Problema tada, shoutboxa var ievadit visus html tagu <script></script> ut....
Man vajag lai nevaretu to izdarit.
<?php
if($_COOKIE['member_id'] > 0) {
define('WWW','www');
if (!defined('WWW')) { header('Location: http://'.$_SERVER['HTTP_HOST'].''); die(); }
$host = "localhost"; // db hosts
$dbname = "rs"; // foruma datubaze
$dbuser = "rs"; // foruma db users
$dbpass = "pass"; // juusu foruma datubaazes parole
$link = mysql_connect($host, $dbuser, $dbpass)
or die("NEsanaaca piekontektities: " . mysql_error());
mysql_select_db($dbname) or die("Datubaaze neekstistee");
$rez=mysql_query("SELECT * FROM shoutbox ORDER BY date");
if (isset($_POST['ierakstiit'])) {$body = stripslashes(mysql_real_escape_string($_POST['body'])); if ($body == '') {unset($_POST['ierakstiit']);}}
echo $r['date'];
$selekts=mysql_query("SELECT * FROM ibf_members WHERE id=".$_COOKIE['member_id']);
while ($r = mysql_fetch_array($selekts))
{
if(isset($_POST['ierakstiit'])) {
$body = stripslashes(mysql_real_escape_string($_POST['body']));
$datums = date('Y-m-d, H:i:s');
$memb_id = $_COOKIE['member_id'];
$membera_niks=$r['members_display_name'];
mysql_query("INSERT INTO shoutbox (nick, body, date, userid) VALUES ('$membera_niks','$body','$datums','$memb_id')");
echo "<meta http-equiv='refresh' content='0;url=#'>";
}
}
if($_COOKIE['member_id'] > 0) {
echo '<script>
v=0
function chk(n){
v=n
}
function insert(str){
if(v==0){
return
}
if(v==1){
document.forms["form"]["body"].value+=str
}
}
</script>';
echo '
<center>
<form name="form" action="" method="post">
<a href="#s" onclick="insert(\':)\')"><img border=0 src="'.main_WEB_URL.'images/smiles/smile.gif"></a>
<a href="#s" onclick="insert(\';)\')"><img border=0 src="'.main_WEB_URL.'images/smiles/wink.gif"></a>
<a href="#s" onclick="insert(\':D\')"><img border=0 src="'.main_WEB_URL.'images/smiles/lol.gif"></a>
<a href="#s" onclick="insert(\':good:\')"><img border=0 src="'.main_WEB_URL.'images/smiles/good.gif"></a>
<a href="#s" onclick="insert(\':shit:\')"><img border=0 src="'.main_WEB_URL.'images/smiles/shit.gif"></a>
<a href="#s" onclick="insert(\':(\')"><img border=0 src="'.main_WEB_URL.'images/smiles/cry.gif"></a>
<a href="#s" onclick="insert(\';(\')"><img border=0 src="'.main_WEB_URL.'images/smiles/bigcry.gif"></a>
<a href="#s" onclick="insert(\'O_o\')"><img border=0 src="'.main_WEB_URL.'images/smiles/blink.gif"></a>
<a href="#s" onclick="insert(\':lohs:\')"><img border=0 src="'.main_WEB_URL.'images/smiles/lohs.gif"></a>
<a href="#s" onclick="insert(\':fuck:\')"><img border=0 src="'.main_WEB_URL.'images/smiles/fu.gif"></a>
<a href="#s" onclick="insert(\':lmfao:\')"><img border=0 src="'.main_WEB_URL.'images/smiles/lmfao.gif"></a>
<a href="#s" onclick="insert(\':love:\')"><img border=0 src="'.main_WEB_URL.'images/smiles/loveheart.gif"></a>
<a href="#s" onclick="insert(\'-10\')"><img border=0 src="'.main_WEB_URL.'images/smiles/minus10.gif"></a>
<a href="#s" onclick="insert(\'+10\')"><img border=0 src="'.main_WEB_URL.'images/smiles/plus10.gif"></a>
<textarea style="width:140px;" onclick="chk(1)" type="post" name="body" /></textarea></center>
<input class="submit"; style="margin-bottom:5px; width:67px;" type="submit" name="ierakstiit" value="Pievienot" />
</form>
';
}
//Un visbeidzot pats selekts
$dati=mysql_query("SELECT * FROM shoutbox ORDER by date DESc LIMIT 10");
while($er=mysql_fetch_array($dati)) {
echo str_replace($smileys_in, $smileys_out, $text);
$bodijs = $er['body'];
$body = wordwrap($wrap, 20, "\n", true);
$smileys_in = array(':)', ';)', ':D', ':good:', ':(', ';(', 'O_o', ':lohs:', ':fuck:', ':lmfao:', ':love:', '-10', '+10', ':blush:', ':rofl:', ':shit:', ':o)', ':P', ';P');
$smileys_out = array(
'<img src="'.main_WEB_URL.'images/smiles/smile.gif"/>',
'<img src="'.main_WEB_URL.'images/smiles/wink.gif"/>',
'<img src="'.main_WEB_URL.'images/smiles/lol.gif"/>',
'<img src="'.main_WEB_URL.'images/smiles/good.gif"/>',
