BB Code (flash animations .swf)
 

What does it do?
This BB Code allowes to insert .swf animations into your posts or user's signatures.
When you click on "F" button (see zip file) you have to do this:
1.- Enter height and width values (see screenshot 1)
2.- Enter your .swf URL (see screenshot 2)
3.- That's all !!

Demo
http://www.seusers.com/foro/142266-post20.html (Signature)

Works with vb 3.8.x??
Yes

How to install?
Upload image form zip file.

Goto AdminCp->Custom BB Codes->Add new BB Code
History

• 1.0 Release
• 1.1 Fixed some code. Now working with vb 3.8.x and 4.0.3

thank you i will try it

This is worse than letting someone use HTML in their signature. Imagine how quickly somebody could spread a virus, considering how big said person's forum is.

Oh my God!, maybe I should uninstall ads on my forum, because they are using almost the same code.

C´mon people, swf files are just animations, just like youtoube embebed videos, flv videos. How come do you attach a virus on an animation?.

Best regards

I Suppose a swf can contain malicious code.

http://www.sophos.com/security/analy...swflfm926.html

yeah, specially if you execute it /open it manually.
NEVER a swf animation executed on a web page will interact with your hard disk files, Macromedia has implemented policies to avoid this kind of actions

Interesting, it says something about interact with a program INSTALLED in your har disk, oh and dowload that file... oh yeah, I got it, "virus attack if I DOWNLOAD an swf file, save it on My Documents or something and then I open it" .... Jesus, what's that for??, did you forget that you were surffing the internet and visiting a forum? ?? Don't do experiments if you don't know what you are doing.

Totally inofesive that code, I repeat, is the same code used on http://www.msn.com/ at Advertisement, or at http://www.nfl.com/ or any site with flash animations.

Please people, don't worry... be happy :)

If you don't want to take "the risk", please just don't install it.
Sharing this bb code wont help me to hack your site or get your bank account PIN or something.

This is one of the biggest security holes I have seen on here yet!!!! Allowing HTML, is one thing, but a SWF is totally different.

Yes, it could be used for pretty animations in signatures, but it can also be used for malicious purposes. Okay, many companies use flash adverts, but these are designed by professional flash authors who do not place actionscript in SWF files for other purposes.

SWF files do not need to be downloaded to your PC to infect it (You are correct on that remark!), with SWF's it's done on a much larger scale. SWF files can easily be coded to do call-backs, cause re-directs and much more.

People will not be happy when they lose their forums because of a modification, that has opened up their vBulletin to attacks.

I cannot see this modification being allowed to stay on vbulletin.org when it is such a high security risk to any forum!

It would not be too bad if it was Usergroup specific, but it is not even that.

Man, for security reasons, please change password and MP the new one.
I can see you are using another swf bb code. Maybe the other ones is creating conflict.

I see, your bb code Replacement stuff is wrong man, you have something like this:

<EMBED src={option} quality=high loop=true menu=false {param} TYPE="application/x-shockwave-flash"</EMBED>

Please, copy and paste just like this:

... or switch {option} and {param}

If you need help, you can make a temporary admin account and MP me user name and password, so I could take a look.
Regards

thanks
but why flash is small
and i dont have choise to change px

not working

This is a REALLY good mod.

Just allow ADMINS or set usergroups to upload SWF.

I really NEED this code + thanks.

Would this allow me to embed a flickr slideshow? I'm desperately looking for some flickr slideshow bbcode, would this work for it, or could it be modified slightly to make it work?

Thanks.

for vb 4.0.3 not working

Not working on vb 4.0.3

Please update asap! thanks.

very very good thanks

didn't notice it wasn't working with vb4.0.3
while we wait. here is a better image to use ;)
:up:

Cool image Hippy.
Updated and working with vb 4.0.3

It's normal that not working !

The url has been truncated.

For avoid doing that, put the .txt file in archive.

