Here is a question that is relevant to the thread:
Does the bbcode parser remove unwanted text, like if someone were to try submitting sql code? If not, what function removes code such as that? Is it simply addslashes?
I have an app that gets user text and stores it in the database, and I would like to be cautious and remove any possible threats to the system. I had put it in this thread but I have not had a response yet ... any help would be appreciated.
Hi, Andreas or someone else maybe? I just finished porting a plugin which was very vital to my site after 3 days. I didnt know any php or sql before doing this so thats what took me so long. It took a whole lot of trial and error.
Basically the plugin Im using is PluhNews. I've converted it to work with Vbulletin 3.5, as its been broken ever since 3.0 came out. Anyway, I've now run into a slight snag. I dont know jack squat about parsing VB code. The way this plugin works is, it rips posts from a specified forum and displays them on a non forum page. Essentially a news ripper.
So as you can see here - http://www.thehorrorisalive.com none of the VB code is being parsed, and rightfully so because I have NO idea how to impliment your code here. Right now Im using the following code to display the posts content
PHP Code:
while ($row = mysql_fetch_array($sql_result2)) {
$pagetext = $row["pagetext"];
So wherever I want the post to be put, I put $pagetext.
Im assuming I need to somehow bind your command to run after pagetext, but being a newbie to php and sql I have no clue on how to do that and every attempt has ended in failure. This is probably a really simple request, and Id appreciate it if anyone who could answer it helps me out. As soon as its done Ill release the upgraded hack, since a lot of people still would like to use PluhNews.
Besides that I have a small infinite loop whenver I try to include global.php, which Im still hunting for. So any help is greatly appreciated.
(you can change the do_parse()'s arguments depending on what you want to parse, if you use it as I posted it now, HTML wouldn't be parsed, and smilies, BB code and the img BB code would be parsed)
I didn't understand your problem including global.php, though since it's a plugin and not an entirely new .php file, global.php should have already been included/requested.
Aesma, thank you very much! That solves my problem with my QUOTE tags not being translated to html! However I still have a serious error somewhere. You can see the page here
EDIT: FIXED!! WOO HOO!!!!
Is there any way to define the HTML the parser will output to something else than the forum is using? For instance, to remove the "target="_blank"" from [url]'s and change the HTML that [QUOTE] is producing?
After it goes through the bbcode parser it should be <a href="link" target="_blank">text</a> instead of text. So you should be able to do a str replace to remove it.
06-07-2005, 10:00 PM
03-27-2006, 01:42 PM
