Page Index Toggle Pages: [1] 2  Send TopicPrint
Hot Topic (More than 10 Replies) JavaScript? (Read 3937 times)
=Alex=
Ex Member


JavaScript?
Feb 19th, 2003 at 8:45am
Print Post  
>>Test...<<

  
Back to top
 
IP Logged
 
BHRA Webmaster
God Member
*****
Offline


Mod Author of the Year
2002

Posts: 5238
Location: BHRA Headquarters
Joined: Jan 18th, 2002
Gender: Male
Re: JavaScript?
Reply #1 - Feb 19th, 2003 at 12:14pm
Print Post  
that would be a security hole then. Undecided
  


World Domination, one smiley at a time!
Back to top
 
IP Logged
 
Jake
God Member
*****
Offline



Posts: 1265
Location: asia
Joined: Jun 22nd, 2002
Gender: Male
Re: JavaScript?
Reply #2 - Feb 19th, 2003 at 12:20pm
Print Post  
>>Test...<<


Can any one test this ??? ???

On mouseover
  

   
Back to top
 
IP Logged
 
Shoeb Omar
God Member
*****
Offline


Mod Writer

Posts: 5665
Location: San Diego
Joined: Jun 29th, 2001
Gender: Male
Re: JavaScript?
Reply #3 - Feb 19th, 2003 at 1:37pm
Print Post  
we already know. it's either fixed in sp1.2 or sp1.3
  

YaBB SP2 BETA!
Now taking pay jobs in PHP or Perl.  Contact me for details.
Back to top
IP Logged
 
=Alex=
Ex Member


Re: JavaScript?
Reply #4 - Feb 19th, 2003 at 2:51pm
Print Post  
[code]###############################################################################
# YaBBC.pl                                                                    #
###############################################################################
# YaBB: Yet another Bulletin Board                                            #
# Open-Source Community Software for Webmasters                               #
# Software Version: YaBB 1 Gold - SP1                                         #
# Released: December 2001                                                     #
# =========================================================================== #
# Software Distributed by:    http://yabb.xnull.com                           #
# Support, News, Updates at:  http://yabb.xnull.com/community/                #
# =========================================================================== #
# Copyright (c) 2000-2002 Xnull (www.xnull.com) - All Rights Reserved.        #
# Software by: The YaBB Development Team                                      #
#              with assistance from the YaBB community.                       #
###############################################################################

$yabbcplver = "1 Gold - SP1";

$yyYaBBCloaded = 1;

sub validwidth {
  return ( $_[0] > 400 ? 400 : $_[0] );
}

sub MakeSmileys {
  $message =~ s/(\W|\A)\;\)/$1\<img border=0 src=$imagesdir\/wink.gif\>/g;
  $message =~ s/(\W|\A)\;\-\)/$1\<img border=0 src=$imagesdir\/wink.gif\>/g;
  $message =~ s/(\W|\A)\;D/$1\<img border=0 src=$imagesdir\/grin.gif\>/g;
  $message =~ s/\Q:'(\E/\<img border=0 src=$imagesdir\/cry.gif\>/g;
  $message =~ s/(\W)\:\-\//$1\<img border=0 src=$imagesdir\/undecided.gif\>/g;
  $message =~ s/\Q:-X\E/\<img border=0 src=$imagesdir\/lipsrsealed.gif\>/g;
  $message =~ s/\Q:-[\E/\<img border=0 src=$imagesdir\/embarassed.gif\>/g;
  $message =~ s/\Q:-*\E/\<img border=0 src=$imagesdir\/kiss.gif\>/g;
  $message =~ s/\Q&gt;:(\E/\<img border=0 src=$imagesdir\/angry.gif\>/g;
  $message =~ s/\Q::)\E/\<img border=0 src=$imagesdir\/rolleyes\.gif\>/g;
  $message =~ s/\Q:P\E/\<img border=0 src=$imagesdir\/tongue\.gif\>/g;
  $message =~ s/\Q:)\E/\<img border=0 src=$imagesdir\/smiley\.gif\>/g;
  $message =~ s/\Q:-)\E/\<img border=0 src=$imagesdir\/smiley\.gif\>/g;
  $message =~ s/\Q:D\E/\<img border=0 border=0 src=$imagesdir\/cheesy.gif\>/g;
  $message =~ s/\Q:-(\E/\<img border=0 src=$imagesdir\/sad.gif\>/g;
  $message =~ s/\Q:(\E/\<img border=0 src=$imagesdir\/sad.gif\>/g;
  $message =~ s/\Q:o\E/\<img border=0 src=$imagesdir\/shocked.gif\>/gi;
  $message =~ s/\Q8)\E/\<img border=0 src=$imagesdir\/cool.gif\>/g;
  $message =~ s/\Q???\E/\<img border=0 src=$imagesdir\/huh.gif\>/g;
  $message =~ s/\Q?!?\E/\<img border=0 src=$imagesdir\/huh.gif\>/g;
}

