Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> General/Other Stuff
Author Message
Dacubz
Worker
Worker


Joined: Apr 27, 2004
Posts: 156
Location: Homer Glen, Illinois

PostPosted: Sun Oct 19, 2008 8:53 am Reply with quote

I apologize in advance if I missed something, or posted this in the wrong place, but I searched and cant find how this can be embedded into a post in my site's forums. I can add youtube stuff, but I can't figure this one out.

Quote:
<iframe height="339" width="425" src="http://www.msnbc.msn.com/id/22425001/vp/27265490#27265490" frameborder="0" scrolling="no"></iframe>


Any help? Everything that I try just shows the code in the post.
 
View user's profile Send private message Visit poster's website
kguske
Site Admin


Joined: Jun 04, 2004
Posts: 6383

PostPosted: Sun Oct 19, 2008 10:56 am Reply with quote

Iframes are dangerous. Is there a way you can use object tags with msnbc content?

_________________
I google, therefore I exist...
Only registered users can see links on this board! Get registered or login!
 
View user's profile Send private message
Loki
Worker
Worker


Joined: Oct 05, 2003
Posts: 107
Location: Illinois

PostPosted: Sun Nov 02, 2008 11:54 am Reply with quote

kguske is right, I removed the web bbcode from the advanced bbcode addon due to the extreme security vulnerability of that addon. They can inject pretty much any hack into a web script and add it to your site.
 
View user's profile Send private message Visit poster's website
southern
Client


Joined: Jan 29, 2004
Posts: 591
Location: Texas

PostPosted: Sat Jan 28, 2012 9:25 am Reply with quote

Does this explain why I can't embed iframe videos into stories in RavenNuke 2.5? I should use the object format instead?

_________________
Computer Science is no more about computers than astronomy is about telescopes.
- E. W. Dijkstra 
View user's profile Send private message Visit poster's website MSN Messenger ICQ Number
spasticdonkey
RavenNuke(tm) Development Team


Joined: Dec 02, 2006
Posts: 1693
Location: Texas, USA

PostPosted: Sat Jan 28, 2012 10:00 am Reply with quote

I would have to think this is once again the $allowablehtml array which does not allow for iframe, and shouldn't. Were you able to to do this prior to 2.5?

If so, that's kinda strange since we actually expanded the $allowablehtml array from the prior version. Makes me wonder if we had been properly filtering before..
 
View user's profile Send private message Visit poster's website
killing-hours
RavenNuke(tm) Development Team


Joined: Oct 01, 2010
Posts: 438
Location: Houston, Tx

PostPosted: Sat Jan 28, 2012 11:55 am Reply with quote

Dacubz wrote:
I apologize in advance if I missed something, or posted this in the wrong place, but I searched and cant find how this can be embedded into a post in my site's forums. I can add youtube stuff, but I can't figure this one out.

Quote:
<iframe height="339" width="425" src="http://www.msnbc.msn.com/id/22425001/vp/27265490#27265490" frameborder="0" scrolling="no"></iframe>


Any help? Everything that I try just shows the code in the post.



Knock yourself out. Here is the object code you need to put into the SOURCE of the news item you want it to show in.

Code:
<object width="425" height="300" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=10,0,0,0" classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" id="msnbc1b190c">

<param value="http://www.msnbc.msn.com/id/32545640" name="movie" />
<param value="launch=27265490&amp;width=425&amp;height=300" name="FlashVars" />
<param value="always" name="allowScriptAccess" />
<param value="true" name="allowFullScreen" />
<param value="transparent" name="wmode" /> <embed width="425" height="300" pluginspage="http://www.adobe.com/shockwave/download/download.cgi?P1_Prod_Version=ShockwaveFlash" type="application/x-shockwave-flash" wmode="transparent" allowfullscreen="true" allowscriptaccess="always" flashvars="launch=27265490&amp;width=425&amp;height=300" src="http://www.msnbc.msn.com/id/32545640" name="msnbc1b190c"></embed></object>


Tested on my site and working... it's embedded.

