CES Parser Permissions
vBulletin 3.6.x, 3.7.x, 3.8.x, 4.0.x supported
Version: 2.2.3

If you encounter what you think may be a bug, please include your vBulletin version number when reporting it, since code and fixes differ greatly from 3.6.4 - 3.8.x.

*** NEWS ***
11/8/2010 - 2.2.3 released
5/15/2010 - 2.2.2 released
4/12/2009 - 3.6.x thread separated

Known Issues:
- If you are using the Advanced BB-Code Permissions hack, conflicts can arise when profile fields are parsed in the postbit, causing nothing be parsed. The fix is described here: 1252480

What It Does:
Allows you to grant only certain usergroups the ability to use HTML, BB-code, smilies, and IMG-code in their profile fields, posts, PMs, and in Project Tools.

Mod Features:
- parse profile fields on user profiles using Usergroup Permissions
- parse profile fields in postbits using Usergroup Permissions
- parse posts using Usergroup Permissions
- parse calendar events using Usergroup Permissions
- parse private messages using Usergroup Permissions
- parse Project Tools issues and replies using Usergroup Permissions
- parse Social Messages and usernotes using Usergroup Permissions
- complete Forum Rules integration
- disallow certain HTML tags

Products to Install: 1
Files to Upload: 3
Files to Edit: 0
Template Edits: 0

*** Changelog ***
As of Version 2.2.3
non-forum messages don't parse
poll options don't parse

As of Version 2.2.2
several bug fixes
compatible with VaultWiki 2.5.7 PL 1 & 3.0.0 RC 3

* This mod is offered for free here. Please donate if you like this mod *

Does not work in 3.5.4

The hack installs no problem but it will not Parse the HTML. Any suggestions?

The 3.5.4 code for generating custom profile fields may be different than 3.6.x. I will look into this and get back to you.

EDIT: It seems to be exactly the same. You are aware that you need to set Usergroup Permissions before it will parse the HTML?

The 3.5.4 code for generating custom profile fields may be different than 3.6.x. I will look into this and get back to you.

EDIT: It seems to be exactly the same. You are aware that you need to set Usergroup Permissions before it will parse the HTML?
Yes, I did that and it still posted the HTML as plain text. Maybe someone else will chme in with a success/failure story.

What tag did you use?

What tag did you use?Just a simle image tag.

Ah, try not using quotes around the URL.

If you were using v1.0.0, quotes were causing a parse error, so the HTML would not be parsed. This has been fixed in v1.0.1

Thanks for this i've been waiting for somthing like this to come out. I have couple or requests to make this better:

Allow BBcode in profiles
Allow Smilies in profile
Allow WYSIWYG editor in UserCP to edit profiles for the not HTML savvy ;)


Just a few thoughts ;)

Cheers

Thanks. Installed


https://vborg.vbsupport.ru/external/2007/02/22.jpg

This has potential! is it porrible to allow a full block with a wysiwyg editor?

Thank you!

It wouldn't be too hard to add BBCode and Smilies to this. Unfortunately I currently have several other hacks that I'm working on with a higher priority (multi-domain cookie generation, download forums, latest post on forum home, intelligent poll queries) and at the same time I'm trying to get my site upgraded in a timely manner. I just threw this together real fast because someone requested it, and I thought I would be nice.

Nonetheless, I may update this on the weekend. Until then :cool: !

Great thankyou very much :)

Awesome! I've been waiting for this. :D

So what does this do? add html? like what font color background etc?

So what does this do? add html? like what font color background etc?
I suppose this depends on the HTML code you insert.

Yup, whatever HTML you enter. You can also filter out some tags (which would work as a filter in normal text too, so I wouldn't recommend filtering tags like <b>, <i>, <u>, <tt>, etc or it will start filtering out parts of words. I tried adding an option to make it only filter when followed by a > but that just resulted in really bad tags like iframe, script, and embed still parsing.

*bump* This hack now adds permissions to parse BB-code, smilies, and IMG-code as well as HTML.

I have expanded this hack to add permissions for posting per usergroup as well. I have also fixed the banned tags filter so that it only filters HTML tags instead of acting as a bad word filter. As soon as I do some testing I'll release this updated version.

Anyone have a good screen shot of there memberinfo running this hack. Like to see how you are all using it

Currently working on including an extremely dangerous [anything] BB-code tag, though the going is rough. When I release the next version I highly recommend only letting the Super-Admin use this tag since it will parse anything.

EDIT: Finished the anything tag. A little more complicated than I thought it would be, and sadly requires a file edit, thanks to the lack of hooks.

The whole purpose of the anything tag was because I desperately needed to use an <if condition> inside a post.

Version 1.2.0 released. The new version includes Usergroup Permissions for posting, and a new BB-code tag [anything] (please use responsibly).

EDIT: Version 1.2.1 will include updated Forum Rules.

I would be infinitely grateful if this were made to work in 3.5.4

Unfortunately I do not have a 3.5.x test board. I don't believe any of the hooks are different or that the bitfields have changed, since I have been able to use 3.5.x products no problem (and in fact I used part of a tutorial from 2.x to write the hack). Try editing the product-xml with Notepad and change the dependency to 3.5.

Let me know if you have any problems.

Hmm i get some mysql table issues when I try. I'm not too experienced with this. I'm not pushing for it or anything, but I'd appreciate it.

What are your errors?

Database error in vBulletin 3.5.4:

Invalid SQL:

### INSERT QUERY GENERATED BY fetch_query_sql() ###
INSERT INTO plugin
(`active`, `executionorder`, `title`, `hookname`, `phpcode`, `product`)

VALUES
('1', '5', 'Parse Profile Fields', 'member_customfields', 'global $check_ugp;\r\n\r\n$userinfo[\'permissions\'] =
cache_permissions($userinfo);\r\n$check_ugp =
convert_bits_to_array($userinfo[\'ces_parser_permissions\'],
$vbulletin->bf_ugp[\'ces_parser_permissions\']);\r\n$bad_tags = explode(\',\',
$vbulletin->options[\'bad_tags\']);\r\n\r\nif ($check_ugp[\'can_html_profile\'])\r\n{\r\n
$allowed[\'html\'] = true;\r\n\r\n foreach ($bad_tags AS $badtag)\r\n {\r\n
$profilefield[\'value\'] = str_replace( \'<\' . trim($badtag), htmlspecialchars(\'<\' .
trim($badtag)), $profilefield[\'value\']);\r\n $profilefield[\'value\'] = str_replace( \'</\' .
trim($badtag), htmlspecialchars(\'</\' . trim($badtag)), $profilefield[\'value\']);\r\n }\r\n
unset($badtag, $badtags);\r\n}\r\n\r\n$allowed[\'bbcode\'] =
$check_ugp[\'can_bbcode_profile\'] ? true : false;\r\n$allowed[\'smilies\'] =
$check_ugp[\'can_smilies_profile\'] ? true : false;\r\n$allowed[\'imgcode\'] =
$check_ugp[\'can_imgcode_profile\'] ? true : false;\r\n\r\nrequire_once(DIR .
\'/includes/class_bbcode.php\');\r\n$parser =& new vB_BbCodeParser($vbulletin,
fetch_tag_list());\r\n$profilefield[\'value\'] = $parser->do_parse($profilefield[\'value\'],
$allowed[\'html\'], $allowed[\'smilies\'], $allowed[\'bbcode\'],
$allowed[\'imgcode\']);\r\n\r\neval(\'$profilefield[value] =
\"$profilefield[value]\";\');\r\n$userinfo[\"$profilefieldname\"] =
$profilefield[\'value\'];\r\n\r\nunset($check_ugp, $parser, $allowed);', 'ces_html_profile');


MySQL Error : Unknown column 'executionorder' in 'field list'
Error Number : 1054
Date : Monday, March 12th 2007 @ 08:18:06 PM
Script : http://www.site.com/bb/admincp/plugin.php
Referrer : http://www.site.com/bb/admincp/plugin.php?do=productadd
IP Address : xx.xx.xx.xx
Username : admin
Classname : vB_Database

Oh, right. No execution order in those days. Well if that's the only conflict (I hope), it should be a relatively simple conversion... Do you have a test board where you could do some beta-testing of a 3.5.4 version?

yes i do, i'd be glad to help with that kind of thing.

Seems like I should be able to block use of the IMG tag by new users, right?

MOST EXCELLENT!!

I will install ASAP.

Error in readme.txt:

IS:
In forum/
-----------------------------
- upload: product-ces_html_profile.xml

SB:
In forum/
-----------------------------
- upload: bitfield_ces_html_profile.xml (I guess <<shrug>>)

And in the zip file, the 2 bitfield files are identified as belonging in the "includes/xml/" folder.

I assume the readme takes precedence, but it could be confusing to us literalists. :D

How about something like:

*******************************************
** INSTALLATION **
*******************************************

In forum root
-----------------------------
- upload: bitfield_ces_html_profile.xml

In forum/includes/xml/
-----------------------------
- upload: bitfield_ces_parser_perms.xml

In admincp > Plugins & Products > Manage Products > Add/Import Product
Install: product-ces_parser_perms.xml

and you're done.Also, I would appreciate some screenshots as to what to expect.

What does the modified Manage Usergroups form look like?
What happens within the WYSIWYG editor if some basic tags are disabled?
Does the editor Preview reflect the disabled permissions?
Are the Posting Rules for the Editor changed?

p.s., I think this is the single most important add-on for our boards. Thank you so much for doing this!!

What does the modified Manage Usergroups form look like?
What happens within the WYSIWYG editor if some basic tags are disabled?
Does the editor Preview reflect the disabled permissions?
Are the Posting Rules for the Editor changed?

The WYSIWYG editor does not seem to reflect the permissions. Everything parses in the editor until the post is submitted. I will have to fix this.

I don't believe editor Preview currently does, I will have to fix this as well (unfortunately will add a query to the Post Preview in the Editor.

The posting rules do change.

Thanks.

In re-reading the instructions, I think I got it wrong, but I still don't quite understand the intent.

Are you recommending uploading the product-xml to the server and installing it as a product from there? Why not install locally? ANd why are there 2 bitfield files if only one is needed? Or am I still way off the mark? :LOL:

Oops. I see there's a new zip.

I'll give it a shot. Thanks for the quick turn-around!

In your readme, you state:
Don't be disillusioned: it is still possible for hackers to workaround
these limitations. Only grant HTML to members of your site's staff.
I'm not looking for hacking tips here, but I don't understand what you mean by "limitations" specifically.

Are you referring specifically to the html limits?
Are you referring to the vB-imposed html limits or the CES-imposed limits?
Are you saying that CES Parser Perms opens new security holes in the php or are you referring to hacking the vB php or are you saying that once CES opens the html door a tiny bit, the hackers are off to the races?
And if you are suggesting that there are risks once CES opens up some limited html rights, can you give me a general idea of what you mean? That is, what would tip me off that someone is trying to break things (besides a cracked forum, that is :D ).

Just trying to better understand the risk you are referring to. :D

Well, I don't know. :confused:
I am only interested (right now) in turning off the IMG tag for new users, but I couldn't get it to work?

Steps:
1 - Uploaded product-ces_html_profile.xml to forum root
2 - Upload bitfield_ces_parser_perms.xml to /includes/xml/
3 - set permissions on both to 755
4 - installed product-ces_html_profile.xml as product (from local copy)
5 - vBulletin Options -> CES Profile Fields -> Banned Tags were left as is
6 - vBulletin Options -> CES Profile Fields -> Global Variables were all deleted (not using "anything" tag)
7 - Usergroup Manager -> Edit Usergroup -> CES Profile Permissions left unchanged
8 - Usergroup Manager -> New Members > Edit Usergroup -> Post/Thread Permissions changed only IMG tag to "no"
9 - created new account in "New Members" group
10 - logged in as new member in FF 2.0.0.2 browser
11 - clicked Post Reply
12 - Editor page does indeed show "[IMG] code is Off"
13 - Added text and copy-n-pasted an image into editor (it appeared in editor)
14 - Clicked Preview (did NOT appear in preview - just the img tags and image url)
14 - Clicked "Submit" to display post.
15 - Image graphic appears in post. I can see it as a "New Member" in FF2 and as Admin in IE7.

So, what did I do wrong??

Also tried changing CES Profile Permissions for IMG tag in profile to "No" but this had no effect on posting either (which is good).

Environment:
vB 3.6.5
PHP Version 5.2.0-8+etch1
Server API CGI/FastCGI
MySQL 5.0.32-Debian_7etch1-log
Server lighttpd/1.4.13
OS Linux

If I ALSO disable BB codes in Usergroup -> Post/Thread Permissions, that seems to knock out the IMG tag parsing successfully.

But that seems way harsh. :eek:

Is that your intent?

In the plugin called Post Parsing Perms, find:
$dobbimgcode = ($check_ugp['can_imgcode_post'] AND $dobbimgcode) ? true : false;

Replace with:
$dobbimagecode = ($check_ugp['can_imgcode_post'] AND $dobbimagecode) ? true : false;

I'm not looking for hacking tips here, but I don't understand what you mean by "limitations" specifically.
I am saying that the Banned HTML Tags setting in this addon is nowhere near hacker proof. If a hacker wants to use those tags, they will find a way. That being the case, limit the Usergroups allowed to use HTML to those you know probably don't inlcude members who will be trying to hack your site. ;)

That seems to have done the trick. :D

Thank you, thank you, thank you!

FYI: In both IE and FF, minor weirdness in the editors.

A graphic image pasted into the edit window displays as an image (which can build expectations).

But using preview knocks out the disabled codes. (just see the raw BB codes) :up:

Submitted posts don't parse the disabled codes. IMG source displayed as URL. :up:

Edit Posts doesn't display the parsed tags, just the raw BB codes. :up:

Again, this is in IE7 and FF 2.0.0.2. Your mileage may vary.

Thanks again.

May be seeing some weirdness in un-even coverage of permissions?

Symptoms:
Mod-to-Mod PMs are not parsing BB code. (Mod sees the unparsed tags in PM from another Mod.)
Admin-to-Mod PM is parsing BB code. (Mod says he sees the parsed results in PM from admin.)

Mod says his posting rules on his PM Editor page is:

Posting Rules
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

I assume the PM code permissions are the same as the posting permissions.
For Mods and Admins, they are set the same (via Usergroup Mgr > Edit > Post / Thread Permissions):
- Allow HTML in posts? No
- Allow BB-code in posts? Yes
- Allow Smilies in posts? Yes
- Allow IMG-code in posts? Yes
- Allow Anything-code in posts? No

And "CES Profile Permissions" are set the same as above (except it says "profile fields" :D ).

Can't see anything else in the Usergroup settings that would be the cause of this.

Suggestions and ideas?

============
NOTE: your ver 1.2.2 is still displaying as 1.2.1 in the Managed Products list.

I think the Preview window not parsing tags per the user's new permissions is the biggest problem we are seeing.

Since this hack essentially disables the Preview window for everybody, will you be fixing that problem anytime soon?

Right now, I can't really use this because it causes more problems than it fixes.

Fixed the preview window by adding a query when the user clicks the Preview button and combining 2 plugins.

Hopefully these changes fix the PM issues you were having, although I have not been able to test this extensively.

Wow!

I'll give it a test.

Fixed the preview window by adding a query when the user clicks the Preview button and combining 2 plugins.

Hopefully these changes fix the PM issues you were having, although I have not been able to test this extensively.In your new ver 1.2.4 zip, the readme states:
INSTALLATION
In forum/
-----------------------------
- upload: product-ces_html_profile.xml
Still not sure what you are after here. Do you actually want this in the forum root?
Do I have to install from the forum root on the server, or can I just install from a local copy on my personal computer?

Sorry for being so thick here. :D

And in
admincp > vB Options > CES Profile Fields
the section for the Global Variables for the "anything" tag are no longer there.
I assume that is by design.

Preview is much, much more consistent now.

Preliminary results:

1 - Preview seemed to function normally for those with all CES tag permissions - like my admin account.

2 - Still some odd behavior for those with no IMG permissions.
A - they can't see any images in any posts by any poster. I think this is too much. I would allow them to see images added to a thread by those posters with image permissions. Those wiith no IMG permissions just can't add images themselves.
B - Inconsistent treatment between WYSIWYG and Preview. This is very, very close, but...
The IMG tag is not parsed at all in the WYSIWYG editor and is parsed in the Preview (as a url tag). I suppose there are arguments for doing it that way, but it seems more consistent to have the WYSIWYG editor parse the IMG tags as a URL, just like Preview.
C - This may be related to "B", but I see some behavior in Preview that seems inconsistent with IMG tags inside URL tags. If there is just an IMG tag, Preview displays the image url as a hot link to the image. If the IMG tag set is sandwiched between a URL tag set, Preview still displays it as a hot link to the image. But the WYSIWYG editor seems to parse just the URL tag. That is, the editor displays the image url inside unparsed IMG tags, but hot linked to the url inside the url tag. After being submitted, the URL/IMG combo is displayed as an image url hotlinked to the image. The URL tag is ignored completely.

============

Some thoughts about the general approach to handling tag permissions:

As is, this current scheme doesn't really solve the porn spammer problem. Anybody with IMG tag permissions ON can see the images. I'd have to deny access to IMG tags for practically all members and guests to stop the spammers and this doesn't make sense to me. Also, even if you can successfully hide the images from members with "tag permissions = ON", there is the situation where a problem member successfully sprinkles his posts with inappropriate images. The images will appear as images once they get promoted to a group with greater image permissions.

Wouldn't it be more sensible to just force the IMG tags to be URL tags forever?

Or even better, I'd much rather FULLY deny access to the IMG tag for all members of that group. That is, just strip (delete) the IMG tag from the post completely. No permission = no use = not in post = not in database. The image url appears as unparsed text.

Same for html, smilies, and BB codes. If they don't have permission, the tags are stripped completely from the post when they use Preview or Submit or Save.

=============

Thanks again for your continuing efforts.

2 - Still some odd behavior for those with no IMG permissions.
A - they can't see any images in any posts by any poster. I think this is too much. I would allow them to see images added to a thread by those posters with image permissions. Those wiith no IMG permissions just can't add images themselves.

This is indeed odd behavior. Are you positive this is only happening with the IMG tag? I didn't modify the way in which any permissions were determined, just the spelling errors from before.

B - Inconsistent treatment between WYSIWYG and Preview. This is very, very close, but...
The IMG tag is not parsed at all in the WYSIWYG editor and is parsed in the Preview (as a url tag). I suppose there are arguments for doing it that way, but it seems more consistent to have the WYSIWYG editor parse the IMG tags as a URL, just like Preview.

Not exactly sure why there are differences here. It may have something to do with the overall problems with the IMG tag you seem to be having.

If the IMG tag set is sandwiched between a URL tag set, Preview still displays it as a hot link to the image. But the WYSIWYG editor seems to parse just the URL tag. That is, the editor displays the image url inside unparsed IMG tags, but hot linked to the url inside the url tag. After being submitted, the URL/IMG combo is displayed as an image url hotlinked to the image. The URL tag is ignored completely.

This is not an issue related to this mod. I have read elsewhere that vBulletin has this strange behavior when combining URL and IMG tags, because vBulletin automatically converts unparsed IMGs to URLs (this was not functionality I added). I have also read about strange behavior when using [noparse] and [font]. These are what we may consider bugs but more often than not Jelsoft claims is "Working as Designed."

As is, this current scheme doesn't really solve the porn spammer problem. Anybody with IMG tag permissions ON can see the images. I'd have to deny access to IMG tags for practically all members and guests to stop the spammers and this doesn't make sense to me. Also, even if you can successfully hide the images from members with "tag permissions = ON", there is the situation where a problem member successfully sprinkles his posts with inappropriate images. The images will appear as images once they get promoted to a group with greater image permissions.

Wouldn't it be more sensible to just force the IMG tags to be URL tags forever?

What you are describing is the inverse of what this mod was designed to do. I spent many hours getting around this before the original release, so again I really hope this is only occurring with IMG tags.

Does this uninstall cleanly?

What I'll do is uninstall and do a fresh install and check with more browsers.

Above problems noted in IE7.

Try replacing your bbcode_parse_start plugin with this:

if (THIS_SCRIPT != 'member')
{
global $newpost, $userinfo;

$postusername = (($newpost['username'] != '') AND ($newpost['username'] != $this->registry->userinfo['username'])) ? $newpost['username'] : '';

if (!$this->post['usergroupid'] AND $postusername)
{
$userinfo = $this->registry->db->query_first("
SELECT usergroupid, membergroupids
FROM " . TABLE_PREFIX . "user
WHERE userid = $newpost[username]
");
}
else if (!$this->post['usergroupid'] AND isset($newpost))
{
$userinfo['usergroupid'] = $this->registry->userinfo['usergroupid'];
$userinfo['membergroupids'] = $this->registry->userinfo['membergroupids'];
}
else if (!isset($newpost) AND ($this->post['usergroupid'] OR $newpost['usergroupid']))
{
$userinfo['usergroupid'] = $newpost ? $newpost['usergroupid'] : $this->post['usergroupid'];
$userinfo['membergroupids'] = $newpost ? $newpost['membergroupids'] : $this->post['membergroupids'];
}

$userinfo['permissions'] = cache_permissions($userinfo);
}

$this->set_parse_userinfo($userinfo, $userinfo['permissions']);

$check_ugp = convert_bits_to_array($this->parse_userinfo['permissions']['ces_parser_permissions'], $this->registry->bf_ugp['ces_parser_permissions']);
$bad_tags = explode(',', $this->registry->options['bad_tags']);

$dobbcode = ($check_ugp['can_bbcode_post'] AND $dobbcode) ? true : false;
$dosmilies = ($check_ugp['can_smilies_post'] AND $dosmilies) ? true : false;
$dobbimagecode = ($check_ugp['can_imgcode_post'] AND $dobbimagecode) ? true : false;

if ($check_ugp['can_html_post'] AND $dohtml)
{
$dohtml = true;
foreach ($bad_tags AS $badtag)
{
$badtag = html_entity_decode($badtag);
$text = str_replace( '<' . trim($badtag), htmlspecialchars('<' . trim($badtag)), $text);
$text = str_replace( '</' . trim($badtag), htmlspecialchars('</' . trim($badtag)), $text);
}
unset($badtag, $badtags);
}
else
{
$dohtml = false;
}

I was able to restore most original functionality (I believe). Unfortunately, getting the WYSIWYG editor to mirror the permissions does not seem possible with vBulletin's current code structure. I have been investigating this and I'm not sure I see any way around it, since WYSIWYG seems to make direct text replacements in functions separate from the BB-code parser - thus not running the text through the parser as well as no well-placed hooks in the WYSIWYG functions.

I just installed this hack. This is what happens when I view a profile page:

"This error appears before the header of my profile pages"

Warning: Invalid argument supplied for foreach() in /includes/functions.php on line 3553

Warning: Invalid argument supplied for foreach() in /includes/functions.php on line 3553

Warning: Invalid argument supplied for foreach() in /includes/functions.php on line 3553

Warning: Invalid argument supplied for foreach() in /includes/functions.php on line 3553

Warning: Invalid argument supplied for foreach() in /includes/functions.php on line 3553

Warning: Invalid argument supplied for foreach() in /includes/functions.php on line 3553

Warning: Invalid argument supplied for foreach() in /includes/functions.php on line 3553

Warning: Invalid argument supplied for foreach() in /includes/functions.php on line 3553

Warning: Invalid argument supplied for foreach() in /includes/functions.php on line 3553

Warning: Invalid argument supplied for foreach() in /includes/functions.php on line 3553

Warning: Invalid argument supplied for foreach() in /includes/functions.php on line 3553

Warning: Invalid argument supplied for foreach() in /includes/functions.php on line 3553

Warning: Invalid argument supplied for foreach() in /includes/functions.php on line 3553

Warning: Invalid argument supplied for foreach() in /includes/functions.php on line 3553

Warning: Invalid argument supplied for foreach() in /includes/functions.php on line 3553


Any help here would be nice. Thanks!

O.K. ... It's late and I'm going code crazy.. I had another parser plugin active that was causing this error... All is good in the land of parsing! Installed & Working on 3.6.5

Thanks guys!

I'm glad you are having success thus far.

I'm not exactly positive if I uploaded the build I am currently running, which fixes a few bugs in 3.6.6, so let me know if anyone running 3.6.6 experiences any problems.

