• Welcome to PHPVIBE Forums. Please log in.
F

[ Video Sharing CMS v4 ] Html tags in comments

Started by fourdeltaOne,

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Go Down Pages1

fourdeltaOneTopic starter

Last Edit: by Alexander
hello!

I do not know how, but today some who tried to find a hole or hack site

strange started writing codes, scripts in the comments.

in the comments left here are the codes.

Code Select 
1 code ####################################

<html><body><h1>TEST</h1></body></html>


2 code ####################################

<?php echo "test";?>

3 code  ####################################

<?php     for($i = 0; $i <10; $i++) {echo $i;}?>

4 code  ####################################


<!--?php 
	for($i = 0; $i <10; $i++) {
echo $i;
}?-->


5 code  ####################################


<!--?php echo DB; ?-->
<?php echo DB; ?>


6 code  ####################################


<script>
function count_rabbits() {
    for(var i=1; i<=3; i++) {

        alert("Кролик номер "+i)
    }

}
count_rabbits();


</script>

7 code  ####################################



<input  type="file" />



I want to ask may prohibit write html, php, java code?
Skype: epic.mediauz
  •  

PHPVibe A.

#1
You think you got hacked cause that comment had code in it?
I have hundreds of those per month :)
If the code just parses and not executes, then the toDb() function does a nice job :)

fourdeltaOneTopic starter

#2
Alex. all may be)

possible to disable html in comments?
Skype: epic.mediauz
  •  

PHPVibe A.

#3
Simplest way

/lib/ajax/addComment.php

Replace
Code Select 
$com_body = toDb($_REQUEST['comment']);


with

Code Select 
$com_body = toDb(strip_tags($_REQUEST['comment']));

fourdeltaOneTopic starter

#4
nothing has changed. are the same.
Skype: epic.mediauz
  •  

PHPVibe A.

#5
New ones? Cause old ones won't change.

fourdeltaOneTopic starter

#6
yes, same.
Skype: epic.mediauz
  •  

PHPVibe A.

#7
I'll look into it and get back to you.
Go Up Pages1

Similar topics (7)