XOOPS 
Forum
Forum Index General Forums Community Support Modules Support Themes Support Development International Support Module Hack Reviews Theme Designer Talk
  1. Board index / 
  2. XOOPS Modules Support forums / 
  3. Module usage questions 
  4.  / [img] String Replacement in Mylinks
Register
1
Franki
[img] String Replacement in Mylinks

  • 2004/10/18 9:01

  • Franki

  • Just popping in

  • Posts: 8

  • Since: 2004/10/18


I'm trying to locate the codes that responsible for replacing/substituting the [img] code in Mylinks' Link Description to , but cannot seem to find it anywhere.

I'm trying to debug as to why an image link (inserted into Mylinks' Link Description) works and the other doesn't:

WORKS (direct link to image): 
   [img]<URL>/image.gif[/img]
     -> MyLinks returns: <img src="/image.gif">

WORKS (this server does the URL rewriting): 
   [img]<URL>/a/b/c/[/img]
     -> MyLinks returns: <img src="/a/b/c/">

DOES NOT WORK (this server uses script to interact with
database and then redirect to actual location of image):
   [img]<URL>/image.php?a=1&b=2&image=1[/img]
     -> MyLinks returns: [img]<URL>/image.php?a=1&b=2&image=1[/img]


Does any one know where it is or can help with this scenario? (I've tried searching but cannot find any reference)

Cheers
2
Herko
Re:[img] String Replacement in Mylinks

  • 2004/10/18 9:21

  • Herko

  • XOOPS is my life!

  • Posts: 4238

  • Since: 2002/2/4 1


that's a safety precoution: images are image files, not executable PHP files. If this was enabled, anyone could post an image that executes any script which would be a bad thing.

If you still want to hack this is, you'll have to look in the core textsanitsier classes. These things aren't set per module, but in the core.

Herko
3
Franki
Re:[img] String Replacement in Mylinks

  • 2004/10/18 9:29

  • Franki

  • Just popping in

  • Posts: 8

  • Since: 2004/10/18


Thanks Herko,

So this is true even though the variable is stored in mylinks_text table as "[img]/image.php?a=1&b=2&image=1[/img]", XOOPS then transforms it to so the browser could call the image for display (rather than XOOPS executing the link)?
4
Herko
Re:[img] String Replacement in Mylinks

  • 2004/10/18 9:35

  • Herko

  • XOOPS is my life!

  • Posts: 4238

  • Since: 2002/2/4 1


your image has a php file extension, so yes. It's not 'executing the link', it's executing th ephp file, which is done when calling a php file. Calling the image is loading the data for display, and calling a script has a different file extension. But again, it IS possible to hack the possibility in, but I can't help you there...

Herko
5
Franki
Re:[img] String Replacement in Mylinks

  • 2004/10/18 9:46

  • Franki

  • Just popping in

  • Posts: 8

  • Since: 2004/10/18


I see. Thanks.

The only code I found in /class/module.textsanitizer.php relating to images are:
$patterns[] = "/[img align=(['"]?)(left|center|right)\1]([^"()?&'<>]*)[/img]/sU";
$patterns[] = "/[img]([^"()?&'<>]*)[/img]/sU";
$patterns[] = "/[img align=(['"]?)(left|center|right)\1 id=(['"]?)([0-9]*)\3]([^"()?&'<>]*)[/img]/sU";
$patterns[] = "/[img id=(['"]?)([0-9]*)\1]([^"()?&'<>]*)[/img]/sU";
if ($allowimage != 1) {
    $replacements[] = '\3';
    $replacements[] = '\1';
    $replacements[] = '.XOOPS_URL.'/image.php?id=\4" target="_blank">\4';
    $replacements[] = '.XOOPS_URL.'/image.php?id=\2" target="_blank">\3';
} else {
    $replacements[] = '';
    $replacements[] = '';
    $replacements[] = '.XOOPS_URL.'/image.php?id=\4" align="\2" alt="\4" />';
    $replacements[] = '.XOOPS_URL.'/image.php?id=\2" alt="\3" />';


Based on the above, XOOPS should just substitute the code, as I cannot find where the file extension were being "limited" (eg. gif, jpg, png) - does this exist at all (I don't think it's $allowimage)?

(Also, the last couple of lines relate to images servered by xoops, but are in similar to the format I'm having trouble with... )

Anyone else with any ideas as to why/how?
6
file2mail
Re:[img] String Replacement in Mylinks

  • 2004/10/21 6:19

  • file2mail

  • Just popping in

  • Posts: 27

  • Since: 2004/5/23


The problem is with the question mark ... as a security precaution ... urls entered with a ? are not parsed in case of it used to execute some sort of code...

[img]/image.php?a=1&b=2&image=1[/img] <-- has a question mark

... if u want to disable this and allow question marks.. go into the module.textsanitiser.php file ...

and change this:
$patterns[] = "/[img align=(['"]?)(left|center|right)\1]([^"()?&'<>]*)[/img]/sU";
$patterns[] = "/[img]([^"()?&'<>]*)[/img]/sU";
$patterns[] = "/[img align=(['"]?)(left|center|right)\1 id=(['"]?)([0-9]*)\3]([^"()?&'<>]*)[/img]/sU";
$patterns[] = "/[img id=(['"]?)([0-9]*)\1]([^"()?&'<>]*)[/img]/sU";


and remove the \? from all four of those ... so its like:
$patterns[] = "/[img align=(['"]?)(left|center|right)\1]([^"()&'<>]*)[/img]/sU";
$patterns[] = "/[img]([^"()&'<>]*)[/img]/sU";
$patterns[] = "/[img align=(['"]?)(left|center|right)\1 id=(['"]?)([0-9]*)\3]([^"()&'<>]*)[/img]/sU";
$patterns[] = "/[img id=(['"]?)([0-9]*)\1]([^"()&'<>]*)[/img]/sU";



This has been discussed before... you should really search around more on the forum ... the answer is there with a little bit of searching
7
Franki
Re:[img] String Replacement in Mylinks

  • 2004/10/25 12:14

  • Franki

  • Just popping in

  • Posts: 8

  • Since: 2004/10/18


Thanks file2mail! Much appreciated.

(I spent about 45 minutes searching the forums before posting, but came up with nothing)



Edit: anyone using this, you also need to remove the "&" if your image path have them. (I can follow examples, but need the start pointers ;)

$patterns[] = "/[img align=(['"]?)(left|center|right)\1]([^"()&'<>]*)[/img]/sU";
$patterns[] = "/[img]([^"()'<>]*)[/img]/sU";
$patterns[] = "/[img align=(['"]?)(left|center|right)\1 id=(['"]?)([0-9]*)\3]([^"()'<>]*)[/img]/sU";
$patterns[] = "/[img id=(['"]?)([0-9]*)\1]([^"()'<>]*)[/img]/sU";


Cheers.

Login

Register now!  |  Lost Password?

Search

Advanced Search

Recent Posts

Who's Online

330 user(s) are online (111 user(s) are browsing Support Forums)

Members: 0

Guests: 330

more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits