Bravo List
Register
Go Back   > Bravo List > Source Code > Archived Trackers > TBDev
Reply
  #1  
Old 9th December 2018, 05:11
Tedmorris Tedmorris is offline
Senior Member
 
Join Date: Sep 2017
Posts: 62
Default Mixed content external images
Hey guys,

Does anyone know a method for dealing with mixed content warnings from external images posted on the forums or torrent descriptions?

Im looking for a method similar to what IPT use, something that detects the image is not https and replaces the image with a non ssl image that you click on to display the image.

Ive searched google but i cant seem to find a solution, any help would be much appreciated.
Reply With Quote
  #2  
Old 9th December 2018, 09:44
DND DND is offline
VIP
 
Join Date: Dec 2008
Posts: 1,241
Default
They use the option from Cloudflare for mixed content
__________________
Need HELP!? I can install:

  1. Server/VPS (Debian,CentOS,Ubuntu,Fedora, FreeBSD) Optimization and ... + Modules
  2. Webserver Windows/Linux (Apache/Lighttpd/Nginx/Mysql/PhpMyAdmin/SSL) Optimization and ... + Modules
  3. Seedbox Windows/Linux (uTorrent,rTorrent,libTorrent,ruTorrent) + Modules
  4. Multiple source code engines
  5. Linux Server Administration (security, cryptography/encryption, proxy, load balancer, custom ddos firewall)
Reply With Quote
  #3  
Old 9th December 2018, 10:02
darkalchemy darkalchemy is offline
Administrator
 
Join Date: Dec 2017
United States
Posts: 101
Default
It should be pretty simple to achieve.

1) place a temp image into your image folder.
2) during formatting of the output, check the url scheme $_SERVER['REQUEST_SCHEME'] if its http, replace it with the image as a link to the original url.

I do it a bit differently. I do not allow external images to be displayed anywhere in my code. The term is 'image proxy' and the idea is that you can either download the image to your site and replace the external url with the internal one, or you can use an image proxy host, much like an anonymizer. The image proxy host will grab the image and send it to you, https.

The benefit of doing it internally is that you can manipulate, resize and optimize the image to display as needed. It also allows the users browser to cache the image.
Reply With Quote
The Following User Says Thank You to darkalchemy For This Useful Post:
papad (10th December 2018)
  #4  
Old 9th December 2018, 11:07
Tedmorris Tedmorris is offline
Senior Member
 
Join Date: Sep 2017
Posts: 62
Default
Thx guys,

I like your setup Darkalchemy, sounds like a much better solution.

I will start researching image proxy and see how i go.

Bump: Where can i find $_SERVER['REQUEST_SCHEME']
Reply With Quote
  #5  
Old 10th December 2018, 02:07
darkalchemy darkalchemy is offline
Administrator
 
Join Date: Dec 2017
United States
Posts: 101
Default
It's a super global, it's available everywhere.
Reply With Quote
  #6  
Old 17th December 2018, 04:00
Tedmorris Tedmorris is offline
Senior Member
 
Join Date: Sep 2017
Posts: 62
Default
Ok so i cant find that super global anywhere and the images posted on the forums and torrent descriptions are formatted in the format_comment function i think?

PHP Code:
function format_comment($text$strip_html true)
{
    global 
$smilies$privatesmilies;

    
$s $text;
        unset(
$text);

        if (
$strip_html)
        
$s htmlspecialchars($sENT_COMPAT'ISO-8859-1');

  
// [img]http://www/image.gif[/img]
$s preg_replace_callback("/\[img\]((http|https):\/\/[^\s'\"<>]+(\.(jpg|gif|png)))\[\/img\]/i""scale"$s);

    
// [img=http://www/image.gif]
 
$s preg_replace_callback("/\[img=((http|https):\/\/[^\s'\"<>]+(\.(gif|jpg|png)))alt=\"\"\]/i""scale"$s); 
Or have i missed something?
Reply With Quote
  #7  
Old 17th December 2018, 04:04
darkalchemy darkalchemy is offline
Administrator
 
Join Date: Dec 2017
United States
Posts: 101
Default
Super Globals
Reply With Quote
  #8  
Old 17th December 2018, 11:26
Tedmorris Tedmorris is offline
Senior Member
 
Join Date: Sep 2017
Posts: 62
Default
Thx m8, where can i find it in tbdev source?
Reply With Quote
  #9  
Old 17th December 2018, 14:44
darkalchemy darkalchemy is offline
Administrator
 
Join Date: Dec 2017
United States
Posts: 101
Default
It's a super global, it's just there. You do not set it, but you can read it.

place echo $_SERVER['REQUEST_SCHEME']; die(); just about anywhere on any page and open it in the browser and you will see it.

Last edited by darkalchemy; 17th December 2018 at 19:31.
Reply With Quote
  #10  
Old 20th December 2018, 13:30
Tedmorris Tedmorris is offline
Senior Member
 
Join Date: Sep 2017
Posts: 62
Default
It echos https
Reply With Quote
Reply

Tags
content , external , images , mixed

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump



All times are GMT +2. The time now is 23:38. vBulletin skin by ForumMonkeys. Powered by vBulletin® Version 3.8.11 Beta 3
Copyright ©2000 - 2024, vBulletin Solutions Inc.