Version: 2.0, by Zero Tolerance
Developer Last Online: Nov 2023
Version: 3.5.0 RC2
Rating:
Released: 07-27-2005
Last Update: 04-22-2006
Installs: 1831
Uses Plugins Template Edits
Additional Files
No support by the author.
[high]Staff Edit/Update[/high]
I have released an updated version of this hack (version 2.0.1), this version fixes some security issues with this hack. All version prior to this one allow users to insert html in their shouts, this can cause problems with them using html that breaks the site layout or malicious javascript. Download the new zip file (vBshout_fixed.zip) and upload the new vbshout.php file to patch/upgrade. If you want to manual instructions they are in the zip file, in the file bugfixes.txt
Second Staff update
I've uploaded a new version of this hack, dubbed '2.0.2'. This one should fix the html injection issues without breaking special characters. To upgrade, download the new zip file and upload the new vbshout.php file.
Please note that this only fixes the html injection issues. I do not use this hack on my own forum (although I've tested this on a client's board) so I will not be fixing the server load issues. I suggest you do not install this hack if you can't deal with the extra server load, as it's rather intensive.
- Brad
[high]End staff edit[/high]
Well, been a while since I've been to vb.org and released anything, thought i'd break the trend and whip up something quick while I have a little spare time.
A shoutbox as you would assume, a very simple one to start off with, but does include AJAX Technology, which pushes the shoutbox 1 step closer to live, messages from other people will appear with no refreshing, and so will yours that you post
A preview is below, i'd estimate a 50 second installation max
Primary Features:
- AJAX Technology (no refreshing)
- Administration control an display element options
- Fast format editor
Change Log::
- v1.1:
WOL (Who's Online) Correction
- v1.2:
New Posting Featurs (Bold/Italic/Underline/Colour/Font)
Admin Controls
- Change location/position of shoutbox
- Change number of shouts displayed
- Switch vbcode/similes on/off
- v1.3
Firefox javascript issue fixed
New Admin Controls
- Command Activation
- Swtch extra format options on/off
- Change position of editor (above/below messages)
New Commands
- /prune (Clears the shoutbox completely)
- /prune [username] (Clears all shouts posted by specified user)
- v1.4
Usergroup HTML Markup For Usernames
Clear Editor Button
Emoticons Pop Up Menu
Time display configurated to vBulletin settings
Username Links To Profile
New Admin Conrols
New vBShout Position (Directly Above Forums)
Banned Users
Banned Usergroups
Banned Permissions
Smilie Pop-Up Box Height
Smilie Pop-Up Box Width
New Commands
"/me" - Action message (all users are able to use this command)
/pruneshout [shout] - Deletes a single shout
- v1.5
Improved Smilies Display
XHTML 1.0 Transitional Valid (couple of errors fixed)
New Admin Options
Shoutbox Height
Smilies To Show
Shout Messages Order
Banned Permissions (fixed)
- v1.6
Bug Fixes:
- Unable to delete shouts that used /me command fixed
- Shouts being displayed from bottom-upwards only showed first 20 shouts
Automatically parses URL's
- v2.0
New Archive
- Displays shouts and pages
- Stats and top 10 shouters
- AJAX Edit/Delete (staff can edit/delete all shouts)
Enjoy,
- Zero Tolerance
Show Your Support
This modification may not be copied, reproduced or published elsewhere without author's permission.
Thats not a direct security risk anyone can control, anyone could post a picture to an image thats behind htaccess on anywhere you allow the image bbcode.
Thats not a direct security risk anyone can control, anyone could post a picture to an image thats behind htaccess on anywhere you allow the image bbcode.
I got probem after updating the vbshout_fix . I can not type " ... " anymore . The quotation mark doesn't work , please check it out !!!
Lol you can always tell the people that don't read before they post. They're looking into it, it has to do html not being allowed. Just scan some previous posts, it's all there.
Lol you can always tell the people that don't read before they post. They're looking into it, it has to do html not being allowed. Just scan some previous posts, it's all there.
It didn't happen with orginal vbshout 2 on my board !!
Yes my update fixes that issue, although it does not restrict input to NOHTML, it simply cleans it when it's called from the database.
Quote:
Brad's update didn't fix the current problems
My update fixed only one problem and that was allowing users to inject html.
Quote:
Why are you using htmlspecialchars() as the 'fix' function? That only causes special chars to get converted... why not use strip_tags() ?
Strip_tags will give you results that are just as bad. For example try posting this in the shoutbox "& <-- no &" this will display "&" because everything after < is stripped.
Update
I've uploaded a new version of this hack, dubbed '2.0.2'. This one should fix the issues without breaking special characters. To upgrade, download the new zip file and upload the new vbshout.php file.
Please note that this only fixes the html injection issues. I do not use this hack on my own forum (although I've tested this on a client's board) so I will not be fixing the server load issues. I suggest you do not install this hack if you can't deal with the extra server load, as it's rather intensive.