won't be an issue as the forums havn't been hacked yet by these text boxes
As long as I don't go full retard and try to grab the date from something like shell_exec('date +'.$dateformat); we should be good to go.
"Sometimes failing a leap of faith is better than inching forward"
- ShinsukeIto
Offline
Pages: 1
[ Started around 1732235555.346 - Generated in 1.174 seconds, 12 queries executed - Memory usage: 1.56 MiB (Peak: 1.75 MiB) ]