Legacy Dash

No one simply allow such a security hole for someone that isn't a world famous hacker to be able to execute PHP code simply with an image. The forums doesn't even touch the image - the MLP Forums only tells the client to get the image itself - unless the forum caches the image on it's own server - which it isn't, cause otherwise my signature would change itself. Even if the forums did cache the image - it isn't going to try and execute the image - that would just be silly and would just cause an error. The reason I don't want a GIF is because; GIF don't have many colors, it isn't as flexible, and you'd have to sit on one page waiting for the GIF to tick over to the next signature. Also, as I said before, you could do this anyway through redirects or .htaccess files - allowing the .php extension for image files will just eliminate the need for those redirects, making the image load faster. And Imgur is an example - you could upload it somewhere else.

The remote server isn't returning the HTML code - it is returning an image. There is no way that you could do any sort of "HTML injection". If that was possible you could get a blank text file - put some malicious code in it, then upload it to imgur or something like that an exploit the forums like that.

The server won't display words as it is looking for an image, if you returned words from the server it would just show the no image thingy, as if it was an invalid link - besides even if that was the case, that is all possible already either using a .htaccess file, or a redirect. Allowing us to embed images with the extension .php (which is really easy) would reduce the time needed to load the the image, because it doesn't need to pass through a redirect. Any exploits that can be done by allowing us to use .php image extensions can already be done easily.

I know what the AdminCP of IP.Board is like, it is very, very simple to add a new extension to the allowed extensions list. No programming or coding required.

I don't want to embed the PHP code. If we allowed embedding PHP code into the MLP Forums - the forums would probably be the chaos capital of the internet. When you add a remote image to a PHP script - it runs the PHP code on the remote server. Besides, the clients browser is the one that will be fetching the image, the MLP Forums doesn't even touch the image. Edit: Here is how it works... The browser sends a request to the MLP Forums, and gets the page. The browser sees in a post <img src="http://mywebsite.com/image.php"> The browser makes a request to that image. The server mywebsite.com replies with a random image - which is achieved because it is a PHP file. The browser displays the random received image. As you can see, the MLP Forums doesn't touch http://mywebsite.com/image.php

The whole idea of my dynamic signature is that it refreshes when you refresh the MLP Forums. Besides, allowing the PHP extension doesn't only allow for dynamic images - it also can simply be used to get metrics on your images.

My Chinese teacher - most of the lesson is spent sending people out the room, for doing very minor things. I don't learn any Chinese. They only words I know in Chinese are words I've learnt via other sources. Luckily I'm not a target, I'm considered the good boy of the class, probably cause I'm very silent, and don't make a peep, and cause I finish work quite quickly. My regular teacher, is the best teacher you could ever ask for! He is a great teacher in every aspect, and I've learnt so much from him.

A GIF is animated - I don't want an animated signature. Also, the MLP Forums won't run the PHP code - the remote server will, so no harm can be done to the MLP forums. If this could be done I could do what I am now and just create a redirect and make myself an admin or something, which certainly isn't possible.

<?php header('Content-type: image/png'); $image = file_get_contents('http://i.imgur.com/H6ewafD.png'); echo $image; ?> PHP can output anything - as long as you send the correct content-type headers. If PHP can't output images, why does this work: http://mitchfizz05.net/mlpforums_assets/sig_swap/mitchfizz05/mitchfizz05.php Edit: The content type header tells the browser that it is an image, and to treat it as one - instead of a HTML file (text/html).

Usually fail to wake up at my target time - which constantly changes depending on my current sleeping pattern, then I'd eat a huge breakfast, organize food, do other assorted boring stuff and leave. I also often forget my glasses - then when I realize and tell my parents I left them behind, they go rage at me and ban me from my computer.

If you're gonna make an API - it usually has to be a PHP file. Also, PHP files can be images, you just have to tell the browser that it is an image by sending content type headers. However though, the MLP Forums doesn't look at content type headers, it looks at file extensions, but file extensions don't always tell you what the file type actually is. Edit: Infact, my signature is a PHP file, it just has a redirect that has .png on the end of it. Open my signature in a new tab and you'll see.

Hello. Any chance we could add .php to the allowed image extensions list? I understand if you are the owner of the website you can do serverside tricks and stuff like redirects and mod_rewrites and stuff - but it would be much easier to just add .php to the allowed extensions. Also, then it would be easier to embed this image: http://ponycountdown.com/countdown.php Edit: People seem to think that allowing the PHP extension could be a security risk or simply won't work. First off, allowing the PHP extension for images is safe as the PHP code is run on the server actually hosting the PHP script (eg, my website).

Nope. That's all good. Thanks.

@ After thinking for a while, I've came up with a request, I'll use the format most signature request shops use... Vector: Filly Rainbow Dash - maybe my profile picture. Size: 600x100. Text: Mitchfizz05. Extras: Make the background Cloudsdale - maybe this picture. If Cloudsdale doesn't work just do something else. The rest is pretty much up to you.

Either way, the forum is still like a herd.