27.10.2008, 17:16
|
|
Познавший АНТИЧАТ
Регистрация: 18.02.2008
Сообщений: 1,136
Провел на форуме:
17621293
Репутация:
4915
|
|
Invision Power Board <=v2.3.4 BBCodes XSS
Автор: +toxa+
добавленный кодес в class_bbcode_core.php
PHP код:
......................
$match[ $_content ][$i] = preg_replace( '#(style)=#is', "$1=", $match[ $_content ][$i] );
$match[ $_option ][$i] = preg_replace( '#(style)=#is', "$1=", $match[ $_option ][$i] );
.......................
//-----------------------------------------
// Don't let emos in URL..
//-----------------------------------------
if ( $this->parse_smilies )
{
if ( count( $this->ipsclass->cache['emoticons'] ) > 0 )
{
foreach( $this->ipsclass->cache['emoticons'] as $row)
{
$code = $row['typed'];
$code = str_replace( '<', '<', str_replace( '>', '>', $code ) );
if( strpos( $url, $code ) )
{
$new = '';
for( $i=0; $i<strlen($code); $i++ )
{
//print dechex(ord($code{$i})).'<Br>';
$new .= '%' . dechex(ord($code{$i}));
}
$url = str_replace( $code, $new, $url );
}
}
// Using the :/ smiley
$url = str_replace( 'http%3a%2f', 'http:/', $url );
}
}
$url = htmlspecialchars($url);
.......................
//-----------------------------------------
// Don't let emos in URL..
//-----------------------------------------
if ( $this->parse_smilies )
{
if ( count( $this->ipsclass->cache['emoticons'] ) > 0 )
{
foreach( $this->ipsclass->cache['emoticons'] as $row)
{
$code = $row['typed'];
$code = str_replace( '<', '<', str_replace( '>', '>', $code ) );
if( strpos( $url['html'], $code ) )
{
$new = '';
for( $i=0; $i<strlen($code); $i++ )
{
//print dechex(ord($code{$i})).'<Br>';
$new .= '%' . dechex(ord($code{$i}));
}
$url['html'] = str_replace( $code, $new, $url['html'] );
}
}
// Using the :/ smiley
$url['html'] = str_replace( 'http%3a%2f', 'http:/', $url['html'] );
}
}
$url['html'] = htmlspecialchars( $url['html'] );
......................
кому интересно, думаете)
PS Материал востановлен
Дата публикации: 22.02.2008, 22:22
Автор +toxa+
|
|
|