All deprecated codes will be here

unicornio · Involved Joined: Aug 13, 2009 Posts: 432

All deprecated errors or warning will be here.

PhrEEkie, thanks for taking the time to explain.

I did this and the error dissapear.

Code:

if( !preg_match( "#$MSAph#i", $msaurl ) ) {

Edit: Testing all examples from Keith

I tested all of these lines and I didn't get any error or warning!

Code:

// if( !preg_match( "#$MSAph#i", $msaurl ) ) {
// if(!preg_match( '/' . preg_quote($MSAph) . '/i',$msaurl)) {
// if(!preg_match( '/' . $MSAph . '/i', $msaurl)) {
if(!preg_match( '/$MSAph/i', $msaurl)) {//I am running this one. Do you think it is the most secure?

unicornio · Involved Joined: Aug 13, 2009 Posts: 432

Trying to fix deprecated warning on nukesentinel.php file

/includes/nukesentinel.php

Is this correct?

Code:

eregi_replace("</body>", "<hr noshade='noshade' />\n<div align='right'>"._AB_NUKESENTINEL." ".$ab_config['version_number']." "._AB_BYNSN."</div>\n</body>", $display_page);

Change with

Code:

preg_replace("/</body>/i", "<hr noshade='noshade' />\n<div align='right'>"._AB_NUKESENTINEL." ".$ab_config['version_number']." "._AB_BYNSN."</div>\n</body>", $display_page);

Correct me if something should be different please.

Code:

OR (isset($file) AND (eregi("http\:\/\/", $file) OR eregi("https\:\/\/", $file)))

Change with

Code:

OR (isset($file) AND (preg_match("http\:\/\//i", $file) OR preg_match("https\:\/\//i", $file)))

Code:

if (isset($name) && !eregi("^name=".$name, $pg) && stristr($nsnst_const['script_name'], "modules.php")) { $mod_check = 1; }

Change with

Code:

if (isset($name) && !preg_match("/^name=/i".$name, $pg) && stristr($nsnst_const['script_name'], "modules.php")) { $mod_check = 1; }

djmaze · Posted: Mon Nov 15, 2010 11:16 am

preg_match("http" is bad since it doesn't catch other schemes like

Only registered users can see links on this board!
Get registered or login to the forums!

Instead use:

Code:

OR (isset($file) && false !== strpos($file,'://'))

unicornio · Involved Joined: Aug 13, 2009 Posts: 432

thanks for that info but can you be more specific so I can make the changes.

Did you mean this:

Code:

OR (isset($file) AND (eregi("http\:\/\/", $file) OR eregi("https\:\/\/", $file)))

replace with

Code:

OR (isset($file) && false !== strpos($file,'://')) OR (isset($file) && false !== strpos($file,'://')))

djmaze · Posted: Tue Nov 16, 2010 11:10 am

unicornio wrote:

thanks for that info but can you be more specific so I can make the changes.

If you analyse your code i think you know why one of them is a repetitive condition.

unicornio · Involved Joined: Aug 13, 2009 Posts: 432

So you mean this:

Code:

OR (isset($file) AND (eregi("http\:\/\/", $file) OR eregi("https\:\/\/", $file)))

replace with

Code:

OR (isset($file) && false !== strpos($file,'://'))

djmaze · Posted: Thu Nov 18, 2010 1:41 am

correct!

unicornio · Involved Joined: Aug 13, 2009 Posts: 432

thank you for guiding me on this.

This is my last result

Code:

// Check for XSS attack
if(!stristr($nsnst_const['query_string'], "index.php?url=") AND (!isset($_COOKIE['admin']) OR !is_admin($_COOKIE['admin']))) {
if( (isset($name) && false !== strpos($name,'://'))
OR (isset($file) && false !== strpos($file,'://'))
OR (isset($libpath) AND (preg_match("/http\:\/\//i", $libpath) OR preg_match("/https\:\/\//i", $libpath)))
OR stristr($nsnst_const['query_string'], "http://") OR stristr($nsnst_const['query_string'], "https://")
OR stristr($nsnst_const['query_string'], "_SERVER=") OR stristr($nsnst_const['query_string'], "_COOKIE=")
OR ( stristr($nsnst_const['query_string'], "cmd=") AND !stristr($nsnst_const['query_string'], "&cmd") )
OR ( stristr($nsnst_const['query_string'], "exec") AND !stristr($nsnst_const['query_string'], "execu") )
OR stristr($nsnst_const['query_string'],"concat") AND !stristr($nsnst_const['query_string'], "../") ) {
block_ip($blocker_row);
}
}
}

Let me know if you think is ok. The first time I got an error but now it is working fine. Intead of ))) I did ))

unicornio · Involved Joined: Aug 13, 2009 Posts: 432

Was everything correct from code above? Question

unicornio · Involved Joined: Aug 13, 2009 Posts: 432

This lines is warning me with an error

Code:

if (isset($name) && !preg_match("/^name=/i".$name, $pg) && stristr($nsnst_const['script_name'], "modules.php")) { $mod_check = 1; }

Error: preg_match(): Unknown modifier 'N'

What should I do then?

