2009-07-14, 12:30 AM
(آخر تعديل لهذه المشاركة: 2009-07-14, 01:28 AM بواسطة الخبيرالمتميز.)
(2009-07-13, 09:19 PM)الوَحش كتب : لم أجد بمنتداك هذا المحرر و إنما وجدت محرر Mybb العادى كما أننى جربت هذا الهاك من قبل و هو فعلا به بعض المشاكلانا غيرت الستايل حتى اقوم بالتعديل على الستايل الثاني .
انا لم اقل انه خال من المشاكل.اصلا مبرمجه قال ان به مشاكل
لكن انا لحد الان لم ارى اي مشكل
إقتباس : Bestpublisherالعفو اخي هذا اقل شيئ اقدمه
الهاك به ثغرة واحدة لحد الان ولقد قمت بمراجعته كاملا
الثغرة حين نسخ موضوع من منتدى اخر ولصقه بعد ارسال الموضوع .ثظهر رسالة تقول ادخل نص الموضوع.
اي انه لم يتم لصق الموضوع.
القالب المسؤول والذي به هذه الثفرة هو editpost
PHP كود :
<html>
<head>
<title>{$mybb->settings['bbname']} - {$lang->edit_post}</title>
{$headerinclude}
<script type="text/javascript" src="jscripts/post.js?ver=1400"></script>
</head>
<body>
{$header}
{$preview}
{$post_errors}
{$attacherror}
<form action="editpost.php" method="post" name="editpost">
<input type="hidden" name="my_post_key" value="{$mybb->post_code}" />
<table border="0" cellspacing="{$theme['borderwidth']}" cellpadding="{$theme['tablespace']}" class="tborder">
<tr>
<td class="thead" colspan="3"><strong>{$lang->delete_post}</strong></td>
</tr>
<tr>
<td class="trow1" style="white-space: nowrap"><input type="checkbox" class="checkbox" name="delete" value="1" tabindex="9" /> <strong>{$lang->delete_q}</strong></td>
<td class="trow1" width="100%">{$lang->delete_1}<br /><span class="smalltext">{$lang->delete_2}</span></td>
<td class="trow1"><input type="submit" class="button" name="submit" value="{$lang->delete_now}" tabindex="10" /></td>
</tr>
</table>
<input type="hidden" name="action" value="deletepost" />
<input type="hidden" name="pid" value="{$pid}" />
</form>
<br />
<form onSubmit="return get_hoteditor_data();" action="editpost.php?pid={$pid}&processed=1" method="post" enctype="multipart/form-data" name="input">
<input type="hidden" name="my_post_key" value="{$mybb->post_code}" />
<table border="0" cellspacing="{$theme['borderwidth']}" cellpadding="{$theme['tablespace']}" class="tborder">
<tr>
<td class="thead" colspan="2"><strong>{$lang->edit_post}</strong></td>
</tr>
{$loginbox}
<tr>
<td class="trow2"><strong>{$lang->subject}</strong></td>
<td class="trow2"><input type="text" class="textbox" name="subject" size="40" maxlength="85" value="{$subject}" tabindex="1" /></td>
</tr>
<!-- Uncomment the section below if you use the "Edit Reason" mod -->
<!-- <tr>
<td class="trow2"><strong>Edit Reason</strong></td>
<td class="trow2"><input type="text" class="textbox" name="editreason" size="40" maxlength="100" value="{$post['editreason']}" tabindex="1" /></td>
</tr> -->
{$posticons}
<tr>
<td class="trow2" valign="top"><strong>{$lang->your_message}:</strong><br /></td>
<td class="trow2">
<!-- //EDITOR -->
<textarea style="visibility:hidden;position:absolute;top:-20;left:-20;width:1px;height:1px" name="message" id="message" rows="20" cols="70" tabindex="3">{$message}</textarea>
<style type="text/css">@import url(richedit/styles/office2007/style.css);</style>
<script language="JavaScript" type="text/javascript" src="richedit/editor.js?version=4.2"></script>
<script language="JavaScript" type="text/javascript">
var getdata =document.getElementById("message").value;
//Make it work with MOD Hoteditor 4.0
if(getdata.indexOf("{EDITOR=")!=-1 && getdata.indexOf("EDITOR}")!=-1){
getdata=getdata.replace(/\&/gi,"&");
getdata=getdata.replace(/\</gi,"<");
