Well yeah, the script does lack validation for certain pages. Some forms such as breeding and pound are extensively validated, but others are only partially. This is the inconsistency I plan to work on for Mys v1.4.0, which will have a new and much more powerful validation system.
I honestly dont quite agree with the example on gender though, since I cannot see the benefits of changing your own gender to 'ballerina'. It will break your user profile, but it wont even bring harms to other users, do hackers actually enjoy such meaningless things? The avatar though, is a rather serious issue(which may lead to XSS) and I'd see if theres a way to post a patch at bug tracker to resolve it.
__________________
Mysidia Adoptables, a free and ever-improving script for aspiring adoptables/pets site.
|