vb.org Archive
Page 1 of 11 1 23 Last »
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin 2.x Full Releases (https://vborg.vbsupport.ru/forumdisplay.php?f=4)
-   -   Stop Users from Cross-linking Attachments (https://vborg.vbsupport.ru/showthread.php?t=35399)

Guru 02-23-2002 10:00 PM
I've hacked my attachment.php script to prevent users from posting an attachment on my board, and then using the HTML to display it somewhere else. This prevents people from posting a pic on your board, then using your bandwidth to place that pic elsewhere. It is a tiny code change.

I've substituted my own logo, (LOL), but you can replace that with anything, or just use the "exit;" line to eliminate the pic entirely.

In attachment.php, right after:
PHP Code:
require("./global.php"); 
Add the following code:
PHP Code:
// Cross-link hack by Guru 2/24/2002
// Check that we aren't linked somewhere else
$url parse_url($_SERVER['HTTP_REFERER']); 
$checkurl strtolower($url["host"]); 
if (! strstr($checkurl"yourdomain")) {

    // Remove this code if you just want to break the image
    // Substitute my Logo
    header("Content-Type: image/gif"); 
    $filename "/usr/public_html/grafix/logo.gif";
    $image fread(fopen($filename,"r"),100000); 
    echo $image
    fclose($image);
    // End Substitute my Logo

    exit; 

Change yourdomain to your actual domain name, and the logo URL to what you want to replace the cross-linked image with.

NOTE: Changed to use the full path in "$filename = ..." to get this to work on some servers.

ANOTHER: See this post in this thread for a modification that works on Win32 servers: https://vborg.vbsupport.ru/showthrea...895#post297895

AGAIN: If you modify avatar.php similarly, you can prevent people from cross-linking your avatars: https://vborg.vbsupport.ru/showthrea...893#post303893

UPDATE: The parse_url line is slightly different to use the new PHP syntax.

Dade 02-24-2002 07:49 PM
Excellent hack, most useful! Keep up the good work/hacks

nafae 02-24-2002 07:54 PM
so, just making sure, this hack will, if someone goes to say http://www.stealsomeonesbandwidthbyp...heirserver.com and links to a pic on http://www.yoursite.com it will replace the pic with one of your choice such as "image hosted by coderforums.net"?

Guru 02-24-2002 08:00 PM
Yep. That's it exactly.

Tim Wheatley 02-24-2002 08:08 PM
Can you add more than one domain? For example do I need to add forum.racesimcentral.com AND www.racesimcentral.com, or just put racesimcentral.com?

if (! strstr($checkurl, "racesimcentral.com")) {

Right?

Tim Wheatley 02-24-2002 08:20 PM
Never mind I checked and found racesimcentral.com is enough. :)

Guru 02-24-2002 08:51 PM
You can substitute "yourdomain" for just a part of your domain name. If you have ".com" and ".net" mapped to the same forum, then you could use just the base portion of you domain name. For example: yourdomain.com and yourdomain.net would be protected by just putting yourdomain in the check line.

Tim Wheatley 02-24-2002 09:49 PM
wow thanks :)

nafae 02-24-2002 11:03 PM
mm this is a great hack! I am going to install now and shall tell you how it works out :)

nafae 02-24-2002 11:26 PM
works great as far as I can tell!

Just testing :)

http://www.coderforums.net/attachment.php?postid=252


All times are GMT. The time now is 12:37 AM.
Page 1 of 11 1 23 Last »
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01165 seconds
  • Memory Usage 1,737KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (2)bbcode_php_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (2)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete