The medichan script (29)

1 Name: Anonymous : 2007-10-05 01:10 ID:+VE3ze3C [Del]

I've been quietly working on the script behind the site
The only reason I wrote it originally was because the free host I switched to after having no reason to pay $120 for a year of Dreamhost doesn't support Perl or MySQL. It uses only flat files and runs fairly well. I have some improvements to make before releasing the source code, but what do you think? It's kind of a mix between a text board like kareha and a very simple web forum.

2 Name: Anonymous : 2007-10-05 05:08 ID:Heaven [Del]

And it's written in....?

3 Name: Anonymous : 2007-10-05 06:39 ID:Heaven [Del]

It doesn't show a summary of recent discussion on the front page, and is therefore as uselessly user-unfriendly as all other phpBB-style forums.

4 Name: Eleo : 2007-10-05 13:26 ID:DyErdV89 [Del]

I'm guessing PHP since I see .php file extensions.

It's not bad.

5 Name: Anonymous : 2007-10-06 19:25 ID:5Ny5SW/k [Del]

I posted on Medichan a while back telling you how good it was. I enjoy it.

10 Name: Anonymous : 2007-10-07 14:08 ID:Heaven [Del]

uh oh, somebody's got a wet diapey.

11 Name: Anonymous : 2007-10-08 06:23 ID:uVOYJQcm [Del]

i love how you use .htm extensions.

12 Name: Anonymous : 2007-10-13 16:20 ID:Icmdjfjr [Del]

also you have the worst getCookie() function I've seen yet

also your bbcode script allows javascript URLs and is therefore xss-exploitable

13 Name: Anonymous : 2007-10-13 18:11 ID:Heaven [Del]

also bbcode is an amazingly dumb concept in the first place. if you're going to allow some sort of tag-based syntax just parse html and strip out unsafe tags.

14 Name: !WAHa.06x36 : 2007-10-14 04:23 ID:Heaven [Del]


A better concept is to parse HTML and only allow safe ones. Well, that's probably what you meant but it's better to be explicit about this stuff.

15 Name: Anonymous : 2007-10-14 14:41 ID:Heaven [Del]

it's probably worth saying that parsing HTML may be more difficult than it initially appears to be.

16 Name: !WAHa.06x36 : 2007-10-14 16:20 ID:p6gwmrtN [Del]


Not really, since you're parsing a subset. As long as you make sure to render anything you don't understand harmless, it's fairly easy.

