error messages when posting code

  Post new topicReply to topicPrintable Version
<< View previous topic View next topic >>
Share: Del.icio.us  Digg  Google  Spurl  Blink  Furl  Y! MyWeb  
#1   error messages when posting code
gutchunks
CZ Newbie
gutchunks has been a member for over 20 year's 20 Year Member
Status: Offline
Joined: Apr 21, 2004
0.00 posts per day
Posts: 29
Points: 2,148
   
when i try to post code on the forums on my site i get an error message

"The html tags you attempted to use are not allowed"

but i cant find anywhere in the admin panel that limits the tags i can/cannot use.

thanks for any assistance



Back to top Reply with quote
#2   re: error messages when posting code
Taut
PayPal Donation
CZ Revered Member
 Codezwiz Site Donator
usa.gif california.gif
Occupation: Entrepreneur
Gender: Female
Fav. Sports Team: SF Giants
Status: Offline
Joined: May 27, 2003
0.70 posts per day
Posts: 5530
Points: 481,695
   
Might want to try using the Search. That problem has been brought up quite a few times



Back to top Reply with quote
#3   re: error messages when posting code
gutchunks
CZ Newbie
gutchunks has been a member for over 20 year's 20 Year Member
Status: Offline
Joined: Apr 21, 2004
0.00 posts per day
Posts: 29
Points: 2,148
   
i did try to search ... i found the problem posted but never a definite solution

in the mainfile.php i deleted this line

foreach ($_POST as $secvalue) {
    if ((eregi("<[^>]*onmouseover*\"?[^>]*>", $secvalue)) || (eregi("<[^>]*script*\"?[^>]*>", $secvalue)) || (eregi("<[^>]*style*\"?[^>]*>", $secvalue))) {
        die ("<center><img src=images/logo.gif><br><br><b>The html tags you attempted to use are not allowed</b><br><br>[ <a href=\"javascript:history.go(-1)\"><b>Go Back</b></a> ]");
    }
}


it works fine now but i fear ive opened my site to unforseen security risks ... is there a way to edit this so that the security risk is minimal?

thanks for any help


Back to top Reply with quote
#4   
Telli
Site Admin
Occupation: Self Employed
Age: 46
Gender: Male
Fav. Sports Team: Detroit Red Wings
Website:
Status: Offline
Joined: May 26, 2003
1.03 posts per day
Posts: 8089
Points: 494,475
   

if (!is_admin($admin)) {
foreach ($_POST as $secvalue) {
    if ((eregi("<[^>]*onmouseover*\"?[^>]*>", $secvalue)) || (eregi("<[^>]*script*\"?[^>]*>", $secvalue)) || (eregi("<[^>]*style*\"?[^>]*>", $secvalue))) {
        die ("<center><img src=images/logo.gif><br><br><b>The html tags you attempted to use are not allowed</b><br><br>[ <a href=\"javascript:history.go(-1)\"><b>Go Back</b></a> ]");
    }
}
}


You may have to move the whole function down in the mainfile.php under the is_admin function.



_________________
The path of the righteous man is beset on all sides by the inequities of the selfish and the tyranny of evil men. Blessed is he, who in the name of charity and good will, shepherds the weak through the valley of darkness, for he is truly his brother's keeper and the finder of lost children. And I will strike down upon thee with great vengeance and furious anger those who would attempt to poison and destroy my brothers. And you will know my name is the Lord when I lay my vengeance upon thee. Ezekiel 25:17
Back to top Reply with quote
#5   re: error messages when posting code
gutchunks
CZ Newbie
gutchunks has been a member for over 20 year's 20 Year Member
Status: Offline
Joined: Apr 21, 2004
0.00 posts per day
Posts: 29
Points: 2,148
   
does this only allow admins to post code?



Back to top Reply with quote
Display posts from previous:      
Add To: Del.icio.us  Digg  Google  Spurl  Blink  Furl  Y! MyWeb  
<< View previous topic View next topic >>
Post new topicReply to topic

Jump to 
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum