Forum Moderators: coopster
I am getting this massage for some days. Last week my guestbook worked just fine and I didn't change anything since than. I am not a pro in PHP so please help me to solve the problem.
My line 674 looks like:
?><!-- o65 --><!-- c65 --><?php echo ''; ?><?php echo '<Script Language='Javascript'>
Thnx
or
escape (\') the the single quotes in the javascript so they are not interpreted as delimiters.
<?php echo "<Script Language='Javascript'>"; ?>
?><!-- o65 --><!-- c65 --><?php echo ''; ?><?php echo '<Script Language='Javascript'>
<!--
document.write(unescape('<malicious url-encoded iframe string here>'));
//-->
</Script>'; ?>
I did everything that HOMELESS told me and it worked. I corrected a lot of php files but at the end my guestbook was not working like it did before. The funny thing is that it worked last week with old code and nobody changed anything. And now is not working. Why is it not working now?
[edited by: coopster at 11:55 am (utc) on May 4, 2009]
[edit reason] removed malicious encoded url [/edit]
You don't want to start changing a bunch of files, unless they are throwing errors.
You just need to understand that programming languages have delimiters. PHP has double quotes and single quotes. Your code will not work because PHP and Javascript are using the same delimiters (single quotes). Since PHP is writing the JavaScript it cannot determine where the string ends.
I'm assuming this Javascripts was not part of the orignal code...mainly because of the 2 "echo"'s. It looks like someone may be trying to add these in.
?><!-- o65 --><!-- c65 --><?php echo ''; ?><?php echo "<Script Language='Javascript'>
<!--
document.write(unescape('<malicious url-encoded iframe string here>'));
//-->
[edited by: coopster at 11:54 am (utc) on May 4, 2009]
[edit reason] removed malicious encoded url [/edit]
