Кто-нибудь пробовал сделать? И как это в плане безопасности?
Версия системы: SLAED CMS 2.6 Lite
Версия PHP: PHP 5
function NewsRedaktor() { global $admin_file; echo "<script type=\"text/javascript\" src=\"modules/tiny_mce/tiny_mce.js\"></script> <script type=\"text/javascript\"> tinyMCE.init({ mode : \"textareas\", theme : \"advanced\", plugins : \"safari,pagebreak,style,layer,table,save,advhr,advimage,advlink,emotions,iespell,inlinepopups,insertdatetime,preview,media,searchreplace,print,contextmenu,paste,directionality,fullscreen,noneditable,visualchars,nonbreaking,xhtmlxtras,template\", theme_advanced_buttons1 : \"bold,italic,underline,strikethrough,|,justifyleft,justifycenter,justifyright,justifyfull,fontselect,fontsizeselect\", theme_advanced_buttons2 : \"bullist,numlist,|,outdent,indent,blockquote,|,undo,redo,|,link,unlink,anchor,image,cleanup,help,code\", theme_advanced_buttons3 : \"save,newdocument,|,cut,copy,paste,pastetext,pasteword,|,search,replace,|,forecolor,backcolor,|,preview\", theme_advanced_buttons4 : \"hr,removeformat,visualaid,|,sub,sup,|,charmap,emotions,iespell,media,advhr,|,print,|,ltr,rtl,|,fullscreen\", theme_advanced_buttons5 : \"tablecontrols\", theme_advanced_buttons6 : \"insertlayer,moveforward,movebackward,absolute,|,styleprops,|,cite,abbr,acronym,del,ins,attribs,|,visualchars,nonbreaking,template,pagebreak\", theme_advanced_toolbar_location : \"top\", theme_advanced_toolbar_align : \"center\", theme_advanced_statusbar_location : \"bottom\", theme_advanced_resizing : true, language: \"".substr(_LOCALE, 0, 2)."\", content_css : \"css/content.css\", template_external_list_url : \"lists/template_list.js\", external_link_list_url : \"lists/link_list.js\", external_image_list_url : \"lists/image_list.js\", media_external_list_url : \"lists/media_list.js\", template_replace_values : { username : \"Some User\", staffid : \"991234\" } }); </script>" ."<center><textarea id=\"elm1\" name=\"elm1\" cols=\"100\" rows=\"25\"></textarea></center>"; }
foreach ($_POST as $var_name=>$var_value) { if (preg_match("/<.*?(script|body|object|iframe|applet|meta|style|form|onmouseover).*?>/i", urldecode($var_value))) warn_report("HTML in POST - ".$var_name." = ". $var_value.""); if ($security_url_post == 1) { if (preg_match("/^(http\:\/\/|ftp\:\/\/|\/\/|https:\/\/|php:\/\/|\/\/)/i", $var_value)) warn_report("URL in POST - ".$var_name." = ". $var_value); } $security_string = "/UNION|OUTFILE|SELECT|ALTER|INSERT|DROP|".$prefix."_admins|".$prefix."_users|ModAdmin|SaveAdmin|EditAdmin|DelAdmin/i"; $security_decode = base64_decode($var_value); if (preg_match($security_string, $security_decode)) hack_report("Hack base64 in POST - ".$var_name." = ". $var_value.""); if (preg_match($security_string, $var_value)) hack_report("Hack in POST - ".$var_name." = ". $var_value.""); $security_slash = preg_replace("/\/\*.*?\*\//", "", $var_value); if (preg_match($security_string, $security_slash)) hack_report("Hack in POST - ".$var_name." = ". $var_value.""); }
if (preg_match("/<.*?(script|body|object|iframe|applet|meta|style|form|onmouseover).*?>
Форум
Контакты