1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Lack of Interest disable sending images (IMG tag) in conversations...

Discussion in 'Closed Suggestions' started by topcat, Mar 10, 2013.

  1. topcat

    topcat Well-Known Member

    unless I have missed this option and its already there,

    as the title says, I would like the option to disable sending images in pm's

    is there an easy way to do this with temp edit??
  2. Brogan

    Brogan XenForo Moderator Staff Member

    Attchments in conversations is a permission.
  3. topcat

    topcat Well-Known Member

    not the same, even if attachments are disabled in conversations it doesn't stop people from clicking the insert image icon and inserting an image into a conversation

    Without being able to disable this function, its possible for members to obtain ip's of other members very easily.
  4. Amaury

    Amaury Well-Known Member

    By inserting an image, it's possible for others users to obtain another user's IP address? Um... no. I don't see how that's even remotely possible.
  5. AndyB

    AndyB Well-Known Member

    Is there a particular reason you want to disable the [i m g] code in Private Conversations?
    Amaury likes this.
  6. Daniel Hood

    Daniel Hood Well-Known Member

    You can insert an image that is a php file which gathers data before rendering the image.
  7. topcat

    topcat Well-Known Member

    you can do it by just inserting a plain image
  8. topcat

    topcat Well-Known Member

    see above
  9. AndyB

    AndyB Well-Known Member

    From what I understand this can only occur if the forum software doesn't do basic checks for a valid image. Have you seen this exploit on Xenforo forums actually work?
  10. topcat

    topcat Well-Known Member

    yes just done is to Amaury lol

    only way to stop it is to give option to disable img code in conversations.

    then with it disabled from usergroup permissions if some one wanted to send an img they would have to type the url and it would be up to the person recieving the pm whether they wanted to visit that url or not, but it would be at their own risk and probably if they trusted the sender
  11. AndyB

    AndyB Well-Known Member

    Sorry I don't know what you mean by this?
  12. Jeremy

    Jeremy XenForo Moderator Staff Member

    Its not really an exploit; you are accessing a file from a server (be it an attachment or located elsewhere), your IP address will most likely appear in the server access log. That is standard on pretty much every server.
  13. topcat

    topcat Well-Known Member

    Amaury the user above said it wasn't possible so i sent hm and image and told him his ip
  14. topcat

    topcat Well-Known Member

    true but on vbulletin you can disable the img tag in pm's

    never said it was an exploit just asked for the option to disable the img tag for x usergroup
  15. AndyB

    AndyB Well-Known Member

    Please send me this image too me in a Private Conversation, I'd like to see it too.
  16. SignTorch

    SignTorch Active Member

    an image can be any script that returns an image header and image data, the viewer sees the image, the script can see the viewer's IP.... that's why many email readers don't show images without viewer approval
  17. psTubble27

    psTubble27 Well-Known Member

    Isn't it much simpler than that? You could do it with the regular image, which the victim would request to show and the host would record what IP the request came from. That's probably the more straightforward reason why most mail clients prevent image-loading unless approved.
  18. SignTorch

    SignTorch Active Member

    No it can't be any simpler.
     header("content-type: image/gif");echo(file_get_contents("the-image.gif"));
    IP recorded....
  19. xf_phantom

    xf_phantom Well-Known Member

    Or just analize the server log and search for "the-image.gif" requests?:rolleyes:
    no coding required
    no overhead
  20. sonnb

    sonnb Well-Known Member

    I think you could request a custom addon for it. Many man, many mind. IMO, I am not happy if I even cannot insert an image in the PC.

Share This Page