html

[iseeyou94056]

how do i make it so that my users cant use html in my site only bbcode because right now they can use both say for the profile sig they can put either or and they will do the same thing and i dont want html being alloud

[Djkanna]

strip_tags,

htmlentities

filter_sanitize_string.

Three options to disallow html.

[iseeyou94056]

i got my profile sigs to work with htmlentities but i cant get anything to work with my mailbox what should i d to it here is the code

 

$fm=urlencode($r['mail_text']);
print <<<EOF
<tr>
<td>[url='mailbox.php?action=compose&ID={$r[']Reply[/url]


[url='mailbox.php?action=forward&ID={$r[']Forward[/url]


[url='mailbox.php?action=delete&ID={$r[']Delete[/url]


[url='preport.php?ID={$r[']Report[/url]
</td>
<td>{$r['mail_text']}</td>

[Djkanna]

Put above print <<<EOF

$r['mail_text'] = htmlentities($r['mail_text'], ENT_QUOTES);

[iseeyou94056]

that mainly did it but that dont stop from someone using this

<script type='text/javascript'> window.location = 'http://www.example.com/' </script>' 

[iseeyou94056]

and the

$r['mail_text'] = htmlentities($r['mail_text'], ENT_QUOTES); 

stopped my bbcode

[Djkanna]

The parse the bbcode after that, and no it doesn't stop them from typing it, but it doesn't execute, you did read the manual on each function provide above?

[iseeyou94056]

no but i looked them all up on how to use them and i tried it all and none worked

[rulerofzu]

As DJK stated parse the bbcode which your not doing.

[iseeyou94056]

i though i knew how but i huess i dont i cant get anything to work

[lucky3809]

you need to add your bbcode stuff to that line like...(example only)...

$r['mail_text']=$bbcode->Parse(htmlentities($r['mail_text'], ENT_QUOTES));

if your just copying and pasting

$r['mail_text']=htmlentities($r['mail_text'], ENT_QUOTES);

your bbcode isnt going to work.

[iseeyou94056]

i still cant get it to work i will keep trying tho