AjIM: comparison ajim/ajim.php

equal deleted inserted replaced

-:2f9b67edc9b1
+:7785b3e99977
 <form action="#" onsubmit="'.$this->id.'_form(); return false;" method="get">
 <table border="0" style="margin: 0; padding: 0; width: 90%;">
 <tr><td><span style="font-family: arial; font-size: 7pt; ">Name:</span></td>   <td><input style="font-family: arial; font-size: 7pt; border: 1px solid #000; height: 15px; width: 65px; padding: 1px;" id="'.$this->id.'_name" name="name"'.$enstr.' /></td></tr>
 <tr><td><span style="font-family: arial; font-size: 7pt; ">Website:</span></td><td><input style="font-family: arial; font-size: 7pt; border: 1px solid #000; height: 15px; width: 65px; padding: 1px;" id="'.$this->id.'_website" name="website"'.$enstr.' /></td></tr>
 <tr><td colspan="2"><span style="font-family: arial; font-size: 7pt; ">Message:</span></td></tr>
-<tr><td colspan="2"><textarea'.$enstr.' rows="2" cols="16" style="width: auto; margin: 0 auto;" id="'.$this->id.'_post" name="post" onkeyup="'.$this->id.'_keyhandler();"></textarea></td></tr>
+<tr><td colspan="2"><textarea'.$enstr.' rows="2" cols="16" style="width: auto; margin: 0 auto;" id="'.$this->id.'_post" name="post"></textarea></td></tr>
 <tr><td colspan="2" align="center"><input'.$enstr.' type="submit" value="Submit post" /><br />
 <span style="font-family: arial; font-size: 6pt; color: #000000;">AjIM powered</span></td></tr>
 ';
 $html .= '</table>
 </form>';
 }
 // The client-side javascript and CSS code
 if(isset($_GET['js']) && isset($_GET['id']) && isset($_GET['path']) && isset($_GET['pfx'])) {
+if ( !preg_match('/^([a-z0-9_]+)$/', $_GET['id']) )
+die('XSS');
 header('Content-type: text/javascript');
 ?>
 // <script>
 var <?php echo $_GET['id']; ?>id='<?php echo $_GET['id']; ?>';
 var path='<?php echo $_GET['path']; ?>';
 link.type = 'text/css';
 var head = document.getElementsByTagName('head');
 head = head[0];
 head.appendChild(link);
-if(typeof window.onload == 'function')
+var <?php echo $_GET['id']; ?>_onload = function(e)
-var __ajim_oltemp = window.onload;
-else
-var __ajim_oltemp = function(e) { };
-window.onload = function(e)
 {
 if(document.getElementById('<?php echo $_GET['id']; ?>_post'))
 {
-document.getElementById('<?php echo $_GET['id']; ?>_post').onkeyup = function(e) { <?php echo $_GET['id']; ?>_keyhandler(e); };
+document.getElementById('<?php echo $_GET['id']; ?>_post').onkeyup = <?php echo $_GET['id']; ?>_keyhandler;
 }
-__ajim_oltemp(e);
+}
-}
+addOnloadHook(<?php echo $_GET['id']; ?>_onload);
 function <?php echo $_GET['id']; ?>readCookie(name) {var nameEQ = name + "=";var ca = document.cookie.split(';');for(var i=0;i < ca.length;i++){var c = ca[i];while (c.charAt(0)==' ') c = c.substring(1,c.length);if (c.indexOf(nameEQ) == 0) return c.substring(nameEQ.length,c.length);}return null;}
 function <?php echo $_GET['id']; ?>setCookie(name,value,days){if (days){var date = new Date();date.setTime(date.getTime()+(days*24*60*60*1000));var expires = "; expires="+date.toGMTString();}else var expires = "";document.cookie = name+"="+value+expires+"; path=/";}
 function <?php echo $_GET['id']; ?>eraseCookie(name) {createCookie(name,"",-1);}
 }
 function <?php echo $_GET['id']; ?>_keyhandler(e)
 {
-if(!e) e = window.event;
+if ( !e )
-if(e.keyCode == 13)
+return false;
+if ( e.keyCode == 13 )
 {
 val = document.getElementById(<?php echo $_GET['id']; ?>id+'_post').value;
 if(!shift)
 {
 document.getElementById(<?php echo $_GET['id']; ?>id+'_post').value = val.substr(0, val.length - 1);

changeset 1	7785b3e99977
parent 0	2f9b67edc9b1
child 2	b0e58c67304b