[JS] impedire inserimento html in textarea

**mikk** · 21-03-2006, 16:41

Originariamente inviato da cavicchiandrea
Posta un link alla pagina (qualora sia on-line) oppure inserisci il codice (sorgente) html di tutta la pagina.

ciao Andrea!
ecco il codice sorgente! (non spaventarti, è un guestbook

)

---------------------------------------------------------------
<?php
/* gbook v2.0 2002-2003 www.blice.de Norbert Krueger
this script is free !
The only thing I`d like you to do, is to set a Link to
my homepage www.blice.de
*/

include('conf.php');

function admined($id) // this is the Admin Page to Kill or Edit the Entries
{
global $datei;
$lines=explode("°°",implode("",file($datei)));
$felder=explode("°",$lines[$id]);
$felder[5]=str_replace("
", "",$felder[5]);
echo('
<html><head><link rel=stylesheet type="text/css" href="stile.css">
<title>Gbook Admin Page</title>
</head>
<body><center>
<form action="bbuch.php?action=change&id='.$id.'" method="post">

<table border="0" bgcolor="#cccccc"><tr><td align="center"colspan="2" >Admin Site</td></tr>
<tr><td align="right">Nick <input type="text" name="nick" value="'.$felder[0].'"></td>
<td align="left"><input type="text" name="email" value="'.$felder[1].'"> E-Mail</td></tr>
<tr><td align="left" colspan="2"><input type="text" name="homepage" value="'.$felder[2].'"> HomePage</td></tr>
<tr><td align="right">Date <input type="text" name="datum" value="'.$felder[3].'"></td>
<td align="left"><input type="text" name="zeit" value="'.$felder[4].'"> Time</td></tr>
<tr><td colspan="2"><textarea name="text" cols="60" rows="8">'.$felder[5].'</textarea></td></tr>

<tr><td align="right">Change Entry <input type="radio" name="delete" value="n" CHECKED></td>
<td align="left"><input type="radio" name="delete" value="y"> Kill Entry</td></tr>

<tr><td align="right">AdminPass <input type="text" name="passok"></td>
<td align="left"><input type="submit" name="go" value="- Apply -"></td></tr>
</table>
</form>
</body></html>
');

}
// update the Changed/Killed Entry
function changed($id,$nick,$email,$homepage,$datum,$zeit,$t ext,$delete,$passok)
{
global $superuser,$datei;
if ($passok!=$superuser) die ('password errata!');
switch($delete)
{
case 'n':
if (strpos('°',$nick.$email.$icq.$homepage.$datum.$te xt)) die ('Do not use the SpecialChar ° !');
$lines=explode('°°',implode('',file($datei)));
$text=str_replace('\n','
\n',$text);
$text=stripslashes($text);
$lines[$id]=$nick.'°'.$email.'°'.$homepage.'°'.$datum.'°'.$ze it.'°'.$text;
$txtfile=implode('°°',$lines);
$dudat=fopen($datei,'w');
fputs($dudat,$txtfile);
fclose($dudat);
echo 'Messaggio n. '.$id.' modificato con successo!
Chiudi Finestra';
break;
case'y':
$lines=explode('°°',implode('',file($datei)));
unset($lines[$id]);
$txtfile=implode('°°',$lines);
$dudat=fopen($datei,'w');
fputs($dudat,$txtfile);
fclose($dudat);
echo 'Messagio n. '.$id.' cancellato con successo!!
Chiudi Finestra';
break;
}//endswitch
}//endfunct

