UBB.Developers Forums UBB.threads 6 V6 Modifications Beta-[6.3-6.4] Allow Dynamic Images from Known Referer

Mod Name / Version: Allow Dynamic Images from Known Referer

Description: Allow Dynamic Images from Known Referer, files containing question marks in the url are dissallowed by threads, some sites protect thier bandwidth with a redirection script this hack allows the known refer's images to be marked up.

Working Under: UBB.Threads 6.3-6.4

Mod Status: Beta

Any pre-requisites: None

Author(s): Turbosport

Date: 12/14/03

Credits: Clint Gaskin

Files Altered: /lang/englis/generic.php

ubbt.inc.php

New Files: None

Database Altered: No

Info/Instructions: Allow dynamic images from known referer

Clint Gaskin December 2003 V1.0 for T6.4

=================================================================
In Generic php add this (changing details to match your domain):=
=================================================================

$ubbt_lang['TEXT_IMAGEREFERER'] = "http:\/\/upload.turbosport\.co\.uk";

=================
in ubbt.inc.php:=
=================

Find:

// ---------------------
// Convert image markup
if ($config['allowimages']) {
if (!preg_match("/(\[IMG\]|\[{$ubbt_lang['TEXT_IMAGE']}\])(.*?)(\?|"|')(.*?)(\[\/IMG\]|\[\/{$ubbt_lang['TEXT_IMAGE']}\])/i",$Body)) {
$Body = preg_replace("/(\[IMG\]|\[{$ubbt_lang['TEXT_IMAGE']}\])http([^\[]*)(\.gif|\.jpg|\.png)(\[\/IMG\]|\[\/{$ubbt_lang['TEXT_IMAGE']}\])/i","<img src="http\\2\\3">",$Body);
}
}

Add this below it:

// ---------------------
// Convert dynamic image markup from known referer
if ($config['allowimages']) {
if (preg_match("/(\[IMG\]{$ubbt_lang['TEXT_IMAGEREFERER']}|\[{$ubbt_lang['TEXT_IMAGE']}\]{$ubbt_lang['TEXT_IMAGEREFERER']})(.*?)(|"|')(.*?)(\[\/IMG\]|\[\/{$ubbt_lang['TEXT_IMAGE']}\])/i",$Body)) {
$Body = preg_replace("/(\[IMG\]|\[{$ubbt_lang['TEXT_IMAGEREFERER']}\])http([^\[]*)(\.gif|\.jpg|\.png)(\[\/IMG\]|\[\/{$ubbt_lang['TEXT_IMAGE']}\])/i","<img src="http\\2\\3">",$Body);
}
}



Disclaimer: Please backup every file that you intend to modify.
If the modification modifies the database, it's a good idea to backup your database before doing so.

Note: If you modify your UBB.Threads code, you may be giving up your right for "official" support from Infopop.If you need official support, you'll need to restore unmodified files.

Nice - thanks.

Works great, thanks Clint.

How about requiring a slash at the end of domains so that people won't be able to spoof the domain by doing something like this:

http://upload.turbosport.co.uk.a.domain.of.my.own.com/maliciousscript.php?image=asdf.gif

Cheers Gardener, I had done more on this, there was a flaw in the match as well new code here:

Allow dynamic images from known referer

Clint Gaskin December 2003 V1.3 Beta for T6.4

=================================================================
In Generic php add this (changing details to match your domain):=
=================================================================

$ubbt_lang['TEXT_IMAGEREFERER'] = "http:\/\/upload.turbosport.co.uk\/";
$ubbt_lang['TEXT_IMGREFERERNOSLASH'] = "http://upload.turbosport.co.uk/";

=================
in ubbt.inc.php:=
=================

Find:

// ---------------------
// Convert image markup
if ($config['allowimages']) {
if (!preg_match("/(\[IMG\]|\[{$ubbt_lang['TEXT_IMAGE']}\])(.*?)(\?|"|')(.*?)(\[\/IMG\]|\[\/{$ubbt_lang['TEXT_IMAGE']}\])/i",$Body)) {
$Body = preg_replace("/(\[IMG\]|\[{$ubbt_lang['TEXT_IMAGE']}\])http([^\[]*)(\.gif|\.jpg|\.png)(\[\/IMG\]|\[\/{$ubbt_lang['TEXT_IMAGE']}\])/i","<img src="http\\2\\3">",$Body);
}
}

And Replace With:

// ---------------------
// Convert image markup and allow dynamic from known referer

if ($config['allowimages']) {
if (preg_match("/(\[IMG\]{$ubbt_lang['TEXT_IMAGEREFERER']}|\[{$ubbt_lang['TEXT_IMAGE']}\]{$ubbt_lang['TEXT_IMAGEREFERER']})(.*?)(|"|')(\[\/IMG\]|\[\/{$ubbt_lang['TEXT_IMAGE']}\])/i",$Body)) {
$Body = preg_replace("/(\[IMG\]{$ubbt_lang['TEXT_IMAGEREFERER']}|\[{$ubbt_lang['TEXT_IMAGE']}\]{$ubbt_lang['TEXT_IMAGEREFERER']})([^\[]*)(\.gif|\.jpg|\.png)(\[\/IMG\]|\[\/{$ubbt_lang['TEXT_IMAGE']}\])/i","<img src="{$ubbt_lang['TEXT_IMGREFERERNOSLASH']}\\2\\3">",$Body);
}
if (!preg_match("/(\[IMG\]|\[{$ubbt_lang['TEXT_IMAGE']}\])(.*?)(\?|"|')(.*?)(\[\/IMG\]|\[\/{$ubbt_lang['TEXT_IMAGE']}\])/i",$Body)) {
$Body = preg_replace("/(\[IMG\]|\[{$ubbt_lang['TEXT_IMAGE']}\])http([^\[]*)(\.gif|\.jpg|\.png)(\[\/IMG\]|\[\/{$ubbt_lang['TEXT_IMAGE']}\])/i","<img src="http\\2\\3">",$Body);
}
}

=====END=====

Looks good! Thanks for this Clint! Will probably add this mod once I start running 6.4.

One thought, why not add the referer host in the config file instead?

Sorry another slight change due to the slashes in the html have edited above post to v1.3

Gardener its a lot more code especially if you integrate it as a setting, my personal opinion is the less files to modify with a hack the better; just a easy for people to use the lang file to hold variables isnt it ?

I don't understand, just editing the config file instead of a language file won't make it more files to edit. Besides, the config file can be changed from the admin page. I really think configuration should be kept separate from language files. Especially if it is the same setting for languages, since all languages that are used on the site will have to be edited.

Point taken, will change next version I thought you meant make it a setting, I hadnt thought of the other langs as I only use english, thanks for the input m8