SafeHTMLCheck Issue
Posted: Fri Nov 02, 2007 6:00 pm
feyd | Please use
The posted variable profile is just a simple textarea.
Thanks for any help you can offer!
feyd | Please use
Code: Select all
,Code: Select all
and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
Hi everybody,
I'm trying to implement some safe-HTML validation using Sam Willison's safehtmlcheck.php. I've used it to check the safety of another, basically identical form on two other pages, the exact same way I'm trying to do it here, and it worked. But for some reason it doesn't work in this code; it allows tags like object and script whereas the other pages won't. I need another set of eyes to help me find the issue!
Here's my code (This editor knocked it out of alignment a bit):Code: Select all
if ($_SESSION['loggedinuser_userid'] == $_GET['user'])
{
if($_POST['profile']){
$userid = $_GET['user'];
$profileContent = $_POST['profile'];
$checker = new SafeHtmlChecker;
$checker->check('<all>'.$profileContent.'</all>');
if (!$checker->isOK()) {
$content .= '<ul>';
foreach ($checker->getErrors() as $error) {
$content .= '<li>'.$error.'</li>';
}
$content .= '</ul>';
}
else{
$cleanProfileContent = $profileContent;
}
if($cleanProfileContent){
$sql = "UPDATE users SET profile='".$cleanProfileContent."' WHERE userid=".$userid;
if($result = mysql_query($sql,$conn)){
$content = "Profile updated.";
}
else {
$content = "Profile edit failed.";
}
}
else{
$content = "Your profile contained illegal tags. Please try again, using only approved tags.";
}
}
}Thanks for any help you can offer!
feyd | Please use
Code: Select all
,Code: Select all
and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]