getdata=getdata.replace(/\>/gi,">");
getdata=getdata.replace(/\[<\]/gi,"<");
getdata=getdata.replace(/\[>\]/gi,">");
getdata=getdata.replace(/\[<\]/gi,"<");
getdata=getdata.replace(/\[>\]/gi,">");
getdata=getdata.replace(/\"/gi,"\"");
getdata=getdata.replace(/[\r\n]/gi,"");
getdata=getdata.replace(/\{EDITOR=/gi,"");
getdata=getdata.replace(/EDITOR\}/gi,"");
//Convert to BBCode
getdata=HTMLToBBCode(getdata);
}
Instantiate("max","editor", getdata , "100%", "300px");
//For Vietnamese User. Edit file editor.js to enable vietnamese keyboard
if(enable_vietnamese_keyboard==1){
document.write("<script language=\"JavaScript\" type=\"text/javascript\" src=\"richedit/avim.js\"><\/script>");
var hoteditor_avim_method = hot_readCookie("hoteditor_avim_method");var him_auto_checked="";var him_telex_checked="";var him_vni_checked="";var him_viqr_checked="";var him_viqr2_checked="";var him_off_checked="";if(hoteditor_avim_method=="0"){him_auto_checked="checked";}else if(hoteditor_avim_method=="1"){him_telex_checked="checked";}else if(hoteditor_avim_method=="2"){him_vni_checked="checked";}else if(hoteditor_avim_method=="3"){him_viqr_checked="checked";}else if(hoteditor_avim_method=="4"){him_viqr2_checked="checked";}else if(hoteditor_avim_method=="-1"){him_off_checked="checked";}
document.write("<div style='width:100%;text-align:center;font-family:Verdana;font-size:11px;'><input "+him_auto_checked+" id=him_auto onclick=setMethod(0); type=radio name=viet_method> Auto :: <input "+him_telex_checked+" id=him_telex onclick=setMethod(1); type=radio name=viet_method> Telex :: <input "+him_vni_checked+" id=him_vni onclick=setMethod(2); type=radio name=viet_method> VNI :: <input "+him_viqr_checked+" id=him_viqr onclick=setMethod(3); type=radio name=viet_method> VIQR :: <input "+him_viqr2_checked+" id=him_viqr2 onclick=setMethod(4); type=radio name=viet_method> VIQR* :: <input "+him_off_checked+" id=him_off onclick=setMethod(-1); type=radio name=viet_method> Off<br><img src="+styles_folder_path+"/vietnamese_symbol.gif></div>");
}
function get_hoteditor_data(){
if (HTML_ON == "no"){
alert ("Please uncheck the HTML checkbox");
return false;
}
setCodeOutput();
var bbcode_output=document.getElementById("hoteditor_bbcode_ouput_editor").value;//Output to BBCode
//Make it work with MOD Hoteditor 4.0
bbcode_output=bbcode_output.replace(/\{EDITOR=/gi,"[B]{[/B]EDITOR=");
bbcode_output=bbcode_output.replace(/EDITOR\}/gi,"EDITOR[B]}[/B]");
//Output BBCode to message textarea
document.getElementById("message").value = bbcode_output;
}
</script>
<!-- //EDITOR -->
</td>
</tr>
<tr>
<td class="trow1" valign="top"><strong>{$lang->post_options}</strong></td>
<td class="trow1"><span class="smalltext">
<label><input type="checkbox" class="checkbox" name="postoptions[signature]" value="1" tabindex="6"{$postoptionschecked['signature']} /> {$lang->options_sig}</label>
{$disablesmilies}</span>
</td>
</tr>
{$subscriptionmethod}
{$pollbox}
</table>
{$attachbox}
<br />
<div align="center"><input type="submit" class="button" name="submit" value="{$lang->update_post}" tabindex="3" /> <input type="submit" class="button" name="previewpost" value="{$lang->preview_post}" tabindex="4" /></div>
<input type="hidden" name="action" value="do_editpost" />
<input type="hidden" name="posthash" value="{$posthash}" />
<input type="hidden" name="attachmentaid" value="" />
<input type="hidden" name="attachmentact" value="" />
</form>
{$footer}
</body>
</html>