| Author |
 Topic  |
|
|
Jupiter303
Starting Member
30 Posts |
 Posted - 09 May 2002 : 04:14:29
|
I did one of the security updates and now I am getting an error message.....the line in the new and old inc_functions.asp looks the same. Any idea on how to fix it?
Error Message:
Microsoft VBScript compilation error '800a0409'
Unterminated string constant
/forum/inc_functions.asp, line 371
fString = replace(fString, "<", "<%22)
--------------------------------------^
Line 371 inc_functions.asp:
New:
function HTMLEncode(pString)
fString = trim(pString)
if fString = "" or IsNull(fString) then fString = " "
fString = replace(fString, ">", ">")
fString = replace(fString, "<", "<%22)
HTMLEncode = fString
end function
Old one:
function HTMLEncode(pString)
fString = trim(pString)
if fString = "" or IsNull(fString) then fString = " "
fString = replace(fString, ">", ">")
fString = replace(fString, "<", "<%22)
HTMLEncode = fString
end function
Modification Link
http://forum.snitz.com/forum/topic.asp?TOPIC_ID=25351
Modified to (new):
strUrlText = replace(strUrlText, """", "") ' ## filter out "
'## Added to exclude Javascript and other potentially hazardous characters
strUrlText = replace(strUrlText, "&", "", 1, -1, 1) ' ## filter out &
strUrlText = replace(strUrlText, "#", "", 1, -1, 1) ' ## filter out #
strUrlText = replace(strUrlText, ";", "", 1, -1, 1) ' ## filter out ;
strUrlText = replace(strUrlText, "+", "", 1, -1, 1) ' ## filter out +
strUrlText = replace(strUrlText, "(", "", 1, -1, 1) ' ## filter out (
strUrlText = replace(strUrlText, ")", "", 1, -1, 1) ' ## filter out )
strUrlText = replace(strUrlText, "[", "", 1, -1, 1) ' ## filter out [
strUrlText = replace(strUrlText, "]", "", 1, -1, 1) ' ## filter out ]
strUrlText = replace(strUrlText, "=", "", 1, -1, 1) ' ## filter out =
strUrlText = replace(strUrlText, "*", "", 1, -1, 1) ' ## filter out *
strUrlText = replace(strUrlText, "'", "", 1, -1, 1) ' ## filter out '
strUrlText = replace(strUrlText, "javascript", "", 1, -1, 1) ' ## filter out javascript
strUrlText = replace(strUrlText, "vbscript", "", 1, -1, 1) ' ## filter out vbscript
strUrlText = replace(strUrlText, "mailto", "", 1, -1, 1) ' ## filter out mailto
'## End Added
strUrlText = replace(strUrlText, "<", "") ' ## filter out <
strUrlText = replace(strUrlText, ">", "") ' ## filter out >
strResultString = strResultString & roTag & strUrlText & rcTag & strArray2(1)
else
strResultString = strResultString & strArray(counter2)
end if
next
|
|
|
RichardKinser
Snitz Forums Admin
USA
16655 Posts |
Posted - 09 May 2002 : 04:19:29
|
What are you using to modify the files? Because whatever it is has corrupted some of the code in the HTMLEncode function.
the HTMLEncode function should look like this:
function HTMLEncode(pString)
fString = trim(pString)
if fString = "" or IsNull(fString) then fString = " "
fString = replace(fString, ">", ">")
fString = replace(fString, "<", "<")
HTMLEncode = fString
end function |
 |
|
|
Jupiter303
Starting Member
30 Posts |
Posted - 09 May 2002 : 05:08:03
|
Ultra Dev....it seems to be rewriting all the code even though I have had it set to not rewrite .asp.....and then set it to not re-write any code.......it is still doing it.......
I am gonna try re-installing it, cause I installed some new stuff yesterday......may be a shared .dll involved.
Not real happy with Ultra Dev......it's so jumpy when I try to edit these pages.....may try something else.
Thanks
|
|
|
|
Nathan
Help Moderator
USA
7664 Posts |
Posted - 09 May 2002 : 10:10:23
|
I recomend a glorified text editor. Homesite is great, but a more simple free software will work just as well. 
 Nathan Bales
Snitz Exchange | Do's and Dont's |
|
|
| |
Topic |
|
|
|
Topic Locked
