XMB Forum Software
Not logged in [Login - Register]
Go To Bottom

Printable Version  
Author:

[Resolved] HTTPS links don't work on avatar URL input

Scarlet
Member
***




Posts: 60
Registered: 9-15-2017
Location: England
Member Is Offline

Mood: Excited for XMB's resurrection!

[*] posted on 9-16-2017 at 08:34 AM
[Resolved] HTTPS links don't work on avatar URL input


Full Board URL: http://scarlet-town.port0.org/
XMB Version: 1.9.11

Hi,

I've noticed this issue since the 1.9.11.14 upgrade (I think) and it seems to also be happening with 1.9.12 beta - which is what I'm using at the moment - so Xian might be able to aid with this :)

I think I have found a bug in which the URL input for the avatar field doesn't work with https:// URLs. The image I am linking is https://img.animebracket.com/1kal.jpg if that helps.

Could anyone look into the problem? Thank you and I am happy to use XMB ^^
View user's profile View All Posts By User This user has MSN Messenger
Xian
Member
***


Avatar


Posts: 47
Registered: 9-12-2017
Location: Los Angeles, California
Member Is Offline

Mood: w00h00!

[*] posted on 9-16-2017 at 02:20 PM


Hi. To fix this:

1. Open ./js/header.js

2. Around line 77 find:

if (input.value.substring(0, 7) == 'http://' || input.value.substring(0, 6) == 'ftp://') {

3. Replace with:

if (input.value.substring(0, 7) == 'http://' || input.value.substring(0, 8) == 'https://' || input.value.substring(0, 6) == 'ftp://') {

4. Save and reset your browser cache.

Let me know how it goes.
View user's profile View All Posts By User
Scarlet
Member
***




Posts: 60
Registered: 9-15-2017
Location: England
Member Is Offline

Mood: Excited for XMB's resurrection!

[*] posted on 9-16-2017 at 02:30 PM


The check is fixed but now it doesn't want to save avatar...

Edit: Fixed it myself: on memcp.php, change the line:

if (preg_match('#^(http|ftp)://[:a-z\\./_\-0-9%~]+(\?[a-z=0-9&_\-;~]*)?$#Smi', $rawavatar) == 0) {

to

if (preg_match('#^(http|ftp|https)://[:a-z\\./_\-0-9%~]+(\?[a-z=0-9&_\-;~]*)?$#Smi', $rawavatar) == 0) {\

--
Thanks!
View user's profile View All Posts By User This user has MSN Messenger
Xian
Member
***


Avatar


Posts: 47
Registered: 9-12-2017
Location: Los Angeles, California
Member Is Offline

Mood: w00h00!

[*] posted on 9-16-2017 at 03:00 PM


I knew I forgot something...:lol:
View user's profile View All Posts By User
Xian
Member
***


Avatar


Posts: 47
Registered: 9-12-2017
Location: Los Angeles, California
Member Is Offline

Mood: w00h00!

[*] posted on 9-16-2017 at 03:10 PM


This fix has been applied to the downloadable file here: http://forums.xmbforum2.com/viewthread.php?tid=776996
View user's profile View All Posts By User
Scarlet
Member
***




Posts: 60
Registered: 9-15-2017
Location: England
Member Is Offline

Mood: Excited for XMB's resurrection!

[*] posted on 9-16-2017 at 03:14 PM


Cool, and don't worry about not remembering mate, we're all sometimes forgetful, it's human nature :3

Also, could somebody put this into resolved support or just mark it as resolved :3
View user's profile View All Posts By User This user has MSN Messenger
miqrogroove
XMB 1.9.11 Lead Developer
*********


Avatar


Posts: 321
Registered: 10-1-2002
Location: Florida
Member Is Offline

Mood: Past Three O'Clock

[*] posted on 12-20-2017 at 08:16 PM


This looks good. I will collect some notes here since it has its own thread already.

The header.js and memcp.php changes look appropriate and will be merged to trunk with some extra style changes.

lottos marked this bug as found in v1.9.11.13. Most bugs are much older than this, but in this case the PCRE call was completely missing in v1.9.8 which only blacklisted the word "javascript". This "bug" was actually part of a security improvement that I've traced back to changes in the original v1.9.11 betas.

All other details will be in the bug tracker. Enjoy.
View user's profile Visit user's homepage View All Posts By User

  Go To Top

Powered by XMB 1.9.11 (Debug Mode)
Forum Script Software by XMB © 2001-2019 The XMB Group
[Queries: 16] [PHP: 10.8% - SQL: 89.2%]
Funded with thanks to competitions website.