allowing only https://.. images to be embedded with bbcode

Discussion forum for Extension Writers regarding Extension Development.
Post Reply
User avatar
richey
Registered User
Posts: 608
Joined: Mon Feb 18, 2002 4:26 pm
Location: now@Cyberspace
Contact:

allowing only https://.. images to be embedded with bbcode

Post by richey » Sun Apr 16, 2017 3:10 pm

I'd like to allow only images from secured websites (https://) to be posted.
For that, I added the following code to message_parser.php (function bbcode_img()):

Code: Select all

$urlchk = parse_url($in);
$urlscheme = isset($urlchk['scheme']) ? $urlchk['scheme'].'://' : 'http://';
if ($urlscheme=='http://'){
	$error = true;
	$this->warn_msg[] = "Please post only URLs with https://.";
}
However, it doesn't work. Can anone lead me to the right direction please? :?
.

User avatar
richey
Registered User
Posts: 608
Joined: Mon Feb 18, 2002 4:26 pm
Location: now@Cyberspace
Contact:

Re: allowing only https://.. images to be embedded with bbcode

Post by richey » Wed Apr 19, 2017 9:41 am

Strangely, this code doesn't seem to be executed at all?

Has this section been replaced by phpbb/textformatter/s9e or where would I check for an "acceptable" link to an image? Is anyone familiar enough with the code to be able to answer this?

thanks, r.
.

User avatar
JoshyPHP
Code Contributor
Posts: 948
Joined: Mon Jul 11, 2011 12:28 am

Re: allowing only https://.. images to be embedded with bbcode

Post by JoshyPHP » Thu Apr 20, 2017 12:33 am

To filter out attribute values from BBCodes you'll need to add your own serializable callback using the core.text_formatter_s9e_configure_after event.

Code: Select all

$event['configurator']->tags['img']->attributes['src']->filterChain[] = 'check_img_url';

function check_img_url($url)
{
	return (preg_match('(^https://)i', $url)) ? $url : false;
}
I don't think there's a way to add error messages after the message has been parsed. You can add them before it's parsed using the core.message_parser_check_message event.
I wrote the thing that does BBCodes in 3.2.

User avatar
richey
Registered User
Posts: 608
Joined: Mon Feb 18, 2002 4:26 pm
Location: now@Cyberspace
Contact:

Re: allowing only https://.. images to be embedded with bbcode

Post by richey » Fri Apr 21, 2017 10:36 am

Thanks for your feedback!! To be honest though, I don't even know that this code means or where to place it. :oops:

Is message_parser.php > function bbcode_img() even still executed at all when submitting posts? I was thinking adding a simple line of code triggering an error message if an image URL without "https://" is contained in the post would be enough for my purpose.

thanks, r.
.

User avatar
tojag
Registered User
Posts: 333
Joined: Thu Aug 07, 2014 8:00 am
Location: Warsaw, Poland, EU
Name: Gregory

Re: allowing only https://.. images to be embedded with bbcode

Post by tojag » Sun Feb 18, 2018 5:43 pm

Maybe instead of a warning message, it would be better to insert http images as a link and https images traditionally with a preview? I would be happy with this solution.

User avatar
canonknipser
Registered User
Posts: 1557
Joined: Thu Sep 08, 2011 4:16 am
Location: Germany
Name: Frank Jakobs
Contact:

Re: allowing only https://.. images to be embedded with bbcode

Post by canonknipser » Sun Feb 18, 2018 7:22 pm

That should be possible with this extension: https://www.phpbb.com/customise/db/exte ... es_as_link
Greetings, Frank
phpbb.de support team member
English is not my native language - no support via PM or mail
New arrival - Extensions and scripts for phpBB

User avatar
tojag
Registered User
Posts: 333
Joined: Thu Aug 07, 2014 8:00 am
Location: Warsaw, Poland, EU
Name: Gregory

Re: allowing only https://.. images to be embedded with bbcode

Post by tojag » Sun Feb 18, 2018 8:23 pm

Thanks, but i am not sure it works good with 3.2.2.

User avatar
PiperB
Registered User
Posts: 172
Joined: Mon Nov 07, 2016 6:54 pm

Re: allowing only https://.. images to be embedded with bbcode

Post by PiperB » Sun Feb 25, 2018 6:18 pm

**********************************************************

Wrote a fix last night.

Below is the fix for phpbb3.0.x first and then 3.1.x - 3.2.x after it below the dashed line. :D Only the finds are different. This will replace all of the http:// image links within posts with https:// and is useful for people who can't use camo for whatever reason whether it be no access to certain things or perhaps personal preference.
Note: Any images posted from sources that do not have a valid ssl certificate will be shown as the word "image" instead of the image that was intended to be shared. However many photo sharing sites such as photobucket or picturetrail have valid certificates and will be available as both http:// and https:// so therefore will still show.

For phpbb3.0.x:
1. Go through all html files and css files and change any hard coded images from http:// to https://

2. Open viewtopic.php

Find:

Code: Select all

	$message = smiley_text($message);
Add After: (On a new blank line)

Code: Select all

	//Make all images https:// to secure the pages.
	$message = str_replace('src="http://', 'src="https://', $message);
Save the file. Done! :)

--------------------------------------------------------------------

For phpbb 3.1.x - 3.2.x
1. Go through all html files and css files and change any hard coded images from http:// to https://

2. Open viewtopic.php

Find:

Code: Select all

$message = generate_text_for_display($row['post_text'], $row['bbcode_uid'], $row['bbcode_bitfield'], $parse_flags, true);
Add After: (On a new blank line)

Code: Select all

 //Make all images https:// to secure the pages.
 $message = str_replace('src="http://', 'src="https://', $message);
Save the file. Done! :)

This fix only effects image links and you do not need to change site urls in posts other than images because only the images and other media platforms such as videos *i.e. older youtube videos with http:// are causing this issue with the certificates. Sad that many members do not realize that although there is a "connection not secure" warning, that 100% of the textual content (i.e. logins, posts, signatures) is still being fully encrypted, as well as some of the images. That it's only some of the images which are not secure and only because of the site they are being hosted from not having a valid ssl certificate and not the actual site they are posted on causing the issue.

If you want your entire board viewtopic links and not just images to be https:// you could do this additional edit below also. (Though I DO NOT recommend this and recommend that you stick with the above fix or some other fix/mod/extension due to this would make all posted urls on the board which are not originally available through https:// follow through to the connection not secure warning page once the user is taken to that site they click on. (Though it might be an interesting fact for some people to know the sites they are posting links to are non-secure connections as they click the links to visit the sites and find out.) Furthermore I suggest you then create a rule to all members (if you do decide to use this below as well) that they are forbidden to post non-secure or rather non-https links.)

If you did use this in addition to the above you would post it right below it, again though, not recommended to change all urls per explanation above. Just adding this here for those who wish for the option. Unlike images not available through https:// the links without it will still show except as https:// and again would go to the non-secure connection page if the site it's linked from does not have https:// links or ssl rather.

Code: Select all

 //Make all urls in posts https://
 $message = str_replace("http://", "https://", $message);
Enjoy! :)
<!-- IF U_LOVE_NOTEPAD++ -->
[td class=statement]I Notepad++ ![/td]
<!-- ENDNEVER --> <!-- tee hee --> :P
Whoa ooo whoa ooo whoa I'm a Lady!

User avatar
PiperB
Registered User
Posts: 172
Joined: Mon Nov 07, 2016 6:54 pm

Re: allowing only https://.. images to be embedded with bbcode

Post by PiperB » Sat Jun 02, 2018 7:01 pm

*Deleted* was going to say something else but changed mind. You can delete this post. :)
<!-- IF U_LOVE_NOTEPAD++ -->
[td class=statement]I Notepad++ ![/td]
<!-- ENDNEVER --> <!-- tee hee --> :P
Whoa ooo whoa ooo whoa I'm a Lady!

Post Reply

Return to “Extension Writers Discussion”

Who is online

Users browsing this forum: No registered users and 19 guests