Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 13 of 13
  1. #1
    Regular Coder
    Join Date
    Feb 2003
    Posts
    345
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Cool Do you now a script to automatically parse URLs like in this forum?

    ?

  • #2
    Senior Coder Nightfire's Avatar
    Join Date
    Jun 2002
    Posts
    4,265
    Thanks
    6
    Thanked 48 Times in 48 Posts
    Yes I do

  • #3
    Regular Coder
    Join Date
    Feb 2003
    Posts
    345
    Thanks
    0
    Thanked 0 Times in 0 Posts
    good 4 u!

  • #4
    Senior Coder Nightfire's Avatar
    Join Date
    Jun 2002
    Posts
    4,265
    Thanks
    6
    Thanked 48 Times in 48 Posts
    If you're wanting the code...

    Grrr, this vb code is driving me nuts.. see file in next post
    Last edited by Nightfire; 09-17-2003 at 11:53 PM.

  • #5
    Senior Coder Nightfire's Avatar
    Join Date
    Jun 2002
    Posts
    4,265
    Thanks
    6
    Thanked 48 Times in 48 Posts
    file here
    Attached Files Attached Files

  • #6
    Regular Coder
    Join Date
    Feb 2003
    Posts
    345
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I didn't think you were going to reply me!

    What I see is that you actually gave the real code to use in this forums! that's great because that is what I've been looking for.

    There are several lines in the txt, which one should I modify?

    The user sends to the db the urls this way:
    URL(http://www.codingforums)URL

    and everything between "URL(" and ")URL" must be replaced later on for a real link. How could I do it?

  • #7
    Senior Coder Nightfire's Avatar
    Join Date
    Jun 2002
    Posts
    4,265
    Thanks
    6
    Thanked 48 Times in 48 Posts
    *Shouts for mordred*

    The code in the file I posted is about as much as I know, and even that was taken from some forum software Mordred or some other regex understanding person will be able to help you more

  • #8
    Regular Coder
    Join Date
    Feb 2003
    Posts
    345
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I know I just have to modify some characters in one of those lines, but which one should I use and how?

    I'll try everything.

    Thanks Nightfire.

  • #9
    Regular Coder
    Join Date
    Feb 2003
    Posts
    345
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Well, it has not been that difficult after all (having already the code, that is). Check it out if you want and tell me if it could give any error:
    PHP Code:
    <?php

    $url 
    "bla bla bla URL(http://www.codingforums.com/)URL bla bla bla";

    echo 
    preg_replace("/URL\((http:\/\/.+?)\)URL/is","<a href=\"\\1\" target=\"_blank\">\\1</a>",$url);

    ?>

  • #10
    Senior Coder
    Join Date
    Jun 2002
    Location
    frankfurt, german banana republic
    Posts
    1,848
    Thanks
    0
    Thanked 0 Times in 0 Posts
    A modified version of the first regexp would be:

    Code:
    preg_replace("/URL\((.+?)\)URL/", "<a href=\"$1\">$1</a>", $message);
    This works, but is not very secure against Cross-Site-Scripting attacks. You can insert a lot of funky javascript code in there.

    Here's another one modified for your purpose, taken out of phpBB (and hopefully more secure since they updated exactly this code last week due to an exploit):

    Code:
    preg_replace("#url\(([\w]+?://[^ \"\n\r\t<]*?)\)url#i", "<a href=\"$1\">$1</a>", $message);
    Could be that the BBCode of this board eats some backslashes though.
    De gustibus non est disputandum.

  • #11
    Regular Coder
    Join Date
    Feb 2003
    Posts
    345
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Thanks Mordred, that's what I'm going to use. Just one more question: what do you mean with Cross-Site-Scripting attacks?

  • #12
    Senior Coder
    Join Date
    Jun 2002
    Location
    frankfurt, german banana republic
    Posts
    1,848
    Thanks
    0
    Thanked 0 Times in 0 Posts
    By allowing the user to put content up on the website, he could abuse this service to put a malicious javascript statement online instead of, in your specific case, an ordinary URL.

    You may say: "So he got a javascript instead on a page he does not control. What gives?" - but the script runs in the user's browser who accesses the page. It could be used to annoy someone (like launching alert() in an infinite loop) or, much more dangerous, to steal the user's cookie for the site, which might include a session_id for protected login area etc.

    This article elaborates on this topic:
    http://www.itsecurity.com/dictionary/xss.htm

    Just try to be careful. A good measure is to try hijacking your own site, or let a coworker do that.
    De gustibus non est disputandum.

  • #13
    Regular Coder
    Join Date
    Feb 2003
    Posts
    345
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I always try to validate everything as much as I can but my very first rule is to replace all < and > to &amplt; and &gt; (HTML is never allowed)

    Cheers!


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •