http://www.icyphoenix.com/viewtopic.php?f=4&t=2375 ----------------------------------- Mighty Gorgon Fri 29 Jun, 2007 00:25 BBCODE - CUSTOMIZATION - DANGEROUS - How To Allow IFRAME And Full HTML Parsing ----------------------------------- Since some users are asking how to destroy their sites... I've decided to help them in this task. [color=red][b]Here is a way to enable IFRAME and more generally full HTML code in posts... I'm strongly against this modification, and I strongly invite all of you to not apply this unless you know very well what you are doing and the risk you are facing.[/b][/color] [color=crimson]There will be no support for this... and I take no responsibility for all the damage that may arise on your site and your PC... yes your PC as well could be attacked and damaged by enabling this.[/color] Creating IFRAME BBCode: [spoiler] OPEN [b]includes/bbcode.php[/b] FIND [codeblock] 'align' => array( 'nested' => true, 'inurl' => false, 'allow_empty' => false, ), [/codeblock] BEFORE ADD [codeblock] 'iframe' => array( 'nested' => true, 'inurl' => true, 'allow_empty' => false, ), [/codeblock] FIND [codeblock] // IMG if($tag === 'img') { if($this->is_sig) [/codeblock] BEFORE ADD [codeblock] // IFRAME if($tag === 'iframe') { if(isset($item['params']['param'])) { $params['src'] = $item['params']['param']; } elseif(isset($item['params']['src'])) { $params['src'] = $item['params']['src']; } elseif(!empty($content)) { $params['src'] = $content; } if(isset($item['params']['scrolling'])) { $params['scrolling'] = $item['params']['scrolling']; } else { $params['scrolling'] = 'no'; } if(isset($item['params']['width'])) { $params['width'] = $item['params']['width']; } else { $params['width'] = '100%'; } if(isset($item['params']['height'])) { $params['height'] = $item['params']['height']; } else { $params['height'] = '600'; } foreach($params as $var => $value) { if ($this->process_text($value) != '') { $html .= ' ' . $var . '="' . $this->process_text($value) . '"'; } } $extras = $this->allow_styling ? array('style', 'class') : array('class'); $html = ''; return array( 'valid' => true, 'start' => $html, 'end' => '' ); } [/codeblock] [/spoiler] Enabling HTML tags: [spoiler] Enter in ACP ed add IFRAME tag in the allowed tags. OPEN [b]includes/bbcode.php[/b] FIND [codeblock] var $allowed_html = array( 'b' => array( 'nested' => true, 'inurl' => true, 'allow_empty' => false, ), [/codeblock] AFTER ADD [codeblock] 'iframe' => array( 'nested' => true, 'inurl' => true, 'allow_empty' => false, ), [/codeblock][/spoiler] How to generally allow full HTML in posts: [spoiler]OPEN [b]includes/functions_post.php[/b] FIND [codeblock]// This function will prepare a posted message for entry into the database. function prepare_message($message, $html_on, $bbcode_on, $smile_on, $bbcode_uid = 0) { global $board_config, $html_entities_match, $html_entities_replace; // Clean up the message $message = trim($message); if ($html_on) { // If HTML is on, we try to make it safe // This approach is quite agressive and anything that does not look like a valid tag // is going to get converted to HTML entities $message = stripslashes($message); $html_match = '#<[^w<]*(w+)((?:"[^"]*"|'[^']*'|[^<>'"])+)?>#'; $matches = array(); $message_split = preg_split($html_match, $message); preg_match_all($html_match, $message, $matches); $message = ''; foreach ($message_split as $part) { $tag = array(array_shift($matches[0]), array_shift($matches[1]), array_shift($matches[2])); $message .= preg_replace($html_entities_match, $html_entities_replace, $part) . clean_html($tag); //$message .= preg_replace($html_entities_match, $html_entities_replace, $part) . $tag; } $message = addslashes($message); $message = str_replace('"', '"', $message); } else { $message = preg_replace($html_entities_match, $html_entities_replace, $message); } return $message; } [/codeblock] REPLACE WITH [codeblock]// This function will prepare a posted message for entry into the database. function prepare_message($message, $html_on, $bbcode_on, $smile_on, $bbcode_uid = 0) { return trim($message); } [/codeblock][/spoiler] [color=darkorchid]Read again carefully the first lines of this post before proceding... do you really want to proceed? The whole risk is up to you... Good Luck!!! :roll:[/color] ----------------------------------- nene94 Sun 01 Jul, 2007 03:33 Re: DANGEROUS - How To Allow IFRAME And Full HTML Parsing ----------------------------------- Thanks! ----------------------------------- KugeLSichA Sun 01 Jul, 2007 15:08 Re: DANGEROUS - How To Allow IFRAME And Full HTML Parsing ----------------------------------- Thanks Luca, i know you have not much time but i have some ideas about this. If you´ll be back from your vacations, please contact me via MSN and we can speak about my ideas to this. thx ----------------------------------- Wober Tue 03 Jul, 2007 01:02 Re: DANGEROUS - How To Allow IFRAME And Full HTML Parsing ----------------------------------- sorry wrong post ----------------------------------- Mighty Gorgon Tue 03 Jul, 2007 23:39 Re: DANGEROUS - How To Allow IFRAME And Full HTML Parsing ----------------------------------- [quote user="KugeLSichA" post="17195"]Thanks Luca, i know you have not much time but i have some ideas about this. If you´ll be back from your vacations, please contact me via MSN and we can speak about my ideas to this. thx[/quote] No problem... I can guess what you would like to suggest... but I would avoid to add something dangerous on the package even if only admins or who could have the permissions would be able to use these... :roll: ----------------------------------- bartges90 Fri 06 Jul, 2007 12:50 Re: DANGEROUS - How To Allow IFRAME And Full HTML Parsing ----------------------------------- Well... but is there any mode to change HTML permissions according to user's level? [so admins and mods could post with HTML tags meanwhile "normal" users couldn't use them]. Thanks in advance see you later ;) ----------------------------------- Zuker Fri 06 Jul, 2007 14:36 Re: DANGEROUS - How To Allow IFRAME And Full HTML Parsing ----------------------------------- [quote user="bartges90" post="17404"]Well... but is there any mode to change HTML permissions according to user's level? [so admins and mods could post with HTML tags meanwhile "normal" users couldn't use them]. Thanks in advance see you later ;)[/quote] i made something on a bb2 that i use that with HTML GLOBAL DISABLE, enables only admins to post html. And if some user quotes the admin post, the html tags are stripped. After i finish some pending things i've get i'll play with it in icy ----------------------------------- Mighty Gorgon Sun 08 Jul, 2007 11:49 Re: DANGEROUS - How To Allow IFRAME And Full HTML Parsing ----------------------------------- It is not so easy, for several reasons... there are many collateral things to consider... quoted posts, other users edited posts, iframed link may be attacked or changed, ecc... I repeat once again... when you enable something like this on your site, then you are opening doors to hackers... any external content should be added everywhere, but not in posts... and don't use external sites iframe unless you can really trust external sites or are owned by yourselves. I used to have IFRAME enabled on my old sites... but after having studied a little better some hacking techniques I've decided to remove anything related. ----------------------------------- Zuker Sun 08 Jul, 2007 15:42 Re: DANGEROUS - How To Allow IFRAME And Full HTML Parsing ----------------------------------- the best example it's that bb3 doesn't have html, right? ----------------------------------- Mighty Gorgon Wed 25 Jul, 2007 23:51 Re: DANGEROUS - How To Allow IFRAME And Full HTML Parsing ----------------------------------- [quote user="Zuker" post="17481"]the best example it's that bb3 doesn't have html, right?[/quote] Right... :wink: ----------------------------------- bartges90 Thu 26 Jul, 2007 18:30 Re: DANGEROUS - How To Allow IFRAME And Full HTML Parsing ----------------------------------- [quote user="Zuker" post="17481"]the best example it's that bb3 doesn't have html, right?[/quote] So... the bbcode isn't enough. It would need more tags, like table. see you ;) ----------------------------------- Mighty Gorgon Fri 10 Aug, 2007 18:05 Re: DANGEROUS - How To Allow IFRAME And Full HTML Parsing ----------------------------------- [quote user="bartges90" post="18035"][quote user="Zuker" post="17481"]the best example it's that bb3 doesn't have html, right?