Using the word "script" in a block

Nuke Cadet Joined: Jul 31, 2003 Posts: 9

Sometime ago I edited something so that nuke didnt magically ban the word "script"

Since upgrading however the chanage I made is gone and now I cannot edit existing block with the word "script" in, nor can I add any new blocks using the word "script"

Thing is I cannot for the life of me remember how I did it or where I found the original fix.

Can anyone help ?

Thanks

Sean

Posted: Sat Aug 02, 2003 4:23 pm

Open mainfile.php and change:

Code:

foreach ($_POST as $secvalue) {
if (eregi("<[^>]*script*\"?[^>]*>", $secvalue)) {
Header("Location: index.php");
die();
}
}

to:

Code:

foreach ($_POST as $secvalue) {
if (eregi("<[^>]script*\"?[^>]*>", $secvalue)) {
Header("Location: index.php");
die();
}
}

Posted: Sat Aug 02, 2003 4:24 pm

If you still have problems remove the other * from script*

Nuke Cadet Joined: Jul 31, 2003 Posts: 9

chatserv wrote:

If you still have problems remove the other * from script*

Hi Chatserv,

That looks like the solution I used last time, but I've just tried both methods and still cannot either edit or create a new block with a url containing "script"

Can you think of anything else ?

If I were to remove that snippet of code, from where to where in the code would I make the cut ?

Thanks for your help,

Sean

Nuke Cadet Joined: Jul 31, 2003 Posts: 9

Thanks to Chatserv for pointing me in the right direction, I have fixed the problem.

I deleted the code he indicated in his post and everything is now working fine again.

For anyone else that want to do this, back up your mainfile.php and then remove

this

{

foreach ($_POST as $secvalue) {
if (eregi("<[^>]script*\"?[^>]*>", $secvalue)) {
Header("Location: index.php");
die();
}

Hope thats useful to someone Smile

Sean

Posted: Sat Aug 02, 2003 7:07 pm

Of course you should be aware that removing that code opens your site to possible attacks