Closed Thread Icon

Topic awaiting preservation: Crap killed stripping tags thread by accident Pages that link to <a href="https://ozoneasylum.com/backlink?for=27702" title="Pages that link to Topic awaiting preservation: Crap killed stripping tags thread by accident" rel="nofollow" >Topic awaiting preservation: Crap killed stripping tags thread by accident\

 
Author Thread
bitdamaged
Maniac (V) Mad Scientist

From: 100101010011 <-- right about here
Insane since: Mar 2000

posted posted 03-28-2006 23:17

I was trying to delete a double post and ended up killing someone's thread about stripping HTML.

Can you repost?

BTW I Was mentioning the strip_tags() function in PHP when I had this brain fart.



.:[ Never resist a perfect moment ]:.

redroy
Paranoid (IV) Inmate

From: 1393
Insane since: Dec 2003

posted posted 03-29-2006 19:40

That was my thread... no problem.

Yeah, I started looking at strip_tags() but it seemed that preg_replace() was more what I'm after cause I really just want to specify what can't be used... ie. like allow <a> tags but no onmouseover.

So I've got...

code:
function stripData($string)
{
	$string = preg_replace('@<script[^>]*?>.*?</script>@si', '(Script removed. No scripts allowed.)', $string);
	return $string;
}

...to handle removing <script>'s but I grabbed the "@<script[^>]*?>.*?</script>@si" from here and that's the part that's a bit over my head. Really it's the deliminators that confuse me... I know I can virtually set it up to remove anything but I just don't get it. I was thinking something along the lines of replacing <script with <?php and so forth to remove php but obviously question marks are being used to specify something else (everything between maybe?).

All and all, I would like to just repeat the preg_replace above to remove all php, object, applet, meta, form, onmouseover and anything else that could be potentially dangerous...

Moon Shadow
Paranoid (IV) Inmate

From: Rouen, France
Insane since: Jan 2003

posted posted 03-30-2006 00:37

redroy : There is an useful link on the preg_replace page :

http://www.mkssoftware.com/docs/man5/regexp.5.asp

It should help with understanding regular expressions.

----
If wishes were fishes, we'd all cast nets.

redroy
Paranoid (IV) Inmate

From: 1393
Insane since: Dec 2003

posted posted 03-30-2006 05:39

I lied... ended up going with strip_tags() after all... I took this bit 'o functions and turned it into something I understand a little better:

code:
$allowedTags = '<b><i><u><a><div><img><ul><li><hr><blockquote>';
$stripAttrib = 'javascript:|onclick|ondblclick|onmousedown|onmouseup|onmouseover|onmousemove|onmouseout|onkeypress|onkeydown|onkeyup';

function stripData($string)
{
	global $allowedTags, $stripAttrib;
	while($string != strip_tags($string, $allowedTags))
	{
		$string = strip_tags($string, $allowedTags);
	}
	while($string != stripslashes(preg_replace("/$stripAttrib/i", 'FORBIDDEN', $string)))
	{
		$string = stripslashes(preg_replace("/$stripAttrib/i", 'FORBIDDEN', $string));
	}
	return $string;
}

Seems to work pretty well. I'd appreciate any pointers if this doesn't look quite right to anybody. thanks!

Tyberius Prime
Maniac (V) Mad Scientist with Finglongers

From: Germany
Insane since: Sep 2001

posted posted 03-30-2006 06:42

you know... you can use the admin log to restore deleted threads!

bitdamaged
Maniac (V) Mad Scientist

From: 100101010011 <-- right about here
Insane since: Mar 2000

posted posted 03-30-2006 18:46

Ack I was looking in the admin I thought that was there somewhere.



.:[ Never resist a perfect moment ]:.

Tyberius Prime
Maniac (V) Mad Scientist with Finglongers

From: Germany
Insane since: Sep 2001

posted posted 03-30-2006 21:37

ok.. ->adminlog, look for the appropriate row, 'show details', then 'restore deleted object' would be the way to go.

redroy
Paranoid (IV) Inmate

From: 1393
Insane since: Dec 2003

posted posted 04-06-2006 22:43

Crap... I've run into a small problem. The stripData function I posted above is working wonderfully if things are coded correctly... the problem is, for example, if a user types a tag wrong like...

code:
<a name="anchor"</a>

...everything below that error is gone (poof!). How could I make it a little more dummy proof?

« BackwardsOnwards »

Show Forum Drop Down Menu