Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Options

methode to secure post

thetryrthetryr New
edited May 2012 in Vanilla 2.0 - 2.8

what methods are vanilla using to secure the post?

Answers

  • Options
    peregrineperegrine MVP
    edited May 2012

    You mean so nobody can see it?
    or to prevent spammers?
    or what?

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

  • Options

    i try to create my own script like Feed Discussion and i need to know what methods are vanilla used to secure the post. Just like, whe we post style tag for css script, vanilla removes that automatically.

  • Options
    422422 Developer MVP

    I am confused

    There was an error rendering this rich post.

  • Options

    htmlLawed

    grep is your friend.

  • Options
    peregrineperegrine MVP
    edited May 2012

    Oh you mean something like HtmLawed - something to validate and/or strip tags.

    you could write your own preg_replace to replace anything that is not A-Za-z0-9 or whatever you want.

    http://php.tutorialref.com/preg_replace-example.html

    http://php.net/manual/en/function.preg-replace.php

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

  • Options

    i known the preg_replace, lol. The point is i want my automatic posts do the same as when we post manually.
    htmlawed? I dont think so, cause i directly post to mysql database

  • Options
    hbfhbf wiki guy? MVP

    thetryr said:
    i known the preg_replace, lol. The point is i want my automatic posts do the same as when we post manually.
    htmlawed? I dont think so, cause i directly post to mysql database

    i think thats the point...

  • Options

    this question is so vague it is almost not worth answering.

    grep is your friend.

  • Options

    this is what iv done, need sugestion to make it secure

    ----#curl euy#----------------

    $tautan = 'http://localhost/index.php?qa=feed&qa_1=questions.rss';
    $target = curl_init();
    curl_setopt($target, CURLOPT_URL, $tautan);
    curl_setopt($target, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($target, CURLOPT_CONNECTTIMEOUT, 20); // Time out 20 detik bisi di suspend
    $ebol = curl_exec($target);
    curl_close($target);
    // $ebol = file_get_contents($tautan);
    // $x = simplexml_load_string($ebol);
    $x = new SimpleXmlElement($ebol);

    ----------------------------

    foreach($x->channel->item as $item)
    {
    $titlepost = $item->title;
    $titlepost = mysql_real_escape_string($titlepost);
    $contentpost = $item->description;
    $contentpost = mysql_real_escape_string($contentpost);
    if($contentpost && $titlepost){
    if(!mysql_num_rows(mysql_query("SELECT Name FROM GDN_discussion WHERE Name='$titlepost'")))
    mysql_query("INSERT INTO GDN_discussion(CategoryID, InsertUserID, UpdateUserID, Name, Body, Format, DateInserted, DateUpdated)
    VALUES('1', '1', '1', '$titlepost', '$contentpost', 'Html', '$dateTime', '$dateTime')") or
    die(mysql_error());
    }

  • Options
    hbfhbf wiki guy? MVP

    by secure you mean strip out the potentially harmful tags such as

     this? 

    Assuming yes... then you need to add a function

    html_tag_stripper($content){
    //do work
    }

    then you need to call it...

    $titlepost = html_tag_stripper($titlepost);
    $contentpost =  html_tag_stripper($contentpost);
    

    that function would basically do what html lawed does...

  • Options
    hbfhbf wiki guy? MVP

    x00 said:
    this question is so vague it is almost not worth answering.

    nobody would go to an easter egg hunt if the eggs were always sitting in a pile in the middle of the field.

  • Options

    hbf said:

    x00 said:
    this question is so vague it is almost not worth answering.

    nobody would go to an easter egg hunt if the eggs were always sitting in a pile in the middle of the field.>

    Sometimes deciphering the question is harder than providing the solution to a well framed question.
    There are a few masters of the indecipherable question here, I could name a few but you know who you are and we know who you are.

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

  • Options
    hbfhbf wiki guy? MVP

    peregrine said:

    hbf said:

    x00 said:
    this question is so vague it is almost not worth answering.

    nobody would go to an easter egg hunt if the eggs were always sitting in a pile in the middle of the field.>

    Sometimes deciphering the question is harder than providing the solution to a well framed question.
    There are a few masters of the indecipherable question here, I could name a few but you know who you are and we know who you are.

    it's like watching a murder mystery.. who dunnit?

Sign In or Register to comment.