Easy MyCodes
Author Message
If you take a look around, for example, the MyCodes forum at MyBB community, you'll probably notice a number of MyCodes posted there using the "(.*?)" expression. (note, previous statement is true at time of writing)

This particular expression allows almost any input to be placed by the user, which can be dangerous in certain circumstances by potentially allowing various injections.  This is perhaps due to the fact that many such "MyCode developers" really don't know how to properly use regular expressions.

This plugin aims to make it easier for administrators to write properly sanitised MyCodes which aren't vulnerable to such injections.  Instead of writing custom MyCodes in regular expression form, you just enter what you want and place appropriate tokens in the expression.
Furthermore, you can actually still use regular expressions in custom MyCodes, so no functionality is actually lost using this plugin (regular expressions need to be escaped however; more information is supplied in the AdminCP when adding/editing MyCodes).



To demonstrate an example of an injection, this is what an innocent looking MyCode for allowing custom background colours, might look like:
Expression: \[bg=(.*?)\](.*?)\[/bg\]
Replacement: <span style="background-color: $1;">$2</span>

Perhaps it looks okay, until a user enters something like this in their post:

Code:
[bg=red; display: block; position: absolute; top: 0; left: 0; width: 100%; height: 1000%; font-size: 144pt]hahahahahaha[/bg]


Using Easy MyCodes, the admin would use the following instead:
Expression: [bg={COLOR}]{ANYTHING}[/bg]
Replacement: <span style="background-color: $1;">$2</span>
And prevent the injection at the same time.

(This post was last modified: 11-24-2014 10:45 PM by ZiNgA BuRgA.)
Find all posts by this user
Quote this message in a reply
Download: easymycode.php (6.01 KB)
Plugin Version: 1.2
Last Updated: 11-24-2014, 10:45 PM

Downloads: 981
MyBB Compatibility: 1.4.x, 1.6.x, 1.8.x
Plugin License: WTFPLv2
Uploader: ZiNgA BuRgA
Gypaete Offline
Member
***
Posts: 82
Joined: Aug 2010
Post: #11
RE: Easy MyCodes
i dont understand this plugin Ouch

[Image: selenab.png]
03-21-2011 08:06 AM
Find all posts by this user Quote this message in a reply
ZiNgA BuRgA Offline
Fag
*******
Posts: 3,338
Joined: Jan 2008
Post: #12
RE: Easy MyCodes
^ Don't bother using it then >_>
It assumes a certain amount of knowledge with custom MyCodes.

My Blog
03-21-2011 08:51 AM
Find all posts by this user Quote this message in a reply
jeffdaryl Offline
Junior Member
**
Posts: 6
Joined: Nov 2012
Post: #13
RE: Easy MyCodes
Very nice! It allows me add myCode faster. thank You!
11-23-2012 02:57 AM
Find all posts by this user Quote this message in a reply
ikhwanulfikri Offline
Junior Member
**
Posts: 9
Joined: May 2013
Post: #14
RE: Easy MyCodes
hello friends.

I have a problem with the code {COLOR}.

if I use the code {CSS} quasi-normal. if there is something wrong with the code {COLOR}?

image :
http://gyazo.com/ab89d731ce1cddf33d24b84cc2948fb5

http://gyazo.com/0a692186fcf4d43dac69f0fb5587a24a
(This post was last modified: 07-26-2013 11:10 AM by ikhwanulfikri.)
07-26-2013 11:08 AM
Find all posts by this user Quote this message in a reply
ZiNgA BuRgA Offline
Fag
*******
Posts: 3,338
Joined: Jan 2008
Post: #15
RE: Easy MyCodes
Looks like a bug - can you please try this?
In easymycode.php, find:

PHP Code:
'([a-z\-]+|#?[0-9a-fA-F]{6})',

replace with:

PHP Code:
'([a-z\-]+|\\#?[0-9a-fA-F]{6})',


My Blog
07-27-2013 11:30 AM
Find all posts by this user Quote this message in a reply
ikhwanulfikri Offline
Junior Member
**
Posts: 9
Joined: May 2013
Post: #16
RE: Easy MyCodes
Biggrin

This code seems there is a little problem:

Code:
'([a-z\-]+|\\#?[0-9a-fA-F]{6})', 


I like this change and everything is back to normal. :

Code:
'([a-z\-]+|\#?[0-9a-fA-F]{6})', 


helo Zinga.

I want this code added uppercase and lowercase letters and numbers as well. how to make it.

This plugin is no further development, such as adding more code.

I want a plugin that is very easy to make this code developed constantly.
(This post was last modified: 07-28-2013 01:01 PM by ikhwanulfikri.)
07-28-2013 12:50 PM
Find all posts by this user Quote this message in a reply
ZiNgA BuRgA Offline
Fag
*******
Posts: 3,338
Joined: Jan 2008
Post: #17
RE: Easy MyCodes
(07-28-2013 12:50 PM)ikhwanulfikri Wrote:  I like this change and everything is back to normal. :
I don't see how that code is actually any different from mine...  Two backslashes is more "correct", but PHP will fix it if you only have one.

(07-28-2013 12:50 PM)ikhwanulfikri Wrote:  I want this code added uppercase and lowercase letters and numbers as well. how to make it.
MyBB's parser is case insensitive, so a lower/upper case colour seems to work fine, eg "Red" and "red" act the same way.
If you're asking for tokens to be case insensitive, eg "{color}" be recognised, this isn't the intention of the plugin.

My Blog
07-31-2013 08:29 PM
Find all posts by this user Quote this message in a reply
ikhwanulfikri Offline
Junior Member
**
Posts: 9
Joined: May 2013
Post: #18
RE: Easy MyCodes
(07-31-2013 08:29 PM)ZiNgA BuRgA Wrote:  [quote='ikhwanulfikri' pid='13970' dateline='1374979841']
I like this change and everything is back to normal. :
I don't see how that code is actually any different from mine...  Two backslashes is more "correct", but PHP will fix it if you only have one.

yea Zinga.

I've tried 2 back slash and the case, as seen above. and I change the 1 backslashes and it worked.

I saw it. Biggrin
08-03-2013 09:04 PM
Find all posts by this user Quote this message in a reply
ZiNgA BuRgA Offline
Fag
*******
Posts: 3,338
Joined: Jan 2008
Post: #19
RE: Easy MyCodes
Updated to v1.1 to fix above issue.
Thanks for finding!

My Blog
09-14-2013 03:04 PM
Find all posts by this user Quote this message in a reply
ZiNgA BuRgA Offline
Fag
*******
Posts: 3,338
Joined: Jan 2008
Post: #20
RE: Easy MyCodes
v1.2: Mark compatible with MyBB 1.8

My Blog
11-24-2014 10:46 PM
Find all posts by this user Quote this message in a reply


Forum Jump: