Scarlet
Member
Posts: 60
Registered: 9-15-2017
Location: England
Member Is Offline
Mood: Excited for XMB's resurrection!
|
|
[Resolved] HTTPS links don't work on avatar URL input
Full Board URL: http://scarlet-town.port0.org/
XMB Version: 1.9.11
Hi,
I've noticed this issue since the 1.9.11.14 upgrade (I think) and it seems to also be happening with 1.9.12 beta - which is what I'm using at the
moment - so Xian might be able to aid with this 
I think I have found a bug in which the URL input for the avatar field doesn't work with https:// URLs. The image I am linking is https://img.animebracket.com/1kal.jpg if that helps.
Could anyone look into the problem? Thank you and I am happy to use XMB ^^
|
|
|
Xian
Member
Posts: 50
Registered: 9-12-2017
Location: Los Angeles, California
Member Is Offline
Mood: w00h00!
|
|
Hi. To fix this:
1. Open ./js/header.js
2. Around line 77 find:
if (input.value.substring(0, 7) == 'http://' || input.value.substring(0, 6) == 'ftp://') {
3. Replace with:
if (input.value.substring(0, 7) == 'http://' || input.value.substring(0, 8) == 'https://' || input.value.substring(0, 6) == 'ftp://') {
4. Save and reset your browser cache.
Let me know how it goes.
|
|
|
Scarlet
Member
Posts: 60
Registered: 9-15-2017
Location: England
Member Is Offline
Mood: Excited for XMB's resurrection!
|
|
The check is fixed but now it doesn't want to save avatar...
Edit: Fixed it myself: on memcp.php, change the line:
if (preg_match('#^(http|ftp)://[:a-z\\./_\-0-9%~]+(\?[a-z=0-9&_\-;~]*)?$#Smi', $rawavatar) == 0) {
to
if (preg_match('#^(http|ftp|https)://[:a-z\\./_\-0-9%~]+(\?[a-z=0-9&_\-;~]*)?$#Smi', $rawavatar) == 0) {\
--
Thanks!
|
|
|
Xian
Member
Posts: 50
Registered: 9-12-2017
Location: Los Angeles, California
Member Is Offline
Mood: w00h00!
|
|
I knew I forgot something...  |
|
|
Xian
Member
Posts: 50
Registered: 9-12-2017
Location: Los Angeles, California
Member Is Offline
Mood: w00h00!
|
|
|
|
|
Scarlet
Member
Posts: 60
Registered: 9-15-2017
Location: England
Member Is Offline
Mood: Excited for XMB's resurrection!
|
|
Cool, and don't worry about not remembering mate, we're all sometimes forgetful, it's human nature :3
Also, could somebody put this into resolved support or just mark it as resolved :3
|
|
|
miqrogroove
|
|
This looks good. I will collect some notes here since it has its own thread already.
The header.js and memcp.php changes look appropriate and will be merged to trunk with some extra style changes.
lottos marked this bug as found in v1.9.11.13. Most bugs are much older than this, but in this case the PCRE call was completely missing in v1.9.8
which only blacklisted the word "javascript". This "bug" was actually part of a security improvement that I've traced back to changes in the original
v1.9.11 betas.
All other details will be in the bug tracker. Enjoy.
|
|
|
![[*]](images/davis/default_icon.gif){kind=icon}
