| Author |
Message |
hicuxunicorniobestbuildpc
The Mouse Is Extension Of Arm
Joined: Aug 13, 2009
Posts: 1123
|
 Posted:
Sat Nov 06, 2010 6:06 pm |
|
All deprecated errors or warning will be here.
PhrEEkie, thanks for taking the time to explain.
I did this and the error dissapear.
Code:if( !preg_match( "#$MSAph#i", $msaurl ) ) {
|
Edit: Testing all examples from Keith
I tested all of these lines and I didn't get any error or warning!
Code:// if( !preg_match( "#$MSAph#i", $msaurl ) ) {
// if(!preg_match( '/' . preg_quote($MSAph) . '/i',$msaurl)) {
// if(!preg_match( '/' . $MSAph . '/i', $msaurl)) {
if(!preg_match( '/$MSAph/i', $msaurl)) {//I am running this one. Do you think it is the most secure?
|
|
| |
|
|
|
hicuxunicorniobestbuildpc
|
| Posted:
Mon Nov 15, 2010 2:59 am |
|
Trying to fix deprecated warning on nukesentinel.php file
/includes/nukesentinel.php
Is this correct?
Code:eregi_replace("</body>", "<hr noshade='noshade' />\n<div align='right'>"._AB_NUKESENTINEL." ".$ab_config['version_number']." "._AB_BYNSN."</div>\n</body>", $display_page);
|
Change with
Code:preg_replace("/</body>/i", "<hr noshade='noshade' />\n<div align='right'>"._AB_NUKESENTINEL." ".$ab_config['version_number']." "._AB_BYNSN."</div>\n</body>", $display_page);
|
Correct me if something should be different please.
Code: OR (isset($file) AND (eregi("http\:\/\/", $file) OR eregi("https\:\/\/", $file)))
|
Change with
Code: OR (isset($file) AND (preg_match("http\:\/\//i", $file) OR preg_match("https\:\/\//i", $file)))
|
Code: if (isset($name) && !eregi("^name=".$name, $pg) && stristr($nsnst_const['script_name'], "modules.php")) { $mod_check = 1; }
|
Change with
Code: if (isset($name) && !preg_match("/^name=/i".$name, $pg) && stristr($nsnst_const['script_name'], "modules.php")) { $mod_check = 1; }
|
|
| |
|
|
|
|
djmaze
Subject Matter Expert
Joined: May 15, 2004
Posts: 727
Location: http://tinyurl.com/5z8dmv
|
| Posted:
Mon Nov 15, 2010 11:16 am |
|
preg_match("http" is bad since it doesn't catch other schemes like ftp.
Instead use:
Code:OR (isset($file) && false !== strpos($file,'://'))
|
|
| |
|
|
|
hicuxunicorniobestbuildpc
|
| Posted:
Mon Nov 15, 2010 2:57 pm |
|
thanks for that info but can you be more specific so I can make the changes.
Did you mean this:
Code:OR (isset($file) AND (eregi("http\:\/\/", $file) OR eregi("https\:\/\/", $file)))
|
replace with
Code:OR (isset($file) && false !== strpos($file,'://')) OR (isset($file) && false !== strpos($file,'://')))
|
 |
Last edited by hicuxunicorniobestbuildpc on Wed Nov 17, 2010 2:52 am; edited 1 time in total |
|
|
|
|
djmaze
|
| Posted:
Tue Nov 16, 2010 11:10 am |
|
| unicornio wrote: | | thanks for that info but can you be more specific so I can make the changes. |
If you analyse your code i think you know why one of them is a repetitive condition. |
| |
|
|
|
|
hicuxunicorniobestbuildpc
|
| Posted:
Wed Nov 17, 2010 2:54 am |
|
So you mean this:
Code:OR (isset($file) AND (eregi("http\:\/\/", $file) OR eregi("https\:\/\/", $file)))
|
replace with
Code:OR (isset($file) && false !== strpos($file,'://'))
|
|
| |
|
|
|
|
djmaze
|
| Posted:
Thu Nov 18, 2010 1:41 am |
|
|
|
|
|
hicuxunicorniobestbuildpc
|
| Posted:
Thu Nov 18, 2010 8:59 am |
|
thank you for guiding me on this.
This is my last result
Code: // Check for XSS attack
if(!stristr($nsnst_const['query_string'], "index.php?url=") AND (!isset($_COOKIE['admin']) OR !is_admin($_COOKIE['admin']))) {
if( (isset($name) && false !== strpos($name,'://'))
OR (isset($file) && false !== strpos($file,'://'))
OR (isset($libpath) AND (preg_match("/http\:\/\//i", $libpath) OR preg_match("/https\:\/\//i", $libpath)))
OR stristr($nsnst_const['query_string'], "http://") OR stristr($nsnst_const['query_string'], "https://")
OR stristr($nsnst_const['query_string'], "_SERVER=") OR stristr($nsnst_const['query_string'], "_COOKIE=")
OR ( stristr($nsnst_const['query_string'], "cmd=") AND !stristr($nsnst_const['query_string'], "&cmd") )
OR ( stristr($nsnst_const['query_string'], "exec") AND !stristr($nsnst_const['query_string'], "execu") )
OR stristr($nsnst_const['query_string'],"concat") AND !stristr($nsnst_const['query_string'], "../") ) {
block_ip($blocker_row);
}
}
}
|
Let me know if you think is ok. The first time I got an error but now it is working fine. Intead of ))) I did )) |
| |
|
|
|
|
hicuxunicorniobestbuildpc
|
| Posted:
Thu Nov 18, 2010 9:10 am |
|
Was everything correct from code above? |
Last edited by hicuxunicorniobestbuildpc on Wed Dec 08, 2010 3:29 am; edited 1 time in total |
|
|
|
|
hicuxunicorniobestbuildpc
|
| Posted:
Sun Nov 21, 2010 8:50 am |
|
This lines is warning me with an error
Code:if (isset($name) && !preg_match("/^name=/i".$name, $pg) && stristr($nsnst_const['script_name'], "modules.php")) { $mod_check = 1; }
|
Error: preg_match(): Unknown modifier 'N'
What should I do then?
|
| |
|
|
|
|
Palbin
Site Admin
Joined: Mar 30, 2006
Posts: 2583
Location: Pittsburgh, Pennsylvania
|
| Posted:
Sun Nov 21, 2010 9:23 am |
|
$name needs to be inside the regex. |
_________________
"Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it." — Brian W. Kernighan. |
|
|
|
|
hicuxunicorniobestbuildpc
|
| Posted:
Sun Nov 21, 2010 3:29 pm |
|
Did u mean this
Code:if (isset($name) && !preg_match("/^$name=/i".$name, $pg) && stristr($nsnst_const['script_name'], "modules.php")) { $mod_check = 1; }
|
|
| |
|
|
|
|
Palbin
|
| Posted:
Fri Nov 26, 2010 10:36 pm |
|
Code:preg_match("/^name=" . $name . "/i", $pg)
|
|
| |
|
|
|
|
hicuxunicorniobestbuildpc
|
| Posted:
Wed Dec 08, 2010 3:37 am |
|
This one help me a lot palbin. Thanks
but if I have this code refering to ABConfigAdmin.php
Code: $bl = ereg_replace("abuse_", "", $templatelist[$i]);
$bl = ereg_replace(".tpl", "", $bl);
$bl = ereg_replace("_", " ", $bl);
|
Can I replace it with these one
Code: $bl = preg_replace("/abuse_/", "", $templatelist[$i]);
$bl = preg_replace("/.tpl/", "", $bl);
$bl = preg_replace("/_/", " ", $bl);
|
or
Code: $bl = str_replace("abuse_", "", $templatelist[$i]);
$bl = str_replace(".tpl", "", $bl);
$bl = str_replace("_", " ", $bl);
|
Do they do the same?
What should I use?
More efficient or More fast. I'm really confused with these regx. I need a better explanation.
 |
| |
|
|
|
|
PHrEEkie
Subject Matter Expert
Joined: Feb 23, 2004
Posts: 358
|
| Posted:
Wed Dec 08, 2010 6:08 am |
|
the preg_replace example is fine, with the exception of .tpl
In REGEX, the dot means something special, and must be escaped to be taken as literal, so:
Code:preg_replace('/\.tpl/'. '', $bl);
|
the other two are fine
- Keith |
_________________
PHP - Breaking your legacy scripts one build at a time. |
|
|
|
|
nuken
RavenNuke(tm) Development Team
Joined: Mar 11, 2007
Posts: 2024
Location: North Carolina
|
| Posted:
Wed Dec 08, 2010 7:01 am |
|
Just to let you know, these depreciated issues are being addressed and will be part of future RavenNuke releases well before php6 is released. |
_________________
Only registered users can see links on this board! Get registered or login! |
|
|
|
hicuxunicorniobestbuildpc
|
| Posted:
Sun Dec 12, 2010 10:05 am |
|
I got this
Code:if( eregi( "$key", $agent ) ) return true;
|
I replace with
Code:if( preg_match( "/$key/i", $agent ) ) return true;
|
but I get an error saying unknown value N
can anyone tell me why? |
| |
|
|
|
|
Palbin
|
| Posted:
Sun Dec 12, 2010 10:38 am |
|
unicornio, you should be using the str* functions in all cases when it is a direct text replacement. Like what you posted about in ABConfigAdmin.php. You could probably use it in the post right before this one as well, but I am not sure what $key is. |
| |
|
|
|
|
PHrEEkie
|
| Posted:
Sun Dec 12, 2010 1:59 pm |
|
Can you list the entire error, verbatim?
If $key has any special chars in it, they will be interpreted as such, which typically would not happen with an eregi. This is why, once again, variables passed to preg should be preg_quoted.
Code:if (preg_match('/' . preg_quote($key, '/') . '/i', $agent)) {
return true;
}
|
Remember that anytime a variable is used, you lose a certain amount of control over the script. It is always advisable to back up in the script and understand where $key is being populated. It might just be some plain text, or it might be control chars like TAB, etc. Let's say it was being passed file extensions, ie., .jpg, .gif, etc. Without preg_quoting, that dot would cause problems. With preg_quote, the dot would be escaped.
Regular Expressions are not something you just type in and move on. They really need to be thoroughly tested, which is why the MUCH friendlier str* functions are being recommended.
I am assuming from your posts that you are eager to understand, if not master Regular Expressions. If that's the case, I would highly recommend you look into getting a helper, something like Regex Buddy. You can build expressions and it will tell you EXACTLY what your expression is trying to accomplish. It will also allow you to enter any text to test the expression against. It has extremely advanced options, which is why it's payware. There are free versions around if you Google it, and even some online ones to be found.
You can also code a quick and dirty php script to test with.
- Keith |
| |
|
|
|
|
hicuxunicorniobestbuildpc
|
| Posted:
Mon Dec 13, 2010 6:17 am |
|
Hi PHrEEkie
Remember I have this
Code: foreach( $MSBots as $key=>$value )
if( eregi( $key, $agent ) ) return true;
return false;
}
|
Should I change it like
Code: foreach( $MSBots as $key=>$value )
if (preg_match('/' . preg_quote($key, '/') . '/i', $agent)) {
return true;
}
return false;
}
|
I have the program Regex Buddy but I don't know how to work with it yet. I can send it to you if you need it since I notice you have good knowledge about Regex. |
Last edited by hicuxunicorniobestbuildpc on Mon Dec 13, 2010 6:28 am; edited 1 time in total |
|
|
|
|
hicuxunicorniobestbuildpc
|
| Posted:
Mon Dec 13, 2010 6:18 am |
|
I did these one and everything looks fine without any error or warning.
Code: /******************************************************************************/
/* FUNCTION: get_host() */
/* Return users hostname */
/******************************************************************************/
function MSAget_os( $agent )
{
// Determine the platform they are on
if( strstr( $agent, "Win") )
{
$platform = "Windows";
if ( preg_match("/Windows NT 5\.1/i", $agent ) ) $platform = "Windows XP";
else if( preg_match("/Windows NT 5\.2/i", $agent ) ) $platform = "Windows 2003";
else if( preg_match("/Windows NT 5\.0/i", $agent ) ) $platform = "Windows 2000";
else if( preg_match("/Windows NT/i", $agent ) ) $platform = "Windows NT";
else if( preg_match("/WinNT/i", $agent ) ) $platform = "Windows NT";
else if( preg_match("/Windows ME/i", $agent ) ) $platform = "Windows ME";
else if( preg_match("/Win 9x 4.90/i", $agent ) ) $platform = "Windows ME";
else if( preg_match("/Windows ME/i", $agent ) ) $platform = "Windows ME";
else if( preg_match("/Windows CE/i", $agent ) ) $platform = "Windows CE";
else if( preg_match("/98/i", $agent ) ) $platform = "Windows 98";
else if( preg_match("/95/i", $agent ) ) $platform = "Windows 95";
else if( preg_match("/Win16/i", $agent ) ) $platform = "Windows 3.1";
else if( preg_match("/Windows 3\.1/i", $agent ) ) $platform = "Windows 3.1";
}
else if(strstr($agent, "Mac OS X" ) ) $platform = "MacOSX";
else if(strstr($agent, "Mac" ) ) $platform = "Macintosh";
else if(strstr($agent, "PPC" ) ) $platform = "Macintosh";
else if(strstr($agent, "Symbian" ) ) $platform = "Symbian";
else if(strstr($agent, "FreeBSD" ) ) $platform = "FreeBSD";
else if(strstr($agent, "SunOS" ) ) $platform = "SunOS";
else if(strstr($agent, "IRIX" ) ) $platform = "IRIX";
else if(strstr($agent, "BeOS" ) ) $platform = "BeOS";
else if(strstr($agent, "OS/2" ) ) $platform = "OS/2";
else if(strstr($agent, "AIX" ) ) $platform = "AIX";
else if(strstr($agent, "Linux" ) ) $platform = "Linux";
else if(strstr($agent, "Unix" ) ) $platform = "Unix";
else if(strstr($agent, "Amiga" ) ) $platform = "Amiga";
else $platform = "Other";
return( $platform );
}
|
but why should we repeat the same word all the time. Can we make it more efficient like calling one time strstr and preg_match?
