Easy MyCodes
Author Message
If you take a look around, for example, the MyCodes forum at MyBB community, you'll probably notice a number of MyCodes posted there using the "(.*?)" expression. (note, previous statement is true at time of writing)

This particular expression allows almost any input to be placed by the user, which can be dangerous in certain circumstances by potentially allowing various injections.  This is perhaps due to the fact that many such "MyCode developers" really don't know how to properly use regular expressions.

This plugin aims to make it easier for administrators to write properly sanitised MyCodes which aren't vulnerable to such injections.  Instead of writing custom MyCodes in regular expression form, you just enter what you want and place appropriate tokens in the expression.
Furthermore, you can actually still use regular expressions in custom MyCodes, so no functionality is actually lost using this plugin (regular expressions need to be escaped however; more information is supplied in the AdminCP when adding/editing MyCodes).



To demonstrate an example of an injection, this is what an innocent looking MyCode for allowing custom background colours, might look like:
Expression: \[bg=(.*?)\](.*?)\[/bg\]
Replacement: <span style="background-color: $1;">$2</span>

Perhaps it looks okay, until a user enters something like this in their post:

Code:
[bg=red; display: block; position: absolute; top: 0; left: 0; width: 100%; height: 1000%; font-size: 144pt]hahahahahaha[/bg]


Using Easy MyCodes, the admin would use the following instead:
Expression: [bg={COLOR}]{ANYTHING}[/bg]
Replacement: <span style="background-color: $1;">$2</span>
And prevent the injection at the same time.

(This post was last modified: 11-24-2014 10:45 PM by ZiNgA BuRgA.)
Find all posts by this user
Quote this message in a reply
Download: easymycode.php (6.01 KB)
Plugin Version: 1.2
Last Updated: 11-24-2014, 10:45 PM

Downloads: 1,532
MyBB Compatibility: 1.4.x, 1.6.x, 1.8.x
Plugin License: WTFPLv2
Uploader: ZiNgA BuRgA
RateU Offline
Administrator
*******
Posts: 2,350
Joined: Mar 2010
Post: #2
RE: Easy MyCodes
Oh great. This is very useful. Thank you very much, Yumi.

03-17-2010 10:08 AM
Find all posts by this user Quote this message in a reply
ZiNgA BuRgA Offline
Fag
*******
Posts: 3,357
Joined: Jan 2008
Post: #3
RE: Easy MyCodes
Thanks Rateu Smile

My Blog
03-17-2010 12:06 PM
Find all posts by this user Quote this message in a reply
Imran Offline
Member
***
Posts: 204
Joined: Apr 2010
Post: #4
RE: Easy MyCodes
cool Smile

[Image: logo.png]

[Image: twitter.png]
04-26-2010 05:52 PM
Visit this user's website Find all posts by this user Quote this message in a reply
1master1 Offline
Member
***
Posts: 232
Joined: Oct 2010
Post: #5
RE: Easy MyCodes
this is incompatible with some plugins and also giving memory exhausted errors. if anyone gets into trouble while using this, try deactivating it and check for the errors.
11-19-2010 07:55 PM
Find all posts by this user Quote this message in a reply
Imran Offline
Member
***
Posts: 204
Joined: Apr 2010
Post: #6
RE: Easy MyCodes
As far as I know, I didn't faced any error while using it. I assume you have any other plugin that might interfere with it.

[Image: logo.png]

[Image: twitter.png]
11-19-2010 09:35 PM
Visit this user's website Find all posts by this user Quote this message in a reply
1master1 Offline
Member
***
Posts: 232
Joined: Oct 2010
Post: #7
RE: Easy MyCodes
yeah, shoutbox is one which is interfering. as a suggestion i said to deactivate it, because people may think its the error in shoutbox though easycode is cause for it.
11-20-2010 12:27 AM
Find all posts by this user Quote this message in a reply
leefish Offline
Hamster
*****
Posts: 1,009
Joined: Apr 2010
Post: #8
RE: Easy MyCodes
It maybe because shoutbox allows use of mycodes? Try turning that option off.


[Image: leelink.gif]
MYBB1.6 & XThreads
11-20-2010 01:21 AM
Visit this user's website Find all posts by this user Quote this message in a reply
ZiNgA BuRgA Offline
Fag
*******
Posts: 3,357
Joined: Jan 2008
Post: #9
RE: Easy MyCodes
Which shoutbox is it?

My Blog
11-20-2010 07:33 AM
Find all posts by this user Quote this message in a reply
1master1 Offline
Member
***
Posts: 232
Joined: Oct 2010
Post: #10
RE: Easy MyCodes
pirato nervo's, it shows on loading while easy code is activated. but disabling it, fixed it.
11-20-2010 07:24 PM
Find all posts by this user Quote this message in a reply


Forum Jump: