Home :: Forums :: Downloads :: Shop
  1. Home
  2. Forums
  3. Codezwiz PHP Nuke Help
  4. The html tags you attempted to use are not allowed

The html tags you attempted to use are not allowed

  Post new topicReply to topicPrintable Version
<< View previous topic View next topic >>
Share: Del.icio.us  Digg  Google  Spurl  Blink  Furl  Y! MyWeb  
#1   The html tags you attempted to use are not allowed
cocker
CZ Newbie
cocker has been a member for over 20 year's 20 Year Member
Status: Offline
Joined: Sep 11, 2004
0.00 posts per day
Posts: 4
Points: 708
   
I know that in the original "mainfile.php" I could just comment out this section :
foreach ($_POST as $secvalue) {
    if ((eregi("<[^>]*script*\"?[^>]*>", $secvalue)) ||   (eregi("<[^>]*style*\"?[^>]*>", $secvalue))) {
   die ("<center><img src=images/logo.gif><br><br><b>The html tags you attempted to use are not allowed</b><br><br>[ <a href=\"javascript:history.go(-1)\"><b>Go Back</b></a> ]");
    }
}


But what is the best way to do it for yours ?

foreach ($_GET as $secvalue) {
    if ((eregi("<[^>]*script*\"?[^>]*>", $secvalue)) ||
   (eregi("<[^>]*object*\"?[^>]*>", $secvalue)) ||
   (eregi("<[^>]*iframe*\"?[^>]*>", $secvalue)) ||
   (eregi("<[^>]*applet*\"?[^>]*>", $secvalue)) ||
   (eregi("<[^>]*meta*\"?[^>]*>", $secvalue)) ||
   (eregi("<[^>]*style*\"?[^>]*>", $secvalue)) ||
   (eregi("<[^>]*form*\"?[^>]*>", $secvalue)) ||
   (eregi("<[^>]*img*\"?[^>]*>", $secvalue)) ||
   (eregi("<[^>]*onmouseover*\"?[^>]*>", $secvalue)) ||
   (eregi("\([^>]*\"?[^)]*\)", $secvalue)) ||
   (eregi("\"", $secvalue)) ||
   (eregi("forum_admin", $var_name)) ||
   (eregi("inside_mod", $var_name))) {
   die ("<center><img src=images/logo.gif><br><br><b>The html tags you attempted to use are not allowed</b><br><br>[ <a href=\"javascript:history.go(-1)\"><b>Go Back</b></a> ]");
    }
}



Back to top Reply with quote
#2   
JRSweets
CZ Active Member
 Codezwiz Site Donator
JRSweets has been a member for over 20 year's 20 Year Member
usa.gif massachusetts.gif
Age: 43
Gender: Male
Fav. Sports Team: NE Patriots
Website:
Status: Offline
Joined: Apr 07, 2004
0.03 posts per day
Posts: 259
Points: 19,861
  MSN Messenger 
What exactly are you trying to do?
Back to top Reply with quote
#3   
cocker
CZ Newbie
cocker has been a member for over 20 year's 20 Year Member
Status: Offline
Joined: Sep 11, 2004
0.00 posts per day
Posts: 4
Points: 708
   
It's cool...I fixed it.

I just added the extra HTML tags that I wanted to be able to insert.
Back to top Reply with quote
Display posts from previous:      
Add To: Del.icio.us  Digg  Google  Spurl  Blink  Furl  Y! MyWeb  
<< View previous topic View next topic >>
Post new topicReply to topic

Jump to 
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum