Untitled

<?php

function strip_javascript($filter){

    // realign javascript href to onclick
    $filter = preg_replace("/href=(['\"]).*?javascript:(.*)? \\1/i", "onclick=' $2 '", $filter);

    //remove javascript from tags
    while( preg_match("/<(.*)?javascript.*?\(.*?((?>[^()]+) |(?R)).*?\)?\)(.*)?>/i", $filter))
        $filter = preg_replace("/<(.*)?javascript.*?\(.*?((?> [^()]+)|(?R)).*?\)?\)(.*)?>/i", "<$1$3$4$5>", $filter);

    // dump expressions from contibuted content
    if(0) $filter = preg_replace("/:expression\(.*?((?>[^(.*?)]+)|(?R)).*?\)\)/i", "", $filter);

    while( preg_match("/<(.*)?:expr.*?\(.*?((?>[^()]+)|(?R)).*?\)?\)(.*)?>/i", $filter))
        $filter = preg_replace("/<(.*)?:expr.*?\(.*?((?>[^()]+)|(?R)).*?\)?\)(.*)?>/i", "<$1$3$4$5>", $filter);

    // remove all on* events
    while( preg_match("/<(.*)?\s?on.+?=?\s?.+?(['\"]).*?\\2\s?(.*)?>/i", $filter) )
       $filter = preg_replace("/<(.*)?\s?on.+?=?\s?.+?(['\"]).*?\\2\s?(.*)?>/i", "<$1$3>", $filter);

    return $filter;
}

$errors = array();
if (isset($_POST['new_message'])) {

    $date = date("dhis");
    $postdate = date('m-d-Y');

    $topic = $_POST['topic'];
    $topic = strip_tags($topic);
    $topic = trim($topic);
    $topic = str_replace('&nbsp;',"",$topic);

    $message = $_POST['message'];
    $message = strip_tags($message,"<pre>");
    $message = nl2br($message);
    $message = trim($message);
    $message = strip_javascript($message);

    if($topic == ''){
    $errors[] = '<b><font color=darkred>- Topic is blank.</font></b>';
    }
    if($message == ''){
    $errors[] = '<b><font color=darkred>- Message is blank.</font></b>';
    }

    if(count($errors) == 0){

$new_file = <<< EOF
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
<title>$topic</title>
<meta name="robots" content="index, follow" />
<link rel="stylesheet" type="text/css"  href="main.css" />
</head>
<body>

<div id="mainbox">

    <div id="forum">

        <div class="bigtext-forum">&rsaquo; community pages</div>

        <p class="topic"><font color=darkred>TOPIC:</font> "$topic"</strong></p>
        <div id="forum-message">$message</div>

        <div id="note">NOTE: Topic creators are anonymous. Only replies below require identification.</div>

        <!-- POST YOUR DISQUS CODE HERE -->

    </div>
</div>
</body>
</html>
EOF;

        // Create New Topic Page
        $filename = "$date.php";
        $fh = fopen($filename, 'w') or die("can't open file");
        fwrite($fh, $new_file);
        fclose($fh);

        // Add new page entry to topics.txt
        $stringData = "<tr><td width='80px'><small><em>$postdate</em></small></td><td><a href='$date.php'><b>$topic</b></a></td></tr>\n\n";
        $file = 'topics.txt';
        $oldContents = file_get_contents($file);
        $fr = fopen($file, 'w') or die("can't open file");
        fwrite($fr, $stringData);
        fwrite($fr, $oldContents);
        fclose($fr);

        // Forward user to new topic page
        header('Location: '.$filename);
        die;

    }

}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
<title>ZenForum</title>
<meta name="robots" content="index, follow" />
<link rel="stylesheet" type="text/css"  href="main.css" />
</head>
<body>

<div id="mainbox">

    <div id="forum">

        <div class="bigtext-forum">&rsaquo; community pages</div>

        <p class="small"><b>Use this page to post a new community topic.</b></p>
        <p class="small">&rsaquo; With the exception of "pre" code tags, HTML is not allowed in the topic or subject.</p>
        <p class="small">&rsaquo; Any malicious activity will result in a permanent ban of your IP and account.</p><br />

        <div class="check_main">
        <?php
        if(count(@$errors) > 0){
            foreach($errors as $e){
                echo $e."<br /><br />";
            }
        }
        ?>
        </div>

        <form action="" method="post">
        <fieldset>
        <table><tbody>
        <tr>
            <td style="border-bottom: 0px;">
                <label for="topic"><b>Topic:</b> </label>
            </td>
            <td style="border-bottom: 0px;">
                <input type="text" size="65" name="topic" maxlength="64" value="<?php if(@$topic){echo $topic;} ?>">
            </td>
        </tr>
        <tr>
            <td style="border-bottom: 0px;">
                <label for="message"><b>Message:</b> </label>
            </td>
            <td style="border-bottom: 0px;">
                <textarea name="message" rows="9" cols="50" maxlength="5000"><?php if(@$message){echo $message;} ?></textarea>
            </td>
        </tr>
        <tr>
            <td style="border-bottom: 0px;">
            </td>
            <td style="border-bottom: 0px; text-align: left">
                <input type="submit" name="new_message" value="Post New Topic &raquo; ">
            </td>
        </tr>
        </tbody></table>
        </fieldset>
        </form>

    </div>
</div>
</body>
</html>