Кто-нибудь пробовал сделать? И как это в плане безопасности?
Версия системы: SLAED CMS 2.6 Lite
Версия PHP: PHP 5
function NewsRedaktor() {
global $admin_file;
echo "<script type=\"text/javascript\" src=\"modules/tiny_mce/tiny_mce.js\"></script>
<script type=\"text/javascript\">
tinyMCE.init({
mode : \"textareas\",
theme : \"advanced\",
plugins : \"safari,pagebreak,style,layer,table,save,advhr,advimage,advlink,emotions,iespell,inlinepopups,insertdatetime,preview,media,searchreplace,print,contextmenu,paste,directionality,fullscreen,noneditable,visualchars,nonbreaking,xhtmlxtras,template\",
theme_advanced_buttons1 : \"bold,italic,underline,strikethrough,|,justifyleft,justifycenter,justifyright,justifyfull,fontselect,fontsizeselect\",
theme_advanced_buttons2 : \"bullist,numlist,|,outdent,indent,blockquote,|,undo,redo,|,link,unlink,anchor,image,cleanup,help,code\",
theme_advanced_buttons3 : \"save,newdocument,|,cut,copy,paste,pastetext,pasteword,|,search,replace,|,forecolor,backcolor,|,preview\",
theme_advanced_buttons4 : \"hr,removeformat,visualaid,|,sub,sup,|,charmap,emotions,iespell,media,advhr,|,print,|,ltr,rtl,|,fullscreen\",
theme_advanced_buttons5 : \"tablecontrols\",
theme_advanced_buttons6 : \"insertlayer,moveforward,movebackward,absolute,|,styleprops,|,cite,abbr,acronym,del,ins,attribs,|,visualchars,nonbreaking,template,pagebreak\",
theme_advanced_toolbar_location : \"top\",
theme_advanced_toolbar_align : \"center\",
theme_advanced_statusbar_location : \"bottom\",
theme_advanced_resizing : true,
language: \"".substr(_LOCALE, 0, 2)."\",
content_css : \"css/content.css\",
template_external_list_url : \"lists/template_list.js\",
external_link_list_url : \"lists/link_list.js\",
external_image_list_url : \"lists/image_list.js\",
media_external_list_url : \"lists/media_list.js\",
template_replace_values : {
username : \"Some User\",
staffid : \"991234\"
}
});
</script>"
."<center><textarea id=\"elm1\" name=\"elm1\" cols=\"100\" rows=\"25\"></textarea></center>";
}
foreach ($_POST as $var_name=>$var_value) { if (preg_match("/<.*?(script|body|object|iframe|applet|meta|style|form|onmouseover).*?>/i", urldecode($var_value))) warn_report("HTML in POST - ".$var_name." = ". $var_value.""); if ($security_url_post == 1) { if (preg_match("/^(http\:\/\/|ftp\:\/\/|\/\/|https:\/\/|php:\/\/|\/\/)/i", $var_value)) warn_report("URL in POST - ".$var_name." = ". $var_value); } $security_string = "/UNION|OUTFILE|SELECT|ALTER|INSERT|DROP|".$prefix."_admins|".$prefix."_users|ModAdmin|SaveAdmin|EditAdmin|DelAdmin/i"; $security_decode = base64_decode($var_value); if (preg_match($security_string, $security_decode)) hack_report("Hack base64 in POST - ".$var_name." = ". $var_value.""); if (preg_match($security_string, $var_value)) hack_report("Hack in POST - ".$var_name." = ". $var_value.""); $security_slash = preg_replace("/\/\*.*?\*\//", "", $var_value); if (preg_match($security_string, $security_slash)) hack_report("Hack in POST - ".$var_name." = ". $var_value.""); }
if (preg_match("/<.*?(script|body|object|iframe|applet|meta|style|form|onmouseover).*?>
Форум
Контакты