Development bbcode parsing

Discussion in 'Software' started by Fusen, 18 Apr 2006.

  1. Fusen

    Fusen What's a Dremel?

    Joined:
    17 Jan 2004
    Posts:
    351
    Likes Received:
    0
    I have a site where we use BBCode for users comments, the problem is people
    are including php links within the tag and as long as the
    script is local, it will rin.

    such as

    [​IMG] would force everyone to logout

    I then thought why not just check the contents of the img tag using regex
    and it worked when it searched for "?x=" which would block the exploit, the
    only problem to this is that when I tried substituting x for the ascii value
    it would get through the filter and also end up executing the php script
    again.

    so my next line of call is validating the contents of with a
    getimagesize() function, but I'm having trouble actually assigning the link
    they give to a value, such as
    [img]?x=logout

    $imgcontents = "?X=logout";

    which is why I'm here to see if anyone can help or give me other possible
    solutions on how to fix the problem, I know we could just assign a hash for
    logging out such as "?x=logout&hash=$hash" which then only the single user
    would be able to guess, but we are also getting people deleting other
    peoples posts through this method, plus all of our links are GET requests so
    we can't check for POST then delete.

    thanks

    Michael
     
  2. AlexB

    AlexB Web Nerd

    Joined:
    22 Dec 2005
    Posts:
    2,526
    Likes Received:
    173
    is it really an issue? i mean, its a flaw on all forums i think?

    test
     
  3. Atomic

    Atomic Gerwaff

    Joined:
    6 May 2002
    Posts:
    9,646
    Likes Received:
    94
    That will only log you out.

    ?do=logout&u=22927

    the u=22927 bit is referring to your username and so if i click it i get an error.
     
  4. Fusen

    Fusen What's a Dremel?

    Joined:
    17 Jan 2004
    Posts:
    351
    Likes Received:
    0
    I understand that its a flaw with php but on this site it is a real problem as anyone can delete anyone elses posts
     

Share This Page