phpWebSite Content Management System / Patches / #33 Stop cleanArray from index.php from spamming with NOPHP

#33 Stop cleanArray from index.php from spamming with NOPHP

Milestone: Core Class

Status: closed-out-of-date

Owner: Steven Levin

Labels: Display (31)

Priority: 5

Updated: 2004-08-26

Created: 2004-06-03

Creator: rck

Private: No

I had a nasty bug in my phpWSBB. Everytime, someone
entered a some text followed by a questionmark, it would
remove the last letter and the questionmark to replace it
with worNOPHP.

So I fired up grep and came to the conclusion, that there
must be a bug in the cleanArray() method. Nice
codelayout, bzw ;-)

here's the corrected version, that works for me:

/* prevent scripting tags from being passed via http get
*/
function cleanArray (&$Value) {
if(is_array($Value)) {
array_walk ($Value, 'cleanArray');
} else {
$Value = eregi_replace("['<'|'%3C'|'<'|'<']
+script", "NOSCRIPT", $Value);

/* $Value = eregi_replace("['<'|'%3C'|'<'|'<']+\?
", "NOPHP", $Value); */

$Value = eregi_replace("'&(lt|#60);\?'", "[NOPHP.1]
", $Value);
$Value = eregi_replace("'<\?'", "[NOPHP.2]", $Value)
;
$Value = eregi_replace("'%3C\?'", "[NOPHP.3]",
$Value);

}
return;
}

...see also http://www.kiesler.at/index.php?
module=phpwsbb&PHPWSBB_MAN_OP=view&PHPWS_MAN
_ITEMS[]=33 (german thread)

Discussion

Steven Levin - 2004-08-26

Logged In: YES
user_id=225888

This has been fixed in the current version of phpwebsite.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Steven Levin - 2004-08-26

assigned_to: nobody --> jydallstar

status: open --> closed-out-of-date
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Stop cleanArray from index.php from spamming with NOPHP

Group

Searches

Help

#33 Stop cleanArray from index.php from spamming with NOPHP

Discussion