Hi,
anyone of you has users like {username} ? Or {P}blabla ?
Well, the problem is, that 4images isn't parsing the username right if there is an opening and closing bracket ({ and }). So the user is "invisible" in the who is online, even in his profile,
even in the user administration - everywhere. The user name in the brackets is just not displayed.
Well, this is also a security problem, but i won't write on that topic much further. I was surprised, that even the new version (1.7.4) hasn't resolved that bug. I did find out about this, when "invisible users" start complaining that they can't get PM's and that they cant upload any images or create folders.
So, the bug is in the register.php, and there is a simple solution to resolve this problem.
STEP 1
open your register.php
find:
$msg .= (($msg != "") ? "<br />" : "").$lang['username_exists'];
$error = 1;
}
right after the closing } insert:
elseif (preg_match("#[<{}>]#", $user_name))
{
$msg .= (($msg != "") ? "<br />" : "").$lang['invalid_symbols'];
$error = 1;
}
save and close.
STEP 2
open /lang/english/main.php
find:
$lang['username_exists'] = "User name already exists.";
instert right below:
$lang['invalid_symbols'] = "Please use only numbers 0-9 and letters A-Z in your username!.";
save and close.
Thats it, now you get rid of the problem. In this example, we have forbidden only the symbols "<>{}", if you want forbid more symbols just add them between the [.....]
For example, if we want to forbid "$%^&*()" the line would look like this:
elseif (preg_match("#[<{}>$%^&*()]#", $user_name))
that's it.
Greetings,
George
Developers, this has to be added in the next version!