[/quote] So... the bbcode isn't enough. It would need more tags, like table. see you ;)[/quote] You have CELL in Icy Phoenix, which is similar... but safer... :wink: Check here: http://www.icyphoenix.com/viewtopic.php?t=1758 ----------------------------------- mamagallo Mon 03 Sep, 2007 06:12 Re: DANGEROUS - How To Allow IFRAME And Full HTML Parsing ----------------------------------- I feel it, but it does not work to me, already it makes the changes and he is worse not even recognizes bbcode img, for my is imperative that the htm works in the forums because the users will be able to make tables with which to adorn its poems, could somebody knowledge say to me like obtaining it, all the options of corresponding htm reduce activated and places tags :cry: ----------------------------------- Mighty Gorgon Sun 09 Sep, 2007 02:02 Re: DANGEROUS - How To Allow IFRAME And Full HTML Parsing ----------------------------------- Can you show us the site where it is not working and provide a test account please? Are you sure to have completed correctly all files edit? ----------------------------------- Fanshop Sun 09 Sep, 2007 14:41 Re: DANGEROUS - How To Allow IFRAME And Full HTML Parsing ----------------------------------- i have problem too with this, the code show correct when i preview, but when i postet it showin nothing, only a blank page ( i mean blank post) i tryien many times and same problem ----------------------------------- mamagallo Sun 09 Sep, 2007 16:16 Re: DANGEROUS - How To Allow IFRAME And Full HTML Parsing ----------------------------------- there is no form of which it works to me, although Mighty assures that if, I have proven it 20 times and it does not work, I suppose that those changes do not affect the last version of the IcyPhoenix, it creates an account of test user http://www.mundodecuaimas.com/plus/ User: Test Password:test123 the IcyPhoenix I have it installed in a test folder and configuration while I do not verify that it works correctly, the aspect that will see is the end, single I need to install a pair and things that I will have to consult later. :? :( ----------------------------------- Mighty Gorgon Fri 14 Sep, 2007 02:45 Re: DANGEROUS - How To Allow IFRAME And Full HTML Parsing ----------------------------------- I'll test it again tomorrow and let you know... ok? ----------------------------------- mamagallo Fri 14 Sep, 2007 12:16 Re: DANGEROUS - How To Allow IFRAME And Full HTML Parsing ----------------------------------- oK Thanks, really are important for my :? ----------------------------------- Mighty Gorgon Mon 17 Sep, 2007 00:33 Re: DANGEROUS - How To Allow IFRAME And Full HTML Parsing ----------------------------------- First post updated... try to reapply the modification and let me know. When IFRAME active... Install a good antivirus and good luck. :mricy: ----------------------------------- mamagallo Mon 17 Sep, 2007 05:01 Re: DANGEROUS - How To Allow IFRAME And Full HTML Parsing ----------------------------------- :( Good so it seems that I did not know to explain myself, when I said that needed to be able to use the htm within post of my forum, and I made him waste its time, I request excuses to him, will try to be more I specify.... this is the example of the code of a table whatever I want to use: [code linenumbers=false]
[b]
title of the POEM [img]http://i14.photobucket.com/albums/a348/rousse/azulbrillo9op.gif[/img] TEX TO POEM [img]http://i14.photobucket.com/albums/a348/rousse/azulbrillo9op.gif[/img] name of the author
[/b]
