having troubles with strpos
Posted: Tue Jan 12, 2010 5:53 pm
whether I enter the php tags or not. it always says we found some php in your css file.
also while we on this topic, what other exploits should I try to stop when allowing people to edit css files?
also while we on this topic, what other exploits should I try to stop when allowing people to edit css files?
Code: Select all
//vars
$css = strip_tags($_POST['textCSS']);
$phpcheck1 = strpos($css, "<?");
$phpcheck2 = strpos(strtolower($css), "<?php");
if(($phpcheck1 === true) || ($phpcheck2 === true))
{
$msg = "Belive we found some php in your css file. if this is a mistake. Contact an Admin...";
}
else
{
$fp = fopen("../templates/default/styles/$game_name.css", 'w');
fwrite($fp, $css);
fclose($fp);
$msg = "CSS Successfully edited...";
}