Blumish Posted March 6, 2010 Author Report Share Posted March 6, 2010 :D normaali papostiita lapa!! Quote Link to comment Share on other sites More sharing options...
2easy Posted March 6, 2010 Report Share Posted March 6, 2010 hahahhaa labais!!! es tas nebiju ;) Quote Link to comment Share on other sites More sharing options...
Blumish Posted March 6, 2010 Author Report Share Posted March 6, 2010 :D:D Quote Link to comment Share on other sites More sharing options...
mickys Posted March 6, 2010 Report Share Posted March 6, 2010 (edited) pirmkārt - htmlentities() pie datu izvades. Vēl varētu ierobežot komentāru garumu... man piemēram iepostējot <!-- izdevās aizkomentēt visu pārējo sourci :) Edited March 6, 2010 by mickys Quote Link to comment Share on other sites More sharing options...
2easy Posted March 6, 2010 Report Share Posted March 6, 2010 nu bet pag, es tagad arī varēju vnk iekopēt <script>alert("Ai lave ju beibe!");</script> un tas aiziet, bet pirms 5min vēl tā nevarēja. tu laikam kodu pamainīji? droši vien pats noņēmi nost aizsardzību pret šiem??? Quote Link to comment Share on other sites More sharing options...
Blumish Posted March 6, 2010 Author Report Share Posted March 6, 2010 nu bet pag, es tagad arī varēju vnk iekopēt <script>alert("Ai lave ju beibe!");</script> un tas aiziet, bet pirms 5min vēl tā nevarēja. tu laikam kodu pamainīji? droši vien pats noņēmi nost aizsardzību pret šiem??? tocna neko nemainiiju!! :D:D vnk visi kko meegina,, un viens ir bijis tas punkts kas visu nobrucinaajamm un tagad visas injekcijas nem pretii :D:D Quote Link to comment Share on other sites More sharing options...
chizijs Posted March 6, 2010 Report Share Posted March 6, 2010 Izmanto http://php.net/manual/en/function.htmlspecialchars.php Quote Link to comment Share on other sites More sharing options...
2easy Posted March 6, 2010 Report Share Posted March 6, 2010 (edited) tocna neko nemainiiju!! :D:D vnk visi kko meegina,, un viens ir bijis tas punkts kas visu nobrucinaajamm un tagad visas injekcijas nem pretii :D:D nju tā nevar būt. tad ir jāizmaina php source, bet tev taču kodā nekur nav file_put_contents(), kuru varētu izmantot, lai rakstītu pāri esošajiem php failiem!?!? varbūt vnk tas koderis dzen jokus? :P kuram vēl esi iedevis ftp paroli? ;) Izmanto http://php.net/manual/en/function.htmlspecialchars.php +1 kad sākām testēt, tad vēl tas bija. nu vairs ne! :D Edited March 6, 2010 by 2easy Quote Link to comment Share on other sites More sharing options...
bobsters Posted March 6, 2010 Report Share Posted March 6, 2010 (edited) paldies par padomiem! Palasot šo postu izlaboju vairākas neuzmanības kļūdas savā lapā :) Edited March 6, 2010 by bobsters Quote Link to comment Share on other sites More sharing options...
2easy Posted March 6, 2010 Report Share Posted March 6, 2010 vai tad bez htmlspeciachars() un wordwrap() šeit vēl kko varēja iemācīties? Quote Link to comment Share on other sites More sharing options...
chizijs Posted March 6, 2010 Report Share Posted March 6, 2010 Noteikti nebija htmlspecialchars(); :D Quote Link to comment Share on other sites More sharing options...
bobsters Posted March 6, 2010 Report Share Posted March 6, 2010 nejau par to bet par to ka parbaudit! ar kadiem kodiem :) nekad nebiju tik talu aizdomajies ka vajadzetu parbaudit savu garadarbu :D Quote Link to comment Share on other sites More sharing options...
2easy Posted March 6, 2010 Report Share Posted March 6, 2010 hehe, es arī paspēju pieseivot html sourci, kurā bija visi tie brīnišķīgie testi :D:D:D Quote Link to comment Share on other sites More sharing options...
bobsters Posted March 6, 2010 Report Share Posted March 6, 2010 sadi var iegūt daudz un dažādus veidus kā pārbaudīt :D dodu bonusu visiem kuri izpaudās :D Quote Link to comment Share on other sites More sharing options...
2easy Posted March 6, 2010 Report Share Posted March 6, 2010 anyway, visu, ko tajos komentāros sabāza iekšā, var mierīgi deaktizivēt ar visparastāko htmlspecialchars() vnk kkādā neizprotamā veidā tas pēkšņi vairs netika darīts... Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.