nach mehreren offenen treads habe ich selber versucht, in einer frischen 4images installation
kommentare mit umlauten zu erstellen.
----------------------------------------------------------------------------------------------------------------------
ich benutze als testversion / testsystem
PHP Version 5.2.2 und Mysql 5.0.41
4images 1.7.4
Quelltext im Browser:
<title>4images - Image Gallery Management System</title>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
<link rel="stylesheet" href="./templates/default/style.css" />----------------------------------------------------------------------------------------------------------------------
folgende fehlermeldung kommt (siehe bild vorher.gif):
Das Feld Überschrift muss ausgefüllt werden!
Das Feld Kommentar muss ausgefüllt werden!
wenn die umlaute durch
ae ue oe ersetzt werden, funktioniert dies (siehe bilder nachher.gif)
liebe programmierer, meldet euch
damit die sache entgültig gelöst wird
UPDATE 28.08.2007
LÖSUNG/BUGFIX
suche/search in global.php
function clean_array($array) {
$search = array(
// Remove any attribute starting with "on" or xmlns
'#(<[^>]+[\x00-\x20\"\'])(on|xmlns)[^>]*>#iUu',
// Remove javascript: and vbscript: protocol
'#([a-z]*)[\x00-\x20]*=[\x00-\x20]*([\`\'\"]*)[\\x00-\x20]*j[\x00-\x20]*a[\x00-\x20]*v[\x00-\x20]*a[\x00-\x20]*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:#iUu',
'#([a-z]*)[\x00-\x20]*=([\'\"]*)[\x00-\x20]*v[\x00-\x20]*b[\x00-\x20]*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:#iUu',
//<span style="width: expression(alert('Ping!'));"></span>
// Only works in ie...
'#(<[^>]+)style[\x00-\x20]*=[\x00-\x20]*([\`\'\"]*).*expression[\x00-\x20]*\([^>]*>#iU',
'#(<[^>]+)style[\x00-\x20]*=[\x00-\x20]*([\`\'\"]*).*behaviour[\x00-\x20]*\([^>]*>#iU',
'#(<[^>]+)style[\x00-\x20]*=[\x00-\x20]*([\`\'\"]*).*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:*[^>]*>#iUu'
);
$replace = array(
"$1>",
'$1=$2nojavascript...',
'$1=$2novbscript...',
"$1>",
"$1>",
"$1>"
);
// Remove all control (i.e. with ASCII value lower than 0x20 (space),
// except of 0x0A (line feed) and 0x09 (tabulator)
$search2 =
"\x00\x01\x02\x03\x04\x05\x06\x07\x08\x0B\x0C\x0E\x0F\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1A\x1B\x1C\x1D\x1E\x1F";
$replace2 = //str_repeat("\r", strlen($search2));
"\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D";
foreach ($array as $key => $val) {
if (is_array($val)) {
$val = clean_array($val);
} else {
$val = preg_replace($search, $replace, $val);
$val = str_replace("\r\n", "\n", $val);
$val = str_replace("\r", "\n", $val);
$val = strtr($val, $search2, $replace2);
$val = str_replace("\r", '', $val); // \r === \x0D
do {
$oldval = $val;
$val = preg_replace('#</*(applet|meta|xml|blink|link|style|script|embed|object|iframe|frame|frameset|ilayer|layer|bgsound|title|base)[^>]*>#i', "", $val);
} while ($oldval != $val);
}
$array[$key] = $val;
}
return $array;
}
ersetze/replace
function clean_string($string) {
$canCheckUTF8Error = defined('PREG_BAD_UTF8_ERROR') && function_exists('preg_last_error');
// Remove any attribute starting with "on" or xmlns
$tmp = preg_replace('#(<[^>]+[\x00-\x20\"\'])(on|xmlns)[^>]*>#iUu',"$1>",$string);
if ($canCheckUTF8Error && (PREG_BAD_UTF8_ERROR == preg_last_error())) {
$tmp = preg_replace('#(<[^>]+[\x00-\x20\"\'])(on|xmlns)[^>]*>#iU',"$1>",$string);
}
$string = $tmp;
// Remove javascript: and vbscript: protocol
$tmp = preg_replace('#([a-z]*)[\x00-\x20]*=[\x00-\x20]*([\`\'\"]*)[\x00-\x20]*j[\x00-\x20]*a[\x00-\x20]*v[\x00-\x20]*a[\x00-\x20]*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:#iUu','$1=$2nojavascript...',$string);
if ($canCheckUTF8Error && (PREG_BAD_UTF8_ERROR == preg_last_error())) {
$tmp = preg_replace('#([a-z]*)[\x00-\x20]*=[\x00-\x20]*([\`\'\"]*)[\x00-\x20]*j[\x00-\x20]*a[\x00-\x20]*v[\x00-\x20]*a[\x00-\x20]*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:#iU','$1=$2nojavascript...',$string);
}
$string = $tmp;
$tmp = preg_replace('#([a-z]*)[\x00-\x20]*=[\x00-\x20]*([\`\'\"]*)[\x00-\x20]*v[\x00-\x20]*b[\x00-\x20]*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:#iUu','$1=$2novbscript...',$string);
if ($canCheckUTF8Error && (PREG_BAD_UTF8_ERROR == preg_last_error())) {
$tmp = preg_replace('#([a-z]*)[\x00-\x20]*=[\x00-\x20]*([\`\'\"]*)[\x00-\x20]*v[\x00-\x20]*b[\x00-\x20]*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:#iU','$1=$2novbscript...',$string);
}
$string = $tmp;
// <span style="width: expression(alert('Ping!'));"></span>
// only works in ie...
$string = preg_replace('#(<[^>]+)style[\x00-\x20]*=[\x00-\x20]*([\`\'\"]*).*expression[\x00-\x20]*\([^>]*>#iU',"$1>",$string);
$string = preg_replace('#(<[^>]+)style[\x00-\x20]*=[\x00-\x20]*([\`\'\"]*).*behaviour[\x00-\x20]*\([^>]*>#iU',"$1>",$string);
$tmp = preg_replace('#(<[^>]+)style[\x00-\x20]*=[\x00-\x20]*([\`\'\"]*).*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:*[^>]*>#iUu',"$1>",$string);
if ($canCheckUTF8Error && (PREG_BAD_UTF8_ERROR == preg_last_error())) {
$tmp = preg_replace('#(<[^>]+)style[\x00-\x20]*=[\x00-\x20]*([\`\'\"]*).*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:*[^>]*>#iU',"$1>",$string);
}
$string = $tmp;
// Remove namespaced elements (we do not need them...)
$string = preg_replace('#</*\w+:\w[^>]*>#i',"",$string);
// Remove all control (i.e. with ASCII value lower than 0x20 (space),
// except of 0x0A (line feed) and 0x09 (tabulator)
$search =
"\x00\x01\x02\x03\x04\x05\x06\x07\x08\x0B\x0C\x0E\x0F\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1A\x1B\x1C\x1D\x1E\x1F";
$replace = //str_repeat("\r", strlen($search2));
"\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D";
$string = str_replace("\r\n", "\n", $string);
$string = str_replace("\r", "\n", $string);
$string = strtr($string, $search, $replace);
$string = str_replace("\r", '', $string); // \r === \x0D
// Remove really unwanted tags
do {
$oldstring = $string;
$string = preg_replace('#</*(applet|meta|xml|blink|link|style|script|embed|object|iframe|frame|frameset|ilayer|layer|bgsound|title|base)[^>]*>#i',"",$string);
} while ($oldstring != $string);
return $string;
}
function clean_array($array) {
foreach ($array as $key => $val) {
$key = clean_string($key);
if (is_array($val)) {
$val = clean_array($val);
} else {
$val = clean_string($val);
}
$array[$key] = $val;
}
return $array;
}