IntegraMOD

Posted: **Fri Oct 06, 2006 10:32 am**

It's simply is not a good idea to allow java scripts in post (and sigs), it will leave you open to hacking and can screw up your posts...

Fix:

Code: Select all: Open]*Java script is not allowed in posts[/color]',$lookfor,$message); $lookfor = "</script>"; $message = str_replace('[color=red]Java script is not allowed in posts*[/color]',$lookfor,$message); Open]*Java script is not allowed in posts[/color]',$message); $lookfor = "</script>"; $message = str_replace($lookfor,'[color=red]Java script is not allowed in posts*[/color]',$message);

This will replace the java tags with this message (Java script is not allowed in posts) in the post and also disable the script...

Mike

PS if you install this fix post your results here, needs testing before inclusion with 1.4.1 Beta...

Posted: **Fri Oct 06, 2006 10:37 am**

I like this. I'll have to test it out on my site. I like how it gives a warning, instead of just messing up the look of the page.

Posted: **Mon Oct 16, 2006 7:51 am**

It doesn't seem to work.
See here - http://beta.dragonsys.org/im_test/viewtopic.php?p=52
I have made the changes above on that site.

Posted: **Mon Oct 16, 2006 2:29 pm**

It is working... you will see in both posts 'Java script is not allowed in posts*

The closing java script tag is replaced by the text above... so the java can't execute...
Mike'

Posted: **Mon Oct 16, 2006 4:22 pm**

"Michaelo";p="16694" wrote:It is working... you will see in both posts 'Java script is not allowed in posts*

The closing java script tag is replaced by the text above... so the java can't execute...
Mike'

doh! guess I didn't look hard enough

Posted: **Mon Oct 16, 2006 11:57 pm**

No worries... <img>

Posted: **Mon Nov 06, 2006 6:07 am**

I made a slight change to this. The Message was not showing up in red for me, so I changed the following:

OPEN posting.php
FIND:

Code: Select all: [color=red]

REPLACE WITH][color=red][/code]
OPEN includes/functions_post.php
FIND][color=red][/code]
REPLACE WITH][color=red][/code]

This works for me <img>
Thank you Michaelo

Posted: **Mon Nov 06, 2006 9:42 am**

Dragonsys... your post did not display properly... <img>
We are working on some alternatives but the current one seems to cause the least amount of complication...

Posted: **Mon Nov 06, 2006 4:14 pm**

TIP:
Change the numbers in the color tags to $bbcode_uid
Like [color=red:92f6012507] to [color=red:$bbcode_uid]
These numbers are supposed to be unique for each post...

EDIT:
Also change the ' to " for these, otherwise it will not read $bbcode_uid as a string...

OK, here's the same code, corrected:

Code: Select all: Open]*Java script is not allowed in posts[/color]",$lookfor,$message); $lookfor = "</script>"; $message = str_replace("[color=red]Java script is not allowed in posts*[/color]",$lookfor,$message); Open: functions_post.php Find: else { $message = preg_replace($html_entities_match, $html_entities_replace, $message); } After Add: $lookfor = "<script>"; $message = str_replace($lookfor,"[color=red]*Java script is not allowed in posts[/color]",$message); $lookfor = "</script>"; $message = str_replace($lookfor,"[color=red]Java script is not allowed in posts*[/color]",$message);

Posted: **Mon Nov 06, 2006 8:10 pm**

This code has been superseded, will post new fix later... only a minor security update....

IntegraMOD

[Beta] Java in post fix!

[Beta] Java in post fix!

Re: Java in post

Re: [Beta] Java in post fix!

Re: [Beta] Java in post fix!

Re: [Beta] Java in post fix!

Re: [Beta] Java in post fix!