Hey, I found a working progress bar on a MyBB Mods site (Original can be found
here, it was made by Stoker and posted by Svizy.) and I edited it a bit, so I hope you like it:
Title:
Progress Bar
Short Description:
This will add a progress bar.
Regular Expression:
\[pbar\]([0-9].{0,2})\[/pbar\]
Replacement:
<div style="background-color:#ffffff; width:100px; border: 1px solid black;"><div style="background-color:#00CCFF; color:#000000; font-weight:bold; max-width: 100px; width:$1px;"> $1%</div></div>
Pictures would help!
Thank you for this MyCode.
This progress bar is a SERIOUS SERIOUS security hole.
You should really read more about XSS and/or HTML injection.
Also, use
\[pbar\]([0-9].{0,2})\[/pbar\]
instead
Yes this is a neat plugin, but quite easily exploitable. It's like being paid $500,000 to leave open your safe where you keep $1,000,000.
I didn't write it. If you want to help me fix it though, I would be glad.
Basically just use the regular expression I provided in my previous post here. This way only numbers will be parsed into a progressbar, without the risk of injecting malicious code.
(2010-01-06, 10:39 PM)Tierney Wrote: [ -> ]Hey, I found a working progress bar on a MyBB Mods site (Original can be found here, it was made by Stoker and posted by Svizy.) and I edited it a bit, so I hope you like it:
Title:
Progress Bar
Short Description:
This will add a progress bar.
Regular Expression:
\[pbar\]([0-9].{0,2})\[/pbar\]
Replacement:
<div style="background-color:#ffffff; width:100px; border: 1px solid black;"><div style="background-color:#00CCFF; color:#000000; font-weight:bold; max-width: 100px; width:$1px;"> $1%</div></div>
Is it an open source, freeware, shareware or commercial product?
