I used the html BBcode a few times, to embed some documents on issu. This could be useful, thanks ;)
Yes, I know many use the tag for several different things, though it is currently responsible for a security vulnerability (mine is not theoretical assumption, it's a real threat) in both SMF (probably any version) and ElkArte (version 1.0 and below). Of course I will not give more details for the moment.
So, the most safe option for the core is to remove the tag.
Actually the most secure option would be remove it and not provide a way to restore it, but I know many people prefer an easy way to do what they want, even if it compromise the security of their sites, so here it is. Once the fix in SMF is published I'll post in this topic the way to exploit the tag, so that people will be aware that using this tag they will put their forum in danger.
/me is evil. >:D
Really, there are many ways to achieve almost anything in a safe way.
For example:
http://www.italiansmf.net/forum/index.php?topic=775.0
the OP wanted to give people the ability to post HTML in order to be able to share facebook bits.
A new tag and 10 lines of code and the problem is solved in a much, much safer way. ;)
Download link not work.
try this one instead http://addons.elkarte.net/bbc/BBC-Html.html ;)
Fixed. :)
BTW that demonstrates this is not a really wanted addon, :P
not wanted, but sometimes could be very useful ;)
I installed this addon so that I could add an html tag, but when editing a message it gives an error and it is impossible to edit the message. /home/----/ I hid the full address
HTMLBBC::unpreparse_code(): Argument #3 ($i) must be passed by reference, value given
PHP Fatal error: Uncaught exception 'ErrorException' with message 'HTMLBBC::unpreparse_code(): Argument #3 ($i) must be passed by reference, value given' in /home/----/public_html/sources/Hooks.class.php:110
Stack trace:
#0 (): error_handler(integer, string, string, integer)
#1 /home/----/public_html/sources/Hooks.class.php(110): call_user_func_array(array, array)
#2 /home/----/public_html/sources/Subs.php(1434): hook(string, array)
#3 /home/----/sources/subs/BBC/PreparseCode.php(720): call_integration_hook(string, array)
#4 /home/----/public_html/sources/controllers/Post.controller.php(461): un_preparsecode(string)
#5 /home/----/public_html/sources/controllers/Post.controller.php(114): _generating_message()
#6 /home/----/public_html/sources/controllers/Post.controller.php(70): action_post()
#7 /home/----/public_html/sources/SiteDispatcher.class.php(364): action_index()
#8 /home/----/public_html/index.php(136): dispatch()
#9 /home/----/public_html/index.php(66): elk_main()
#10 {main}
thrown in /home/-----/public_html/sources/Hooks.class.php on line 110
Looks like that was not updated for 1.1 .... I'll take a look and if its not to much effort I'll post an update here.
ETA: Actually it was ... have to look closer at what is wrong.
Give this version a try .....