FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » FUDforum » FUDforum Suggestions » Profile image
Show: Today's Messages :: Unread Messages :: Show Polls :: Message Navigator
| Subscribe to topic | Bookmark topic 
Switch to threaded view of this topic Create a new topic Submit Reply
Profile image [message #19761] Tue, 31 August 2004 10:52 Go to next message
betacire   France
Messages: 18
Registered: July 2004
Karma: 0
Junior Member
add to buddy list
ignore all messages by this user
Hi,

In the Admin Control Panel, I see :

********************************************
Profile Image:
Whether or not to allow users to enter a URL to an image in their profile that will be displayed on the user info page for that user. The danger of this feature is that the user could potentially link to a page other then an image and some browsers like Internet Explorer will parse that page executing any potentially hostile Javascript that may be present.
*********************************************

Perhaps, it could be interesting to test if the url ends by .jpg, or .gif, or .png and the potentially risk would be avoid.
And also, wouldn't it be possible to have the same options as for the avatars (URL / Uploaded / ALL / OFF) ?

Thanks
Re: Profile image [message #19764 is a reply to message #19761] Tue, 31 August 2004 11:55 Go to previous messageGo to next message
Ilia is currently offline  Ilia   Canada
Messages: 13241
Registered: January 2002
Karma: 0
Senior Member
Administrator
Core Developer
add to buddy list
ignore all messages by this user
Avatars are not vulnreable since they are always downloaded by the forum even if the avatar is a URL to a remote site.

FUDforum Core Developer
Re: Profile image [message #19772 is a reply to message #19764] Tue, 31 August 2004 18:22 Go to previous messageGo to next message
betacire   France
Messages: 18
Registered: July 2004
Karma: 0
Junior Member
add to buddy list
ignore all messages by this user
Citation :

Avatars are not vulnreable since they are always downloaded by the forum even if the avatar is a URL to a remote site.


Yes and it would be better if it was the same thing for the profile image. But perhaps it's too complicated ?

Thanks,
Betacire
Re : Profile image [message #19790 is a reply to message #19761] Thu, 02 September 2004 04:28 Go to previous messageGo to next message
math_adm is currently offline  math_adm   France
Messages: 126
Registered: September 2003
Location: France
Karma: 0
Senior Member
add to buddy list
ignore all messages by this user
I agree with betacire.
Re: Re : Profile image [message #19886 is a reply to message #19790] Wed, 15 September 2004 01:27 Go to previous messageGo to next message
Ilia is currently offline  Ilia   Canada
Messages: 13241
Registered: January 2002
Karma: 0
Senior Member
Administrator
Core Developer
add to buddy list
ignore all messages by this user
Downloading those images that have no size limits could possibly result in excessive disk utilization by the forum.

FUDforum Core Developer
Re: Profile image [message #24118 is a reply to message #19761] Fri, 15 April 2005 21:11 Go to previous message
Anonymous   United States
Karma:
betacire wrote on Tue, 31 August 2004 10:52

Hi,

In the Admin Control Panel, I see :

********************************************
Profile Image:
Whether or not to allow users to enter a URL to an image in their profile that will be displayed on the user info page for that user. The danger of this feature is that the user could potentially link to a page other then an image and some browsers like Internet Explorer will parse that page executing any potentially hostile Javascript that may be present.
*********************************************

Perhaps, it could be interesting to test if the url ends by .jpg, or .gif, or .png and the potentially risk would be avoid.
And also, wouldn't it be possible to have the same options as for the avatars (URL / Uploaded / ALL / OFF) ?

Thanks

Quick Reply
Formatting Tools:   
  Switch to threaded view of this topic Create a new topic
Previous Topic: Disable editing after reply
Next Topic: User input for a FUDforum favicon
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Mon Oct 23 11:26:43 EDT 2017

Total time taken to generate the page: 0.00652 seconds