Icy Phoenix

Could anybody please tell me how to ad a web tag to the bbcode list so I can post web pages within a post.
On my other portal system that I want to convert to Icy I have the feature which includes the below tags, but obviously doesn't work on Icy as its not included


Cheers
Karl

There's something in the docs about how to add bbcode tags etc - might not be anything specific to what you actually want to do? But I do know one thing, and that's Icy Phoenix doesn't use the standard phpBB bbcode script.

I've looked at how the Icy bbcode is applied - if you get stuck - yell out, and I may be able to help!

Edit:

Thinking about this after a couple of beers!

[web height=#]Page URL[/web] ?

Page Url would have to equate to <iframe src="Page URL" width X height etc, with the no-scrolling attribute applied or something very similar.?

Because I can't see how else one could import a url and open it in the text area - Unless I'm missing something?

And from what I've read here - Icy Phoenix has no provision to allow <iframes. - In fact it appears they are dead set against it and don't cater or allow for it.

Could be wrong - But that's how I read it!

The feature is used on integramod 2.
I was going to stick with them as have done since 06 i wanted to upgrade but integramod 3 has been in Beta for so long now and the actual download is deactivated due to upgrading or something, Ive been weighting about 2 years to up grade so had to make a decision and now here, its a shame as helter skelter on there works seriously hard and been a great help over the years

The web tags are a really useful tool as it means members don't navigate away from your site, ill have a nosy see what I can find..

Thanks for your input

Below is a pic of how it looks when you post a web page, if its not possible Ill seriously miss this feature as we use it a lot..

actualy, the new long awaited Icy version( svn at the moment), includes an personalized BBcode option.

something like PhpBB

@batman.

It does look useful!

Stand by because I think I can run something to test if this is going to work with Icy Phoenix?






I think!

Look forward to it cheers

Took 20 minutes - -

BINGO!

Have a play with this using the [flash] tags, see what you can come up with as the best optimal sizes etc, then it can be written up with its own bbcode script.

Find in includes/bbcode.php



A couple of links that will help.

CUSTOMIZATION - Adding Video BBCode And Buttons To The Editor.

http://www.icyphoenix.com/viewtopic.php?p=44061#p44061


Though this one advocates NO IFRAMES - It appears it's directed at adding script in iframes to the text area, rather than just linking.

BBCODE - CUSTOMIZATION - DANGEROUS - How To Allow IFRAME And Full HTML Parsing

http://www.icyphoenix.com/viewtopic.php?p=17045#p17045


Demo Pic.

Cheers ill have a nosy at that tomorrow

Hehehe!

I'm not doing much at the moment, so I'll probably have it written up by the time you get to it.

Will let you know.

Instead of modifying the flash bbcode (which may lead to errors while using the TRUE flash tag for real flash content), why not simply add a new bbcode or upgrade your version in order to use the " custom bbcodes " available ?

Yros wrote: [View Post]

Instead of modifying the flash bbcode (which may lead to errors while using the TRUE flash tag for real flash content), why not simply add a new bbcode or upgrade your version in order to use the " custom bbcodes " available ?

Yros,

It wasn't intended to modify the Flash Code, it was ONLY used as an example to see if Icy Phoenix would parse <iframes.

I've asked MG for some help because I'm having trouble parsing any changes I make to pop-up prompts by way of width and height.

It doesn't matter how I add the variables or change the arrays in bbcode.php - They parse into the post, but I cannot get the changes to parse into the db with the string changes.

And I've just realised that I was ONLY Previewing them - Damn, maybe that's the problem!

Anyway - I'm open to any suggestions if anyone wants to add the extra code here while I'm trying to sort out bbcode.php.

This all works - But it's hard-code for height and width - That's what needs fixing!



Edit 1:

Well It's working in a fashion as I can adjust the width but not the height. Time to give it a break for a while I think.

But don't let that stop anyone who knows more than I do (Which is not much) from helping with this.

Edit 2:

This is the problem - [web width=450 height=450]http://www.gifbin.com[/web]

If I change either value above 450, the whole thing stuffs up - What's holding it down and where it is - I have not got a clue at this moment.



Edit 3:

This appears to be the maximum....

Anyone happy with that?

[web width=600 height=450]http://www.gifbin.com[/web]


But if I hard-code it with this - width="800" height="600" - That's what you get! Though 700x700 fits better.

Hi all,
Honestly I would not add such a BBCode unless in some way restricted to administrators or people you are trusting blindly.

The reason is that you can add almost anythin in an IFRAME even evil scripts which could harm your visitors... I wouldn't risk that honestly.

In dev version of Icy Phoenix it should be easier get what you need because I have coded (I hope properly, but not fully tested so far) an option to allow HTML to administrators... anyway, you are asking something for the old version.

Before going on in helping you I would like you to confirm that you are aware of the risks you are going to face...

