[-_-] Posted December 19, 2007 Share Posted December 19, 2007 I was searching through some of the sites in the search form and firefox would keep crashing. So I'm hoping this is a problem on my side. Once you do a search you click the links on the top frame the resulting page loads into an iFrame. Thanks. Link to comment Share on other sites More sharing options...
phpSensei Posted December 19, 2007 Share Posted December 19, 2007 Okay, what? Link to comment Share on other sites More sharing options...
peranha Posted December 19, 2007 Share Posted December 19, 2007 Exactly what is it you want done, and what site? Link to comment Share on other sites More sharing options...
[-_-] Posted December 19, 2007 Author Share Posted December 19, 2007 Oh ya sorry heres the link. http://www.plentyoftorrents.com Link to comment Share on other sites More sharing options...
[-_-] Posted December 19, 2007 Author Share Posted December 19, 2007 Just for you guys to try making searches on it in firefox and see if it crashes firefox on you. Link to comment Share on other sites More sharing options...
phpSensei Posted December 19, 2007 Share Posted December 19, 2007 Not want to act like a jackass, but aren't these sites against the rules? Link to comment Share on other sites More sharing options...
[-_-] Posted December 19, 2007 Author Share Posted December 19, 2007 Not want to act like a jackass, but aren't these sites against the rules? Nope Ive had help with this site a few times on here. Link to comment Share on other sites More sharing options...
phpSensei Posted December 19, 2007 Share Posted December 19, 2007 [quote author=[] link=topic=172683.msg765917#msg765917 date=1198042199] Just for you guys to try making searches on it in firefox and see if it crashes firefox on you. It works just fine/ Link to comment Share on other sites More sharing options...
peranha Posted December 19, 2007 Share Posted December 19, 2007 Works fine for me as well, with 16 tabs open in firefox 2. Link to comment Share on other sites More sharing options...
helraizer Posted December 19, 2007 Share Posted December 19, 2007 It works normally if you type in a regular word but if you type "> in the search field it all goes wrong. For instance Home | &cat=0" title="search again with btscene">btscene | " title="search again with btjunkie">Btjunkie | " title="search again with EZ-TV">EZ-TV | &select=0&order=0&sort=0&minsize=&maxsize=&search.x=0&search.y=0&search=Search" title="search again with Fenopy">Fenopy | " title="search again with Fulldls">Fulldls | " title="search again with Isohunt">Isohunt | " title="search again with Mininova">Mininova | " title="search again with Bittorrent Monster">Btmon | " title="search again with Sumotorrents">Sumotorrents | " title="search again with The Pirate Bay">The Pirate Bay | " title="search again with Torrentportal">Torrentportal | &submit.x=0&submit.y=0" title="search again with Torrentspy">Torrentspy and the iFrame is tiny Sam Link to comment Share on other sites More sharing options...
phpSensei Posted December 19, 2007 Share Posted December 19, 2007 It works normally if you type in a regular word but if you type "> in the search field it all goes wrong. Sam <a href="results_new.php?site=btscene&q=\">&cat=0" title="search again with btscene">btscene</a> | Your right, thats where it screws up. Try mysql_real_escape_String. and Link to comment Share on other sites More sharing options...
[-_-] Posted December 19, 2007 Author Share Posted December 19, 2007 yeah but nobodys going to type "> in the search form are they? the menu bar on top is supposed to be thin so as not to annoy the user. Like about.com's giant one with ads in it. Link to comment Share on other sites More sharing options...
Dragen Posted December 19, 2007 Share Posted December 19, 2007 but using "> the user can enter other code into the page that could potentially damage the site. You should filter out html from the input. Trust me. I just found out the same thing about one of my sites.. Link to comment Share on other sites More sharing options...
[-_-] Posted December 19, 2007 Author Share Posted December 19, 2007 It works normally if you type in a regular word but if you type "> in the search field it all goes wrong. Sam <a href="results_new.php?site=btscene&q=\">&cat=0" title="search again with btscene">btscene</a> | Your right, thats where it screws up. Try mysql_real_escape_String. and I dont use mysql for this form its just php. The php remembers the users input then lets them click the links and that resubmits the same search to another site. If you want me to post the code let me know. but using "> the user can enter other code into the page that could potentially damage the site. You should filter out html from the input. Trust me. I just found out the same thing about one of my sites.. Oh crap I didnt know that. I'll google for some sort of filter so only numbers and letters can be entered in the form. Link to comment Share on other sites More sharing options...
Dragen Posted December 19, 2007 Share Posted December 19, 2007 well a simple filter would be something like this: htmlentities(stripslashes(trim($val))); The trim just gets rid of any extra whitespace before or after the text. Then stripslashes removes the html tags, but it wont remove it if it starts with a closing tag: "> so try htmlentities to turn any remaining tags into their html counterparts. Link to comment Share on other sites More sharing options...
[-_-] Posted December 19, 2007 Author Share Posted December 19, 2007 Would you know where I could put that in my code? Heres the search form code. <form name="search" action="results_new.php" method="post"> <input type="text" name="q" onclick="this.value=''" value=" Torrent Search"/> <select name="site"> <option>Mininova</option> </select> <input type="image" src="./images/search.gif" name="sub" /> <br /> </form> And heres the results iFrame code. <?php // grab the search query and request site from the url if($_POST["q"]){ $q = $_POST["q"]; }else{ $q = $_GET['q']; } if($_POST['site']){ $site = $_POST["site"]; }else{ $site = $_GET['site']; } include('site_switch.php'); // finally create the code for the actual frames. This is simple HTML with the search query and site put into the menubar's url so we can change it later if wanted. ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>Click Above Links To Try Search Again</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <style> body{ width:100%; height:100%; margin:auto; font-family:Arial, Helvetica, sans-serif; } #menu{ height:25px; background-color:#666666; color:#ffffff; font-size:12px; font-weight: bold; margin:auto; text-align:center; } #menu a{ height:25px; line-height:25px; outline:none; display:inline; color:#ffffff; text-decoration:none; padding-left:4px; padding-right:4px; } #menu a:visited{ color:#FFFFCC; text-decoration:none; } #menu a:hover{ color:#000000; text-decoration:none; background-color:#FFFF99; } </style> </head> <body onload="autofitIframe('torrent_window')"> <?php include('menu.php'); ?> <!-- include the site in an iframe --> <iframe id="torrent_window" src="<?php echo $url; ?>" scrolling="auto" width="100%" height="1200" marginwidth="0" marginheight="0" frameborder="0" vspace="0" hspace="0"></iframe> </body> </html> Thanks. Link to comment Share on other sites More sharing options...
Dragen Posted December 19, 2007 Share Posted December 19, 2007 if($_POST["q"]){ $q = $_POST["q"]; }else{ $q = $_GET['q']; } $q = htmlentities(stripslashes(trim($q))); Although it might also be best to do an extra check in case both POST and GET aren't set.. if(isset($_POST["q"])){ $q = $_POST["q"]; }elseif(isset($_GET['q'])){ $q = $_GET['q']; }else{ $q = false; } $q = htmlentities(stripslashes(trim($q))); Link to comment Share on other sites More sharing options...
[-_-] Posted December 19, 2007 Author Share Posted December 19, 2007 Okay that worked. I tried all kinds of special characters and nothing went buggy on my side. Thanks for the help. Link to comment Share on other sites More sharing options...
Dragen Posted December 19, 2007 Share Posted December 19, 2007 no problem Link to comment Share on other sites More sharing options...
![[-_-]](data:image/svg+xml,%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%20viewBox%3D%220%200%201024%201024%22%20style%3D%22background%3A%2362c4b2%22%3E%3Cg%3E%3Ctext%20text-anchor%3D%22middle%22%20dy%3D%22.35em%22%20x%3D%22512%22%20y%3D%22512%22%20fill%3D%22%23ffffff%22%20font-size%3D%22700%22%20font-family%3D%22-apple-system%2C%20BlinkMacSystemFont%2C%20Roboto%2C%20Helvetica%2C%20Arial%2C%20sans-serif%22%3E%3C%2Ftext%3E%3C%2Fg%3E%3C%2Fsvg%3E)
Recommended Posts