vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   Modification Requests/Questions (Unpaid) (https://vborg.vbsupport.ru/forumdisplay.php?f=112)
-   -   Prevent [IMG] tag in reputation posting / Flaw being exploited (https://vborg.vbsupport.ru/showthread.php?t=111979)

jadkar 04-02-2006 01:36 PM
Prevent [IMG] tag in reputation posting / Flaw being exploited
 
Hello, I'm sure this is not a big deal and I'm hoping someone can let me know how to do this real quick because it's becoming a disaster.

I run a site with primarily kids on it. Someone discovered a flaw in vBulletin and have exploited it. Now 20-30 of these users are out of control and making a mess of the reputation system. I have disabled it for now, but I need to prevent them from doing this. Here's what's going on.......

They figured out when leaving "rep" for someone they can use the [IMG] tag in the comment. When they do they link to a photo that's super huge, like 8000x8000. Once this is done the poor user who received the "rep" can never load his "user CP", or it loads but takes forever. Each time this happens the only way for me to get rid of it is to actually go to the SQL database and do a search for the entry and delete it!!! There's no other way within the UserCP besides deleting all his/her "rep".

So yes, this is a mess. What I'm looking for is a way to just remove the ability of using the [IMG] tag when posting reputation.

Please help :(

Nathan2006 04-10-2006 08:33 PM
Yes I would also like to know how to stop this.

I have in the past seen this and large pics ending up in members rep in the usercp :(

Is there anyway of stopping the [img] tags?

Dsyn11 04-11-2006 12:08 PM
this is a fairly serious flaw and should be reported to vB bug tracker. If my members figure this out, I'll have to suspend the rep system as well. :(

Borgs8472 04-11-2006 12:16 PM
I fixed this bug on my old forum, but I'm no longer a member there now and don't quite remember how I fixed it. If you ask at www.wordforge.net they should tell you.

Nathan2006 04-13-2006 03:40 AM
I asked over at vb.com and Jake said: to ask over here ;)
Quote:
Originally Posted by Jake Bunce
I believe it shares this setting:

Admin CP -> vBulletin Options -> User Profile Options -> Allow [IMG] Code in Signatures
And I checked it and it does cut off the images but is there anyone that can help to just disable the [img] tags in the rep comments?

Thanks for any help :)

jadkar 04-16-2006 12:21 AM
Nobody else :( On this entire site of people developing all sorts of stuff nobody has any idea??

shockx5 06-15-2006 10:33 PM
I'm gonna have to bump this because my members on my site are exploiting this little flaw by posting grotesque porn (not pretty) and dead bodies and stuff.

Pretty serious...so any help is appreciated, and I only want [IMG] disabled for Reps.

peterska2 06-15-2006 10:55 PM
I can get all BB code disabled for reps, I'm just checking if it affects things like smilies now.

peterska2 06-15-2006 11:18 PM
Here we go, enjoy :)

https://vborg.vbsupport.ru/showthread.php?t=118715


All times are GMT. The time now is 08:13 AM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01061 seconds
  • Memory Usage 1,726KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (9)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete