Hey !


I made a custom profile field , and datamanger was part of the process.


so , here is what I did.

$vbulletin->input->clean_gpc('p','my_field',TYPE_STR);

then I used datamangers to set the info



$test =& datamanager_init('User', $vbulletin, ERRTYPE_STANDARD);
$test->set_existing($vbulletin->userinfo);
$test->set('my_field', $vbulletin->GPC['my_field']);
$test->save();





This mod uses bbcode so I need double quotes here,(I missed up every thing when I used TYPE_NOHTML) :p


does this looks safe enough to be used in my live forums ? and do I have to escape strings etc , or datamanger would take care of it.



Thank you.:)

The vBulletin input cleaner will escape anything that would normally be harmful to the boards. So yes, that would work fine.

It looks to me like clean_gpc with TYPE_STR just trims blanks off the ends and removes null characters. So if you don't want to allow html in that field you may need to do something else.

I guess you could try entering some html and see what happens.

TYPE_NOHTML will do your job...

TYPE_NOHTML will do your job...

...except that the OP says that TYPE_NOHTML messed things up. Looking at includes/class_core.php it looks like cleaning a TYPE_NOHTML value does this:

str_replace(
// replace special html characters
array('<', '>', '"'),
array('&lt;', '&gt;', '&quot;'),
preg_replace(
// translates all non-unicode entities
'/&(?!' . ($entities ? '#[0-9]+|shy' : '(#[0-9]+|[a-z]+)') . ';)/si',
'&amp;',
$text
)
);

so maybe you could leave it as TYPE_STR but clean it yourself using the above code, and take out the part that replaces the quotes.

Hi !

with a little test.

vbulletin seems to parse bbcode with quotes.



test



or even without them.

test



so I made the same function that kh99 provided but, with stripping every single html char so it replaced it with nothing.




Thank you so much everyone for your input.:up: