This issue is because of an unsafe use of ForceIncomingString() in the addon. Each and every use of this function should be wrapped in htmlspecialchars() to avoid XSS attacks.
Edit files the files default.php library/Function.TagThis.php and make change all instances of ForceIncomingString([...]) to htmlspecialchars(ForceIncomingString([...])) and the code should be safe.
it seems like most people are installing this with no problem...but i have a brand new install of vanilla 1.1.10 and i am getting this error as soon as i click on the discussion tab after enabling:
Parse error: syntax error, unexpected '&', expecting T_VARIABLE or '$' in /homepages/34/d189919702/htdocs/noomagroup/discuss/extensions/TagThis/library/Function.TagThis.php on line 29
Comments
and every use of this function should be wrapped in htmlspecialchars() to avoid XSS
attacks.
Edit files the files default.php library/Function.TagThis.php and make change all
instances of ForceIncomingString([...]) to
htmlspecialchars(ForceIncomingString([...])) and the code should be safe.
Parse error: syntax error, unexpected '&', expecting T_VARIABLE or '$' in /homepages/34/d189919702/htdocs/noomagroup/discuss/extensions/TagThis/library/Function.TagThis.php on line 29
anyone have any insight on what i am missing?
Is there any way to show a set of predefined tags to the user , such that user can select the tag from specified list ?
Can any one answer my question ?
snehal