|
Page 1 of 3
|
Mighty Gorgon
Luca Libralato
Joined: August 2006
Posts: 7192
Location: Borgo San Michele
|
BBCODE - CUSTOMIZATION - DANGEROUS - How To Allow IFRAME And Full HTML Parsing
Since some users are asking how to destroy their sites... I've decided to help them in this task.
Here is a way to enable IFRAME and more generally full HTML code in posts... I'm strongly against this modification, and I strongly invite all of you to not apply this unless you know very well what you are doing and the risk you are facing.
There will be no support for this... and I take no responsibility for all the damage that may arise on your site and your PC... yes your PC as well could be attacked and damaged by enabling this.
Creating IFRAME BBCode:
OPEN includes/bbcode.php
FIND
'align' => array(
'nested' => true,
'inurl' => false,
'allow_empty' => false,
),
BEFORE ADD
'iframe' => array(
'nested' => true,
'inurl' => true,
'allow_empty' => false,
),
FIND
// IMG
if($tag === 'img')
{
if($this->is_sig)
BEFORE ADD
// IFRAME
if($tag === 'iframe')
{
if(isset($item['params']['param']))
{
$params['src'] = $item['params']['param'];
}
elseif(isset($item['params']['src']))
{
$params['src'] = $item['params']['src'];
}
elseif(!empty($content))
{
$params['src'] = $content;
}
if(isset($item['params']['scrolling']))
{
$params['scrolling'] = $item['params']['scrolling'];
}
else
{
$params['scrolling'] = 'no';
}
if(isset($item['params']['width']))
{
$params['width'] = $item['params']['width'];
}
else
{
$params['width'] = '100%';
}
if(isset($item['params']['height']))
{
$params['height'] = $item['params']['height'];
}
else
{
$params['height'] = '600';
}
foreach($params as $var => $value)
{
if ($this->process_text($value) != '')
{
$html .= ' ' . $var . '="' . $this->process_text($value) . '"';
}
}
$extras = $this->allow_styling ? array('style', 'class') : array('class');
$html = '<iframe' . $html . '>';
return array(
'valid' => true,
'start' => $html,
'end' => '</iframe>'
);
}
Enabling HTML tags:
Enter in ACP ed add IFRAME tag in the allowed tags.
OPEN includes/bbcode.php
FIND
var $allowed_html = array(
'b' => array(
'nested' => true,
'inurl' => true,
'allow_empty' => false,
),
AFTER ADD
'iframe' => array(
'nested' => true,
'inurl' => true,
'allow_empty' => false,
),
How to generally allow full HTML in posts:
OPEN includes/functions_post.php
FIND
// This function will prepare a posted message for entry into the database.
function prepare_message($message, $html_on, $bbcode_on, $smile_on, $bbcode_uid = 0)
{
global $board_config, $html_entities_match, $html_entities_replace;
// Clean up the message
$message = trim($message);
if ($html_on)
{
// If HTML is on, we try to make it safe
// This approach is quite agressive and anything that does not look like a valid tag
// is going to get converted to HTML entities
$message = stripslashes($message);
$html_match = '#<[^w<]*(w+)((?:"[^"]*"|'[^']*'|[^<>'"])+)?>#';
$matches = array();
$message_split = preg_split($html_match, $message);
preg_match_all($html_match, $message, $matches);
$message = '';
foreach ($message_split as $part)
{
$tag = array(array_shift($matches[0]), array_shift($matches[1]), array_shift($matches[2]));
$message .= preg_replace($html_entities_match, $html_entities_replace, $part) . clean_html($tag);
//$message .= preg_replace($html_entities_match, $html_entities_replace, $part) . $tag;
}
$message = addslashes($message);
$message = str_replace('"', '"', $message);
}
else
{
$message = preg_replace($html_entities_match, $html_entities_replace, $message);
}
return $message;
}
REPLACE WITH
// This function will prepare a posted message for entry into the database.
function prepare_message($message, $html_on, $bbcode_on, $smile_on, $bbcode_uid = 0)
{
return trim($message);
}
Read again carefully the first lines of this post before proceding... do you really want to proceed? The whole risk is up to you... Good Luck!!!
____________ Luca
SEARCH is the quickest way to get support.
Icy Phoenix ColorizeIt - CustomIcy - HON
|
#1 Fri 29 Jun, 2007 00:25 |
|
Sponsors
|
Icy Phoenix is an open source project, you can show your appreciation and support future development by donating to the project.
|
|
nene94
Joined: May 2007
Posts: 66
Location: Puerto Rico
|
Re: DANGEROUS - How To Allow IFRAME And Full HTML Parsing
Thanks!
____________ http://www.nene94.com/radio/
A Internet radio station !!
|
#2 Sun 01 Jul, 2007 03:33 |
|
KugeLSichA
Joined: August 2006
Posts: 803
Location: Dresden
|
Re: DANGEROUS - How To Allow IFRAME And Full HTML Parsing
Thanks Luca,
i know you have not much time but i have some ideas about this.
If you´ll be back from your vacations, please contact me via MSN and we can speak about my ideas to this.
thx
|
#3 Sun 01 Jul, 2007 15:08 |
|
Wober
Joined: April 2007
Posts: 3
|
Re: DANGEROUS - How To Allow IFRAME And Full HTML Parsing
sorry wrong post
|
#4 Tue 03 Jul, 2007 01:02 |
|
Mighty Gorgon
Luca Libralato
Joined: August 2006
Posts: 7192
Location: Borgo San Michele
|
Re: DANGEROUS - How To Allow IFRAME And Full HTML Parsing
Thanks Luca,
i know you have not much time but i have some ideas about this.
If you´ll be back from your vacations, please contact me via MSN and we can speak about my ideas to this.
thx
No problem... I can guess what you would like to suggest... but I would avoid to add something dangerous on the package even if only admins or who could have the permissions would be able to use these...
____________ Luca
SEARCH is the quickest way to get support.
Icy Phoenix ColorizeIt - CustomIcy - HON
|
#5 Tue 03 Jul, 2007 23:39 |
|
bartges90
Joined: December 2006
Posts: 32
Location: Catalonia
|
Re: DANGEROUS - How To Allow IFRAME And Full HTML Parsing
Well... but is there any mode to change HTML permissions according to user's level? [so admins and mods could post with HTML tags meanwhile "normal" users couldn't use them].
Thanks in advance
see you later
|
#6 Fri 06 Jul, 2007 12:50 |
|
Zuker
Joined: August 2006
Posts: 2134
Location: BA
|
Re: DANGEROUS - How To Allow IFRAME And Full HTML Parsing
Well... but is there any mode to change HTML permissions according to user's level? [so admins and mods could post with HTML tags meanwhile "normal" users couldn't use them].
Thanks in advance
see you later
i made something on a bb2 that i use that with HTML GLOBAL DISABLE, enables only admins to post html. And if some user quotes the admin post, the html tags are stripped. After i finish some pending things i've get i'll play with it in icy
____________ ? Zuker - EDDB - LPM - Sharefields
|
#7 Fri 06 Jul, 2007 14:36 |
|
Mighty Gorgon
Luca Libralato
Joined: August 2006
Posts: 7192
Location: Borgo San Michele
|
Re: DANGEROUS - How To Allow IFRAME And Full HTML Parsing
It is not so easy, for several reasons... there are many collateral things to consider... quoted posts, other users edited posts, iframed link may be attacked or changed, ecc...
I repeat once again... when you enable something like this on your site, then you are opening doors to hackers... any external content should be added everywhere, but not in posts... and don't use external sites iframe unless you can really trust external sites or are owned by yourselves.
I used to have IFRAME enabled on my old sites... but after having studied a little better some hacking techniques I've decided to remove anything related.
____________ Luca
SEARCH is the quickest way to get support.
Icy Phoenix ColorizeIt - CustomIcy - HON
|
#8 Sun 08 Jul, 2007 11:49 |
|
Zuker
Joined: August 2006
Posts: 2134
Location: BA
|
Re: DANGEROUS - How To Allow IFRAME And Full HTML Parsing
the best example it's that bb3 doesn't have html, right?
____________ ? Zuker - EDDB - LPM - Sharefields
|
#9 Sun 08 Jul, 2007 15:42 |
|
Mighty Gorgon
Luca Libralato
Joined: August 2006
Posts: 7192
Location: Borgo San Michele
|
Re: DANGEROUS - How To Allow IFRAME And Full HTML Parsing
the best example it's that bb3 doesn't have html, right?