$MAXIMGWIDTH = 400;
$MAXIMGHEIGHT = 500;
sub restrictimage {
  my($w,$h,$s) = @_;
  $w = $w <= $MAXIMGWIDTH ? $w : $MAXIMGWIDTH;
  $h = $h <= $MAXIMGHEIGHT ? $h : $MAXIMGHEIGHT;
  return qq~<img src="$s" width="$w" height="$h" alt="" border="0">~;
}

sub quotemsg {
  my( $qauthor, $qlink, $qdate, $qmessage ) = @_;
  $qdate = &timeformat($qdate);
  $_ = $txt{'704'};
  $_ =~ s~AUTHOR~$qauthor~g;
  $_ =~ s~QUOTELINK~$scripturl?action=display;$qlink~g;
  $_ =~ s~DATE~$qdate~g;
  $_ =~ s~QUOTE~$qmessage~g;
  return $_;
}

sub simplequotemsg {
  my $qmessage = $_[0];
  $_ = $txt{'705'};
  $_ =~ s~QUOTE~$qmessage~g;
  return $_;
}

{
  my %killhash = (
  ';' => '&#059;',
  '!' => '&#33;',
  '(' => '&#40;',
  ')' => '&#41;',
  '-' => '&#45;',
  '.' => '&#46;',
  '/' => '&#47;',
  ':' => '&#58;',
  '?' => '&#63;',
  '[' => '&#91;',  '\\' => '&#92;',
  ']' => '&#93;',
  '^' => '&#94;'
  );
  sub codemsg {
    my $code = $_[0];
    if($code !~ /&\S*;/) { $code =~ s/;/&#059;/g; }
    $code =~ s~([\(\)\-\:\\\/\?\!\]\[\.\^])~$killhash{$1}~g;
    $_ = $txt{'706'};
    $_ =~ s~CODE~$code~g;
    return $_;
  }
#<security fix>
sub killScript {
    my $script =$_[0];
    $script =~ s~(\D)~~g;
    return $script;
  }
#</security fix>
}

sub DoUBBC {
  $message =~ s~\[code\]~ \[code\]~ig;
  $message =~ s~\[/code\]~ \[/code\]~ig;
  $message =~ s~\[quote\]~ \[quote\]~ig;
  $message =~ s~\[/quote\]~ \[/quote\]~ig;
  $message =~ s~\[glow\]~ \[glow\]~ig;
  $message =~ s~\[/glow\]~ \[/glow\]~ig;
  $message =~ s~<br>~\n~ig;
  $message =~ s~\[code\]\n*(.+?)\n*\[/code\]~&codemsg($1)~eisg;
  $message =~ s~\[pre\](.+?)\[/pre\]~'<pre>' . dopre($1) . '</pre>'~iseg;


  $message =~ s~\[([^\]]{0,30})\n([^\]]{0,30})\]~\[$1$2\]~g;
  $message =~ s~\[/([^\]]{0,30})\n([^\]]{0,30})\]~\[/$1$2\]~g;
  $message =~ s~(\w+://[^<>\s\n\"\]\[]+)\n([^<>\s\n\"\]\[]+)~$1\n$2~g;
  $message =~ s~\[b\](.+?)\[/b\]~<b>$1</b>~isg;
  $message =~ s~\[i\](.+?)\[/i\]~<i>$1</i>~isg;
  $message =~ s~\[u\](.+?)\[/u\]~<u>$1</u>~isg;
  $message =~ s~\[s\](.+?)\[/s\]~<s>$1</s>~isg;
  $message =~ s~\[move\](.+?)\[/move\]~<marquee>$1</marquee>~isg;

  $message =~ s~\[glow(.*?)\](.*?)\[/glow\]~qq^[glow$1]^ . &elimnests($2) . q^[/glow]^~eisg;
  $message =~ s~\[shadow(.*?)\](.*?)\[/shadow\]~qq^[shadow$1]^ . &elimnests($2) . q^[/shadow]^~eisg;
#<security fix>
#  $message =~ s~\[shadow=(\S+?),(.+?),(.+?)\](.+?)\[/shadow\]~q^[&table width=^ . validwidth($3) . qq^ style="filter:shadow\(color=$1, direction=$2\)"\]$4\[/\&table\]^~eisg;
#  $message =~ s~\[glow=(\S+?),(.+?),(.+?)\](.+?)\[/glow\]~q^[&table width=^ . validwidth($3) . qq^ style="filter:glow\(color=$1, strength=$2\)"\]$4\[/\&table\]^~eisg;
  $message =~ s~\[shadow=(\S+?),(.+?),(.+?)\](.+?)\[/shadow\]~q^[&table width=^ . validwidth(&killScript($3)) . qq^ style="filter:shadow\(color=$1, direction=$2\)"\]$4\[/\&table\]^~eisg;
  $message =~ s~\[glow=(\S+?),(.+?),(.+?)\](.+?)\[/glow\]~q^[&table width=^ . validwidth(&killScript($3)) . qq^ style="filter:glow\(color=$1, strength=$2\)"\]$4\[/\&table\]^~eisg;
#</security fix>
  $message =~ s~\/me\s(\S*)~<font color="red">* $1</font>~g;

  $message =~ s~\[color=([\w#]+)\](.*?)\[/color\]~<font color="$1">$2</font>~isg;
  $message =~ s~\[black\](.*?)\[/black\]~<font color=000000>$1</font>~isg;
  $message =~ s~\[white\](.*?)\[/white\]~<font color=FFFFFF>$1</font>~isg;
  $message =~ s~\[red\](.*?)\[/red\]~<font color=FF0000>$1</font>~isg;
  $message =~ s~\[green\](.*?)\[/green\]~<font color=00FF00>$1</font>~isg;
  $message =~ s~\[blue\](.*?)\[/blue\]~<font color=0000FF>$1</font>~isg;

  $message =~ s~\[font=(.+?)\](.+?)\[/font\]~<font face="$1">$2</font>~isg;
  $message =~ s~\[size=(.+?)\](.+?)\[/size\]~<font size="$1">$2</font>~isg;

  $message =~ s~\[img\]\n?javascript\:(.+?)\n?\[/img\]~\[ img\]javascript\:$1\[/img \]~isg;
  if($message =~ m~\[img\]\n?(.+?)\n?\[/img\]~gi && $1 !~ m~javascript\:~gi) { $message =~ s~\[img\]\n?(.+?)\n?\[/img\]~<img src="$1" alt="" border="0">~isg; }
  $message =~ s~\[img width=(\d+) height=(\d+)\]\n?javascript\:(.+?)\n?\[/img\]~\[ img width=$1 height=$2\]javascript\:$3\[/img \]~isg;
  if($message =~ m~\[img width=(\d+) height=(\d+)\]\n?(.+?)\n?\[/img\]~gi && $3 !~ m~javascript\:~gi) { $message =~ s~\[img width=(\d+) height=(\d+)\]\n?(.+?)\n?\[/img\]~restrictimage($1,$2,$3)~eisg; }

  $message =~ s~\[tt\](.*?)\[/tt\]~<tt>$1</tt>~isg;
  $message =~ s~\[left\](.+?)\[/left\]~<p align=left>$1</p>~isg;
  $message =~ s~\[center\](.+?)\[/center\]~<center>$1</center>~isg;
  $message =~ s~\[right\](.+?)\[/right\]~<p align=right>$1</p>~isg;
  $message =~ s~\[sub\](.+?)\[/sub\]~<sub>$1</sub>~isg;
  $message =~ s~\[sup\](.+?)\[/sup\]~<sup>$1</sup>~isg;
  $message =~ s~\[fixed\](.+?)\[/fixed\]~<font face="Courier New">$1</font>~isg;

  $message =~ s~\[hr\]\n~<hr width=40% align=left size=1>~g;
  $message =~ s~\[hr\]~<hr width=40% align=left size=1>~g;
  $message =~ s~\[br\]~\n~ig;

  if( $autolinkurls ) {
    $message =~ s~([^\w\"\=\[\]]|[\n\b]|\A)\\*(\w+://[\w\~\.\;\:\,\$\-\+\!\*\?/\=\&\@\#\%]+\.[\w\~\;\:\$\-\+\!\*\?/\=\&\@\#\%]+[\w\~\;\:\$\-\+\!\*\?/\=\&\@\#\%])~$1<a href="$2" target="_blank">$2</a>~isg;
    $message =~ s~([^\"\=\[\]/\:\.(\://\w+)]|[\n\b]|\A)\\*(www\.[^\.][\w\~\.\;\:\,\$\-\+\!\*\?/\=\&\@\#\%]+\.[\w\~\;\:\$\-\+\!\*\?/\=\&\@\#\%]+[\w\~\;\:\$\-\+\!\*\?/\=\&\@\#\%])~$1<a href="http://$2" target="_blank">$2</a>~isg;
  }
  $message =~ s~\[url\]www\.\s*(.+?)\s*\[/url\]~<a href="http://www.$1" target="_blank">www.$1</a>~isg;
  $message =~ s~\[url=\s*(\w+\://.+?)\](.+?)\s*\[/url\]~<a href="$1" target="_blank">$2</a>~isg;
  $message =~ s~\[url=\s*(.+?)\]\s*(.+?)\s*\[/url\]~<a href="http://$1" target="_blank">$2</a>~isg;
  $message =~ s~\[url\]\s*(.+?)\s*\[/url\]~<a href="$1" target="_blank">$1</a>~isg;

