Interesting to note that the the conversion process stores the URL to the database with double quotes around it, but displays single quotes in the BBcode Editor.
This is a different behaviour from user created BBcode links, which display and store single quotes.
This is a different behaviour from user created BBcode links, which display and store single quotes.
Tom McIntyre
Active member
I know this thread is a bit old, but can anyone tell me what the content of /etc/hosts should be?
Here is what is in my current file contains after our consultant attempted to fix this problem.
Our server and our vB site are both behind the firewall, hence the 10.200.200.46 but I do not know the correct syntax for these entries. We are trying to reference the vB site during the conversion, but the title reference problem exists for both the vB and the xF site.
Here is what is in my current file contains after our consultant attempted to fix this problem.
Code:
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.200.200.46 mb2.nawcc.org mb2 xf.nawcc.org xfTom McIntyre
Active member
This feature does not work for references internal to the site. We also have problems with our convert image to attachment add on when the image reference is local. I got an error that referenced access control header and a search on cPanel CORS found this possible solution:
Another suggestion was to dispense with the IfModule and just insert the Header line. Unless someone warns me that this is dangerous, I will try putting it in my htaccess file. Advice???
Code:
<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin "*"
</IfModule>Another suggestion was to dispense with the IfModule and just insert the Header line. Unless someone warns me that this is dangerous, I will try putting it in my htaccess file. Advice???
This is working on my production forum ok with v1.5.13, is your forum private or public?
Because this fetches the page rather than gets the value from the database, if the link is in a private area it won't fetch the title. To be fair, even if fetching from the database that's still the best security behaviour.
I think because I was working on a local development server, I needed to have host for the site defined in /etc/hosts as this wasn't working accessing only by IP address or localhost.
For example:
x.x.x.x mydomain
However in recent updates there looks to have been some changes to _getUrlTitle() in these functions..
XenForo/BbCode/Formatter/BbCode/AutoLink.php
_getUrlTitle
XenForo/Helper/Http.php
isRequestableUntrustedUrl()
.. as I can no longer fetch the titles for local URLs on the development server.
Localhost/IP is still denied, but now any other domain is resolved to IP to deny if the local IP address for either IPv4 and IPv6.
Taken from isRequestableUntrustedUrl()..
Commenting out the if ($ips) conditional for IPv4 it works again on my local development server.
So if you have upgraded recently and found this no longer works, those classes may contain some clues for you.
Because this fetches the page rather than gets the value from the database, if the link is in a private area it won't fetch the title. To be fair, even if fetching from the database that's still the best security behaviour.
I think because I was working on a local development server, I needed to have host for the site defined in /etc/hosts as this wasn't working accessing only by IP address or localhost.
For example:
x.x.x.x mydomain
However in recent updates there looks to have been some changes to _getUrlTitle() in these functions..
XenForo/BbCode/Formatter/BbCode/AutoLink.php
_getUrlTitle
XenForo/Helper/Http.php
isRequestableUntrustedUrl()
.. as I can no longer fetch the titles for local URLs on the development server.
Localhost/IP is still denied, but now any other domain is resolved to IP to deny if the local IP address for either IPv4 and IPv6.
Taken from isRequestableUntrustedUrl()..
PHP:
$ips = @gethostbynamel($parts['host']);
if ($ips)
{
foreach ($ips AS $ip)
{
if (self::isLocalIpv4($ip))
{
$error = "local: $ip";
return false;
}
else
{
$hasValidIp = true;
}
}
}
if (function_exists('dns_get_record') && defined('DNS_AAAA'))
{
$hasIpv6 = defined('AF_INET6');
if (!$hasIpv6 && function_exists('curl_version') && defined('CURL_VERSION_IPV6'))
{
$version = curl_version();
if ($version['features'] & CURL_VERSION_IPV6)
{
$hasIpv6 = true;
}
}
if ($hasIpv6)
{
$ipv6s = @dns_get_record($parts['host'], DNS_AAAA);
if ($ipv6s)
{
foreach ($ipv6s AS $ipv6)
{
$ip = $ipv6['ipv6'];
if (self::isLocalIpv6($ip))
{
$error = "local: $ip";
return false;
}
else
{
$hasValidIp = true;
}
}
}
}
}Commenting out the if ($ips) conditional for IPv4 it works again on my local development server.
So if you have upgraded recently and found this no longer works, those classes may contain some clues for you.
Last edited:
Tom McIntyre
Active member
That does not seem to help with my problem. My system is not private, but it is behind a firewall with address translation. No problem referencing a post there from here. i.e. https://xf.nawcc.org/index.php?threads/small-wonders-e-howard-watch-co-thin-model.141472/ here vs. this page image there.
