It kind of bothered me that you couldn't use vBulletin conditionals in the BBCodes. For example you couldn't use <if condition="$bbuserinfo[usergroupid] == {option}">{param}</if>.

With this small hack you can customize your BBCodes by using vBulletin's own conditionals.

Installing
Download the plugin XML. Go into to your ACP --> Plugins & Products --> Download / Upload Plugins. Scroll to the bottom of the page. Browse to vbulletin-plugins_adv_bbcodes.xml and click "Import".

View the screenshot for an example BBCode you can use.

I hope you like this hack.

Thanks :)

sweet

Thanks you two.

Superb! This opens much more possibilities - thanks. :up:

Great idea.
Anyway to set it to use an array for multiple groups?

Can you make it such, that it doesn't ignore the "<else />" statement?
Sometimes the "<else />" works one time and then not. This would be very helpful if you could fix that.

What replacement code are you using?

Great idea.
Anyway to set it to use an array for multiple groups?
I tried and couldn't get it to work.

For example:
<if condition="$bbuserinfo['userid']>0">{param}<else />This code is not visible for Guests</if>

or:
<if condition="$bbuserinfo['reputation']>=100">{param}<else />This code is only visible for reputation points.</if>

Other question security related:
I found out that it would parse vb variables directly in the post.
The question is if there is a security matter / issue or not?!
For example I can write in my post $bbuserinfo[reputation] and it would
directly in my post show my reputation value. So I am afraid it could be used by
members for malicious actions or is this impossible?

The conditionals work for me.

It's not really a security risk but you may have data you don't want them to see.

Could you use this to specify the bbcode to only be used in a particular forum? If so, what code would you use?

Hmmm, interesting. I'm going to click install for now and download and install this to my site later!

There are a two problems with this mod. One is where a member can type $bbuserinfo[var] and it will output the value in the database but only for their userid. I used preg_replace to fix the problem.
Another is when someone types an array with either single or double quotes $var['foo'] or $var["foo"].
Can anybody help with the second problem?

Great mod , even with the simple example you wrote it'll be much fun to use it

Did you include the fix for the first problem in the plugin yet?

For restricting multiple usergroups, can you use the is_member_of() function instead of the boolean operator? (I know that this works in templates, not sure about here)

Example:

<if condition="is_member_of($bbuserinfo,{option})">{param}</if>

visible to mods and admins only

or you might need quotes, depending on how things are parsed, and whether or not this is related to problem #2 above:

'[/COLOR]5,6']visible to mods and admins only

I am concerned about the security risk, because I have a ton of private/hidden profile fields with personal information about my users that I wouldn't want people to have access to

Other question security related:
I found out that it would parse vb variables directly in the post.
The question is if there is a security matter / issue or not?!
For example I can write in my post $bbuserinfo[reputation] and it would
directly in my post show my reputation value. So I am afraid it could be used by
members for malicious actions or is this impossible?


Installed and working great! But, is there any security/abuse concern here? Can this be exploited?

--RayJ

There are a two problems with this mod. One is where a member can type $bbuserinfo[var] and it will output the value in the database but only for their userid. I used preg_replace to fix the problem.
Another is when someone types an array with either single or double quotes $var['foo'] or $var["foo"].
Can anybody help with the second problem?

I have some concern about this, could you give an example of the preg_replace regex and where to put it? I would guess it would go in the plugin, but before or after the eval('$text = "' . compile_template($text) . '" ;'); ?

Thanks for any info!

--RayJ

PS: My failed attempt: eval(preg_replace('/(\$)(show|stylevar|userinfo|vboptions|vbphrase)(\[.+\])/i',"$1 $2 $3",$text));

It seems as if this only works on new/updates posts. It fails to function for bbcodes in the post-cache. Any info on how to fix this?

Thanx, RayJ

this could be* exactly what I'm looking for! I love this site!

Thanks

*or not

When I created a post, it worked great!

After a few minutes, I guess the post-cache kicked in or something, and it displayed the <if> and <else> tags as regular HTML tags.

After disabling post-caching, it seems to work fine.

Any way I could have this AND have post-caching, or does it just not work that way?

any updates on this and post caching ? any other security flaws ?

Any chance of getting this fixed and working for 3.8?

Please make a new version of this plugin for vb 4.1
Is fantastic. Please help me :)

Can someone make this work with post caching and <else /> statements in vb3.8 please, thanks.

,.......

If you can have a look at this.. would be great

https://vborg.vbsupport.ru/showthread.php?p=2416099