TheRegs.org

Many Site Changes

Posted by The Regs on Wednesday June 24, 2026 at 9:36 pm

I've gone through and re-wrote most of the site code, although the basic premise of the site is the same we have updated most of the backend code:

Ensured that phpBB was up to date
Re-wrote most of the backend code
1. Worked on Security of the back-end
2. Removed reliance on phpBB for security
3. Kept some of the old theming
4. Added Bootstrap style to site
Updated PHP code and Security
1. Removed the use of $_GET and $_POST
2. URL / slugs restricted to safe characters
3. Attempted to protect forms
  1. Admin forms use tokens/keys
  2. Delete/restore actions use link hashes
  3. Invalid form submissions are rejected
4. Database safety
  1. Queries use $db->sql_escape()
  2. Insert/update data uses $db->sql_build_array()
  3. IDs are cast to integers
  4. Duplicate slug checks prevent conflicting article routes
5. Output Escaping
  1. Admin output cleaned up
  2. Public article output uses escaping helpers
  3. Code blocks are escaped before display
  4. URLs/images are constrained and escaped
6. Content Control
  1. Articles have is_active, so bad/old entries can be disabled instead of deleted.
  2. Images URLs are validated in admin as either valid URLs or local paths
There is now Audit Logging on the site.