Edit.... Sheesh... i'm behind the curve.

_________________
Money is the measurement of time - Me
"You can all go to hell…I’m going to Texas" -Davy Crockett 
View user's profile Send private message
southern
PostPosted: Sat Jan 28, 2012 12:31 pm Reply with quote

spasticdonkey wrote:
I would have to think this is once again the $allowablehtml array which does not allow for iframe, and shouldn't. Were you able to to do this prior to 2.5?

If so, that's kinda strange since we actually expanded the $allowablehtml array from the prior version. Makes me wonder if we had been properly filtering before..


Yes, prior to RavenNuke 2.5 I was able to embed iframe videos like YouTube. I thought this was due to posting stories as admin, since admin overrides $allowablehtml. I could post javascript too which is not in $allowablehtml.
 
spasticdonkey
PostPosted: Sat Jan 28, 2012 12:42 pm Reply with quote

Yeah I could be wrong about that. I was drawing conclusions from another recent thread. I'll try out some things when I get a chance.... but having one of those mornings where I'm not getting much accomplished.. I guess it IS Saturday Smile

So killing-hours, did your code work?
 
Palbin
Site Admin


Joined: Mar 30, 2006
Posts: 2583
Location: Pittsburgh, Pennsylvania

PostPosted: Sat Jan 28, 2012 5:17 pm Reply with quote

southern, can you post an example of what you are trying to post?

_________________
"Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it." — Brian W. Kernighan. 
View user's profile Send private message
Palbin
PostPosted: Sat Jan 28, 2012 5:53 pm Reply with quote

southern, this has to do with filtering added in 2.5. It seems to be to strict for admins. I will get back to you.
 
southern
PostPosted: Sat Jan 28, 2012 8:01 pm Reply with quote

Palbin wrote:
southern, can you post an example of what you are trying to post?


Just the typical YouTube embed code:
Code:


<iframe width="420" height="315" src="http://www.youtube.com/embed/JkNZjDM_FQI" frameborder="0" allowfullscreen></iframe>

YouTube offers the old style object embed too, so I can use that.

There are other embed codes that I need for stories, MRCTV:
Code:


<iframe title="MRC TV video player" width="640" height="360" src="http://www.mrctv.org/embed/108849" frameborder="0" allowfullscreen></iframe>

When I put these in the Source of FCKEditor and switch back to WYSIWYG they show but in Preview the the videos disappear.
 
Palbin
PostPosted: Sun Jan 29, 2012 10:55 am Reply with quote

southern, open modules/News/admin/index.php. Do a find and replace of:
Code:


check_html($hometext, '')

to:
Code:


check_html($hometext, 'nocheck')

and also the following
Code:


check_html($bodytext, '');

to:
Code:


check_html($bodytext, 'nocheck');
 
southern
PostPosted: Sun Jan 29, 2012 12:31 pm Reply with quote

Thanks, Palbin. Smile I'll do this ASAP.
 
doffer83
Worker
Worker


Joined: Apr 17, 2011
Posts: 117
Location: Amsterdam

PostPosted: Sat Sep 22, 2012 1:04 pm Reply with quote

Palbin wrote:
southern, open modules/News/admin/index.php. Do a find and replace of:
Code:


check_html($hometext, '')

to:
Code:


check_html($hometext, 'nocheck')

and also the following
Code:


check_html($bodytext, '');

to:
Code:


check_html($bodytext, 'nocheck');


is this not bad? I mean I want to add it but I am afraid to delete the html check...
 
View user's profile Send private message Visit poster's website
Palbin
PostPosted: Sat Sep 22, 2012 1:50 pm Reply with quote

It is only bad if an unauthorized person gets into your administration, but at that point they have all your users etc. I would have no problem doing it to a live site that I own.
 
bobbyg
Worker
Worker


Joined: Dec 05, 2007
Posts: 212
Location: Tampa, Florida

PostPosted: Mon Jun 03, 2013 9:36 am Reply with quote

Quote:
Just the typical YouTube embed code:
Code:


<iframe width="420" height="315" src="http://www.youtube.com/embed/JkNZjDM_FQI" frameborder="0" allowfullscreen></iframe>

YouTube offers the old style object embed too, so I can use that.

There are other embed codes that I need for stories, MRCTV:
Code:


<iframe title="MRC TV video player" width="640" height="360" src="http://www.mrctv.org/embed/108849" frameborder="0" allowfullscreen></iframe>

When I put these in the Source of FCKEditor and switch back to WYSIWYG they show but in Preview the the videos disappear.


<div>
<iframe title="MRC TV video player" width="640" height="360" src="http://www.mrctv.org/embed/108849" frameborder="0" allowfullscreen></iframe> </div>
 
View user's profile Send private message Visit poster's website
draxx
Involved
Involved


Joined: Nov 19, 2003
Posts: 282

PostPosted: Thu Aug 18, 2016 6:44 pm Reply with quote

Palbin wrote:
southern, open modules/News/admin/index.php. Do a find and replace of:
Code:


check_html($hometext, '')

to:
Code:


check_html($hometext, 'nocheck')

and also the following
Code:


check_html($bodytext, '');

to:
Code:


check_html($bodytext, 'nocheck');


Is there a way to do this for the content module?
 
View user's profile Send private message
neralex
The Mouse Is Extension Of Arm


Joined: Aug 22, 2007
Posts: 1329
Location: Germany

PostPosted: Fri Aug 19, 2016 2:00 am Reply with quote

Open rnconfig.php and find:

php Code:
'img' => array('class' => 1, 'style' => 1, 'id' => 1, 'alt' => 1, 'src' => 1, 'hspace' => 1, 'vspace' => 1, 'width' => 1, 'height' => 1, 'border' => 1, 'align' => 1),


addd after:

php Code:
'iframe' => array('class' => 1, 'style' => 1, 'id' => 1, 'scrolling' => 1, 'src' => 1, 'frameborder' => 1, 'width' => 1, 'height' => 1),


After that you can add the iframe tag in the source-tab of the editor. I'm working with the CK editor and have never tried the old FCK editor along this way but it should work.

Here is a related issue if users can also use the iframe tag: Only registered users can see links on this board! Get registered or login!


The nocheck-way is not really the best way because you will tunnel the whole filtering for the passed variable!


Last edited by neralex on Fri Aug 19, 2016 3:24 pm; edited 1 time in total 
View user's profile Send private message
draxx
PostPosted: Fri Aug 19, 2016 1:10 pm Reply with quote

neralex wrote:
Open rnconfig.php and find:

php Code:
'img' => array('class' => 1, 'style' => 1, 'id' => 1, 'alt' => 1, 'src' => 1, 'hspace' => 1, 'vspace' => 1, 'width' => 1, 'height' => 1, 'border' => 1, 'align' => 1),


addd after:

php Code:
'iframe' => array('class' => 1, 'style' => 1, 'id' => 1, 'scrolling' => 1, 'src' => 1, 'frameborder' => 1, 'width' => 1, 'height' => 1),


After that you can add the iframe tag in the source-tab of the editor. I'm working with the CK editor and have never tried the old FCK editor along this way but it should work.

Here is a releated issue if users can also use the iframe tag: Only registered users can see links on this board! Get registered or login!


The nocheck-way is not really the best way because you will tunnel the whole filtering for the passed variable!



THANK YOU Neralex! worship I have done it your way and restored the previous changes that Palbin suggested. Your way seems to work perfectly! I did have to add some tags there though .. i.e. allowfullscreen, mozallowfullscreen, etc.
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> General/Other Stuff

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©