4images Help / Hilfe > Bug Fixes & Patches
1.7.2 - 1.7.4 [FIX] mit Umlauten in Kommentaren-/Suche - Comments-/Search
bildergallery:
nach mehreren offenen treads habe ich selber versucht, in einer frischen 4images installation
kommentare mit umlauten zu erstellen.
----------------------------------------------------------------------------------------------------------------------
ich benutze als testversion / testsystem
PHP Version 5.2.2 und Mysql 5.0.41
4images 1.7.4
Quelltext im Browser:
<title>4images - Image Gallery Management System</title>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
<link rel="stylesheet" href="./templates/default/style.css" />
----------------------------------------------------------------------------------------------------------------------
folgende fehlermeldung kommt (siehe bild vorher.gif):
Das Feld Überschrift muss ausgefüllt werden!
Das Feld Kommentar muss ausgefüllt werden!
wenn die umlaute durch ae ue oe ersetzt werden, funktioniert dies (siehe bilder nachher.gif)
liebe programmierer, meldet euch :wink:
damit die sache entgültig gelöst wird :!:
UPDATE 28.08.2007
LÖSUNG/BUGFIX
suche/search in global.php
--- Code: ---function clean_array($array) {
$search = array(
// Remove any attribute starting with "on" or xmlns
'#(<[^>]+[\x00-\x20\"\'])(on|xmlns)[^>]*>#iUu',
// Remove javascript: and vbscript: protocol
'#([a-z]*)[\x00-\x20]*=[\x00-\x20]*([\`\'\"]*)[\\x00-\x20]*j[\x00-\x20]*a[\x00-\x20]*v[\x00-\x20]*a[\x00-\x20]*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:#iUu',
'#([a-z]*)[\x00-\x20]*=([\'\"]*)[\x00-\x20]*v[\x00-\x20]*b[\x00-\x20]*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:#iUu',
//<span style="width: expression(alert('Ping!'));"></span>
// Only works in ie...
'#(<[^>]+)style[\x00-\x20]*=[\x00-\x20]*([\`\'\"]*).*expression[\x00-\x20]*\([^>]*>#iU',
'#(<[^>]+)style[\x00-\x20]*=[\x00-\x20]*([\`\'\"]*).*behaviour[\x00-\x20]*\([^>]*>#iU',
'#(<[^>]+)style[\x00-\x20]*=[\x00-\x20]*([\`\'\"]*).*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:*[^>]*>#iUu'
);
$replace = array(
"$1>",
'$1=$2nojavascript...',
'$1=$2novbscript...',
"$1>",
"$1>",
"$1>"
);
// Remove all control (i.e. with ASCII value lower than 0x20 (space),
// except of 0x0A (line feed) and 0x09 (tabulator)
$search2 =
"\x00\x01\x02\x03\x04\x05\x06\x07\x08\x0B\x0C\x0E\x0F\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1A\x1B\x1C\x1D\x1E\x1F";
$replace2 = //str_repeat("\r", strlen($search2));
"\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D";
foreach ($array as $key => $val) {
if (is_array($val)) {
$val = clean_array($val);
} else {
$val = preg_replace($search, $replace, $val);
$val = str_replace("\r\n", "\n", $val);
$val = str_replace("\r", "\n", $val);
$val = strtr($val, $search2, $replace2);
$val = str_replace("\r", '', $val); // \r === \x0D
do {
$oldval = $val;
$val = preg_replace('#</*(applet|meta|xml|blink|link|style|script|embed|object|iframe|frame|frameset|ilayer|layer|bgsound|title|base)[^>]*>#i', "", $val);
} while ($oldval != $val);
}
$array[$key] = $val;
}
return $array;
}
--- End code ---
ersetze/replace
--- Code: ---function clean_string($string) {
$canCheckUTF8Error = defined('PREG_BAD_UTF8_ERROR') && function_exists('preg_last_error');
// Remove any attribute starting with "on" or xmlns
$tmp = preg_replace('#(<[^>]+[\x00-\x20\"\'])(on|xmlns)[^>]*>#iUu',"$1>",$string);
if ($canCheckUTF8Error && (PREG_BAD_UTF8_ERROR == preg_last_error())) {
$tmp = preg_replace('#(<[^>]+[\x00-\x20\"\'])(on|xmlns)[^>]*>#iU',"$1>",$string);
}
$string = $tmp;
// Remove javascript: and vbscript: protocol
$tmp = preg_replace('#([a-z]*)[\x00-\x20]*=[\x00-\x20]*([\`\'\"]*)[\x00-\x20]*j[\x00-\x20]*a[\x00-\x20]*v[\x00-\x20]*a[\x00-\x20]*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:#iUu','$1=$2nojavascript...',$string);
if ($canCheckUTF8Error && (PREG_BAD_UTF8_ERROR == preg_last_error())) {
$tmp = preg_replace('#([a-z]*)[\x00-\x20]*=[\x00-\x20]*([\`\'\"]*)[\x00-\x20]*j[\x00-\x20]*a[\x00-\x20]*v[\x00-\x20]*a[\x00-\x20]*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:#iU','$1=$2nojavascript...',$string);
}
$string = $tmp;
$tmp = preg_replace('#([a-z]*)[\x00-\x20]*=[\x00-\x20]*([\`\'\"]*)[\x00-\x20]*v[\x00-\x20]*b[\x00-\x20]*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:#iUu','$1=$2novbscript...',$string);
if ($canCheckUTF8Error && (PREG_BAD_UTF8_ERROR == preg_last_error())) {
$tmp = preg_replace('#([a-z]*)[\x00-\x20]*=[\x00-\x20]*([\`\'\"]*)[\x00-\x20]*v[\x00-\x20]*b[\x00-\x20]*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:#iU','$1=$2novbscript...',$string);
}
$string = $tmp;
// <span style="width: expression(alert('Ping!'));"></span>
// only works in ie...
$string = preg_replace('#(<[^>]+)style[\x00-\x20]*=[\x00-\x20]*([\`\'\"]*).*expression[\x00-\x20]*\([^>]*>#iU',"$1>",$string);
$string = preg_replace('#(<[^>]+)style[\x00-\x20]*=[\x00-\x20]*([\`\'\"]*).*behaviour[\x00-\x20]*\([^>]*>#iU',"$1>",$string);
$tmp = preg_replace('#(<[^>]+)style[\x00-\x20]*=[\x00-\x20]*([\`\'\"]*).*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:*[^>]*>#iUu',"$1>",$string);
if ($canCheckUTF8Error && (PREG_BAD_UTF8_ERROR == preg_last_error())) {
$tmp = preg_replace('#(<[^>]+)style[\x00-\x20]*=[\x00-\x20]*([\`\'\"]*).*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:*[^>]*>#iU',"$1>",$string);
}
$string = $tmp;
// Remove namespaced elements (we do not need them...)
$string = preg_replace('#</*\w+:\w[^>]*>#i',"",$string);
// Remove all control (i.e. with ASCII value lower than 0x20 (space),
// except of 0x0A (line feed) and 0x09 (tabulator)
$search =
"\x00\x01\x02\x03\x04\x05\x06\x07\x08\x0B\x0C\x0E\x0F\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1A\x1B\x1C\x1D\x1E\x1F";
$replace = //str_repeat("\r", strlen($search2));
"\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D";
$string = str_replace("\r\n", "\n", $string);
$string = str_replace("\r", "\n", $string);
$string = strtr($string, $search, $replace);
$string = str_replace("\r", '', $string); // \r === \x0D
// Remove really unwanted tags
do {
$oldstring = $string;
$string = preg_replace('#</*(applet|meta|xml|blink|link|style|script|embed|object|iframe|frame|frameset|ilayer|layer|bgsound|title|base)[^>]*>#i',"",$string);
} while ($oldstring != $string);
return $string;
}
function clean_array($array) {
foreach ($array as $key => $val) {
$key = clean_string($key);
if (is_array($val)) {
$val = clean_array($val);
} else {
$val = clean_string($val);
}
$array[$key] = $val;
}
return $array;
}
--- End code ---
mawenzi:
... habe Jan und Kai nochmals auf dieses Problem hingewiesen ...
Jan:
Das wurde schon vor ziemlich langer Zeit gefixt (ziemlich am Anfang der global.php).
Jan
Jan:
Hi,
wir sind leider hier im Büro seit 1 Woche offline :|
Ich werde mich sobald es geht darum kümmern..
Jan
Nicky:
auf meinem server laufen...
PHP Version 4.3.11
und
MySQL 5.0.22 (datenbank als utf8_general_ci)
an 4images 1.7.4 wurde nichts verändert.
das ist das ergebniss
http://www.nicky.net/4test/details.php?image_id=1
Navigation
[0] Message Index
[#] Next page
Go to full version