Raised This Month: $29 Target: $400

Whitespaces are removed from the site name

Post New Thread Reply   
Thread Tools Display Modes
Author Message
Junior Member
Join Date: Dec 2014
Location: Russia
Old 03-11-2021 , 12:23   Whitespaces are removed from the site name
Reply With Quote #1

I have HLstatsX Community Edition 1.6.19-25. After saving the stats settings whitespaces in the site name option are removed. I think this is due to the valid_request() function in options.php on the line 86:

PHP Code:
if (($this->title == 'Fonts') || ($this->title == 'General')) {
$optval $_POST[$opt->name];
$search_pattern  = array('/script/i''/;/''/%/');
$replace_pattern = array('''''');
$optval preg_replace($search_pattern$replace_pattern$optval);
$optval $db->escape($optval);
} else {
$optval valid_request($_POST[$opt->name], 0);

This function is in functions.php on the line 94:
PHP Code:
function valid_request($str$numeric false)
$search_pattern = array("/[^A-Za-z\x{0410}-\x{044F}0-9Ёё\[\]*\.,=()!\"$%&^`':;#+~_\-|<>\/\\@{}]/u");
$replace_pattern = array('');
$str preg_replace($search_pattern$replace_pattern$str);
    if ( 
$numeric == false )
        if ( 
is_numeric($str) )
            return -

If I add a whitespace '\s' to the search pattern won't it lead to any vulnerabilities?

Last edited by nvRm; 03-11-2021 at 14:03.
nvRm is offline

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

All times are GMT -4. The time now is 19:57.

Powered by vBulletin®
Copyright ©2000 - 2021, vBulletin Solutions, Inc.
Theme made by Freecode