Hello Exreaction, I'm also just starting Cyrillic-based Phpbb 3.0.11 and your generated regex was a priceless fix.
However, i am a little concerned about so called "multibyte sql injections". Does this allowance of the whole character set for all lnguages compromise security in any way? Or it is already taken care of? Note that i am NOT an experienced php/sql user, in fact i am a beginner, so excuse me if i sound lame.
My hosting provider runs MySQL(i) 5.1.55, if that matters. Thank you.
Älphäbet url support
Forum rules
Please do not post support questions regarding installing, updating, or upgrading phpBB 3.3.x. If you need support for phpBB 3.3.x please visit the 3.3.x Support Forum on phpbb.com.
If you have questions regarding writing extensions please post in Extension Writers Discussion to receive proper guidance from our staff and community.
Please do not post support questions regarding installing, updating, or upgrading phpBB 3.3.x. If you need support for phpBB 3.3.x please visit the 3.3.x Support Forum on phpbb.com.
If you have questions regarding writing extensions please post in Extension Writers Discussion to receive proper guidance from our staff and community.
- Pony99CA
- Registered User
- Posts: 986
- Joined: Sun Feb 08, 2009 2:35 am
- Location: Hollister, CA
- Contact:
Re: Älphäbet url support
Will there be an option to limit URLs to the board's default language characters? Just like I wouldn't want posts in a language that I don't support, I probably don't want URLs in a language that I don't support (which more than likely would lead to content written in that same language).
Steve
Steve
Silicon Valley Pocket PC (http://www.svpocketpc.com)
Creator of manage_bots and spoof_user (ask me)
Need hosting for a small forum with full cPanel & MySQL access? Contact me or PM me.
Creator of manage_bots and spoof_user (ask me)
Need hosting for a small forum with full cPanel & MySQL access? Contact me or PM me.
Re: Älphäbet url support
Delete them manually, same as you'd do whith posts.Pony99CA wrote:Just like I wouldn't want posts in a language that I don't support, I probably don't want URLs in a language that I don't support
- callumacrae
- Former Team Member
- Posts: 1046
- Joined: Tue Apr 27, 2010 9:37 am
- Location: England
- Contact:
Re: Älphäbet url support
Tricky to correctly detect, and a bit pointless.Pony99CA wrote:Will there be an option to limit URLs to the board's default language characters? Just like I wouldn't want posts in a language that I don't support, I probably don't want URLs in a language that I don't support (which more than likely would lead to content written in that same language).
Steve
- Pony99CA
- Registered User
- Posts: 986
- Joined: Sun Feb 08, 2009 2:35 am
- Location: Hollister, CA
- Contact:
Re: Älphäbet url support
Yes, but then the link has been sitting there for some period of time until I delete it. If the link doesn't allow those characters, the link will be broken and not take people where the spammer intended.Jacob wrote:Delete them manually, same as you'd do whith posts.Pony99CA wrote:Just like I wouldn't want posts in a language that I don't support, I probably don't want URLs in a language that I don't support
Yes, it's not foolproof -- they just have to post their links in the "current" alphabet -- but it's better than nothing.
Not quite "pointless" as I mentioned above, but not a huge deal.callumacrae wrote:Tricky to correctly detect, and a bit pointless.
As for implementation, each language file could have a regexp defined for its legal characters. If the "filter" option wasn't set, you'd use the all-inclusive regexp, otherwise you'd use the regexp for the current language.
But, again, it's not a deal breaker.
Steve
Silicon Valley Pocket PC (http://www.svpocketpc.com)
Creator of manage_bots and spoof_user (ask me)
Need hosting for a small forum with full cPanel & MySQL access? Contact me or PM me.
Creator of manage_bots and spoof_user (ask me)
Need hosting for a small forum with full cPanel & MySQL access? Contact me or PM me.
- DavidIQ
- Customisations Team Leader
- Posts: 1904
- Joined: Thu Mar 02, 2006 4:29 pm
- Location: Earth
- Contact:
Re: Älphäbet url support
There are English URLs that are in other languages and there could be English text in these sites using non-English characters in their URLs so I don't think restricting posting of these URLs would accomplish much of anything.
Re: Älphäbet url support
I don't think we have anything in the queue on the IDN url front but if someone writes an implementation we will consider it.sajaki wrote:hi,
Is this feature still deferred to 4.0 or will it already be included in 3.2 or maybe even in 3.1 (3.1 i think not, haven't seen an rfc for it) ?
http://tracker.phpbb.com/browse/PHPBB3-9779
http://tracker.phpbb.com/browse/PHPBB3-3981
Given that http://www.icann.org/en/topics/idn/fast-track/, more and more domains will appear with non latin domain names, giving this problem increasing importance.
this rfc http://www.ietf.org/rfc/rfc1738.txt is the old.
this is the new : http://www.faqs.org/rfcs/rfc3490.html
ps frankly i think this evolution may well wreck the web as we know it.
