Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
methode to secure post
thetryr
New
what methods are vanilla using to secure the post?
0
Answers
You mean so nobody can see it?
or to prevent spammers?
or what?
I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.
i try to create my own script like Feed Discussion and i need to know what methods are vanilla used to secure the post. Just like, whe we post style tag for css script, vanilla removes that automatically.
I am confused
There was an error rendering this rich post.
htmlLawed
grep is your friend.
Oh you mean something like HtmLawed - something to validate and/or strip tags.
you could write your own preg_replace to replace anything that is not A-Za-z0-9 or whatever you want.
http://php.tutorialref.com/preg_replace-example.html
http://php.net/manual/en/function.preg-replace.php
I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.
i known the preg_replace, lol. The point is i want my automatic posts do the same as when we post manually.
htmlawed? I dont think so, cause i directly post to mysql database
i think thats the point...
Vanilla Wiki, Tastes Great! 31,000 viewers can't be wrong. || Plugin Development Explained
this question is so vague it is almost not worth answering.
grep is your friend.
this is what iv done, need sugestion to make it secure
----#curl euy#----------------
$tautan = 'http://localhost/index.php?qa=feed&qa_1=questions.rss';
$target = curl_init();
curl_setopt($target, CURLOPT_URL, $tautan);
curl_setopt($target, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($target, CURLOPT_CONNECTTIMEOUT, 20); // Time out 20 detik bisi di suspend
$ebol = curl_exec($target);
curl_close($target);
// $ebol = file_get_contents($tautan);
// $x = simplexml_load_string($ebol);
$x = new SimpleXmlElement($ebol);
----------------------------
foreach($x->channel->item as $item)
{
$titlepost = $item->title;
$titlepost = mysql_real_escape_string($titlepost);
$contentpost = $item->description;
$contentpost = mysql_real_escape_string($contentpost);
if($contentpost && $titlepost){
if(!mysql_num_rows(mysql_query("SELECT Name FROM GDN_discussion WHERE Name='$titlepost'")))
mysql_query("INSERT INTO GDN_discussion(CategoryID, InsertUserID, UpdateUserID, Name, Body, Format, DateInserted, DateUpdated)
VALUES('1', '1', '1', '$titlepost', '$contentpost', 'Html', '$dateTime', '$dateTime')") or
die(mysql_error());
}
by secure you mean strip out the potentially harmful tags such as
Assuming yes... then you need to add a function
html_tag_stripper($content){ //do work }then you need to call it...
that function would basically do what html lawed does...
Vanilla Wiki, Tastes Great! 31,000 viewers can't be wrong. || Plugin Development Explained
nobody would go to an easter egg hunt if the eggs were always sitting in a pile in the middle of the field.
Vanilla Wiki, Tastes Great! 31,000 viewers can't be wrong. || Plugin Development Explained
Sometimes deciphering the question is harder than providing the solution to a well framed question.
There are a few masters of the indecipherable question here, I could name a few but you know who you are and we know who you are.
I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.
it's like watching a murder mystery.. who dunnit?
Vanilla Wiki, Tastes Great! 31,000 viewers can't be wrong. || Plugin Development Explained