Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Emergency! Our guestbook is getting trashed by HTML! 1

Status
Not open for further replies.
JCHallgren

JCHallgren

Technical User
Dec 17, 2004
47
0
0
US
TOTAL NEWBIE here! I belong to a Chatroom that uses common freeware code...we are having problem with spammers posting HTML comments "<!--" and "-->" that knock out OUR post entries...i am trying to assist the owner of list with problem...

will setting "$allow_html to 0" block HTML code from being entered? i see that it does something, but have NO clue as to what...

I would LOVE to set the value of "comments" field to SPACES upon detection of ANY HTML code in it so that it would fall into the blank comments error routine and thus block that entry! How could I do so???

THANKS!!

This is section of code from original GUESTBOOK from Matt's Script Archive that i need HELp with:
__________________________________
foreach $pair (@pairs) {
($name, $value) = split(/=/, $pair);

# Un-Webify plus signs and %-encoding
$value =~ tr/+/ /;
$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
$value =~ s/<!--(.|\n)*-->//g;

if ($allow_html != 1) {
$value =~ s/<([^>]|\n)*>//g;
}

$FORM{$name} = $value;}

# Print the Blank Response Subroutines
&no_comments unless $FORM{'comments'};
&no_name unless $FORM{'realname'};
_______________________________________
 
Sort by date Sort by votes
Setting $allow_html to 0 would remove all HTML from comments that are submitted.

Much more importantly, Matt's Scripts are well known to be buggy and insecure (for example, even the what you've posted is horrible code).

You'd be better off using the NMS replacements for Matt's Scripts. Have a read of their FAQ if you're still unconvinced.
 
Upvote 0 Downvote
Matt was doing his best for f'All, it's not wright to go so hard on people who supply software for free, and expect it to be flawless

"warranty not implied or explicit in nature"
--Paul


cigless ...
 
Upvote 0 Downvote
What do u find wrong with the code. (MSA)
As someone who is slowly learning Perl it would be helpfull to understand some bad code techniques.

is it just that its not using the CGI module ?

DT
 
Upvote 0 Downvote
Check out ishnid's links in his post above
--Paul

cigless ...
 
Upvote 0 Downvote
THANKS much to Ishnid for the pointers to the updated vers of code!

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Limbomusic
  • Locked
  • Question
Perl files getting accessed directly
Replies
0
Views
72
Limbomusic
Limbomusic
audiopro
  • Locked
  • Question
HTML::Template
Replies
0
Views
58
audiopro
audiopro
tonykent
  • Locked
  • Question
sort by hash key before printing
Replies
3
Views
85
tonykent
tonykent
Mayur09
  • Locked
  • Question
Given date is 6 months older or not
Replies
1
Views
60
prex1
prex1
audiopro
  • Locked
  • Question
Getting full path from Find::File 1
Replies
2
Views
44
audiopro
audiopro

Part and Inventory Search

Sponsor

Back
Top