vb.org Archive - View Single Post

MrBeastlymfe · #3 07-20-2012, 03:18 AM

Quote:

Originally Posted by Sarteck

What's your "Paste" template got in it? Chances are that you forgot to add the needed security token.

In whatever <form> you have, be sure to add the tag
<input type="hidden" name="securitytoken" value="{vb:raw bbuserinfo.securitytoken}" />

Some advice, though. Don't access $_POST, $_GET, or $_REQUEST directly. Instead of:

PHP Code:


			
$title = $_POST['name'];

use

PHP Code:


			
$title = $vbulletin->input->clean_gpc('p', 'name', TYPE_STR);

And stuff like that. vBulletin's cleaning functions make it so that you don't have to worry about data being "bad" or of a type you don't want.

Here's the template, so where would I put the security token? Sorry for the trouble.

Code:

$stylevar[htmldoctype]
<html dir="$stylevar[textdirection]" lang="$stylevar[languagecode]">
<head>
$headinclude
<title>$vboptions[bbtitle]</title>
</head>
<body>

$header
$navbar
<!-- Custom Code Start Here -->
<?php
$paste = htmlentities($_POST['paste']);
$sub = $_POST['sub'];
$name = md5($_POST['name']);
$title = $vbulletin->input->clean_gpc('p', 'name', TYPE_STR);
$dir = getcwd();
$rand = rand(1,200);
$save = "$name$rand.html";
$all = "<center>Name of paste:<h3>$title</h3><hr /><br /></center><pre> $paste </pre>";

if(isset($sub)){
	if(!empty($title) && !empty($paste)){
		file_put_contents("$dir/$save", $all , FILE_APPEND);
		echo "<footer>View your paste: <a href=" . $save . ">$title</a></footer>";
		}
	else{
		echo "<script>alert('Please fill in all the fields.');</script>";
		}
}
?>
<html>
<head>
<style type="text/css">
.inputForm
{
-moz-border-radius:5px; 
-webkit-border-radius: 5px; 
-khtml-border-radius: 5px; 
border-radius: 5px;
}
textarea
{
-moz-border-radius:5px; 
-webkit-border-radius: 5px;
-khtml-border-radius: 5px; 
border-radius: 5px; 
}
</style>
</head>
<body>
<body bgcolor="#F5F5F5">
<center>
<form action="" method="post" align="center">
Title of Paste:<input type="text" class="inputForm" name="name">
<br />
<textarea id=text name="paste" rows=30 cols=68 onload="fade()"></textarea>
<br />
<input type="submit" name="sub">
</center>
</form>
<!-- / Custom Code Ends here -->
$footer
</body>
</html>

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.01069 seconds Memory Usage 1,785KB Queries Executed 11 (?)
More Information
Template Usage: (1)SHOWTHREAD_SHOWPOST (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)bbcode_code (2)bbcode_php (1)bbcode_quote (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)post_thanks_box (1)post_thanks_button (1)post_thanks_javascript (1)post_thanks_navbar_search (1)post_thanks_postbit_info (1)postbit (1)postbit_onlinestatus (1)postbit_wrapper (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit reputationlevel showthread	Included Files: ./showpost.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/functions_bigthree.php ./includes/class_postbit.php ./includes/class_bbcode.php ./includes/functions_reputation.php ./includes/functions_post_thanks.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_postinfo_query fetch_postinfo fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete showpost_start bbcode_fetch_tags bbcode_create postbit_factory showpost_post postbit_display_start post_thanks_function_post_thanks_off_start post_thanks_function_post_thanks_off_end post_thanks_function_fetch_thanks_start post_thanks_function_fetch_thanks_end post_thanks_function_thanked_already_start post_thanks_function_thanked_already_end fetch_musername postbit_imicons bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete postbit_display_complete post_thanks_function_can_thank_this_post_start showpost_complete
Messages: