Jump to content


  • Posts

  • Joined

  • Last visited

 Content Type 


Release Notes

IPS4 Guides

IPS4 Developer Documentation

Invision Community Blog

Development Blog

Deprecation Tracker

Providers Directory





Posts posted by DReffects2

  1. 13 minutes ago, Jim M said:

    There rea no means to remove all attachments in this manner, for good reason, as I can imagine someone accidentally/unknowingly/maliciously clicking that and all panic set forth 

    😄 that would be indeed very unfortunate if not done intentionally. 

    Is there still the set of cleanup tools previous version of IPB had to find deprecated links/content/usw and remove those references? I currently plan am forced to delete basically the entire attachments and cmsrecords upload locations.

  2. 1 hour ago, teraßyte said:

    There isn't a tool to do what you're asking. You could move the files to a storage option in another folder and delete them, but it would leave broken links in the area you deleted the files from.

    😞 that's what I am trying to avoid. I was hoping there'd be some sort of cleanup tool

    1 hour ago, teraßyte said:

    Why do you need to remove those files, exactly? Depending on what you're trying to do, there might be another way.

    I reside in Germany. The community has been going since 1999 (ikonboard). While it was ok at the time to post images from third parties, like photos of celebrities, today this results in constant letters from lawyers claiming decade long license fees for those photographs.

    I simply cannot take this anymore as my community is simply a star trek fan site that does not even generate any income. 

    I need to get rid of all old images and other possibly copyright protected stuff that was posted years ago. This also includes avatar images since at least according to German law Copyright and the right for compensation even applies there.

    My heart is breaking since this basically destroys a sort of legacy I and other fans of Trek spent decades building.

  3. Hey Guys,

    I am in the unfortunate sitation that I reside in Germany and a so called "Abmahn-Anwalt" (an attorny who soley focuses on making money off 'formal warnings') has figured that a community that runs since 1999 (Hello IKONBoard....) would be a fitting place to scrub through for uploaded images and request thousands of euros in fees and compensations.

    As much as it pains me I'd like to hide ALL image uploads from:

    • Forum Postings
    • Attachments from IP.Content news and database entries

    What I like to keep are avatars and images from a certain database.

    My initial approach was to limit access to file-types like .jpeg and .png in the "uploads" folder but found out soon enough, that this folder also contains the user avatars and has them sorted within the monthly image folders and not a dedicated one.

    Have you any idea on how to approach this? 🙂



  4. So I've noticed recently that a small database in IP.Content that has a title field and two attachmentfields for images is loosing the files for the first field. The files are physically gone from the upload folder and I cannot figure out why.

    As of now i've lost about 6 images across 6 records.

    I've checked for breaches, everything seems to be in order and it does not really make sense, if there would be a breach, that those images would be deleted...


  5. Well it's rather simple: 

    Insert the following HTML code into the source code view of the WYSIWYG editor and you will breakt it:

    <blockquote class="ipsQuote">Hello there!</blockquote>

    This will throw the following JS error:

