You are not logged in. Please login or register.
PunBB Forums → PunBB 1.2 bug reports → Forum won't convert [img] tag unless you include http://
My forum won't convert the tags and url's into an image unless you include the http:// part. Is there a reason it shouldn't or is this a bug?
It's easy enough to get around, but I thought I'd alert you.
Here's an example:
[img]www.hmeternity.net/Forum/img/other/e2.gif[/img]
it's not a bug. it's a feature. lok into parser.php line 462
$text = preg_replace('#\[img\]((ht|f)tps?://)([^\s<"]*?)\[/img\]#e', 'handle_img_tag(\'$1$3\', true)', $text);
you see there (http/https/ftp/ftps://) as must-be prefix. you could replace it with
$text = preg_replace('#\[img\]([^\s<"]*?)\[/img\]#e', 'handle_img_tag(\'$1\', true)', $text);
but in fact it will make forum more vulnerable.
Potential cross site scripting vulnerabilities is exactly what I'm afraid of. If possible, I don't want to "open up" the image tag any more than it is today.
PunBB Forums → PunBB 1.2 bug reports → Forum won't convert [img] tag unless you include http://
Powered by PunBB, supported by Informer Technologies, Inc.