|  
 Bywalec
 
  
 
 Postów: 382
 Data rejestracji: 09.11.2004 23:19
 
 
 | Je?li dokonywali?cie ju? jaki? zmian w pliku maincore.php - mo?ecie zrobi? poprawk? v6.00.106 r?cznie: Nale?y:
 
 1. Otworzy? plik maincore.php i znale?? wiersz:  373 z funkcj? descript():
 
 
 // This function sanitises news & article submissions
 function descript($text) {
 // Convert problematic ascii characters to their true values
 $search = array("40","41","58","65","66","67","68","69","70",
 "71","72","73","74","75","76","77","78","79","80","81",
 "82","83","84","85","86","87","88","89","90","97","98",
 "99","100","101","102","103","104","105","106","107",
 "108","109","110","111","112","113","114","115","116",
 "117","118","119","120","121","122"
 );
 $replace = array("(",")",":","a","b","c","d","e","f","g","h",
 "i","j","k","l","m","n","o","p","q","r","s","t","u",
 "v","w","x","y","z","a","b","c","d","e","f","g","h",
 "i","j","k","l","m","n","o","p","q","r","s","t","u",
 "v","w","x","y","z"
 );
 $entities = count($search);
 for ($i=0;$i < $entities;$i++) $text = preg_replace("#(&\#)(0*".$search[$i]."+);*#si", $replace[$i], $text);
 // the following is based on code from bitflux (http://blog.bitflux.ch/wiki/)
 // Kill hexadecimal characters completely
 $text = preg_replace('#(&\#x)([0-9A-F]+);*#si', "", $text);
 // remove any attribute starting with "on" or xmlns
 $text = preg_replace('#(<[^>]+[\\"\'])(onmouseover|onmousedown|onmouseup|onmouseout|onmousemove|onclick|ondblclick|onload|xmlns)[^>]*>#iUu',">",$text);
 // remove javascript: and vbscript: protocol
 $text = preg_replace('#([a-z]*)=([\`\'\"]*)javascript:#iUu','$1=$2nojavascript...',$text);
 $text = preg_replace('#([a-z]*)=([\'\"]*)vbscript:#iUu','$1=$2novbscript...',$text);
 //<span style="width: expression(alert('Ping!'));"></span> (only affects ie...)
 $text = preg_replace('#(<[^>]+)style=([\`\'\"]*).*expression\([^>]*>#iU',"$1>",$text);
 $text = preg_replace('#(<[^>]+)style=([\`\'\"]*).*behaviour\([^>]*>#iU',"$1>",$text);
 return $text;
 do {
 $oldstring = $text;
 $string = preg_replace('#</*(applet|meta|xml|blink|link|style|script|embed|object|iframe|frame|frameset|ilayer|layer|bgsound|title|base)[^>]*>#i',"",$text);
 } while ($oldstring != $text);
 return $text;
 }
 
 
 
 usu? ca?o?? powy?szego tego kodu i wstaw poprawion?, poni?sz? funkcj?:
 
 
 function descript($text) {
 // Convert problematic ascii characters to their true values
 $search = array("40","41","58","65","66","67","68","69","70",
 "71","72","73","74","75","76","77","78","79","80","81",
 "82","83","84","85","86","87","88","89","90","97","98",
 "99","100","101","102","103","104","105","106","107",
 "108","109","110","111","112","113","114","115","116",
 "117","118","119","120","121","122"
 );
 $replace = array("(",")",":","a","b","c","d","e","f","g","h",
 "i","j","k","l","m","n","o","p","q","r","s","t","u",
 "v","w","x","y","z","a","b","c","d","e","f","g","h",
 "i","j","k","l","m","n","o","p","q","r","s","t","u",
 "v","w","x","y","z"
 );
 $entities = count($search);
 for ($i=0;$i < $entities;$i++) $text = preg_replace("#(&\#)(0*".$search[$i]."+);*#si", $replace[$i], $text);
 // the following is based on code from bitflux (http://blog.bitflux.ch/wiki/)
 // Kill hexadecimal characters completely
 $text = preg_replace('#(&\#x)([0-9A-F]+);*#si', "", $text);
 // remove any attribute starting with "on" or xmlns
 $text = preg_replace('#(<[^>]+[\\"\'])(onmouseover|onmousedown|onmouseup|onmouseout|onmousemove|onclick|ondblclick|onload|xmlns)[^>]*>#iUu',">",$text);
 // remove javascript: and vbscript: protocol
 $text = preg_replace('#([a-z]*)=([\`\'\"]*)javascript:#iUu','$1=$2nojavascript...',$text);
 $text = preg_replace('#([a-z]*)=([\'\"]*)vbscript:#iUu','$1=$2novbscript...',$text);
 //<span style="width: expression(alert('Ping!'));"></span> (only affects ie...)
 $text = preg_replace('#(<[^>]+)style=([\`\'\"]*).*expression\([^>]*>#iU',"$1>",$text);
 $text = preg_replace('#(<[^>]+)style=([\`\'\"]*).*behaviour\([^>]*>#iU',"$1>",$text);
 $text = preg_replace('#</*(applet|meta|xml|blink|link|style|script|embed|object|iframe|frame|frameset|ilayer|layer|bgsound|title|base)[^>]*>#i',"",$text);
 return $text;
 }
 
 
 Poprawka jest gotowa.
 
 Je?li chcesz ?eby w stopce pojawi?a si? informacja o wy?szej wersji PHP Fusion, wejd? do Panelu Zarz?dzania na Dodatkowe Strony, wklej poni?szy kod i zrób podgl?d. Nastapi wpis do tabeli w bazie danych i od tej pory w stopce widnie? b?dzie:
 Powered by PHP Fusion v6.00.106
 
 kod do wklejenia na Dodatkowych Stronach:
 
 
 <?php
 $result = dbquery("UPDATE ".$db_prefix."settings SET version='6.00.106'");
 echo "<center><br>\nBaza danych uaktualniona.<br><br>\n</center>\n";
 ?>
 
 
 Dodatkowo do pakietu aktualizacyjnego wchodz? poprawione pliki:
 /administration/settings_forum.php
 /administration/forums_prune.php
 Nale?y je wys?a? do katalogu administration.
 Edytowane przez zszywak dnia 02.07.2005 19:16:50
 
 |