Skip to main content
[BBCODE] HTML tag Started by emanuele · · Read 16162 times 0 Members and 1 Guest are viewing this topic. previous topic - next topic

[BBCODE] HTML tag

Starting for ElkArte 1.0.1 the HTML bbcode will not be a core function any more, due to the security risk involved.
But since someone may want badly to use it, here it is a replacement for it.

HTML bbcode v1.0

License
This Elkarte addon is released under a BSD-3-Clause license

Introduction
The HTML bbcode allows to use plain html in posts.
This particular bbcode can be used only by admins, and even so it can be a security risk, so use it only if you don't have any other alternative. And even so, before using it consider the possibility to create a bbcode specific for the effect you want to obtain.

Repository / Download


Change log
  • 1.0.0 - Initial release
Last Edit: August 25, 2015, 08:19:54 am by emanuele
Bugs creator.
Features destroyer.
Template killer.

Re: [BBCODE] HTML tag

Reply #1

I used the html BBcode a few times, to embed some documents on issu. This could be useful, thanks ;)
sorry for my bad english

Re: [BBCODE] HTML tag

Reply #2

Yes, I know many use the tag for several different things, though it is currently responsible for a security vulnerability (mine is not theoretical assumption, it's a real threat) in both SMF (probably any version) and ElkArte (version 1.0 and below). Of course I will not give more details for the moment.

So, the most safe option for the core is to remove the tag.

Actually the most secure option would be remove it and not provide a way to restore it, but I know many people prefer an easy way to do what they want, even if it compromise the security of their sites, so here it is. Once the fix in SMF is published I'll post in this topic the way to exploit the tag, so that people will be aware that using this tag they will put their forum in danger.
 emanuele is evil. >:D

Really, there are many ways to achieve almost anything in a safe way.
For example:
http://www.italiansmf.net/forum/index.php?topic=775.0
the OP wanted to give people the ability to post HTML in order to be able to share facebook bits.
A new tag and 10 lines of code and the problem is solved in a much, much safer way. ;)
Bugs creator.
Features destroyer.
Template killer.

Re: [BBCODE] HTML tag

Reply #3

Download link not work.


Sorry for my English

Re: [BBCODE] HTML tag

Reply #4

try this one instead http://addons.elkarte.net/bbc/BBC-Html.html ;)
Last Edit: February 07, 2016, 02:31:02 pm by Spuds
sorry for my bad english

Re: [BBCODE] HTML tag

Reply #5

Fixed. :)

BTW that demonstrates this is not a really wanted addon, :P
Bugs creator.
Features destroyer.
Template killer.

Re: [BBCODE] HTML tag

Reply #6

not wanted, but sometimes could be very useful ;)
sorry for my bad english

Re: [BBCODE] HTML tag

Reply #7

I installed this addon so that I could add an html tag, but when editing a message it gives an error and it is impossible to edit the message. /home/----/ I hid the full address

HTMLBBC::unpreparse_code(): Argument #3 ($i) must be passed by reference, value given
PHP Fatal error: Uncaught exception 'ErrorException' with message 'HTMLBBC::unpreparse_code(): Argument #3 ($i) must be passed by reference, value given' in /home/----/public_html/sources/Hooks.class.php:110
Stack trace:
#0 (): error_handler(integer, string, string, integer)
#1 /home/----/public_html/sources/Hooks.class.php(110): call_user_func_array(array, array)
#2 /home/----/public_html/sources/Subs.php(1434): hook(string, array)
#3 /home/----/sources/subs/BBC/PreparseCode.php(720): call_integration_hook(string, array)
#4 /home/----/public_html/sources/controllers/Post.controller.php(461): un_preparsecode(string)
#5 /home/----/public_html/sources/controllers/Post.controller.php(114): _generating_message()
#6 /home/----/public_html/sources/controllers/Post.controller.php(70): action_post()
#7 /home/----/public_html/sources/SiteDispatcher.class.php(364): action_index()
#8 /home/----/public_html/index.php(136): dispatch()
#9 /home/----/public_html/index.php(66): elk_main()
#10 {main}
thrown in /home/-----/public_html/sources/Hooks.class.php on line 110

Re: [BBCODE] HTML tag

Reply #8

Looks like that was not updated for 1.1 .... I'll take a look and if its not to much effort I'll post an update here.

ETA: Actually it was ... have to look closer at what is wrong.

 

Re: [BBCODE] HTML tag

Reply #9

Give this version a try .....