Jump to content




The firebox browser project


20 replies to this topic

#1 Ta©ti_Tac0Z

  • Members
  • 59 posts

Posted 15 July 2018 - 08:07 PM

Welcome to the firebox browser project (not to be confused with firefox)
- A CC browser
Posted Image
Q&A:
q1: does this browser load html?
a1: partly, am working on a html parser but this is work in progress (if you open a page that the browser doesn't know what is it will ask you if you wish to try to parse it to NWPF
q2: but what can this use then?
a2: firebox uses a file type called NWPF witch is also a type of "makeup language" witch is made for the browser. there is also some "side-projects" as for instance: MOV files, MUSIC files,
and it can rendere nfp (paintutils image) images
q3: well what can NWPF do then?
a3: all this can be seen on the wiki
q4: should i suggest chances and ideas?
a4: yes, that would be great
Key-Features:
-uses the http api and can show any file on the internet (you can also read files from your local filesystem by useing: localfile://filename)
-MOV file rendere (MOV file is a file type made by me i may post my moviecreater on the forum soon
-NFP (paintutils image) file rendere
-MUSIC player (also a file type of me a musicmaker program is my next thing to post about)
-NWPF simple to use "makeup langauge" see the wiki for forther infomation
-HTML rendere witch will be inproved as the time goes on
-all these types of files can be used in side a NWPF document
-more to come, some not written
The wiki:
the wiki will be avalable at: http://cc.noahtg.com/wiki
its under devopment but its avalable
The actemt on a html to nwpf parser:
at the mument this have some problems with tags inside 10's of other tags but here is one of my pages NWPF'ifired:
Posted Image
as i said this was one of the times where my parser worked
(NOTE: that the website that this browser is showing is really old and one of my first html projects... so if you want to be able to sleep tonight then don't visit it ever is awful. cc.noahtg.com is where all my new cc websites magic is)
but i don't have a website to post nwpf pages to:
you can load nwpf and other filetypes from you local filesystem but thats not cool
thats why you are free to upload both images and nwpf and yeah all you want to my website, the magic starts at: http://cc.noahtg.com/addpage.php
that leads me to my next thing: its possible to have both html and nwpf in a html file more about that on the wiki for instance: page on a windows 10 computer:
Posted Image
page on firebox:
Posted Image
i call it a mutil-page
(all tho all spam whould be deleted and the user banned)
this is all i have time to write today
versions:
0.1: pastebin: pastebin get egECt2nz firebox_browser.lua
made by tacti_tac0z (ealier knowen as: noahthegame)
do not copy!
i advice you to not run this program on a monitor.

Edited by Ta©ti_Tac0Z, 16 July 2018 - 10:21 PM.


#2 Ta©ti_Tac0Z

  • Members
  • 59 posts

Posted 16 July 2018 - 10:24 PM

The wiki is now partly done, still a lot of tags to documented, and exables to make, the wiki is avalable here: http://cc.noahtg.com/wiki/?p=start

#3 EveryOS

    Resident Necromancer

  • Members
  • 566 posts
  • LocationBOO!!

Posted 17 July 2018 - 10:17 PM

I tried using it, it just said "As you can see, this is heavily a work in progress"

Posted Image

Edited by EveryOS, 17 July 2018 - 10:19 PM.


#4 Ta©ti_Tac0Z

  • Members
  • 59 posts

Posted 18 July 2018 - 12:42 AM

yes this is becuse the contents of the google.com website all most only consist of stuff added by a javascript script witch this browser doesn't support i did say it was work in progess and only is going to handle simple html websites. google.com is not exacly simple. am really happy that you try my project tho, also the xml parser i found sems to have a problem with a lot of tags inside a lot of tags (may also be my not-being-able-to-do-stuff). as you maybe can see the parser made a blank line becuse it also nerver got to the text stuff
aslo if it did all you whould be able to see may be "am felling lucky" and "seach" and some copy right stuff, given that google is 80% google logo (may also show you account name and the buttons to the right) my point is: "google is not the place to start"

i knew from the start that my browser whouldn't be exacly that usefull infact i nerver planned to make the html parser it was just a little side project of mine

all that aside i am again really happy that you took your time and tryed it

Edited by Ta©ti_Tac0Z, 18 July 2018 - 12:44 AM.


#5 EveryOS

    Resident Necromancer

  • Members
  • 566 posts
  • LocationBOO!!

Posted 18 July 2018 - 07:39 PM

Perhaps, instead of showing that screen, you just show what you can (nonscript tags and anything not in a script or style tag), as well as a notification "this page could not be fully loaded"

#6 Ta©ti_Tac0Z

  • Members
  • 59 posts

Posted 25 July 2018 - 08:33 PM

yeah good idea

#7 Ta©ti_Tac0Z

  • Members
  • 59 posts

Posted 25 July 2018 - 10:44 PM

hallo to you YES YOU, you know who you are, trying to upload php code to my website eh?
well thanks are you going to say WHO you are or am i going to need to find out?

yes thats right SOME body aboused my addpage system.

#8 Dave-ee Jones

  • Members
  • 456 posts
  • LocationVan Diemen's Land

Posted 26 July 2018 - 04:22 AM

Shoulda known it was going to happen, though. I'm assuming you've got a download handler to prevent that from happening?

#9 osmarks

  • Members
  • 21 posts

Posted 26 July 2018 - 11:20 AM

View PostTa©ti_Tac0Z, on 25 July 2018 - 10:44 PM, said:

hallo to you YES YOU, you know who you are, trying to upload php code to my website eh?
well thanks are you going to say WHO you are or am i going to need to find out?

yes thats right SOME body aboused my addpage system.
I mean, if you go around not preventing stuff like that properly, it'll happen, inevitably.

#10 Ta©ti_Tac0Z

  • Members
  • 59 posts

Posted 27 July 2018 - 03:43 PM

i didn't tell you want happened? you know what happend?
EDIT: yeah i told you in my own repley...

View PostDave-ee Jones, on 26 July 2018 - 04:22 AM, said:

Shoulda known it was going to happen, though. I'm assuming you've got a download handler to prevent that from happening?

i haven't opened the page yet but i made sure poeple can't name a file with the extection of php

greatfully the guy didn't make any major damage
(it seems the guy first testet if he chould there after uploaded some random snipets form the internet, greatfully - again - my php config didn't let him do what he was trying to)

Edited by Ta©ti_Tac0Z, 27 July 2018 - 03:44 PM.


#11 Ta©ti_Tac0Z

  • Members
  • 59 posts

Posted 27 July 2018 - 03:50 PM

but if one of you two knows a little more about php then i do then perhaps you can tell me what he tryed to? becuse he was useing some commands (yes commands not functions) that i don't understand.

just looking in the file system it sems nothing has been "damaged"

#12 Luca_S

  • Members
  • 387 posts
  • LocationGermany

Posted 27 July 2018 - 06:51 PM

View PostTa©ti_Tac0Z, on 27 July 2018 - 03:50 PM, said:

but if one of you two knows a little more about php then i do then perhaps you can tell me what he tryed to? becuse he was useing some commands (yes commands not functions) that i don't understand.

just looking in the file system it sems nothing has been "damaged"

Send me a copy of the PHP files uploaded via PM and I will take a look.

Quote

i haven't opened the page yet but i made sure poeple can't name a file with the extection of php
Guessing from your screenshot you only disabled the selection of PHP file on the client side, meaning if somebody just ignores that they can upload a .php you would need an additional check on the server side to prevent that.

#13 EveryOS

    Resident Necromancer

  • Members
  • 566 posts
  • LocationBOO!!

Posted 28 July 2018 - 12:12 AM

DO YOU THINK THIS IS THE SAME PERSON WHO ONCE HACKED THE CC FORUMS 2 YR AGO!!!???

#14 Ta©ti_Tac0Z

  • Members
  • 59 posts

Posted 10 August 2018 - 06:41 PM

ummm becuse of the fact that i am unable to see your face i am not avlable to see what mood you're in or if this is said for fun

View PostLuca_S, on 27 July 2018 - 06:51 PM, said:

View PostTa©ti_Tac0Z, on 27 July 2018 - 03:50 PM, said:

but if one of you two knows a little more about php then i do then perhaps you can tell me what he tryed to? becuse he was useing some commands (yes commands not functions) that i don't understand.

just looking in the file system it sems nothing has been "damaged"

Send me a copy of the PHP files uploaded via PM and I will take a look.

Quote

i haven't opened the page yet but i made sure poeple can't name a file with the extection of php
Guessing from your screenshot you only disabled the selection of PHP file on the client side, meaning if somebody just ignores that they can upload a .php you would need an additional check on the server side to prevent that.

yeah i know what am doing

#15 Luca_S

  • Members
  • 387 posts
  • LocationGermany

Posted 11 August 2018 - 06:17 PM

View PostTa©ti_Tac0Z, on 10 August 2018 - 06:41 PM, said:

-snip-
yeah i know what am doing

Tbh if that were the case, no one would've been able to upload PHP code to your server and execute it.

#16 Ta©ti_Tac0Z

  • Members
  • 59 posts

Posted 12 August 2018 - 11:03 PM

View PostLuca_S, on 11 August 2018 - 06:17 PM, said:

View PostTa©ti_Tac0Z, on 10 August 2018 - 06:41 PM, said:

-snip-
yeah i know what am doing

Tbh if that were the case, no one would've been able to upload PHP code to your server and execute it.

i fixed the security issue after

#17 osmarks

  • Members
  • 21 posts

Posted 15 August 2018 - 10:39 AM

View PostTa©ti_Tac0Z, on 12 August 2018 - 11:03 PM, said:

View PostLuca_S, on 11 August 2018 - 06:17 PM, said:

View PostTa©ti_Tac0Z, on 10 August 2018 - 06:41 PM, said:

-snip-
yeah i know what am doing

Tbh if that were the case, no one would've been able to upload PHP code to your server and execute it.

i fixed the security issue after
1. if you had actually thought this through it wouldn't have had security issues in the first place.
2. if it's fixed why is the addpage thing still down?

#18 Ta©ti_Tac0Z

  • Members
  • 59 posts

Posted 15 August 2018 - 04:35 PM

View Postosmarks, on 15 August 2018 - 10:39 AM, said:

View PostTa©ti_Tac0Z, on 12 August 2018 - 11:03 PM, said:

View PostLuca_S, on 11 August 2018 - 06:17 PM, said:

View PostTa©ti_Tac0Z, on 10 August 2018 - 06:41 PM, said:

-snip-
yeah i know what am doing

Tbh if that were the case, no one would've been able to upload PHP code to your server and execute it.

i fixed the security issue after
1. if you had actually thought this through it wouldn't have had security issues in the first place.
2. if it's fixed why is the addpage thing still down?

becuse i haven't yet got the time to test it (meaning i did fix it there's just a
echo "the page is currently down";
exit;

in the front)

#19 Luca_S

  • Members
  • 387 posts
  • LocationGermany

Posted 15 August 2018 - 07:15 PM

View PostTa©ti_Tac0Z, on 15 August 2018 - 04:35 PM, said:

becuse i haven't yet got the time to test it (meaning i did fix it there's just a
echo "the page is currently down";
exit;

in the front)

That's not really a fix. Just a little tip, if you want to get the extension of the file use
pathinfo($_FILES["name_of_post_field"]["name"],PATHINFO_EXTENSION)
This will get the extension of the file you are saving, IF and ONLY IF you save the file by the name it was originally when uploaded(e.g. user uploads test.jpg you save it to /var/www/html/usercontent/<username>/test.jpg, etc.)

Edited by Luca_S, 15 August 2018 - 07:15 PM.


#20 Ta©ti_Tac0Z

  • Members
  • 59 posts

Posted 19 August 2018 - 05:30 AM

View PostLuca_S, on 15 August 2018 - 07:15 PM, said:

View PostTa©ti_Tac0Z, on 15 August 2018 - 04:35 PM, said:

becuse i haven't yet got the time to test it (meaning i did fix it there's just a
echo "the page is currently down";
exit;

in the front)

That's not really a fix.

can we stop talking about this now?





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users