Advertisement:

Author Topic: Running HTML/PHP Code/Scripts/Templates BBC-Code Suggestion  (Read 1356 times)

Offline John Magdy Lotfy

  • Semi-Newbie
  • *
  • Posts: 17
  • Gender: Male
  • Member
    • BR.Zoro on Facebook
    • JohnMagdy on GitHub
    • @brtdmfounder on Twitter
    • BrownTurbo Gaming
Running HTML/PHP Code/Scripts/Templates BBC-Code Suggestion
« on: August 07, 2017, 10:07:28 AM »
Hello Everybody, it 'd be great to see a new BBC-Code which we might use it to Run a PHP/HTML code/script not only showing the code on the post but to run it
For example:
Code: [Select]
[ rhtml ]<a href="https://www.simplemachines.org" title="i have added r near to html tag to name it as running html and its the same as rphp = running php">Click me</a>[ rhtml ]

Offline Illori

  • Project Manager
  • SMF Master
  • *
  • Posts: 47,680
Re: Running HTML/PHP Code/Scripts/Templates BBC-Code Suggestion
« Reply #1 on: August 07, 2017, 10:08:34 AM »
do you want to get hacked? this is a great way to get hacked.

Offline John Magdy Lotfy

  • Semi-Newbie
  • *
  • Posts: 17
  • Gender: Male
  • Member
    • BR.Zoro on Facebook
    • JohnMagdy on GitHub
    • @brtdmfounder on Twitter
    • BrownTurbo Gaming
Re: Running HTML/PHP Code/Scripts/Templates BBC-Code Suggestion
« Reply #2 on: August 07, 2017, 10:11:01 AM »
do you want to get hacked? this is a great way to get hacked.
what do you mean ??? (if you mean that by using some php scripts to hack my own Web server so by adding a Feature to Customize which PHP/HTML Functions are allowed or disallowed the proplem could be resolved)

Offline Antes

  • Evil Black Cat
  • SMF Friend
  • SMF Hero
  • *
  • Posts: 8,643
  • Gender: Male
  • Black cat rulz!
    • Antes on GitHub
    • merta on LinkedIn
    • @antesistan on Twitter
    • Lunarfall
Re: Running HTML/PHP Code/Scripts/Templates BBC-Code Suggestion
« Reply #3 on: August 07, 2017, 10:26:26 AM »
I agree with Illori its really really edgy situation, I never ever see it coming as core feature good luck with mod request :)
Active Project(s): [ SimpleDesk ] # [ Lunarfall ] # [ CoreStore ]

Past Project(s): [ ezPortal ]

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 67,727
    • Arantor on GitHub
Re: Running HTML/PHP Code/Scripts/Templates BBC-Code Suggestion
« Reply #4 on: August 07, 2017, 03:37:50 PM »
do you want to get hacked? this is a great way to get hacked.
what do you mean ??? (if you mean that by using some php scripts to hack my own Web server so by adding a Feature to Customize which PHP/HTML Functions are allowed or disallowed the proplem could be resolved)

Whatever system you come up with to check what's allowed, I guarantee you I can figure out a way past it.

As for HTML, there is the HTML bbcode which is admin only because if it weren't, I could use it as a regular member to steal your cookies. And before you say that you'd only allow some HTML, again, whatever you come up with, I could find a way through it.

Bad idea all round, really. It's why forum bbcode even exists, because HTML is hard to secure when users can add their own content.
To assume is to hope that those who came before had the presence of mind and capacity to implement the dreams of those who would come after.

You either die a hero or live long enough to see yourself become the villain. It seems you have chosen which, and now I must do the same.

Offline 青山 素子

  • Server Team
  • SMF Super Hero
  • *
  • Posts: 17,022
  • 戦場ヶ原、蕩れ!
    • srvrguy on GitHub
    • @motokochan on Twitter
    • Nekomusume Moe
Re: Running HTML/PHP Code/Scripts/Templates BBC-Code Suggestion
« Reply #5 on: August 08, 2017, 01:26:14 AM »
While you can try whitelisting rather than blacklisting, allowing any kind of raw PHP in a forum post is a serious security issue. I can't see this ever becoming a core feature due to just how difficult it is to implement safely, if such a thing is even possible.
Motoko-chan
Director, Simple Machines

Just because it's pouring down doesn't mean we're gonna drown. There's a time when all you can say is let it rain - Mat Kearney (Let It Rain)

Note: Unless otherwise stated, my posts are not representative of any official position or opinion of Simple Machines.


Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 67,727
    • Arantor on GitHub
Re: Running HTML/PHP Code/Scripts/Templates BBC-Code Suggestion
« Reply #6 on: August 08, 2017, 02:42:14 AM »
It isn't possible. There are way too many ways to get around even whitelists, when things like variable functions come into play.
To assume is to hope that those who came before had the presence of mind and capacity to implement the dreams of those who would come after.

You either die a hero or live long enough to see yourself become the villain. It seems you have chosen which, and now I must do the same.

Offline Steve

  • Support Specialist
  • SMF Hero
  • *
  • Posts: 3,783
  • Gender: Male
  • I have not yet begun to procrastinate.
Re: Running HTML/PHP Code/Scripts/Templates BBC-Code Suggestion
« Reply #7 on: August 08, 2017, 07:54:22 AM »
In other words John, it's not going to happen. Sorry.
Please do not PM me for support.