vb.org Archive
Page 151 of 198 « First 51101141149150 151 152153161 Last »
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin 3.5 Add-ons (https://vborg.vbsupport.ru/forumdisplay.php?f=113)
-   -   AnyMedia BBCode for 3.5.x (https://vborg.vbsupport.ru/showthread.php?t=106239)

nix 08-22-2006 11:19 PM
Quote:
Originally Posted by jeremycs
Where exactly are the installation instructions?

I don't see anything that looks like install instructions.

There is an "install.htm" but it contains references to VB paths & there is no explanation on how to use this file.


Whn I unzip there are simply 3 directories:

do_not_upload
import
upload


in do_not_upload, the only thing that resembles instructions is the "install.htm" mentioned above.

Is there a readme file missing or something?
do the file edits in the install.htm

jeremycs 08-22-2006 11:38 PM
VERY SORRY...

.... the mozilla noscript extention was blocking the install.htm file from loading properly.

jeremycs 08-23-2006 01:35 AM
Anyone know the quickest way to disable autoplay / autostart (even if users enables it in the MEDIA tags) ?


Is it possible to hardcode a value of 0 / no / false somewhere for the autoplay value?

Maybe something around here in includes/class_anymedia.php?


PHP Code:
 var $_mediaInfo = array(
                'width' => 0,
                'height' => 0,
               'autoplay' => '',
                'extension' => '',
                'loop' => 0,
                'url' => '',
                'link' => '',
                'mime' => '',
                'type' => '',
                'id' => 0,
                'layout' => 0,
                'extra' => array()
        ); 

Or maybe it would just be easier to strip the media tag flags when they are submitted (if you're worried about getting thread-DOS'ed via autoplay)

phkk 08-23-2006 03:01 AM
Quote:
Originally Posted by nix
I just changed my google section in class_anymedia.php to this.



PHP Code:
//    {{{    google()

    /**
     * Google Video.
     * @param    array    media info array
     */
    function google(& $mediaArray)
    {
        if (preg_match('/docid=([^(\&|$)]*)/i'$this->_mediaInfo['url'], $match) || preg_match('/docid\/([^(\&|$)]*)/i'$this->_mediaInfo['url'], $match) || preg_match('/video_id=([^(\&|$)]*)/i'$this->_mediaInfo['url'], $match)) {
            if(intval($this->vbulletin->bf_misc_anymediaplayer[$mediaArray[1]]) & $this->vbulletin->options['anymediaplayer']) {
                $this->_mediaInfo['url'] = $this->vbulletin->options['bburl'] . '/players/flvplayer.swf?file=' $match[1] . '&site=youtube&autoStart=' iif($this->_mediaInfo['autoplay'] == 'true''true''false');
                $this->_mediaInfo['height'] += 20;
            } else {
                $this->_mediaInfo['url'] = 'http://video.google.com/googleplayer.swf?docid=' $match[1];
            }
            $this->player($mediaArray);
        } else {
            $this->_mediaInfo['type'] = 'error';
        }
    }

    //    }}} 

will this code work for google using anymedia flash player ( not google flash player)

nix 08-23-2006 03:44 AM
nope.

MajorFm.com 08-23-2006 08:16 PM
Quote:
Originally Posted by MajorFm.com
Also does anyone know why this happens:

White Screen Instead Of Player - Even Though I Refreshed Again & Again
http://www.majorfm.com/forum/video-v...l-panties.html

but when you view the post on its own:
http://www.majorfm.com/forum/218984-post1.html

Seems to work fine on firefox though....

It works fine... something must be conflicting it on thread view... any suggestions?
I still cannot see em in ie... cannot work it out, on the flash dl site it says:

You have version 8,0,24,0 installed

I'm baffled... can't view it on 4 machines...

its fine in firefox...

any idea people?

thebuckeyeforum 08-26-2006 04:09 PM
I am good up until the final step. I cannot find the "Anymedia bbcode permissions."

I am looking in the usergroup permissions but do not see it.

Am I missing something?

Mysticales 08-26-2006 04:15 PM
Maybe redo your bitfield so it updates, Then try.

My concern is.. I am not secure about using this.. seems users could spam flash players all over a thread.. =/ Wonder what everyone does to secure this.

jeremycs 08-26-2006 04:41 PM
Quote:
Originally Posted by Mysticales
My concern is.. I am not secure about using this.. seems users could spam flash players all over a thread.. =/ Wonder what everyone does to secure this.


There are definitely some security issues to consider when using this module.

#1: Think strongly about allowing macromedia files to be one of the file types that are allowed to play. (ie .swf and the other 2 in that row). It's very easy for someone to construct a .swf that will redirect your member to a url of the .swf authors choosing. Perhaps the site they redirect them to looks just like YOUR sites login page? Making the user think they are logged out and they need to log in again. But instead, the flash author harvests their password & logs them in to your board as if nothing happened.

#2: As mysticales says above, and I have said, and someone else originally said in this thread... there is potential for per-thread denial of service attacks. The attacker would just need to make a few posts and autoplay 20-30 large files.

Suggested fixes:

For #1: There's no fix really, unless your server pulls the submitted .swf or flash file on submission, scans it for anything you consider malicious, and then hosts it locally. Scanning a hotlinked .swf & leaving it that way would do no good because the person could just change the .swf file to something malicious later.

Btw, I'm think the same goes for certain windows media files as well... .asf and .asx I believe.

For #2: Add options to limit things like:

- The number of media tags a user can enter per day
- The number of media tag allowed per thread

And most importantly:

Ignore user-submitted autoplay? (YES) / NO

G_Man 08-26-2006 11:16 PM
Quote:
Originally Posted by jeremycs
There are definitely some security issues to consider when using this module.

#1: Think strongly about allowing macromedia files to be one of the file types that are allowed to play. (ie .swf and the other 2 in that row). It's very easy for someone to construct a .swf that will redirect your member to a url of the .swf authors choosing. Perhaps the site they redirect them to looks just like YOUR sites login page? Making the user think they are logged out and they need to log in again. But instead, the flash author harvests their password & logs them in to your board as if nothing happened.

#2: As mysticales says above, and I have said, and someone else originally said in this thread... there is potential for per-thread denial of service attacks. The attacker would just need to make a few posts and autoplay 20-30 large files.

Suggested fixes:

For #1: There's no fix really, unless your server pulls the submitted .swf or flash file on submission, scans it for anything you consider malicious, and then hosts it locally. Scanning a hotlinked .swf & leaving it that way would do no good because the person could just change the .swf file to something malicious later.

Btw, I'm think the same goes for certain windows media files as well... .asf and .asx I believe.

For #2: Add options to limit things like:

- The number of media tags a user can enter per day
- The number of media tag allowed per thread

And most importantly:

Ignore user-submitted autoplay? (YES) / NO

Because of concerns like this only Admin/Mods are even allowed to use this on my forum. Still a wonderful addition to the forum though. :D


All times are GMT. The time now is 05:06 AM.
Page 151 of 198 « First 51101141149150 151 152153161 Last »
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.02774 seconds
  • Memory Usage 1,775KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (2)bbcode_php_printable
  • (5)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (4)pagenav_pagelinkrel
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete