Re:[img] String Replacement in Mylinks [Module usage questions]

1

[img] String Replacement in Mylinks

2004/10/18 9:01
Franki
Just popping in
Posts: 8
Since: 2004/10/18

I'm trying to locate the codes that responsible for replacing/substituting the [img] code in Mylinks' Link Description to <img...>, but cannot seem to find it anywhere.

I'm trying to debug as to why an image link (inserted into Mylinks' Link Description) works and the other doesn't:


WORKS (direct link to image): 

   [img]<URL>/image.gif[/img]

     -> MyLinks returns: <img src="<URL>/image.gif">



WORKS (this server does the URL rewriting): 

   [img]<URL>/a/b/c/[/img]

     -> MyLinks returns: <img src="<URL>/a/b/c/">



DOES NOT WORK (this server uses script to interact with

database and then redirect to actual location of image):

   [img]<URL>/image.php?a=1&b=2&image=1[/img]

     -> MyLinks returns: [img]<URL>/image.php?a=1&b=2&image=1[/img]

Does any one know where it is or can help with this scenario? (I've tried searching but cannot find any reference)

Cheers

2

Re:[img] String Replacement in Mylinks

2004/10/18 9:21
Herko
XOOPS is my life!
Posts: 4238
Since: 2002/2/4 1

that's a safety precoution: images are image files, not executable PHP files. If this was enabled, anyone could post an image that executes any script which would be a bad thing.

If you still want to hack this is, you'll have to look in the core textsanitsier classes. These things aren't set per module, but in the core.

Herko

3

Re:[img] String Replacement in Mylinks

2004/10/18 9:29
Franki
Just popping in
Posts: 8
Since: 2004/10/18

Thanks Herko,

So this is true even though the variable is stored in mylinks_text table as "[img]<URL>/image.php?a=1&b=2&image=1[/img]", XOOPS then transforms it to <img src="..."> so the browser could call the image for display (rather than XOOPS executing the link)?

4

Re:[img] String Replacement in Mylinks

2004/10/18 9:35
Herko
XOOPS is my life!
Posts: 4238
Since: 2002/2/4 1

your image has a php file extension, so yes. It's not 'executing the link', it's executing th ephp file, which is done when calling a php file. Calling the image is loading the data for display, and calling a script has a different file extension. But again, it IS possible to hack the possibility in, but I can't help you there...

Herko

5

Re:[img] String Replacement in Mylinks

2004/10/18 9:46
Franki
Just popping in
Posts: 8
Since: 2004/10/18

I see. Thanks.

The only code I found in /class/module.textsanitizer.php relating to images are:


$patterns[] = "/[img align=(['"]?)(left|center|right)\1]([^"()?&'<>]*)[/img]/sU";

$patterns[] = "/[img]([^"()?&'<>]*)[/img]/sU";

$patterns[] = "/[img align=(['"]?)(left|center|right)\1 id=(['"]?)([0-9]*)\3]([^"()?&'<>]*)[/img]/sU";

$patterns[] = "/[img id=(['"]?)([0-9]*)\1]([^"()?&'<>]*)[/img]/sU";

if ($allowimage != 1) {

    $replacements[] = '<a href="\3" target="_blank">\3</a>';

    $replacements[] = '<a href="\1" target="_blank">\1</a>';

    $replacements[] = '<a href="'.XOOPS_URL.'/image.php?id=\4" target="_blank">\4</a>';

    $replacements[] = '<a href="'.XOOPS_URL.'/image.php?id=\2" target="_blank">\3</a>';

} else {

    $replacements[] = '<img src="\3" align="\2" alt="" />';

    $replacements[] = '<img src="\1" alt="" />';

    $replacements[] = '<img src="'.XOOPS_URL.'/image.php?id=\4" align="\2" alt="\4" />';

    $replacements[] = '<img src="'.XOOPS_URL.'/image.php?id=\2" alt="\3" />';

Based on the above, XOOPS should just substitute the code, as I cannot find where the file extension were being "limited" (eg. gif, jpg, png) - does this exist at all (I don't think it's $allowimage)?

(Also, the last couple of lines relate to images servered by xoops, but are in similar to the format I'm having trouble with...

)

Anyone else with any ideas as to why/how?

6

Re:[img] String Replacement in Mylinks

2004/10/21 6:19
file2mail
Just popping in
Posts: 27
Since: 2004/5/23

The problem is with the question mark ... as a security precaution ... urls entered with a ? are not parsed in case of it used to execute some sort of code...

[img]<URL>/image.php?a=1&b=2&image=1[/img] <-- has a question mark

... if u want to disable this and allow question marks.. go into the module.textsanitiser.php file ...

and change this:


$patterns[] = "/[img align=(['"]?)(left|center|right)\1]([^"()?&'<>]*)[/img]/sU";

$patterns[] = "/[img]([^"()?&'<>]*)[/img]/sU";

$patterns[] = "/[img align=(['"]?)(left|center|right)\1 id=(['"]?)([0-9]*)\3]([^"()?&'<>]*)[/img]/sU";

$patterns[] = "/[img id=(['"]?)([0-9]*)\1]([^"()?&'<>]*)[/img]/sU";

and remove the \? from all four of those ... so its like:


$patterns[] = "/[img align=(['"]?)(left|center|right)\1]([^"()&'<>]*)[/img]/sU";

$patterns[] = "/[img]([^"()&'<>]*)[/img]/sU";

$patterns[] = "/[img align=(['"]?)(left|center|right)\1 id=(['"]?)([0-9]*)\3]([^"()&'<>]*)[/img]/sU";

$patterns[] = "/[img id=(['"]?)([0-9]*)\1]([^"()&'<>]*)[/img]/sU";

This has been discussed before... you should really search around more on the forum ... the answer is there with a little bit of searching

7

Re:[img] String Replacement in Mylinks

2004/10/25 12:14
Franki
Just popping in
Posts: 8
Since: 2004/10/18

Thanks file2mail! Much appreciated.

(I spent about 45 minutes searching the forums before posting, but came up with nothing)

Edit: anyone using this, you also need to remove the "&" if your image path have them. (I can follow examples, but need the start pointers ;)


$patterns[] = "/[img align=(['"]?)(left|center|right)\1]([^"()&'<>]*)[/img]/sU";

$patterns[] = "/[img]([^"()'<>]*)[/img]/sU";

$patterns[] = "/[img align=(['"]?)(left|center|right)\1 id=(['"]?)([0-9]*)\3]([^"()'<>]*)[/img]/sU";

$patterns[] = "/[img id=(['"]?)([0-9]*)\1]([^"()'<>]*)[/img]/sU";

Cheers.

Stats
Goal:	$100.00
Due Date:	May 31
Gross Amount:	$0.00
Net Balance:	$0.00
Left to go:	$100.00

[img] String Replacement in Mylinks

Re:[img] String Replacement in Mylinks

Re:[img] String Replacement in Mylinks

Re:[img] String Replacement in Mylinks

Re:[img] String Replacement in Mylinks

Re:[img] String Replacement in Mylinks

Re:[img] String Replacement in Mylinks

Login

Search

Recent Posts

Re: Rebuilding and Updating a 20 years old Xoops Website from 2.0.18? to 2.5.11

Rebuilding and Updating a 20 years old Xoops Website from 2.0.18? to 2.5.11

Re: NewBB v 5.1.0 b 6

Re: NewBB v 5.1.0 b 6

NewBB v 5.1.0 b 6

Re: XOOPS 2.5.11 search user is not working

Re: oledrion

Re: oledrion

Re: oledrion

Re: oledrion

Who's Online

Donat-O-Meter

Latest GitHub Commits

{{ record.sha.slice(0, 7) }} - {{ record.commit.message | truncate }}