A little help please ..

[CJ - Twitch]

This is my little bit of code and i'm trying to make it allow image tags...

 

$message = stripslashes(strip_tags($message, '
'));

 

Any ideas?

[Djkanna]

<?php
// Add to your whitelist
$whitelist = array (
);
// Then use your whitelist within Strip_tags() ;)
$message = strip_tags($message, $whitelist);

?>

[CJ - Twitch]

Thank you DJK but woud should the img tag be? <img src />?

[Djkanna]

Just <img> I would think

<?php

$whitelist = array (
'

',
'<img>',
'[i]',
'
',
);

[Djkanna]

Hmm maybe not I'll get back to you :)

[CJ - Twitch]

So it would be this...

 

$whiteist = array ('

', '<img>', '[i]', '
', '[b]', '<u>');
$message = stripslashes(strip_tags($message, $whiteist));

[Djkanna]

Forget the array();

<?php
// Add to your whitelist
$whitelist = "
<img>

[i]";
// Then use your whitelist within Strip_tags() ;)
$message = "[img=http://domain.tld/image.png] 
Some Text [i]WooP[/i]

Hello</p>";
$message = strip_tags($message, $whitelist);
echo $message;
?>

[CJ - Twitch]

Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING in /home/public_html/jailshout.php on line 10

Line 10

 

$whiteist "
<img>[i]

<u>";

[Djkanna]

$whitelist = "string";

[CJ - Twitch]

Here is the code...

 

<?
if(isset($_POST['Submit']))
{
?><table width="100%" border="0" cellspacing="1" bordercolor="#000000" bgcolor="#333333">
 <tr>
   <td width="432"><?

$dataf = "jailshouts.txt";
$name = $ir['username'];
$whiteist "
<img>[i]

<u>";
$codes = array(':)', ':D', ':O');
$images = array('[img=images/smile/smile.gif]', '[img=images/smile/biggrin.gif]', '[img=images/smile/wow.gif]');
$message = str_replace($codes, $images, $_POST['message']);

$fo=fopen("$dataf","r");
$stuff=file_get_contents("$dataf");
fclose($fo);

$message = strip_tags($message, $whiteist);
$comfile = file($dataf);

if ($message != "")
{
  $file = fopen("$dataf","w");
  $stuff2 = "<table width='90%'  border='0' align='center' cellspacing='1'>
    <tr>
      <td><font color=black>[i]$name[/i]:  [b]$message[/b]</font></td>
    </tr>
  </table>";
  $stuff3=$stuff2.$stuff;
  $write = fwrite($file,"$stuff3");
  fclose($file);

}
?></td>
 </tr>
</table><? } ?>


<table width="100%" border="0" cellspacing="1" bordercolor="#000000">
 <tr>
   <td width="432"><form name="guestbook" action="" method="post">



         <input name="message" type="text" id="message"><input type="submit" name="Submit" value="Shout">
       </p>
   </form></td>
 </tr>
</table>




<table width="100%" border="-" cellpadding="0" cellspacing="1">
 <tr>
   <td class="style3">[i][b]<font color=black>Shouts</font>[/b][/i]::</td>
 </tr>
 <tr>
   <td><? include("jailshouts.txt"); ?></td>
 </tr>
</table>

 

I am trying to add smilies to seanybobs jail chat and prevent meta refresh/meta redirect tags...

The smilies work fine untill i prevent the meta tags and then they don't..

[Magictallguy]

Show us lines 8 - 11 of jailshout.php

[Magictallguy]

$whitelist = "the tags here";

You were missing the =

[CJ - Twitch]

xD

[Djkanna]

:O I said that lmao

[CJ - Twitch]

thank you DJK and MTG

[a_bertrand]

Either you use strip_tags to remove ALL, or you should not use it at all. Why? Because strip tags will keep all parameters of your allowed tags, which means, an imagine can be displayed as a link (via JS / CSS) or have effect with on mouse over and more. It's really not safe. If you need to be on the safe side, I can help you with, but please DO NOT use strip_tags for that purpose.

[seanybob]

I HIGHLY recommend that if you use that jailshout, you set parse the user input through some BBCODE engine or an html purifier.

It was a free mod for a reason - it had the barebones that works, but no security.

Search these forums for topics related to BBCODE, or google html purifier - either should do the trick.