RKSport Posted March 9, 2011 Report Share Posted March 9, 2011 Problema tada, shoutboxa var ievadit visus html tagu <script></script> ut.... Man vajag lai nevaretu to izdarit. <?php if($_COOKIE['member_id'] > 0) { define('WWW','www'); if (!defined('WWW')) { header('Location: http://'.$_SERVER['HTTP_HOST'].''); die(); } $host = "localhost"; // db hosts $dbname = "rs"; // foruma datubaze $dbuser = "rs"; // foruma db users $dbpass = "pass"; // juusu foruma datubaazes parole $link = mysql_connect($host, $dbuser, $dbpass) or die("NEsanaaca piekontektities: " . mysql_error()); mysql_select_db($dbname) or die("Datubaaze neekstistee"); $rez=mysql_query("SELECT * FROM shoutbox ORDER BY date"); if (isset($_POST['ierakstiit'])) {$body = stripslashes(mysql_real_escape_string($_POST['body'])); if ($body == '') {unset($_POST['ierakstiit']);}} echo $r['date']; $selekts=mysql_query("SELECT * FROM ibf_members WHERE id=".$_COOKIE['member_id']); while ($r = mysql_fetch_array($selekts)) { if(isset($_POST['ierakstiit'])) { $body = stripslashes(mysql_real_escape_string($_POST['body'])); $datums = date('Y-m-d, H:i:s'); $memb_id = $_COOKIE['member_id']; $membera_niks=$r['members_display_name']; mysql_query("INSERT INTO shoutbox (nick, body, date, userid) VALUES ('$membera_niks','$body','$datums','$memb_id')"); echo "<meta http-equiv='refresh' content='0;url=#'>"; } } if($_COOKIE['member_id'] > 0) { echo '<script> v=0 function chk(n){ v=n } function insert(str){ if(v==0){ return } if(v==1){ document.forms["form"]["body"].value+=str } } </script>'; echo ' <center> <form name="form" action="" method="post"> <a href="#s" onclick="insert(\':)\')"><img border=0 src="'.main_WEB_URL.'images/smiles/smile.gif"></a> <a href="#s" onclick="insert(\';)\')"><img border=0 src="'.main_WEB_URL.'images/smiles/wink.gif"></a> <a href="#s" onclick="insert(\':D\')"><img border=0 src="'.main_WEB_URL.'images/smiles/lol.gif"></a> <a href="#s" onclick="insert(\':good:\')"><img border=0 src="'.main_WEB_URL.'images/smiles/good.gif"></a> <a href="#s" onclick="insert(\':shit:\')"><img border=0 src="'.main_WEB_URL.'images/smiles/shit.gif"></a> <a href="#s" onclick="insert(\':(\')"><img border=0 src="'.main_WEB_URL.'images/smiles/cry.gif"></a> <a href="#s" onclick="insert(\';(\')"><img border=0 src="'.main_WEB_URL.'images/smiles/bigcry.gif"></a> <a href="#s" onclick="insert(\'O_o\')"><img border=0 src="'.main_WEB_URL.'images/smiles/blink.gif"></a> <a href="#s" onclick="insert(\':lohs:\')"><img border=0 src="'.main_WEB_URL.'images/smiles/lohs.gif"></a> <a href="#s" onclick="insert(\':fuck:\')"><img border=0 src="'.main_WEB_URL.'images/smiles/fu.gif"></a> <a href="#s" onclick="insert(\':lmfao:\')"><img border=0 src="'.main_WEB_URL.'images/smiles/lmfao.gif"></a> <a href="#s" onclick="insert(\':love:\')"><img border=0 src="'.main_WEB_URL.'images/smiles/loveheart.gif"></a> <a href="#s" onclick="insert(\'-10\')"><img border=0 src="'.main_WEB_URL.'images/smiles/minus10.gif"></a> <a href="#s" onclick="insert(\'+10\')"><img border=0 src="'.main_WEB_URL.'images/smiles/plus10.gif"></a> <textarea style="width:140px;" onclick="chk(1)" type="post" name="body" /></textarea></center> <input class="submit"; style="margin-bottom:5px; width:67px;" type="submit" name="ierakstiit" value="Pievienot" /> </form> '; } //Un visbeidzot pats selekts $dati=mysql_query("SELECT * FROM shoutbox ORDER by date DESc LIMIT 10"); while($er=mysql_fetch_array($dati)) { echo str_replace($smileys_in, $smileys_out, $text); $bodijs = $er['body']; $body = wordwrap($wrap, 20, "\n", true); $smileys_in = array(':)', ';)', ':D', ':good:', ':(', ';(', 'O_o', ':lohs:', ':fuck:', ':lmfao:', ':love:', '-10', '+10', ':blush:', ':rofl:', ':shit:', ':o)', ':P', ';P'); $smileys_out = array( '<img src="'.main_WEB_URL.'images/smiles/smile.gif"/>', '<img src="'.main_WEB_URL.'images/smiles/wink.gif"/>', '<img src="'.main_WEB_URL.'images/smiles/lol.gif"/>', '<img src="'.main_WEB_URL.'images/smiles/good.gif"/>', '<img src="'.main_WEB_URL.'images/smiles/cry.gif"/>', '<img src="'.main_WEB_URL.'images/smiles/bigcry.gif"/>', '<img src="'.main_WEB_URL.'images/smiles/blink.gif"/>', '<img src="'.main_WEB_URL.'images/smiles/lohs.gif"/>', '<img src="'.main_WEB_URL.'images/smiles/fu.gif"/>', '<img src="'.main_WEB_URL.'images/smiles/lmfao.gif"/>', '<img src="'.main_WEB_URL.'images/smiles/loveheart.gif"/>', '<img src="'.main_WEB_URL.'images/smiles/minus10.gif"/>', '<img src="'.main_WEB_URL.'images/smiles/plus10.gif"/>', '<img src="'.main_WEB_URL.'images/smiles/modest.gif"/>', '<img src="'.main_WEB_URL.'images/smiles/rofl.gif"/>', '<img src="'.main_WEB_URL.'images/smiles/shit.gif"/>'); $prev = str_replace($smileys_in, $smileys_out, $bodijs); echo " <div class='chatcom' style='overflow: hidden;'><div style='float: left;'> <a href='../user/".$er['userid']."'>".$er['nick']."</a> <span style='font-size:8px; color:#000;'> ".$er['date']."</span></div></div> <div class='chattcom'>".$prev." </div> "; } echo "<div style='float: right; padding-bottom: 4px;'><a href='".main_WEB_URL."shoutbox' title='Bļautuves pārskats'><b>Lastīt vairāk</b></a></font></div><br />"; }else{ echo "<center><div class='innerchat'><font color='#0398cd'>Lai izmantotu bļautuvi tev jāautorizējas.</font></div></center>"; $dati=mysql_query("SELECT * FROM shoutbox ORDER by date DESc LIMIT 10"); while($er=mysql_fetch_array($dati)) { echo str_replace($smileys_in, $smileys_out, $text); $bodijs = $er['body']; $body = wordwrap($wrap, 20, "\n", true); $smileys_in = array(':)', ';)', ':D', ':good:', ':(', ';(', 'O_o', ':lohs:', ':fuck:', ':lmfao:', ':love:', '-10', '+10', ':blush:', ':rofl:', ':shit:', ':o)', ':P', ';P'); $smileys_out = array( '<img src="'.main_WEB_URL.'images/smiles/smile.gif"/>', '<img src="'.main_WEB_URL.'images/smiles/wink.gif"/>', '<img src="'.main_WEB_URL.'images/smiles/lol.gif"/>', '<img src="'.main_WEB_URL.'images/smiles/good.gif"/>', '<img src="'.main_WEB_URL.'images/smiles/cry.gif"/>', '<img src="'.main_WEB_URL.'images/smiles/bigcry.gif"/>', '<img src="'.main_WEB_URL.'images/smiles/blink.gif"/>', '<img src="'.main_WEB_URL.'images/smiles/lohs.gif"/>', '<img src="'.main_WEB_URL.'images/smiles/fu.gif"/>', '<img src="'.main_WEB_URL.'images/smiles/lmfao.gif"/>', '<img src="'.main_WEB_URL.'images/smiles/loveheart.gif"/>', '<img src="'.main_WEB_URL.'images/smiles/minus10.gif"/>', '<img src="'.main_WEB_URL.'images/smiles/plus10.gif"/>', '<img src="'.main_WEB_URL.'images/smiles/modest.gif"/>', '<img src="'.main_WEB_URL.'images/smiles/rofl.gif"/>', '<img src="images/smiles/shit.gif"/>'); $prev = str_replace($smileys_in, $smileys_out, $bodijs); echo "<div class='chatcom' style='overflow: hidden;'><div style='float: left;'> <a href='../user/".$er['userid']."'>".$er['nick']."</a> <span style='font-size:8px; color:#000;'> ".$er['date']."</span></div></div> <div class='chattcom'>".$prev." </div>"; } } ?> atradu ineta šādu bet nemaku ielikt function no_html( $text ) { $text = preg_replace( array( // Remove invisible content '@<head[^>]*?>.*?</head>@siu', '@<style[^>]*?>.*?</style>@siu', '@<script[^>]*?.*?</script>@siu', '@<object[^>]*?.*?</object>@siu', '@<embed[^>]*?.*?</embed>@siu', '@<applet[^>]*?.*?</applet>@siu', '@<noframes[^>]*?.*?</noframes>@siu', '@<noscript[^>]*?.*?</noscript>@siu', '@<noembed[^>]*?.*?</noembed>@siu', // Add line breaks before and after blocks '@</?((address)|(blockquote)|(center)|(del))@iu', '@</?((div)|(h[1-9])|(ins)|(isindex)|(p)|(pre))@iu', '@</?((dir)|(dl)|(dt)|(dd)|(li)|(menu)|(ol)|(ul))@iu', '@</?((table)|(th)|(td)|(caption))@iu', '@</?((form)|(button)|(fieldset)|(legend)|(input))@iu', '@</?((label)|(select)|(optgroup)|(option)|(textarea))@iu', '@</?((frameset)|(frame)|(iframe))@iu', ), array( ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ', "\n\$0", "\n\$0", "\n\$0", "\n\$0", "\n\$0", "\n\$0", "\n\$0", "\n\$0", ), $text ); return strip_tags( $text ); } Quote Link to comment Share on other sites More sharing options...
daGrevis Posted March 9, 2011 Report Share Posted March 9, 2011 1) Nevar ielikt pilnīgi nekādu HTML?, 2) Var ielikt, bet tas neizpildās kā HTML.; Quote Link to comment Share on other sites More sharing options...
briedis Posted March 9, 2011 Report Share Posted March 9, 2011 Nu bļins, domā mums baigi gribas rakties pa tavu milzīgo koda blāki? Atrodi vietu, kur dati tiek vai nu likti DB, vai rādīti lietotājiem un eskeipo šos datus ar: $dati = htmlspecialchars($dati, ENT_QUOTES); Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.