having troubles with strpos

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
psychotomus
Forum Contributor
Posts: 487
Joined: Fri Jul 11, 2003 1:59 am

having troubles with strpos

Post by psychotomus »

whether I enter the php tags or not. it always says we found some php in your css file.

also while we on this topic, what other exploits should I try to stop when allowing people to edit css files?

Code: Select all

    //vars
    $css = strip_tags($_POST['textCSS']);
    $phpcheck1 = strpos($css, "<?");
    $phpcheck2 = strpos(strtolower($css), "<?php");
    
 
    if(($phpcheck1 === true) || ($phpcheck2 === true))
    {
        $msg = "Belive we found some php in your css file. if this is a mistake. Contact an Admin...";
    }
    else
    {
        $fp = fopen("../templates/default/styles/$game_name.css", 'w');
        fwrite($fp, $css);
        fclose($fp);
        
        $msg = "CSS Successfully edited...";
    }
User avatar
requinix
Spammer :|
Posts: 6617
Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA

Re: having troubles with strpos

Post by requinix »

1. strip_tags always removes PHP tags.
2. strpos never returns true.
There is no way you got that message.

3. There are no "exploits" for pure CSS. There's nothing to protect against besides poor design.
(Unless you do something silly like try to run the CSS through a PHP parser...)
psychotomus
Forum Contributor
Posts: 487
Joined: Fri Jul 11, 2003 1:59 am

Re: having troubles with strpos

Post by psychotomus »

I'm creating a php game maker where I am allowing people to fully edit the css of the site for there game only. So I don't want no malicous stuff inserted.
Post Reply