Having a major issue. How can I have this ONLY control the profile fields? The reason is I have CES [Anything] BB-Code hack installed which requires Advanced BB-Code Permissions for it to work. If I have both CES Parser Permissions and Advanced BB-Code Permissions installed, I get no parsing at all on my posts. With the exception of the quick reply box. No idea why it works only there.

I can disable my CES Parser Permissions and my posts work fine, but my Profile Fields don't get parsed.

Any ideas which way I should go here? I'll be honest, the only reason I have CES [anything] installed is to parse the Comments on my user Profiles. Any way to just add parsing those comments to this hack? Then I could remove the other two and just have this one!

I've tried having the text editor of the comments section convert the text, but it doesn't work on all the codes my users enter. As a matter of fact it doesn't work on most any html code. I just end up with alot of garbled text in everyones comments.

Will pay someone to fix this for me or give me advice on how to fix it.

Thanks!

I had this same issue, I will look into what I did to fix it.

EDIT: Apparently I was sitting on an update for the past week and just forgot about it. The fix revolved around wrapping one line of code in a conditional, and moving the execute order of one of the plugins.

ATTENTION! Users of ADVANCED BB-CODE PERMISSIONS... There is a conflict that arises when a postbit has profile fields that are parsed:

To parse the profile fields in the post, the function do_parse() is called directly, skipping the hook location bbcode_parse_start. As a result, the BB-code tag list is not saved in memory, and when bbcode_parse_complete is executed thereafter, it restores an empty tag list, resulting in nothing being parsed from that point onward.

To fix this error, make sure you are running the most recent build of CES Parser Permissions, and modify the Advanced BB-Code Permissions plugin for the hook bbcode_parse_complete.

Replace the code with:
if (!empty($this->bbcode_tag_list) AND (THIS_SCRIPT != 'misc'))
{
$this->tag_list = $this->bbcode_tag_list;
}

I get this error after upgrade:
Warning: Invalid argument supplied for foreach() in /includes/functions.php on line 3553

please help!!!

That doesn't make much sense. This sounds like what would happen if the Usergroup Permissions for this hack don't even exist, but I can't find the line where your error is occurring. What page are you getting this error on? And what version of vBulletin are you running?

I get it on the profile page. Version of vb is 3.6.4
There is a possibility that it might be conflicting with psionic vision's interactive profiles, but I am not sure. When that hack is on, it givers me 8+ strings of above mentione error in the same profile, when I turn it off it gives me only one.
Plus for some reasons it varies from profiel to profile, on some profiles I do not get error at all...

After my upgrade to 1.2.7, I started getting random bbcode disables within threads. User would randomly have their bbcodes disabled within threads. The thing I found to fix this is to put
$this->set_parse_userinfo($userinfo, $userinfo['permissions']);
at the end of the
if (THIS_SCRIPT != 'member')
block. Is this proper?

BTW, the version number is still 1.2.6 in the file.

The fact that you were getting that error was probably a result of the version number not being updated, so none of the plugins were replaced with the new versions.

I will be uploading a new file with a little cleaner code and that fixed a bug in the new plugin code that wasn't installed anyway thanks to the version number.

I get it on the profile page. Version of vb is 3.6.4
There is a possibility that it might be conflicting with psionic vision's interactive profiles, but I am not sure. When that hack is on, it givers me 8+ strings of above mentione error in the same profile, when I turn it off it gives me only one.
Plus for some reasons it varies from profiel to profile, on some profiles I do not get error at all...

You are probably right about the conflict since this has already had conflicts with other hacks. If PV's Interactive Profiles is a free hack I will look into this later.

EDIT: Apparently the fix I wrote way back for what I think may have been a conflict with this same hack was broken somewhere along the line. I have fixed the fix. Let me know if you still get this error.

I've had to make some modifications to get the member and private scripts to display properly:


global $vbulletin;

if (THIS_SCRIPT == 'private')
{
$tempuser=fetch_userinfo($pm['fromuserid']);
$tempuser['permissions'] = cache_permissions($tempuser);
$check_ugp = convert_bits_to_array($tempuser['permissions']['ces_parser_permissions'], $vbulletin->bf_ugp['ces_parser_permissions']);
}
elseif (THIS_SCRIPT != 'member')
{
global $newpost, $postinfo, $post;

// newthread, newreply uses $newpost
// editpost uses $postinfo
// showthread uses $post

$postusername = '';

if (THIS_SCRIPT == 'editpost')
{
$postusername = $postinfo['username'];
}

if (in_array(THIS_SCRIPT, array('newreply', 'newthread')))
{
$post = $newpost;

if ($post['username'] AND ($vbulletin->userinfo['username'] != $post['username']))
{
$postusername = $post['username'];
}
}

if (!$post['usergroupid'] AND $postusername != '')
{
$userinfo = $vbulletin->db->query_first("
SELECT userid, usergroupid, membergroupids
FROM " . TABLE_PREFIX . "user
WHERE username = '" . $vbulletin->db->escape_string($postusername) . "'
");

if (empty($post['permissions']))
{
$grab = true;
}
else
{
$userinfo['permissions'] = $post['permissions'];
}
}
else if (($post['usergroupid'] > 0))
{
$userinfo['userid'] = $post['userid'];
$userinfo['usergroupid'] = $post['usergroupid'];
$userinfo['membergroupids'] = $post['membergroupids'];

if (empty($post['permissions']))
{
$grab = true;
}
else
{
$userinfo['permissions'] = $post['permissions'];
}
}
else if (in_array(THIS_SCRIPT, array('newreply', 'newthread')))
{
$userinfo['userid'] = $vbulletin->userinfo['userid'];
$userinfo['usergroupid'] = $vbulletin->userinfo['usergroupid'];
$userinfo['membergroupids'] = $vbulletin->userinfo['membergroupids'];

if (empty($vbulletin->userinfo['permissions']))
{
$grab = true;
}
else if (empty($userinfo['permissions']))
{
$userinfo['permissions'] = $vbulletin->userinfo['permissions'];
}
}

if ($grab)
{
$userinfo['permissions'] = cache_permissions($userinfo);
}


if ($this->parse_userinfo['permissions'] != $userinfo['permissions'])
{
$this->set_parse_userinfo($userinfo, $userinfo['permissions']);
}

$check_ugp = convert_bits_to_array($this->parse_userinfo['permissions']['ces_parser_permissions'], $vbulletin->bf_ugp['ces_parser_permissions']);
} else {
$tempuser=fetch_userinfo($vbulletin->GPC['userid']);
$tempuser['permissions'] = cache_permissions($tempuser);
$check_ugp = convert_bits_to_array($tempuser['permissions']['ces_parser_permissions'], $vbulletin->bf_ugp['ces_parser_permissions']);
}
$bad_tags = explode(',', $vbulletin->options['bad_tags']);

$dobbcode = $do_bbcode ? $do_bbcode : $dobbcode;
$dosmilies = $do_smilies ? $do_smilies : $dosmilies;
$dobbimagecode = $do_smilies ? $do_bbimagecode : $dobbimagecode;
$dohtml = $do_html ? $do_html : $dohtml;

$dobbcode = ($check_ugp['can_bbcode_post'] AND $dobbcode);
$dosmilies = ($check_ugp['can_smilies_post'] AND $dosmilies);
$dobbimagecode = ($check_ugp['can_imgcode_post'] AND $dobbimagecode);

$do_bbcode =& $dobbcode;
$do_smilies =& $dosmilies;
$do_bbimagecode =& $dobbimagecode;
$do_html =& $dohtml;

if ($check_ugp['can_html_post'] AND $do_html)
{
$do_html = true;
foreach ($bad_tags AS $badtag)
{
$badtag = html_entity_decode($badtag);
$text = str_replace( '<' . trim($badtag), htmlspecialchars('<' . trim($badtag)), $text);
$text = str_replace( '</' . trim($badtag), htmlspecialchars('</' . trim($badtag)), $text);
}
unset($badtag, $badtags);
}
else
{
$do_html = false;
}


I'm not sure that this is entirely correct, but it's a start for me.

Thanks for the PM bit, I completely forgot about that, although I think I would add another permissions set to make the hack a little more flexible there.

Did you find that it was necessary to add the permissions on the member page or did you do that for the sake of completeness? In my case I had not had any problems with the original code for permissions on member.php.

Thanks for the PM bit, I completely forgot about that, although I think I would add another permissions set to make the hack a little more flexible there.

Did you find that it was necessary to add the permissions on the member page or did you do that for the sake of completeness? In my case I had not had any problems with the original code for permissions on member.php.

The member script gave me a bunch of invalid eval()'s, I don't have the exact error messages anymore, sorry. I think it was looking at the fields at the time.

Actually, I was able to find the error:


( ! ) Parse error: syntax error, unexpected '"' in /usr/www/sites/www.parrotforums.com/member.php(607) : eval()'d code on line 28Call Stack#TimeMemoryFunctionLocation10.0122786432{main }( )../member.php:0


( ! ) Parse error: syntax error, unexpected '"' in /usr/www/sites/www.parrotforums.com/member.php(607) : eval()'d code on line 28Call Stack#TimeMemoryFunctionLocation10.0122786432{main }( )../member.php:0


( ! ) Parse error: syntax error, unexpected '"' in /usr/www/sites/www.parrotforums.com/member.php(607) : eval()'d code on line 28Call Stack#TimeMemoryFunctionLocation10.0122786432{main }( )../member.php:0


( ! ) Parse error: syntax error, unexpected '"' in /usr/www/sites/www.parrotforums.com/member.php(607) : eval()'d code on line 28Call Stack#TimeMemoryFunctionLocation10.0122786432{main }( )../member.php:0


( ! ) Parse error: syntax error, unexpected '"' in /usr/www/sites/www.parrotforums.com/member.php(607) : eval()'d code on line 28Call Stack#TimeMemoryFunctionLocation10.0122786432{main }( )../member.php:0

Sounds like I overlooked something before the eval()s. When I get back home I'll look into this.

UPDATE: The next build will be 1.3.0 and will include the eval() fix, as well as have the added permissions for PMs (the code is a bit simpler than BlackNova posted above).

let me know if there's anything else I should include since this is a major (feature) update.

I get this error:

Parse error: syntax error, unexpected '"' in /home/talkint/public_html/testboard/forums/member.php(595) : eval()'d code on line 77

Parse error: syntax error, unexpected '"' in /home/talkint/public_html/testboard/forums/member.php(595) : eval()'d code on line 77

Parse error: syntax error, unexpected '"' in /home/talkint/public_html/testboard/forums/member.php(595) : eval()'d code on line 77

Parse error: syntax error, unexpected '"' in /home/talkint/public_html/testboard/forums/member.php(595) : eval()'d code on line 77

Parse error: syntax error, unexpected '"' in /home/talkint/public_html/testboard/forums/member.php(595) : eval()'d code on line 77

Parse error: syntax error, unexpected '"' in /home/talkint/public_html/testboard/forums/member.php(595) : eval()'d code on line 77

Okay I just uploaded 1.3.0, which in theory should solve all these nasty parse errors people have been getting.

hm there is no more parse errors, but it does not show html, bbcode or whatever in profile fields, it is just displayed as text... (I checked usergroupd permissions they are all correct and enabled)

It seems like the problem is with vbulletin version. I just upgraded to the latest 3.6.7 (from 3.6.5) and even your 1.1.1 version of the hack stopped working....=(

Hm, well I just tested everything on my install and no problems. Are you using another hack that modifies the profile page? If so, what hack & link?

lol, my company is called CES :P

Nevermind, thincom2000 fixed it all for me. It was conflicting with Interactive Profiles by Psionic Vision.
I found another small bug though.

When this plugin is enabled and the user uses quick reply feature when replying to a post his message shows up very weird, with no avatar, no profile fields and no actual message (just signature). As soon as user refreshes the page it shows up fine.
See screen shot.

Precisely as soon as I disable Post Parsing Perms plugin it shows fine.
Doesn't really bother me though since I do not use this feature anyway. Just a heads up.

I rarely use that feature myself. I find it strange that this hack should have any effect on that, but my users have been reporting weirdness with Quick Reply for a while. Now I guess I know where to look. Thanks.

I will be releasing a new version shortly with a few new bug fixes (quick reply, for example) as well as a Project Tools Edition (will be released separately in a new thread). Separately because it uses some Project Tools hooks.

Is it possible to make it not allow html in certain profile fields?

