UBB.Developers Forums Community Development Programming HTML, CSS, and JavaScript How do I remove the html BODY tage blocker in 6.5?

It is crucial that people be able to destroy the layout of my board. Version 6.5 doesnt not allow some to post the BODY command within a post (version 6.3 allowed this). What file and what line do I need to edit?

Thanks

Why in gods name would you want to do that?

just allow them to upload php and cgi files.... I'm sure they could destroy your site easily with that

ahahaha. My site has always been one based on havoc and free will. With the release of 6.5 the "forced" blocking of the BODY tag annoys me. They should have made it an option.

So, what do I change?

I don't think you'll find someone willingly giving out that info, and it would never be an option in any case You should be able to find the appropriate subroutine in ubb_lib_posting.cgi I believe

Why would they not give that info out? Its a simple feature that was added somewhere between 6.3 and 6.5. Its not in that file though. Does anyone know or is all just guess work?

It's not a 'feature', it's a plugged security hole... your forum is possibly the only one on the internet (including *all* forum scripts) that would not want it patched. I'm not sure who you could ask...

Apparently no one has a clue. Amazing how the supposed "programers" jsut dont know. I'll tell you why the forced block is not good:

1 - My users are knuckleheads and like to display background images on their posts for uniqueness and creativity

2 - My users embed audio clips in the posts which is VERY funny to hear when you read a post.

3 - The BODY TAG feature does nothing to UBB. It simply overr-rides the existing BODY tag which only affects the layout of that particular topic (not the entire website).

SOMEONE has to have a clue. For me to find it and disable it would not say much for the creators of UBB who cant seem to locate the block.

Posting the answer here would not cause any security issues at all since its editing a file that no one has access to. Any dummy knows that hacking ANY cgi file related to UBB could kill it totally. If someone knows and doesnt want to post just email me or request me to email you.

The same subroutine that prohibits the body tag also prohibits many other elements, including embed and object. It's called check_html_core, and is in ubb_lib.

We do not hand out exact instructions on how to give your UBB security problems large enough for a Mack truck to drive through.

Version 6.3.1 did not have any such blocks so why the sudden move to block all embded html when there were X number of versions prior that didnt have the block either?

But as annoying as it is I can only guess that UBB had good reasons because classic used to be the most unstable script I had ever run and now its quite reliable. The block is just something I wasnt prepared for.

Body, embed, object, and all the rest have been blocked since the 5 series days. You must have removed the filtering in the version you were using.

No sir Seriously. I had several 5 versions then jumped to 6.3.1 and left it totally original. Not 1 single add-on at all. We used to be able to just add the BODY command to a post and change the background image on that post alone. BUT, I did upgrade from 5x to the 6.3.1 so, possibly, an older file was not over written? Thats the only thing I can think of.

Trust me, I wrote the code myself. Those tags have been blocked for ages.

WELL.... since you asked all nice and such.. :rolleyes:

Charles is the guy who's written the ubb code since the days of 6.01, I'm sure he has a clue... he's told you where to find it, run along now and play nice with the other kids...

Wassup everyone.

And so...What have I missed?

heheh