Stop data retention! Click here & act! Are you a webmaster and want to participate? Here you can find all necessary material for your website - Willst du auch an der Aktion teilnehmen? Hier findest du alle relevanten Infos und Materialien:
Chris Karakas Online Forum Index Karakas Online
 FAQFAQ   Forum SearchForum Search   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 
have you updated the deprecated eregi function


Goto page Previous  1, 2, 3  Next
 
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.
   Chris Karakas Online Forum Index -> PHP-Nuke Forum RSS Feed of this Forum
Share this page: These icons link to social bookmarking sites where readers can share and discover new web pages.Digg  del.icio.us  tc.eserver.org  Blinklist  Furl  Reddit  Blogmarks  Magnolia  Sphere  Yahoo!  Google  Windows Live  Technorati  Blue Dot  Simpy  Newsvine  Stumble Upon  co.mments.com  Blinkbits  BlogMemes  Connotea  View previous topic :: View next topic  
Author Message
hicux
Captain
Captain


Joined: 06 May 2008
Posts: 242
Location: Nl

PostPosted: Sat Apr 17, 2010 6:15 pm    Post subject:
Reply with quote

Thanks for the explanation arnoldkrg but I still dont get the point when I have to use i or when not.

I know these are lines from the mainfile but if I use those lines then I have to change the editor and I implemented already the last version from TinyMCE editor. 3.3.2

Would you like to test Xtreme V6?

Let me know and I will send you a pm. you need to register first at bestbuildpc.net and then I will make you a subscriber so you can download the the core and test it.

I will get rid of

ereg()
ereg_replace
_________________
http://www.bestbuildpc.net -The power of imagination. Visit us if u are really interesting in phpnuke, software and more stuff.
Back to top
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger
arnoldkrg
President
President


Joined: 29 Jun 2003
Posts: 1578
Location: United Kingdom

PostPosted: Sat Apr 17, 2010 6:53 pm    Post subject: eregi eregi_replace
Reply with quote

If you see eregi or eregi_replace, then these are case insensitive so if you search for abc they will find ABC or AbC or abc i.e they do not take any notice of capitalisation. These need the i switch when using preg.

If you see ereg or ereg_replace, then these are case sensitive and if you search for abc they will only find abc NOT ABC or AbC they DO take notice of capitalisation so in these cases you would NOT use the i switch when using preg

The i switch for preg functions makes the search case insensitive.

Thanks for the offer of testing xtreme v6, but I do not do much with any versions of nuke these days. I have enough to do with maintaining and building sites on a commercial basis.

I only pop in here now and then mainly out of nostalgia
_________________
Image
Back to top
View user's profile Send private message Send e-mail
Slackervaara
Lieutenant
Lieutenant


Joined: 23 Aug 2007
Posts: 174

PostPosted: Sun Apr 18, 2010 6:04 am    Post subject:
Reply with quote

Here you also find suggestions for changes:
http://warpspeed.4thdimension.de/modules.php?name=Forums&file=viewtopic&t=10888&postdays=0&postorder=asc&start=120#43980

BTW, they intend to make RavenNuke compliant with PHP 6.
Back to top
View user's profile Send private message
hicux
Captain
Captain


Joined: 06 May 2008
Posts: 242
Location: Nl

PostPosted: Sun Apr 18, 2010 9:48 am    Post subject:
Reply with quote

wow, now I understand what means the i. Thanks for your explanation. Very Happy
_________________
http://www.bestbuildpc.net -The power of imagination. Visit us if u are really interesting in phpnuke, software and more stuff.
Back to top
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger
hicux
Captain
Captain


Joined: 06 May 2008
Posts: 242
Location: Nl

PostPosted: Sun Apr 18, 2010 9:25 pm    Post subject:
Reply with quote

I want to get rid of these one

Code:
               $EditedMessage = eregi_replace("$CensorList[$i]([^a-zA-Z0-9])","$Replace\\1",$EditedMessage);
            }
         } elseif ($CensorMode == 2) {
            for ($i = 0; $i < count($CensorList); $i++) {
               $EditedMessage = eregi_replace("(^|[^[:alnum:]])$CensorList[$i]","\\1$Replace",$EditedMessage);
            }
         } elseif ($CensorMode == 3) {
            for ($i = 0; $i < count($CensorList); $i++) {
               $EditedMessage = eregi_replace("$CensorList[$i]","$Replace",$EditedMessage);

_________________
http://www.bestbuildpc.net -The power of imagination. Visit us if u are really interesting in phpnuke, software and more stuff.
Back to top
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger
arnoldkrg
President
President


Joined: 29 Jun 2003
Posts: 1578
Location: United Kingdom

PostPosted: Mon Apr 19, 2010 12:01 pm    Post subject: check_words
Reply with quote

That section of code is from the check_words() function in mainfile.php The full section is as follows
Code:
         if ($CensorMode == 1) {
            for ($i = 0; $i < count($CensorList); $i++) {
               $EditedMessage = eregi_replace("$CensorList[$i]([^a-zA-Z0-9])","$Replace\\1",$EditedMessage);
            }
         } elseif ($CensorMode == 2) {
            for ($i = 0; $i < count($CensorList); $i++) {
               $EditedMessage = eregi_replace("(^|[^[:alnum:]])$CensorList[$i]","\\1$Replace",$EditedMessage);
            }
         } elseif ($CensorMode == 3) {
            for ($i = 0; $i < count($CensorList); $i++) {
               $EditedMessage = eregi_replace("$CensorList[$i]","$Replace",$EditedMessage);
            }
         }


I have figured out how the first one works namely:
Code:
         if ($CensorMode == 1) {
            for ($i = 0; $i < count($CensorList); $i++) {
               $EditedMessage = eregi_replace("$CensorList[$i]([^a-zA-Z0-9])","$Replace\\1",$EditedMessage);
            }


Nuke gets the $CensorList array from config.php and you can modify this array there. There are 4 censor modes available in Nuke (set in preferences)
0 is no filter
1 is Exact Match
2 is Match word at the beginning
3 is Match anywhere in the text.

If CensorMode is 1 (Exact match) then what the expression
Code:
eregi_replace("$CensorList[$i]([^a-zA-Z0-9])","$Replace\\1",$EditedMessage);

means is:
find any set of characters in the CensorList which is followed by a character which is not a to z or A to Z or 0 to 9 and replace with the variable $Replace (default is ***** in Nuke) and we are looking for this in the $EditedMessage variable.

So if we had test in the censor list, the expression will not find test (by itself)(because it is not followed by a character) it will not find testx because it is followed by a character from the excluded sets). But it will find test (test followed by a space) (because the space character was not excluded) and also test_ (because the _ (underscore) was not excluded)

It will then replace test with the $Replace variable so test (test followed by a space) will become ***** (still followed by a space). The \\1 after the $Replace variable means to only replace the backreference (the match it found ($Censorlist[$i]) before it found the character which followed it. So only test is replaced not test and the space.

I like to understand what is going on so I can test any codechanges I made. Once I understood what was going on I was able to test a preg version of the above expression.

You can replace
Code:
eregi_replace("$CensorList[$i]([^a-zA-Z0-9])","$Replace\\1",$EditedMessage);


with
Code:
preg_replace("/$CensorList[$i]([^a-zA-Z0-9])/i","$Replace\\1",$EditedMessage);

It works as expected. I know because I understood it (eventually) and tested it. Unfortunately both expressions will also find the word sometest_ which I dont think is what the original authors intended so maybe the expression should actually be revised

I will now proceed to understand and test the other two expressions you quoted and I'll report back later. I may be some time because my mind is frazzled understanding the first one Laughing
_________________
Image
Back to top
View user's profile Send private message Send e-mail
hicux
Captain
Captain


Joined: 06 May 2008
Posts: 242
Location: Nl

PostPosted: Thu Apr 22, 2010 12:48 am    Post subject:
Reply with quote

Thank you very much for taking the time to explain this issue. Super!!!

Very Happy
_________________
http://www.bestbuildpc.net -The power of imagination. Visit us if u are really interesting in phpnuke, software and more stuff.
Back to top
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger
arnoldkrg
President
President


Joined: 29 Jun 2003
Posts: 1578
Location: United Kingdom

PostPosted: Thu May 06, 2010 4:54 pm    Post subject: passing an array to preg_match
Reply with quote

In mainfile.php you will find (around line 160 in PHP-Nuke 8.1) the following:
Code:
 foreach ($_POST as $secvalue) {
  if ((eregi("<[^>]*iframe*\"?[^>]*", $secvalue)) ||
  (eregi("<[^>]*object*\"?[^>]*", $secvalue)) ||
  (eregi("<[^>]*applet*\"?[^>]*", $secvalue)) ||
  (eregi("<[^>]*meta*\"?[^>]*", $secvalue)) ||
  (eregi("<[^>]*onmouseover*\"?[^>]*", $secvalue)) ||
  (eregi("<[^>]script*\"?[^>]*", $secvalue)) ||
  (eregi("<[^>]*body*\"?[^>]*", $secvalue)) ||
  (eregi("<[^>]style*\"?[^>]*", $secvalue))) {
   die ($htmltags);
  }
 }


This prevents the use of several "dangerous html tags" in POST data (usually from a form)

This can be changed to a preg form as follows:

Code:

foreach ($_POST as $secvalue) {
if ((preg_match("/<[^>]*iframe*\"?[^>]*/i", $secvalue)) || (preg_match("/<[^>]*object*\"?[^>]*/i", $secvalue)) || (preg_match("/<[^>]*applet*\"?[^>]*/i", $secvalue)) || (preg_match("/<[^>]*meta*\"?[^>]*/i", $secvalue)) || (preg_match("/<[^>]*body*\"?[^>]*/i", $secvalue)) || (preg_match("/<[^>]*onmouseover*\"?[^>]*>/i", $secvalue)) || (preg_match("/<[^>]*script*\"?[^>]*>/i", $secvalue)) || (preg_match("/<[^>]*style*\"?[^>]*>/i", $secvalue))) {
        die ($htmltags)
}
}


This SHOULD work and usually does!!!!!

But if you pass an array via a form (for example a multiple choice select box), where the eregi function used to ignore the fact that it was an array the preg_match function now is upset because an array has been passed instead of a string. It usually just throws a series of warnings but on some servers can cause an internal server error.

I rewrote my version to catch this problem as follows:

Code:
foreach ($_POST as $secvalue) {
   if (is_array($secvalue))
   {
      foreach ($secvalue as $thissecvalue)
      {
          if ((preg_match("/<[^>]*iframe*\"?[^>]*/i", $thissecvalue)) || (preg_match("/<[^>]*object*\"?[^>]*/i", $thissecvalue)) || (preg_match("/<[^>]*applet*\"?[^>]*/i", $thissecvalue)) || (preg_match("/<[^>]*meta*\"?[^>]*/i", $thissecvalue)) || (preg_match("/<[^>]*body*\"?[^>]*/i", $thissecvalue)) || (preg_match("/<[^>]*onmouseover*\"?[^>]*>/i", $thissecvalue)) || (preg_match("/<[^>]*script*\"?[^>]*>/i", $thissecvalue)) || (preg_match("/<[^>]*style*\"?[^>]*>/i", $thissecvalue))) {
die ($htmltags);
          }         
         }
   }
   else
   {
       if ((preg_match("/<[^>]*iframe*\"?[^>]*/i", $secvalue)) || (preg_match("/<[^>]*object*\"?[^>]*/i", $secvalue)) || (preg_match("/<[^>]*applet*\"?[^>]*/i", $secvalue)) || (preg_match("/<[^>]*meta*\"?[^>]*/i", $secvalue)) || (preg_match("/<[^>]*body*\"?[^>]*/i", $secvalue)) || (preg_match("/<[^>]*onmouseover*\"?[^>]*>/i", $secvalue)) || (preg_match("/<[^>]*script*\"?[^>]*>/i", $secvalue)) || (preg_match("/<[^>]*style*\"?[^>]*>/i", $secvalue))) {
           die ($htmltags);
          }
   }   
}


Basically this tests if the value passed is an array. If it is, then each element of the array is checked via the preg_match function for "dangerous html tags". If it is not an array, then it is passed directly to the preg_match function for the check.
_________________
Image
Back to top
View user's profile Send private message Send e-mail
Slackervaara
Lieutenant
Lieutenant


Joined: 23 Aug 2007
Posts: 174

PostPosted: Sun Jul 11, 2010 5:05 pm    Post subject:
Reply with quote

This is from mainfile.php 7.633:

Code:
while (ereg("<(/?[[:alpha:]]*)[[:space:]]*([^>]*)>",$str,$reg)) {
      $i = strpos($str,$reg[0]);
      $l = strlen($reg[0]);
      if ($reg[1][0] == "/") $tag = strtolower(substr($reg[1],1));
      else $tag = strtolower($reg[1]);
      if ($a = (isset($AllowableHTML[$tag])) ? $AllowableHTML[$tag] : 0)
      if ($reg[1][0] == "/") $tag = "</$tag>";
      elseif (($a == 1) || (empty($reg[2]))) $tag = "<$tag>";
      else {


I tried this but got error messages:

Code:
while (preg_match("/<(/?[[:alpha:]]*)[[:space:]]*([^>]*)>/i",$str,$reg)) {
      
Back to top
View user's profile Send private message
hicux
Captain
Captain


Joined: 06 May 2008
Posts: 242
Location: Nl

PostPosted: Sun Jul 11, 2010 7:24 pm    Post subject:
Reply with quote

Quote:
Open quotewhile (preg_match("/<(/?[[:alpha:]]*)[[:space:]]*([^>]*)>/i",$str,$reg)) {Close quote


Try this Slackervaara

Code:
while (preg_match("/<(/?[[:alpha:]]*)[[:space:]]*([^>]*)>/",$str,$reg)) {

_________________
http://www.bestbuildpc.net -The power of imagination. Visit us if u are really interesting in phpnuke, software and more stuff.
Back to top
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger
Share this page: These icons link to social bookmarking sites where readers can share and discover new web pages.Digg  del.icio.us  tc.eserver.org  Blinklist  Furl  Reddit  Blogmarks  Magnolia  Sphere  Yahoo!  Google  Windows Live  Technorati  Blue Dot  Simpy  Newsvine  Stumble Upon  co.mments.com  Blinkbits  BlogMemes  Connotea 
Display posts from previous:   
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.
   Chris Karakas Online Forum Index -> PHP-Nuke Forum
Page 2 of 3
This page contains valid HTML 4.01 Transitional - click here to check it!
This page contains a valid CSS - click here to check it!

 

Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group