Profile fields are admin definable. Hence I would not be able to make a general bitfield file that corresponds to more than one board. It should be possible to do this on your own if you did some coding.

I'm surprised no one has had any conflicts involving this mod yet. I've been sitting on a new reworked version that solves a few...

Did some coding? Me? Yeah right:)

Reworked version you say? Can you share? ;)

One of the bugs I have noticed is when my users use <embed> tag to embed google video and it gets cut out due to max characters for this profile fields it break the tables in memberinfo template. Anyway around that?

Also is there a way to make the use of html in profile fields more secure?

I believe psionic have release his interactive profiles script with custom css feature that is somewhat protected from xss flaws. Can this be integrated into this mod?

The bug you mention is more of a limitation of vBulletin itself. In order to "fix" the max characters issue (I have done this on my site), you should alter the db fields for those profile fields. I believe they are set to VARCHAR(255). If you have MySQL 5 you can set the VARCHAR higher I think, but I just changed the fields to MEDIUMTEXT.

I will look at Psionic's mod one of these days and see what you are referring to... but honestly as long as script tags and comment tags exist, or the ability to define new HTML tags, I don't think there is a truly safe way to allow HTML.

no worky with 3.7 =(

I will release an updated version as soon as I get around to installing 3.7. Right now I am still in the process of making my site upgrade friendly.

Any update?

I have had no issues running this on 3.7. If you are having issues, try to contact me via AIM. Thanks.

I don't have AIM. You got msn? That's the error i am getting when trying to access a profile:

Warning: Invalid argument supplied for foreach() in /includes/functions.php on line 3767

Fatal error: Call to a member function query_read_slave() on a non-object in /home/xxxx/public_html/beta/forums/includes/class_bbcode.php on line 217

I'm not sure how you are executing the member_customfields plugin, since in 3.7 member_customfields is missing.

EDIT: I found this thread at vb.com: http://www.vbulletin.com/forum/project.php?issueid=23995

Until such time as vBulletin 3.7 GOLD is released, my profile fields feature is unsupported. A lot of changes were made in 3.7, so I will release a new version of this mod at such time. The 3.7 version of this mod is a bit smarter/faster, has even more compatibility with other hacks, and is much easier to integrate should the need arise.

I will look at Psionic's mod one of these days and see what you are referring to... but honestly as long as script tags and comment tags exist, or the ability to define new HTML tags, I don't think there is a truly safe way to allow HTML.

Have you looked at something like the HTML Purifier at:

http://htmlpurifier.org/

I've been thinking about plugging this into vB for a while now. I've done some work with it in other systems (like a classified system I run), and it looks pretty damn solid. I ran a couple of the more comprehensive attack suites on it, and have yet to find anything damaging get through.

Although I do agree that there is no such thing as truly safe HTML enabled user input, especially when it comes to 'zero day' attacks using newly discovered vectors before things like HTML Purifier can be updated ... but these guys seem to be pretty much on the ball.

Certainly a better option than relying on roll-yer-own XSS cleaning scripts maintained by vB (or whoever), who don't really have the time to stay on top of this stuff on a day to day basis.

-- hugh

Just FYI, although we now have the member_customfields hook back in 3.7b2, it has moved location (into fetch_profilefield_display() in functions.php), so to get the CES profile field stuff working, you need to add:

global $vbulletin, $userinfo;

... as the first line of the CES "Parse Profile Fields" plugin.

-- hugh

I'll look at the Purifier you posted, thanks.

As for the member_customfields plugin. Actually more changes than mentioned are necessary, just because of the new structure of member.php and that profile-block class. And according to my B2 & B3 ZIPs the hook needs to manually be added to that location, which is why I am not supporting the custom field parsing feature on 3.7 until gold.

Sorry, I meant b3 not b2.

The hook is definitely there. All I did was download the latest b3 ZIP, installed it, and installed the CES ZIP from this thread. The globals were all I had to add to the plugin to get it working. I didn't have to touch vB's code. Here's the fetch_hook, line 1341 of functions.php in fetch_profilefield_display():

($hook = vBulletinHook::fetch_hook('member_customfields')) ? eval($hook) : false;


Maybe they updated the b3 ZIP since your last download?

Obviously there are some other issues, like the AJAX based in-place editing on the Profile, which will blow away HTML formatting ... but that's just another SMOP. :)

EDIT - actually it doesn't trash the formatting, it just doesn't render as HTML on the AJAX response, because when vectoring through AJAX, $userinfo hasn't been set. So I just added ...

if (!$userinfo)
{
$userinfo = $vbulletin->userinfo;
}

... the the start of the plugin, now the AJAX response comes back properly formatted.

-- hugh

I recently installed this and after install all of my bbcode stopped working. I downloaded this to have my custom profile field #5 parsed as HTML. However directly after install my bbcode was turned off when all usergroups have bbcode as on. I then proceeded to the edit usergroups and I edited every user group that I was apart of to allow html as well as every other option. Still nothing. I do not know what to put in the
Profile Fields Appearing in the Postbits?
List the Profile Field IDs that you would like to be parsed in the Postbits.

Do you have to change the permissions for every usergroup that a member is apart of if you want that member to allow html?

You would put 5 in the option you asked about, but only if you have added that info in your postbit template. As for your next question, as long as a user is a member of at least 1 group with permission, they should be able to do whatever that permission allows. As for your BB-Code not working, this generally occurs as a result of a conflict with another modification, or a substantial update to vBulletin. Please get back to me regarding your version number.

Well I promised a new version a few months back, and rather than wait for 3.7 to go GOLD, I thought I would give everyone a Presidents' Day present.

This mod has been completely rewritten for the pending release of vBulletin 3.7.0. Permissions are now faster and more reliable. It is much easier for other coders to add support for their own mods or new vBulletin products.

cheesegrits directed me to HTMLPurifier in order to integrate it into this mod. This has been flagged for the next version.

Does this work in vB 3.7 Visitor Messages?

I just tested with [IMG] tag but it didn't work, all usergroup permissions are set to allow IMG.. or did I miss something?

Edit: I also saw, that in profile fields, it's also not parsing the bbcode. What could be wrong?

Edit 2: The following errors occurred when this message was submitted: "BB code yt is not allowed." (How to fix allowing custom BB code?)

vBulletin 3.7 was hardcoded by Jelsoft to only allow simple BB-Codes like b, i, and url in Visitor Messages. The "support" this mod has for Visitor Messages is basically that it won't break them.

The only Profile Fields I have tested BB-Code in are on the About Me tab - Biography, Location, Interests, etc. Any other tabs use a different parser that I haven't investigated yet simply because I haven't gotten around to fixing up the profiles on my site yet. Even though I did test it first, it's possible that I broke the code because I manually created the product-xml and files rather than just exporting them from my site (I've been known to forget plugins from time to time). If you have a problem not addressed here, PM me a link to such a profile. Thanks.

Okay, I hate the hardcoded BB-Code for visitor messages of jelsoft, I wonder why they allows links in visitor messages, very nice for spammers and I don't know how to disallow.

I got custom profile fields, could that be the reason (i.e.: field9), I'd like to parse BB-Code in it. Could you test it on your board please with custom profile fields, so we can be sure that this isn't my problem?

I will be looking into this. I also suspect that Profile Fields in the Postbit won't parse in a post that was JUST made via Quick Reply or that was JUST Quick Edited, so I will be testing and releasing another patch shortly.

Please confirm that Posts and postbits are parsing correctly.

Okay I have fixed this on the dev version. The problem was that $forumid wasn't getting passed through the function. To fix it temporarily on your site, you can add $forumid to the argument list for the function call in the bbcode_parse_start plugin. The code should be:

$text = ces_permissions_parse($this, $text, $forumid, $dosmilies, $dobbcode, $dobbimagecode, $dohtml);

In includes/ces_permissions.php, find:

function ces_permissions_parse(&$parser, $text, $dosmilies, $dobbcode, $dobbimagecode, $dohtml)

Replace with:
function ces_permissions_parse(&$parser, $text, $forumid, &$dosmilies, &$dobbcode, &$dobbimagecode, &$dohtml)

The fact that none of the "do" vars were not passed by reference before means that no vB functionality was broken, but that basically this mod did nothing. Apply this fix and it should be working. I will upload a new patch as soon as I fix the Quick Edit bug.

Hello thincom,

I just installed the 2.0.1 and it's still not parsing [IMG] code in profile fields or visitor messages. I'm tinking about if something else is blocking this, but it's the first time I use your mod, so I'm not sure if it's meant to work there.

Please confirm that Posts and postbits are parsing correctly.

Where should I look, or better, what exactly should I do to test.
I also have project tools installed and of course your special xml therefor. (Just for info, don't know if it's important for you to know that).


Edit: I also got a 3.6.5 board, after installing CES_parser I get a database error when I go to the profiles:

Invalid SQL:

SELECT COUNT(*) AS count
FROM infraction AS infraction
LEFT JOIN post AS post ON (infraction.postid = post.postid)
LEFT JOIN thread AS thread ON (post.threadid = thread.threadid)
WHERE infraction.userid =;

MySQL Error : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 5


Perhaps this could help you too.

Okay, as [IMG] code seems to be the only malfunctioning code on your board, it would appear that vBulletin is hardcoded in some way to circumvent its use on the profile. I will see if there is a possible workaround for this.

I will also look at the 3.6.5 member.php to see why that may occur, although I know these permissions don't touch infractions at all. At first glance, it looks like $userinfo might be cleared for some reason.

Okay sorry, but I got 2 more things in 3.7

The inline-edit in about me doesnt show up anymore (which is less important)

.. but I have a major problem: when posting a visitor message on foreign profiles, the message is showing up in my profile only .. can you reproduce this?

Sorry to report you so many things, but I'd really like to help you and get your mod working because I've waited for a mod like yours. =)

The inline-edit in about me doesnt show up anymore (which is less important)

Sorry but I am not experiencing this issue.

I have a major problem: when posting a visitor message on foreign profiles, the message is showing up in my profile only .. can you reproduce this?

I can think of a possible cause for this without looking at the code, but I probably won't be able to look into this until tomorrow.

Sorry to report you so many things, but I'd really like to help you and get your mod working because I've waited for a mod like yours. =)

Thanks for that. I actually prefer more bug reports because I like being able to list a lot of things in the changelog between versions :p

I have a major problem: when posting a visitor message on foreign profiles, the message is showing up in my profile only .. can you reproduce this?

I haven't tested this, but just thought of it while I was out.

In includes/ces_permissions.php, find:
global $vbulletin, $post, $userinfo, $nuwiki;

Replace with:
global $vbulletin, $post;

That may even solve the 3.6.5 DB error. But then again I just thought of this a few minutes ago.

i get a blank white profile page after install for vbulletin 3.7 beta 4

Did you try the solution in my last post?

Well I promised a new version a few months back, and rather than wait for 3.7 to go GOLD, I thought I would give everyone a Presidents' Day present.

This mod has been completely rewritten for the pending release of vBulletin 3.7.0. Permissions are now faster and more reliable. It is much easier for other coders to add support for their own mods or new vBulletin products.

Ah, I was wondering about that. I was working on a hack last week to provide an HTML-enabled "About Me / Home Page" tab on the profile (replacing the default About Me), and it took a while to work how how the heck the $bbfoo variables I was setting were getting blown away! I presume handling of that stuff in bbcode_parse_start is what you mean by that last sentence. I'll load the new version this week and have another go at it.

cheesegrits directed me to HTMLPurifier in order to integrate it into this mod. This has been flagged for the next version.

The hack I mentioned above is basically a test for the HTMLpurifier. They've now added semi-sensible support for CSS as well, with the ability to restrict the scope of any CSS directives to a specific block ID. So far it's looking good. The cleaning process is pretty intense, lots of memory and CPU, and on larger sites I'm not sure it would be workable for common things like forum posts ... but for stuff like profiles, I think it's a winner.

My only real concern about using HTMLpurifier is convincing people who install it to keep it updated. All we can really do is put a big note in the mod description reminding people how important it is to mark the product "installed" so they can be informed of any security updates.

-- hugh

I haven't tested this, but just thought of it while I was out.

In includes/ces_permissions.php, find:
global $vbulletin, $post, $userinfo, $nuwiki;

Replace with:
global $vbulletin, $post;

That may even solve the 3.6.5 DB error. But then again I just thought of this a few minutes ago.