Tom McIntyre
Active member
OK, now I am totally confused. Thread references to my site from here have been working before. Is that behavior turned off for this forum?
https://xf.nawcc.org/index.php?threads/small-wonders-e-howard-watch-co-thin-model.141472/
http://mb.nawcc.org/showthread.php?40110-Mr-Cornell-of-Cornell-Watch-Co
https://xf.nawcc.org/index.php?threads/small-wonders-e-howard-watch-co-thin-model.141472/
http://mb.nawcc.org/showthread.php?40110-Mr-Cornell-of-Cornell-Watch-Co
It is likely that XenForo is picking up your local IP address and blocking the conversion based on that.
These are the ranges classed as local in library/XenForo/Helper/Http.php
PHP:
public static function isLocalIpv4($ip)
{
return preg_match('#^(
0\.|
10\.|
100\.(6[4-9]|[7-9][0-9]|1[01][0-9]|12[0-7])\.|
127\.|
169\.254\.|
172\.(1[6-9]|2[0-9]|3[01])\.|
192\.0\.0\.|
192\.0\.2\.|
192\.88\.99\.|
192\.168\.|
198\.1[89]\.|
198\.51\.100\.|
203\.0\.113\.|
224\.|
240\.|
255\.255\.255\.255
)#x', $ip);
}
public static function isLocalIpv6($ip)
{
$ip = XenForo_Helper_Ip::convertIpStringToBinary($ip);
$ranges = array(
'::' => 128,
'::1' => 128,
'::ffff:0:0' => 96,
'100::' => 64,
'64:ff9b::' => 96,
'2001::' => 32,
'2001:db8::' => 32,
'2002::' => 16,
'fc00::' => 7,
'fe80::' => 10,
'ff00::' => 8
);In v1.5.13 you can test if this is the cause by editing library/XenForo/Helper/Http.php then finding the isRequestableUntrustedUrl() function and putting return true; at the very start like below.
Be sure to back up the file first.
PHP:
public static function isRequestableUntrustedUrl($url, &$error = null)
{
return true;
$parts = @parse_url($url);While it's not recommended to edit the core files and I would not leave that edit in there as placing it right at the top skips a bunch of other checks, this may help narrow things down.
Please post back here how you get on.
Tom McIntyre
Active member
Thank you very much. Nulling out the check worked to get the title contents. Can anyone tell me without compromising world security why that safety check is necessary?
Unfortunately, I still have a problem with local reference to images on the site that I would like to have converted to attachments instead of IMG references to attachment Url's. @AndyB's add-ons work just fine for references to images off the site or to first references on image uploads.
I have the board set up to convert all inbound image files to local attachments with a 250px x 250px bounding box on the thumbnail. I have also installed AAS, so I may be getting to complex in this effort at cleaning up image handling. It is supposed to make all images into attachments and to create new references to the existing attachments if thy are re-used either intentionally or from lack of knowledge of what is there.
Unfortunately, I still have a problem with local reference to images on the site that I would like to have converted to attachments instead of IMG references to attachment Url's. @AndyB's add-ons work just fine for references to images off the site or to first references on image uploads.
I have the board set up to convert all inbound image files to local attachments with a 250px x 250px bounding box on the thumbnail. I have also installed AAS, so I may be getting to complex in this effort at cleaning up image handling. It is supposed to make all images into attachments and to create new references to the existing attachments if thy are re-used either intentionally or from lack of knowledge of what is there.
Without getting in to making an add-on, the safest way is to allow only your server's IP address to bypass the validity check. Note that this will likely be overwritten in future updates so you will have put it back again if that happens. The line #132 that needs to be changed is commented below.
PHP:
...
$ips = @gethostbynamel($parts['host']);
if ($ips)
{
foreach ($ips AS $ip)
{
if (self::isLocalIpv4($ip) && $ip != '10.200.200.46') // Allow from your server's private IP address
{
$error = "local: $ip";
return false;
}
else
{
$hasValidIp = true;
}
}
}
...
Pauly
Member
I have been having the issue and as per the above post i edited my /etc/hosts file to resolve the problem, i created a new line and added my IP address and domain in the format below
xxx.xxx.xxx.xxx www.mydomain.com mydomain.com
All public areas of the forum now resolve internal URLs to page titles (externals already did) and as expected private areas of the forum do not
xxx.xxx.xxx.xxx www.mydomain.com mydomain.com
All public areas of the forum now resolve internal URLs to page titles (externals already did) and as expected private areas of the forum do not
Similar threads
- Question
