You are here

Bug in forums regarding AIM links.

17 posts / 0 new
Last post
Bruce Pascoe
Offline
Last seen: 12 years 3 months ago
Joined: 2006-01-15 16:14
Bug in forums regarding AIM links.

@John T. Haller
I tried to use an AIM link in my signature, but the forums can't handle it. The following link:

<a href="/aim:goim?screenname=fatcerberus">

...ends up linking to https://portableapps.com/goim?screenname=fatcerberus instead of aim:goim?screenname=fatcerberus.

Can you fix this? I'd like to put a clickable IM link in my signature, but this bug prevents me from doing so.

To illustrate the problem:
broken AIM link

-
fatcerberus@yahoo.com  [aim: fatcerberus]
I have no witty remarks or quotes to share at the moment.

Thox
Offline
Last seen: 17 years 8 months ago
Joined: 2006-02-09 06:46
XSS

This could possibly be a filter applied by the CMS to prevent XSS.

<a href="/javascript:alert(document.cookie)">

Cookies

Bruce Pascoe
Offline
Last seen: 12 years 3 months ago
Joined: 2006-01-15 16:14
Okay, but still...

Yeah, I can see the reasoning there. However, the filter shouldn't block aim: links. It lets mailto: links through, after all.

-
fatcerberus@yahoo.com  [aim: fatcerberus]
"I'm still hungry! That giant horse wasn't enough to satisfy me, so I think I'll eat... you two skinny dudes!" ~maggie (Spectacles: Bruce's Story)

Thox
Offline
Last seen: 17 years 8 months ago
Joined: 2006-02-09 06:46
filter_allowed_protocols

You're right, it's simply not in the allowed list: http, https, ftp, news, nntp, telnet, mailto, irc, ssh, sftp, webcal.

John, you could edit filter.module or the variable table (filter_allowed_protocols).

John T. Haller
John T. Haller's picture
Offline
Last seen: 1 hour 24 min ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
People use those?

With all the SPIM-bots running around, I'm surprised people still use AIM links.

That said, the list of filtered protocols is hard-coded into Drupal:

$allowed_protocols = array_flip(variable_get('filter_allowed_protocols',...
array('http', 'https', 'ftp', 'news', 'nntp', 'telnet', 'mailto', 'irc',...
'ssh', 'sftp', 'webcal')));

There is no database table you can update that I know of. I'm definitely not gonna hack Drupal code to add this. I might be able to set it with a variable in the site settings config file, but I don't know that I want to bother expending energy and time on it since AIM links aren't really necessary (this is the 1st inquiry since the site went live 4 months ago).

Sometimes, the impossible can become possible, if you're awesome!

Bruce Pascoe
Offline
Last seen: 12 years 3 months ago
Joined: 2006-01-15 16:14
It's funny...

I've been posting my screen name for years and I've never gotten a single piece of IM spam. It's my inbox that gets hammered.

-
fatcerberus@yahoo.com  [aim: fatcerberus]
I have no witty remarks or quotes to share at the moment.

Ashes for Tears
Offline
Last seen: 16 years 6 months ago
Joined: 2006-01-11 08:41
Yeah, me too.

Yeah, me too. Pardon

John T. Haller
John T. Haller's picture
Offline
Last seen: 1 hour 24 min ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
Really?

Huh, and I thought SPIM-bots were gonna kill the whole AIM link thing.

Lemme wait til Drupal 4.7 (any day now) and see if there's a way to do it.

Sometimes, the impossible can become possible, if you're awesome!

Bruce Pascoe
Offline
Last seen: 12 years 3 months ago
Joined: 2006-01-15 16:14
...

My guess is that IM spam (I hate the term "SPIM"... it's not even a proper acronym) didn't really take off, because once all the IM services started doing the "enter these random letters from an image" verification thing during sign-up, bots couldn't register accounts with them anymore. Instant messenging isn't like email--if you want to send someone a message on a service, you have to register for that service through official channels. With email, you can host your own email service. For IM spam, someone would have a register a bunch of spammer accounts themselves (time consuming to do manually), and then users can just block them anyway.

Plus, AIM has an option not to let anyone message you who isn't on your buddy list, and I believe MSN Messenger has a similar option. So yeah, IM spam really isn't all that feasable when you think about it.

Edit: Forgive me for being long-winded. I've been like this since I first used a message board and I can't seem to help it. Smile

-
fatcerberus@yahoo.com  [aim: fatcerberus]
I have no witty remarks or quotes to share at the moment.

John T. Haller
John T. Haller's picture
Offline
Last seen: 1 hour 24 min ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
SPIM and captchas

Well... SPam over Instant Messenger... isn't too bad. It always sounded wrong to me, though.

Defeating captchas (those weird characters) is actually pretty trivial to do in an automated fashion. There is open source software you can use to do it.

Sometimes, the impossible can become possible, if you're awesome!

Bruce Pascoe
Offline
Last seen: 12 years 3 months ago
Joined: 2006-01-15 16:14
...

Well, then why do all the "what's this?" descriptions for them say that machines can't read them, if it's actually trivial to defeat them? Not that I'm doubting you, mind you, I'm just curious.

Edit: Point proven. SPIM is not a proper acronym in my mind. A true acronym should only use one letter from each element. "SPIM" uses two letters from spam. It's like "VoIP"... "VOice over Internet Protocol" (the word "over" is excluded for the purpose of expanding the acronym). Technically, the proper acronym would be "VOIP" (Voice Over Internet Protocol), but "VoIP" looks better, so I'm guessing that's why they used that.

-
fatcerberus@yahoo.com  [aim: fatcerberus]
I have no witty remarks or quotes to share at the moment.

John T. Haller
John T. Haller's picture
Offline
Last seen: 1 hour 24 min ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
Used to be

It used to be that machines couldn't read them. But lots of people are working to break them since they do things like exclude those with visual impairments.

See here:
http://en.wikipedia.org/wiki/Captcha#Circumvention

And PWNtcha (1 image lower on the page not safe for work / go*tse):
http://sam.zoy.org/pwntcha/

Sometimes, the impossible can become possible, if you're awesome!

Bruce Pascoe
Offline
Last seen: 12 years 3 months ago
Joined: 2006-01-15 16:14
...

Gah! You could have warned me that there was a go*tse image on the PWNtcha page. Shock

-
fatcerberus@yahoo.com  [aim: fatcerberus]
I have no witty remarks or quotes to share at the moment.

John T. Haller
John T. Haller's picture
Offline
Last seen: 1 hour 24 min ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
Woah

Hadn't scrolled down that far.

Sometimes, the impossible can become possible, if you're awesome!

Ryan McCue
Ryan McCue's picture
Offline
Last seen: 14 years 6 months ago
Joined: 2006-01-06 21:27
AHH!

*scarred for life*
----
R McCue

"If you're not part of the solution, you're part of the precipitate."

Rob Loach
Rob Loach's picture
Offline
Last seen: 15 years 7 months ago
Developer
Joined: 2005-12-09 17:29
Drupal 4.7

You're going to have a horrible time upgrading to Drupal 4.7 as all of the modules you have installed will break. Some modules have upgraded to the latest module framework, but most are still in the 4.6 era (most being all the important ones).

Rob Loach [Website] [Projects]

John T. Haller
John T. Haller's picture
Offline
Last seen: 1 hour 24 min ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
Not many extras

I'm not using many extra modules at the moment, actually. I've purposely held off as I knew 4.7 was coming soon.

Sometimes, the impossible can become possible, if you're awesome!

Log in or register to post comments