Topic: Bug with [ img ] tag
like this [ img ] http://punbb.org/forums/login.php?action=out [ img ]Re: Bug with [ img ] tag
check it out, i've just made a post, in test forum, topic testing
Re: Bug with [ img ] tag
Nice one! :D
Evil trick!
Re: Bug with [ img ] tag
Haha, cool. I'll investigate it further. Any ideas?
"Programming is like sex: one mistake and you have to support it for the rest of your life."
Re: Bug with [ img ] tag
1) Add a list of _permitted_ image file types, jpg/jpeg/gif/png/etc
then in the post submission look for [ img ] tags that don't match up.
2) Check it during the bbcode->html conversion - though I think 1 is better since it is done once rather than every time a post is viewed.
3) More specific - check the img url for login.php and deny it (assuming login.php is the only place action=out can work).
I'd rather not have a blanket ban on images sent from a .php page since I've several graph generation scripts that use such urls.
9 2004-06-23 09:11 (edited by XuMiX 2004-06-23 09:13)
Re: Bug with [ img ] tag
pgregg wrote:
1) Add a list of _permitted_ image file types, jpg/jpeg/gif/png/etc
then in the post submission look for [ img ] tags that don't match up.2) Check it during the bbcode->html conversion - though I think 1 is better since it is done once rather than every time a post is viewed.
3) More specific - check the img url for login.php and deny it (assuming login.php is the only place action=out can work).
I'd rather not have a blanket ban on images sent from a .php page since I've several graph generation scripts that use such urls.
1) is not a solution. a can rename my file so evilcode.jpg
2) --||--
3) is not a solution, because i can use not only this url, but also smth like this evilcode.js
yeah... rather hard problem, isnt ?
the only solution i see - is to upload images to server, then check its mime-type... by it will slow down the server greatly.... + it will do MUCH traffick...
Re: Bug with [ img ] tag
I dont see whats so evil about it. It just logs you out. If it gets really annoying, then turn turn off link conversions.
Do, or do not.
Re: Bug with [ img ] tag
XuMiX wrote:
pgregg wrote:1) Add a list of _permitted_ image file types, jpg/jpeg/gif/png/etc
then in the post submission look for [ img ] tags that don't match up.1) is not a solution. a can rename my file so evilcode.jpg
2) --||--
3) is not a solution, because i can use not only this url, but also smth like this evilcode.js
yeah... rather hard problem, isnt ?
the only solution i see - is to upload images to server, then check its mime-type... by it will slow down the server greatly.... + it will do MUCH traffick...
Hmm, I don't see how 1 is not a solution. Sure, if you want to rename your login.php to evilcode.jpg and pass all jpgs through the PHP engine then on your own head be it. The goal is to prevent regault users from causing another user to logout - not from admins shooting themselves in the foot.
Re: Bug with [ img ] tag
Or, in all img conversions append a ?image (or &image if the url aready has a ?) to the url. Then in the logout/login script:
if (isset($_GET['image'])) { // some lamer created a logout link in an image
13 2004-06-24 06:16 (edited by XuMiX 2004-06-27 06:22)
Re: Bug with [ img ] tag
just for now , i've done such thing
$message = preg_replace('#\[img\]((f)tp://)([^\?&=\"\n\r\t<]*?(\.(jpg|jpeg|gif|png)))\[/img\]#si', '<img src="$1' . eregi_replace('\?.*|&.*', '', str_replace(' ', '%20', '$3')) . '" border="0" align="top" alt="< ??????? ??????????? > ">', $message);
$message = preg_replace('#\[img\]((ht)tp://)([^\?&=\"\n\r\t<]*?(\.(jpg|jpeg|gif|png)))\[/img\]#si', '< <a href="$1' . eregi_replace('\?.*|&.*', '', str_replace(' ', '%20', '$3')) . '" target="_blank"><b>?????? ?? ??????? ???????????</b></a> >', $message); Re: Bug with [ img ] tag
Nice XuMiX!
preg_replace('#\[img\]((ht|f)tp://)([^\r\n\t<"\'\?&=]+\.(bmp|tif|jpg|jpeg|gif|png))\[/img\]#si', '<img src="$1$3".....Re: Bug with [ img ] tag
hmmm... smth is wrong with your code... it works fine with single image, but sux with series of them... i'll see it through
Re: Bug with [ img ] tag
Fixed in 1.2. If people really want to be assholes, they can setup their server to interpret e.g. .jpeg as PHP code and then link to that "image" which in turn does a header('Location: http://example.com/login.php?action=out'); but I don't believe there's a way of dealing with that. One could make sure the image is an image via e.g. getimagesize(), but it's just not worth it.
"Programming is like sex: one mistake and you have to support it for the rest of your life."
- Connorhd
- Former PunBB Developer
- Offline
Re: Bug with [ img ] tag
so now it will only accept certain extensions as images?
Re: Bug with [ img ] tag
have you blocked out PHP, if so, is there an admin option or do one need to mod it?
(I use quite a few php images, for different stuff)
- Connorhd
- Former PunBB Developer
- Offline
Re: Bug with [ img ] tag
thats what i was thinking, a few people post links to php stuff for random images and things
Re: Bug with [ img ] tag
Oh shit. I forgot. Then, my friends, I have no idea how to solve this.
"Programming is like sex: one mistake and you have to support it for the rest of your life."
Re: Bug with [ img ] tag
if you just have an option or a commented out line or something, I'm sure that those that want to allow php need to uncomment that line, and therefore be aware of the 'risks' (considering all the important stuff is using post, the get variables won't hur the board that much, will they?)
- Connorhd
- Former PunBB Developer
- Offline
Re: Bug with [ img ] tag
ok how about just blocking (i don't know regular expressions) this
(forum_path)*.php*
as you only need to block scripts on that forum and that would stop any php scripts on the actual forum being run but would allow php images from anywhere else ot be accessed
the only problem with this is you could be logged out of other forums by that forum e.g. this forum from my forum
- Connorhd
- Former PunBB Developer
- Offline
Re: Bug with [ img ] tag
btw, look at the size of some of the posts above with the code bit is that another bug?
Re: Bug with [ img ] tag
Connorhd wrote:
btw, look at the size of some of the posts above with the code bit is that another bug?
no, it's supposed to be like that
- Connorhd
- Former PunBB Developer
- Offline
