There is a security flaw in your module. Never echo any content without sanitizing or your forum is open for XSS attacks. Use Gdn_Format::text() for username and Gdn_Format::to($Post->Body, $Post->Format) for the body. You certainly need to include the discussions Format column in your SQL then.
@R_J said:
There is a security flaw in your module. Never echo any content without sanitizing or your forum is open for XSS attacks. Use Gdn_Format::text() for username and Gdn_Format::to($Post->Body, $Post->Format) for the body. You certainly need to include the discussions Format column in your SQL then.
Thanks for pointing that out. These are my first week doong php development, another thing to learn xD
Comments
There is a security flaw in your module. Never echo any content without sanitizing or your forum is open for XSS attacks. Use
Gdn_Format::text()for username andGdn_Format::to($Post->Body, $Post->Format)for the body. You certainly need to include the discussions Format column in your SQL then.Thanks for pointing that out. These are my first week doong php development, another thing to learn xD