  $message =~ s~\[link\]www\.\s*(.+?)\s*\[/link\]~<a href="http://www.$1">www.$1</a>~isg;
  $message =~ s~\[link=\s*(\w+\://.+?)\](.+?)\s*\[/link\]~<a href="$1">$2</a>~isg;
  $message =~ s~\[link=\s*(.+?)\]\s*(.+?)\s*\[/link\]~<a href="http://$1">$2</a>~isg;
  $message =~ s~\[link\]\s*(.+?)\s*\[/link\]~<a href="$1">$1</a>~isg;

  $message =~ s~\[email\]\s*(\S+?\@\S+?)\s*\[/email\]~<a href="mailto:$1">$1</a>~isg;
  $message =~ s~\[email=\s*(\S+?\@\S+?)\]\s*(.*?)\s*\[/email\]~<a href="mailto:$1">$2</a>~isg;

  $message =~ s~\[news\](.+?)\[/news\]~<a href="$1">$1</a>~isg;
  $message =~ s~\[gopher\](.+?)\[/gopher\]~<a href="$1">$1</a>~isg;
  $message =~ s~\[ftp\](.+?)\[/ftp\]~<a href="$1">$1</a>~isg;

  $message =~ s~\[quote\s+author=(.*?)link=(.*?)\s+date=(.*?)\s*\]\n*(.*?)\n*\[/quote\]~&quotemsg($1,$2,$3,$4)~eisg;
  $message =~ s~\[quote\]\n*(.+?)\n*\[/quote\]~&simplequotemsg($1)~eisg;

  $message =~ s~\[list\]~<ul>~isg;
  $message =~ s~\[\*\]~<li>~isg;
  $message =~ s~\[/list\]~</ul>~isg;

  if ($message =~ /\/isg || $ns =~ "NS") {$message =~ s/\//isg;} else { &MakeSmileys; }

  $message =~ /\[flash\=(\S+?),(\S+?)](\S+?)\[\/flash\]/;
  $width = $1;
  $height = $2;
  if ($width > 500) { $width = 500; }
  if ($height > 500) { $height = 500; }
  $message =~ s~\[flash\=(\S+?),(\S+?)](\S+?)\[\/flash\]~<object classid=\"clsid:D27CDB6E-AE6D-11cf-96B8-444553540000\" width=$width height=$height><param name=movie value=$3><param name=play value=true><param name=loop value=true><param name=quality value=high><embed src=$3 width=$width height=$height play=true loop=true quality=high></embed></object>~g;

  if( $message =~ m~\[table\]\s*(.+?)\s*\[tr\]~i ) {
    while( $message =~ s~<marquee>(.*?)\[table\](.*?)\[/table\](.*?)</marquee>~<marquee>$1<table>$2</table>$3</marquee>~s ) {}
    while( $message =~ s~<marquee>(.*?)\[table\](.*?)</marquee>(.*?)\[/table\]~<marquee>$1\[//table\]$2</marquee>$3\[//table\]~s ) {}
    while( $message =~ s~\[table\](.*?)<marquee>(.*?)\[/table\](.*?)</marquee>~\[//table\]$1<marquee>$2\[//table\]$3</marquee>~s ) {}
    $message =~ s~\n{0,1}\[table\]\n*(.+?)\n*\[/table\]\n{0,1}~<table>$1</table>~isg;
    while( $message =~ s~\<table\>(.*?)\n*\[tr\]\n*(.*?)\n*\[/tr\]\n*(.*?)\</table\>~<table>$1<tr>$2</tr>$3</table>~is ) {}
    while( $message =~ s~\<tr\>(.*?)\n*\[td\]\n{0,1}(.*?)\n{0,1}\[/td\]\n*(.*?)\</tr\>~<tr>$1<td>$2</td>$3</tr>~is ) {}
  }

  while( $message =~ s~<a([^>]*?)\n([^>]*)>~<a$1$2>~ ) {}
  while( $message =~ s~<a([^>]*)>([^<]*?)\n([^<]*)</a>~<a$1>$2$3</a>~ ) {}
##<security fix> while( $message =~ s~<a([^>]*?)&amp;([^>]*)>~<a$1&$2>~ ) {}
##[url]ANYscr&#105pt:....[/url]
  while( $message =~ s~<img([^>]*?)\n([^>]*)>~<img$1$2>~ ) {}
##<security fix> while( $message =~ s~<img([^>]*?)&amp;([^>]*)>~<img$1&$2>~ ) {}
##[img]ANYscr&#105pt:....[/img]

  $message =~ s~\[\&table(.*?)\]~<table$1>~g;
  $message =~ s~\[/\&table\]~</table>~g;
  $message =~ s~\n~<br>~ig;
}

1;
[/code]
  
Back to top
 
IP Logged
 
Jake
God Member
*****
Offline



Posts: 1265
Location: asia
Joined: Jun 22nd, 2002
Gender: Male
Re: JavaScript?
Reply #5 - Feb 19th, 2003 at 3:36pm
Print Post  
@=Alex=
i noticed your code above,you're going to tell that how to fix this,right?
And how about the [glow] and [shadow] tags if you put the # in font of those two lines,it doesn't exist anymore.
Thanks

  

   
Back to top
 
IP Logged
 
Administrator
Forum Administrator
*****
Offline


Yummm

Posts: 7
Location: Modders Rile
Joined: Oct 7th, 2014
Gender: Male
Re: JavaScript?
Reply #6 - Feb 19th, 2003 at 3:51pm
Print Post  
  

The Administrator.
Back to top
WWW  
IP Logged
 
Tea-Master
Forum Administrator
*****
Offline



Posts: 1945
Location: north germany
Joined: Oct 21st, 2001
Gender: Male
Re: JavaScript?
Reply #7 - Feb 19th, 2003 at 5:01pm
Print Post  
yep. and it'll be fixed with Sp1.3
  
Back to top
WWW  
IP Logged
 
Administrator
Forum Administrator
*****
Offline


Yummm

Posts: 7
Location: Modders Rile
Joined: Oct 7th, 2014
Gender: Male
Re: JavaScript?
Reply #8 - Feb 19th, 2003 at 6:32pm
Print Post  
And it's fixed here too now.
  

The Administrator.
Back to top
WWW  
IP Logged
 
Jake
God Member
*****
Offline



Posts: 1265
Location: asia
Joined: Jun 22nd, 2002
Gender: Male
Re: JavaScript?
Reply #9 - Feb 19th, 2003 at 6:58pm
Print Post  
Great
@Michael  Grin

would you mind to release this fix as a mod

Thank You So Much
  

   
Back to top
 
IP Logged
 
Jake
God Member
*****
Offline



Posts: 1265
Location: asia
Joined: Jun 22nd, 2002
Gender: Male
Re: JavaScript?
Reply #10 - Feb 19th, 2003 at 7:01pm
Print Post  
Let me try a shadow text


Great
  

   
Back to top
 
IP Logged
 
Administrator
Forum Administrator
*****
Offline


Yummm

Posts: 7
Location: Modders Rile
Joined: Oct 7th, 2014
Gender: Male
Re: JavaScript?
Reply #11 - Feb 19th, 2003 at 7:16pm
Print Post  
There is already a fix, it will be included in SP1.3.
  

The Administrator.
Back to top
WWW  
IP Logged
 
=Alex=
Guest


Re: JavaScript?
Reply #12 - Apr 15th, 2003 at 12:14pm
Print Post  
Code
Select All
[img]http://my_site/cgi-bin/my_script.pl[/img] 

  
Back to top
 
IP Logged
 
Tea-Master
Forum Administrator
*****
Offline



Posts: 1945
Location: north germany
Joined: Oct 21st, 2001
Gender: Male
Re: JavaScript?
Reply #13 - Apr 15th, 2003 at 3:07pm
Print Post  
hm?
i assume this is a test for a hole?
  
Back to top
WWW  
IP Logged
 
Administrator
Forum Administrator
*****
Offline


Yummm

Posts: 7
Location: Modders Rile
Joined: Oct 7th, 2014
Gender: Male
Re: JavaScript?
Reply #14 - Apr 15th, 2003 at 3:12pm
Print Post  
Can't think of anything that could hurt a forum by calling a script in an image. Actually that's very handy for example to have a dynamic avatar.
  

The Administrator.
Back to top
WWW  
IP Logged
 
Page Index Toggle Pages: [1] 2 
Send TopicPrint