blueman378 Posted April 19, 2008 Share Posted April 19, 2008 hi guys, well im building a small forum jsut because i can, and i was wondering how on phpfreaks can you have it so that people can use html tags, and yet still have the forum secure? how do you stop sql injections, people including frame breakout pages through iframes ect Link to comment https://forums.phpfreaks.com/topic/101818-building-a-forum-as-a-hobby-project/ Share on other sites More sharing options...
Daniel0 Posted April 19, 2008 Share Posted April 19, 2008 We didn't create the forum, so this is just guesses. There is probably a whitelist of HTML tags which are allowed while the remaining are being converted to HTML entities. SQL injections are probably taken care of with a function like mysql_real_escape_string(). The iframes thing would be the same solution as the HTML tags. Link to comment https://forums.phpfreaks.com/topic/101818-building-a-forum-as-a-hobby-project/#findComment-521018 Share on other sites More sharing options...
blueman378 Posted April 19, 2008 Author Share Posted April 19, 2008 ok thanks for that Link to comment https://forums.phpfreaks.com/topic/101818-building-a-forum-as-a-hobby-project/#findComment-521037 Share on other sites More sharing options...
dptr1988 Posted April 20, 2008 Share Posted April 20, 2008 On the forum source codes that I've seen, they will have a white list of tags, and then strip out all of the attributes out of the tag, especially the JavaScript events attributes ( like onmouseover, onmouseout, etc ) and then rebuild the tag with only the allowed attributes and data. PunBB is a lightweight forum program that fast, clean, correct and easy to read/modify the source. If you have questions on how things are usally done in forum software, I would highly reccommend studying the PunBB source code. http://punbb.org/ Link to comment https://forums.phpfreaks.com/topic/101818-building-a-forum-as-a-hobby-project/#findComment-521980 Share on other sites More sharing options...
blueman378 Posted April 30, 2008 Author Share Posted April 30, 2008 time for another question are you able to tell me what the forum uses for its syntax highlighting? Link to comment https://forums.phpfreaks.com/topic/101818-building-a-forum-as-a-hobby-project/#findComment-530097 Share on other sites More sharing options...
neylitalo Posted April 30, 2008 Share Posted April 30, 2008 highlight_string, most likely. Link to comment https://forums.phpfreaks.com/topic/101818-building-a-forum-as-a-hobby-project/#findComment-530103 Share on other sites More sharing options...
blueman378 Posted April 30, 2008 Author Share Posted April 30, 2008 i was looking that up but correct me if im wrong but doesnt that only highlight php? oh right i jsut realized that this forum only highlights php my bad thanks Link to comment https://forums.phpfreaks.com/topic/101818-building-a-forum-as-a-hobby-project/#findComment-530116 Share on other sites More sharing options...
steelmanronald06 Posted May 4, 2008 Share Posted May 4, 2008 You can get it to highlight html as well. I forgot how, atm, but it is possible. Google it Link to comment https://forums.phpfreaks.com/topic/101818-building-a-forum-as-a-hobby-project/#findComment-532966 Share on other sites More sharing options...
trq Posted May 4, 2008 Share Posted May 4, 2008 I've had some success using Geshi in the past. Link to comment https://forums.phpfreaks.com/topic/101818-building-a-forum-as-a-hobby-project/#findComment-533031 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.