Question

Palbin · Posted: Sun Nov 21, 2010 9:23 am

$name needs to be inside the regex.

unicornio · Involved Joined: Aug 13, 2009 Posts: 432

Did u mean this

Code:

if (isset($name) && !preg_match("/^$name=/i".$name, $pg) && stristr($nsnst_const['script_name'], "modules.php")) { $mod_check = 1; }

Palbin · Posted: Fri Nov 26, 2010 10:36 pm

Code:

preg_match("/^name=" . $name . "/i", $pg)

unicornio · Involved Joined: Aug 13, 2009 Posts: 432

This one help me a lot palbin. Thanks

but if I have this code refering to ABConfigAdmin.php

Code:

$bl = ereg_replace("abuse_", "", $templatelist[$i]);
$bl = ereg_replace(".tpl", "", $bl);
$bl = ereg_replace("_", " ", $bl);

Can I replace it with these one

Code:

$bl = preg_replace("/abuse_/", "", $templatelist[$i]);
$bl = preg_replace("/.tpl/", "", $bl);
$bl = preg_replace("/_/", " ", $bl);

or

Code:

$bl = str_replace("abuse_", "", $templatelist[$i]);
$bl = str_replace(".tpl", "", $bl);
$bl = str_replace("_", " ", $bl);

Do they do the same?

What should I use?

More efficient or More fast. I'm really confused with these regx. I need a better explanation.
Sad

PHrEEkie · Subject Matter Expert Joined: Feb 23, 2004 Posts: 358

the preg_replace example is fine, with the exception of .tpl

In REGEX, the dot means something special, and must be escaped to be taken as literal, so:

Code:

preg_replace('/\.tpl/'. '', $bl);

the other two are fine

- Keith

nuken · Posted: Wed Dec 08, 2010 7:01 am

Just to let you know, these depreciated issues are being addressed and will be part of future RavenNuke releases well before php6 is released.

unicornio · Involved Joined: Aug 13, 2009 Posts: 432

I got this

Code:

if( eregi( "$key", $agent ) ) return true;

I replace with

Code:

if( preg_match( "/$key/i", $agent ) ) return true;

but I get an error saying unknown value N

can anyone tell me why? Sad

Palbin · Posted: Sun Dec 12, 2010 10:38 am

unicornio, you should be using the str* functions in all cases when it is a direct text replacement. Like what you posted about in ABConfigAdmin.php. You could probably use it in the post right before this one as well, but I am not sure what $key is.

PHrEEkie · Subject Matter Expert Joined: Feb 23, 2004 Posts: 358

Can you list the entire error, verbatim?

If $key has any special chars in it, they will be interpreted as such, which typically would not happen with an eregi. This is why, once again, variables passed to preg should be preg_quoted.

Code:

if (preg_match('/' . preg_quote($key, '/') . '/i', $agent)) {
return true;
}

Remember that anytime a variable is used, you lose a certain amount of control over the script. It is always advisable to back up in the script and understand where $key is being populated. It might just be some plain text, or it might be control chars like TAB, etc. Let's say it was being passed file extensions, ie., .jpg, .gif, etc. Without preg_quoting, that dot would cause problems. With preg_quote, the dot would be escaped.

Regular Expressions are not something you just type in and move on. They really need to be thoroughly tested, which is why the MUCH friendlier str* functions are being recommended.

I am assuming from your posts that you are eager to understand, if not master Regular Expressions. If that's the case, I would highly recommend you look into getting a helper, something like Regex Buddy. You can build expressions and it will tell you EXACTLY what your expression is trying to accomplish. It will also allow you to enter any text to test the expression against. It has extremely advanced options, which is why it's payware. There are free versions around if you Google it, and even some online ones to be found.

You can also code a quick and dirty php script to test with.

- Keith

unicornio · Involved Joined: Aug 13, 2009 Posts: 432

Hi PHrEEkie

Remember I have this

Code:

foreach( $MSBots as $key=>$value )
if( eregi( $key, $agent ) ) return true;
return false;
}

Should I change it like

Code:

foreach( $MSBots as $key=>$value )
if (preg_match('/' . preg_quote($key, '/') . '/i', $agent)) {
return true;
}

return false;
}

I have the program Regex Buddy but I don't know how to work with it yet. I can send it to you if you need it since I notice you have good knowledge about Regex.

unicornio · Involved Joined: Aug 13, 2009 Posts: 432

I did these one and everything looks fine without any error or warning.