[/code] this table to the published being had to be seen of this form by the users [img align=left]http://img78.imageshack.us/img78/8407/debieraverse2nd4.png[/img] that is what I can do in my old forum and the forums of poetry of shoshan.cl where I participate, :? wanted that puediera IP to have that ability and that my users could operate a little plus their creativity. I returned to make the modifications and nothing has changed, :| not if I am so clumsy that I cannot follow instructions so simple, if pleases I can place the code of the modified archives in order that it can review if I committed some error :( ----------------------------------- Mighty Gorgon Thu 20 Sep, 2007 01:15 Re: DANGEROUS - How To Allow IFRAME And Full HTML Parsing ----------------------------------- If you need to post full HTML you need to apply the latest modification in my first post... isn't that working? I wouldn't do that... but if you cannot live without... ----------------------------------- mamagallo Sun 23 Sep, 2007 02:41 Re: DANGEROUS - How To Allow IFRAME And Full HTML Parsing ----------------------------------- edit :( the archives are very great to be visualized in the forum, could indicate to me if I can be sent by email, to verify that well they were modified? :? ----------------------------------- mamagallo Sat 29 Sep, 2007 20:31 Re: DANGEROUS - How To Allow IFRAME And Full HTML Parsing ----------------------------------- Ok, already manages to see that it works, is not exactly what I look for but will have to serve, single that represents work much more for my because I must personally publish the messages that the users publish with htm, but that is better than nothing. Thank you very much, to him I am been thankful by all the annoyances that volume to occur a solution to me. :) ----------------------------------- xmenfile Thu 22 Nov, 2007 06:44 Re: DANGEROUS - How To Allow IFRAME And Full HTML Parsing ----------------------------------- I am thinking only board Admin is able to post HTML. is it still Dangerous? and beside this , is there any other way? Thanks, ----------------------------------- kUcHilla Sun 27 Apr, 2008 21:46 Re: DANGEROUS - How To Allow IFRAME And Full HTML Parsing ----------------------------------- If you want add google maps iframe, you must change this to true: 'allow_empty' => [b]true[/b], ----------------------------------- lvliguel Sun 14 Sep, 2008 17:21 Re: DANGEROUS - How To Allow IFRAME And Full HTML Parsing ----------------------------------- I tried to use that and it doesnt work for me :s.... each time when i try to read my forum it was a white page, that is it!! :( [quote]/ This function will prepare a posted message for entry into the database. function prepare_message($message, $html_on, $bbcode_on, $smile_on, $bbcode_uid = 0) { return trim($message); } [/quote] ----------------------------------- Lopalong Mon 15 Sep, 2008 00:34 Re: DANGEROUS - How To Allow IFRAME And Full HTML Parsing ----------------------------------- Then you appear to have broken the code in the wrong place or have not followed the exact instructions as outlined by MG. :shock: For me it works OK. ----------------------------------- lvliguel Mon 15 Sep, 2008 01:13 Re: DANGEROUS - How To Allow IFRAME And Full HTML Parsing ----------------------------------- OK i think I copyied it bad, now It doesnt show me that error but I cant still see my HTML in the POSTs in Forums Here I cicked in Preview and I can see it [img]http://www.icyphoenix.com/./files/posted_images/5294/1.gif[/img] Here I show I changed the codes [img]http://www.icyphoenix.com/./files/posted_images/5294/2.gif[/img] Here I show It doesnt work :lcop: [img]http://www.icyphoenix.com/./files/posted_images/5294/3.gif[/img] well I am just doing that change "How to generally allow full HTML in posts" should I do everything to work?? or not?? Thanks ----------------------------------- Fanshop Wed 17 Sep, 2008 21:00 Re: DANGEROUS - How To Allow IFRAME And Full HTML Parsing ----------------------------------- [quote user="Lopalong" post="31722"]Then you appear to have broken the code in the wrong place or have not followed the exact instructions as outlined by MG. :shock: For me it works OK.[/quote] i cant do to work it too, can u share your edited files to try ?..please..i really neeed do it to work. ----------------------------------- Lopalong Thu 18 Sep, 2008 00:36 Re: DANGEROUS - How To Allow IFRAME And Full HTML Parsing ----------------------------------- I only tested why lvliguel was getting a white page :( And if MG wants Icy Phoenix to have full html parsing, then it's better he makes the decisions and corrections in support of it. ;) ----------------------------------- Mighty Gorgon Thu 25 Sep, 2008 11:14 Re: DANGEROUS - How To Allow IFRAME And Full HTML Parsing ----------------------------------- I have tested it in the past and it worked fine. I will test again and report. ----------------------------------- Lopalong Thu 25 Sep, 2008 13:07 Re: DANGEROUS - How To Allow IFRAME And Full HTML Parsing ----------------------------------- How difficult would it to be to add HTML on a forum by forum basis rather than global. As I understand that's how it is at the moment. ? :shock: ----------------------------------- Mighty Gorgon Fri 26 Sep, 2008 12:46 Re: DANGEROUS - How To Allow IFRAME And Full HTML Parsing ----------------------------------- [quote user="Lopalong" post="32202"]How difficult would it to be to add HTML on a forum by forum basis rather than global. As I understand that's how it is at the moment. ? :shock:[/quote] I have always discarded this option to avoid problems with the layout. If a user add a table not properly coded or with not all tags closed, then you may not be able to correctly view that page any more... and you may not even be able to edit the post because you can't properly access to the page (which html is broken). Enabling HTML is not a joke, and could be really dangerous, that is the main reason why I have never provided an easy way for doing it. Anyway, someone shown how to enable HTML only for admins and mods... try to search the site for that, if you couldn't find it I will help. ----------------------------------- Lopalong Fri 26 Sep, 2008 12:59 Re: DANGEROUS - How To Allow IFRAME And Full HTML Parsing ----------------------------------- No, not for me either. Sorry I asked the question. ;) As I agree with you about HTML and forums. ----------------------------------- Mighty Gorgon Fri 26 Sep, 2008 13:47 Re: DANGEROUS - How To Allow IFRAME And Full HTML Parsing ----------------------------------- Back on topic... I have tried again this modification and it works great... you need to make sure that HTML is enabled in ACP and in your Profile... even the message you are viewing make sure doesn't have HTML disabled. [quote user="Mighty Gorgon" post="17045"] How to generally allow full HTML in posts: [spoiler]OPEN [b]includes/functions_post.php[/b] FIND [codeblock]// This function will prepare a posted message for entry into the database. function prepare_message($message, $html_on, $bbcode_on, $smile_on, $bbcode_uid = 0) { global $board_config, $html_entities_match, $html_entities_replace; // Clean up the message $message = trim($message); if ($html_on) { // If HTML is on, we try to make it safe // This approach is quite agressive and anything that does not look like a valid tag // is going to get converted to HTML entities $message = stripslashes($message); $html_match = '#<[^w<]*(w+)((?:"[^"]*"|'[^']*'|[^<>'"])+)?>#'; $matches = array(); $message_split = preg_split($html_match, $message); preg_match_all($html_match, $message, $matches); $message = ''; foreach ($message_split as $part) { $tag = array(array_shift($matches[0]), array_shift($matches[1]), array_shift($matches[2])); $message .= preg_replace($html_entities_match, $html_entities_replace, $part) . clean_html($tag); //$message .= preg_replace($html_entities_match, $html_entities_replace, $part) . $tag; } $message = addslashes($message); $message = str_replace('"', '"', $message); } else { $message = preg_replace($html_entities_match, $html_entities_replace, $message); } return $message; } [/codeblock] REPLACE WITH [codeblock]// This function will prepare a posted message for entry into the database. function prepare_message($message, $html_on, $bbcode_on, $smile_on, $bbcode_uid = 0) { return trim($message); } [/codeblock][/spoiler][/quote] If it doesn't work it is because you are doing something wrong. :wink: ----------------------------------- Vinicius Harlock Sun 21 Feb, 2010 17:29 Re: BBCODE - CUSTOMIZATION - DANGEROUS - How To Allow IFRAME And Full HTML Parsing ----------------------------------- Hello everyone How do I add an HTML signature [b]only[/b] for me? ----------------------------------- Mighty Gorgon Wed 03 Mar, 2010 10:12 Re: BBCODE - CUSTOMIZATION - DANGEROUS - How To Allow IFRAME And Full HTML Parsing ----------------------------------- You need to alter Icy Phoenix code for doing that... currently there is no easier way.