| Archived CMSimple Support Forum http://www.cmsimple.dk/forum/ |
|
| Auto removal of malicious N.I.S. Code? http://www.cmsimple.dk/forum/viewtopic.php?f=3&t=2832 |
Page 1 of 1 |
| Author: | Jens [ Wed Sep 28, 2005 10:44 am ] |
| Post subject: | Auto removal of malicious N.I.S. Code? |
As so many users of cmsimple use Norton Internet Secruity and experience the "Stack Overflow" that is caused by javascript inserted from N.I.S., would it not be an idea to auto-remove that code on save? (The newest Version of Zone Alarm Pro does also cause Problems) If not, Peter, you should make it very clear that cmsimple is not compatible with Norton Internet Secruity. Best thing would be to write it in big letters next to the download links! |
|
| Author: | johnjdoe [ Wed Sep 28, 2005 12:15 pm ] |
| Post subject: | Re: Auto removal of malicious N.I.S. Code? |
Jens wrote: (The newest Version of Zone Alarm Pro does also cause Problems)
I don't have problems or I don't see them. What kind of problems do you mean, Jens? |
|
| Author: | Jens [ Wed Sep 28, 2005 12:28 pm ] |
| Post subject: | |
it insertes some javascript after some links, and adds to iframes some "destroy code" |
|
| Author: | johnjdoe [ Wed Sep 28, 2005 2:09 pm ] |
| Post subject: | |
Jens wrote: it insertes some javascript after some links, and adds to iframes some "destroy code"
Ah, just when editing? If so, with all editors or only under some circumstances? |
|
| Author: | harteg [ Wed Sep 28, 2005 10:18 pm ] |
| Post subject: | |
Are you sure there is only one pattern to match - maybe there are different versions? |
|
| Author: | Jens [ Wed Sep 28, 2005 10:34 pm ] |
| Post subject: | |
All Sites i have seen had the same Code, but there could be others. I will collect these Codes and send them to you. |
|
| Author: | djot [ Thu Sep 29, 2005 7:05 pm ] |
| Post subject: | |
- I think Norton ads the code AFTER it was delivered by the server, so you can't remove it. djot - |
|
| Author: | harteg [ Fri Sep 30, 2005 8:20 am ] |
| Post subject: | |
djot - I don't think you are right - it is inserted by the client, as far as I know ... or am I mistaken? Are anybody having it installed and wanting to do some testing for me? |
|
| Author: | djot [ Fri Sep 30, 2005 2:27 pm ] |
| Post subject: | |
- I said, the CMSimple page is delivered by the server already, and then Norton ads the code on clientside. So you can't write servercode to remove the Norton code. djot - |
|
| Author: | Jens [ Fri Sep 30, 2005 2:31 pm ] |
| Post subject: | |
Sure the code is inserted on the client, but when CMSimple rewrites to the Content.htm, it could filter out that code. Thats how it gets into the pages, it happens when using the Editor on a PC where NIS is installed. |
|
| Author: | harteg [ Fri Sep 30, 2005 4:52 pm ] |
| Post subject: | |
$c[$s]=preg_replace("/<h[1-3][^>]*>(\ | )?<\/h[1-3]>/i","",stripslashes($text)); in cms.php should be changed to something like $c[$s]=preg_replace("/[NIS PATTERN]/i","",preg_replace("/<h[1-3][^>]*>(\ | )?<\/h[1-3]>/i","",stripslashes($text))); |
|
| Author: | harteg [ Fri Oct 07, 2005 7:18 am ] |
| Post subject: | |
This seems to work: Code: $c[$s]=preg_replace("/<script.*?SymWinOpen.*?script>/si","",preg_replace("/<h[1-3][^>]*>(\ | )?<\/h[1-3]>/i","",stripslashes($text)));
|
|
| Author: | harteg [ Wed Oct 12, 2005 8:38 pm ] |
| Post subject: | |
Well, seems like there is other codes inserted by other versions - this was a quick fix inserted in the template to remove it from output: Code: <?php echo preg_replace("/<script.*?SymRealWinOpen.*?script>/si","",content());?>
|
|
| Page 1 of 1 | All times are UTC |
| Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group http://www.phpbb.com/ |
|