Skip to:
Content
Pages
Categories
Search
Top
Bottom

How do you delete user profile text

  • @halfpint

    Participant

    If I add more profile text boxes and the user puts javacode into one of the boxes instead of what they are supposed to type in, How do I delete the the javacode within the text area as added profile text boxes are not showing up in my admin panel under Authors and Users.

    Thanks

Viewing 17 replies - 1 through 17 (of 17 total)
  • @halfpint

    Participant

    I went into the data base and deleted it, but this wont stop people from injecting malicous code into “unsanatised” user fields…

    @burtadsit

    Participant

    If you haven\’t altered any of the profile filtering mechanisms then the js will get removed. It gets filtered out by the standard wp filters which get run on the profile fields. The profile fields don\’t show up in the wp backend. If you have a user trying to insert js into a profile field I would delete that user. Now.

    What version of bp are you running? I see all sorts of filtering going on in trunk.

    bp-xprofile-filters.php

    @apeatling

    Keymaster

    User fields are sanitized if you are using the standard BuddyPress template tags or function calls.

    @halfpint

    Participant

    Hi Burtadsit

    I am using Core: 1.0-RC1 / Profile: 1.0-RC1 / Messages: 1.0-RC1 / Blogs: 1.0-RC1 / Friends: 1.0-RC1 / Groups: 1.0-RC1 / Activity: 1.0-RC1 / Wire: 1.0-RC1 / Forums: 1.0-RC1 /

    The base profile is fine, its when you add more user profile boxes like \”Age\” for an example.

    The guy that entered it did it to show how vunrable it is,he then sent me a message to let me know. I havent altered any of the filtering mechanisms.

    @halfpint

    Participant

    I am using the standard BuddyPress template aswell

    @apeatling

    Keymaster

    I’ve added filters on these values now. Since only the site administrator has access to this, I can’t qualify this as a major security risk.

    Any data entered or created by any other user is filtered.

    @halfpint

    Participant

    One way I can stop this when adding more user profile boxes is to only use tick boxes, I guess that would work for users to select their age instead of having the user type it in.

    @halfpint

    Participant

    Thanks for all of your help, Its much appreciated

    @halfpint

    Participant

    Sorry to be a pain but how do I add the filters to the values you said above. Is there a patch or should I just re-download the script and re-install it.

    thanks

    @apeatling

    Keymaster

    If you\’re using SVN then update it with that, if not, then download from this zip and overwrite your files:

    https://trac.buddypress.org/changeset/1280/trunk?old_path=%2F&format=zip

    @halfpint

    Participant

    Ok thanks Andy

    @halfpint

    Participant

    Hello again.. After I overwrote the files. My register page will not show up if somebody tries to register. The bp-core-signup.php is in wp/mu-plugins/bp-core folder.I Have no idea why the signup page wont show now when it was fine before.

    Thanks

    @burtadsit

    Participant

    I don’t know what rev of bp you were using before but things have changed in that rev. The member theme are now located in /wp-content/bp-themes. See the readme in the bp-themes dir in that zip. Make sure you update the themes also.

    @halfpint

    Participant

    Ok thanks once again.. Will do that now..You guys are stars

    @halfpint

    Participant

    I think Im gonna have to do a complete re-install I have moved and updated the themes and now Iam getting an error on the home page

    Fatal error: Cannot redeclare bp_core_signup_set_headers() (previously declared in /home/xxxxxx/public_html/wp-content/mu-plugins/bp-core-signup.php:4) in /home/xxxxxx/public_html/wp-content/mu-plugins/bp-core/bp-core-signup.php on line 11

    @halfpint

    Participant

    Just to let you know everything is now working fine.I did not have to do a complete re-install. I for some reason had the signup-php in the mu-plugins and in the bp-core..lol It was all my fault… Im.tired well thats my excuse anyway …

    Thanks again for all of your help

    @happa

    Member

    Hey Halfpint , I’m getting the same error as you when I try to activate the facebuddy theme..

    I’ve looked in the locations you stated above but I only have the bp core signup.php only in bp-core directory , and not in mu-plugins or anywhere else that I can see.

    Any help is greatly appreciated. :)

    Thanks,

    Jenny

Viewing 17 replies - 1 through 17 (of 17 total)
  • The topic ‘How do you delete user profile text’ is closed to new replies.
Skip to toolbar