Quote:
Originally Posted by lyric
player_name isn't even stored why is that? also, it looks like the banned_by, ban_reason are suspect to sql injections which is a security issue, why is this even allowed here?
this plugin is dangerous for anyone to use, i would stay far away from it unless these issues are fixed though the author stated he doesn't care to fix the issues. can this be put in trash since it's got a sql injection problem and author don't care?
|
Both ban by and reason are controlled by admins, why would you give an untrustful person admin in the first place, and what are the chances that an admin will ban for " '*Sql Delete All* " or be named that....
As for your previous post, the reason the player name isn't stored is because it gives the public a SQL Injection chance....
__________________