Thread: Help us Beta Test the DC event promo website

Under the important links, there is a line that says "tell others to join us"

when you click on the link, this comes up.

Friends, I am supporting Hold Their Feet to the Fire 2007 to try and stop Amnesty for illegal aliens. I hope you will support my efforts by either joining us in Washington DC or flooding the offices in Congress with calls to Stop Guest Worker Amnesty! For more details, please visit [there is nothing here]

Someone needs to add a link there.

Good feedback folks.

Yes, John and Ken are going and we need to make sure they are on the list.

I will make sure JP gets your messages and touches things up as soon as possible.

Keep looking for improvement for us please.

W

ok whereever you have this:
SRC="http://www.holdtheirfeettothefire.org/images/hold_their_feet_to_the_fire_left_banner.gif"

you need to hide the path to the images folder.
If i go to the url address in my browser (and anyone else for that matter)
and type in http://www.holdtheirfeettothefire.org/images
bamo i'm inside the images folder on your server, a great place for hacking to start.

so instead do something like SRC= "../images/hold_their_feet_to_the_fire_left_banner.gif"

this goes for anyplace else that you may have a url pointing to a file on the server.

also if I click on the submit button at the bottom of the form (also on the email sign up)on the page it actually submits and gives me the "thank you ..." text. You may want to put some script in to check for blank entries, full address etc. using a pop up.
AND be sure that the script scrubs out any characters like " / .. ' \ // etc." you want alpha numeric only (helps prevent sql injection attacks).

Originally Posted by anniealone

Under the important links, there is a line that says "tell others to join us"

when you click on the link, this comes up.

Friends, I am supporting Hold Their Feet to the Fire 2007 to try and stop Amnesty for illegal aliens. I hope you will support my efforts by either joining us in Washington DC or flooding the offices in Congress with calls to Stop Guest Worker Amnesty! For more details, please visit [there is nothing here]

Someone needs to add a link there.

Thats a Javascript Link and if Javascript is turned off in your browser settings or security settings then it wont work. It should open your email and include the link.

Originally Posted by Dagmar

ok whereever you have this:
SRC="http://www.holdtheirfeettothefire.org/images/hold_their_feet_to_the_fire_left_banner.gif"

you need to hide the path to the images folder.
If i go to the url address in my browser (and anyone else for that matter)
and type in http://www.holdtheirfeettothefire.org/images
bamo i'm inside the images folder on your server, a great place for hacking to start.

so instead do something like SRC= "../images/hold_their_feet_to_the_fire_left_banner.gif"

this goes for anyplace else that you may have a url pointing to a file on the server.

also if I click on the submit button at the bottom of the form (also on the email sign up)on the page it actually submits and gives me the "thank you ..." text. You may want to put some script in to check for blank entries, full address etc. using a pop up.
AND be sure that the script scrubs out any characters like " / .. ' \ // etc." you want alpha numeric only (helps prevent sql injection attacks).

Thanks, I'll inform the DB person about the SQL. I can close out the images dierctory with a simple file.

Ok,
All corrections have been made that I am able. I appreciate everyone's input on this. It makes it a lot easier to get things done.

Originally Posted by jp_48504

Ok,
All corrections have been made that I am able. I appreciate everyone's input on this. It makes it a lot easier to get things done.

Glad to help.