ok... ora ci provo, ma non abbandonarmi:-) hi hi
ok... ora ci provo, ma non abbandonarmi:-) hi hi
Si, ma se non ci sarò io ci saranno comunque altre persone ad aiutarti
BiWork Productions. We solve problems.
li ho trovati... per ti devo chiedere di darci un'occhiata
questo è il file show.inc.php: http://www.pasqualemarinelli.com/a/inc/show.inc.php.php
functions.inc.php: http://www.pasqualemarinelli.com/a/i...ctions.inc.php
questo è quello che visualizza le news e i commenti (show_news.php): http://www.pasqualemarinelli.com/a/show_news.php
Non è possibile vedere i file php dall' esterno; pubblica le righe dove hai trovato htmlspecialchars.
BiWork Productions. We solve problems.
questi in show.inc.php
//----------------------------------
// Check if only members can comment
//----------------------------------
if($config_only_registered_comment == "yes" and !$is_member){
echo"<div style=\"text-align: center;\">Solo gli utenti registrati possono essere abilitati ad inviare i commenti, e '".htmlspecialchars($name)."' non è un utente registrato. Per essere abilitati, registrarsi cliccando su 'Registrati', nel menù a sinistra.</div>";
$CN_HALT = TRUE;
break 1;
}
//----------------------------------
// Wrap the long words
//----------------------------------
if($config_auto_wrap > 1){
$comments_arr = explode("\n", $comments);
foreach($comments_arr as $line){
$wraped_comm .= ereg_replace("([^ \/\/]{".$config_auto_wrap."})","\\1\n", $line) ."\n";
}
if(strlen($name) > $config_auto_wrap){ $name = substr($name, 0, $config_auto_wrap)." ..."; }
$comments = $wraped_comm;
}
//----------------------------------
// Do some validation check 4 name, mail..
//----------------------------------
$comments = replace_comment("add", $comments);
$name = replace_comment("add", preg_replace("/\n/", "",$name));
$mail = replace_comment("add", preg_replace("/\n/", "",$mail));
if($name == " " or $name == ""){
echo("<div style=\"text-align: center;\">Inserire il nome
<a href=\"javascript:history.go(-1)\">Tornare indietro</a></div>");
$CN_HALT = TRUE;
break 1;
}
if($mail == " " or $mail == ""){ $mail = "none"; }
else{ $ok = FALSE;
if(preg_match("/^[\.A-z0-9_\-\+]+[@][A-z0-9_\-]+([.][A-z0-9_\-]+)+[A-z]{1,4}$/", $mail)) $ok = TRUE;
elseif($config_allow_url_instead_mail == "yes" and preg_match("/((http(s?):\/\/)|(www\.))([\w\.]+)([\/\w+\.-?]+)/", $mail)) $ok = TRUE;
elseif($config_allow_url_instead_mail != "yes"){
echo("<div style=\"text-align: center;\">Inserire l'e-mail
<a href=\"javascript:history.go(-1)\">Tornare indietro</a></div>");
$CN_HALT = TRUE;
break 1;
}
else{
echo("<div style=\"text-align: center;\">Inserire l'e-mail o l'URL
<a href=\"javascript:history.go(-1)\">Tornare indietro</a></div>");
$CN_HALT = TRUE;
break 1;
}
}
if($comments == ""){
echo("<div style=\"text-align: center;\">Inserire il commento
<a href=\"javascript:history.go(-1)\">Tornare indietro</a></div>");
$CN_HALT = TRUE;
break 1;
}
if (!PhpCaptcha::Validate($_POST['code'])) {
echo("<div style=\"text-align: center;\">Digitare correttamente i caratteri visualizzati nell'immagine.
<a href=\"javascript:history.go(-1)\">Tornare indietro</a></div>");
$CN_HALT = TRUE;
break 1;
}
$time = time()+($config_date_adjust*60);
//----------------------------------
// Add The Comment ... Go Go GO!
//----------------------------------
$old_comments = file("$comm_file");
$new_comments = fopen("$comm_file", "w");
@flock ($new_comments,2);
$found = FALSE;
foreach($old_comments as $old_comments_line)
{
$old_comments_arr = explode("|>|", $old_comments_line);
if($old_comments_arr[0] == $id)
{
$old_comments_arr[1] = trim($old_comments_arr[1]);
fwrite($new_comments, "$old_comments_arr[0]|>|$old_comments_arr[1]$time|$name|$mail|$ip|$comments||\n");
$found = TRUE;
}else{
fwrite($new_comments, $old_comments_line);
//if we do not have the news ID in the comments.txt we are not doing anything (see comment below) (must make sure the news ID is valid)
}
}
if(!$found){
/* // do not add comment if News ID is not found \\ fwrite($new_comments, "$id|>|$time|$name|$mail|$ip|$comments||\n");*/
echo("<div style=\"text-align: center;\">Il tuo commento non è stato inserito correttamente a causa di un problema verificatosi nel database dei commenti.
<a href=\"javascript:history.go(-1)\">Tornare indietro</a></div>");
$CN_HALT = TRUE;
break 1;
}
@flock ($new_comments,3);
fclose($new_comments);
//----------------------------------
// Sign this comment in the Flood Protection
//----------------------------------
if($config_flood_time != "0" and $config_flood_time != "" ){
$flood_file = fopen("$cutepath/data/flood.db.php", "a");
@flock ($flood_file,2);
fwrite($flood_file, time()."|$ip|$id|\n");
@flock ($flood_file,3);
fclose($flood_file);
}
//----------------------------------
// Notify for New Comment ?
//----------------------------------
if($config_notify_comment == "yes" and $config_notify_status == "active"){
send_mail("$config_notify_email", "CuteNews - New Comment Added", "New Comment was added by $name:\n--------------------------$comments");
}
echo "<script type=\"text/javascript\">window.location=\"$PHP_SELF?subaction =showfull&id=$id&ucat=$ucat&archive=$archive&start _from=$start_from&$user_query\";</script>";
}
//################################################## ################################################## ################
// Show Full Story
//################################################## ################################################## ################
if($allow_full_story){
if(!file_exists($news_file)){ die("Error!
news file does not exists!"); }
$all_active_news = file("$news_file");
foreach($all_active_news as $active_news)
{
$news_arr = explode("|", $active_news);
if($news_arr[0] == $id and (!$catid or $catid == $news_arr[6]))
{
$found = TRUE;
if($news_arr[4] == "" and (!eregi("\{short-story\}", $template_full)) ){ $news_arr[4] = $news_arr[3]; }
if($my_names[$news_arr[1]]){ $my_author = $my_names[$news_arr[1]]; }
else{ $my_author = $news_arr[1]; }
$output = str_replace("{title}", $news_arr[2], $template_full);
$output = str_replace("{date}", date($config_timestamp_active, $news_arr[0]), $output);
$output = str_replace("{author}", $my_author, $output);
$output = str_replace("{short-story}", $news_arr[3], $output);
$output = str_replace("{full-story}", $news_arr[4], $output);
if($news_arr[5] != ""){$output = str_replace("{avatar}", "<img alt=\"\" src=\"$news_arr[5]\" style=\"border: none;\" />", $output); }
else{ $output = str_replace("{avatar}", "", $output); }
$output = str_replace("{avatar-url}", "$news_arr[5]", $output);
$output = str_replace("{comments-num}", countComments($news_arr[0], $archive), $output);
$output = str_replace("{category}", catid2name($news_arr[6]), $output);
$output = str_replace("{category-id}", $news_arr[6], $output);
if($cat_icon[$news_arr[6]] != ""){ $output = str_replace("{category-icon}", "<img style=\"border: none;\" alt=\"".$cat[$news_arr[6]]." icon\" src=\"".$cat_icon[$news_arr[6]]."\" />", $output); }
else{ $output = str_replace("{category-icon}", "", $output); }
if($config_comments_popup == "yes"){
$output = str_replace("[com-link]","<a href=\"#\" onclick=\"window.open('$config_http_script_dir/show_news.php?subaction=showcomments&template= $template&id=$news_arr[0]&archive=$archive&start_from=$my_start_fro m&ucat=$news_arr[6]', '_News', '$config_comments_popup_string');return false;\">", $output);
}else{
$output = str_replace("[com-link]","<a href=\"$PHP_SELF?subaction=showcomments&id=$ne ws_arr[0]&archive=$archive&start_from=$my_start_fro m&ucat=$news_arr[6]&$user_query\">", $output);
}
$output = str_replace("[/com-link]","</a>", $output);
$output = str_replace("{author-name}", $name_to_nick[$news_arr[1]], $output);
if($my_mails[$news_arr[1]] != ""){
$output = str_replace("[mail]","<a href=\"mailto:".$my_mails[$news_arr[1]]."\">", $output);
$output = str_replace("[/mail]","</a>", $output);
}else{
$output = str_replace("[mail]","", $output);
$output = str_replace("[/mail]","", $output);
}
$output = str_replace("{news-id}", $news_arr[0], $output);
$output = str_replace("{archive-id}", $archive, $output);
$output = str_replace("{php-self}", $PHP_SELF, $output);
$output = str_replace("{cute-http-path}", $config_http_script_dir, $output);
$output = replace_news("show", $output);
echo $output;
}
}
if(!$found){
//
// Article ID was not found, if we have not specified an archive -> try to find the article in some archive.
//
// Auto-Find ID In archives
//----------------------------------------------------------------------
if(!$archive or $archive == ''){
//get all archives. (if any) and fit our lost id in the most propper archive.
$lost_id = $id;
$all_archives = FALSE;
$hope_archive = FALSE;
if(!$handle = opendir("$cutepath/data/archives")){ echo(" "); }
while (false !== ($file = readdir($handle)))
{
if($file != "." and $file != ".." and !is_dir("./data/archives/$file") and eregi("news.arch", $file))
{
$file_arr = explode(".", $file);
$all_archives[] = $file_arr[0];
}
}
closedir($handle);
if($all_archives){
sort($all_archives);
if(isset($all_archives[1])){
foreach($all_archives as $this_archive){
if($this_archive > $lost_id){ $hope_archive = $this_archive; break;}
}
}else{
if($all_archives[0] > $lost_id){ $hope_archive = $all_archives[0]; break;}
}
}
}
if($hope_archive){
echo"
<center>You are now being redirected to the article in our archives
if the redirection fails, please <a href=\"$PHP_SELF?start_from=$start_from&ucat=$ucat &subaction=$subaction&id=$id&archive=$hope_archive &$user_query\">click here</a></center>
<SCRIPT LANGUAGE=\"JavaScript\">
<!-- Lets hope the archive id is correct.
window.location=\"$PHP_SELF?start_from=$start_from &ucat=$ucat&subaction=$subaction&id=$id&archive=$h ope_archive&$user_query\";
// -->
</script>";
}else{
echo("<div style=\"text-align: center;\">Can not find an article with id: ". @(int) htmlspecialchars($id)."</div>");
}
[B]Questi in
questi in show_news.php (file che mi fa visualizzare le news)
//----------------------------------
nota le righe del file functions.inc.php
Sostituisci semplicemente htmlspecialchars con htmlentities; funzionerà bene. Modifica i tuoi precedenti posts, altrimenti rende la discussione illeggibile oltre a rendere il tuo sito più hackerabile (non si sa mai chi possa passare per un forum tanto grande)...
BiWork Productions. We solve problems.
non ha risolto nulla.... mannaggia e ora?
Permessi di invio
Rispondi quotando