I cannot use a URL with the word script in it...

Client Joined: Jul 18, 2003 Posts: 977

I have a block called Worth Visiting!! on my site and I had a link to your old addy Raven. When I updated it to the new address it will not let me save the URL with the word script in it. I tried it several different ways and if I take any letter out of the word script it will save, if I use the entire word it kicks me out of the admin panel and back to the home page.

Site Admin/Owner Joined: Aug 27, 2002 Posts: 17088

Poor coding on the part of FB in mainfile.php

Code:

foreach ($_GET as $secvalue) {


    if ((eregi("<[^>]*script*\"?[^>]*>", $secvalue)) ||


   (eregi("<[^>]*object*\"?[^>]*>", $secvalue)) ||


   (eregi("<[^>]*iframe*\"?[^>]*>", $secvalue)) ||


   (eregi("<[^>]*applet*\"?[^>]*>", $secvalue)) ||


   (eregi("<[^>]*meta*\"?[^>]*>", $secvalue)) ||


   (eregi("<[^>]*style*\"?[^>]*>", $secvalue)) ||


   (eregi("<[^>]*form*\"?[^>]*>", $secvalue)) ||


   (eregi("<[^>]*img*\"?[^>]*>", $secvalue)) ||


   (eregi("\([^>]*\"?[^)]*\)", $secvalue)) ||


   (eregi("\"", $secvalue))) {


   die ("I don't like you...");


    }


}





foreach ($_POST as $secvalue) {


    if ((eregi("<[^>]*script*\"?[^>]*>", $secvalue)) ||   (eregi("<[^>]*style*\"?[^>]*>", $secvalue))) {


        Header("Location: index.php");


        die();


    }


}

If you check all stories before they get posted, the quick fix is to comment out the wcript check in these 2 lines. Only one is causing it. Play with it to see which one. It's probably the GET.

Posted: Wed Sep 17, 2003 2:22 pm

thanks for the reply! ummm how do I comment something out? I am learning... heh heh Embarassed

Posted: Wed Sep 17, 2003 3:03 pm

Well, in this case we would use /* */ as in

Code:

if (/*(eregi("<[^>]*script*\"?[^>]*>", $secvalue)) ||*/

Posted: Wed Sep 17, 2003 3:25 pm

thank you... unknown entity

Posted: Tue Sep 30, 2003 1:48 pm

Raven, I commented out one and then the other and it is the POST statement that did it.