mieciu7 Posted August 12, 2009 Posted August 12, 2009 Hi Just to let you know, that URL filtering should also apply to signatures. Not everyone would like to have porn or competitors links on their site.
bfarber Posted August 12, 2009 Posted August 12, 2009 [quote name='mieciu7' date='12 August 2009 - 07:36 AM' timestamp='1250076998' post='1842520'] Hi Just to let you know, that URL filtering should also apply to signatures. Not everyone would like to have porn or competitors links on their site. The url filtering should already apply to signatures. All the parsing goes through a central library, both for posts and for signatures.
Ryan H. Posted August 12, 2009 Posted August 12, 2009 How about for avatars? I haven't checked if it was fixed in 3.0, but our site recently discovered that avatars apparently aren't actually checked against the word filter or the blacklist in 2.3. It made managing a phishing attack slightly more work than it should have been.
bfarber Posted August 12, 2009 Posted August 12, 2009 No, they're not checked for avatars. The whitelist/blacklist is used when parsing url and img tags in a post - not when posting links for your avatar, in custom bbcode, etc. The word filter would have no relevance whatsoever on an avatar, since it's an image and not posted words.
Ryan H. Posted August 12, 2009 Posted August 12, 2009 I really think avatars should at least be checked against the blacklist... They are external images that are displayed to users. No different from the image BBCode in its result, just in a different location. :unsure: Should I report this as a bug?
bfarber Posted August 12, 2009 Posted August 12, 2009 No, because it's not a bug. ;) I'm not saying it's not a valid suggestion, but the avatar field was never intended to check that setting, so it's technically "working as intended" at present.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.