Author Topic: Review problem - words that contain "on" and brackets after.  (Read 3532 times)

Studio 42

  • Contributing Developer
  • Sr. Member
  • *
  • Posts: 4668
  • Joomla & Virtuemart developper
    • Studio 42 - Virtuemart & Joomla extentions
  • VirtueMart Version: 2.6 & 3
Re: Review problem - words that contain "on" and brackets after.
« Reply #15 on: October 12, 2019, 11:20:17 am »
Have you try to dump the $data to check what is inside the $data['comment'] or with vmdebug ?

Ventsi Genchev

  • Jr. Member
  • **
  • Posts: 308
    • Audio Store
Re: Review problem - words that contain "on" and brackets after.
« Reply #16 on: October 12, 2019, 12:54:04 pm »
Yes of course.

There is no change before and after the FILTER_SANITIZE_STRING. Absolutely no difference:

Code: [Select]
Array
(
    [vote] => 5
    [comment] => Welcome <script> alert(\"Hi virtuemart\")</script>
    ......
)

But if I add the following:
$data['comment'] = 'Welcome <script> alert(\"Hi virtuemart\")</script>';

before:
$data['comment'] = vRequest::filter($data['comment'],FILTER_SANITIZE_STRING, array());

The result after the FILTER_SANITIZE_STRING is:

Code: [Select]
Array
(
    [vote] => 5
    [comment] => Welcome  alert(\"Hi virtuemart\")
    ......
)
Audio Store:
https://vsystem.bg - Bulgarian language
https://vsystem.bg/en - English

Studio 42

  • Contributing Developer
  • Sr. Member
  • *
  • Posts: 4668
  • Joomla & Virtuemart developper
    • Studio 42 - Virtuemart & Joomla extentions
  • VirtueMart Version: 2.6 & 3
Re: Review problem - words that contain "on" and brackets after.
« Reply #17 on: October 13, 2019, 02:57:00 am »
i think that you have do a mistake.
I tried this and filter is working :

Code: [Select]
// no HTML TAGS but permit all alphabet
$value = filter_var($data['comment'] , FILTER_SANITIZE_STRING);
/* $value = preg_replace('@<[\/\!]*?[^<>]*?>@si','',$data['comment']);//remove all html tags
$value = (string)preg_replace('#on[a-z](.+?)\)#si','',$value);//replace start of script onclick() onload()... */
$value = trim(str_replace('"', ' ', $value),"'") ;
$data['comment'] = (string)preg_replace('#^\'#si','',$value);//replace ' at start
$data['comment'] = nl2br($data['comment']);  // keep returns

Ventsi Genchev

  • Jr. Member
  • **
  • Posts: 308
    • Audio Store
Re: Review problem - words that contain "on" and brackets after.
« Reply #18 on: October 14, 2019, 08:46:27 am »
Patrick, the last file change was made by Max in revision 10172. The purpose is to fix the old code.
http://dev.virtuemart.net/projects/virtuemart/repository/revisions/10172
I test with it and it doesn't work.

Your code doesn't work either.
Just put this in a review:
Code: [Select]
Welcome <script> alert(\"Hi virtuemart\")</script>and post it. There is no code cleanup.

Then put the same text here and test:
https://www.w3schools.com/php/phptryit.asp?filename=tryphp_func_sanitize_string

Can you share what text you are testing?
Audio Store:
https://vsystem.bg - Bulgarian language
https://vsystem.bg/en - English

Studio 42

  • Contributing Developer
  • Sr. Member
  • *
  • Posts: 4668
  • Joomla & Virtuemart developper
    • Studio 42 - Virtuemart & Joomla extentions
  • VirtueMart Version: 2.6 & 3
Re: Review problem - words that contain "on" and brackets after.
« Reply #19 on: October 14, 2019, 10:38:22 am »
I have done the test with input :
"test<script>my script</script>"
Result was "test my script"

Ventsi Genchev

  • Jr. Member
  • **
  • Posts: 308
    • Audio Store
Re: Review problem - words that contain "on" and brackets after.
« Reply #20 on: October 14, 2019, 10:54:17 am »
Very strange. It doesn't work for me.
In all variants (yours or Max's) it doesn't change the text.
Audio Store:
https://vsystem.bg - Bulgarian language
https://vsystem.bg/en - English

Milbo

  • Virtuemart Projectleader
  • Administrator
  • Super Hero
  • *
  • Posts: 10486
  • VM4.0.7 Eagle Owl
    • VM3 Extensions
  • VirtueMart Version: VirtueMart 3 on joomla 3
Re: Review problem - words that contain "on" and brackets after.
« Reply #21 on: October 14, 2019, 13:39:59 pm »
To see that it got changed, you must open the source in a new tab. Then you will see that for example the < is replaced against &#60
Should I fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/

Ventsi Genchev

  • Jr. Member
  • **
  • Posts: 308
    • Audio Store
Re: Review problem - words that contain "on" and brackets after.
« Reply #22 on: October 14, 2019, 13:51:13 pm »
I understand now. I was expecting it to disappear from the text.  :)

Would you also correct the vm_reviews_maximum_comment_length, please.
Must be reviews_maximum_comment_length.

Thank you.
Audio Store:
https://vsystem.bg - Bulgarian language
https://vsystem.bg/en - English

Milbo

  • Virtuemart Projectleader
  • Administrator
  • Super Hero
  • *
  • Posts: 10486
  • VM4.0.7 Eagle Owl
    • VM3 Extensions
  • VirtueMart Version: VirtueMart 3 on joomla 3
Should I fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/