Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> General/Other Stuff
Author Message
2McAbre
New Member
New Member



Joined: Feb 16, 2005
Posts: 20

PostPosted: Sat Feb 19, 2005 5:08 pm Reply with quote

I have these little weather.com magnets that are simple little scripts. At my old HTML site they worked just fine for the "regional" info pages I had setup.

IE it was a one stop page for folks to "See" their local weather, and access their local online newspapers and such.

Anyway, when I migrated to pnpnuke, I pretty much got all the pages from the old site inserted as content. But the scripts were not allowed.

I located inside the main.php file where scripts are "stopped".

My question is (perhaps a silly one) if I temporarily remove this restriction so I can insert these pages with the script intact, then replace the restriction to stop users from inserting script.

Will the content pages function correctly with the inserted script?


I saw the weather 3.0 mod and thought to just wait for it, and see if I can just insert the block relevant to the pages content. But was still curious if the pages would work.

Another small question… There seems to be a character limitation on inserted content. Seems to be around 10000. Does anyone know if this limit can be increased? and where it may be?

I have a couple of hefty pages, a few I simply split into two separate pages, but one would be a real nightmare, and its about 88K.

I am a news junkie and have a page where I have compiled news source from all over the world.

Newspapers From Around The World

I figure if I strip the style formating out (so it'll blend with the theme style) I maybe can get it down a bit more, but not much.
 
View user's profile Send private message
Raven
Site Admin/Owner



Joined: Aug 27, 2002
Posts: 17088

PostPosted: Sun Feb 20, 2005 12:56 am Reply with quote

If I'm understanding you correctly, you need to modify
Code:


   foreach ($_GET as $secvalue) {
      if ((eregi("<[^>]*script*\"?[^>]*>", $secvalue)) ||
      (eregi("<[^>]*object*\"?[^>]*>", $secvalue)) ||
      (eregi("<[^>]*iframe*\"?[^>]*>", $secvalue)) ||
      (eregi("<[^>]*applet*\"?[^>]*>", $secvalue)) ||
      (eregi("<[^>]*meta*\"?[^>]*>", $secvalue)) ||
      (eregi("<[^>]*style*\"?[^>]*>", $secvalue)) ||
      (eregi("<[^>]*form*\"?[^>]*>", $secvalue)) ||
      (eregi("\([^>]*\"?[^)]*\)", $secvalue)) ||
      (eregi("\"", $secvalue))) {
      die ("<center><img src=images/logo.gif><br><br><b>The html tags you attempted to use are not allowed</b><br><br>[ <a href=\"javascript:history.go(-1)\"><b>Go Back</b></a> ]");
      }
   }

   foreach ($_POST as $secvalue) {
      if ((eregi("<[^>]script*\"?[^>]*>", $secvalue)) ||   (eregi("<[^>]style*\"?[^>]*>", $secvalue))) {
         die ("<center><img src=images/logo.gif><br><br><b>The html tags you attempted to use are not allowed</b><br><br>[ <a href=\"javascript:history.go(-1)\"><b>Go Back</b></a> ]");
      }
}
to
Code:
if (!is_admin($admin)) {

   foreach ($_GET as $secvalue) {
      if ((eregi("<[^>]*script*\"?[^>]*>", $secvalue)) ||
      (eregi("<[^>]*object*\"?[^>]*>", $secvalue)) ||
      (eregi("<[^>]*iframe*\"?[^>]*>", $secvalue)) ||
      (eregi("<[^>]*applet*\"?[^>]*>", $secvalue)) ||
      (eregi("<[^>]*meta*\"?[^>]*>", $secvalue)) ||
      (eregi("<[^>]*style*\"?[^>]*>", $secvalue)) ||
      (eregi("<[^>]*form*\"?[^>]*>", $secvalue)) ||
      (eregi("\([^>]*\"?[^)]*\)", $secvalue)) ||
      (eregi("\"", $secvalue))) {
      die ("<center><img src=images/logo.gif><br><br><b>The html tags you attempted to use are not allowed</b><br><br>[ <a href=\"javascript:history.go(-1)\"><b>Go Back</b></a> ]");
      }
   }

   foreach ($_POST as $secvalue) {
      if ((eregi("<[^>]script*\"?[^>]*>", $secvalue)) ||   (eregi("<[^>]style*\"?[^>]*>", $secvalue))) {
         die ("<center><img src=images/logo.gif><br><br><b>The html tags you attempted to use are not allowed</b><br><br>[ <a href=\"javascript:history.go(-1)\"><b>Go Back</b></a> ]");
      }
   }
}
 
View user's profile Send private message
2McAbre







PostPosted: Sun Feb 20, 2005 9:31 am Reply with quote

Oh HEY yeah thanks Raven! That will work too!

I'm starting to grasp PHP a bit more. I was just thinking of removing the script part altogether, then putting it back when I was done ROTFL

But this works better! Just give permission to the Admin!

Good Grief! I will be donating to your cause today for sure! I have gotten more help here in the past couple days, they at any of the other forums these past couple weeks!

Being that I MOD and ADMIN at several other tech sites (hardware and imaging are my forte) I try really hard not to post the same question at too many forums "at the same time".

Sure you all can relate to the problems that creates for "new" folks. They get 30 different replies and try to do 30 different things, then make a bigger mess!

RavensScripts

P.S. (sorry OffTopic I know) Any idea how to increase the character limit for content pages?
 
Raven







PostPosted: Sun Feb 20, 2005 9:59 am Reply with quote

The first thing you do is to look at the table schema for the column you want (use phpMyAdmin). Let's say the column shows a type of varchar(500). Varchar is limited to to 2000 if I remember correctly, so you could just change the length to varchar(1000) or more. Once that has been done, just try it. If you are still limited, then you knmow there is a cross-check in the code itself, ie, an edit. So, find all references to that column and up the length or remove the restriction.
 
2McAbre







PostPosted: Sun Feb 20, 2005 12:50 pm Reply with quote

Thank you so much, I will research this and see what I can accomplish!

P.S. The above code change worked like a charm…

But I will ad one caveat for anyone else reading this… Image

If you were to do this, make sure to disable "Script" blocking in Nuke Sentinel first!

Otherwise it sees you as doing a scripting attack. Once you have your code inserted and saved to the content page, simply turn the script blocker back on.

And all will be well! Dance-Stick Image Dance-Stick
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> General/Other Stuff

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©