I wanted to put something out there so that everyone will know. I am in the middle of several VERY large projects that are taking up ALL of my time. I haven't had a day off in about three months. These projects are finally nearing completion which will allow me to come back to babbleboard. For those of you that have been in the forums helping out, I cannot thank you enough for helping people get everything going. I hope to see you all in about a month when the upgrade will begin to be coded.
I'll be slapping this into a file later and updating the release but I want this out there now as it's a big problem I hadn't caught until someone exploited it.
Open the file: /includes/pages/register.php
change the line that read $name = $_POST['name']; to read $name = htmlentities(strip_tags($_POST['name'])); Replace every (there are several) occurrence after that of $_POST['name'] to $name. If anyone is having problems, email me at admin[at]babbleboard[dot]co[dot]uk and I will help you through it.
