Latest Announcemnent
New thread
Status
Not open for further replies.
M

makfun

Active Member
310
2010
1
0
How can I enable or add html codes. Like Following SnapShot. I tried but not working.

My Website is www.appleshare.org

32065427372012063483.jpg
 
13 comments
HTML is dangerous and is disabled by default.

You want your users to post something like this?
Code: 
<script>alert('XSS')</script>

Aka not good idea ;)
 
IN your acp it is by user group and forum settings.

But what you are showing can be done with bbcode.

Code: 
[url="www.google.com"]Google[/url]
[img]http://appleshare.org/public/style_images/5_cooltext504305537.png[/img]

[ url="www.google.com"]Google[ /url]
[ img]http://appleshare.org/public/style_images/5_cooltext504305537.png[ /img]
 
Last edited:
Thanks for this. Actually, I want to post following Forums URL (1) or Forums (2). Any one of them code. But I am receiving this error.

2nu11fr.jpg



and also I have enabled images in ACP

108cyvq.jpg
 
Last edited:
You are trying to add html code into your forum where you do not allow it.
Remove the <a href=.... part
And only use this:
PHP: 
[url=http://www.***********/*****appleshare][img]http://images.***********/imagens/banner9/?u=appleshare&u3=7403064[img][/url]
 
You are using dynamic images in an img statement. It has to be the direct link to the image.

dynamic : ?u=appleshare&u3=7403064 not allowed

but this is allowed [img ]http: //appleshare.org/public/style_images/5_cooltext504305537.png[/img]
 
no you can't add dynamic images as it's a security issue.

This is the easiest way of doing it.

create a file called index.php and in it put the following:
PHP: 
<?php header('Location: http://images.***********/imagens/banner9/?u=appleshare&u3=7403064'); ?>

Then create a folder on your site called some.jpg

Now that's a FOLDER and in that folder you put the index.php file like I'm showing below

6CHnU.png


That means if you go to example.com/some.jpg what your actually going to is example.com/some.jpg/index.php but your tricking IPB into thinking it's a jpg file by the way you named the folder.

Their are loads of other ways of doing it but that's the easiest way I can think of at the moment.

Here's proof of it working on an IPB website

CzIef.png
 
Last edited:
The easiest way would be his not using anything but html <img.

Like This:
PHP: 
<php>$neoBimg = "<img src='http://images.***********/imagens/banner9/?u=appleshare&u3=7403064>";</php>{$neoBimg}
 
Lock Down said:
The easiest way would be his not using anything but html <img.

Like This:
PHP: 
<php>$neoBimg = "<img src='http://images.***********/imagens/banner9/?u=appleshare&u3=7403064>";</php>{$neoBimg}
Click to expand...

That would mean enabling php tags for staff which I wouldn't advise as if a staff account was compromised they could potentially get full server access. At least if you don't enable php tags your not opening your site to security issues.

but yes it is another option
 
What staff? I only allow myself to make changes to my system. The only ones who have access to skin changes could do anything harmful.
No one but your self should have direect access to your skins or database tools.

That is why you have test forums set up for outsiders to make changes if nescessary. Otherwise you need to trust the ones you give this great power. :))
 
Going off topic here but let's say in the unlikely event you have your forum account compromised. If you have htaccess password protected admin area like most good webmasters would suggest (or even better it IP protected) then they can't get access to modify the skins, access database tools or cause real damage. If you have php tags enabled then they can still potentially gain access.

It's all extremely hypothetical and highly unlikely to happen but I'd always take the safer option even if it's more work.

Either option will work fine though and it's just a personal preference.
 
Status
Not open for further replies.
Back
Top