after update to 2.1 > comments '<'.removeEvilAttributes('b
Board index / PHP Melody - Video CMS
9 posts • Page 1 of 1
by EGYPT on Dec 14, 2013 8 am
hello phpM Team
i noticed that after updating my website from v2.0.1 to v2.1
my comments system allow to anyone and i use blacklist function ,
every comment from visitors .. after submit comment , write automatically [b]'<'.removeEvilAttributes('br /').'>'[/b]
screen shot
[img]http://img855.imageshack.us/img855/703/scog.jpg[/img]
thanks in advance
i noticed that after updating my website from v2.0.1 to v2.1
my comments system allow to anyone and i use blacklist function ,
every comment from visitors .. after submit comment , write automatically [b]'<'.removeEvilAttributes('br /').'>'[/b]
screen shot
[img]http://img855.imageshack.us/img855/703/scog.jpg[/img]
thanks in advance
- EGYPT
- Verified Customer
- Posts: 137
- Joined: Jun 14, 2008 4 pm
- Reputation points: 0
by muzikia on Feb 18, 2014 12 pm
Change the comment system to the disqus. no more spam or other issues I've seen here and unsolved.
Here it is a tutorial: http://www.modmyscript.com/add-disqus-o ... elody-2-x/
Here it is a tutorial: http://www.modmyscript.com/add-disqus-o ... elody-2-x/
[warning][url]http://www.ModMyScript.com[/url] - [color=#BF0000]PHPMelody plugins and mods since 2008[/color]
[url]http://www.HostingWays.com[/url] - [b][color=#BF0000]Shared or VPS Hosting[/color][/b]
*** PHP Melody user and plugins maker for 9 years and counting.[/warning]
[url]http://www.HostingWays.com[/url] - [b][color=#BF0000]Shared or VPS Hosting[/color][/b]
*** PHP Melody user and plugins maker for 9 years and counting.[/warning]
-
muzikia - Verified Customer
- Posts: 4120
- Joined: Mar 24, 2008 6 am
- Location: ModMyScript.com - PHPMELODY mods
- Reputation points: 167
by ciberlinker on Mar 14, 2014 12 pm
[quote="muzikia"]Change the comment system to the disqus. no more spam or other issues I've seen here and unsolved.
Here it is a tutorial: http://www.modmyscript.com/add-disqus-o ... elody-2-x/[/quote]
Muzikia the problem is not only in the comments ..
[url=http://imageshack.com/i/0k5oy2g][img]http://imageshack.com/a/img20/534/5oy2.gif[/img][/url]
a greeting
Here it is a tutorial: http://www.modmyscript.com/add-disqus-o ... elody-2-x/[/quote]
Muzikia the problem is not only in the comments ..
[url=http://imageshack.com/i/0k5oy2g][img]http://imageshack.com/a/img20/534/5oy2.gif[/img][/url]
a greeting
-
ciberlinker - Verified Customer
- Posts: 744
- Joined: Mar 22, 2008 4 pm
- Reputation points: 33
by muzikia on Mar 14, 2014 7 pm
check it here
viewtopic.php?p=60530&f=6#p60530
viewtopic.php?p=60530&f=6#p60530
[warning][url]http://www.ModMyScript.com[/url] - [color=#BF0000]PHPMelody plugins and mods since 2008[/color]
[url]http://www.HostingWays.com[/url] - [b][color=#BF0000]Shared or VPS Hosting[/color][/b]
*** PHP Melody user and plugins maker for 9 years and counting.[/warning]
[url]http://www.HostingWays.com[/url] - [b][color=#BF0000]Shared or VPS Hosting[/color][/b]
*** PHP Melody user and plugins maker for 9 years and counting.[/warning]
-
muzikia - Verified Customer
- Posts: 4120
- Joined: Mar 24, 2008 6 am
- Location: ModMyScript.com - PHPMELODY mods
- Reputation points: 167
by Trace on Mar 14, 2014 8 pm
Solution
In /include/functions.php FIND[code]function removeEvilTags($source)
{
global $allowedTags;
$source = RemoveCurseWords(strip_tags($source, $allowedTags));
return preg_replace('/<(.*?)>/ie', "'<'.removeEvilAttributes('\\1').'>'", $source);
}[/code]
REPLACE WITH[code]function removeEvilTags($source)
{
global $allowedTags;
$source = RemoveCurseWords(strip_tags($source, $allowedTags));
return preg_replace_callback('/<(.*?)>/i', 'removeTagAttributes', $source);
}
function removeTagAttributes($in){
return '<'.removeEvilAttributes($in).'>';
}[/code]
Note: this will only fix new comments, the ones that are broken will remain broken
In /include/functions.php FIND[code]function removeEvilTags($source)
{
global $allowedTags;
$source = RemoveCurseWords(strip_tags($source, $allowedTags));
return preg_replace('/<(.*?)>/ie', "'<'.removeEvilAttributes('\\1').'>'", $source);
}[/code]
REPLACE WITH[code]function removeEvilTags($source)
{
global $allowedTags;
$source = RemoveCurseWords(strip_tags($source, $allowedTags));
return preg_replace_callback('/<(.*?)>/i', 'removeTagAttributes', $source);
}
function removeTagAttributes($in){
return '<'.removeEvilAttributes($in).'>';
}[/code]
Note: this will only fix new comments, the ones that are broken will remain broken
PHP Melody Plugins developer
[url=http://melodymods.com][color=#FF0000]PHP Melody plugins + themes for 1.6 and 1.7-2.7[/color][/url] | [url=http://melodymods.com/support/lists/]Subscribe to news of my work[/url] | Follow me on [url=https://www.facebook.com/Melodymods]Facebook[/url]
[url=http://melodymods.com][color=#FF0000]PHP Melody plugins + themes for 1.6 and 1.7-2.7[/color][/url] | [url=http://melodymods.com/support/lists/]Subscribe to news of my work[/url] | Follow me on [url=https://www.facebook.com/Melodymods]Facebook[/url]
-
Trace - Verified Customer
- Posts: 2543
- Joined: Aug 16, 2010 3 pm
- Location: The Netherlands
- Reputation points: 1329
9 posts • Page 1 of 1
Who is online
Users browsing this forum: No registered users and 0 guests
