Help making code more secure

vBulletin Owner

#1 05-08-2007, 03:36 PM

Join Date: Oct 2006

Posts: 144

Help making code more secure

I thought of a great idea for a hack of mine but I'm afraid it's not a secure as it should be.
In the ACP there is an input box to type in a condition. For example you'd type in $vbulletin->userinfo[userid] == 1 and insert everything into table "links".
When calling the table "links" you would use

PHP Code:

  if(!empty($result['condition']))
{
    if(eval($result['condition']))
    {
        //code here
    }
    else
    {
       //other code here
    }
}

--------------------
vHosting Pro
Manage you hosting requests easier

Xen Web Hosting
Offering ad-free hosting with features such as, cpanel, fantastico, PHP and MySQL support, and more

Quote |

Brandon

vBSetup Team
vBulletin Owner
vBSetup Owner

#2 05-09-2007, 11:29 AM

Join Date: Jul 2006

Posts: 9,839

Location: Topeka, KS

Re: Help making code more secure

it's greek to me :p

maybe mike can help out

--------------------

Brandon Sheley / vBulletin Setup Staff
Check out our Newsletter for the latest vB and SEO news.
Are you looking for vBulletin work to be done on your forums ?
Would you like to Help Support vBulletin Setup.

Post your URL and a link to your vb.com username here to get full access.

Please do not PM me for support, that's what the forums are for.

Have you heard about Crowdgather?
Find it on Forums

Stay up to date by installing our Tool Bar

Quote |

harmor

vBulletin Owner

#3 05-09-2007, 01:28 PM

Join Date: Oct 2006

Posts: 144

Re: Help making code more secure

I can't use that anyways. I have to eval out the whole if statement and not just the argument inbetween the parenthesis.

--------------------
vHosting Pro
Manage you hosting requests easier

Xen Web Hosting
Offering ad-free hosting with features such as, cpanel, fantastico, PHP and MySQL support, and more

Quote |