Ejemplo n.º 1
0
function textFilter($source, $opts = array('substr' => 25000)){
	if(!$source) return '';

	$source = stripslashes($source);

	$find = array('/data:/i', '/about:/i', '/vbscript:/i', '/onclick/i', '/onload/i', '/onunload/i', '/onabort/i', '/onerror/i', '/onblur/i', '/onchange/i', '/onfocus/i', '/onreset/i', '/onsubmit/i', '/ondblclick/i', '/onkeydown/i', '/onkeypress/i', '/onkeyup/i', '/onmousedown/i', '/onmouseup/i', '/onmouseover/i', '/onmouseout/i', '/onselect/i', '/javascript/i');		
	$replace = array("d&#097;ta:", "&#097;bout:", "vbscript<b></b>:", "&#111;nclick", "&#111;nload", "&#111;nunload", "&#111;nabort", "&#111;nerror", "&#111;nblur", "&#111;nchange", "&#111;nfocus", "&#111;nreset", "&#111;nsubmit", "&#111;ndblclick", "&#111;nkeydown", "&#111;nkeypress", "&#111;nkeyup", "&#111;nmousedown", "&#111;nmouseup", "&#111;nmouseover", "&#111;nmouseout", "&#111;nselect", "j&#097;vascript");
	$source = preg_replace("#<iframe#i", "&lt;iframe", $source);
	$source = preg_replace("#<script#i", "&lt;script", $source);

	$source = myBr(htmlspecialchars(substr(trim($source), 0, $opts['substr'])));
	$source = str_replace("{", "&#123;", $source);
	$source = str_replace("`", "&#96;", $source);
	$source = preg_replace($find, $replace, $source);

	return mysql_escape_string($source);
}
Ejemplo n.º 2
0
function textFilter($source, $substr_num = false, $strip_tags = false)
{
    global $db;
    if (function_exists("get_magic_quotes_gpc") and get_magic_quotes_gpc()) {
        $source = stripslashes($source);
    }
    $find = array('/data:/i', '/about:/i', '/vbscript:/i', '/onclick/i', '/onload/i', '/onunload/i', '/onabort/i', '/onerror/i', '/onblur/i', '/onchange/i', '/onfocus/i', '/onreset/i', '/onsubmit/i', '/ondblclick/i', '/onkeydown/i', '/onkeypress/i', '/onkeyup/i', '/onmousedown/i', '/onmouseup/i', '/onmouseover/i', '/onmouseout/i', '/onselect/i', '/javascript/i');
    $replace = array("d&#097;ta:", "&#097;bout:", "vbscript<b></b>:", "&#111;nclick", "&#111;nload", "&#111;nunload", "&#111;nabort", "&#111;nerror", "&#111;nblur", "&#111;nchange", "&#111;nfocus", "&#111;nreset", "&#111;nsubmit", "&#111;ndblclick", "&#111;nkeydown", "&#111;nkeypress", "&#111;nkeyup", "&#111;nmousedown", "&#111;nmouseup", "&#111;nmouseover", "&#111;nmouseout", "&#111;nselect", "j&#097;vascript");
    $source = preg_replace("#<iframe#i", "&lt;iframe", $source);
    $source = preg_replace("#<script#i", "&lt;script", $source);
    if (!$substr_num) {
        $substr_num = 25000;
    }
    $source = $db->safesql(myBr(htmlspecialchars(substr(trim($source), 0, $substr_num))));
    $source = str_ireplace("{", "&#123;", $source);
    $source = str_ireplace("`", "&#96;", $source);
    $source = str_ireplace("{theme}", "&#123;theme}", $source);
    $source = preg_replace($find, $replace, $source);
    if ($strip_tags) {
        $source = strip_tags($source);
    }
    return $source;
}
Ejemplo n.º 3
0
     }
     die;
     break;
     //################### Сохранение описания к фотографии ###################//
 //################### Сохранение описания к фотографии ###################//
 case "save_descr":
     NoAjaxQuery();
     $id = intval($_POST['id']);
     $user_id = $user_info['user_id'];
     $descr = ajax_utf8(textFilter($_POST['descr']));
     //Выводим фотку из БД, если она есть
     $row = $db->super_query("SELECT id FROM `" . PREFIX . "_photos` WHERE id = '{$id}' AND user_id = '{$user_id}'");
     if ($row) {
         $db->query("UPDATE `" . PREFIX . "_photos` SET descr = '{$descr}' WHERE id = '{$id}' AND user_id = '{$user_id}'");
         //Ответ скрипта
         echo stripslashes(myBr(htmlspecialchars(ajax_utf8(trim($_POST['descr'])))));
     }
     die;
     break;
     //################### Страница редактирование фотографии ###################//
 //################### Страница редактирование фотографии ###################//
 case "editphoto":
     NoAjaxQuery();
     $id = intval($_GET['id']);
     $user_id = $user_info['user_id'];
     $row = $db->super_query("SELECT descr FROM `" . PREFIX . "_photos` WHERE id = '{$id}' AND user_id = '{$user_id}'");
     if ($row) {
         echo stripslashes(myBrRn($row['descr']));
     }
     die;
     break;