Any implementation changing significant amount of existing code (or redirecting existing code paths into new code) will be required to have comprehensive tests.
Re: Älphäbet url support
Hi again. I did some testing and indeed, the proposed regex changes give error in some situations (my 3.0.11 board is pretty vanilla).
I did some other testing, regarding IDN url-s. The most important thing is how different browsers handle copying them from address bar:
- IE, traditionally the most idiotic browser, doesn't even display them in address bar
- Firefox and Chrome - they display correcty IDN names in address bar, and when you copy from there the url are encoded before being copied / pasted
- Opera - displays and copies international characters as they are.
Thus, given the facts that:
1) IDN are not the majority in my board
2) Most common case is copying url from address bar of one tab and posting in the forum in another tab
3) Few users use Opera
This issue is not so common hence not so important.
Still, I am an Opera user and as a board admin i prefer that everything works. But because the issue is not critical now, i started thinking outside the box for not so convenient solutions, and here is my personal fix. I decided, that if only less than 1% of my users will use this, it can be a several click solution and chose to use a popup with external url encoding page. Here is a shot how-to.
1) Create html file (indx3.html is mine) on the root of the forum with the following contents:
This is a simple text field form - paste the IDN and it will return it url encoded.
2) Open styles/prosilver/templates/posting_buttons.html template and insert
in the beginning and
at the end right before
Note that if you want to use international chatacters in SOME EXPLANATION you will probably have to encode it - i used this encoder. Paste the text and copy back what's under &#xXXXX;
That's it. Now in your text editor, right afrer your last custom bbcode button, you have a button that pops up a convertor page. It is rough and ugly solution, but it is safe (no modifications of session.php), it works everytime, it is easy on the server (everything is user-side, no php or sql needed). And it can be fine tuned with more js or css, i just stoped here because i have no time and extensive knowledge of JS.
I did some other testing, regarding IDN url-s. The most important thing is how different browsers handle copying them from address bar:
- IE, traditionally the most idiotic browser, doesn't even display them in address bar
- Firefox and Chrome - they display correcty IDN names in address bar, and when you copy from there the url are encoded before being copied / pasted
- Opera - displays and copies international characters as they are.
Thus, given the facts that:
1) IDN are not the majority in my board
2) Most common case is copying url from address bar of one tab and posting in the forum in another tab
3) Few users use Opera
This issue is not so common hence not so important.
Still, I am an Opera user and as a board admin i prefer that everything works. But because the issue is not critical now, i started thinking outside the box for not so convenient solutions, and here is my personal fix. I decided, that if only less than 1% of my users will use this, it can be a several click solution and chose to use a popup with external url encoding page. Here is a shot how-to.
1) Create html file (indx3.html is mine) on the root of the forum with the following contents:
Code: Select all
<HTML>
<HEAD>
<meta http-equiv="content-type" content="text/html; charset=YOUR CODEPAGE HERE" />
<TITLE>BG URL Encoder</TITLE>
<style>
body
{
background-color:#b0c4de;
font-family:Verdana, Helvetica, Arial, sans-serif;
font-size: 11px;
}
</style>
<SCRIPT LANGUAGE="JavaScript">
function bgurlto (form) {
var bgurl = form.inputbox.value;
document.write(encodeURI(bgurl));
}
</SCRIPT>
</HEAD>
<BODY>
<div style="float:left;">
SOME EXPLANATION FOR YOUR USERS <BR>
<FORM NAME="myform" ACTION="" METHOD="GET">
<INPUT TYPE="text" NAME="inputbox" VALUE="" size="100"><P>
<INPUT TYPE="button" NAME="button" Value="Кодирай" onClick="bgurlto(this.form)">
</FORM></div>
</BODY>
</HTML>
2) Open styles/prosilver/templates/posting_buttons.html template and insert
Code: Select all
<script>
function open_winbgurl()
{
window.open("indx3.html");
}
</script>
Code: Select all
<input type="button" class="button2" name="bgurlconvert" value="BGURL" onclick="open_winbgurl()" title="SOME EXPLANATION HERE" />
Code: Select all
</div>
<!-- ENDIF -->
That's it. Now in your text editor, right afrer your last custom bbcode button, you have a button that pops up a convertor page. It is rough and ugly solution, but it is safe (no modifications of session.php), it works everytime, it is easy on the server (everything is user-side, no php or sql needed). And it can be fine tuned with more js or css, i just stoped here because i have no time and extensive knowledge of JS.