Open dvz opened 4 years ago
We already have the asset_url property used for CDN purposes, which we could/should expand upon.
On Sat, 21 Mar 2020, at 20:17, Tomasz Mlynski wrote:
Add a proxy function for optional address transformations of external resources through plugin hooks. The function should be used for avatars, parser images, and other embedded assets.
Current approach e.g. in the DVZ Secure Content plugin https://community.mybb.com/mods.php?action=view&pid=450 involves overwriting original data in variables, database columns, and using regex replacements.
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/mybb/mybb/issues/3905, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAFW24KSKFAQFWQLXIHKYKTRIUOFFANCNFSM4LRBB6XA.
Should we use the same function for untrusted, external URLs?
Thoughts on adding a hook at https://github.com/mybb/mybb/blob/mybb_1822/inc/class_core.php#L495 to potentially override $path
?
We would pass [img]
URLs through this function in postParser::mycode_parse_img()
.
Add a proxy function for optional address transformations of external resources through plugin hooks. The function should be used for avatars, parser images, and other embedded assets.
Current approach e.g. in the DVZ Secure Content plugin involves overwriting original data in variables, database columns, and using regex replacements.