Yes thincom2000 i treid this. blank profile page still.

The cleaning process is pretty intense, lots of memory and CPU, and on larger sites I'm not sure it would be workable for common things like forum posts ... but for stuff like profiles, I think it's a winner.

I thought this might be the case, so I was thinking of only running it when the post / profile is saved, and not on each post on showthread during run time.

Apparently there is some conflict with one of the modules available for vBadvanced. I'm not a vBa user, and since I don't have the time to go through all the addons for it, could someone experiencing the white page bug PM me login details for a test board with this issue? It has been reported by multiple users, so I would like to post a fix. Thanks.

Do you have any idea which module? I'm a CMPS user, be happy to debug it for you.

-- hugh

I haven't tested this, but just thought of it while I was out.

In includes/ces_permissions.php, find:
global $vbulletin, $post, $userinfo, $nuwiki;

Replace with:
global $vbulletin, $post;


Just to confirm this does fix the issue with posting visitor messages to the wrong userid.

-- hugh

That's good to know. Thanks for confirming. Hard to believe that such a crazy bug could be caused by that. I'm still trying to figure out why IMG tags are completely stripped from Profile Fields.

Yes I can also confirm this. Thanks for this fix!

Another question, what about custom BB-Code? When trying to post a visitor message with custom bb-code it always says:



The following errors occurred when this message was submitted

1. BB code yt is not allowed.



Is there a way to allow it? Its also ignored in "about me".

Yeah the reason for this was the way Visitor Messages were hardcoded. I suspect that the developers thought we wouldn't want users embedding videos and images and such on people's profiles. Of course it's always possible to block individual codes and not kill the whole list.

I have implemented a workaround for this in my dev version, so that IMG and custom BB-Codes are working. I just have to figure out why HTML and IMG aren't parsed immediately following the AJAX edit pencils (until page refresh).

I just have to figure out why HTML and IMG aren't parsed immediately following the AJAX edit pencils (until page refresh).

That's because of this code in ces_permissions_customfields():

if (FILE_VERSION >= '3.7.0')
{
global $blockobj;

$userinfo =& $blockobj->profile->userinfo;
}

Sllight variation of the same bug I mentioned in a previous post (https://vborg.vbsupport.ru/showpost.php?p=1416763&postcount=93). When coming in through AJAX, a lot of the data structures that exist on a normal page load aren't there ... including $blockobj; I changed the above to just use $vbulletin->userinfo instead, and it works.

But I do need to test and make sure this doesn't screw up display perms when not using AJAX ...

EDIT - yup, it does need another change to work right in both cases:

if (FILE_VERSION >= '3.7.0')
{
if ($_REQUEST['ajax'] == 1)
{
$userinfo =& $vbulletin->userinfo;
}
else
{
global $blockobj;
$userinfo =& $blockobj->profile->userinfo;
}
}

This seems to work. The assumption being if it's AJAX, we know we are editing the profile for the logged on user, so we can use $vbulletin->userinfo. If not AJAX, we can use the $blockobj->profile->userinfo, which will be whoever the profile belongs to.

-- hugh

The assumption being if it's AJAX, we know we are editing the profile for the logged on user, so we can use $vbulletin->userinfo. If not AJAX, we can use the $blockobj->profile->userinfo, which will be whoever the profile belongs to.

Right. Using $vbulletin->userinfo is still a problem, however. The function you have modified is also called in the postbits. Say an admin Quick Edits a post by someone with different profile field permissions. Using $vbulletin->userinfo when only checking that this is an AJAX request would result in the very minor bug that upon saving the edit, the admin would see the profile fields for that post parsed with the admin's permissions until he/she refreshed the page. Therefore, the fix I have implemented is similar, but slightly more specific in the criteria for setting $userinfo to $vbulletin->userinfo.

Thanks for your fix, though. It saved me some time looking this afternoon.

Yeah, I figured there'd be some other gotchas.

I'd like to get my hands on your latest fixes ASAP. I have a different issue - profile fields will display correctly after an AJAX edit, but not on a regular profile page load. I'm working on a semi-related hack, which replaces the regular About Me tab (but shows the same About Me profile field info by default unless you crate an HTML profile). And I'm not sure if it's a bug in my code, or some weird interaction between mine and yours, but the default field display isn't parsed. Except when loaded via AJAX ... *sigh* ...

-- hugh

Well if this next build of mine still has issues for you, then I would probably have to see your code to know for sure.

Strangely enough, I still have this problem if I disable my mod and just use the standard About Me. The problem seems to be that when the bbcode_parse_start hook is called, class_bbcode.pl, the $bbfoo variables are undefined because of these lines:

default:
if (intval($forumid))
{
$forum = fetch_foruminfo($forumid);
$dohtml = $forum['allowhtml'];
$dobbimagecode = $forum['allowimages'];
$dosmilies = $forum['allowsmilies'];
$dobbcode = $forum['allowbbcode'];
}
// else they'll basically just default to false -- saves a query in certain circumstances
break;

... because $forumid is set to 'ces_profile' (not an intval), so as the comment says, they default to false. So then when we hit this part of ces_permissions_parse():

$dobbcode = ($check_ugp['can_bbcode_' . $parser->ces_options['check_type']] AND $dobbcode);
$dosmilies = ($check_ugp['can_smilies_' . $parser->ces_options['check_type']] AND $dosmilies);
$dobbimagecode = ($check_ugp['can_imgcode_' . $parser->ces_options['check_type']] AND $dobbimagecode);
$dohtml = ($check_ugp['can_html_' . $parser->ces_options['check_type']] AND $dohtml);


... they of course all end up false, because none of the $bbfoo variables are true.

I'm puzzled how this could be working for anybody, unless I somehow have an older version of the code?

-- hugh

Because $forumid is set to 'ces_profile', yes you are correct that $dofoo all default to false. However, the permissions for 'ces_profile' are cached before entering $bbcode->parse, so the CES Permissions skips the entire $dofoo = ($checkugp AND $dofoo) branch (see function ces_permissions_customfields to verify).

$pf_parser->ces_options['ces_profile'][$userinfo['userid']] = convert_bits_to_array($userinfo['permissions']['ces_parser_permissions'], $vbulletin->bf_ugp['ces_parser_permissions']);

This is then caught in ces_permissions_parse by:
if (!empty($parser->ces_options["$forumid"][$parser->ces_options['current_userid']]))
and refills $bbfoo with the appropriate values.

Which would be OK, if these lines:

if ($post['userid'] AND $parser->ces_options['current_userid'] != $post['userid'])
{
$parser->ces_options['current_userid'] = $post['userid'];
}

... weren't resetting current_userid to the id of whoever happened to post the last Visitor Message. ;)

So the code after that is looking for the wrong cached permissions, not finding them, and executing the wrong branch (the stuff that AND's with the $bbfoo's).

EIDT ... changing that 'if' to this seems to fix it.

if ($forumid != 'ces_profile' AND $post['userid'] AND $parser->ces_options['current_userid'] != $post['userid'])

Although as before, I haven't done any corner case testing, so who knows if that'll break something else ...

-- hugh

Ah thank you. Fixed in next build.

No problem. I really like this mod, and I want to make my AboutMe stuff "CES Permissions aware", so I look forward to the next build. If you'd like me to do some pre-release testing, PM me and I'll give you my email.

-- hugh

This looks great. However, as you have to enable html for all forums - the posting rules will show html 'on' for usergroups that don't have permission to post html. Anyway around this, save hiding posting rules?

There is a plugin in the product that should take care of the posting rules. Is this just speculation of yours or can you confirm that the posting rules are not updated?

A number of plugins had to be added in order to circumvent the default VM restrictions, and I believe I had to break the "bb-code X is not allowed" error system, but I have made the VM system flexible so that individual BB-Codes can be disabled and simply won't parse (or appear in the editor).

@ cheesegrits, I made some small changes to the forumrules plugin since I sent you the test version.

Okay, for the users who experience a blank page on member.php, this has been confirmed to be a result of running PHP 4 when there is a call to a function that didn't exist until PHP 5. Until the next update, you can fix this issue by adding the following code under the header of the includes/ces_permissions.php file:
if (!function_exists('htmlspecialchars_decode'))
{
function htmlspecialchars_decode($string, $quote_style = ENT_COMPAT)
{
return strtr($string, array_flip(get_html_translation_table(HTML_SPECIAL CHARS, $quote_style)));
}
}

I can confirm that, but I'll double check on my test board.

(just to clarify

Admin - post html on, forum post html on - HTML is Allowed Message
Other Test Group post html off, forum post html on - HTML is Allowed Message

As I say, I shall test this again in around 12 hours time, so semi-confirmed.)

I can confirm that, but I'll double check on my test board.

Please try the most recent update. I made some changes to the forum rules code since your first report.

Okay, after double checking, I have the hack, similar to vb.org, of posting rules under editor. The default posting rules updates, but this doesn't.

So, something that is not your problem ^^ I think I might disable posting rules under editor anyways.

What hack are you using? I was thinking of making a Posting Rules hack for VMs, Project Tools, PMs, etc.

I was using this one (https://vborg.vbsupport.ru/showthread.php?t=129349), but I've decided to disable it for now for aesthetic reasons and put my smilies below the editor instead (by same coder)

Works awsome but i want add About me seperate then everything else. some what like hypeto.com how they have about me in a seperate table i tried coding something like that so this is my code:

<div class="tborder" id="link_bar">
<ul class="thead list_no_decoration floatcontainer">
About Me
</ul>
</div>
<div class="tborder" id="activity_info">
<div class="alt2 smallfont">
$userinfo[field15]
</div>
</div>

That worked but html isn't working. I tried putting an image in html and it showed exactly what i put in the box.

But if i don't put it separate it works. So somthing liek the hypto.com about me Box. with html ENABLED is all i need.

Thanks, sorry for my english

1. Make a template called 'custom_about_me' that contains the code you posted above except replace $userinfo[field15] with $profilefield[value]

2. Create a plugin at member_customfields with execute order 10.

if ($profilefield['profilefieldid'] == 15)
{
global $about_me;

eval('$about_me = "' . fetch_template('custom_about_me') . '";');
}

3. Where you were going to put the code in the MEMBERINFO template, instead put $about_me.

This may require some tweaking on your behalf to get working, but I have faith :rolleyes:

Thincom your new version is great and works like a charm! :)

I only found 1 thing: the IMG tag in visitor messages still doesnt work after posting and appears as link.

I only found 1 thing: the IMG tag in visitor messages still doesnt work after posting and appears as link.

In includes/ces_permissions.php, find:
// profile & picture comments were handled by vBulletin

Add below:
$dobbimagecode = $vbulletin->options['allowbbimagecode'];

You're the best thincom! :)

Me and my forum members will love you for this :)

Thanks thanks thanks !! :)

http://cs1121.vkontakte.ru/u2211389/11768271/x_f657d575.jpg

That image is freaky.

Allow me a little question: Everything seems to work fine now, so whats next? :)
If you have some free time now left and don't know what to do with it, then I would have some great new ideas I think for new projects perhaps if you are interested, some of them are also supported by a bit money. You can let me know about your time with a quick pm if you want. :)

Everything seems to work fine now...

Has anyone tested usernotes, PMs, or calendar events? Unfortunately these are barely used on my site so I have nothing existing to compare.

Usernotes work.
Profile fields in the postbits for PMs don't parse.
Custom Permissions for PMs are ignored, except on preview.
...

Ah okay, didn't see it sorry:

Visitor Messages:

The following errors occurred when this message was submitted

1. BB code yt is not allowed.


Were you going to add the possibility of using custom bb-code to the visitor messages?

Tell me more about this yt BB-Code. Is it created by a plugin? Have you added it to the BB-Code Manager in the AdminCP?

As a general rule, all plugin BB-Codes should also be added to the BB-Code Manager, so that proper editor toolbar buttons can be generated. In the case of permissions that modify the tag list (such as VMs), it is important that all custom tags be accessible by append_custom_tags().

Since I cannot reproduce your issue, this is the only thing I can think of at the moment, unless you forgot to check allow overwrite when upgrading the product.

I also have yet to test Announcements or signatures, but according to the current code I doubt sigs should have any issues. I also noticed that forum rules for everything other than posts are incorrect.

yt is a custom bb-code by me, and I got a lot other custom bb-codes too, always I get this error message. As far as I can see, all vb standard bb-codes works well.

it is important that all custom tags be accessible by append_custom_tags().

I'm not really sure what you mean with that. I've added my custom bb-codes in the bb-code manager and they works everywhere in profile (about me) or in other forum areas. Only in visitor messages I get this error. Did I miss something? Would be strange if you can't reproduce it, posting custom bb-codes to the visitor messages without getting this error.

Okay, maybe I got 1 hint: My custom bb-codes are embedding flash-objects (swf). Perhaps there's a rule somewhere in VB left to disallow flash in VM's ?

Check to make sure that the plugin at hook location visitor_messagebit_display_start called "VM Rebuild Tags" exists and is enabled.

Check to make sure that the plugin at hook location visitor_messagebit_display_start called "VM Rebuild Tags" exists and is enabled.

I can't find this part. Not sure if it doesnt exists or if I'm looking at a wrong place. How do I get there, to the hook location visitor_messagebit_display_start ?


Should it be here: ??

Product : CES Parser Permissions
Parse Profile Fields member_customfields [Edit] [Delete]
Post Parsing Perms bbcode_parse_start [Edit] [Delete]
Postbit Prepare showthread_query [Edit] [Delete]
Posting Rules forumrules [Edit] [Delete]
Prepare CES Perms bbcode_create [Edit] [Delete]
Profile Fields in Postbit showthread_postbit_create [Edit] [Delete]
Profile Fields in Postbit on AJAX Edit editpost_edit_ajax [Edit] [Delete]
Profile Fields in Postbit on AJAX Reply newreply_post_ajax [Edit] [Delete]

You are missing a number of plugins. It appears that your current version is 2.0.1. Please re-install the product for 2.0.2 and be sure to check "Allow Overwrite."

Check to make sure that the plugin at hook location visitor_messagebit_display_start called "VM Rebuild Tags" exists and is enabled.

Okay, sorry my fault, seems that I just re-imported an old copy of the 2.0.1 xml for testing yesterday, now I'm back on 2.0.2 and I got the hook location displayed and it's enabled, but I still get the "not allowed" error in VMs.

I'm irritated in the way, that my custom bb-code (yt) or other bb-codes works in the "about me" block without problems, and yes in forumpostings too. Something still wont let me allow to use it in VM's.

I really have no clue. All standard bb-codes works in visitor messages (+ IMG), only custom bb not.

Edit: It has nothing to do with embedding flash-objects with bb-code, but another hint: Could it be the Project-Tools? ( bitfield_ces_parser_perms.xml.new ) .. Did you update it too in your 2.0.2 version?

The only things that were updated in the 2.0.2 version were the product-xml file and includes/ces_permissions.php. It's likely that your php file is correct, otherwise you would be receiving fatal errors. I have tested some custom bb-codes in VMs myself without problems, so this is frustrating for the both of us.

Please PM me with a link to a profile with this issue.

One question before installing this really interesting hack :

Are BB-codes parsed for social groups messages in 3.7 ?
If no : It would be a great addition ;)

Technically they should be, since they utilize the same hooks as Visitor Messages in a member's profile.

Technically they should be, since they utilize the same hooks as Visitor Messages in a member's profile.
Ok I test it on vbulletin 3.7.0 beta5 and have some trouble :

- Parsing all BB code in social groups is ok (except IMG)
- In blog (vbulletin addon) no more parsing at all :(
- Signature in pm seems also not parsed

I don't take a lot of time too test it in deep.
Guess I'm just going to wait for next release.

Great idea anyway and I really hope you could finish it :up:
Sincerely,

- Parsing all BB code in social groups is ok (except IMG)
- In blog (vbulletin addon) no more parsing at all :(
- Signature in pm seems also not parsed

- I will have to look into the social groups to see why IMG isn't working.
- Unfortunately I do not own a blog license so I can't support it. There are hooks in this mod so users can add their own plugins to make vBlog work.
- I don't even know how to enable signatures in PMs. Is this functionality added by a mod?

- I don't even know how to enable signatures in PMs. Is this functionality added by a mod?
Not a mod. By default in vbulletin.

Side note : I understand that providing feedback is really important for you in order to improve your hack but I have to be honest and I'm sorry to tell you that I made just a quick test without looking closer at your code and without testing on all pages.
Sorry again to not help you more, have no time for the moment.

Where is the option to enable this? I can't find it in Private Messaging Options.

You need to add a note in the readme and the first post that this requires PHP 5.1.0 or higher. At least one function that you call (htmspecialchars_decode) requires that version or higher.

edit-------------------
Adding this code at the beginning of the ces_permissions.php file allows it to work on earlier versions of PHP:

if (!function_exists("htmlspecialchars_decode")) {
function htmlspecialchars_decode($string, $quote_style = ENT_COMPAT) {
return strtr($string, array_flip(get_html_translation_table(HTML_SPECIAL CHARS, $quote_style)));
}
}


It appears that HTML parsing is required for pre-parsed custom fields or anything with decent formatting. Would be nice if you could tell the system to ignore specific BBCodes.

Where is the option to enable this? I can't find it in Private Messaging Options.

It is an option that the user has when they actually send the Private Message. There are no permissions other than the user is allowed a signature to begin with.

At least one function that you call (htmspecialchars_decode) requires that version or higher.

Yes, the appropriate function definitions have been added to the ces_permissions.php file for the next update. I have withheld this while I fix some other minor bugs.

It appears that HTML parsing is required for pre-parsed custom fields or anything with decent formatting. Would be nice if you could tell the system to ignore specific BBCodes.

I'm not sure what you mean by this. Are you saying that BB-Code won't work unless HTML is also enabled in profile fields? Regarding your reference to "decent formatting" - that's basically why I couldn't live without HTML turned on in my own forum, and one reason I created this mod. Regarding ignoring specific BB-Codes, 2.0.2 has a "no parse list" for each of profile fields and visitor messages. Or did you mean something else?

When I don't have HTML enabled (the preferred setting) for profiles, I get <br /> after every line in my profile fields and pre-formatted fields show as a block of HTML with no formatting. I'll try blocking them from being processed. If you want I can show screen shots.

I find it strange that line breaks would parse as <br /> that would then get htmlspecialchars()'d before the end of the parse. I'll see if I can find what causes this. A screenshot would be helpful since I don't quite know what a pre-formatted field would be other than a field that has been wrapped with the <pre> tag.

I find it strange that line breaks would parse as <br /> that would then get htmlspecialchars()'d before the end of the parse. I'll see if I can find what causes this. A screenshot would be helpful since I don't quite know what a pre-formatted field would be other than a field that has been wrapped with the <pre> tag.

Here you go:

Profile with CES Parser disabled:

76504

Profile with CES Parser enabled but no HTML:

76505

Profile with CES Parser enabled with HTML:
76506

The World of Warcraft character list is what I mean by a preformatted profile field. It has a hook that takes a plain text list and expands it into an array and updates it.

You can see the <br /> in an attachment by Nerofix on vBulletin.com as well:
http://www.vbulletin.com/forum/attachment.php?attachmentid=25474&d=1204215040

Finally, I don't want to ignore parsing on particular BBCodes. I want to ignore parsing on specific Profile Fields where there are already hooks doing the parsing for me.

Okay, for the next update I have fixed:

- multiplied (in html-enabled) and visible (in html-disabled) line breaks
- added a field to define which fields get parsed in the profile page
- forum announcement permissions are redundant (default permissions are on per-announcement basis)
- signatures in PMs
- a bunch of other profile field related bugs
- all forum rules

Still working on:
- extensive vbulletin blog testing

I am getting the </br> problems that Wayne mentioned above. Anytime I put a return to make a space (like creating paragraphs) the </br> shows up (and I just downloaded the latest version) :eek:

The <br /> fix has not officially been released yet. I am still working on fixing the blog and external issues.

I'm not sure what you mean by this. Are you saying that BB-Code won't work unless HTML is also enabled in profile fields? Regarding your reference to "decent formatting" - that's basically why I couldn't live without HTML turned on in my own forum, and one reason I created this mod. Regarding ignoring specific BB-Codes, 2.0.2 has a "no parse list" for each of profile fields and visitor messages. Or did you mean something else?

I am running beta 5 and the only way that the bb-code works in the profile fields is if I allow HTML :eek:. But when I do allow HTML permissions, the </br> disappear. Looks like a bug.

The <br /> fix has not officially been released yet. I am still working on fixing the blog and external issues.

Awesome! Thanks for the quick reply. And thanks for all the hard work. You have done an amazing job here! :)

As of tonight I fixed the problems with external feeds and printable threads (fixes still not public). If anyone can find any more bugs before I finish the blog fix, let me know. Also let me know about query counts. The mod has a query fallback if the usergroup info is still unavailable after every other check. Let me know if you have noticed query inflation anywhere.

Okay, after a few hours, I decided to post the fixes so far even though I have yet to cover the conflict with the blog. Remember that it's possible to bypass the permissions at a hook after the parser is created by setting:

$parser->ces_options['skip_cpp'] = true;

This update contains fixes for a lot of bugs that have been overlooked in the past, mainly because people just didn't notice. This update fixes forum rules in non-editor pages, as well as a number of bugs where profile fields weren't parsing or were parsing too many times, and fixes the parsing in external feeds, printable versions of threads, and non-forum previews.

When installing 2.0.10 into a 3.6.8 PL2 live forum I get the following error:


XML Error: XML_ERR_NAME_REQUIRED at Line 300

Fixed the XML. Sorry about that. I prefer to write the XML by hand rather than exporting and I forgot to put the exclamation point in one of the <![CDATA[

Hello thincom, sorry for my long abstence, had to work outside my home for some days.

I see that after the update of 3.7 beta 6, there are problems with visitor messages and so on, I guess you got to update your mod too for the beta 6. IMG doesnt work together with beta 6 in example.

Yes I suspect there are problems now because the vBulletin staff have decided to turn off the restrictions in VMs as of B6 and implement a Disallow which BB-Codes in VMs?-type option in the AdminCP. (Sound familiar? :cool:)

I have been busy this week and have not had a chance to upgrade to Beta 6 yet, but almost as soon as I do I should be releasing another update.

Yes I think that your work with this mod was a good aspect to move the vbdevs to allow bb code in VMs, but your mod is still needed for the "about me" corner.

Yes I think that your work with this mod was a good aspect to move the vbdevs to allow bb code in VMs, but your mod is still needed for the "about me" corner.

Indeed. I think the about me use of bb code is one of the most important and it is extremely sad that the vb team has not implemented it (it should have been ages ago)

I'm get the following error message when enabling this plugin, and I have no idea why. All of the files have been uploaded properly, so I know that everything it should need is there. Any ideas?

Fatal error: Call to undefined function: ces_permissions_toolbars2() in /home/chelseah/public_html/forum/showthread.php(1963) : eval()'d code on line 3

(BTW - This is on a forum running vBulletin 3.6.8 Patch Level 2.)

Forums Running:vBulletin® v3.6.8 Patch Level 2
using your version 2.1.0

I have no errors when I install the product and the product parses the profile fields correctly. However, my posts disappear..I get a white screen.

I'm get the following error message when enabling this plugin, and I have no idea why. All of the files have been uploaded properly, so I know that everything it should need is there. Any ideas?

(BTW - This is on a forum running vBulletin 3.6.8 Patch Level 2.)

Forums Running:vBulletin? v3.6.8 Patch Level 2
using your version 2.1.0

I have no errors when I install the product and the product parses the profile fields correctly. However, my posts disappear..I get a white screen.

The only reason I can see this happening is if the code at line 1928 isn't executing fully. To fix this issue until my next update, edit the showthread_complete plugin included in this product, and add the following line to the beginning:

require_once(DIR . '/includes/ces_permissions.php');

The only reason I can see this happening is if the code at line 1928 isn't executing fully. To fix this issue until my next update, edit the showthread_complete plugin included in this product, and add the following line to the beginning:

require_once(DIR . '/includes/ces_permissions.php');That didn't fix the problem - Any other ideas?

If that didn't fix the problem, that would imply that the function really doesn't exist...

Oops! Typo.

Edit the showthread_complete plugin. The call should be to
ces_permissions_toolbar2

Note that "toolbar" should be singular.

The typo correction works. Thanks!

