• Welcome to Simple Machines Community Forum. Please login or sign up.
November 30, 2021, 07:12:49 PM

News:

Follow SMF on Twitter.


Flash

Started by TheEnforcer, May 22, 2005, 01:38:13 PM

Previous topic - Next topic

TheEnforcer

Why is enabling flash a security risk?

[Unknown]

Because people can steal cookies, etc.

-[Unknown]

TheEnforcer

I dont understand how can theyu steal cookies if cookies are nto enabled?

[Unknown]

The point is, if you were to allow anyone to post flash, they would be able to (theoretically) log in as you.

-[Unknown]

TheEnforcer

IS there away you can Log who log in and whwere and from what IP?

[Unknown]

That would be your Apache access log.  Contact your host.

-[Unknown]

Escobar

October 14, 2005, 12:53:09 PM #6 Last Edit: October 14, 2005, 12:55:48 PM by Escobar
Hello, I want to ressurect this thread.

I didn't see a reason to disable "embed flash".... until now.

At another forum, a person was giving advice on how to screw someone.

It was an ImageShack swf link...but when you clicked it, it made your browser multiply infinitely.

If this was embedded, it would execute every time someone loaded the page.

So if you were like me, and didn't have a visual example of why allowing flash is dangerous...there you go.

I won't post the ImageShack link here...but it's so simple, it's scary.

I have a question...
I want to post my flash sigs at  my forum...
But I limit who can post flash.

Can I limit posting flash to admins and mods?
I chose SMF because you get your questions answered.

Oldiesmann

Yes.

Sources/Subs.php

1.0.5:

Find
if (empty($modSettings['enableEmbeddedFlash']) || isset($disabled['flash']))

Replace
if ((empty($modSettings['enableEmbeddedFlash']) && !(allowedTo('admin_forum') || in_array('2', $user_info['groups']) || $user_info['is_mod'])) || isset($disabled['flash']))

1.1:

Find
if (empty($modSettings['enableEmbeddedFlash']))
$disabled['flash'] = true;


Replace
if (empty($modSettings['enableEmbeddedFlash']) && !(allowedTo('admin_forum') || in_array('2', $user_info['groups']) || $user_info['is_mod']))
$disabled['flash'] = true;


The in_array('2', $user_info['groups']) part checks to see if they're a Global Mod.
Michael Eshom
Cincy Space - now open!

J. Williams

I hate flash,still isn't fully stable.Crashes much more,java is more co-operative
Joshua Jon Williams
Back in Action.

Redsmurf

How can we enable the "embed Flash" feature?   My forum is small so its not a securtiy risk.  Thanks.

JayBachatero

For 1.0.x
Admin > Edit features and options > Embed flash into posts

For 1.1
Admin > posts and topics > Embed flash into posts
Follow me on Twitter

"HELP!!! I've fallen and I can't get up"
This moment has been brought to you by LifeAlert

Redsmurf

My mistake - is there any way to use HTML in a thread so you can display flash that way?
That might fix the issue outlined in this thread:
http://www.simplemachines.org/community/index.php?topic=49987.0

GTec

Quote from: Oldiesmann on October 14, 2005, 03:44:24 PM
Yes.

Sources/Subs.php

1.0.5:

Find
if (empty($modSettings['enableEmbeddedFlash']) || isset($disabled['flash']))

Replace
if ((empty($modSettings['enableEmbeddedFlash']) && !(allowedTo('admin_forum') || in_array('2', $user_info['groups']) || $user_info['is_mod'])) || isset($disabled['flash']))

The in_array('2', $user_info['groups']) part checks to see if they're a Global Mod.

thats great thx ...  and what if i want to allow it to Hero's too ?  (Admin's, Mod's and Hero's)
thanks for the great help here!

Escobar

Wow! Thanks for the reply oldiesman.
Your answers have helped me out many times.

I would like to second Gtec's question.

There may come a time when I want certain user-groups to have the ability to post flash.

Is it also possible to assign Flash permission's based on group?
(Maybe by editing your code changes?)
I chose SMF because you get your questions answered.

Faustus

VERY nice info. How would this be done to enable html also?

I have a guess but don't want to crash anything.

Faustus

not possible then?

JayBachatero

In 1.1 Admins have the ability to have html in their posts.
Follow me on Twitter

"HELP!!! I've fallen and I can't get up"
This moment has been brought to you by LifeAlert

Faustus

Quote from: JayBachatero on October 27, 2005, 04:13:32 PM
In 1.1 Admins have the ability to have html in their posts.

Odd. Is it an option somewhere?

*goes off to look again*

JayBachatero

Quote from: Faustus on October 27, 2005, 06:30:03 PM
Quote from: JayBachatero on October 27, 2005, 04:13:32 PM
In 1.1 Admins have the ability to have html in their posts.

Odd. Is it an option somewhere?

*goes off to look again*

Admin > Posts and Topics > Bulletin Board Code > Enable basic HTML in posts (?):
Follow me on Twitter

"HELP!!! I've fallen and I can't get up"
This moment has been brought to you by LifeAlert

Faustus

Ah but I ONLY want to do it for Admins and Mods. Not everyone else.

katrina01

Where is Sources/Subs.php found? I have looked everywhere and can't find it. Do I need to create one? I am using SMF 1.1 RC2.

JayBachatero

It's located in your forum/Sources folder. 
Follow me on Twitter

"HELP!!! I've fallen and I can't get up"
This moment has been brought to you by LifeAlert

katrina01

I just edited the code in source/subs.php and it completely crashed my site...any suggestions on making this work?

katrina01

Ok, got my site back up and running but I still cannot make flash banners work. I have enable posting of flash banners and have abandoned the idea of limiting use of flash to admins and moderators only, at this point we are not worried about anyone using malicious code because we know all the members of our forum. When the code is posted all that I get is a white box with nothing in it. Can anyone help me please?

Dhekelian

Do you still enable the flash option in the Admin panel after doing the code changes to get it to work? And what would I need to add to assign another member group? Thanks for any help.

Advertisement: