AAO25.com
Assist => News => Topic started by: Spanky on Tuesday, June 12, 2012, 21:42:32 PM
-
I've spent some time reworking the server list to make it look more like these forums. I've also added clickable usernames so you can click on players and it will take you to their Battletracker page. There's new map images displayed on the details page too.
Check it out:
http://s.aao25.com/
AAO25 now has a Steam group in addition to the X-Fire group! Join up here:
http://steamcommunity.com/groups/AAO25
-
Great job Spanky, nice to see you again so active around here. About the steam group, already invited some friends that used to play, maybe they come back soon :)
-
Good job Spanky, nice to see you again so active around here.
Thanks. Don't expect it to last long though :)
-
I believe you, I don't take much care on some projects for security. Specifically the server list because there's no MySQL interaction. Unless I'm mistaken, the only thing you can do is change the data on your screen right?
-
That is absolutely hilarious! I'm stunned, really. You gotta show me how to do that :D
-
But how? I know the whole code editing and tampering thing but how are you editing code on your computer and making it display things on mine? There's no database activity for the server list, it generates code whenever the user visits it. I re-downloaded my code and looked at the source but I don't see any changes? I'm incredibly amused by this.
-
So, you told the Auth server that you were running a 26/20 player server with a malicious name? That would make sense to me, someone putting Javascript in their servers name.
-
Pretty smart on your part :) Thanks. I've added htmlspecialchars(), it now looks like this:
$name = preg_replace('/[^(\x20-\x7F)]*/','', urldecode(htmlspecialchars($pieces[4])));
Give it a go! Feel free to mess around with anything else on this site or the server list, just don't ruin something permanently. I have backups but... that's a pain in the ass.
*EDIT*
Hmmm, I should probably go through the other stats code like Top Server, that could be really messy.