Jump to content

Can I get you guys to test my meta search it site might be crashing


Recommended Posts

I was searching through some of the sites in the search form and firefox would keep crashing. So I'm hoping this is a problem on my side. Once you do a search you click the links on the top frame the resulting page loads into an iFrame.

Thanks.

It works normally if you type in a regular word but if you type  "> in the search field it all goes wrong. :P

 

For instance

 

Home | &cat=0" title="search again with btscene">btscene | " title="search again with btjunkie">Btjunkie | " title="search again with EZ-TV">EZ-TV | &select=0&order=0&sort=0&minsize=&maxsize=&search.x=0&search.y=0&search=Search" title="search again with Fenopy">Fenopy | " title="search again with Fulldls">Fulldls | " title="search again with Isohunt">Isohunt | " title="search again with Mininova">Mininova | " title="search again with Bittorrent Monster">Btmon | " title="search again with Sumotorrents">Sumotorrents | " title="search again with The Pirate Bay">The Pirate Bay | " title="search again with Torrentportal">Torrentportal | &submit.x=0&submit.y=0" title="search again with Torrentspy">Torrentspy

and the iFrame is tiny

 

Sam

It works normally if you type in a regular word but if you type  "> in the search field it all goes wrong. :P

 

Sam

 

<a href="results_new.php?site=btscene&q=\">&cat=0" title="search again with btscene">btscene</a> |

 

 

Your right, thats where it screws up. Try mysql_real_escape_String. and

It works normally if you type in a regular word but if you type  "> in the search field it all goes wrong. :P

 

Sam

 

<a href="results_new.php?site=btscene&q=\">&cat=0" title="search again with btscene">btscene</a> |

 

 

Your right, thats where it screws up. Try mysql_real_escape_String. and

I dont use mysql for this form its just php. The php remembers the users input then lets them click the links and that resubmits the same search to another site. If you want me to post the code let me know.

 

but using "> the user can enter other code into the page that could potentially damage the site.

 

You should filter out html from the input.

Trust me. I just found out the same thing about one of my sites..

Oh crap I didnt know that. :o I'll google for some sort of filter so only numbers and letters can be entered in the form.

well a simple filter would be something like this:

htmlentities(stripslashes(trim($val)));

 

The trim just gets rid of any extra whitespace before or after the text. Then stripslashes removes the html tags, but it wont remove it if it starts with a closing tag:

">

so try htmlentities to turn any remaining tags into their html counterparts.

Would you know where  I could put that in my code? Heres the search form code.

<form name="search"  action="results_new.php" method="post">



   <input type="text" name="q" onclick="this.value=''"  value=" Torrent Search"/>


  <select name="site">

    <option>Mininova</option>

  </select>


<input type="image" src="./images/search.gif" name="sub" />



<br />

</form>

And heres the results iFrame code.

<?php

// grab the search query and request site from the url

if($_POST["q"]){
$q = $_POST["q"];
}else{
$q = $_GET['q'];
}

if($_POST['site']){
$site = $_POST["site"];
}else{
$site = $_GET['site'];
}

include('site_switch.php');

// finally create the code for the actual frames. This is simple HTML with the search query and site put into the menubar's url so we can change it later if wanted.

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>

<title>Click Above Links To Try Search Again</title>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

<style>
body{

width:100%;
height:100%;
margin:auto;
font-family:Arial, Helvetica, sans-serif;
}


#menu{
height:25px;
background-color:#666666;
color:#ffffff;
font-size:12px;


font-weight: bold;

margin:auto;
text-align:center;
}

#menu a{
height:25px;
line-height:25px;
outline:none;
display:inline;
color:#ffffff;
text-decoration:none;
padding-left:4px;
padding-right:4px;
}
#menu a:visited{
color:#FFFFCC;
text-decoration:none;
}
#menu a:hover{
color:#000000;
text-decoration:none;
background-color:#FFFF99;
}

</style>

</head>

<body onload="autofitIframe('torrent_window')">


<?php
include('menu.php');
?>

<!-- include the site in an iframe -->
<iframe id="torrent_window" src="<?php echo $url; ?>" scrolling="auto" width="100%" height="1200" marginwidth="0" marginheight="0" frameborder="0" vspace="0" hspace="0"></iframe>


</body>

</html>

Thanks.

if($_POST["q"]){
$q = $_POST["q"];
}else{
$q = $_GET['q'];
}

$q = htmlentities(stripslashes(trim($q)));

 

Although it might also be best to do an extra check in case both POST and GET aren't set..

if(isset($_POST["q"])){
$q = $_POST["q"];
}elseif(isset($_GET['q'])){
$q = $_GET['q'];
}else{
$q = false;
}

$q = htmlentities(stripslashes(trim($q)));

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.