Topic awaiting preservation: Crap killed stripping tags thread by accident (Page 1 of 1) $Pages that link to <a href="https://ozoneasylum.com/backlink?for=27702" title="Pages that link to Topic awaiting preservation: Crap killed stripping tags thread by accident (Page 1 of 1)" rel="nofollow" >Topic awaiting preservation: Crap killed stripping tags thread by accident <span class="small">(Page 1 of 1)</span>\$

bitdamaged Maniac (V) Mad Scientist From: 100101010011 <-- right about here Insane since: Mar 2000	posted 03-28-2006 23:17 I was trying to delete a double post and ended up killing someone's thread about stripping HTML. Can you repost? BTW I Was mentioning the strip_tags() function in PHP when I had this brain fart. .:[ Never resist a perfect moment ]:.
redroy Paranoid (IV) Inmate From: 1393 Insane since: Dec 2003	posted 03-29-2006 19:40 That was my thread... no problem. Yeah, I started looking at strip_tags() but it seemed that preg_replace() was more what I'm after cause I really just want to specify what can't be used... ie. like allow <a> tags but no onmouseover. So I've got... code: function stripData($string) { $string = preg_replace('@<script[^>]?>.?</script>@si', '(Script removed. No scripts allowed.)', $string); return $string; } ...to handle removing <script>'s but I grabbed the "@<script[^>]?>.?</script>@si" from here and that's the part that's a bit over my head. Really it's the deliminators that confuse me... I know I can virtually set it up to remove anything but I just don't get it. I was thinking something along the lines of replacing <script with <?php and so forth to remove php but obviously question marks are being used to specify something else (everything between maybe?). All and all, I would like to just repeat the preg_replace above to remove all php, object, applet, meta, form, onmouseover and anything else that could be potentially dangerous...
Moon Shadow Paranoid (IV) Inmate From: Rouen, France Insane since: Jan 2003	posted 03-30-2006 00:37 redroy : There is an useful link on the preg_replace page : http://www.mkssoftware.com/docs/man5/regexp.5.asp It should help with understanding regular expressions. ---- If wishes were fishes, we'd all cast nets.
redroy Paranoid (IV) Inmate From: 1393 Insane since: Dec 2003	posted 03-30-2006 05:39 I lied... ended up going with strip_tags() after all... I took this bit 'o functions and turned it into something I understand a little better: code: $allowedTags = '<b><i><u><a><div><img><ul><li><hr><blockquote>'; $stripAttrib = 'javascript:\|onclick\|ondblclick\|onmousedown\|onmouseup\|onmouseover\|onmousemove\|onmouseout\|onkeypress\|onkeydown\|onkeyup'; function stripData($string) { global $allowedTags, $stripAttrib; while($string != strip_tags($string, $allowedTags)) { $string = strip_tags($string, $allowedTags); } while($string != stripslashes(preg_replace("/$stripAttrib/i", 'FORBIDDEN', $string))) { $string = stripslashes(preg_replace("/$stripAttrib/i", 'FORBIDDEN', $string)); } return $string; } Seems to work pretty well. I'd appreciate any pointers if this doesn't look quite right to anybody. thanks!
Tyberius Prime Maniac (V) Mad Scientist with Finglongers From: Germany Insane since: Sep 2001	posted 03-30-2006 06:42 you know... you can use the admin log to restore deleted threads!
bitdamaged Maniac (V) Mad Scientist From: 100101010011 <-- right about here Insane since: Mar 2000	posted 03-30-2006 18:46 Ack I was looking in the admin I thought that was there somewhere. .:[ Never resist a perfect moment ]:.
Tyberius Prime Maniac (V) Mad Scientist with Finglongers From: Germany Insane since: Sep 2001	posted 03-30-2006 21:37 ok.. ->adminlog, look for the appropriate row, 'show details', then 'restore deleted object' would be the way to go.
redroy Paranoid (IV) Inmate From: 1393 Insane since: Dec 2003	posted 04-06-2006 22:43 Crap... I've run into a small problem. The stripData function I posted above is working wonderfully if things are coded correctly... the problem is, for example, if a user types a tag wrong like... code: <a name="anchor"</a> ...everything below that error is gone (poof!). How could I make it a little more dummy proof?

