Customizing SMF > Tips and Tricks

linking something other than http

(1/2) > >>

mmeija:
Hey I'm curious about the best way to link things other than http/ftp

we just started using smf in my office, and in the office we unfourtunately rely on windows shares heavily

i'm wondering what the best way is to allow people to link something like

file://machinename/share

as it is using the bbc url tag prefixes http and ruins the link..

thanks,
matt

[Unknown]:
Well, the problem is javascript... but, if you're not going to have to worry about people doing stuff like that, open Sources/Subs-Post.php, and find the following:


--- Code: ---function fixTags(&$message)
{
global $modSettings;
--- End code ---

Add right below that:


--- Code: --- return;
--- End code ---

This will reduce security, but if you're working inside an intranet it shouldn't be a problem.  And this will make file:// links work.

-[Unknown]

mmeija:
yeah the forum is private so i'm not overly worried about the security risks in doing this,


thanks so much

mmeija:
k i'm just hoping to see if the fix iv'e applied is the same security risk;

within the following fixarray code

--- Code: --- $fixArray = array
(
// [img]http://...[/img] or [img width=1]http://...[/img]
array('tag' => 'img', 'protocol' => 'http', 'embeddedUrl' => false, 'hasEqualSign' => false, hasExtra' => true),

--- End code ---

Iv'e added

--- Code: --- array('tag' => 'url', 'protocol' => 'file', 'embeddedUrl' => false, 'hasEqualSign' => false),
array('tag' => 'url', 'protocol' => 'file', 'embeddedUrl' => false, 'hasEqualSign' => true),
array('tag' => 'img', 'protocol' => 'file', 'embeddedUrl' => false, 'hasEqualSign' => false, 'hasExtra' => true),

--- End code ---

and inside of the fixtag function code here:

--- Code: ---// Fix a specific class of tag - ie. url with =.
function fixTag(&$message, $myTag, $protocol, $embeddedUrl = false, $hasEqualSign = false, $hasExtra = false)
{
while (preg_match('/\[(' . $myTag . ($hasExtra ? '(?:[^\]]*?)' : '') . ')' . ($hasEqualSign ? '(=(.+?))' : '(())') . '\](.+?)\[\/(' . $myTag . ')\]/is', $message, $matches))
{

--- End code ---

Iv'e added


--- Code: ---function fixTag(&$message, $myTag, $protocol, $embeddedUrl = false, $hasEqualSign = false, $hasExtra = false)
{
if ($protocol = 'file')

return;

else

while (preg_match('/\[(' . $myTag . ($hasExtra ? '(?:[^\]]*?)' : '') . ')' . ($hasEqualSign ? '(=(.+?))' : '(())') . '\](.+?)\[\/(' . $myTag . ')\]/is', $message, $matches))
{

--- End code ---

this is allowing me to make posts contaning the following code (even though this basicaly only works for IE)


--- Code: ---[url]file://hostname/share[/url]
[url=file://hostname/share]text[/url]
[url]file://hostname/share/folder/document.doc[/url]
[url=file://hostname/share/folder/document.doc]text[/url]
[img]file://hostname/share/folder/picture.jpg[/img]
--- End code ---


is this any more/less secure then the previous change?

i just threw this together, would you say it's going to be a ton of work to add the ability to fix/check these file:// tags just like http:// tags?

Thanks,
Matt

[Unknown]:
Well, there's always the possibility they could share some javascript code to steal your administrator cookie that way, but it should be fine more or less if that's okay with you...

-[Unknown]

Navigation

[0] Message Index

[#] Next page

Go to full version