1

Topic: iFrame in posts

Would it be possible to have an "iFrame" BBCode to set a link to display a html site or whatever?

Re: iFrame in posts

As a feature I'm almost 100% the answer will be no, however a mod could easily be written to provide it.

3

Re: iFrame in posts

Well, then I have to find someone to write a mod like that.....

....anybody here?  smile ....or could you do that Reines?

4 (edited by Reines 2007-07-17 18:13)

Re: iFrame in posts

try this (note. wrote it in bout 5mins, 100% untested):

open:
parser.php

find:
$a[] = '#\s*\[/quote\]\s*#i';

on the next line add:
$a[] = '#\[iframe\][\r\n]*(.*?)\s*\[/iframe\]\s*#is';

find:
$b[] = '[/quote]
'."\n";

on the next line add:
$b[] = '[iframe]$1[/iframe]'."\n";

find:
if (preg_match('#\[quote=("|"|\'|)(.*)\\1\]|\[quote\]|\[/quote\]|\[code\]|\[/code\]#i', $text))

replace with:
if (preg_match('#\[quote=("|"|\'|)(.*)\\1\]|\[quote\]|\[/quote\]|\[code\]|\[/code\]|\[iframe\]|\[/iframe\]#i', $text))

find:
'#\[url\]([^\[]*?)\[/url\]#e',

on the next line add:
'#\[iframe\]([^\[]*?)\[/iframe\]#e',

find:
'handle_url_tag(\'$1\')',

on the next line add:
'handle_iframe_tag(\'$1\')',

add a new method:

function handle_iframe_tag($url) {
    $full_url = str_replace(array(' ', '\'', '`', '"'), array('%20', '', '', ''), $url);
    if (strpos($url, 'www.') === 0)            // If it starts with www, we add http://
        $full_url = 'http://'.$full_url;
    else if (strpos($url, 'ftp.') === 0)    // Else if it starts with ftp, we add ftp://
        $full_url = 'ftp://'.$full_url;
    else if (!preg_match('#^([a-z0-9]{3,6})://#', $url)) // Else ef it doesn't start with abcdef://, we add http://
        $full_url = 'http://'.$full_url;
    return '<iframe src="'.htmlspecialchars($full_url).'">You need iframes enabled to view this.</iframe>';
}

save & reupload:
parser.php

5

Re: iFrame in posts

Reines, thank's
I will try it and make a report

6

Re: iFrame in posts

The BBCode works fine - it displays the "extern" site, but where can I adjust the size of the iFrame?

At the moment it just displays in a small iFrame about 200px width and 120px height

7

Re: iFrame in posts

....found it:

 return '<iframe width="100%" height="100%" scrolling="auto" src="'.htmlspecialchars($full_url).'">You need iframes enabled to view this.</iframe>';

..tried to "reach" it with CSS, but wasn't lucky

Great Mod, Thank's a lot Reines

Re: iFrame in posts

Interesting "bug".

PunBB ads the newline in:

$b[] = '[/quote]
'."\n";

even when its in code tags.

9

Re: iFrame in posts

...don't understand

Re: iFrame in posts

This takes XSS to a whole new level hmm

11

Re: iFrame in posts

What would I change to be able to set the height inside the BBCode?

[iframe height=xxx]URL[iframe]

If I set it to "auto" or "100%" in the parser, the iframe shows up much higher also if the site is smaller

12

Re: iFrame in posts

elbekko wrote:

This takes XSS to a whole new level hmm

...well, you're right....hmm, is it possible to make this only usable for administrators?

13

Re: iFrame in posts

has anyone worked on this further? I would also like my members to be able to use iframe but am nervous about the security risks.

14

Re: iFrame in posts

well, I don't know much about that security stuff, but the iFrame-thing works fine.

Re: iFrame in posts

if you want to allow people to use iframe on your forum they can add scripts on that site that e.g injects trojans or other things like that

Thats why you should have HTML disabled on the forum

16

Re: iFrame in posts

Is there any way that you could restrict the domain that the iframe points to?

Re: iFrame in posts

A link would work just fine.

18

Re: iFrame in posts

So what would I have to do to make this only usable by a specific group of members?

19

Re: iFrame in posts

*bump*

D3V1N wrote:

So what would I have to do to make this only usable by a specific group of members?