Skip to:
Content
Pages
Categories
Search
Top
Bottom

BBcode-lite users MUST upgrade to 1.0.5 ASAP

Viewing 9 replies - 1 through 9 (of 9 total)

  • _ck_
    Participant

    @_ck_

    Given this is my second most popular plugin, I’d like to make this sticky for 24 hours or more – if the other mods will please tolerate because of the severity.


    Rich Pedley
    Member

    @rich-pedley

    done, thanks ;)

    I did the upgrade, but now the pics aren’t showing. Its just shows the complete file name with pic.jpg.


    _ck_
    Participant

    @_ck_

    @RedBull, if you were previously using the option to enable images via bbcode-lite, make sure you uncomment the first line that enables them again (by re-installing the plugin as default you’ve disabled them).

    Thanks _ck_,

    I just went back and used the:

    <img src=”http://mydomain.com/pic.jpg&#8221; alt=”Pic1″ />

    As this is allowed through bbcode-lite.

    Appreciate the response,

    RedBull


    _ck_
    Participant

    @_ck_

    Ah, yes all secondary attributes unfortunately have to be disallowed now via bbcode-lite because of the security issue. It’s a quick fix with that side effect.

    The trade-off of bbcode-lite is speed, so for security things have to be disallowed instead of trying to parse for all options which would slow things down.

    HTML tags are saved when a post is made and then they are done, so it’s fast. But bbcode has to be parsed each and every time a page is displayed, so speed is important.

    I guess an advanced feature for a future version would be to convert the bbcode into permanently saved html after the user’s time to edit has passed (ie. an hour). But that kind of sophistication will have to wait.

    The two above posts explain how to accomplish this.

    If you are using _ck_’s bbcode-lite plugin: https://bbpress.org/plugins/topic/bbcode-lite/

    You can use basic html

    <img src=”http://mydomain.com/pic.jpg&#8221; alt=”Pic1″ />

    Why not use KSES?


    _ck_
    Participant

    @_ck_

    KSES is too slow to use for realtime output.

    It’s used by WP/bbPress *before* the post is saved permanently (pre_post filter)

    But bbcode is stored as bbcode, not converted HTML.

    So it has to be converted to html each time a post is shown (post_text filter).

    So KSES is too slow for that.

    (plus I don’t want to use an external function with regex matches, which makes it ten times more complex)

Viewing 9 replies - 1 through 9 (of 9 total)
  • You must be logged in to reply to this topic.
Skip to toolbar