Hi,

I tried to add php to bbcode with no luck.

E.g I have [test] bbcode and in the bbcode replacement I want a php script to run. I want to use sessions to store information but just for example, lets say I need to include a file:

test.php Is it possible to actually run php code and make it execute: <?php include("test.php"); ?>

Thanks,
Karthick

Possible yes but it would be a HUGE security flaw id say in your forums and i wouldn't advise it at all

- Zero Tolerance

I dont understand, how is it even a slight security flaw?

I dont understand, how is it even a slight security flaw?
If you allow php to be executed anywhere, you are allowing anything to be run, which means someone could drop your database, specific tables, even get passwords or other viatal info :)

No, I dont want others to be able to run PHP code. I want to run my own php code in bbcode. For example, someone types this I want to be able to type php code in the bbcode replacement variable so that I can use php to store "this" as a session variable.

I hope I am making sense :S

Why exactly would you want to make session vars in a post?

Im a little un-certain why such a thing would be needed

5 AM here, so ill try and make this quick.

http://64.91.226.5/showthread.php?t=452&page=2

Please see the chess boards. The BB Code just currently tags a php file through Iframe, <iframe src=blah.php?chess moves etc. Now Apache GET limit is 8kb max, and to change that, I would have to recompile apache, which is not advisable. I want to allow up to 200kb.

So I need to get PHP to store a session variable with that name, or do ANYTHING with php to store the information somewhere, instead of tagging it onto iframe.

Can someone give me a hint on how to do this?

Alternatively, How can I make a template into bbcode? E.G how are all the standard bbcodes as templates? How does it know that template is bbcode?

bump

bump
I dont think anyone is going to code an open security risk.

You can take a service request but most of these are paid.

What the?

You still haven't explained to me how its a security risk..!!!!

BtW, I already coded it in manually

BtW, I already coded it in manually
Yes, we have :) if you can run a snippet of code in this bbcode and it will recgonize it, anything and i mean ANYTHING could be done to your forum :)

That means you didn't read my posts properly.

What I wanted to do was execute MY PHP CODE in the bbcode. E.g

<?

$test = "{param}";

?>

Now if there is a flaw in that, then PHP is one big flaw. ;)

That means you didn't read my posts properly.

What I wanted to do was execute MY PHP CODE in the bbcode. E.g

<?

$test = "{param}";

?>

Now if there is a flaw in that, then PHP is one big flaw. ;)
<?

$test = "{param}";

?>
when {param} =

test"; bla bla more bad php code ";

OMG.... vBulletin and PHP escape all harmful characters...

E.G GET $test (im bla"h) = im bla\"h after escaping.....

*bangs head on brick wall*

OMG.... vBulletin and PHP escape all harmful characters...

E.G GET $test (im bla"h) = im bla\"h after escaping.....

*bangs head on brick wall*
since its php use stripslashes ;)

http://64.91.226.5/images/custom_smilies/eusa_wall.gif

removed :)

whats your forum url now?
;)

im sure i can make it work with some trys ;)

<a href="http://www.chesskit.com/community/" target="_blank">http://www.chesskit.com/community/</a>

Good Luck

Nope, considering that will empty your database :)

You mean you can't do it.

You mean you can't do it.
No, thats not what i said, i said im not going to try, as a member of the vBulletin Team it wouldnt look good if i went around emtping peoples databases now would it ;)

No, thats not what i said, i said im not going to try, as a member of the vBulletin Team it wouldnt look good if i went around emtping peoples databases now would it ;)
posting the code isn't as professional either :>

posting the code isn't as professional either :>
its in install.php (removes it)

i said im not going to try, as a member of the vBulletin Team
:o

:rolleyes:

No, thats not what i said, i said im not going to try, as a member of the vBulletin Team it wouldnt look good if i went around emtping peoples databases now would it ;)
You cant do it man. Just admit it. Or set up another BB and empty that. If vB was that vunerable, then it sucks.