Easy MyCodes
|
|
Author | Message |
If you take a look around, for example, the MyCodes forum at MyBB community, you'll probably notice a number of MyCodes posted there using the "(.*?)" expression. (note, previous statement is true at time of writing)
This particular expression allows almost any input to be placed by the user, which can be dangerous in certain circumstances by potentially allowing various injections. This is perhaps due to the fact that many such "MyCode developers" really don't know how to properly use regular expressions. This plugin aims to make it easier for administrators to write properly sanitised MyCodes which aren't vulnerable to such injections. Instead of writing custom MyCodes in regular expression form, you just enter what you want and place appropriate tokens in the expression. Furthermore, you can actually still use regular expressions in custom MyCodes, so no functionality is actually lost using this plugin (regular expressions need to be escaped however; more information is supplied in the AdminCP when adding/editing MyCodes). To demonstrate an example of an injection, this is what an innocent looking MyCode for allowing custom background colours, might look like: Expression: \[bg=(.*?)\](.*?)\[/bg\] Replacement: <span style="background-color: $1;">$2</span> Perhaps it looks okay, until a user enters something like this in their post: Code:
(This post was last modified: 11-24-2014 10:45 PM by ZiNgA BuRgA.)
|
XPMai
Junior Member
Posts: 8
Joined: May 2015 |
|
||
06-07-2015 10:20 PM |
|
ZiNgA BuRgA
|
|
||
06-11-2015 07:01 PM |
|
terzier
|
|
||
06-25-2015 01:17 AM |
|
aolko
Junior Member
Posts: 4
Joined: Oct 2015 |
|
||
10-12-2015 06:55 PM |
|
aolko
Junior Member
Posts: 4
Joined: Oct 2015 |
|
||
10-13-2015 02:02 AM |
|
RateU
Administrator
Posts: 2,350
Joined: Mar 2010 |
|
||
10-13-2015 04:41 AM |
|
aolko
Junior Member
Posts: 4
Joined: Oct 2015 |
|
||
10-13-2015 06:03 AM |
|
aolko
Junior Member
Posts: 4
Joined: Oct 2015 |
|
||
10-14-2015 05:28 AM |
|
ZiNgA BuRgA
|
|
||
10-29-2015 11:22 AM |
|
xensor
Junior Member
Posts: 22
Joined: Jan 2014 |
|
||
03-05-2017 11:36 AM |
|
« Next Oldest | Next Newest »
|