Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Categories

In this Discussion

Help me test this "forum" script. - Page 2
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Help me test this "forum" script.

2»

Comments

  • subigosubigo Member

     

  • gsrdgrdghdgsrdgrdghd Member

    Can't you just use htmlspecialchars or so? And filter out all attributes of pre tags (replace

    <

    pre.*> with

    <

    pre>)

  • jhjh Member

    I like it

  • subigosubigo Member

    @gsrdgrdghd said: Can't you just use htmlspecialchars or so? And filter out all attributes of pre tags (replace

    <

    pre.*> with

    <

    pre>)

    A few preg_replace entries will be able to strip out anything that shouldn't be there. I'll have to do it tomorrow though. Too late and too many tickets tonight.

  • joepie91joepie91 Member, Patron Provider

    @subigo said: A few preg_replace entries will be able to strip out anything that shouldn't be there. I'll have to do it tomorrow though. Too late and too many tickets tonight.

    You should always be whitelisting, not blacklisting. In fact, you'll want to look at this function: http://pastebin.com/AyEF6HCi

  • matt_securedspeedmatt_securedspeed Member

    Nice and simple. Good job.

  • Ash_HawkridgeAsh_Hawkridge Member

    @subigo

    <3 your new site design.

  • netomxnetomx Moderator, Veteran

    is there a problem if I copy your design subigo ? With the division?

  • InfinityInfinity Member, Host Rep

    Really nice and simplistic, awesome stuff.

    Thanked by 1netomx
  • thekreekthekreek Member

    Its a nice idea, but it has a small problem, you need to have JS enabled, otherwise it will not work at 100%.

    Keep up, if you can make it without JS it would be nice...

  • subigosubigo Member
    edited June 2012

    @netomx said: is there a problem if I copy your design subigo ? With the division?

    Sure, go for it. I just ask you add a hidden line in the source giving me credit.

    And a couple of you sent me messages to show me you're using the original code on live sites already... lol. That's fine, but there's a reason I posted it on here to be tested. I wrote it about an hour before I posted on here and didn't do any real input sanitation. It was just a proof of concept to see if it worked for people. At the very minimum, use the new submit.php file and maybe remove the pre tags (there's a reason html isn't allowed on most forms)... and add recaptcha. And before this, I had never written anything that allows one user to post data that another user can see, so there's probably a million other bugs I haven't seen.

  • netomxnetomx Moderator, Veteran

    @subigo said: Sure, go for it. I just ask you add a hidden line in the source giving me credit.

    I will, I like it :) it will be for my RPi page :)

  • subigosubigo Member
    edited June 2012

    Thanks for all the help guys. I'll be taking down the test page later tonight. I replaced the pre tags with an auto-embed of a pastebin page via a pastebin ID. The blank pages and other issues should all be taken care of now (which means there's probably ten more that will be posted tonight).

    I'll upload a final version after I take it down.

    Thanked by 1netomx
Sign In or Register to comment.