Simple Machines Community Forum

SMF Support => SMF 1.1.x Support => Topic started by: TheEnforcer on May 22, 2005, 01:38:13 PM

Title: Flash
Post by: TheEnforcer on May 22, 2005, 01:38:13 PM
Why is enabling flash a security risk?
Title: Re: Flash
Post by: [Unknown] on May 22, 2005, 11:58:31 PM
Because people can steal cookies, etc.

-[Unknown]
Title: Re: Flash
Post by: TheEnforcer on May 23, 2005, 01:02:57 AM
I dont understand how can theyu steal cookies if cookies are nto enabled?
Title: Re: Flash
Post by: [Unknown] on May 23, 2005, 01:06:49 AM
The point is, if you were to allow anyone to post flash, they would be able to (theoretically) log in as you.

-[Unknown]
Title: Re: Flash
Post by: TheEnforcer on June 04, 2005, 12:20:13 PM
IS there away you can Log who log in and whwere and from what IP?
Title: Re: Flash
Post by: [Unknown] on June 04, 2005, 09:01:20 PM
That would be your Apache access log.  Contact your host.

-[Unknown]
Title: Re: Flash
Post by: Escobar on October 14, 2005, 12:53:09 PM
Hello, I want to ressurect this thread.

I didn't see a reason to disable "embed flash".... until now.

At another forum, a person was giving advice on how to screw someone.

It was an ImageShack swf link...but when you clicked it, it made your browser multiply infinitely.

If this was embedded, it would execute every time someone loaded the page.

So if you were like me, and didn't have a visual example of why allowing flash is dangerous...there you go.

I won't post the ImageShack link here...but it's so simple, it's scary.

I have a question...
I want to post my flash sigs at  my forum...
But I limit who can post flash.

Can I limit posting flash to admins and mods?
Title: Re: Flash
Post by: Oldiesmann on October 14, 2005, 03:44:24 PM
Yes.

Sources/Subs.php

1.0.5:

Find
if (empty($modSettings['enableEmbeddedFlash']) || isset($disabled['flash']))

Replace
if ((empty($modSettings['enableEmbeddedFlash']) && !(allowedTo('admin_forum') || in_array('2', $user_info['groups']) || $user_info['is_mod'])) || isset($disabled['flash']))

1.1:

Find
if (empty($modSettings['enableEmbeddedFlash']))
$disabled['flash'] = true;


Replace
if (empty($modSettings['enableEmbeddedFlash']) && !(allowedTo('admin_forum') || in_array('2', $user_info['groups']) || $user_info['is_mod']))
$disabled['flash'] = true;


The in_array('2', $user_info['groups']) part checks to see if they're a Global Mod.
Title: Re: Flash
Post by: J. Williams on October 14, 2005, 04:58:57 PM
I hate flash,still isn't fully stable.Crashes much more,java is more co-operative
Title: Re: Flash
Post by: Redsmurf on October 14, 2005, 07:25:44 PM
How can we enable the "embed Flash" feature?   My forum is small so its not a securtiy risk.  Thanks.
Title: Re: Flash
Post by: JayBachatero on October 14, 2005, 07:32:22 PM
For 1.0.x
Admin > Edit features and options > Embed flash into posts

For 1.1
Admin > posts and topics > Embed flash into posts
Title: Re: Flash
Post by: Redsmurf on October 14, 2005, 08:12:01 PM
My mistake - is there any way to use HTML in a thread so you can display flash that way?
That might fix the issue outlined in this thread:
http://www.simplemachines.org/community/index.php?topic=49987.0
(http://www.simplemachines.org/community/index.php?topic=49987.0)
Title: Re: Flash
Post by: GTec on October 15, 2005, 05:30:09 AM
Quote from: Oldiesmann on October 14, 2005, 03:44:24 PM
Yes.

Sources/Subs.php

1.0.5:

Find
if (empty($modSettings['enableEmbeddedFlash']) || isset($disabled['flash']))

Replace
if ((empty($modSettings['enableEmbeddedFlash']) && !(allowedTo('admin_forum') || in_array('2', $user_info['groups']) || $user_info['is_mod'])) || isset($disabled['flash']))

The in_array('2', $user_info['groups']) part checks to see if they're a Global Mod.

thats great thx ...  and what if i want to allow it to Hero's too ?  (Admin's, Mod's and Hero's)
thanks for the great help here!
Title: Re: Flash
Post by: Escobar on October 15, 2005, 06:01:36 AM
Wow! Thanks for the reply oldiesman.
Your answers have helped me out many times.

I would like to second Gtec's question.

There may come a time when I want certain user-groups to have the ability to post flash.

Is it also possible to assign Flash permission's based on group?
(Maybe by editing your code changes?)
Title: Re: Flash
Post by: Faustus on October 23, 2005, 04:00:26 AM
VERY nice info. How would this be done to enable html also?

I have a guess but don't want to crash anything.
Title: Re: Flash
Post by: Faustus on October 27, 2005, 04:04:30 PM
not possible then?
Title: Re: Flash
Post by: JayBachatero on October 27, 2005, 04:13:32 PM
In 1.1 Admins have the ability to have html in their posts.
Title: Re: Flash
Post by: Faustus on October 27, 2005, 06:30:03 PM
Quote from: JayBachatero on October 27, 2005, 04:13:32 PM
In 1.1 Admins have the ability to have html in their posts.

Odd. Is it an option somewhere?

*goes off to look again*
Title: Re: Flash
Post by: JayBachatero on October 27, 2005, 06:36:14 PM
Quote from: Faustus on October 27, 2005, 06:30:03 PM
Quote from: JayBachatero on October 27, 2005, 04:13:32 PM
In 1.1 Admins have the ability to have html in their posts.

Odd. Is it an option somewhere?

*goes off to look again*

Admin > Posts and Topics > Bulletin Board Code > Enable basic HTML in posts (?):
Title: Re: Flash
Post by: Faustus on October 28, 2005, 05:33:16 AM
Ah but I ONLY want to do it for Admins and Mods. Not everyone else.
Title: Re: Flash
Post by: katrina01 on March 22, 2006, 04:46:41 PM
Where is Sources/Subs.php found? I have looked everywhere and can't find it. Do I need to create one? I am using SMF 1.1 RC2.
Title: Re: Flash
Post by: JayBachatero on March 22, 2006, 04:51:46 PM
It's located in your forum/Sources folder. 
Title: Re: Flash
Post by: katrina01 on March 22, 2006, 10:39:34 PM
I just edited the code in source/subs.php and it completely crashed my site...any suggestions on making this work?
Title: Re: Flash
Post by: katrina01 on March 23, 2006, 12:01:59 PM
Ok, got my site back up and running but I still cannot make flash banners work. I have enable posting of flash banners and have abandoned the idea of limiting use of flash to admins and moderators only, at this point we are not worried about anyone using malicious code because we know all the members of our forum. When the code is posted all that I get is a white box with nothing in it. Can anyone help me please?
Title: Re: Flash
Post by: Dhekelian on January 25, 2007, 02:45:03 PM
Do you still enable the flash option in the Admin panel after doing the code changes to get it to work? And what would I need to add to assign another member group? Thanks for any help.