Preventing page stretching by long strings

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Cut
Forum Commoner
Posts: 39
Joined: Sat Aug 23, 2008 8:01 pm

Preventing page stretching by long strings

Post by Cut »

I've scrapped something together to make sure none of the strings in my users' input are longer than 66 characters. However, I want to make exceptions for BBcode: thiscanstillbe62charactersevenwithoutspaceafterthetag. Right now, I check if the string begins with [url=, and if it does, explode it at ] and count the characters after that:

Code: Select all

 
 $nostretch = explode(" ", $_POST['stuff']);
 foreach($nostretch as $word) {
  if(strlen($word) > 66) {
   if(strpos($word, '[url=') === 0) {
    $word2 = explode(']', $word);
    if (strlen($word[1]) > 70) {
    error("Your post contained a string that exceeded the maximum allowed number of characters. Please avoid stretching the page.");
    }
   }
   else {
    error("Your post contained a string that exceeded the maximum allowed number of characters. Please avoid stretching the page.");
   }
  }
 }
 
Clearly, this can be exploited. (e.g., [url=reallylongstringwithnoclose). Edit: Actually, that wouldn't work, cuz now I make sure strpos(]) is true, but there's other vulnerabilites I'm sure.

Any suggestions for a better method?
marcth
Forum Contributor
Posts: 142
Joined: Mon Aug 25, 2008 8:16 am

Re: Preventing page stretching by long strings

Post by marcth »

Use the wordwrap and str_word_count functions.
Cut
Forum Commoner
Posts: 39
Joined: Sat Aug 23, 2008 8:01 pm

Re: Preventing page stretching by long strings

Post by Cut »

marcth wrote:Use the wordwrap and str_word_count functions.
Thanks, but I don't want to wrap the text at a certain number of characters. That's a lot like using absolute widths. I also wouldn't want to randomly break someone's string in half with a linebreak without warning them first.
marcth
Forum Contributor
Posts: 142
Joined: Mon Aug 25, 2008 8:16 am

Re: Preventing page stretching by long strings

Post by marcth »

I thought you didn't want your strings to be more than 66 characters? That's pretty absolute isn't it? If you're looking for a more fluid approach, I don't reckon PHP can help you. Best do it via CSS.
Cut
Forum Commoner
Posts: 39
Joined: Sat Aug 23, 2008 8:01 pm

Re: Preventing page stretching by long strings

Post by Cut »

marcth wrote:I thought you didn't want your strings to be more than 66 characters? That's pretty absolute isn't it? If you're looking for a more fluid approach, I don't reckon PHP can help you. Best do it via CSS.
I don't want strings that do not contain spaces to be longer than 66 characters. That's as far as I'm willing to go with absolutes.

Also, I just discovered another problem with my code: it explodes by spaces, so if words are seperated by a newline, they're treated as a single string in the array. Solution?

(I'm hiding overflow with css, too, but that's ugly.)
marcth
Forum Contributor
Posts: 142
Joined: Mon Aug 25, 2008 8:16 am

Re: Preventing page stretching by long strings

Post by marcth »

I post this string without spaces:
"TestingAVeryLongWord ThatProbablyDo esNotExistsJustFor <span style='color:blue' title='I&#39;m naughty, are you naughty?'>smurf</span> ndGigglesToSeeIf DevNetwo rkNetAddressesTheIssue." and DevNetwork Posts:

<span style='color:blue' title='I&#39;m naughty, are you naughty?'>smurf</span>.
User avatar
Sindarin
Forum Regular
Posts: 521
Joined: Tue Sep 25, 2007 8:36 am
Location: Greece

Re: Preventing page stretching by long strings

Post by Sindarin »

I have some minor problems with my cms as well. Because I use tiny mce, the summary function also counts the html inside the output sometimes making little text appear as a preview. Problem is when the user overflows horizontally the textbox with text, it would stretch the table. Now I use a div and have overflow-x hidden. This will make the user, re-enter properly the text, I even think of setting a vertical line as the textarea background so the user knows how far he can write (like in Borland Delphi).
Post Reply