UBB.Developers Forums UBB.classic V5 Mod Questions CodeFilter_5xx - A Security Mod

Name: CodeFilter_5xx v1.02

Description This modification prevents users from posting executable Javascript code within a UBBCode tag. It closes a nasty security vulnerability found in all UBB 5.4x versions. See the instructions for a detailed description.

Author: el84

Compatibility: Tested on 5.47e, but should work on any 5.4x version.

Link: http://el84.addr.com/ubbmods/CodeFilter_5xx_102.txt

[ April 08, 2001: Message edited by: el84 ]

Wasn't this fix the purpost of Ubb 5.47e???

Perhaps.

However, read his description in the text file. It may not have been completely squashed.

Rev 1.01 is done. I know of no bugs in this version.

Link: http://el84.addr.com/ubbmods/CodeFilter_5xx_101.txt

Changes:

• Fixed leak in EMAIL UBBCode filter
• Added filter for fixed size FLASH UBBCode
• Small change to UBB Code Buttons code to make use of fixed size FLASH UBBCode safe
• Added filter for SOUND UBBCode
• Now only looks for unsafe use of double-quote character in UBBCode tags. Previous version might not have allowed some valid URLs.
• Added a kludge that eliminates the false positives described in v1.00 instructions. Ugly, but it works nicely.

All you still using UBB5.47e (or earlier) really should install this mod. Unfortunately, this is a mod that adds no cool features. Your users won't even know it's there. Only thing it does is prevent someone from trying to hijack your board, or mess up threads by slipping Javascript in the post.

Maybe this thread should be moved to finished hacks before UBB5 support disappears from this site. I see no reason to make any changes unless someone finds a bug with this mod.

Whoops. There was a bug in v1.01.

It screws up smilies that are preceded by a space. Fixed now.

Link: http://el84.addr.com/ubbmods/CodeFilter_5xx_102.txt

FYI, the UBB6 version of this mod never had this bug.

nice fix. thanks

I never saw this hack, Must have missed it anyway, Nice hack.