Jump to the post that solved this thread.
Solved: 10 Years, 1 Month ago MyCode Custom Error and <iframe>
#1
Solved: 10 Years, 1 Month ago Exclamation 
Good!


I have a problem with a custom MyCode and <iframe>.

I need to insert a photo in Instagram through a MyCode but this does not work.

The code and replace it generates conflict is:

<iframe src="$1/embed/" width="620" height="710" frameborder="0" scrolling="no" allowtransparency="true"></iframe>


How I can fix this?

Thank you!

Anyone?
Reply
#2
Solved: 10 Years, 1 Month ago
This code is insecure, you shouldn't use it at all.
Reply
#3
Solved: 10 Years, 1 Month ago
(2014-11-11, 01:28 PM)Destroy666 Wrote: This code is insecure, you shouldn't use it at all.

And that could otherwise be safer ? At the moment I 'm using this.

<object data="$1embed/" width="300" height="400" type="text/html"></object>
Reply
#4
Solved: 10 Years, 1 Month ago
You should really use a plugin and hook to parse_message_end because then you can do validation of the url to make sure it is what you intend it to be. If you don't, someone could put something like a porn site for the url which would not be good for your site.
Reply
#5
Solved: 10 Years, 1 Month ago
They could help me with regular expression? I got the following but it has errors, and missing check if http or https.

preg_replace('#\[inst\]http:\/\/\.instagram\.com\/p\/(.*)\/([0-9]+)\[\/insta\]#i', "<object data=\"$1embed/\" width=\"300\" height=\"400\" type=\"text/html\"></object>", $message);
Reply
#6
Solved: 10 Years, 1 Month ago
(2014-11-11, 01:28 PM)Destroy666 Wrote: This code is insecure, you shouldn't use it at all.

I would not say that iframe shouldnt be used........ if used with great caution, why not to to use it?
Reply
#7
Solved: 10 Years, 1 Month ago
(2014-11-11, 03:28 PM)devs Wrote:
(2014-11-11, 01:28 PM)Destroy666 Wrote: This code is insecure, you shouldn't use it at all.

I would not say that iframe shouldnt be used........ if used with great caution, why not to to use it?

Because MyCodes are available for everyone and someone can insert an iframe leading to anything unwanted.. That's far away form "great caution".
Reply
#8
Solved: 10 Years, 1 Month ago
Quote:Because MyCodes are available for everyone and someone can insert an iframe leading to anything unwanted.. That's far away form "great caution".

For me its not far away. The risk you are talking about occurs when admin is inexpierienced/inmature (many Poland based forums). Each and every serious admin would do what I ve said.....
Reply
#9
Solved: 10 Years, 1 Month ago
Solved!  Big Grin

preg_replace('#\[inst\]https?:\/\/instagram\.com\/p\/([A-z_1-9]+)(\/?)\[\/inst\]#i', "<object data=\"http://instagram.com/p/$1$2embed/\" width=\"300\" height=\"400\" type=\"text/html\"></object>", $message);
Reply
#10
Solved: 10 Years, 1 Month ago
(2014-11-11, 05:40 PM)devs Wrote:
Quote:Because MyCodes are available for everyone and someone can insert an iframe leading to anything unwanted.. That's far away form "great caution".

For me its not far away. The risk you are talking about occurs when admin is inexpierienced/inmature (many Poland based forums). Each and every serious admin would do what I ve said.....

I don't think you understand what I said. Most admins would obviously use it with caution, but forums and the MyCode parser aren't used by admins only. That's why the code solution posted by Steep above is much more secure than the one I criticized since it validates the instagram URL. So please stop misinforming others.

Also, still going on with the "Polish bad admins" stories? Another incorrect assumption - inexperienced admins are part of every country. And don't forget you're Polish yourself.
Reply
Jump to the post that solved this thread.


Forum Jump:


Users browsing this thread: 1 Guest(s)