Topic awaiting preservation: Crap killed stripping tags thread by accident (Page 1 of 1) $Pages that link to <a href="https://ozoneasylum.com/backlink?for=27702" title="Pages that link to Topic awaiting preservation: Crap killed stripping tags thread by accident (Page 1 of 1)" rel="nofollow" >Topic awaiting preservation: Crap killed stripping tags thread by accident <span class="small">(Page 1 of 1)</span>\$

bitdamaged
Maniac (V) Mad Scientist

From: 100101010011 <-- right about here
Insane since: Mar 2000

posted 03-28-2006 23:17

I was trying to delete a double post and ended up killing someone's thread about stripping HTML.

Can you repost?

BTW I Was mentioning the strip_tags() function in PHP when I had this brain fart.

.:[ Never resist a perfect moment ]:.

redroy
Paranoid (IV) Inmate

From: 1393
Insane since: Dec 2003

posted 03-29-2006 19:40

That was my thread... no problem.

Yeah, I started looking at strip_tags() but it seemed that preg_replace() was more what I'm after cause I really just want to specify what can't be used... ie. like allow <a> tags but no onmouseover.

So I've got...

code:

function stripData($string)
{
	$string = preg_replace('@<script[^>]*?>.*?</script>@si', '(Script removed. No scripts allowed.)', $string);
	return $string;
}

...to handle removing <script>'s but I grabbed the "@<script[^>]*?>.*?</script>@si" from here and that's the part that's a bit over my head. Really it's the deliminators that confuse me... I know I can virtually set it up to remove anything but I just don't get it. I was thinking something along the lines of replacing <script with <?php and so forth to remove php but obviously question marks are being used to specify something else (everything between maybe?).

All and all, I would like to just repeat the preg_replace above to remove all php, object, applet, meta, form, onmouseover and anything else that could be potentially dangerous...

Moon Shadow
Paranoid (IV) Inmate

From: Rouen, France
Insane since: Jan 2003

posted 03-30-2006 00:37

redroy : There is an useful link on the preg_replace page :

http://www.mkssoftware.com/docs/man5/regexp.5.asp

It should help with understanding regular expressions.

----
If wishes were fishes, we'd all cast nets.

redroy
Paranoid (IV) Inmate

From: 1393
Insane since: Dec 2003

posted 03-30-2006 05:39

I lied... ended up going with strip_tags() after all... I took this bit 'o functions and turned it into something I understand a little better:

code:

$allowedTags = '<b><i><u><a><div><img><ul><li><hr><blockquote>';
$stripAttrib = 'javascript:|onclick|ondblclick|onmousedown|onmouseup|onmouseover|onmousemove|onmouseout|onkeypress|onkeydown|onkeyup';

function stripData($string)
{
	global $allowedTags, $stripAttrib;
	while($string != strip_tags($string, $allowedTags))
	{
		$string = strip_tags($string, $allowedTags);
	}
	while($string != stripslashes(preg_replace("/$stripAttrib/i", 'FORBIDDEN', $string)))
	{
		$string = stripslashes(preg_replace("/$stripAttrib/i", 'FORBIDDEN', $string));
	}
	return $string;
}

Seems to work pretty well. I'd appreciate any pointers if this doesn't look quite right to anybody. thanks!

Tyberius Prime
Maniac (V) Mad Scientist with Finglongers

From: Germany
Insane since: Sep 2001

posted 03-30-2006 06:42

you know... you can use the admin log to restore deleted threads!

bitdamaged
Maniac (V) Mad Scientist

From: 100101010011 <-- right about here
Insane since: Mar 2000

posted 03-30-2006 18:46

Ack I was looking in the admin I thought that was there somewhere.

.:[ Never resist a perfect moment ]:.

Tyberius Prime
Maniac (V) Mad Scientist with Finglongers

From: Germany
Insane since: Sep 2001

posted 03-30-2006 21:37

ok.. ->adminlog, look for the appropriate row, 'show details', then 'restore deleted object' would be the way to go.

redroy
Paranoid (IV) Inmate

From: 1393
Insane since: Dec 2003

posted 04-06-2006 22:43

Crap... I've run into a small problem. The stripData function I posted above is working wonderfully if things are coded correctly... the problem is, for example, if a user types a tag wrong like...

code:

<a name="anchor"</a>

...everything below that error is gone (poof!). How could I make it a little more dummy proof?