 |
| |
|
|
|
|
PHrEEkie
|
| Posted:
Mon Dec 13, 2010 4:29 pm |
|
Each one of those string searches is matched to exactly one answer, therefore they are all necessary. The first strstr request is for Win, and seperates ALL Windows agents from all others. The function then forks one way or another to drill down to an exact OS. There is really no more efficient way than using if-elseif-else trees.
Drilling down to each exact OS like this is not necessary really, unless you're a stats freak, or the content being delivered relies on the OS answer (ie., which type of linefeeds to supply).
At any rate, the questions you are asking are indicative of a lack of understanding on exactly what str* does, versus what Regular Expressions do. They -can- do the same thing in some very specific cases, but then after that, Regular Expressions can start showing some very extreme muscle power. In many cases, it might be overkill.
If there is concern for script 'efficiency', ie., run time, the above code isn't critical, since it is only run once per request. Efficiency starts mattering when you want to process, say, a few million user agents. In this case, again, not knowing WHY the portion of script requesting this information actually needs the information to be this precise, the best course of making it more efficient is to not call it all in that form. You will usually want to tweak inefficient parts of code nested in loops, as their inefficiency gets more noticeable the more iterations you need to finish the loop.
- Keith |
| |
|
|
|
|
hicuxunicorniobestbuildpc
|
| Posted:
Mon Dec 13, 2010 6:19 pm |
|
Hi PHrEEkie
Remember I have this
Code: foreach( $MSBots as $key=>$value )
if( eregi( $key, $agent ) ) return true;
return false;
}
|
Should I change it like
Code: foreach( $MSBots as $key=>$value )
if (preg_match('/' . preg_quote($key, '/') . '/i', $agent)) {
return true;
}
return false;
}
|
PHrEEkie, where did you learn Regular Expressions. It looks like you know a lot but I would like to see examples to undertand better this problematic issue. I do know it won't be a problem when php 6 is out but I do want to know for the future. Can you check if this one is ok please. |
| |
|
|
|
|
PHrEEkie
|
| Posted:
Mon Dec 13, 2010 7:22 pm |
|
If you're asking whether that code should be changed to whatever, I simply don't know. It's a snippet. I have no idea how it's being used, or what's using it, so I have no idea how to advise you there, other to say test it! If you don't know what it's supposed to do, then you simply cannot program it, nor can you debug it.
I learned Regular Expressions the way most programmers do; by force. Sooner or later, you have to deal with them. Regular Expressions are almost a seperate language, and no matter whether you program in Java, PHP, whatever, you will end up running into them. There's so many different ways you might need them, and so many different ways to approach constructing them, that it's impossible to teach someone over a forum. I'll give you a couple of links that should get you started, but you can certainly Google more.
While going through these tutorials, I would highly recommend you fire up that Regex Buddy, plug in the examples from these sites, and learn Regex Buddy along with learning Regular Expressions.
http://zytrax.com/tech/web/regex.htm
http://www.proftpd.org/docs/howto/Regex.html
- Keith |
| |
|
|
|
|
Palbin
|
| Posted:
Mon Dec 13, 2010 8:53 pm |
|
unicornio, we have said twice before we do not know what $key is. Unless you can explain or show us what it is we can offer a concrete answer. |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
