Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- function strip_javascript($filter){
- // realign javascript href to onclick
- $filter = preg_replace("/href=(['\"]).*?javascript:(.*)? \\1/i", "onclick=' $2 '", $filter);
- //remove javascript from tags
- while( preg_match("/<(.*)?javascript.*?\(.*?((?>[^()]+) |(?R)).*?\)?\)(.*)?>/i", $filter))
- $filter = preg_replace("/<(.*)?javascript.*?\(.*?((?> [^()]+)|(?R)).*?\)?\)(.*)?>/i", "<$1$3$4$5>", $filter);
- // dump expressions from contibuted content
- if(0) $filter = preg_replace("/:expression\(.*?((?>[^(.*?)]+)|(?R)).*?\)\)/i", "", $filter);
- while( preg_match("/<(.*)?:expr.*?\(.*?((?>[^()]+)|(?R)).*?\)?\)(.*)?>/i", $filter))
- $filter = preg_replace("/<(.*)?:expr.*?\(.*?((?>[^()]+)|(?R)).*?\)?\)(.*)?>/i", "<$1$3$4$5>", $filter);
- // remove all on* events
- while( preg_match("/<(.*)?\s?on.+?=?\s?.+?(['\"]).*?\\2\s?(.*)?>/i", $filter) )
- $filter = preg_replace("/<(.*)?\s?on.+?=?\s?.+?(['\"]).*?\\2\s?(.*)?>/i", "<$1$3>", $filter);
- return $filter;
- }
- $errors = array();
- if (isset($_POST['new_message'])) {
- $date = date("dhis");
- $postdate = date('m-d-Y');
- $topic = $_POST['topic'];
- $topic = strip_tags($topic);
- $topic = trim($topic);
- $topic = str_replace(' ',"",$topic);
- $message = $_POST['message'];
- $message = strip_tags($message,"<pre>");
- $message = nl2br($message);
- $message = trim($message);
- $message = strip_javascript($message);
- if($topic == ''){
- $errors[] = '<b><font color=darkred>- Topic is blank.</font></b>';
- }
- if($message == ''){
- $errors[] = '<b><font color=darkred>- Message is blank.</font></b>';
- }
- if(count($errors) == 0){
- $new_file = <<< EOF
- <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
- <html xmlns="http://www.w3.org/1999/xhtml" dir="ltr">
- <head>
- <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
- <title>$topic</title>
- <meta name="robots" content="index, follow" />
- <link rel="stylesheet" type="text/css" href="main.css" />
- </head>
- <body>
- <div id="mainbox">
- <div id="forum">
- <div class="bigtext-forum">› community pages</div>
- <p class="topic"><font color=darkred>TOPIC:</font> "$topic"</strong></p>
- <div id="forum-message">$message</div>
- <div id="note">NOTE: Topic creators are anonymous. Only replies below require identification.</div>
- <!-- POST YOUR DISQUS CODE HERE -->
- </div>
- </div>
- </body>
- </html>
- EOF;
- // Create New Topic Page
- $filename = "$date.php";
- $fh = fopen($filename, 'w') or die("can't open file");
- fwrite($fh, $new_file);
- fclose($fh);
- // Add new page entry to topics.txt
- $stringData = "<tr><td width='80px'><small><em>$postdate</em></small></td><td><a href='$date.php'><b>$topic</b></a></td></tr>\n\n";
- $file = 'topics.txt';
- $oldContents = file_get_contents($file);
- $fr = fopen($file, 'w') or die("can't open file");
- fwrite($fr, $stringData);
- fwrite($fr, $oldContents);
- fclose($fr);
- // Forward user to new topic page
- header('Location: '.$filename);
- die;
- }
- }
- ?>
- <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
- <html xmlns="http://www.w3.org/1999/xhtml" dir="ltr">
- <head>
- <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
- <title>ZenForum</title>
- <meta name="robots" content="index, follow" />
- <link rel="stylesheet" type="text/css" href="main.css" />
- </head>
- <body>
- <div id="mainbox">
- <div id="forum">
- <div class="bigtext-forum">› community pages</div>
- <p class="small"><b>Use this page to post a new community topic.</b></p>
- <p class="small">› With the exception of "pre" code tags, HTML is not allowed in the topic or subject.</p>
- <p class="small">› Any malicious activity will result in a permanent ban of your IP and account.</p><br />
- <div class="check_main">
- <?php
- if(count(@$errors) > 0){
- foreach($errors as $e){
- echo $e."<br /><br />";
- }
- }
- ?>
- </div>
- <form action="" method="post">
- <fieldset>
- <table><tbody>
- <tr>
- <td style="border-bottom: 0px;">
- <label for="topic"><b>Topic:</b> </label>
- </td>
- <td style="border-bottom: 0px;">
- <input type="text" size="65" name="topic" maxlength="64" value="<?php if(@$topic){echo $topic;} ?>">
- </td>
- </tr>
- <tr>
- <td style="border-bottom: 0px;">
- <label for="message"><b>Message:</b> </label>
- </td>
- <td style="border-bottom: 0px;">
- <textarea name="message" rows="9" cols="50" maxlength="5000"><?php if(@$message){echo $message;} ?></textarea>
- </td>
- </tr>
- <tr>
- <td style="border-bottom: 0px;">
- </td>
- <td style="border-bottom: 0px; text-align: left">
- <input type="submit" name="new_message" value="Post New Topic » ">
- </td>
- </tr>
- </tbody></table>
- </fieldset>
- </form>
- </div>
- </div>
- </body>
- </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement