| Author |
Message |
Bent-Cowboy
New Member
Joined: Apr 28, 2005
Posts: 15
|
 Posted:
Sat Jan 14, 2006 12:44 pm |
|
Hi all: I recently had some not very nice person posting iframe redirects in my forums.
Does anyone know how I can add <IFRAME> to the bad script list? |
| |
|
|
|
hitwalker
Sells PC To Pay For Divorce
Joined:
Posts: 5661
|
| Posted:
Sat Jan 14, 2006 3:04 pm |
|
huh?...that shouldnt be possible.... |
| |
|
|
|
|
Bent-Cowboy
|
| Posted:
Sat Jan 14, 2006 3:13 pm |
|
| hitwalker wrote: | | huh?...that shouldnt be possible.... |
What should'nt be possable? The bad guy posting the Iframe? Or adding <Iframe> to the list of nasties?
Here is what they posted on my site:
Code:<img src="modules/Forums/images/smiles/icon_biggrin.gif" alt="Very Happy" border="0" /> <iframe width="100%" height="350" src="http://www.NAME-CHANGED.com/"></iframe></td>
|
|
| |
|
|
|
|
hitwalker
|
| Posted:
Sat Jan 14, 2006 3:26 pm |
|
well it shouldnt be possible to even use it...
so i guess your using some outdated version of?..forum?
look this...
<iframe width="100%" height="350" src="http://www.NAME-CHANGED.com/"></iframe>
without using the code tags.... |
| |
|
|
|
|
Bent-Cowboy
|
| Posted:
Sat Jan 14, 2006 3:31 pm |
|
| hitwalker wrote: | well it shouldnt be possible to even use it...
so i guess your using some outdated version of?..forum?
look this...
<iframe width="100%" height="350" src="http://www.NAME-CHANGED.com/"></iframe>
without using the code tags.... |
Well, my forums are not that old, they are 2.0.13
And I do not believe that any newer version of PHPbb will address this, but please correct me if I am wrong. |
| |
|
|
|
|
hitwalker
|
| Posted:
Sat Jan 14, 2006 3:37 pm |
|
what have you set as allowed html in your board configuration ? |
| |
|
|
|
|
Bent-Cowboy
|
| Posted:
Sat Jan 14, 2006 3:43 pm |
|
| hitwalker wrote: | | what have you set as allowed html in your board configuration ? |
Ah, I am not sure. 
How can I tell? |
| |
|
|
|
|
hitwalker
|
| Posted:
Sat Jan 14, 2006 3:55 pm |
|
go into your forum administration....then choose on the left...configuration...then you should see allowed html area.. |
| |
|
|
|
|
Bent-Cowboy
|
| Posted:
Sat Jan 14, 2006 4:23 pm |
|
| hitwalker wrote: | | go into your forum administration....then choose on the left...configuration...then you should see allowed html area.. |
Ok, Allowed HTML is "on" and allowed html tags are:
b,i,u,pre |
| |
|
|
|
|
hitwalker
|
| Posted:
Sat Jan 14, 2006 4:27 pm |
|
well weird...but ive send a pm to evaders99,he knows all about phpbb so he will reply here soon.. |
| |
|
|
|
|
Bent-Cowboy
|
| Posted:
Sat Jan 14, 2006 4:31 pm |
|
| hitwalker wrote: | | well weird...but ive send a pm to evaders99,he knows all about phpbb so he will reply here soon.. |
Thank you |
| |
|
|
|
|
evaders99
Former Moderator in Good Standing
Joined: Apr 30, 2004
Posts: 3221
|
| Posted:
Sat Jan 14, 2006 4:46 pm |
|
Pretty sure the Patched files should block iframes. Mmm phpBB, I believe there are some validation fixes in later versions. You really should not be using anything less than 2.0.17 (which is a part of the Patched files) |
_________________
- Only registered users can see links on this board! Get registered or login! -
Need help? Only registered users can see links on this board! Get registered or login! |
|
|
|
Bent-Cowboy
|
| Posted:
Sat Jan 14, 2006 5:01 pm |
|
| evaders99 wrote: | | Pretty sure the Patched files should block iframes. Mmm phpBB, I believe there are some validation fixes in later versions. You really should not be using anything less than 2.0.17 (which is a part of the Patched files) |
Do you know of anyone that could bring it up to the current version by applying the changes, not over writting the the current files? (I am heavy on mods). I would certainly be willing to pay for this. BTW, my nuke is 7.6 and I think it has the #3 patch, if you know what I mean. |
| |
|
|
|
|
evaders99
|
| Posted:
Sat Jan 14, 2006 7:24 pm |
|
I could do it.. it would take a lot of time really with a file difference program
No idea what #3 patch is. Are you talking about the Patched files?
If you are sure iframes aren't being blocked with the Patched files, let me know and I'll try and duplicate it. |
| |
|
|
|
|
Bent-Cowboy
|
| Posted:
Sat Jan 14, 2006 7:48 pm |
|
| evaders99 wrote: | I could do it.. it would take a lot of time really with a file difference program
No idea what #3 patch is. Are you talking about the Patched files?
If you are sure iframes aren't being blocked with the Patched files, let me know and I'll try and duplicate it. |
Please read the PM I sent you earlier.
By #3, what I mean is, shortly after 7.6 came out there was a 1, 2 and then a #3 patch. I am fairly certain that I have the number 3 patch.
I know that the iframes are not being block with my current site version, it just happened to me yesterday.
I look forward to your reply to my PM.
|
| |
|
|
|
|
Bent-Cowboy
|
| Posted:
Sat Jan 14, 2006 8:04 pm |
|
The more I think about it, I do have a mod installed that allows for the posting of video's, streaming content, flash, images... I wonder if that is what is allowing the iframe to get through. |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
