FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » FUDforum » FUDforum Suggestions » Profile image
Show: Today's Messages :: Polls :: Message Navigator
Switch to threaded view of this topic Create a new topic Submit Reply
Profile image [message #19761] Tue, 31 August 2004 14:52 Go to next message
betacire   France
Messages: 18
Registered: July 2004
Karma: 0
Junior Member
Hi,

In the Admin Control Panel, I see :

********************************************
Profile Image:
Whether or not to allow users to enter a URL to an image in their profile that will be displayed on the user info page for that user. The danger of this feature is that the user could potentially link to a page other then an image and some browsers like Internet Explorer will parse that page executing any potentially hostile Javascript that may be present.
*********************************************

Perhaps, it could be interesting to test if the url ends by .jpg, or .gif, or .png and the potentially risk would be avoid.
And also, wouldn't it be possible to have the same options as for the avatars (URL / Uploaded / ALL / OFF) ?

Thanks
Re: Profile image [message #19764 is a reply to message #19761] Tue, 31 August 2004 15:55 Go to previous messageGo to next message
Ilia is currently offline  Ilia   Canada
Messages: 13241
Registered: January 2002
Karma: 0
Senior Member
Administrator
Core Developer
Avatars are not vulnreable since they are always downloaded by the forum even if the avatar is a URL to a remote site.

FUDforum Core Developer
Re: Profile image [message #19772 is a reply to message #19764] Tue, 31 August 2004 22:22 Go to previous messageGo to next message
betacire   France
Messages: 18
Registered: July 2004
Karma: 0
Junior Member
Citation :

Avatars are not vulnreable since they are always downloaded by the forum even if the avatar is a URL to a remote site.


Yes and it would be better if it was the same thing for the profile image. But perhaps it's too complicated ?

Thanks,
Betacire
Re : Profile image [message #19790 is a reply to message #19761] Thu, 02 September 2004 08:28 Go to previous messageGo to next message
math_adm is currently offline  math_adm   France
Messages: 126
Registered: September 2003
Location: France
Karma: 0
Senior Member
I agree with betacire.
Re: Re : Profile image [message #19886 is a reply to message #19790] Wed, 15 September 2004 05:27 Go to previous messageGo to next message
Ilia is currently offline  Ilia   Canada
Messages: 13241
Registered: January 2002
Karma: 0
Senior Member
Administrator
Core Developer
Downloading those images that have no size limits could possibly result in excessive disk utilization by the forum.

FUDforum Core Developer
Re: Profile image [message #24118 is a reply to message #19761] Sat, 16 April 2005 01:11 Go to previous message
Anonymous   United States
betacire wrote on Tue, 31 August 2004 10:52

Hi,

In the Admin Control Panel, I see :

********************************************
Profile Image:
Whether or not to allow users to enter a URL to an image in their profile that will be displayed on the user info page for that user. The danger of this feature is that the user could potentially link to a page other then an image and some browsers like Internet Explorer will parse that page executing any potentially hostile Javascript that may be present.
*********************************************

Perhaps, it could be interesting to test if the url ends by .jpg, or .gif, or .png and the potentially risk would be avoid.
And also, wouldn't it be possible to have the same options as for the avatars (URL / Uploaded / ALL / OFF) ?

Thanks

  Switch to threaded view of this topic Create a new topic Submit Reply
Previous Topic: Disable editing after reply
Next Topic: User input for a FUDforum favicon
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Thu Nov 21 15:30:17 GMT 2024

Total time taken to generate the page: 0.09588 seconds