    Uncaught TypeError: b.children[0].hasClass is not a function
        at a.upcast (plugin.js?t=M38E:2:54)
        at Array.<anonymous> (ckeditor.js?v=3467ab98ca1654518773:29:457)
        at iterator (ckeditor.js?v=3467ab98ca1654518773:978:440)
        at window.CKEDITOR.window.CKEDITOR.dom.CKEDITOR.htmlParser.element.forEach (ckeditor.js?v=3467ab98ca1654518773:302:462)
        at window.CKEDITOR.window.CKEDITOR.dom.CKEDITOR.htmlParser.element.forEach (ckeditor.js?v=3467ab98ca1654518773:303:57)
        at b.<anonymous> (ckeditor.js?v=3467ab98ca1654518773:993:47)
        at b.e (ckeditor.js?v=3467ab98ca1654518773:10:246)
        at b.<anonymous> (ckeditor.js?v=3467ab98ca1654518773:12:91)
        at window.CKEDITOR.window.CKEDITOR.dom.CKEDITOR.editor.CKEDITOR.editor.fire (ckeditor.js?v=3467ab98ca1654518773:13:285)
        at CKEDITOR.htmlDataProcessor.toHtml (ckeditor.js?v=3467ab98ca1654518773:323:170)
    upcast @ plugin.js?t=M38E:2
    (anonymous) @ ckeditor.js?v=3467ab98ca1654518773:29
    iterator @ ckeditor.js?v=3467ab98ca1654518773:978
    forEach @ ckeditor.js?v=3467ab98ca1654518773:302
    forEach @ ckeditor.js?v=3467ab98ca1654518773:303
    (anonymous) @ ckeditor.js?v=3467ab98ca1654518773:993
    e @ ckeditor.js?v=3467ab98ca1654518773:10
    (anonymous) @ ckeditor.js?v=3467ab98ca1654518773:12
    window.CKEDITOR.window.CKEDITOR.dom.CKEDITOR.editor.CKEDITOR.editor.fire @ ckeditor.js?v=3467ab98ca1654518773:13
    toHtml @ ckeditor.js?v=3467ab98ca1654518773:323
    setData @ ckeditor.js?v=3467ab98ca1654518773:368
    (anonymous) @ ckeditor.js?v=3467ab98ca1654518773:375
    e @ ckeditor.js?v=3467ab98ca1654518773:10
    (anonymous) @ ckeditor.js?v=3467ab98ca1654518773:12
    window.CKEDITOR.window.CKEDITOR.dom.CKEDITOR.editor.CKEDITOR.editor.fire @ ckeditor.js?v=3467ab98ca1654518773:13
    setData @ ckeditor.js?v=3467ab98ca1654518773:276
    (anonymous) @ ckeditor.js?v=3467ab98ca1654518773:809
    CKEDITOR.editor.setMode @ ckeditor.js?v=3467ab98ca1654518773:353
    exec @ ckeditor.js?v=3467ab98ca1654518773:925
    exec @ ckeditor.js?v=3467ab98ca1654518773:205
    execCommand @ ckeditor.js?v=3467ab98ca1654518773:274
    CKEDITOR.tools.extend.click @ ckeditor.js?v=3467ab98ca1654518773:678
    execute @ ckeditor.js?v=3467ab98ca1654518773:679
    (anonymous) @ ckeditor.js?v=3467ab98ca1654518773:680
    (anonymous) @ ckeditor.js?v=3467ab98ca1654518773:31
    callFunction @ ckeditor.js?v=3467ab98ca1654518773:31
    onclick @ ?do=edit&d=6&id=13842&csrfKey=e5a0e93d973b6315bd8617bc97e651cf:1

    Bascially, if a <blockquote >with the class "ipsQuote" does NOT start with an an html element like <p>, <div>, <span> etc. the editor will break. 

    This works (despite <xzy> is NOT a valid html tag):

    <blockquote class="ipsQuote"><xyz>Hello there!</xyz></blockquote>

    this kills the editor:

    <blockquote class="ipsQuote">Hello there!</blockquote>

    Could contain: Face, Person, Human

  6. Hey Marc,

    oh... found it further down as enabled. was expecting the addon to be at the top 😉

    What about the still active ?app=core&module=promotion&controller=analytics options and the other providers, especially "custom"? 

    Could contain: Text, Business Card, Paper


    searching for "Google Analytics" in the settings search should point towards "Integrations" 🙂

    Could contain: Monitor, Display, Screen, Electronics, Text, Word

  7. As a follow up here are my modifications:

    Please be aware that this is rather unsophisticated and not well tested but seems to work at least for my use case 😉

    All modifications in in /system/Text/Parser.php

    Within function "isAllowedImageURL":

            static public function isAllowedImageUrl( $url )
                    /* Mod by DReffects - we want to allow JPEG Base64 encoded Images */
                    if (base64_decode(str_replace('data:image/jpeg;base64,','',$url),true)==true)
                        return true;

    This immediately returns 'true' if the 'data:image/jpeg;base64' can be removed from the $url string and then decoded by base64_decode in its strict mode. 

    I guess this could be rather resource intensive if someone would post a 20MB jpeg thought 😉

    i've come up with a method to compress (any) images during my preprocessing of the content I am adding with base64 encoding directly to the database.

    The following code snipped could probably be adepted into this function directly if necessary:

    $jpegquality="60";	#Jpeg Quality for compression
    $maxwidth="900";	# Rescale Threshold in px width
    		$image = file_get_contents($imageurl);
    		#Convert so space-saving JPEGs
    		$temp = tmpfile(); # temporary image pointer
    		#if too large scale down, otherwise recompress
    		if ($imagesize[0]>$maxwidth)
    		fseek($temp, 0);
    		$image=fread($temp,10485760); #Reads up to 10MB of image
    		return 'data:image/jpeg;base64,'.base64_encode($image);
    		fclose($temp); // dies entfernt die Datei

    But for acceptance of base64 encoded images in general the above snippet is not necessary.

    Further down within /system/Text/Parser.php search for the phrase " /* If it's not allowed, remove the src */ "

                    /* If it's not allowed, remove the src */
                            static::isAllowedImageUrl( $element->getAttribute( $srcAttribute ) );
                    catch( \UnexpectedValueException $e )
                            $newElement = $element->ownerDocument->importNode( new \DOMElement( 'span' ) );
                            /* mod by DReffects - remove content if it's a base64 non-jpeg image */
                            if (strpos($newElement,"data:image")!==false)
                                $newElement->appendChild( new \DOMtext("")); #AUSMERZEN
                                $newElement->appendChild( new \DOMText( $element->getAttribute( $srcAttribute ) ) );
                            return $newElement;


    This removes the whole "src" content from output. I would prefered this behaviour regardless of my modifictaion becaus if you paste a HTML code into the editor with a rather large image currently the WHOLE base64 code remains as plain text within <span> in the database which a) takes lots of space and b) its a continous string, therefor breaking every layout.


  8. Hey Matt, thanks! I was able to figure things out for the moment by modifying (\IPS\Text\Parser::isAllowedImageUrl()) a little bit to enable base64 encoded jpegs and filter out everything else base64 encoded but of course that's a hack.

    The filtering is really good in preventing harm even from experienced users but I'd like to see a "true" html option where nothing is filtered. For ckeditor the content filter is actually turned off entirely in IPS.


  9. Hey IPS Team,

    I ran into a bug in reagards to the "Allow HTML" functionallity.

    Steps to reproduce:

    • place an image tag within the source code editor like this:
      <img src="123.jpg">


    • if 123.jpg is not a full URL but a relative one like "/uploads/monthly_2020_01/xyz.jpg" the (fully working!) image tag gets replaced by a <span> upon submitting the form
    • This also happens with (fully functional) base64 encoded images pasted directly into the html source code editor
      <img src="data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAAUAAAAFCAYAAACNbyblAAAAHElEQVQI12P4//8/w38GIAXDIBKE0DHxgljNBAAO9TXL0Y4OHwAAAABJRU5ErkJggg==" alt="Red dot" />
    • The above html exemple results in this after saving:
      <span>data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAAUAAAAFCAYAAACNbyblAAAAHElEQVQI12P4//8/w38GIAXDIBKE0DHxgljNBAAO9TXL0Y4OHwAAAABJRU5ErkJggg==</span>


    Please advise on how to circumvent this. Where in the source code is this content-filtering/modifying being done?


    Thanks 🙂



    finally found the issue. Theres a "temporary" settingsfile within the "datastore" folder.

    Follow these steps to remove a faulty plugin:

    /datastore/settings.xxxxxxx.php edit this file and remove the plugin-name from the list of extra plugins

    with phpmyadmin in the database:

    ibf_core_sys_conf_setting -> ckeditor_extraPlugins conf_value edit here as well and remove the mention of the plugin

    go to the plugin directory at applications/core/interface/ckeditor/ckeditor/plugins and delete the plugin folder

  • Create New...