uploading images by URL (20)
2 Name: !WAHa.06x36 2005-10-07 17:12 ID:6zbXo8Rk
I've been thinking about it, on and off, and I always get the feeling it is a horrible idea, but I am not entirely sure why.
Flooding is one thing, I guess.
But hey, I'm sure people have opinions on this, so let's hear it.
3 Name: Anonymous 2005-10-07 20:07 ID:Er3U1pc8
Upload image to board, thumbnail saved in post, change picture on yur end to goatse.cx. lol.
4 Name: Anonymous 2005-10-07 20:27 ID:Heaven
The posted file wouldn't link directly to the source URL (for very obvious reasons); rather, it would be uploaded from that URL to the board's server, like you would upload it from your own system. The owner of the file's source can't tamper with it once it's posted.
6 Name: Anonymous 2005-10-07 21:00 ID:d1IjWY5G
It's a horrible idea because if someone managed to flood the forum and make your server leech a large picture with every post, someone completely random would get mad at you. Also, it possibly makes you more responsible for uploading the file.
7 Name: Anonymous 2005-10-07 21:07 ID:Heaven
it's not that hard to dl to desktop, then upload to site.
8 Name: Shii 2005-10-07 22:32 ID:d1IjWY5G
Alright, here's another reason it's a horrible idea:
<html>
Welcome to my awesome website! Click the button below to access free porn.
<form method="post" action="http://www.teamtao.com/neko/wakaba.pl">
<input type="hidden" name="subject" value="NEKO IS JAPANESE FOR CAT YOU STUPID FAGGOTS">
<input type="hidden" name="name" value="SHII AUTOPOST 2.5">
<input type="hidden" name="body" value="OUR DEMANDS:\rCHANGE THE NAME OF THIS BOARD TO "NEKOMIMI"\rOPEN UP A REAL CATS BOARD\rFALSE FUCKING ADVERTISING, YOU SHITHEADS!">
<input type="hidden" name="url" value="http://www.website-with-pictures-of-cats.com/random.php">
</form>
(Yes, I could technically do this right now by ticking the "no file" checkbox, but it's only funny with pictures of cats.)
10 Name: test 2005-10-08 07:54 ID:Heaven
That could be quite dangerous on sites that don't run with captcha. Find enough of them and it'd be a good way to really hurt a target site. Not that it's likely to happen.
You could always make it depend on captch being enabled.
11 Name: Anonymous 2005-10-13 01:47 ID:oPSDdS/j
Couldn't this be coupled with OpenID or something to prevent abuse?
12 Name: !WAHa.06x36 2005-10-13 05:34 ID:Heaven
Another thought: This is wide open to a denial-of-service attack where you set up a malicious server that trickle-feeds the data it serves. You can tie up a huge number of Apache processes that way.
Seems most scripts that fetch remote files would be vulnerable to that... Not that I can think of many that do, offhand.
13 Name: test 2005-10-13 06:33 ID:Heaven
sender.pl has something in it that's supposed to counter a similar problem. Whether it actually works is another question.
14 Name: Anonymous : 2006-10-17 23:48 ID:2gHIxTyn (Image: 420x250 jpg, 19 kb)
16 Name: Anonymous : 2013-03-19 01:18 ID:OBBdr0na
I need this feature, trust my users, and know nearly nothing about coding.
Could you send me in the right direction? I'm willing to learn.
17 Name: Anonymous : 2013-03-19 07:12 ID:Heaven
>>16
They can actually just paste a URL in the file select window, and it'll work the same way. I know for sure this works in WIndows on Firefox.
18 Name: Anonymous : 2013-03-19 10:37 ID:OBBdr0na
>>17
I am aware of this option, but it's not optimal due to the long time it takes to finish.