Closed ixodcom closed 4 years ago
video http://screencast-o-matic.com/watch/conZhGeEBJ
error page http://screencast.com/t/ta4Yfp24
this is the code I put in the link field:
<!-Local Time Clock widget - HTML code - localtimes.info --><div align="center" style="margin:15px 0px 0px 0px;background:#000000;width:200px;padding:12px"><noscript><div align="center" style="width:140px;border:1px solid #ccc;background:#fff ;color: #fff ;font-weight:bold"><a style="padding:2px 1px;margin:2px 1px;font-size:12px;line-height:16px;font-family:arial;text-decoration:none;color:#000" href="http://localtimes.info">World Time </a></div></noscript><script type="text/javascript" src="http://localtimes.info/world_clock.php?widget_number=11001&cp3_Hex=FF0000&cp2_Hex=000000&cp1_Hex=FFFFFF"></script></div><!-end of code-->
PHP notice Use of undefined constant MCRYPT_DEV_URANDOM - assumed 'MCRYPT_DEV_URANDOM' /var/www/html/protected/vendors/Codeigniter/CI_Security.php(568) 556 * 557 * @param int $length Output length 558 * @return string 559 */ 560 public function get_random_bytes($length) 561 { 562 if (empty($length) OR ! ctype_digit((string) $length)) 563 { 564 return FALSE; 565 } 566 567 // Unfortunately, none of the following PRNGs is guaranteed to exist ... 568 if (defined(MCRYPT_DEV_URANDOM) && ($output = mcrypt_create_iv($length, MCRYPT_DEV_URANDOM)) !== FALSE) 569 { 570 return $output; 571 } 572 573 574 if (is_readable('/dev/urandom') && ($fp = fopen('/dev/urandom', 'rb')) !== FALSE) 575 { 576 $output = fread($fp, $length); 577 fclose($fp); 578 if ($output !== FALSE) 579 { 580 return $output; Stack Trace #0 – /var/www/html/protected/vendors/Codeigniter/CI_Security.php(543): CI_Security->get_random_bytes(16) 538 */ 539 public function xss_hash() 540 { 541 if ($this->_xss_hash === NULL) 542 { 543 $rand = $this->get_random_bytes(16); 544 $this->_xss_hash = ($rand === FALSE) 545 ? md5(uniqid(mt_rand(), TRUE)) 546 : bin2hex($rand); 547 } 548 #1 – /var/www/html/protected/vendors/Codeigniter/CI_Security.php(921): CI_Security->xss_hash() 916 */ 917 protected function _decode_entity($match) 918 { 919 // Protect GET variables in URLs 920 // 901119URL5918AMP18930PROTECT8198 921 $match = preg_replace('|\&([a-z\_0-9\-]+)\=([a-z\_0-9\-/]+)|i', $this->xss_hash().'\\1=\\2', $match[0]); 922 923 // Decode, then un-protect URL GET vars 924 return str_replace( 925 $this->xss_hash(), 926 '&', #2 unknown(0): CI_Security->_decode_entity(array("<div align="center" style="margin:15px 0px 0px 0px;background:#0...")) #3 – /var/www/html/protected/vendors/Codeigniter/CI_Security.php(377): preg_replace_callback("/<\w+.*/si", array(Security, "_decode_entity"), "<!-Local Time Clock widget - HTML code - localtimes.info --><div...") 372 * This permits our tests below to work reliably. 373 * We only convert entities that are within tags since 374 * these are the ones that will pose security problems. 375 */ 376 $str = preg_replace_callback("/[^a-z0-9>]+[a-z0-9]+=([\'\"]).*?\\1/si", array($this, '_convert_attribute'), $str); 377 $str = preg_replace_callback('/<\w+.*/si', array($this, '_decode_entity'), $str); 378 379 // Remove Invisible Characters Again! 380 $str = remove_invisible_characters($str); 381 382 /* #4 – /var/www/html/protected/vendors/Codeigniter/CI_Security.php(345): CI_Security->xss_clean("<!-Local Time Clock widget - HTML code - localtimes.info --><div...") 340 // Is the string an array? 341 if (is_array($str)) 342 { 343 while (list($key) = each($str)) 344 { 345 $str[$key] = $this->xss_clean($str[$key]); 346 } 347 348 return $str; 349 } 350 #5 – /var/www/html/protected/vendors/Codeigniter/CI_Security.php(345): CI_Security->xss_clean(array("title" => "bug", "description" => "", "href" => "<!-Local Time Clock widget - HTML code - localtimes.info --><div...", "sort_order" => "")) 340 // Is the string an array? 341 if (is_array($str)) 342 { 343 while (list($key) = each($str)) 344 { 345 $str[$key] = $this->xss_clean($str[$key]); 346 } 347 348 return $str; 349 } 350 #6 – /var/www/html/protected/extensions/CmsInput.php(106): CI_Security->xss_clean(array("CSRF_TOKEN" => "686003aa836d351e0960445c2ad37e5dc77b624b", "Link" => array("title" => "bug", "description" => "", "href" => "<!-Local Time Clock widget - HTML code - localtimes.info --><div...", "sort_order" => ""), "yt0" => "Save"), false) 101 * @param bool $isImage 102 * @return 103 */ 104 public function xssClean($str, $isImage=false) 105 { 106 return $this->getSecurity()->xss_clean($str, $isImage); 107 } 108 109 /** 110 * CmsInput::stripTags() 111 * #7 – /var/www/html/protected/extensions/CmsInput.php(167): CmsInput->xssClean(array("CSRF_TOKEN" => "686003aa836d351e0960445c2ad37e5dc77b624b", "Link" => array("title" => "bug", "description" => "", "href" => "<!-Local Time Clock widget - HTML code - localtimes.info --><div...", "sort_order" => ""), "yt0" => "Save")) 162 * @param mixed $str 163 * @return 164 */ 165 public function stripClean($str) 166 { 167 return $this->stripTags($this->xssClean($str)); 168 } 169 170 /** 171 * CmsInput::encode() 172 * #8 – /var/www/html/protected/modules/linklist/controllers/LinklistController.php(246): CmsInput->stripClean(array("CSRF_TOKEN" => "686003aa836d351e0960445c2ad37e5dc77b624b", "Link" => array("title" => "bug", "description" => "", "href" => "<!-Local Time Clock widget - HTML code - localtimes.info --><div...", "sort_order" => ""), "yt0" => "Save")) 241 else if($this->accessLevel == 1 && $link->content->created_by != Yii::app()->user->id) { 242 throw new CHttpException(404, Yii::t('LinklistModule.base', 'You miss the rights to edit this link!')); 243 } 244 245 if (isset($_POST['Link'])) { 246 $_POST = Yii::app()->input->stripClean($_POST); 247 248 $link->attributes = $_POST['Link']; 249 $link->content->container = $this->contentContainer; 250 if ($link->validate()) { 251 $link->save(); #9 – /var/www/html/protected/vendors/yii/web/actions/CInlineAction.php(49): LinklistController->actionEditLink() 44 $controller=$this->getController(); 45 $method=new ReflectionMethod($controller, $methodName); 46 if($method->getNumberOfParameters()>0) 47 return $this->runWithParamsInternal($controller, $method, $params); 48 else 49 return $controller->$methodName(); 50 } 51 52 } #10 – /var/www/html/protected/vendors/yii/web/CController.php(308): CInlineAction->runWithParams(array("r" => "linklist/linklist/editLink", "link_id" => "-1", "category_id" => "3", "sguid" => "e124b231-2ad2-46db-ab55-adcaad1a736a")) 303 { 304 $priorAction=$this->_action; 305 $this->_action=$action; 306 if($this->beforeAction($action)) 307 { 308 if($action->runWithParams($this->getActionParams())===false) 309 $this->invalidActionParams($action); 310 else 311 $this->afterAction($action); 312 } 313 $this->_action=$priorAction; #11 – /var/www/html/protected/vendors/yii/web/filters/CFilterChain.php(133): CController->runAction(CInlineAction) 128 $filter=$this->itemAt($this->filterIndex++); 129 Yii::trace('Running filter '.($filter instanceof CInlineFilter ? get_class($this->controller).'.filter'.$filter->name.'()':get_class($filter).'.filter()'),'system.web.filters.CFilterChain'); 130 $filter->filter($this); 131 } 132 else 133 $this->controller->runAction($this->action); 134 } 135 } #12 – /var/www/html/protected/vendors/yii/web/filters/CFilter.php(40): CFilterChain->run() 35 */ 36 public function filter($filterChain) 37 { 38 if($this->preFilter($filterChain)) 39 { 40 $filterChain->run(); 41 $this->postFilter($filterChain); 42 } 43 } 44 45 /** #13 – /var/www/html/protected/vendors/yii/web/CController.php(1145): CFilter->filter(CFilterChain) 1140 */ 1141 public function filterAccessControl($filterChain) 1142 { 1143 $filter=new CAccessControlFilter; 1144 $filter->setRules($this->accessRules()); 1145 $filter->filter($filterChain); 1146 } 1147 1148 /** 1149 * Returns a persistent page state value. 1150 * A page state is a variable that is persistent across POST requests of the same page. #14 – /var/www/html/protected/vendors/yii/web/filters/CInlineFilter.php(58): CController->filterAccessControl(CFilterChain) 53 * @param CFilterChain $filterChain the filter chain that the filter is on. 54 */ 55 public function filter($filterChain) 56 { 57 $method='filter'.$this->name; 58 $filterChain->controller->$method($filterChain); 59 } 60 } #15 – /var/www/html/protected/vendors/yii/web/filters/CFilterChain.php(130): CInlineFilter->filter(CFilterChain) 125 { 126 if($this->offsetExists($this->filterIndex)) 127 { 128 $filter=$this->itemAt($this->filterIndex++); 129 Yii::trace('Running filter '.($filter instanceof CInlineFilter ? get_class($this->controller).'.filter'.$filter->name.'()':get_class($filter).'.filter()'),'system.web.filters.CFilterChain'); 130 $filter->filter($this); 131 } 132 else 133 $this->controller->runAction($this->action); 134 } 135 } #16 – /var/www/html/protected/vendors/yii/web/CController.php(291): CFilterChain->run() 286 $this->runAction($action); 287 else 288 { 289 $priorAction=$this->_action; 290 $this->_action=$action; 291 CFilterChain::create($this,$action,$filters)->run(); 292 $this->_action=$priorAction; 293 } 294 } 295 296 /** #17 – /var/www/html/protected/vendors/yii/web/CController.php(265): CController->runActionWithFilters(CInlineAction, array("accessControl")) 260 { 261 if(($parent=$this->getModule())===null) 262 $parent=Yii::app(); 263 if($parent->beforeControllerAction($this,$action)) 264 { 265 $this->runActionWithFilters($action,$this->filters()); 266 $parent->afterControllerAction($this,$action); 267 } 268 } 269 else 270 $this->missingAction($actionID); #18 – /var/www/html/protected/vendors/yii/web/CWebApplication.php(282): CController->run("editLink") 277 { 278 list($controller,$actionID)=$ca; 279 $oldController=$this->_controller; 280 $this->_controller=$controller; 281 $controller->init(); 282 $controller->run($actionID); 283 $this->_controller=$oldController; 284 } 285 else 286 throw new CHttpException(404,Yii::t('yii','Unable to resolve the request "{route}".', 287 array('{route}'=>$route===''?$this->defaultController:$route))); #19 – /var/www/html/protected/vendors/yii/web/CWebApplication.php(141): CWebApplication->runController("linklist/linklist/editLink") 136 foreach(array_splice($this->catchAllRequest,1) as $name=>$value) 137 $_GET[$name]=$value; 138 } 139 else 140 $route=$this->getUrlManager()->parseUrl($this->getRequest()); 141 $this->runController($route); 142 } 143 144 /** 145 * Registers the core application components. 146 * This method overrides the parent implementation by registering additional core components. #20 – /var/www/html/protected/vendors/yii/base/CApplication.php(180): CWebApplication->processRequest() 175 public function run() 176 { 177 if($this->hasEventHandler('onBeginRequest')) 178 $this->onBeginRequest(new CEvent($this)); 179 register_shutdown_function(array($this,'end'),0,false); 180 $this->processRequest(); 181 if($this->hasEventHandler('onEndRequest')) 182 $this->onEndRequest(new CEvent($this)); 183 } 184 185 /** #21 – /var/www/html/index.php(39): CApplication->run() 34 Yii::import('application.vendors.*'); 35 EZendAutoloader::$prefixes = array('Zend', 'Custom'); 36 Yii::import("ext.yiiext.components.zendAutoloader.EZendAutoloader", true); 37 Yii::registerAutoloader(array("EZendAutoloader", "loadClass"), true); 38 39 $app->run(); 2015-02-24 05:55:40 Apache/2.4.7 (Ubuntu) Yii Framework/1.1.15
video http://screencast-o-matic.com/watch/conZhGeEBJ
error page http://screencast.com/t/ta4Yfp24
this is the code I put in the link field: