UBBCentral

7.5.9 Bug : Regex

Posted By: Mark S

7.5.9 Bug : Regex - 05/03/15 06:03 PM

1. Ive added a <space> after the word chrome so you can see what it should say.
2. Then what happens with out the space.

1. chrome ://flags/#enable-npapi
2. chrome://flags/#enable-npapi

onoes onoes onoes onoes

< suhosin Free Zone > lol
Posted By: isaac

Re: 7.5.9 Bug : Regex - 05/03/15 10:43 PM

Since "chrome:" is not a standard web url protocol. It is specific to the browser/software a person has installed on their device.

Protocol standards are http/https.

"chrome:" is unique only to users who have Google Chrome installed on their devices. The "about:" tag is also unique to what the user has installed on their device. These features allow that user to configure their Google Chrome browser software -- in the same way that the "about:" flags allow a user to configure their Mozilla Firefox software. Directly linking to these features from within UBBCode is beyond the scope of the intentions of UBB.threads. If you want to allow direct-link access to a user's browser settings, give that user access to post using "HTML" -- be warned though, allowing users to create posts with HTML can open up risks to your site.

Beyond allowing users to post with HTML code, have you tried adding these proprietary protocols to your custom tags?

Control Panel > Content Rebuilder > Custom Tag Editor
/admin/rebuildcontent.php?returntab=1


I'm look further in to this now. And there goes my Sunday.... lol
Posted By: Mark S

Re: 7.5.9 Bug : Regex - 05/03/15 11:29 PM

Ive never typed anything like it or will again.
Just feedback.

Enjoy your Sunday if you can.
Posted By: isaac

Re: 7.5.9 Bug : Regex - 05/04/15 09:15 AM

Mark, you're correct. You did find a bug.

UBB.threads was attempting to add URL BBCode around the outside of non-acceptable URL protocols. The bug seems to have existed for most of the 7.5.x series of UBB.threads. I've made the corrections to the code and now only the three acceptable protocols will be parsed. These corrections will be available in 7.6.0+

Thanks for the good find!

---

NOTES:
For security, the protocols accepted by the [url] tag will only accept local (relative) URLs, and URLs that use the http:, https:, or ftp: protocols. In particular, it will not accept any URL that uses protocols such as the javascript: protocol. This limitation is for security reasons, and can prevent code injection on your site. This includes any non-standard usage of the protocol format, such as chrome:, and about:.
© 2017 UBB.threads PHP Forum Software Community