// Textfilters
function iconreplace($text)
{ //make Icons
for ($iconnum=1;$iconnum<=56;$iconnum++) {
$ecode='[E'.$iconnum.']';
$recode='[img]icons/icon'.$iconnum.'.gif[/img]';
$text=str_replace($ecode,$recode,$text);
}
$text.=" ";
return $text;
}//endfunc
function zensurreplace($text)
{ // Bad Word Filter
global $zensur;
$text=eregi_replace("vaffanculo","<i class=\"censura\">censura[/i]",$text);
$text=eregi_replace("cunt","<i class=\"censura\">censored[/i]",$text);
$text=eregi_replace("shit","<i class=\"censura\">censored[/i]",$text);
$text=eregi_replace("fuck","<i class=\"censura\">censored[/i]",$text);
$text=eregi_replace("merda","<i class=\"censura\">censura[/i]",$text);
$text=eregi_replace("stronzo","<i class=\"censura\">censura[/i]",$text);
return $text;
} //endfunc
function bbcreplace($text)
{ // Replace HTML-Codes
$text=eregi_replace('\[b\]([^\[]+)\[/b\]','\\1',$text);
$text=eregi_replace('\[i\]([^\[]+)\[/i\]','\\1',$text);
$text=eregi_replace('\[img\]([^\[]+)\[/img\]',"<img src=\"\\1\" border=0 >",$text);
$text=eregi_replace('\[mail\]([^\[]+)\[/mail\]',"<a href=\"mailto:\\1 \"> \\1 </a>",$text);
return $text;
}//endfunc

// check & save the new entry
function bbenter($nick,$email,$homepage,$text)
{
global $datei,$ubb,$html,$error;
$lines=implode('',file($datei));
if (strpos('°°',$nick.$email.$homepage.$text)) echo ($error[char].$error[back]);
//if ($nick=='' || $email=='') echo ($error[mail].$error[back]);
$date=getdate(time());
if ($html=='0') {
$nick=htmlentities($nick);
$email=htmlentities($email);
$homepage=htmlentities($homepage);
$text=htmlentities($text);
}
$text=str_replace("\n","
\n",$text);
$text=zensurreplace($text);
if ($ubb=='1') $text=bbcreplace($text);

$datum= $date[mday].'.'.$date[mon].'.'.$date[year];
$zeit= $date[hours].':'.$date[minutes].':'.$date[seconds];

$lines=$nick.'°'.$email.'°'.$homepage.'°'.$datum.' °'.$zeit.'°'.$text.'°°'.$lines;
$dudat=fopen($datei,'w');
fputs($dudat,$lines);
fclose($dudat);

$action='';
$start='0';
bbshow($start);
/*+++++++++++QUI PARTE LA MAIL ALL'ADMIN CHE NOTIFICA LA PRESENZA DI UN NUOVO MESSAGGIO NEL GUESTBOOK+++++++++++*/
/* destinatari */
$destinatari = "federico@federicolodi.com" . ", " ; // notare la virgola
$destinatari .= "michele.lodi@email.it";

/* oggetto */
$oggetto = "Presente nuovo messaggio nel GuestBook!!";

/* messaggio */
$messaggio = "<font size=\"2\" face=\"Verdana\">da: ".$nick."

";
$messaggio .= "email: ".$email."

";
$messaggio .= "testo: ".$text."</\/font>";
$messaggio = stripslashes ($messaggio);
/* Per inviare email in formato HTML, si deve impostare l'intestazione Content-type. */
$intestazioni = "MIME-Version: 1.0\r\n";
$intestazioni .= "Content-type: text/html; charset=iso-8859-1\r\n";
$intestazioni .= "From: PARCO CAPELLO <fodi@parcocapello.com>\r\n";

/* ed infine l'invio */
mail($destinatari, $oggetto, $messaggio, $intestazioni);
}

function shownew()
{echo('
<html><head><link rel=stylesheet type="text/css" href="blice.css">
<title>Gbook powered by www.blice.de</title>
<script language="JavaScript">

</script>
<form name="posting" action="gb.php" method="post" onSubmit="return controllo()">
<table width="95%" align="center" border="0" cellpadding="0" cellspacing="0">
<tr>
<td><table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td class="testo">Nome </td>
</tr>
<tr>
<td><input type="text" name="nick" class="inputText"></td>
</tr>
<tr>
<td class="testo">

Email</td>
</tr>
<tr>
<td><input type="text" name="email" class="inputText"></td>
</tr>
<tr>
<td class="testo">

Web Site</td>
</tr>
<tr>
<td><input type="text" name="homepage" class="inputText" value="http://"></td>
</tr>
<tr>
<td class="testo">

Emoticons</td>
</tr>
<tr>
<td ><span class="emoticonsbox">'); for ($iconnum=1;$iconnum<=42;$iconnum++)
{ echo('[img]icons/icon'.$iconnum.'.gif[/img]
'); } echo(' </span></td>
</tr>
<tr>
<td class="testo">

Commenti</td>
</tr>
<tr>
<td><textarea name="text" cols="40" rows="10" class="inputTextArea" onkeypress="return htmlno()"></textarea></td>
</tr>
<tr>
<td>

<SCRIPT LANGUAGE="JavaScript">
function htmlno(){
modulo=document.posting.text;
if(modulo.value.lastIndexOf("<")==-1){
alert("Attenzione < carattere non ammesso");
modulo.focus();
return false;
}else if(modulo.value.lastIndexOf(">")==-1){
alert("Attenzione > carattere non ammesso");
modulo.focus();
return false;
}
}

function controllo()
{
if (document.forms["posting"]["nick"].value=="")
{
alert("il campo NOME è obbligatorio!");
document.posting.nick.focus();
return false;
}

if (document.forms["posting"]["email"].value=="")
{
alert("il campo EMAIL è obbligatorio!");
document.posting.email.focus();
return false;
}

if (document.forms["posting"]["homepage"].value=="")
{
alert("non cancellare http:// grazie!");
document.posting.homepage.value="http://";
return false;
}

if (document.forms["posting"]["text"].value=="")
{
alert("il campo COMMENTI è obbligatorio!");
document.posting.text.focus();
return false;
}

var campo=document.forms["posting"]["text"];
if (campo.match("<"))
{
alert("cat gnes mela checher!!!");
document.posting.text.focus();
return false;
}

return true;
}
</SCRIPT>
<input name="go" type="submit" class="button" value=" invia ">
<input name="go2" type="reset" class="button" value=" cancella "></td>
</tr>
</table></td>
</tr>
</table>
<input type="hidden" name="action" value="benter">

</form>

');
}

function bbshow($start)
{
global $mperpage,$datei;
$ende=$start+$mperpage;
$more=$ende+1;

$lines=explode('°°',implode('',file($datei)));
$optout=$tabelle[0];
echo('
<table width="95%" align="center" border="0" cellpadding="0" cellspacing="12">
<tr><td align="center">Lascia un messaggio nel guestbook! - Write a message!</td></tr>');

for ($i=$start; $lines[$i]!='' && $i<=$ende; $i++)
{
$felder=explode('°',$lines[$i]);
$text=$text=iconreplace($felder[5]);

echo('<tr><td>
<table width="95%" align="center" border="0" cellpadding="2" cellspacing="0">
<tr>
<td align="left" class="newsGUESTtitle">

[img]icons/home.gif[/img]
<font class="nodisplay">*</font><b class="testo">'.$felder[0].'[/b]</td>
<td align="right" class="newsGUESTtitle"><span class="headerGUEST">'.$felder[3].' | '.$felder[4].' </span></td>
</tr>
<tr><td class="tdGUEST" colspan="2">'.stripslashes($text).'</td></tr>
</table>
</td></tr>');
}

echo('<tr><td align="center" class="testo">');
if ($start=='0') echo('successiva');
else
{
$newstart=$start-$maxpage-1;
echo('successiva');
}
echo(' | top | ');
if ($lines[$more]=='') echo('precedente');
else echo('precedente');

echo('</td></tr></table>');
}

switch ($action)
{
case 'admin':
admined($id);
break;
case 'change':
changed($id,$nick,$email,$homepage,$datum,$zeit,$t ext,$delete,$passok);
break;
case 'benter':
bbenter($nick,$email,$homepage,$text);
break;
case 'enter':
shownew();
break;

default:
if (!$start) $start='0';
bbshow($start);
}

?>

Discussione: [JS] impedire inserimento html in textarea

Strumenti discussione

Ricerca discussione

Visualizza

Visualizzazione discussione

Permessi di invio