Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Possible to restrict IMG tags?
#1
I was needing to know whether its not to restrict the use of IMG tags so that they can only display images from certain URLs such at imgur.com?

While not on my forum, I know that a user elsewhere is abusing a system
which allows him to get anyone's IP -- note, it is not a 0 day or anything of that nature, this is a known issue.

If anyone from the Dev team would like some more specifics, feel free to PM me.
#2
It's possible but you would need a plugin made.
#3
You realize that those images can be uploaded literally anywhere, and there is no possible way you can prevent this without removing the IMG tag completely. And the remote avatars. That just isn't possible. The most you could do is only allow image extensions, but there are still ways as that (such as a .htaccess rewrite, or even just slapping an &ext=.png on the end of the image url)

Those images are usually just php scripts that grab the IP address. Like the one below (which doesn't save the IP, just displays it on a black background).

<?php
$im = imagecreatetruecolor(120, 20);
$text_color = imagecolorallocate($im, 233, 14, 91);
imagestring($im, 1, 5, 5,  $_SERVER['REMOTE_ADDR'], $text_color);

// Set the content type header - in this case image/jpeg
header('Content-Type: image/jpeg');

// Output the image
imagejpeg($im);

// Free up memory
imagedestroy($im);
#4
While it's not sure fire you can easily use regex to check the url of image at post processing. The only way around it would be making sure "imgur.com/" was in the url for example. But, even then you could use regex to make sure there isn't to many characters before the start of that line.
#5
(2013-11-02, 07:04 AM)Alex Smith Wrote: While it's not sure fire you can easily use regex to check the url of image at post processing. The only way around it would be making sure "imgur.com/" was in the url for example. But, even then you could use regex to make sure there isn't to many characters before the start of that line.

I was thinking along these lines, it's a dirty solution, but nice to know that it is possible.


Forum Jump:


Users browsing this thread: 1 Guest(s)