However now I am getting trouble when I am pasting my code into the profile field. All it is is a simple table created at http://www.1stsfss.com/pages/inputAward.html When you choose your awards and it creates the working table. However when I paste it into the profile field there are a lot of page breaks and pushes the start of the table waaaay down. And then the table is stretched vertically. I have other fresh eyes looking at the table code to see if i missed something. I didn't know if there was a style that i was unaware of or if the CES Parser had anything to do with it..

Appreciate the help..

I have tried that table creator you posted, and not only does it generate non-standards-complaint XHTML, but you'll notice between lines 22 - 31 (I put a comment there so you can see it) that a problem exists. I modified the code only by adding tabs (and the comment) to investigate the tag nesting (the issue you describe is usually caused by improper nesting).

<table width="466" cellpadding="0" cellspacing="0" border="0">
<tr>
<td colspan="3">
<img src="images/case/top.jpg" width="466" height="35" />
</td>
</tr>
<tr>
<td width="38">
<img src="images/case/left.jpg" width="38" height="317" />
</td>
<td width="390" height="317" background="images/case/center.jpg" align="center">
<table width="390" height="317" border="0">
<tr>
<td width="45" ></td>
<td align="center"></td>
<td width="50" ></td>
</tr>
<tr>
<td align="center"></td>
<td align="center">
<table>
<!-- nesting problems start here -->
<tr>
<td height="14" width="53">
<td height="14" width="53">
<td background="images/ribbons/commander1st.gif" align="center" height="14" width="53">
</td>
<td background="images/ribbons/commander2nd.gif" align="center" height="14" width="53">
</td>
</tr>
<!-- / nesting problems end here -->
<tr>
<td background="images/ribbons/soldiers.gif"align="center" height="14" width="53">
</td>
<td background="images/ribbons/silverStar.gif" height="14" align="center" width="53">
</td>
<td background="images/ribbons/goodConduct.gif" height="14" align="center" width="53">
</td>
<td background="images/ribbons/tra.gif" height="14" width="53" >
</td>
</tr>
<tr>
</tr>
</table>
</td>
<td> </td>
</tr>
<tr>
<td width="45" ></td>
<td align="center">
<img src="images/badges/sharpshooter.jpg">
</td>
<td width="50" ></td>
</tr>
</table>
</td>
<td width="38">
<img src="images/case/right.jpg" width="38" height="317" />
</td>
</tr>
<tr>
<td colspan="3">
<img src="images/case/bottom.jpg" width="466" height="38" />
</td>
</tr>
</table>

As you can see, this is an issue with the tool you mentioned and not with this mod.

Thank you very much, I corrected that it still didn't work. So what i ended up doing is deleting all spaces and formatting tabs that was apart of the code when I pasted it into the edit profile field textbox. Apparently it takes all of that literal and doesn't ignore the whitespace so it was stretching out the box and moving it down because spaces and tabs were in the tables..

Yes, the same thing would happen if you used the table in a post. This is how vBulletin's BB-Code parser works by default, by converting newlines into HTML line breaks.

Update: Compatibility with vBulletin 3.7 Beta 6 and RC1 has been fixed. The Social Messages stock vBulletin feature in which an error message is displayed when using a disabled BB-Code is also working again. Fixed some fatal errors due to typos, and gave Social Messages their own bitfields (inclusive for VMs, GMs, PCs, and usernotes - which I always considered to be vB's old profile comment system).

The <br /> fix has not officially been released yet. I am still working on fixing the blog and external issues.

Has this issue been fixed in the update? This problems makes the mod unusable for profile fields if a user wants users return to create a space between lines of text.

Thanks.

That issue was fixed about a month ago (3/6). I'm sorry you missed it.

That issue was fixed about a month ago (3/6). I'm sorry you missed it.

Ooops! Sorry about that. Awesome. This is such a great mod. Thank you so much for creating it as well as updating it so frequently!

Hm, after this mod... bbcode in events do not work

Fixed it, just make sure the bbcode start plugin isn't called on the calendar page via a conditional.

If bb-code in events doesn't work then that is a bug, and I should fix it in the next build. Disabling the mod in the calendar really shouldn't be an acceptable alternative, so I will make sure to fix this.

After installing, if you have Allow HTML set to Yes within Signature Permissions of the Usergroup in the ACP, you are not able to put HTML into your signature. Is this a bug? I played around with the mod within the plugin system and was able to make it work if only

BBCode - Parse by Permissions
Member - Globalize the Parser
Profile Fields - Parse by Permissions

but then this means all the other parts of the mod don't work. Will this be fixed?

Thanks,

Marcos

After installing, if you have Allow HTML set to Yes within Signature Permissions of the Usergroup in the ACP, you are not able to put HTML into your signature. Is this a bug? I played around with the mod within the plugin system and was able to make it work if only

BBCode - Parse by Permissions
Member - Globalize the Parser
Profile Fields - Parse by Permissions

but then this means all the other parts of the mod don't work. Will this be fixed?

Thanks,

Marcos

Scratch that, this doesn't work with those checked off. HTML doesn't work in signature if this is installed.

I believe that the way the mod is designed, if HTML is not allowed in a user's profile, then HTML cannot be in their signature. HTML is working fine under my test install, I would recommend checking this mod's Usergroup Permissions for profiles.

I believe that the way the mod is designed, if HTML is not allowed in a user's profile, then HTML cannot be in their signature. HTML is working fine under my test install, I would recommend checking this mod's Usergroup Permissions for profiles.

Thanks for the reply! But they are two separate permissions. I think that the mod should allow for members to not be able to use HTML in the profile fields, but allow HTML in the signature.

Thanks for the reply! But they are two separate permissions. I think that the mod should allow for members to not be able to use HTML in the profile fields, but allow HTML in the signature.

I did some more playing around and I do not want to have members allowed to put HTML in any other parts of the forum, i.e., a yes to Allow HTML in Non Forum Specific Areas within the BB Code Settings in the VB Options of the ACP. I just want to have them be allowed to put HTML in the signature while still getting all the benefits of this great mod (I actually only want them to be able to put BB Code in the profile fields of the About Me section). But right now if you sent Allow HTML in Non Forum Specific Areas to no and Allow HTML in signature to Yes, this mod does not work.

Or am I missing something? Thanks.

Your issue sounds like it is related to how vBulletin functions by default, coupled with a misunderstanding of the way this mod is designed.

1. HTML, BB-Code, etc. always has to be enabled globally, or the parser just won't bother with it.
2. This mod checks what is globally enabled, and makes sure the individual user is not prohibited from using it (this would be a NO in the mod's settings).
3. If the individual user doesn't have permission, this mod will then disable it.

You should not worry about enabling HTML, or anything else for that matter, everywhere, as long as this is installed. Think of the standard vBulletin Options regarding this as simple ON/OFF switches, and this mod for tweaking if ON.

That said, if you want a separate permission set for signatures, you would either have to wait for another update of this mod, or modify it yourself until such a supported update.

Your issue sounds like it is related to how vBulletin functions by default, coupled with a misunderstanding of the way this mod is designed.

1. HTML, BB-Code, etc. always has to be enabled globally, or the parser just won't bother with it.
2. This mod checks what is globally enabled, and makes sure the individual user is not prohibited from using it (this would be a NO in the mod's settings).
3. If the individual user doesn't have permission, this mod will then disable it.

You should not worry about enabling HTML, or anything else for that matter, everywhere, as long as this is installed. Think of the standard vBulletin Options regarding this as simple ON/OFF switches, and this mod for tweaking if ON.

That said, if you want a separate permission set for signatures, you would either have to wait for another update of this mod, or modify it yourself until such a supported update.

Thanks for the email. So I turned on HTML on the BBcode section of VB options as well as in the signature permissions and the mod is enabled and everyone has the right permissions (well, me since it is on a test forum) and still when I insert HTML into the signature is not working.

Sorry to ask this again, but is there something with the signature section when everything is set up properly?

Thanks,

Marcos

Is this hack anywhere near having the "extensive vbulletin blog testing" part being added so that blogs will parse bbcode properly? Or am I missing something?

BBcode appears to parse fine for the blog bits in the tab on the memberinfo page, but nothing at all in the actual blog section itself.

There is no blog support in this mod because I do not own a blog license nor do I intend to. In order for me to add blog support, someone would have to give me full admin access to a test blog. Someone offered to let me do this a while back, but I never heard from them again.

If you are still having signature trouble, you probably need to clear the signature cache.

There is no blog support in this mod because I do not own a blog license nor do I intend to. In order for me to add blog support, someone would have to give me full admin access to a test blog. Someone offered to let me do this a while back, but I never heard from them again.

Fair enough.

Having done some further checks, my site has far too many other sections and addons dependent upon bbcode working without the need for additional permissions checks, which suddenly stopped working when I installed this hack and I cetainly can't/wouldn't expect any coder to add special bits just for me, so with that, unfortunately it renders this hack useless to me.

I guess I go back to the drawing board in my search for a simply way of getting bbcode and imgcode to parse on the membersinfo pages. Shame, I had it working perfectly with my own code before updating to 3.7 but it's stopped working now. Unless maybe you could possibly help me with a simple bit of code that would make bbcode and imgcode parse for profile fields?

Thanks for the email. So I turned on HTML on the BBcode section of VB options as well as in the signature permissions and the mod is enabled and everyone has the right permissions (well, me since it is on a test forum) and still when I insert HTML into the signature is not working.

Sorry to ask this again, but is there something with the signature section when everything is set up properly?

Thanks,

Marcos

I would still like to know why the HTML inserted into the signature does not work when this mod is installed. I will certainly donate some money if this can be fixed :)!

Thanks,

Marcos

Having done some further checks, my site has far too many other sections and addons dependent upon bbcode working without the need for additional permissions checks, which suddenly stopped working when I installed this hack and I cetainly can't/wouldn't expect any coder to add special bits just for me, so with that, unfortunately it renders this hack useless to me.

The mod has two hook locations that you can use to set the variables correctly for those mods, or that you can use to skip the checks altogether for those mods ($this->ces_options['skip_cpp']). In the case of adding support manually via the hooks, the mod should use post permissions by default.

I would still like to know why the HTML inserted into the signature does not work when this mod is installed. I will certainly donate some money if this can be fixed :)!

Thanks,

Marcos

Chances are that when the permissions were wrong the signature was cached. Did you try my suggestion from a few posts ago and rebuild the signature cache? I have not been able to duplicate your issue any other way.

Chances are that when the permissions were wrong the signature was cached. Did you try my suggestion from a few posts ago and rebuild the signature cache? I have not been able to duplicate your issue any other way.

I rebuilt it and nothing. I am able to use BBcode in the signature, but not HTML. I am going to uninstall the mod, then reupload/reinstall everything. I am also going to add a new member after I install it to see if that may work. I liked on vb.com and with some people they have to execute a SQL query in order for it to change the signatures. This may happen to other people in the future after installing the mod, so I will post any progress I make. Thanks!

If you still have problems I am going to recommend creating another admin on that test board and PMing me a way to access it.

If you still have problems I am going to recommend creating another admin on that test board and PMing me a way to access it.

Just PMed you. Thanks!

Okay, so after some frustration on your site, I noticed that in the current release, Profile permissions (except sigs) are actually using Social Message permissions (and you had all of these off). This is not intended functionality, and I believe it was leftover from the last time I was testing and just wanted to make a catchall for something that wasn't working.

Upon this discovery, there will be a new release in a couple of hours to fix this problem. I have also added a check to prevent this mod from running on signatures, since those already have fully customizeable permissions by default.

Someone reported a problem with events a bit back, so I will be looking into that before the patch.

Okay, so after some frustration on your site, I noticed that in the current release, Profile permissions (except sigs) are actually using Social Message permissions (and you had all of these off). This is not intended functionality, and I believe it was leftover from the last time I was testing and just wanted to make a catchall for something that wasn't working.

Upon this discovery, there will be a new release in a couple of hours to fix this problem. I have also added a check to prevent this mod from running on signatures, since those already have fully customizeable permissions by default.

Someone reported a problem with events a bit back, so I will be looking into that before the patch.

Ahh...I had the social message permissions off because I am not going to use social groups on my board (I am assuming those are the options for social groups). Thanks for coming out with a new version and such a great mod. I just made a donation :)!

