I have an enquiry form on an old HTML website, this was working fine with an old version of PHP. The problem now is the Function eregi() which forms part of the code is deprecated in all new versions of PHP.
I won't pretend I understand how this works! :)
Here's the existing code below - this contains the eregi() bit:
// check for any human hacking attempts
class clean {
function comments($message) {
$this->naughty = false;
$this->message = $message;
$bad = array("content-type","bcc:","to:","cc:","href");
$for = array( "\r", "\n", "
", "
");
foreach($bad as $b) {
if(eregi($b, $this->message)) {
$this->naughty = true;
}
}
$this->message = str_replace($bad,"#removed#", $this->message);
$this->message = stripslashes(str_replace($for, ' ', $this->message));
// check for HTML/Scripts
$length_was = strlen($this->message);
$this->message = strip_tags($this->message);
if(strlen($this->message) < $length_was) {
$this->naughty = true;
}
}
} // class
After Googling I'm guessing I need to replace the eregi() bit with preg_match?
I have no idea where to put this in the above code for it to work?
Does anybody have any ideas?
Thanks in advance, kind regards
Brian
CodePudding user response:
The eregi function in your example is only used for a simple string comparison. You can simply replace it with a stripos:
if (stripos($this->message, $b) !== false) {
$this->naughty = true;
}
CodePudding user response:
Use it like this
class clean {
function comments($message) {
$this->naughty = false;
$this->message = $message;
$bad = array("content-type","bcc:","to:","cc:","href");
$for = array( "\r", "\n", "
", "
");
foreach($bad as $b) {
if (preg_match("/$b/i", $this->message)) {
$this->naughty = true;
} else {
//comment does not contain that string.
}
//if(eregi($b, $this->message)) {
//$this->naughty = true;
//}
}
$this->message = str_replace($bad,"#removed#", $this->message);
$this->message = stripslashes(str_replace($for, ' ', $this->message));
// check for HTML/Scripts
$length_was = strlen($this->message);
$this->message = strip_tags($this->message);
if(strlen($this->message) < $length_was) {
$this->naughty = true;
}
}
}
CodePudding user response:
I only found the Romanian page of the documentation for eregi
, which seems to say that it's been deprecated since PHP 5.3 and removed in 7.0.
As its purpose is to perform a case insensitive regular expression check you can replace it with preg_match()
with the i
flag (which stands for "case insensitive"):
if (preg_match(sprintf('~%s~i', $b), $this->message) === 1) {
// ...
}
But as @tino.codes answered, using a function like stripos()
will be sufficient.