Version: 1.1, by SEW810
Developer Last Online: Nov 2022
Category: BB Code Enhancements -
Version: 4.0.3
Rating:
Released: 02-05-2010
Last Update: 05-03-2010
Installs: 87
Additional Files
No support by the author.
What does it do?
This BB Code allowes to insert .swf animations into your posts or user's signatures.
When you click on "F" button (see zip file) you have to do this:
1.- Enter height and width values (see screenshot 1)
2.- Enter your .swf URL (see screenshot 2)
3.- That's all !!
Title: Flash BB Code
BB Code Tag Name : swf
Replacement:
<object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=8,0,0,0" {option} id="Untitled-1" align="middle">
<param name="allowScriptAccess" value="sameDomain" />
<param name="movie" value="{param}" />
<param name="quality" value="high" />
<param name="bgcolor" value="#ffffff" />
<param name="wmode" value="transparent">
<param name="menu" value="false"/>
<embed src="{param}" quality="high" bgcolor="#ffffff" {option} wmode="transparent" align="middle" allowScriptAccess="sameDomain" type="application/x-shockwave-flash" pluginspage="Adobe - Adobe Flash Player" />
</object>
Example: [swf="height=100 width=400"]http://www.seusers.com/intro.swf[/swf]
Description: This BB Code allowes to insert .swf animations into your posts or user's signatures.
Use {option}: Yes
Button Image (Optional) : Upload from zip file to /images/editor or /your_style/images/editor if you are not using vbulletin default style.
Remove Tag If Empty: Yes
Disable BB Code Within This BB Code: No
Disable Smilies Within This BB Code: No
Disable Word Wrapping Within This BB Code: No (Not available in 3.8.x or lower, just omit it)
Disable Automatic Link Parsing Within This BB Code: Yes (Not available in 3.8.x or lower, just omit it)
History
1.0 Release
1.1 Fixed some code. Now working with vb 3.8.x and 4.0.3
Another vote for this being a serious security issue... I won't ever post in this thread again but I could not ignore this without warning people to seriously research the issue if they don't understand the risks in this. Limiting the use to trusted admins is an absolute minimum.
yeah, specially if you execute it /open it manually.
NEVER a swf animation executed on a web page will interact with your hard disk files, Macromedia has implemented policies to avoid this kind of actions
Obviously, you are not a flash author or you would know that statement is completely incorrect. Flash SWF files on any webpage are executed automatically upon page load. Anyone that knows actionscript could easily upload and cause serious damage to any forum that has this modification enabled.
Quote:
Interesting, it says something about interact with a program INSTALLED in your har disk, oh and dowload that file... oh yeah, I got it, "virus attack if I DOWNLOAD an swf file, save it on My Documents or something and then I open it" .... Jesus, what's that for??, did you forget that you were surffing the internet and visiting a forum? ?? Don't do experiments if you don't know what you are doing.
Any forum carrying this sort of modification is leaving itself open to security issues. By the way, SWF files are cached directly to your system, so in affect they are downloaded. Here's just one example... Open up Flash, in the first frame add this code:
Code:
var url:String = "http://www.google.com";
var request:URLRequest = new URLRequest(url);
try {
navigateToURL(request, "_self");
} catch (e:Error) {
trace("Error occurred!");
}
This is AS3.0 code..
Now you have a redirect, if anyone hits the post containing the uploaded SWF file. Even more dangerous is if the code is far more malicious. The above code could easily redirect a person to another site containing a trojan which would infect their systems or even coded as a XSS exploit.
Quote:
Totally inofesive that code, I repeat, is the same code used on http://www.msn.com/ at Advertisement, or at http://www.nfl.com/ or any site with flash animations.
These advertisements are added by web development teams and would under go strict QA before being allowed on a page. The only part that is safe about this code is the embed code, but even this breaks Strict xHTML W3C policies, check your coding regarding embedding flash correctly on a webpage and consider vB4 uses Strict xHTML, so by using this coding you are straight away breaking the Strict xHTML of vB4.
Quote:
Please people, don't worry... be happy
If you don't want to take "the risk", please just don't install it.
Sharing this bb code wont help me to hack your site or get your bank account PIN or something.
Nobody would be happy with a hacked database, or a forum that is infecting peoples systems. Eventually, Google would place a 'Red' Alert page for malicious code if the problem was not dealt with. This is a very serious security hole to add to vBulletin and in my opinion like many others on here, should be removed for peoples safety, at least.