Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ v2.4.x
Author Message
Bent-Cowboy
New Member
New Member


Joined: Apr 28, 2005
Posts: 15

PostPosted: Sat Jan 14, 2006 12:44 pm Reply with quote

Hi all: I recently had some not very nice person posting iframe redirects in my forums.

Does anyone know how I can add <IFRAME> to the bad script list?
 
View user's profile Send private message
hitwalker
Sells PC To Pay For Divorce


Joined:
Posts: 5661

PostPosted: Sat Jan 14, 2006 3:04 pm Reply with quote

huh?...that shouldnt be possible....
 
View user's profile Send private message
Bent-Cowboy
PostPosted: Sat Jan 14, 2006 3:13 pm Reply with quote

hitwalker wrote:
huh?...that shouldnt be possible....


What should'nt be possable? The bad guy posting the Iframe? Or adding <Iframe> to the list of nasties?

Here is what they posted on my site:
Code:
<img src="modules/Forums/images/smiles/icon_biggrin.gif" alt="Very Happy" border="0" /> <iframe width="100%" height="350" src="http://www.NAME-CHANGED.com/"></iframe></td>
 
hitwalker
PostPosted: Sat Jan 14, 2006 3:26 pm Reply with quote

well it shouldnt be possible to even use it...
so i guess your using some outdated version of?..forum?

look this...
<iframe width="100%" height="350" src="http://www.NAME-CHANGED.com/"></iframe>

without using the code tags....
 
Bent-Cowboy
PostPosted: Sat Jan 14, 2006 3:31 pm Reply with quote

hitwalker wrote:
well it shouldnt be possible to even use it...
so i guess your using some outdated version of?..forum?

look this...
<iframe width="100%" height="350" src="http://www.NAME-CHANGED.com/"></iframe>

without using the code tags....


Well, my forums are not that old, they are 2.0.13

And I do not believe that any newer version of PHPbb will address this, but please correct me if I am wrong.
 
hitwalker
PostPosted: Sat Jan 14, 2006 3:37 pm Reply with quote

what have you set as allowed html in your board configuration ?
 
Bent-Cowboy
PostPosted: Sat Jan 14, 2006 3:43 pm Reply with quote

hitwalker wrote:
what have you set as allowed html in your board configuration ?
Ah, I am not sure. Smile
How can I tell?
 
hitwalker
PostPosted: Sat Jan 14, 2006 3:55 pm Reply with quote

go into your forum administration....then choose on the left...configuration...then you should see allowed html area..
 
Bent-Cowboy
PostPosted: Sat Jan 14, 2006 4:23 pm Reply with quote

hitwalker wrote:
go into your forum administration....then choose on the left...configuration...then you should see allowed html area..


Ok, Allowed HTML is "on" and allowed html tags are:
b,i,u,pre
 
hitwalker
PostPosted: Sat Jan 14, 2006 4:27 pm Reply with quote

well weird...but ive send a pm to evaders99,he knows all about phpbb so he will reply here soon..
 
Bent-Cowboy
PostPosted: Sat Jan 14, 2006 4:31 pm Reply with quote

hitwalker wrote:
well weird...but ive send a pm to evaders99,he knows all about phpbb so he will reply here soon..
Thank you Smile
 
evaders99
Former Moderator in Good Standing


Joined: Apr 30, 2004
Posts: 3221

PostPosted: Sat Jan 14, 2006 4:46 pm Reply with quote

Pretty sure the Patched files should block iframes. Mmm phpBB, I believe there are some validation fixes in later versions. You really should not be using anything less than 2.0.17 (which is a part of the Patched files)

_________________
- Only registered users can see links on this board! Get registered or login! -

Need help? Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
Bent-Cowboy
PostPosted: Sat Jan 14, 2006 5:01 pm Reply with quote

evaders99 wrote:
Pretty sure the Patched files should block iframes. Mmm phpBB, I believe there are some validation fixes in later versions. You really should not be using anything less than 2.0.17 (which is a part of the Patched files)


Do you know of anyone that could bring it up to the current version by applying the changes, not over writting the the current files? (I am heavy on mods). I would certainly be willing to pay for this. BTW, my nuke is 7.6 and I think it has the #3 patch, if you know what I mean.
 
evaders99
PostPosted: Sat Jan 14, 2006 7:24 pm Reply with quote

I could do it.. it would take a lot of time really with a file difference program

No idea what #3 patch is. Are you talking about the Patched files?

If you are sure iframes aren't being blocked with the Patched files, let me know and I'll try and duplicate it.
 
Bent-Cowboy
PostPosted: Sat Jan 14, 2006 7:48 pm Reply with quote

evaders99 wrote:
I could do it.. it would take a lot of time really with a file difference program

No idea what #3 patch is. Are you talking about the Patched files?

If you are sure iframes aren't being blocked with the Patched files, let me know and I'll try and duplicate it.


Please read the PM I sent you earlier.

By #3, what I mean is, shortly after 7.6 came out there was a 1, 2 and then a #3 patch. I am fairly certain that I have the number 3 patch.

I know that the iframes are not being block with my current site version, it just happened to me yesterday.

I look forward to your reply to my PM.

Smile
 
Bent-Cowboy
PostPosted: Sat Jan 14, 2006 8:04 pm Reply with quote

The more I think about it, I do have a mod installed that allows for the posting of video's, streaming content, flash, images... I wonder if that is what is allowing the iframe to get through.
 
Display posts from previous:       
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ v2.4.x

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©