Re: [PHP] Re: stripping html tags

2005-06-06 Thread Richard Lynch
On Mon, June 6, 2005 1:05 am, Dotan Cohen said:
> I am trying to access my local pop3 mail via wap. When I get home I
> download the messages, but while away I need access to them. I am
> trying to strip those tags from html mails so that they will display
> in my wap browser.

So, on your current path, you are going to assume that nobody will send
you malicious email, targetted at your particular phone/wap model/device,
and only strip out the tags you think are messing with display...

Chris is suggesting that that's Bad Security, and he's right.

Viruses for wap devices are being developed at break-neck speeds.

Personally, I'd just call strip_tags() and not let ANY tags through, if I
wanted to try to read email through my phone in the first place...

Do you really need those fancy layouts and big images chewing up your cell
phone bandwidth/charges?...

Still, if you insist on ripping out only the 4 tags, preg shouldn't be
THAT hard...

The very first example on: http://us4.php.net/preg_replace shows how to
rip out the 

Re: [PHP] Re: stripping html tags

2005-06-06 Thread Dotan Cohen
On 6/6/05, Chris Shiflett <[EMAIL PROTECTED]> wrote:
> Dotan Cohen wrote:
> > IF you know every single tag that exists! And being how I only wanted
> > to remove four of them, the list of 'what to remove' is so much more
> > compact than the 'leave those' list!
> 
> For what purpose are you wanting to remove tags? If this is for data
> that you plan to send to the client, then your approach is poor.
> 
> Your reasoning is exactly why you should never try to guess which tags
> to remove - you're almost certain to forget something. This is why so
> many people create PHP applications with security vulnerabilities.
> 
> If I've misunderstood your intent, then perhaps your approach is fine,
> but I wanted to point out the risk in your approach.
> 
> Chris
> 
> P.S. You should never modify invalid data in order to make it valid.
> Thus, I think strip_tags() is also a poor approach and not something I
> ever recommend using. Filtering input and escaping output are the best
> practices.
> 
> --
> Chris Shiflett
> Brain Bulb, The PHP Consultancy
> http://brainbulb.com/
> 

I am trying to access my local pop3 mail via wap. When I get home I
download the messages, but while away I need access to them. I am
trying to strip those tags from html mails so that they will display
in my wap browser.

Dotan
http://lyricslist.com/lyrics/pages/artist_albums.php/238/Guns%20N'%20Roses
Guns N' Roses Lyrics

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] Re: stripping html tags

2005-06-05 Thread Chris Shiflett

Dotan Cohen wrote:

IF you know every single tag that exists! And being how I only wanted
to remove four of them, the list of 'what to remove' is so much more
compact than the 'leave those' list!


For what purpose are you wanting to remove tags? If this is for data 
that you plan to send to the client, then your approach is poor.


Your reasoning is exactly why you should never try to guess which tags 
to remove - you're almost certain to forget something. This is why so 
many people create PHP applications with security vulnerabilities.


If I've misunderstood your intent, then perhaps your approach is fine, 
but I wanted to point out the risk in your approach.


Chris

P.S. You should never modify invalid data in order to make it valid. 
Thus, I think strip_tags() is also a poor approach and not something I 
ever recommend using. Filtering input and escaping output are the best 
practices.


--
Chris Shiflett
Brain Bulb, The PHP Consultancy
http://brainbulb.com/

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] Re: stripping html tags

2005-06-05 Thread Dotan Cohen
On 6/6/05, Brian V Bonini <[EMAIL PROTECTED]> wrote:
> On Sun, 2005-06-05 at 18:13, Dotan Cohen wrote:
> > On 6/6/05, Brian V Bonini <[EMAIL PROTECTED]> wrote:
> > > On Sun, 2005-06-05 at 16:05, Dotan Cohen wrote:
> > >
> > > > I don't want to strip out all the tags, just certain ones. But the
> > > > problem turned out not to be in this peice of code- the script simply
> > > > wasn't parsing. I started another thread with that problem after
> > > > failing to fix it on my own.
> > >
> > >
> > > The prototype says you cam specify exceptions to the function.
> 
> > I was looking to remove certain tags, not leave certain tags, as does
> > strip_tags(). But thank you, I do appreciate the input.
> 
> It's the same thing... Just think of it terms of what you don't want to
> remove rather then what you do want to remove. The result is the same.
> 
> 
> --
> 
> s/:-[(/]/:-)/g
> 
> 
> BrianGnuPG -> KeyID: 0x04A4F0DC | Key Server: pgp.mit.edu
> ==
> gpg --keyserver pgp.mit.edu --recv-keys 04A4F0DC
> Key Info: http://gfx-design.com/keys
> Linux Registered User #339825 at http://counter.li.org
> 
> 

IF you know every single tag that exists! And being how I only wanted
to remove four of them, the list of 'what to remove' is so much more
compact than the 'leave those' list!

Dotan
http://lyricslist.com/lyrics/pages/artist_albums.php/11/A-Ha
A Ha Lyrics

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] Re: stripping html tags

2005-06-05 Thread Brian V Bonini
On Sun, 2005-06-05 at 18:13, Dotan Cohen wrote:
> On 6/6/05, Brian V Bonini <[EMAIL PROTECTED]> wrote:
> > On Sun, 2005-06-05 at 16:05, Dotan Cohen wrote:
> > 
> > > I don't want to strip out all the tags, just certain ones. But the
> > > problem turned out not to be in this peice of code- the script simply
> > > wasn't parsing. I started another thread with that problem after
> > > failing to fix it on my own.
> > 
> > 
> > The prototype says you cam specify exceptions to the function.

> I was looking to remove certain tags, not leave certain tags, as does
> strip_tags(). But thank you, I do appreciate the input.

It's the same thing... Just think of it terms of what you don't want to
remove rather then what you do want to remove. The result is the same.


-- 

s/:-[(/]/:-)/g


BrianGnuPG -> KeyID: 0x04A4F0DC | Key Server: pgp.mit.edu
==
gpg --keyserver pgp.mit.edu --recv-keys 04A4F0DC
Key Info: http://gfx-design.com/keys
Linux Registered User #339825 at http://counter.li.org

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] Re: stripping html tags

2005-06-05 Thread Dotan Cohen
On 6/6/05, Brian V Bonini <[EMAIL PROTECTED]> wrote:
> On Sun, 2005-06-05 at 16:05, Dotan Cohen wrote:
> 
> > I don't want to strip out all the tags, just certain ones. But the
> > problem turned out not to be in this peice of code- the script simply
> > wasn't parsing. I started another thread with that problem after
> > failing to fix it on my own.
> 
> 
> The prototype says you cam specify exceptions to the function.
> --
> 
> s/:-[(/]/:-)/g
> 
> 
> BrianGnuPG -> KeyID: 0x04A4F0DC | Key Server: pgp.mit.edu
> ==
> gpg --keyserver pgp.mit.edu --recv-keys 04A4F0DC
> Key Info: http://gfx-design.com/keys
> Linux Registered User #339825 at http://counter.li.org
> 
> 

I was looking to remove certain tags, not leave certain tags, as does
strip_tags(). But thank you, I do appreciate the input.

http://lyricslist.com/lyrics/pages/artist_albums.php/425/Red%20Hot%20Chili%20Peppers
Red Hot Chili Peppers Lyrics

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] Re: stripping html tags

2005-06-05 Thread Brian V Bonini
On Sun, 2005-06-05 at 16:05, Dotan Cohen wrote:

> I don't want to strip out all the tags, just certain ones. But the
> problem turned out not to be in this peice of code- the script simply
> wasn't parsing. I started another thread with that problem after
> failing to fix it on my own.


The prototype says you cam specify exceptions to the function.
-- 

s/:-[(/]/:-)/g


BrianGnuPG -> KeyID: 0x04A4F0DC | Key Server: pgp.mit.edu
==
gpg --keyserver pgp.mit.edu --recv-keys 04A4F0DC
Key Info: http://gfx-design.com/keys
Linux Registered User #339825 at http://counter.li.org

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] Re: stripping html tags

2005-06-05 Thread Paul Waring
On 6/5/05, Dotan Cohen <[EMAIL PROTECTED]> wrote:
> I don't want to strip out all the tags, just certain ones.

You can use strip_tags() and tell it not to strip certain tags if you
want, that feature has been available since PHP 3.

-- 
Rogue Tory
http://www.roguetory.org.uk

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] Re: stripping html tags

2005-06-05 Thread Dotan Cohen
On 6/5/05, Matthew Weier O'Phinney <[EMAIL PROTECTED]> wrote:
> * Dotan Cohen <[EMAIL PROTECTED]>:
> > I took this example from php.net, but can't figure out where I went
> > wrong. Why does this:
> > $text = preg_replace("/(.|\s)*?<\/head>/i" , "" , $text);
> >
> > throw this error:
> > syntax error at line 265, column 39:
> >   $text = preg_replace("/(.|\s)*?<\/head>/i" , "" 
> > , $text);
> > ==^
> >
> > It seems to be pointing to the 'e' is 'head'. Why? Thanks.
> 
> Why are you using regexes instead of strip_tags()?
> 
> --
> Matthew Weier O'Phinney   | WEBSITES:
> Webmaster and IT Specialist   | http://www.garden.org
> National Gardening Association| http://www.kidsgardening.com
> 802-863-5251 x156 | http://nationalgardenmonth.org
> mailto:[EMAIL PROTECTED] | http://vermontbotanical.org
> 

I don't want to strip out all the tags, just certain ones. But the
problem turned out not to be in this peice of code- the script simply
wasn't parsing. I started another thread with that problem after
failing to fix it on my own.

Dotan
http://lyricslist.com/lyrics/pages/artist_albums.php/19/Adams%2C%20Bryan
Bryan Adams Lyrics

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[PHP] Re: stripping html tags

2005-06-05 Thread Matthew Weier O'Phinney
* Dotan Cohen <[EMAIL PROTECTED]>:
> I took this example from php.net, but can't figure out where I went
> wrong. Why does this:
> $text = preg_replace("/(.|\s)*?<\/head>/i" , "" , $text);
>
> throw this error:
> syntax error at line 265, column 39:
>   $text = preg_replace("/(.|\s)*?<\/head>/i" , "" , 
> $text);
> ==^
>
> It seems to be pointing to the 'e' is 'head'. Why? Thanks.

Why are you using regexes instead of strip_tags()?

-- 
Matthew Weier O'Phinney   | WEBSITES:
Webmaster and IT Specialist   | http://www.garden.org
National Gardening Association| http://www.kidsgardening.com
802-863-5251 x156 | http://nationalgardenmonth.org
mailto:[EMAIL PROTECTED] | http://vermontbotanical.org

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php