Good!
I have a problem with a custom MyCode and <iframe>.
I need to insert a photo in Instagram through a MyCode but this does not work.
The code and replace it generates conflict is:
<iframe src="$1/embed/" width="620" height="710" frameborder="0" scrolling="no" allowtransparency="true"></iframe>
How I can fix this?
Thank you!
Anyone?
This code is insecure, you shouldn't use it at all.
(2014-11-11, 01:28 PM)Destroy666 Wrote: [ -> ]This code is insecure, you shouldn't use it at all.
And that could otherwise be safer ? At the moment I 'm using this.
<object data="$1embed/" width="300" height="400" type="text/html"></object>
You should really use a plugin and hook to parse_message_end because then you can do validation of the url to make sure it is what you intend it to be. If you don't, someone could put something like a porn site for the url which would not be good for your site.
They could help me with regular expression? I got the following but it has errors, and missing check if http or https.
preg_replace('#\[inst\]http:\/\/\.instagram\.com\/p\/(.*)\/([0-9]+)\[\/insta\]#i', "<object data=\"$1embed/\" width=\"300\" height=\"400\" type=\"text/html\"></object>", $message);
(2014-11-11, 01:28 PM)Destroy666 Wrote: [ -> ]This code is insecure, you shouldn't use it at all.
I would not say that iframe shouldnt be used........ if used with
great caution, why not to to use it?
(2014-11-11, 03:28 PM)devs Wrote: [ -> ] (2014-11-11, 01:28 PM)Destroy666 Wrote: [ -> ]This code is insecure, you shouldn't use it at all.
I would not say that iframe shouldnt be used........ if used with great caution, why not to to use it?
Because MyCodes are available for everyone and someone can insert an iframe leading to anything unwanted.. That's far away form "great caution".
Quote:Because MyCodes are available for everyone and someone can insert an iframe leading to anything unwanted.. That's far away form "great caution".
For me its not far away. The risk you are talking about occurs when admin is inexpierienced/inmature (many Poland based forums). Each and every serious admin would do what I ve said.....
Solved!
preg_replace('#\[inst\]https?:\/\/instagram\.com\/p\/([A-z_1-9]+)(\/?)\[\/inst\]#i', "<object data=\"http://instagram.com/p/$1$2embed/\" width=\"300\" height=\"400\" type=\"text/html\"></object>", $message);
(2014-11-11, 05:40 PM)devs Wrote: [ -> ]Quote:Because MyCodes are available for everyone and someone can insert an iframe leading to anything unwanted.. That's far away form "great caution".
For me its not far away. The risk you are talking about occurs when admin is inexpierienced/inmature (many Poland based forums). Each and every serious admin would do what I ve said.....
I don't think you understand what I said. Most admins would obviously use it with caution, but forums and the MyCode parser aren't used by admins only. That's why the code solution posted by Steep above is
much more secure than the one I criticized since it validates the instagram URL. So please stop misinforming others.
Also, still going on with the "Polish bad admins" stories? Another incorrect assumption - inexperienced admins are part of every country. And don't forget you're Polish yourself.