Phun Tech Issues

I'm copying this issue here for future reference:

In short, the video tag (bbcode) that let's you paste in a url from YouTube and other sites, doesn't account for the fact that the share link YouTube gives uses the https protocol. The video tag supports the short youtu.be form just not with http(s) which is now the default. As a result, your video will just get parsed as mangled link instead of the embedded video.

The fix for now is either to just use the full youtube.com url that is given in your url bar (as opposed to their "share" button), or if you do use the shortened youtu.be version, to remove the "s" from "https".

The fix on our end should (after only a peak at the code) literally only be the addition of two characters in a file. But, it involves changing a core vBulletin file which would be overwritten by an update. It's generally a bad practice to "hack core" like that so I'd first like to see if it's fixed in a future or version or in vB's bug tracker.

I might not have time to do that right away or might not end up wanting to make a change to core vBulletin files for such a small bug. For now, just know it's there.

 

thanks. I am just censored that simply removing the S will lead the forum open to hacks.

My other concern is that by 'altering' the formula will affect all the already posted videos.

 

It shouldn't open anything to attacks by you removing the "s" or by changing the vB code that parses the video tag. What happens when vBulletin sees a video tag is this:

It looks at what's between the tags and it starts looking for sites it knows using matching patterns. So if it sees any of these:

Code:

[COLOR="#00aa00"][B]https://www.youtube.com[/B][/COLOR]/watch?v=pX8BXH3SJn0
[COLOR="#00aa00"][B]http://www.youtube.com[/B][/COLOR]/watch?v=pX8BXH3SJn0
[COLOR="#00aa00"][B]http://www.youtu.be[/B][/COLOR]/pX8BXH3SJn0

It says hey I know that pattern and I have a formula to make some html from that. So it takes that number part at the end and makes this:

Code:

<iframe id="yui-gen9" class="restrain" title="YouTube video player" src="//www.youtube.com/embed/pX8BXH3SJn0?wmode=opaque" frameborder="0" height="390" width="640"></iframe>

If it saw a Daily Motion url, it would recognize that and use their embed code instead. But, because the matching pattern for "youtu.be" doesn't account for the "s", it doesn't recognize that as a YouTube url and doesn't have any accompanying embed code to use.

You'll notice in the iframe above it doesn't specify http or https. This is a protocol relative url and it means that if the page (on Phun) is http, the iframe will use http and if it's https it will use https. Phun just uses http so no matter which version you use in your video tag, the result will be just http. So it doesn't make it any less secure than it already was (which is as secure as plain old http is).

That's something I would definitely test before implementing. But the only thing it should alter are any https youtu.be that already weren't parsing into correct embed codes. Those would now parse correctly.

I'm just not a fan of modifying core vB files so I'd rather see if there's another way around it first.

 

I have the following issue which tends to drive me to AdBlock. I don't want this so, here my description:

I visit the site in Incognito Mode in Chrome.
When I click a link , it loads (opens Popup Ad, but content loads). But on the following page, strange things happen. When trying to click any link, a quick popup opens and closes immediantly. After that, no link is clickable or hoverable. Right Mouse Button says something about flash. I have to reload the page completely and navigate using "open in new tab" for every link - avoiding left click, coz it would cause the scenario described above.

I don't have these issues with AdBlock. But I don't want to harm the site by using it. I have this problem for at least 2 month now.

 

Are you just talking about Phun—while actually on a Phun page and not an image host?

If so what cookie settings are you using in Chrome? (go to chrome://settings/content and look for the "Cookies" heading)

 

Yes, i'm talking about phun, not one of the imagehosts. Since I use Incognito Mode in Chrome, local cookies are allowed and are deleted when I close the browser.

Now that i'm monitoring it more closely, I realize that it's not everytime I visit phun. I suspect some Ad/Tracking, that maybe doesn't get delivered every visit.

 

Typically, if everything goes right, you should get a pop up for that Jasmin site the first time you click on anything—even just the background and not just on links. But then you shouldn't get another popup for awhile (about a day or so). However, if cookies can't be set and read then it will occur every time because the script would be seeing every click as that first visit. That I can replicate, but not the Flash part.

Some other things I'd try are turning Flash off or setting it to click-to-play if you really need it for some video sites. You are safer in general with it off anyway. And, lastly, check what other extensions are running. Did some rogue extension or PuP get installed?

If all else fails, block it if you prefer.

 

Thanks for the answer. Currently, the behaviour is normal again.

 

Were having issues with spambots, so we tightened the posting restrictions for new users, which includes image and link posting. After 10 posts or so, things should be all good.

 

Is ther a chance to delete all threads and answers i made in the last years - means - i liked the site till today - but its shit to make a thread and than get an answer from some people that really suck and that are arent true - so tsite is over for me to write in