| Author |
Message |
testy1
Involved
Joined: Apr 06, 2008
Posts: 484
|
 Posted:
Tue Apr 08, 2008 11:15 pm |
|
could someone explain this to me please, the best way is to give an example.
I have taken the following from modules/Content/index.php in the latest version of RN.
I would just like to know if the second piece of code enhances the security or not.
Code:
$mytitle = check_html($mypage['title'], 'nohtml');
$mysubtitle = check_html($mypage['subtitle'], 'nohtml');
$mypage_header = check_html($mypage['page_header'], 'nocheck');
$mytext = check_html($mypage['text'], 'nocheck');
$mypage_footer = check_html($mypage['page_footer'], 'nocheck');
$mysignature = check_html($mypage['signature'], 'nocheck');
|
Code:
$mytitle = stripslashes(check_html($mypage['title'], "nohtml"));
$mysubtitle = stripslashes(check_html($mypage['subtitle'], "nohtml"));
$mypage_header = stripslashes(check_html($mypage['page_header'], ""));
$mytext = stripslashes(check_html($mypage['text'], ""));
$mypage_footer = stripslashes(check_html($mypage['page_footer'], ""));
$mysignature = stripslashes(check_html($mypage['signature'], ""));
|
Thanks |
| |
|
|
|
montego
Site Admin
Joined: Aug 29, 2004
Posts: 9457
Location: Arizona
|
| Posted:
Wed Apr 09, 2008 5:44 am |
|
No. The reason is that the check_html() function already checks to see if stripslashes is needed, and if so, it does the job. Adding another stripslashes will simply remove the ability for you to have a valid backslash used within your content. |
_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! |
|
|
|
Gremmie
Former Moderator in Good Standing
Joined: Apr 06, 2006
Posts: 2415
Location: Iowa, USA
|
| Posted:
Wed Apr 09, 2008 7:01 am |
|
If you aren't using RavenNuke however, I'm not sure. But what are you trying to do? Add stuff to the database or echo it back in HTML? |
_________________
Only registered users can see links on this board! Get registered or login! - An Event Calendar for PHP-Nuke
Only registered users can see links on this board! Get registered or login! - A Google Maps Nuke Module |
|
|
|
|
montego
|
| Posted:
Wed Apr 09, 2008 7:15 am |
|
Arrgghhh... yes, you are right Gremmie. For some reason I thought this was in the RN forums. Sorry about that.
What Gremmie said.... yes, they could be needed, but I think only if magic quotes is on assuming that we're only talking about where input from the end-user is concerned. There is really NO value on stripping slashes on data coming out from a database. |
| |
|
|
|
|
testy1
|
| Posted:
Wed Apr 09, 2008 5:13 pm |
|
ok then, just trying to get a better understanding is all.thankyou.
is there a tut or post on this somewhere to learn more about it. |
| |
|
|
|
|
Gremmie
|
| Posted:
Wed Apr 09, 2008 6:53 pm |
|
Well we could help you a bit more if you explain where the data came from (the database?, the user?), where it was going (the database?, the screen?), and what nuke flavor you have. |
| |
|
|
|
|
testy1
|
| Posted:
Wed Apr 09, 2008 8:19 pm |
|
i was looking at it in rn latest but i was comparing it to the flat patched version, but obviously the check html function in rn is further enhanced, well im assuming anyway lol |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