'<img src="'.main_WEB_URL.'images/smiles/cry.gif"/>',
'<img src="'.main_WEB_URL.'images/smiles/bigcry.gif"/>',
'<img src="'.main_WEB_URL.'images/smiles/blink.gif"/>',
'<img src="'.main_WEB_URL.'images/smiles/lohs.gif"/>',
'<img src="'.main_WEB_URL.'images/smiles/fu.gif"/>',
'<img src="'.main_WEB_URL.'images/smiles/lmfao.gif"/>',
'<img src="'.main_WEB_URL.'images/smiles/loveheart.gif"/>',
'<img src="'.main_WEB_URL.'images/smiles/minus10.gif"/>',
'<img src="'.main_WEB_URL.'images/smiles/plus10.gif"/>',
'<img src="'.main_WEB_URL.'images/smiles/modest.gif"/>',
'<img src="'.main_WEB_URL.'images/smiles/rofl.gif"/>',
'<img src="'.main_WEB_URL.'images/smiles/shit.gif"/>');
$prev = str_replace($smileys_in, $smileys_out, $bodijs);
echo "
<div class='chatcom' style='overflow: hidden;'><div style='float: left;'>
<a href='../user/".$er['userid']."'>".$er['nick']."</a> <span style='font-size:8px; color:#000;'> ".$er['date']."</span></div></div>
<div class='chattcom'>".$prev." </div>
";
}
echo "<div style='float: right; padding-bottom: 4px;'><a href='".main_WEB_URL."shoutbox' title='Bļautuves pārskats'><b>Lastīt vairāk</b></a></font></div><br />";
}else{
echo "<center><div class='innerchat'><font color='#0398cd'>Lai izmantotu bļautuvi tev jāautorizējas.</font></div></center>";
$dati=mysql_query("SELECT * FROM shoutbox ORDER by date DESc LIMIT 10");
while($er=mysql_fetch_array($dati)) {
echo str_replace($smileys_in, $smileys_out, $text);
$bodijs = $er['body'];
$body = wordwrap($wrap, 20, "\n", true);
$smileys_in = array(':)', ';)', ':D', ':good:', ':(', ';(', 'O_o', ':lohs:', ':fuck:', ':lmfao:', ':love:', '-10', '+10', ':blush:', ':rofl:', ':shit:', ':o)', ':P', ';P');
$smileys_out = array(
'<img src="'.main_WEB_URL.'images/smiles/smile.gif"/>',
'<img src="'.main_WEB_URL.'images/smiles/wink.gif"/>',
'<img src="'.main_WEB_URL.'images/smiles/lol.gif"/>',
'<img src="'.main_WEB_URL.'images/smiles/good.gif"/>',
'<img src="'.main_WEB_URL.'images/smiles/cry.gif"/>',
'<img src="'.main_WEB_URL.'images/smiles/bigcry.gif"/>',
'<img src="'.main_WEB_URL.'images/smiles/blink.gif"/>',
'<img src="'.main_WEB_URL.'images/smiles/lohs.gif"/>',
'<img src="'.main_WEB_URL.'images/smiles/fu.gif"/>',
'<img src="'.main_WEB_URL.'images/smiles/lmfao.gif"/>',
'<img src="'.main_WEB_URL.'images/smiles/loveheart.gif"/>',
'<img src="'.main_WEB_URL.'images/smiles/minus10.gif"/>',
'<img src="'.main_WEB_URL.'images/smiles/plus10.gif"/>',
'<img src="'.main_WEB_URL.'images/smiles/modest.gif"/>',
'<img src="'.main_WEB_URL.'images/smiles/rofl.gif"/>',
'<img src="images/smiles/shit.gif"/>');
$prev = str_replace($smileys_in, $smileys_out, $bodijs);
echo "<div class='chatcom' style='overflow: hidden;'><div style='float: left;'>
<a href='../user/".$er['userid']."'>".$er['nick']."</a> <span style='font-size:8px; color:#000;'> ".$er['date']."</span></div></div>
<div class='chattcom'>".$prev." </div>";
}
}
?>
atradu ineta šādu bet nemaku ielikt
function no_html( $text )
{
$text = preg_replace(
array(
// Remove invisible content
'@<head[^>]*?>.*?</head>@siu',
'@<style[^>]*?>.*?</style>@siu',
'@<script[^>]*?.*?</script>@siu',
'@<object[^>]*?.*?</object>@siu',
'@<embed[^>]*?.*?</embed>@siu',
'@<applet[^>]*?.*?</applet>@siu',
'@<noframes[^>]*?.*?</noframes>@siu',
'@<noscript[^>]*?.*?</noscript>@siu',
'@<noembed[^>]*?.*?</noembed>@siu',
// Add line breaks before and after blocks
'@</?((address)|(blockquote)|(center)|(del))@iu',
'@</?((div)|(h[1-9])|(ins)|(isindex)|(p)|(pre))@iu',
'@</?((dir)|(dl)|(dt)|(dd)|(li)|(menu)|(ol)|(ul))@iu',
'@</?((table)|(th)|(td)|(caption))@iu',
'@</?((form)|(button)|(fieldset)|(legend)|(input))@iu',
'@</?((label)|(select)|(optgroup)|(option)|(textarea))@iu',
'@</?((frameset)|(frame)|(iframe))@iu',
),
array(
' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ',
"\n\$0", "\n\$0", "\n\$0", "\n\$0", "\n\$0", "\n\$0",
"\n\$0", "\n\$0",
),
$text );
return strip_tags( $text );
}