(I am assuming those are the options for social groups)

They are also the options for the Visitor Messages on a user's profile, for picture comments, and for "user notes" (which I don't even understand what they are supposed to be). In vB 3.7, these are sometimes all handled (with the exception of usernotes, which I threw in there on my own) by the mystical "socialmessage" forum id, sometimes by their individual ids. Why? That I don't quite understand either.

So you may want to reconsider having the Social Message options off. :p

They are also the options for the Visitor Messages on a user's profile, for picture comments, and for "user notes" (which I don't even understand what they are supposed to be). In vB 3.7, these are sometimes all handled (with the exception of usernotes, which I threw in there on my own) by the mystical "socialmessage" forum id, sometimes by their individual ids. Why? That I don't quite understand either.

So you may want to reconsider having the Social Message options off. :p

Yes, I will just put them on. No one will be able to create or join social groups anyways, so no harm in turning them on. Thanks!

Just installed it and it works perfectly. Thanks!

It seems that the URL BB Code is not working in the Profile Fields. BB Code like Bold / Italic / Underline works perfectly, but when I put something like

vBulletin Community Forum (http://www.vbulletin.com/forum)

it comes out in the profile field as


vBulletin Community Forum (http://www.vbulletin.com/forum)

and is not creating a link.

Is there a bug with this?

Thanks,

Marcos

Sorry, and this is 3.7.1.

It seems that the URL BB Code is not working in the Profile Fields.

Cannot reproduce in 3.7.1...

I only found a bug where the Location info on the Forum Leaders page is not parsed.

Thanks for the reply. So are you able to create URLs within a new profile field you have created? I had been putting the URL bb code into a newly created profile field and it is not working, but when I put the same code e.g., vBulletin Community Forum (http://www.vbulletin.com/forum) within the first field that automatically is set up when you create a new vb forum, it parses and the URL is created. I checked the profile fields and the original one that is set up with a new vb board and the new one I created have the same settings. Could there be a bug with newly created profile fields?

Thanks,

Marcos

Could there be a bug with newly created profile fields?

Have you looked at this option?

Parse Which Profile Fields?
List the Profile Field IDs that you would like to be parsed in profile pages. Separate multiple entries with a space.

Have you looked at this option?

Parse Which Profile Fields?
List the Profile Field IDs that you would like to be parsed in profile pages. Separate multiple entries with a space.

Ahhh...i didn't even realize that was an option! :) It is working perfectly! Thanks!

Hi thincom2000!
I love your hack, it's great!
But as usual i have a request...

Can you add an option to allow embed tag from some pages?
i mean, i want to use music player widget from www.last.fm
so i allow to embed just that player and any other embed dont parse...

Every embed tag has a src attribute you can find there the url to allow the parse...

i need to allow multiple pages like: http://www.myflashfetish.com, www.last.fm, photobucket.com, slide.com

there is a way to allow this?

Thanks in advance!

If you want to do that it should be pretty simple for you to create a custom [EMBED] BB-Code on your site that only allows certain site's URLs if the strpos === 0

If you want to do that it should be pretty simple for you to create a custom [EMBED] BB-Code on your site that only allows certain site's URLs if the strpos === 0

Ok, but i dont know how to make a bb-code to show this:

<center><p style="visibility:visible;"><embed src="http://assets.myflashfetish.com/swf/mp3/mff-mpodmin.swf" quality="high" wmode="transparent" flashvars="myid=10048413&path=2008/06/02&mycolor=692E2E&mycolor2=2B0909&mycolor3=FFFFFF&autoplay=true&rand=0&f=3&vol=100&pat=6" width="158" height="208" name="myflashfetish" align="middle"type="application/x-shockwave-flash" pluginspage="http://www.macromedia.com/go/getflashplayer" border="0" /><br><a href="http://www.myflashfetish.com/playlist/10048413" target="_blank"><img src="http://assets.myflashfetish.com/images/get-tracks.gif" title="Get Music Tracks!" style="border-style:none;" alt="Music"></a><a href="http://www.mixpod.com" target="_blank"><img src="http://assets.myflashfetish.com/images/make-own.gif" title="Create A Playlist!" style="border-style:none;" alt="Playlist"></a><br></p></center><img style="visibility:hidden;width:0px;height:0px;" border=0 width=0 height=0 src="http://counters.gigya.com/wildfire/CIMP/bT*xJmx*PTEyMTI*Njc3MzYzMTImcHQ9MTIxMjQ2NzczNzIzNC ZwPTE4MDMxJmQ9Jm49Jmc9MQ==.jpg" />

each site has your own code, let me see an example what are you saying...

thanks!

Use hook bbcode_create to add the definition. Give the BB-Code an external callback to handle the URLs however you want.

If you're unfamiliar with it, you should first immerse yourself in includes/class_bbcode.php so you get an idea of how it works.

Great mod,

But not work when I change Profilefield page to 'options page' 'form=5'.

I use v3.7.1.

Thank you.

Great mod,

But not work when I change Profilefield page to 'options page' 'form=5'.

I use v3.7.1.

Thank you.

Can you post a screenshot? Thanks.

I use this post

https://vborg.vbsupport.ru/showpost.php?p=1451023&postcount=137

bbcode work fine if my custom field in page 'Edit Your Details' but not work if I choose other locations page like 'Options'

lock at it to know what I mean
82779

Okay I didn't know about that option either, but what I meant was a screenshot of it in context not parsing.

I have been wanting to install this for a while. However after I install it, it for some reasons takes away the bbCode in my shoutbox. I have checked all the permissions and everything looks like it is set right. Does anyone have any idea what it could be?

Here is a pic of it on my test board.

http://calistyle101.com/images/forum.gif

Any and all help would be greatly appreciated. Thanks!

I would love to mark this as installed if I can get this fixed.

You want to use the $parser->ces_options['skip_cpp'] flag.

You want to use the $parser->ces_options['skip_cpp'] flag.

Where does this code go? Does it replace something? I am not sure where it goes at all. I would love to get this resolved though.

Where does this code go? Does it replace something? I am not sure where it goes at all.

Neither do I. :rolleyes: I will need a link to the shoutbox mod.

Yeah this took away the bbcode from my posts on the front page thru vBAdvanced. Any idea where I can put the code to get my bbcode back?

Again, I would need a link to the particular mod you are having problems integrating with. For vbadvanced, I would need a link to the particular module.

I'm not sure where I should find the module, its not anything custom or special. It's the main block of vBAdvanced. Taking posts from a specified forums and displaying them on the front page of vBAdvanced.

Here is the mod for the shoutbox.

https://vborg.vbsupport.ru/showthread.php?t=147346&highlight=inferno+shoutbox

Thanks again for your help. I cannot wait to get this working.

For shoutbox users - The only way I can see to do this is with a file edit:

In infernoshout/engine/inferno_shout.php, find:
$text = $this->parser->parse(trim($text), 'nonforum');

Add before:
$this->parser->ces_options['skip_cpp'] = true;

For shoutbox users - The only way I can see to do this is with a file edit:

In infernoshout/engine/inferno_shout.php, find:
$text = $this->parser->parse(trim($text), 'nonforum');

Add before:
$this->parser->ces_options['skip_cpp'] = true;

Thank you sooo much. It worked like a charm. A file edit is more than worth being able to use this great mod. Thanks again for the quick responses through this situation.

I am marking this as installed right now.

I just now noticed this. The bb code in the blogs have now been disabled. How do I get it back? All the permissions say that they are allowed to be used in the usergroups. I have the official vbulletin blog system.

Also the vbadvance is also not allowing the bb code. These are the last two things and then this is installed perfectly. It would be great to a fast response again.

I am using vBadvanced CMPS.

Also the vbadvance is also not allowing the bb code. These are the last two things and then this is installed perfectly. It would be great to a fast response again.

I am using vBadvanced CMPS.

The next version will support the blog. Until then (tomorrow-ish), I have looked briefly at the vbadvanced code and I assume you are talking about the news module?

If that is the case, this is the appropriate change (make a note of it in case of future vbadvanced updates).

In modules/news.php, find:
$news['pagetext_html'] = $bbcode_parser->parse(
$news['pagetext'],
$news['forumid'],
$news['allowsmilie'],
true,
$news['pagetext_html'],
$news['hasimages'],
true
);

Add before:
global $post;

$post = $news;

Find:
$news['message'] = $bbcode_parser->do_parse(
$news['pagetext'],
$mod_options['portal_news_enablehtml'],
$news['allowsmilie'],
$mod_options['portal_news_enablevbcode'],
$mod_options['portal_news_enablevbimage']
);

Replace with:
global $post;

$post = $news;

$news['pagetext_html'] = $bbcode_parser->parse(
$news['pagetext'],
$news['forumid'],
$news['allowsmilie'],
true,
$news['pagetext_html'],
$news['hasimages'],
true
);

ok. Thanks! I will try this here in a bit, after I am done with what I am doing right now. The blog is a huge thing as well. So I look forward to that one as well.

I will post in here about the vbadvanced after I try it. Just to let every one know!

Worked like a charm once again. Thanks for all the great help. Now, like I said, I am just waiting on the blog fix.

Hey I read that you were guying to try and find a way to fix the blog problem. I also heard you say if some one wanted to give you full admin priv. to there forum you could do it faster. If you want I can give you full admin priv. on my test forum? That way you can figure out how to fix it. Let me know, and we can get on it!

Until I release an update (at which point you should remove this fix), you can fix the blog by creating a new bbcode_parse_start plugin.

if ($forumid == 'blog_entry' OR $forumid == 'blog_user' OR $forumid == 'blog_comment')
{
$this->ces_options['skip_cpp'] = true;
}

Until I release an update (at which point you should remove this fix), you can fix the blog by creating a new bbcode_parse_start plugin.

if ($forumid == 'blog_entry' OR $forumid == 'blog_user' OR $forumid == 'blog_comment')
{
$this->ces_options['skip_cpp'] = true;
}

Where do I set the hook location to?

Where do I set the hook location to?
See my above post.
bbcode_parse_start

I do not think this worked. I may have done it wrong though.

So I hit create new pugin? then set the hook location to bbcode_parse_start and paste the code in with any title?

Or

Am I some how changing the current bbcode_parse_start?

Ah, that's true. Because of the Execution order, you should modify the product's bbcode_parse_start plugin. Place the code at the top (do not replace anything).

Ah, that's true. Because of the Execution order, you should modify the product's bbcode_parse_start plugin. Place the code at the top (do not replace anything).

It still didnt work. Here is all the code after I added that. I thought it may help ya out for some reason, because I know you do not have a blog yourself.

if ($forumid == 'blog_entry' OR $forumid == 'blog_user' OR $forumid == 'blog_comment')
{
$this->ces_options['skip_cpp'] = true;
}

if (!empty($this->parse_userinfo['permissions']))
{
switch($forumid)
{
case 'blog_entry':
case 'blog_user':
$dohtml = ($this->parse_userinfo['permissions']['vbblog_entry_permissions'] & $this->registry->bf_ugp_vbblog_entry_permissions['blog_allowhtml']);
$dobbcode = ($this->parse_userinfo['permissions']['vbblog_entry_permissions'] & $this->registry->bf_ugp_vbblog_entry_permissions['blog_allowbbcode']);
$dobbimagecode = ($this->parse_userinfo['permissions']['vbblog_entry_permissions'] & $this->registry->bf_ugp_vbblog_entry_permissions['blog_allowimages']);
$dosmilies = ($allowsmilie AND ($this->parse_userinfo['permissions']['vbblog_entry_permissions'] & $this->registry->bf_ugp_vbblog_entry_permissions['blog_allowsmilies']));
break;
case 'blog_comment':
$dohtml = ($this->parse_userinfo['permissions']['vbblog_comment_permissions'] & $this->registry->bf_ugp_vbblog_comment_permissions['blog_allowhtml']);
$dobbcode = ($this->parse_userinfo['permissions']['vbblog_comment_permissions'] & $this->registry->bf_ugp_vbblog_comment_permissions['blog_allowbbcode']);
$dobbimagecode = ($this->parse_userinfo['permissions']['vbblog_comment_permissions'] & $this->registry->bf_ugp_vbblog_comment_permissions['blog_allowimages']);
$dosmilies = ($allowsmilie AND ($this->parse_userinfo['permissions']['vbblog_comment_permissions'] & $this->registry->bf_ugp_vbblog_comment_permissions['blog_allowsmilies']));
break;
}
}

here is one of my blogs!
http://calistyle101.com/forums/blog.php?b=10