Code:

/******************************************************************************/
/* FUNCTION: get_host() */
/* Return users hostname */
/******************************************************************************/
function MSAget_os( $agent )
{
// Determine the platform they are on
if( strstr( $agent, "Win") )
{
$platform = "Windows";
if ( preg_match("/Windows NT 5\.1/i", $agent ) ) $platform = "Windows XP";
else if( preg_match("/Windows NT 5\.2/i", $agent ) ) $platform = "Windows 2003";
else if( preg_match("/Windows NT 5\.0/i", $agent ) ) $platform = "Windows 2000";
else if( preg_match("/Windows NT/i", $agent ) ) $platform = "Windows NT";
else if( preg_match("/WinNT/i", $agent ) ) $platform = "Windows NT";
else if( preg_match("/Windows ME/i", $agent ) ) $platform = "Windows ME";
else if( preg_match("/Win 9x 4.90/i", $agent ) ) $platform = "Windows ME";
else if( preg_match("/Windows ME/i", $agent ) ) $platform = "Windows ME";
else if( preg_match("/Windows CE/i", $agent ) ) $platform = "Windows CE";
else if( preg_match("/98/i", $agent ) ) $platform = "Windows 98";
else if( preg_match("/95/i", $agent ) ) $platform = "Windows 95";
else if( preg_match("/Win16/i", $agent ) ) $platform = "Windows 3.1";
else if( preg_match("/Windows 3\.1/i", $agent ) ) $platform = "Windows 3.1";
}
else if(strstr($agent, "Mac OS X" ) ) $platform = "MacOSX";
else if(strstr($agent, "Mac" ) ) $platform = "Macintosh";
else if(strstr($agent, "PPC" ) ) $platform = "Macintosh";
else if(strstr($agent, "Symbian" ) ) $platform = "Symbian";
else if(strstr($agent, "FreeBSD" ) ) $platform = "FreeBSD";
else if(strstr($agent, "SunOS" ) ) $platform = "SunOS";
else if(strstr($agent, "IRIX" ) ) $platform = "IRIX";
else if(strstr($agent, "BeOS" ) ) $platform = "BeOS";
else if(strstr($agent, "OS/2" ) ) $platform = "OS/2";
else if(strstr($agent, "AIX" ) ) $platform = "AIX";
else if(strstr($agent, "Linux" ) ) $platform = "Linux";
else if(strstr($agent, "Unix" ) ) $platform = "Unix";
else if(strstr($agent, "Amiga" ) ) $platform = "Amiga";
else $platform = "Other";
return( $platform );
}

but why should we repeat the same word all the time. Can we make it more efficient like calling one time strstr and preg_match?

Shocked

PHrEEkie · Subject Matter Expert Joined: Feb 23, 2004 Posts: 358

Each one of those string searches is matched to exactly one answer, therefore they are all necessary. The first strstr request is for Win, and seperates ALL Windows agents from all others. The function then forks one way or another to drill down to an exact OS. There is really no more efficient way than using if-elseif-else trees.

Drilling down to each exact OS like this is not necessary really, unless you're a stats freak, or the content being delivered relies on the OS answer (ie., which type of linefeeds to supply).

At any rate, the questions you are asking are indicative of a lack of understanding on exactly what str* does, versus what Regular Expressions do. They -can- do the same thing in some very specific cases, but then after that, Regular Expressions can start showing some very extreme muscle power. In many cases, it might be overkill.

If there is concern for script 'efficiency', ie., run time, the above code isn't critical, since it is only run once per request. Efficiency starts mattering when you want to process, say, a few million user agents. In this case, again, not knowing WHY the portion of script requesting this information actually needs the information to be this precise, the best course of making it more efficient is to not call it all in that form. You will usually want to tweak inefficient parts of code nested in loops, as their inefficiency gets more noticeable the more iterations you need to finish the loop.

- Keith

unicornio · Involved Joined: Aug 13, 2009 Posts: 432

Hi PHrEEkie

Remember I have this

Code:

foreach( $MSBots as $key=>$value )
if( eregi( $key, $agent ) ) return true;
return false;
}

Should I change it like

Code:

foreach( $MSBots as $key=>$value )
if (preg_match('/' . preg_quote($key, '/') . '/i', $agent)) {
return true;
}

return false;
}

PHrEEkie, where did you learn Regular Expressions. It looks like you know a lot but I would like to see examples to undertand better this problematic issue. I do know it won't be a problem when php 6 is out but I do want to know for the future. Can you check if this one is ok please.

PHrEEkie · Subject Matter Expert Joined: Feb 23, 2004 Posts: 358

If you're asking whether that code should be changed to whatever, I simply don't know. It's a snippet. I have no idea how it's being used, or what's using it, so I have no idea how to advise you there, other to say test it! If you don't know what it's supposed to do, then you simply cannot program it, nor can you debug it.

I learned Regular Expressions the way most programmers do; by force. Sooner or later, you have to deal with them. Regular Expressions are almost a seperate language, and no matter whether you program in Java, PHP, whatever, you will end up running into them. There's so many different ways you might need them, and so many different ways to approach constructing them, that it's impossible to teach someone over a forum. I'll give you a couple of links that should get you started, but you can certainly Google more.

While going through these tutorials, I would highly recommend you fire up that Regex Buddy, plug in the examples from these sites, and learn Regex Buddy along with learning Regular Expressions.

Only registered users can see links on this board!
Get registered or login to the forums!

- Keith

Palbin · Posted: Mon Dec 13, 2010 8:53 pm

unicornio, we have said twice before we do not know what $key is. Unless you can explain or show us what it is we can offer a concrete answer.