Bravo List

Bravo List (http://www.bvlist.com/index.php)
-   TBDev (http://www.bvlist.com/forumdisplay.php?f=20)
-   -   Mixed content external images (http://www.bvlist.com/showthread.php?t=11885)

Tedmorris 9th December 2018 05:11
Mixed content external images
 
Hey guys,

Does anyone know a method for dealing with mixed content warnings from external images posted on the forums or torrent descriptions?

Im looking for a method similar to what IPT use, something that detects the image is not https and replaces the image with a non ssl image that you click on to display the image.

Ive searched google but i cant seem to find a solution, any help would be much appreciated.

DND 9th December 2018 09:44
They use the option from Cloudflare for mixed content

darkalchemy 9th December 2018 10:02
It should be pretty simple to achieve.

1) place a temp image into your image folder.
2) during formatting of the output, check the url scheme $_SERVER['REQUEST_SCHEME'] if its http, replace it with the image as a link to the original url.

I do it a bit differently. I do not allow external images to be displayed anywhere in my code. The term is 'image proxy' and the idea is that you can either download the image to your site and replace the external url with the internal one, or you can use an image proxy host, much like an anonymizer. The image proxy host will grab the image and send it to you, https.

The benefit of doing it internally is that you can manipulate, resize and optimize the image to display as needed. It also allows the users browser to cache the image.

Tedmorris 9th December 2018 11:07
Thx guys,

I like your setup Darkalchemy, sounds like a much better solution.

I will start researching image proxy and see how i go.

Bump: Where can i find $_SERVER['REQUEST_SCHEME']

darkalchemy 10th December 2018 02:07
It's a super global, it's available everywhere.

Tedmorris 17th December 2018 04:00
Ok so i cant find that super global anywhere and the images posted on the forums and torrent descriptions are formatted in the format_comment function i think?

PHP Code:
function format_comment($text$strip_html true)
{
    global $smilies$privatesmilies;

    $s $text;
        unset($text);

        if ($strip_html)
        $s htmlspecialchars($sENT_COMPAT'ISO-8859-1');

  // [img]http://www/image.gif[/img]
$s preg_replace_callback("/\[img\]((http|https):\/\/[^\s'\"<>]+(\.(jpg|gif|png)))\[\/img\]/i""scale"$s);

    // [img=http://www/image.gif]
 $s preg_replace_callback("/\[img=((http|https):\/\/[^\s'\"<>]+(\.(gif|jpg|png)))alt=\"\"\]/i""scale"$s); 
Or have i missed something?

darkalchemy 17th December 2018 04:04
Super Globals

Tedmorris 17th December 2018 11:26
Thx m8, where can i find it in tbdev source?

darkalchemy 17th December 2018 14:44
It's a super global, it's just there. You do not set it, but you can read it.

place echo $_SERVER['REQUEST_SCHEME']; die(); just about anywhere on any page and open it in the browser and you will see it.

Tedmorris 20th December 2018 13:30
It echos https

darkalchemy 20th December 2018 14:04
Quote:
Originally Posted by Tedmorris (Post 53024)
It echos https
That's what you are checking, https or http.

Bump: Lets backup a bit, my initial response was mostly correct, with one exception.

You do not check the $_SERVER['REQUEST_SCHEME'] of the image, that is for the request.

Here is a simple example, I have not tested it, but should work. You would add this after all images have been processed in format_comment().

Code:
if (empty($_SERVER['REQUEST_SCHEME']) || $_SERVER['REQUEST_SCHEME'] === 'https') {
    preg_match_all('//s', $s, $matches);
    foreach ($matches[0] as $match) {
        preg_match('//s', $match, $links);
        $dummy_image = "
       
           
        ";
        $s = str_replace($match, $dummy_image, $s);
    }
}
Sorry, for the confusion.

Tedmorris 27th December 2018 15:03
Thx m8. Its working but now i need to figure out how to make it work for avatars and to load the image when a user clicks on the replaced image. I have the href working but it wont load in the current window/description body of the torrent description.

darkalchemy 27th December 2018 15:06
you'll need javascript for that, to load and replace the image

Tedmorris 27th December 2018 19:01
Yeah ive been reading up on it but im hopeless with javascript atm lol, just need to read up more on it and i should be able to work it out. The avatars though aren't looking as simple as the avatars use a variable with a query.

PHP Code:
if ($CURUSER["avatars"] == "yes")
        $avatar htmlspecialchars($row["avatar"]);
        elseif ($CURUSER["avatars"] == "safe" AND $row["offensive"] == "no")
        $avatar htmlspecialchars($row["avatar"]);
        elseif ($CURUSER["avatars"] == "safe" AND $row["offensive"] == "yes")
         $avatar "/pic/offensive.gif";
        //        $avatar = ($CURUSER["avatars"] == "yes" ? htmlspecialchars($row["avatar"]) : "");
        if (!$avatar)
            $avatar "/pic/default_avatar.gif"
Bump: I'm trying to use an external image proxy server to load http images over https. For example, a user uses the image tag on the forums of http://images2.imagebam.com/2f/9d/32/b55ec21038500004.png
By adding https://images.weserv.nl/?url=ssl: to the start of the url and stripping the http:// the embeded link becomes https://images.weserv.nl/?url=ssl:images2.imagebam.com/2f/9d/32/b55ec21038500004.png but I'm struggling to get it working in globalstar..

This..

PHP Code:
[img]http://www/image.gif[/img]
$s preg_replace("/\[img\](http:\/\/[^\s'\"<>]+(\.gif|\.jpg|\.png))\[\/img\]/""<img border=0 src=\"\\1\">"$s); 
To this..

PHP Code:
[img]http://www/image.gif[/img]
$s preg_replace("/\[img\](http:\/\/[^\s'\"<>]+(\.gif|\.jpg|\.png))\[\/img\]/""<img border=0 src=\"\\https://images.weserv.nl/?url=ssl:\1\" >"$s); 
Is outputting https://images.weserv.nl/?url=ssl:" width="150" height="150" alt=""> I'm not getting the image url inserted and I know I need to strip the http:// from it but wanted to try atleast getting the http link added to the end of the image proxy link first. The src=\"\\1\" appears to be the user inputted url but I've formatted it wrong in the modded version..

Any help would be great and much appreciated.

Bump: [QUOTE=Tedmorris;53047]Yeah ive been reading up on it but im hopeless with javascript atm lol, just need to read up more on it and i should be able to work it out. The avatars though aren't looking as simple as the avatars use a variable with a query.

PHP Code:
if ($CURUSER["avatars"] == "yes")
        $avatar htmlspecialchars($row["avatar"]);
        elseif ($CURUSER["avatars"] == "safe" AND $row["offensive"] == "no")
        $avatar htmlspecialchars($row["avatar"]);
        elseif ($CURUSER["avatars"] == "safe" AND $row["offensive"] == "yes")
         $avatar "/pic/offensive.gif";
        //        $avatar = ($CURUSER["avatars"] == "yes" ? htmlspecialchars($row["avatar"]) : "");
        if (!$avatar)
            $avatar "/pic/default_avatar.gif"


All times are GMT +2. The time now is 13:54.

Powered by vBulletin® Version 3.8.11 Beta 3
Copyright ©2000 - 2024, vBulletin Solutions Inc.