You are missing our premiere tool bar navigation system! Register and use it for FREE!

NukeCops  
•  Home •  Downloads •  Gallery •  Your Account •  Forums • 
Readme First
- Readme First! -

Read and follow the rules, otherwise your posts will be closed
Modules
· Home
· FAQ
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· PHP-Nuke HOWTO
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account
Who's Online
There are currently, 70 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
Nuke Cops :: View topic - How to disable html filter? [ ]
 Forum FAQ  •  Search  •   •  Memberlist  •  Usergroups   •  Register  •  Profile •    •  Log in to check your private messages  •  Log in

How to disable html filter?
 
Post new topic  Reply to topicprinter-friendly view Nuke Cops Forum Index » Tips And Tricks
View previous topic Log in to check your private messages View next topic
Author Message
nok1a
Nuke Cadet
Nuke Cadet


Joined: Mar 30, 2007
Posts: 1
PostPosted: Thu Mar 29, 2007 11:36 pm Reply with quoteBack to top
I heed to disable php-nuke html filter.
i founded in mainfile.php this:
Code:
function check_html ($str, $strip="") {
   /* The core of this code has been lifted from phpslash */
   /* which is licenced under the GPL. */
   include("config.php");
   if ($strip == "nohtml")
   $AllowableHTML=array('');
   $str = stripslashes($str);
   $str = eregi_replace("<[[:space:]]*([^>]*)[[:space:]]*>",'<\\1>', $str);
   // Delete all spaces from html tags .
   $str = eregi_replace("<a[^>]*href[[:space:]]*=[[:space:]]*\"?[[:space:]]*([^\" >]*)[[:space:]]*\"?[^>]*>",'<a href="\\1">', $str);
   // Delete all attribs from Anchor, except an href, double quoted.
   $str = eregi_replace("<[[:space:]]* img[[:space:]]*([^>]*)[[:space:]]*>", '', $str);
   // Delete all img tags
   $str = eregi_replace("<a[^>]*href[[:space:]]*=[[:space:]]*\"?javascript[[:punct:]]*\"?[^>]*>", '', $str);
   // Delete javascript code from a href tags -- Zhen-Xjell @ http://nukecops.com
   $tmp = "";
   while (ereg("<(/?[[:alpha:]]*)[[:space:]]*([^>]*)>",$str,$reg)) {
      $i = strpos($str,$reg[0]);
      $l = strlen($reg[0]);
      if ($reg[1][0] == "/") $tag = strtolower(substr($reg[1],1));
      else $tag = strtolower($reg[1]);
      if ($a = $AllowableHTML[$tag])
      if ($reg[1][0] == "/") $tag = "</$tag>";
      elseif (($a == 1) || ($reg[2] == "")) $tag = "<$tag>";
      else {
         # Place here the double quote fix function.
         $attrb_list=delQuotes($reg[2]);
         // A VER
         //$attrb_list = ereg_replace("&","&amp;",$attrb_list);
         $tag = "<$tag" . $attrb_list . ">";
      } # Attribs in tag allowed
      else $tag = "";
      $tmp .= substr($str,0,$i) . $tag;
      $str = substr($str,$i+$l);
   }
   $str = $tmp . $str;
   return $str;
   exit;
   /* Squash PHP tags unconditionally */
   $str = ereg_replace("<\?","",$str);
   return $str;

What i must do to disable this?
i try to comment it, but then nuke doesnt work Sad

PS dont say me about adding tags in $AllowableHTML, i need to disable filter AT ALL.
Find all posts by nok1aView user's profileSend private message
Evaders99
Site Admin
Site Admin


Joined: Aug 17, 2003
Posts: 12397
PostPosted: Tue Apr 03, 2007 7:16 pm Reply with quoteBack to top
Code:

function check_html ($str, $strip="") {
  return str;
}


You're making yourself extremely vulnerable. Good look with that

_________________
Helping those that help themselves
Read FIRST or DIE!

"Fighting is terrible, but not as terrible as losing the will to fight."
Star Wars Rebellion Network - Need Help? Evaders Squadron Coding
Find all posts by Evaders99View user's profileSend private messageVisit poster's websiteAIM Address
BlackCalvinist
Nuke Cadet
Nuke Cadet


Joined: May 27, 2006
Posts: 3

Location: EC, MD
PostPosted: Sat Apr 07, 2007 5:20 am Reply with quoteBack to top
Is there a way to have it not strip the HTML and not be vulnerable ? I have several articles in the topics module on my site that had images, tables, etc.... no more. Sad

_________________
LIVE Your Theology.
Theologically Correct dot Com
Find all posts by BlackCalvinistView user's profileSend private messageVisit poster's websiteAIM AddressYahoo Messenger
Evaders99
Site Admin
Site Admin


Joined: Aug 17, 2003
Posts: 12397
PostPosted: Sat Apr 07, 2007 6:12 pm Reply with quoteBack to top
Put only the proper HTML tags you want to use into the allowed tags in config.php

_________________
Helping those that help themselves
Read FIRST or DIE!

"Fighting is terrible, but not as terrible as losing the will to fight."
Star Wars Rebellion Network - Need Help? Evaders Squadron Coding
Find all posts by Evaders99View user's profileSend private messageVisit poster's websiteAIM Address
Display posts from previous:      
Post new topic  Reply to topicprinter-friendly view Nuke Cops Forum Index » Tips And Tricks
View previous topic Log in to check your private messages View next topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group

Ported by Nuke Cops © 2003 www.nukecops.com
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::
Powered by · TOGETHER TEAM srl ITALY http://www.togetherteam.it · DONDELEO E-COMMERCE http://www.DonDeLeo.com
Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 0.375 Seconds - 102 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::