Loading ...
The Echo Theme

Make your video site available on all devices with the Echo theme. See the live demo.

LIVE DEMO

after update to 2.1 > comments '<'.removeEvilAttributes('b

Board index / PHP Melody - Video CMS

For PHP Melody version 2 and newer

Postby EGYPT on Dec 14, 2013 8 am


hello phpM Team
i noticed that after updating my website from v2.0.1 to v2.1
my comments system allow to anyone and i use blacklist function ,
every comment from visitors .. after submit comment , write automatically '<'.removeEvilAttributes('br /').'>'
screen shot
Image
thanks in advance
EGYPT
Verified Customer
Verified Customer
 
Posts: 137
Joined: Jun 14, 2008 4 pm
Reputation points: 0

Postby ciberlinker on Feb 18, 2014 9 am


I have the same problem..
User avatar
ciberlinker
Verified Customer
Verified Customer
 
Posts: 743
Joined: Mar 22, 2008 4 pm
Reputation points: 33

Postby muzikia on Feb 18, 2014 12 pm


Change the comment system to the disqus. no more spam or other issues I've seen here and unsolved.
Here it is a tutorial: http://www.modmyscript.com/add-disqus-o ... elody-2-x/
http://www.ModMyScript.com - PHPMelody plugins and mods since 2008
http://www.HostingWays.com - Shared or VPS Hosting
*** PHP Melody user and plugins maker for 9 years and counting.
User avatar
muzikia
Verified Customer
Verified Customer
 
Posts: 4093
Joined: Mar 24, 2008 6 am
Location: ModMyScript.com - PHPMELODY mods
Reputation points: 167

Postby ciberlinker on Mar 14, 2014 12 pm


muzikia wrote:Change the comment system to the disqus. no more spam or other issues I've seen here and unsolved.
Here it is a tutorial: http://www.modmyscript.com/add-disqus-o ... elody-2-x/

Muzikia the problem is not only in the comments ..
Image
a greeting
User avatar
ciberlinker
Verified Customer
Verified Customer
 
Posts: 743
Joined: Mar 22, 2008 4 pm
Reputation points: 33

Postby muzikia on Mar 14, 2014 7 pm


http://www.ModMyScript.com - PHPMelody plugins and mods since 2008
http://www.HostingWays.com - Shared or VPS Hosting
*** PHP Melody user and plugins maker for 9 years and counting.
User avatar
muzikia
Verified Customer
Verified Customer
 
Posts: 4093
Joined: Mar 24, 2008 6 am
Location: ModMyScript.com - PHPMELODY mods
Reputation points: 167

Postby Trace on Mar 14, 2014 8 pm


Solution
In /include/functions.php FIND
Code: Select all
function removeEvilTags($source)
{
   global $allowedTags;
   $source = RemoveCurseWords(strip_tags($source, $allowedTags));
   return preg_replace('/<(.*?)>/ie', "'<'.removeEvilAttributes('\\1').'>'", $source);
}

REPLACE WITH
Code: Select all
function removeEvilTags($source)
{
   global $allowedTags;
   $source = RemoveCurseWords(strip_tags($source, $allowedTags));
   return preg_replace_callback('/<(.*?)>/i', 'removeTagAttributes', $source);
}
function removeTagAttributes($in){
   return '<'.removeEvilAttributes($in).'>';
}


Note: this will only fix new comments, the ones that are broken will remain broken
User avatar
Trace
Verified Customer
Verified Customer
 
Posts: 2543
Joined: Aug 16, 2010 3 pm
Location: The Netherlands
Reputation points: 1329

Postby ciberlinker on Mar 15, 2014 12 pm


Thanks Trace ;)
User avatar
ciberlinker
Verified Customer
Verified Customer
 
Posts: 743
Joined: Mar 22, 2008 4 pm
Reputation points: 33

Postby adysnake on Mar 16, 2014 7 am


Thanks Trace !!
adysnake
Verified Customer
Verified Customer
 
Posts: 56
Joined: Mar 29, 2009 4 pm
Location: Romania
Reputation points: 20

Postby mephisto on Nov 23, 2018 5 pm


Thanks Trace, been upgrading my old phpmelody 1.6.x to php 7.2 and this was one of the remaining issues.
mephisto
Verified Customer
Verified Customer
 
Posts: 2885
Joined: Sep 30, 2008 8 am
Reputation points: -6


Who is online

Users browsing this forum: No registered users and 1 guest

cron