GoFuckYourself.com - Adult Webmaster Forum - View Single Post - Free tube script w/o user uploads (embed only) + sponsor imports

jimbona · 10-31-2008, 09:58 AM

on the free.zip you might want to include the root functions.php in functions/cookie.php still open to abuse if register_globals is on.

In your functions.php you pull all vars to local ones and do nothing but stripslashes to ints you could be open to other exploits by pulling all vars to local ones (which is what register_globals used to do)

play.php uses _GET and not the local vars so open to abuse you might want to include your functions file and use your local vars.

10-31-2008, 09:58 AM
jimbona Confirmed User Join Date: Jan 2007 Posts: 190	on the free.zip you might want to include the root functions.php in functions/cookie.php still open to abuse if register_globals is on. In your functions.php you pull all vars to local ones and do nothing but stripslashes to ints you could be open to other exploits by pulling all vars to local ones (which is what register_globals used to do) play.php uses _GET and not the local vars so open to abuse you might want to include your functions file and use your local vars. __________________ Thanks Paul Thunder-Ball.net - Member