Just where did you see $findfile or remove in any of the code I posted for this topic... It's not fair for you to complain about me not writing secure code when you're making alterations to the code.
I did say your example did not contain any problematic strings, but I also mentioned the obvious fact that the OP wanted to use that script with $1- and not with the example string you provided. It turns out $1- comes from on INPUT, which is less dangerous than if it came from on TEXT, but since you didn't know that, you should assume the worst.
I guess this may be my last post as I'm not going to try to ensure that every possible security threat is covered when I write code.
There aren't many security issues in scripting: the vast majority of the problems arise from double evaluations in /timer and /scon. It's not
that hard to learn how to deal with these few cases.
It's been a pleasure helping here, but it seems some people don't appreciate it.
Nobody (including myself) said your help is not appreciated here. I've only (mostly?) commented on a small minority of your posts, specifically those that contain insecure code. This was not done to hurt your feelings or anything: I feel it's my obligation to raise awareness of such issues and prevent potentially dangerous content from appearing on the forums. Sometimes that means I have to be repetitive and perhaps harsh; that doesn't mean you should take offence or feel unappreciated.
