cool hack Guestbook Bug Fix for HTMl tags sent in the following hack...
I just installed the guestbook program on my website.
After reading the security announcments I decided to
turn off HTML. But turning $allow_html in the setup
file to "no" didn't work.
I was able to turn HTML off by doing this:
In guestbook.setup change the line that reads
$allow_html = yes;
$allow_html = "no";
The value of $allow_html has to be in quotes.
Then, this is the part that changes the actual code,
open up guestbook.cgi. At the bottom of the Modify
Incoming Form Data section is the line
if ($allow_html != "yes")
I'm pretty sure the reason that this doesn't work is
because it uses the number version of not equals
rather than the string version. So in order to fix it
replace that line of code with
if ($allow_html ne "yes")
Once you've done that, you can choose to allow HTML
just by changing the variable in the setup file.
I think this will be useful to people setting up the
guestbook program who wish to turn off HTML.