Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Force text only signatures in 1.5.6?

ZhaanZhaan Professional fool ✭✭

Hi! I've got Signatures installed and working on my board, but I can't figure out how to completely disable formatting (HTML/BBCode) in the newest version (1.5.6) from GitHub.

I found a solution in another thread for an older version of the plugin, but that piece of code doesn't seem to exist in the latest one.

Can anyone help me out here? Thanks in advance!

Comments

  • peregrineperegrine MVP
    edited June 2014

    replace

           if ($HideImages)
                    $SigClasses .= 'HideImages ';
    
    
    with this
    
    
    
           if ($HideImages)
                    $SigClasses .= 'HideImages ';
    
    
    
        $pattern = array('@<script[^>]*?>.*?</script>@si', '@<[\/\!]*?[^<>]*?>@si', '@<style[^>]*?>.*?</style>@siU', '@<![\s\S]*?--[ \t\n\r]*>@'   );
     $Signature = preg_replace($pattern, "", $Signature); 
        $Signature = preg_replace('/\[.*\]/i', '',$Signature);  // remove any bracketed code
    

    revised.

    I haven't tested it thoroughly. seems to work.

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

  • ZhaanZhaan Professional fool ✭✭

    Thanks, that worked. :)

  • ZhaanZhaan Professional fool ✭✭
    edited June 2014

    On a related note, would you happen to know how to limit signature/char length in this version? I can make a new thread if you want, ofc.

  • peregrineperegrine MVP
    edited June 2014

    also the above code is just changing display., but you could force an error on input if you want if they try to enter htlp or bbcode.

    this is upon input, if a user has a signature existing more than 30 than you could truncate in display.

    class.signatures.plugin.php

    from

        // If images are in the signature, throw an error. Possibly revisit
                 // to add more granular regex.
                 if (!C('Plugins.Signatures.AllowImages', TRUE)
                 && preg_match('/(<img|\[img.*\]|\!\[.*\])/i', $Values['Plugin.Signatures.Sig'])) {
                    $Sender->Form->AddError('Images are not allowed in signatures. Remove them and save to keep the changes.');
                 }
    

    to

        if (!C('Plugins.Signatures.AllowImages', TRUE)
                 && preg_match('/(<img|\[img.*\]|\!\[.*\])/i', $Values['Plugin.Signatures.Sig'])) {
                    $Sender->Form->AddError('Images are not allowed in signatures. Remove them and save to keep the changes.');
                 }
    
        // this prevents more than  30 characters including line feeds.  Assuming no html or bbcode.
                 if(strlen($Values['Plugin.Signatures.Sig']) > 30) {
                       $Sender->Form->AddError('A maximum of 30 characters is allowed');
                     }
    

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

  • peregrineperegrine MVP
    edited June 2014

    you could also change this

    // the input aspect.

             // If images are in the signature, throw an error. Possibly revisit
             // to add more granular regex.
             if (!C('Plugins.Signatures.AllowImages', TRUE)
             && preg_match('/(<img|\[img.*\]|\!\[.*\])/i', $Values['Plugin.Signatures.Sig'])) {
                $Sender->Form->AddError('Images are not allowed in signatures. Remove them and save to keep the changes.');
             }
    
             //  only allow text on input of signature or give error
            if  (preg_match('/(<.*|\[.*\]|\!\[.*\])/i', $Values['Plugin.Signatures.Sig'])) {
    $Sender->Form->AddError('Only Text is allowed');
    }
             if(strlen($Values['Plugin.Signatures.Sig']) > 30) {
                   $Sender->Form->AddError('A maximum of 30 characters is allowed');
                 }
    

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

  • ZhaanZhaan Professional fool ✭✭

    Thanks again. You continue to be my favourite person on this board. /bow

    I also found out it can be done via Signature.php, but it's probably a bad method compared to yours:

    echo $this->Form->BodyBox('Body', array('maxlength'=>50,));

  • peregrineperegrine MVP
    edited June 2014

    @Zhaan said:
    Thanks again. You continue to be my favourite person on this board. /bow

    wow. thanks. Zhaan, You are also one of my favorite posters because

    • you ask good questions,
    • you say thanks,
    • you click awesome or insightful
    • ,you provide feedback if something worked in a timely manner
    • you also provide alternate solutions when possible
    • and you send monetary donations.
    • Not much more one can ask for,

    in other words, you show your appreciation, as well as trying to help the community.

    I also found out it can be done via Signature.php, but it's probably a bad method compared to yours:
    echo $this->Form->BodyBox('Body', array('maxlength'=>50,));

    actually yours looks better for setting input max length.

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

  • R_JR_J Ex-Fanboy Munich Admin

    @Zhaan said:
    I also found out it can be done via Signature.php, but it's probably a bad method compared to yours:

    echo $this->Form->BodyBox('Body', array('maxlength'=>50,));

    You should stick to peregrines solution because of two reasons:

    1. it provides a nice feedback. Limiting the text input maybe cuts off longer texts without a notification to the user (imagine a user wants to use a smart ass quote and that is displayed only partly - quelle malheur!)
    2. it's checking the posted values! Your solution only limits the input, so that any evil minded user can spoof the posted values to any length he likes (simply removing the maxlength attribute with any web developer tool of the browser would be enough)
  • peregrineperegrine MVP
    edited June 2014

    @R_J said:
    2. it's checking the posted values! Your solution only limits the input, so that any evil minded user can spoof the posted values to any length he likes (simply removing the maxlength attribute with any web developer tool of the browser would be enough)

    more eyes the better.

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

Sign In or Register to comment.