Right...
____________ Luca
SEARCH is the quickest way to get support.
Icy Phoenix ColorizeIt - CustomIcy - HON
|
#10 Wed 25 Jul, 2007 23:51 |
|
bartges90
Joined: December 2006
Posts: 32
Location: Catalonia
|
Re: DANGEROUS - How To Allow IFRAME And Full HTML Parsing
the best example it's that bb3 doesn't have html, right?
So... the bbcode isn't enough. It would need more tags, like table.
see you
|
#11 Thu 26 Jul, 2007 18:30 |
|
Mighty Gorgon
Luca Libralato
Joined: August 2006
Posts: 7192
Location: Borgo San Michele
|
Re: DANGEROUS - How To Allow IFRAME And Full HTML Parsing
the best example it's that bb3 doesn't have html, right?
So... the bbcode isn't enough. It would need more tags, like table.
see you
You have CELL in Icy Phoenix, which is similar... but safer...
Check here:
http://www.icyphoenix.com/viewtopic.php?t=1758
____________ Luca
SEARCH is the quickest way to get support.
Icy Phoenix ColorizeIt - CustomIcy - HON
|
#12 Fri 10 Aug, 2007 18:05 |
|
mamagallo
Joined: August 2007
Posts: 41
Location: Caracas
|
Re: DANGEROUS - How To Allow IFRAME And Full HTML Parsing
I feel it, but it does not work to me, already it makes the changes and he is worse not even recognizes bbcode img, for my is imperative that the htm works in the forums because the users will be able to make tables with which to adorn its poems, could somebody knowledge say to me like obtaining it, all the options of corresponding htm reduce activated and places tags
|
#13 Mon 03 Sep, 2007 06:12 |
|
Mighty Gorgon
Luca Libralato
Joined: August 2006
Posts: 7192
Location: Borgo San Michele
|
Re: DANGEROUS - How To Allow IFRAME And Full HTML Parsing
Can you show us the site where it is not working and provide a test account please?
Are you sure to have completed correctly all files edit?
____________ Luca
SEARCH is the quickest way to get support.
Icy Phoenix ColorizeIt - CustomIcy - HON
|
#14 Sun 09 Sep, 2007 02:02 |
|
Fanshop
Joined: March 2007
Posts: 56
Location:
|
Re: DANGEROUS - How To Allow IFRAME And Full HTML Parsing
i have problem too with this, the code show correct when i preview, but when i postet it showin nothing, only a blank page ( i mean blank post) i tryien many times and same problem
|
#15 Sun 09 Sep, 2007 14:41 |
|
|
Page 1 of 3
|
Was this topic useful?
Was this topic useful?
Link this topic |
URL |
|
BBCode |
|
HTML |
|
Similar Topics
Similar Topics
Topic |
Author |
Forum |
Replies |
Last Post |
|
FAP CUSTOMIZATION - Full View Only For Mem...
|
Anemia |
Archived phpBB Topics (Styles, Mods, Support) |
3 |
Sun 21 Jan, 2007 00:25 Artie |
|
FAP CUSTOMIZATION - BBCODE In Categorie's ...
|
Fabien |
Archived phpBB Topics (Styles, Mods, Support) |
6 |
Wed 28 Feb, 2007 14:03 Fabien |
|
BBCODE - How To Add Icy Phoenix BBCode Par...
|
DWho |
Documentation And How To |
10 |
Sun 24 Aug, 2008 14:08 DWho |
|
BBCODE - CUSTOMIZATION - FLV Player Allow ...
|
TheSteffen |
Documentation And How To |
10 |
Sun 08 Jan, 2012 20:03 Mighty Gorgon |
|
FAP CUSTOMIZATION - Full Album Pack
|
Julie13 |
Archived phpBB Topics (Styles, Mods, Support) |
1 |
Fri 08 Mar, 2013 08:17 Joshua203 |
You cannot post new topics You cannot reply to topics You cannot edit your posts You cannot delete your posts You cannot vote in polls You cannot attach files You can download files You cannot post calendar events
|
|
|
|