| Author |
Message |
2McAbre
New Member
Joined: Feb 16, 2005
Posts: 20
|
 Posted:
Sat Feb 19, 2005 5:08 pm |
|
I have these little weather.com magnets that are simple little scripts. At my old HTML site they worked just fine for the "regional" info pages I had setup.
IE it was a one stop page for folks to "See" their local weather, and access their local online newspapers and such.
Anyway, when I migrated to pnpnuke, I pretty much got all the pages from the old site inserted as content. But the scripts were not allowed.
I located inside the main.php file where scripts are "stopped".
My question is (perhaps a silly one) if I temporarily remove this restriction so I can insert these pages with the script intact, then replace the restriction to stop users from inserting script.
Will the content pages function correctly with the inserted script?
I saw the weather 3.0 mod and thought to just wait for it, and see if I can just insert the block relevant to the pages content. But was still curious if the pages would work.
Another small question… There seems to be a character limitation on inserted content. Seems to be around 10000. Does anyone know if this limit can be increased? and where it may be?
I have a couple of hefty pages, a few I simply split into two separate pages, but one would be a real nightmare, and its about 88K.
I am a news junkie and have a page where I have compiled news source from all over the world.
Newspapers From Around The World
I figure if I strip the style formating out (so it'll blend with the theme style) I maybe can get it down a bit more, but not much. |
| |
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 17088
|
| Posted:
Sun Feb 20, 2005 12:56 am |
|
If I'm understanding you correctly, you need to modifyCode:
foreach ($_GET as $secvalue) {
if ((eregi("<[^>]*script*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*object*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*iframe*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*applet*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*meta*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*style*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*form*\"?[^>]*>", $secvalue)) ||
(eregi("\([^>]*\"?[^)]*\)", $secvalue)) ||
(eregi("\"", $secvalue))) {
die ("<center><img src=images/logo.gif><br><br><b>The html tags you attempted to use are not allowed</b><br><br>[ <a href=\"javascript:history.go(-1)\"><b>Go Back</b></a> ]");
}
}
foreach ($_POST as $secvalue) {
if ((eregi("<[^>]script*\"?[^>]*>", $secvalue)) || (eregi("<[^>]style*\"?[^>]*>", $secvalue))) {
die ("<center><img src=images/logo.gif><br><br><b>The html tags you attempted to use are not allowed</b><br><br>[ <a href=\"javascript:history.go(-1)\"><b>Go Back</b></a> ]");
}
}
|
toCode:if (!is_admin($admin)) {
foreach ($_GET as $secvalue) {
if ((eregi("<[^>]*script*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*object*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*iframe*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*applet*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*meta*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*style*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*form*\"?[^>]*>", $secvalue)) ||
(eregi("\([^>]*\"?[^)]*\)", $secvalue)) ||
(eregi("\"", $secvalue))) {
die ("<center><img src=images/logo.gif><br><br><b>The html tags you attempted to use are not allowed</b><br><br>[ <a href=\"javascript:history.go(-1)\"><b>Go Back</b></a> ]");
}
}
foreach ($_POST as $secvalue) {
if ((eregi("<[^>]script*\"?[^>]*>", $secvalue)) || (eregi("<[^>]style*\"?[^>]*>", $secvalue))) {
die ("<center><img src=images/logo.gif><br><br><b>The html tags you attempted to use are not allowed</b><br><br>[ <a href=\"javascript:history.go(-1)\"><b>Go Back</b></a> ]");
}
}
}
|
|
| |
|
|
|
|
2McAbre
|
| Posted:
Sun Feb 20, 2005 9:31 am |
|
Oh HEY yeah thanks Raven! That will work too!
I'm starting to grasp PHP a bit more. I was just thinking of removing the script part altogether, then putting it back when I was done 
But this works better! Just give permission to the Admin!
Good Grief! I will be donating to your cause today for sure! I have gotten more help here in the past couple days, they at any of the other forums these past couple weeks!
Being that I MOD and ADMIN at several other tech sites (hardware and imaging are my forte) I try really hard not to post the same question at too many forums "at the same time".
Sure you all can relate to the problems that creates for "new" folks. They get 30 different replies and try to do 30 different things, then make a bigger mess!
P.S. (sorry  I know) Any idea how to increase the character limit for content pages? |
| |
|
|
|
|
Raven
|
| Posted:
Sun Feb 20, 2005 9:59 am |
|
The first thing you do is to look at the table schema for the column you want (use phpMyAdmin). Let's say the column shows a type of varchar(500). Varchar is limited to to 2000 if I remember correctly, so you could just change the length to varchar(1000) or more. Once that has been done, just try it. If you are still limited, then you knmow there is a cross-check in the code itself, ie, an edit. So, find all references to that column and up the length or remove the restriction. |
| |
|
|
|
|
2McAbre
|
| Posted:
Sun Feb 20, 2005 12:50 pm |
|
Thank you so much, I will research this and see what I can accomplish!
P.S. The above code change worked like a charm…
But I will ad one caveat for anyone else reading this… 
If you were to do this, make sure to disable "Script" blocking in Nuke Sentinel first!
Otherwise it sees you as doing a scripting attack. Once you have your code inserted and saved to the content page, simply turn the script blocker back on.
And all will be well!   |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