Rare, it's working for me, url truncated or not BB Code works anyway
See https://vborg.vbsupport.ru/attachmen...9&d=1272955427

.txt added to zip file

i'm using this replacement :-

thats cool

thanks!

thanxx foor update bro

its working fine with me but size too small!

you can always change red values dude for bigger size :)

[swf="height=100 width=400"]http://www.seusers.com/intro.swf[/swf]

what if i dont want a size; can i remove it so it will take whatever size user going to put?

i cant see what ur saying
<object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://download.macromedia.com/pub/s...ersion=7,0,0,0" {option} id="Untitled-1" align="middle">
<param name="allowScriptAccess" value="sameDomain" />
<param name="movie" value="{param}" />
<param name="quality" value="high" />
<param name="bgcolor" value="#ffffff" />
<param name="wmode" value="transparent">
<param name="menu" value="false"/>
<embed src="{param}" quality="high" bgcolor="#ffffff" {option} wmode="transparent" align="middle" allowScriptAccess="sameDomain" type="application/x-shockwave-flash" pluginspage="Adobe - Adobe Flash Player" />
</object>

hmm

<object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=8,0,0,0" {option} id="Untitled-1" align="middle">

lets see

whats stopping me from doing this... (entering this data when posting the swf tags with option)


<object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=8,0,0,0" onLoad="window.location.href = "http://www.whatever.com";" id="Untitled-1" align="middle">

thats a good way to either deliver people to malicious sites or even better redirect member traffic


Also no offense but loading the web page is interacting with EVERYTHING on the page

there's websites that all you have to do is go to them to get a virus or malware.

also this mod is not safe from XSS attacks and the obvious other problems with remote and in malicious code that may be in relation to the swf file.


I suggest go higher in depth into the mod and have it interact with a php file which takes care of security issues. at leat do something about the xss attacks. and just take the risk with the flash files. There are security measures for flash files to. lok em up and learn :p

I tried this and it does work well but since I'm the only one (admin) that needs to post flash,
I allow only myself to post in html and therefore can post flash without this bbcode.

theres an advanced bbcode permissions mod here that you could use this with usergroups you trust, thats works well too

Does not work on v4.0.5

If you can update through

good thanks

waiting update v 4.0.5

Me too, or should I say soon 4.0.6 ;)

Another vote for this being a serious security issue... I won't ever post in this thread again but I could not ignore this without warning people to seriously research the issue if they don't understand the risks in this. Limiting the use to trusted admins is an absolute minimum.

thanks

Installed & working

4.1.1

It works on 4.1.3
THANKS

Obviously, you are not a flash author or you would know that statement is completely incorrect. Flash SWF files on any webpage are executed automatically upon page load. Anyone that knows actionscript could easily upload and cause serious damage to any forum that has this modification enabled.

Any forum carrying this sort of modification is leaving itself open to security issues. By the way, SWF files are cached directly to your system, so in affect they are downloaded. Here's just one example... Open up Flash, in the first frame add this code:

This is AS3.0 code..

Now you have a redirect, if anyone hits the post containing the uploaded SWF file. Even more dangerous is if the code is far more malicious. The above code could easily redirect a person to another site containing a trojan which would infect their systems or even coded as a XSS exploit.

These advertisements are added by web development teams and would under go strict QA before being allowed on a page. The only part that is safe about this code is the embed code, but even this breaks Strict xHTML W3C policies, check your coding regarding embedding flash correctly on a webpage and consider vB4 uses Strict xHTML, so by using this coding you are straight away breaking the Strict xHTML of vB4.

Nobody would be happy with a hacked database, or a forum that is infecting peoples systems. Eventually, Google would place a 'Red' Alert page for malicious code if the problem was not dealt with. This is a very serious security hole to add to vBulletin and in my opinion like many others on here, should be removed for peoples safety, at least.

This works perfectly with vB 4.1.11!

works perfectly with Version 4.1.3 too