Hi MG,

I could always add the code to it <!-- IF S_ADMIN This <iframes code - <!-- Else Nothing etc or maybe echo ADMIN ONLY TAGS! etc, etc.



Maybe add S_ADMIN_MOD too


All in php of course - not constants.

Edit:

I think that this should do it:



I also think I'll settle on this as the maximum because it's adjustable and it should be big enough!

[web width=600 height=450]http://www.mysite.com[/web]

Unfortunately it would not be that easy... I know it's tricky, I've dealt with it in the past.

You know what will be the result of your code? Everyone could insert IFRAMES but only admins will get thet when they visit the topic... and it is not what we wants.

We need to check the permission when adding the BBCode to DB and then display to all users... we just need to check that who added the content had the right permission for doing that.

Anyway, the topic you linked "BBCODE - CUSTOMIZATION - DANGEROUS - How To Allow IFRAME And Full HTML Parsing" should do the job properly (you can call it WEB if you don't like IFRAME, but the result is the same).

If you now just need help with the JS to add also Width and Height parameters, I'll have a look and report back.

Don't know MG?

As an unauthorised logged-in person trying to hack the web tags.

If I quote Admin.

Admin wrote: [View Post]

[web width=600 height=450]http://www.mysite.com[/web]

And strip the quote as well.

[web width=600 height=450]http://www.mysite.com[/web]


All I get in the post is.

Admin wrote: [View Post]
http://www.mysite.com

http://www.mysite.com

If I change the quoted url to:

[web width=600 height=450]http://www.hotscripts.com/category/cgi-perl/scripts-programs/[/web]


All I get in the post is.

Admin wrote: [View Post]
http://www.hotscripts.com/category/cgi-perl/scripts-programs/


If I click the [web button as a user (Which can be hidden anyway with <!-- IF S_blah blah in the .tpl file.) and try to add the [web tags

All I get in return for the post is.

http://www.hotscripts.com/category/cgi-perl/scripts-programs/

So I can't see how it's going to parse the <iframe html into the code tags when I'm anything other than an ADMIN or MOD.

MG wrote: 

You know what will be the result of your code? Everyone could insert IFRAMES but only admins will get thet when they visit the topic... and it is not what we wants.

I tried that too with the user both adding tags and quoting Admin.

When the "User" posts or quotes the [web tags, they are invalid because he or she can't call the $html to add the <iframes whether it's quoted or not?

Am I missing something?

Oh oh - Unless it's because I'm using 127.0.0.1 and being denied - but I have no way to test that live!

Maybe I didn't explain properly.

I'm referring to this part:

mort wrote: [View Post]

I think that this should do it:

Code: [Hide] [Select]

Code: [Show]

elseif ($tag === 'web' && (($userdata['user_level'] == ADMIN) || ($userdata['user_level'] == MOD)))
{
$html = '<iframe src="' . $content . '" width="' . $width . '" height="' . $height . '" marginwidth="0" marginheight="0" frameborder="0" scrolling="yes"></iframe>';
}

Your code checks the permission with $userdata, but $userdata in bbcode.php just contains current user permission, and bbcode.php is not checking if the content is going to be added to DB or not... it just checks the level of the user viewing the parsed text.

Maybe an example will help.

If ME as an admin I add the [web]URL[/web] code, the code will be processed and shown to myself... but when a normal user try to display the post, when bbcode parses the text it checks against userdata, that means that the user won't see the content because it is not an admin... I don't know if you get my point.

On the opposite, if a normal user post the [web]URL[/web] tags, then only admins will be able to display that, not normal users... this is still leading to security issues, because any user can still inject HTML code and attack any admin or moderator who are able to display the code properly.

Instead of working on bbcode.php, you should instead work at a posting level, checking then which is the level of the user posting such a content, and remove or sanitize the unwanted tags at that stage... because it's only at that point that you can tell if the user is allowed to post such kind of content or not...

If you have a chance to test latest dev version of Icy Phoenix, there is a new option in ACP where you can allow administrators to add HTML to posts, and I'm confident that it is quite safe, because it checks the permissions when posting, and not when viewing. This just means that if a user has admin rights, can post HTML and it will be added to DB as HTML code... if the user is not an admin, any new post or post edit (because you have also to deal with post editing!) will be sanitized against any HTML markup and it will be shown as it is just text and not HTML.

Sorry, but it's tough for me trying to explain this, because it's not an easy matter.

Anyway if it is still not clear (or if I misunderstood your post), I can try to explain again.

I understand what you're saying and I knew that there was still a problem with permissions, but I was so tired last night I couldn't think back through it and rationalise it.



@ batman

There you go my friend - read the changes here from the "original" script to make the height and width work with vars if required - Use it at your own risk - Maybe a dedicated forum with only Admin / Mod permissions to post iframes etc. Or wait until the release of the next version of Icy Phoenix.

I also think that this thread can be marked solved.

But a least it got a workout!

@ MG,

I will have a look at the dev version - only if I don't have to go and get it from SVN. Sooooooo, if you have a .zip available somewhere and hit me with a link to download it - That'd be nice.

mort wrote: [View Post]

I will have a look at the dev version - only if I don't have to go and get it from SVN. Sooooooo, if you have a .zip available somewhere and hit me with a link to download it - That'd be nice.

Give me a second, I will send you last SVN

here we go @mort


http://icy-mods.com/icy_new/icy_nuevo.zip

in english and spanish

gimme a shout when you got it, to delet the link

Mighty Gorgon wrote: [View Post]

Hi all,
Honestly I would not add such a BBCode unless in some way restricted to administrators or people you are trusting blindly.

The reason is that you can add almost anythin in an IFRAME even evil scripts which could harm your visitors... I wouldn't risk that honestly.

In dev version of Icy Phoenix it should be easier get what you need because I have coded (I hope properly, but not fully tested so far) an option to allow HTML to administrators... anyway, you are asking something for the old version.

Before going on in helping you I would like you to confirm that you are aware of the risks you are going to face...

That's not a problem at all as most just post the link. it would be ideal if a mod or admin could edit the post to set it as a web tag so viewers don't need to navigate away from the site.


I don't know whether this helps or not but this code from the BBcode Javascript 2 different files
bbcode_box.js



bbcode_box_a.js

@ batman.

Jeeeze mate, what are you doing with that last post of yours?


The damn thing is trying to load some microsoft stuff if one is using IE! Grrrrrrrrrrr!



Code tags mate and SPOILERS!

@ spydie and theSteffen - Thanks, I've got it.

small part of the last posted code by batman that made me edit this multiple times wthout succes:



more than this just was not there ...like it was n't enough already

Edit:
OOooh and batman ..please try to post properly as Mort already asked you

greetings,
.. your Hairdresser

Thanks for the edit Joshua203, i did put in code tags but didn't work for some reason

I can't see how the code is of any use anyway - it's like comparing apples and bananas.

Also - Back on-Topic:

You said back there you only wanted Admin's and Mods to be able to tag existing Url's?

It raises something interesting that I'm trying to get my head around and will have a look at - Not promising, because of the permissions to prevent users from exploiting it - as MG stated - ain't quite that easy.

 

Off Topic

:

Joshua wrote: 

greetings,
.. your Hairdresser

Hehehe! I think that means he's sharpening up the cut-throat razor - because he probably never cut hair in his life!

batman wrote: [View Post]

Thanks for the edit Joshua203, i did put in code tags but didn't work for some reason

Probably the character limit for posting was hit

EDIT:
@Mort ..hehehe I prefer not to explain the undertone of that joke

mort wrote: [View Post]

@ MG,

I will have a look at the dev version - only if I don't have to go and get it from SVN. Sooooooo, if you have a .zip available somewhere and hit me with a link to download it - That'd be nice.

Guys, there is no need to create a zip on your own... please use the GIT repository, since it is always synchronized with SVN (I update them at the same time) and it has some very nice features for quickly interact.

For example from here https://github.com/MightyGorgon/icy_phoenix you can download directly the package as ZIP by clicking on the top right button.

Regarding the permissions system and the possibility for ADMINS / MODS to edit other posts users, it is integrated in the latest dev version: there is a switch in ACP and some code in posting.php.

I just point you to a piece of code:


I decided to move the check on the HTML switch instead of playing with the parsing itself, because it is easy.

If you just want to force that in old Icy Phoenix, you should be able to do that by just inserting something like this (without any needs to integrate ACP switch):



Just after the check of HTML switch:

Oh oh! I sent you a pm before I read this.

But I still think I would like to destroy the web tags with something colourful if users try to use it.

And thanks for the github link.

mort wrote: [View Post]

I can't see how the code is of any use anyway - it's like comparing apples and bananas.

Also - Back on-Topic:

You said back there you only wanted Admin's and Mods to be able to tag existing Url's?

It raises something interesting that I'm trying to get my head around and will have a look at - Not promising, because of the permissions to prevent users from exploiting it - as MG stated - ain't quite that easy.

 

Off Topic

:

Joshua wrote: 

greetings,
.. your Hairdresser

Hehehe! I think that means he's sharpening up the cut-throat razor - because he probably never cut hair in his life!

Joshua203 wrote: [View Post]

batman wrote: [View Post]

Thanks for the edit Joshua203, i did put in code tags but didn't work for some reason

Probably the character limit for posting was hit

EDIT:
@Mort ..hehehe I prefer not to explain the undertone of that joke

OK Laurel and Hardy Im no coder so wouldn't know an apple from a banana