HTML tags in guestbook entries

[jennie]

I would like to use HTML tags in guestbood entries.

How should I modify the code?

Thank you in advance! [/b]

[Klemen]

I strongly advise you NOT to even try doing that as it would open the door to many potential security risks. There are many reasons why HTML tags aren't allowed in guestbooks and similar scripts, strating with XSS attacks and many more.

[Henrie]

How about just some style tags like in mboard or something like bbcode in this forum, would that be safe?
I myself would like to have the possibility for bold, italic and underscored text and for lists and url links.

[Klemen]

Yes, bold italic and underlined would be considered safe, but from my experience they are more abused (for self-promotion of posters) than actually needed in a guestbook which is only meant for posting comments about a site and not discussion.

I might add those to the next release, the code already works in MBoard.

[Guest]

sorry to be frank on the matter, but why bother with all that s...e concerning html tags, absolute pointless, well you can,. if you desire something like your hard drive being wiped, and yes it can be done


signed

a drunken fruitbeard

[Jennie]

Thank you for all the replies

How about the BBCode like links to be actived in the GuestBook?
How to make this happen?

Thank you very much.

[Henrie]

Because i would like to have these options too, i have looked at the code in MBoard and used it in gbook. This is how i have done it.

Automatically convert url
Automatically convert www.site.com and http://www.site.com in posts to clickable url's.

To do this you have to modify the gbook.php file.

At line 304 (before the line function processsmileys($text) { ) insert the following code:

Code: Select all

function MakeUrl($strUrl)
{
$strText = ' ' . $strUrl;
$strText = preg_replace("#(^|[\n ])([\w]+?://[^ \"\n\r\t<]*)#is", "$1<a href=\"$2\" target=\"_blank\" rel=\"nofollow\">$2</a>", $strText);
$strText = preg_replace("#(^|[\n ])((www|ftp)\.[^ \"\t\n\r<]*)#is", "$1<a href=\"http://$2\" target=\"_blank\" rel=\"nofollow\">$2</a>", $strText);
$strText = preg_replace("#(^|[\n ])([a-z0-9&\-_.]+?)@([\w\-]+\.([\w\-\.]+\.)*[\w]+)#i", "$1<a href=\"mailto:$2@$3\" rel=\"nofollow\">$2@$3</a>", $strText);
$strText = substr($strText, 1);
return($strText);
}

At line 418 (before line $comments_nosmileys=$comments; ) insert

Code: Select all

$comments = MakeUrl($comments);

Find line 423:
$comments = wordwrap($comments,$settings['max_word'],'<br>',1);
And change it to the following (a space instead of <br>):
$comments = wordwrap($comments,$settings['max_word'],' ',1);
This is not part of the code, but if you don't change it the possibility exists that a <br> is inserted inside the link code and thereby breaks the code.

This should do the trick to convert urls from simple text strings to clickable links.



Insert styled text
Inserting styled text can be done by implementing the following code in gbook.php . This will give functions to create bold, italic and underlined text.

At line 203 insert (after line <input type="hidden" name="private" value="<?php echo $isprivate; ?>">
and before line <input type="hidden" name="nosmileys" value="<?php echo $_REQUEST['nosmileys']; ?>"> )

Code: Select all

<input type="hidden" name="nostyled" value="<?php echo $_REQUEST['nostyled']; ?>">

At line 304 (after line } // END confirmViewPrivate ) insert

Code: Select all

function styledText($strText)
{
$strText = preg_replace("/\[B\](.*?)\[\/B\]/i","<B>$1</B>",$strText);
$strText = preg_replace("/\[I\](.*?)\[\/I\]/i","<I>$1</I>",$strText);
$strText = preg_replace("/\[U\](.*?)\[\/U\]/i","<U>$1</U>",$strText);
return($strText);
}

At line 424 (after line $comments = wordwrap($comments,$settings['max_word'],'<br>',1); and before line if ($settings['smileys'] == 1 && $_REQUEST['nosmileys'] != "Y") {$comments = processsmileys($comments);} ) insert

Code: Select all

if ($_REQUEST['nostyled'] != "Y") {$comments=styledText($comments);}

In line 527 <textarea name="comments" rows="9" cols="50"></textarea><?php
insert an emptly line at the point right before <?php . The line should now look like
<textarea name="comments" rows="9" cols="50"></textarea>

<?php
.
Now insert the following code at the empty line you just created.

Code: Select all

<br>Insert styled text: <a href="Javascript:insertspecial('B')"><b>Bold</b></a> |
<a href="Javascript:insertspecial('I')"><i>Italic</i></a> |
<a href="Javascript:insertspecial('U')"><u>Underlined</u></a><br>
<input type="checkbox" name="nostyled" value="Y"> Disable styled text</p>

At line 630 (after line <link href=\"style.css\" type=\"text/css\" rel=\"stylesheet\"> and before line </head> ) insert

Code: Select all

<script language=\"Javascript\" src=\"javascript.js\" type=\"text/javascript\"><!-- //--></script>

These are all the changes in the gbook.php file.

Now create a new plain text file (with notepad or something like that, but not an advanced text-editor like Word because they to often add extra code to the file) and paste the following code in it:

Code: Select all

function insertspecial(tag) {
var space=" ";
var text=prompt("Type text you wish to enter:","");
if (text != null)
	{
	var text_to_insert = space+'['+tag+']'+text+'[/'+tag+']'+space;	
	insertAtCursor(document.form.comments, text_to_insert);
	}
document.form.comments.focus();
}

function insertAtCursor(myField, myValue) {
if (document.selection) {
myField.focus();
sel = document.selection.createRange();
sel.text = myValue;
}
else if (myField.selectionStart || myField.selectionStart == '0') {
var startPos = myField.selectionStart;
var endPos = myField.selectionEnd;
myField.value = myField.value.substring(0, startPos)
+ myValue
+ myField.value.substring(endPos, myField.value.length);
} else {
myField.value += myValue;
}
}

And save this file with the name javascript.js. Make sure the name is all lowercase otherwise you could get an error on your webserver. Also make sure no .txt extension is added to the filename, if it is added remove it.

This should give posters the possibility to include bold, italic and underlined text in their posts.

Don't ask me to explain it any clearer because i can't. If you can't get it to work wait for the next version of GBook, this function possibly will be part of it. Be aware that the line numbers mentioned are in a not modified gbook.php file. If the file has been changed, the line numbers may be different.

Greetings,
Henrie

[Guest]

Henrie:
Thank you so much and I am going to try it.

Jennie

[Jennie]

Henrie:
Thank you so much and I am going to try it.

Jennie

[Guest]

Hi guys, i'm kind of stuck on something,

It's to do with the html characters in the text fields !!!!


http://www.fgps.com/keith/

GuestBook is under the title of Visitor's Notepad.
I have set the settings to allow multiple submissions temporarily while i undertake extensive testing things.

But anyway, the problem is, that when i enter a special character in firefox, it always puts it after the one before, as if you were typing normally,(which is what i desire).

But in IE, it does this the other way round, so your new word is at the beginning of all of what you have input, rather than at the end.(Not what I desire).

If you look you will notice i used a layer rather than that horrible javascript pop up window( well i dont like it anyhow).

in my layer i have a form and a text field

<form action="" method="post" name="formPUT" id="formPUT">
<input name="inputter" type="text" class="GUEST_INPUT_FIELDS" id="inputter">
</form>

This is relevant to the javascript code.

function insertspecial(tag) {
var space=" ";
var text=document.formPUT.inputter.value;
if (text != null)
{
var text_to_insert = space+'['+tag+']'+text+'[/'+tag+']';
insertAtCursor(document.form.comments, text_to_insert);
}
document.form.comments.focus();
}

function insertAtCursor(myField, myValue) {
if (document.selection) {
myField.focus();
sel = document.selection.createRange();
sel.text = myValue;
}
else if (myField.selectionStart || myField.selectionStart == '0') {
var startPos = myField.selectionStart;
var endPos = myField.selectionEnd;
myField.value = myField.value.substring(0, startPos)
+ myValue
+ myField.value.substring(endPos, myField.value.length);
} else {
myField.value += myValue;
}
}

Maybe this isnt the place for this, but it really is gripping my (can't say)

Thank You for even looking, i do like the way phbb has done it, maybe i shall try and do that at some point.

FruitBeard

[Henrie]

Hi Fruitbeard,

I have copied your code to my computer and played around a little.
It seems that because the layer is in the same page the comments textarea loses focus when you type a message in the inputter text field.
From my test it seems that Internet Explorer does not remember the place the focus was on and when you give document.form.comments.focus(); it puts it at first character of the comments textarea. Firefox (and Opera) put the focus in the comments textarea back where it was before focus was lost (and that is what we want).
I don't know if this behaviour of internet explorer can be changed with some code but at least now you know what the problem is and maybe find a solution for it

Greetings,
Henrie

PS. I really like the the way you designed this function (how you use one textfield and place the code by pressing on the style key). Can I copy this for my page?

[Guest]

Thank You Henrie

for at least lookiing and helping me figure it out in a way.

Yes, my friend, you can use anything you feel you wish to use.

FruitBeard

[Guest]

HI, I couldnt get my head around the fact that IE was losing focus, so i scrapped the layer and had my new window pop up like the smiley window,
also added some more html tags to it.


well i like it, so nah nah nah.

FruitBeard

http://www.fgps.com/keith/

found under insert styled text