|
Profile fields are admin definable. Hence I would not be able to make a general bitfield file that corresponds to more than one board. It should be possible to do this on your own if you did some coding.
I'm surprised no one has had any conflicts involving this mod yet. I've been sitting on a new reworked version that solves a few... |
Did some coding? Me? Yeah right:)
Reworked version you say? Can you share? ;) One of the bugs I have noticed is when my users use <embed> tag to embed google video and it gets cut out due to max characters for this profile fields it break the tables in memberinfo template. Anyway around that? Also is there a way to make the use of html in profile fields more secure? I believe psionic have release his interactive profiles script with custom css feature that is somewhat protected from xss flaws. Can this be integrated into this mod? |
The bug you mention is more of a limitation of vBulletin itself. In order to "fix" the max characters issue (I have done this on my site), you should alter the db fields for those profile fields. I believe they are set to VARCHAR(255). If you have MySQL 5 you can set the VARCHAR higher I think, but I just changed the fields to MEDIUMTEXT.
I will look at Psionic's mod one of these days and see what you are referring to... but honestly as long as script tags and comment tags exist, or the ability to define new HTML tags, I don't think there is a truly safe way to allow HTML. |
no worky with 3.7 =(
|
I will release an updated version as soon as I get around to installing 3.7. Right now I am still in the process of making my site upgrade friendly.
|
Any update?
|
I have had no issues running this on 3.7. If you are having issues, try to contact me via AIM. Thanks.
|
I don't have AIM. You got msn? That's the error i am getting when trying to access a profile:
Warning: Invalid argument supplied for foreach() in /includes/functions.php on line 3767 Fatal error: Call to a member function query_read_slave() on a non-object in /home/xxxx/public_html/beta/forums/includes/class_bbcode.php on line 217 |
I'm not sure how you are executing the member_customfields plugin, since in 3.7 member_customfields is missing.
EDIT: I found this thread at vb.com: http://www.vbulletin.com/forum/proje...?issueid=23995 Until such time as vBulletin 3.7 GOLD is released, my profile fields feature is unsupported. A lot of changes were made in 3.7, so I will release a new version of this mod at such time. The 3.7 version of this mod is a bit smarter/faster, has even more compatibility with other hacks, and is much easier to integrate should the need arise. |
Quote:
http://htmlpurifier.org/ I've been thinking about plugging this into vB for a while now. I've done some work with it in other systems (like a classified system I run), and it looks pretty damn solid. I ran a couple of the more comprehensive attack suites on it, and have yet to find anything damaging get through. Although I do agree that there is no such thing as truly safe HTML enabled user input, especially when it comes to 'zero day' attacks using newly discovered vectors before things like HTML Purifier can be updated ... but these guys seem to be pretty much on the ball. Certainly a better option than relying on roll-yer-own XSS cleaning scripts maintained by vB (or whoever), who don't really have the time to stay on top of this stuff on a day to day basis. -- hugh |
Just FYI, although we now have the member_customfields hook back in 3.7b2, it has moved location (into fetch_profilefield_display() in functions.php), so to get the CES profile field stuff working, you need to add:
Code:
global $vbulletin, $userinfo;-- hugh |
I'll look at the Purifier you posted, thanks.
As for the member_customfields plugin. Actually more changes than mentioned are necessary, just because of the new structure of member.php and that profile-block class. And according to my B2 & B3 ZIPs the hook needs to manually be added to that location, which is why I am not supporting the custom field parsing feature on 3.7 until gold. |
Sorry, I meant b3 not b2.
The hook is definitely there. All I did was download the latest b3 ZIP, installed it, and installed the CES ZIP from this thread. The globals were all I had to add to the plugin to get it working. I didn't have to touch vB's code. Here's the fetch_hook, line 1341 of functions.php in fetch_profilefield_display(): Code:
($hook = vBulletinHook::fetch_hook('member_customfields')) ? eval($hook) : false;Obviously there are some other issues, like the AJAX based in-place editing on the Profile, which will blow away HTML formatting ... but that's just another SMOP. :) EDIT - actually it doesn't trash the formatting, it just doesn't render as HTML on the AJAX response, because when vectoring through AJAX, $userinfo hasn't been set. So I just added ... Code:
if (!$userinfo)-- hugh |
I recently installed this and after install all of my bbcode stopped working. I downloaded this to have my custom profile field #5 parsed as HTML. However directly after install my bbcode was turned off when all usergroups have bbcode as on. I then proceeded to the edit usergroups and I edited every user group that I was apart of to allow html as well as every other option. Still nothing. I do not know what to put in the
Quote:
|
You would put 5 in the option you asked about, but only if you have added that info in your postbit template. As for your next question, as long as a user is a member of at least 1 group with permission, they should be able to do whatever that permission allows. As for your BB-Code not working, this generally occurs as a result of a conflict with another modification, or a substantial update to vBulletin. Please get back to me regarding your version number.
|
Well I promised a new version a few months back, and rather than wait for 3.7 to go GOLD, I thought I would give everyone a Presidents' Day present.
This mod has been completely rewritten for the pending release of vBulletin 3.7.0. Permissions are now faster and more reliable. It is much easier for other coders to add support for their own mods or new vBulletin products. cheesegrits directed me to HTMLPurifier in order to integrate it into this mod. This has been flagged for the next version. |
Does this work in vB 3.7 Visitor Messages?
I just tested with [IMG] tag but it didn't work, all usergroup permissions are set to allow IMG.. or did I miss something? Edit: I also saw, that in profile fields, it's also not parsing the bbcode. What could be wrong? Edit 2: The following errors occurred when this message was submitted: "BB code yt is not allowed." (How to fix allowing custom BB code?) |
vBulletin 3.7 was hardcoded by Jelsoft to only allow simple BB-Codes like b, i, and url in Visitor Messages. The "support" this mod has for Visitor Messages is basically that it won't break them.
The only Profile Fields I have tested BB-Code in are on the About Me tab - Biography, Location, Interests, etc. Any other tabs use a different parser that I haven't investigated yet simply because I haven't gotten around to fixing up the profiles on my site yet. Even though I did test it first, it's possible that I broke the code because I manually created the product-xml and files rather than just exporting them from my site (I've been known to forget plugins from time to time). If you have a problem not addressed here, PM me a link to such a profile. Thanks. |
Okay, I hate the hardcoded BB-Code for visitor messages of jelsoft, I wonder why they allows links in visitor messages, very nice for spammers and I don't know how to disallow.
I got custom profile fields, could that be the reason (i.e.: field9), I'd like to parse BB-Code in it. Could you test it on your board please with custom profile fields, so we can be sure that this isn't my problem? |
I will be looking into this. I also suspect that Profile Fields in the Postbit won't parse in a post that was JUST made via Quick Reply or that was JUST Quick Edited, so I will be testing and releasing another patch shortly.
Please confirm that Posts and postbits are parsing correctly. |
Okay I have fixed this on the dev version. The problem was that $forumid wasn't getting passed through the function. To fix it temporarily on your site, you can add $forumid to the argument list for the function call in the bbcode_parse_start plugin. The code should be:
PHP Code:
PHP Code:
PHP Code:
|
Hello thincom,
I just installed the 2.0.1 and it's still not parsing [IMG] code in profile fields or visitor messages. I'm tinking about if something else is blocking this, but it's the first time I use your mod, so I'm not sure if it's meant to work there. Quote:
I also have project tools installed and of course your special xml therefor. (Just for info, don't know if it's important for you to know that). Edit: I also got a 3.6.5 board, after installing CES_parser I get a database error when I go to the profiles: Invalid SQL: SELECT COUNT(*) AS count FROM infraction AS infraction LEFT JOIN post AS post ON (infraction.postid = post.postid) LEFT JOIN thread AS thread ON (post.threadid = thread.threadid) WHERE infraction.userid =; MySQL Error : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 5 Perhaps this could help you too. |
Okay, as [IMG] code seems to be the only malfunctioning code on your board, it would appear that vBulletin is hardcoded in some way to circumvent its use on the profile. I will see if there is a possible workaround for this.
I will also look at the 3.6.5 member.php to see why that may occur, although I know these permissions don't touch infractions at all. At first glance, it looks like $userinfo might be cleared for some reason. |
Okay sorry, but I got 2 more things in 3.7
The inline-edit in about me doesnt show up anymore (which is less important) .. but I have a major problem: when posting a visitor message on foreign profiles, the message is showing up in my profile only .. can you reproduce this? Sorry to report you so many things, but I'd really like to help you and get your mod working because I've waited for a mod like yours. =) |
Quote:
Quote:
Quote:
|
Quote:
In includes/ces_permissions.php, find: PHP Code:
PHP Code:
|
i get a blank white profile page after install for vbulletin 3.7 beta 4
|
Did you try the solution in my last post?
|
Quote:
Quote:
My only real concern about using HTMLpurifier is convincing people who install it to keep it updated. All we can really do is put a big note in the mod description reminding people how important it is to mark the product "installed" so they can be informed of any security updates. -- hugh |
Quote:
|
Quote:
|
Apparently there is some conflict with one of the modules available for vBadvanced. I'm not a vBa user, and since I don't have the time to go through all the addons for it, could someone experiencing the white page bug PM me login details for a test board with this issue? It has been reported by multiple users, so I would like to post a fix. Thanks.
|
Do you have any idea which module? I'm a CMPS user, be happy to debug it for you.
-- hugh |
Quote:
-- hugh |
That's good to know. Thanks for confirming. Hard to believe that such a crazy bug could be caused by that. I'm still trying to figure out why IMG tags are completely stripped from Profile Fields.
|
Yes I can also confirm this. Thanks for this fix!
Another question, what about custom BB-Code? When trying to post a visitor message with custom bb-code it always says: The following errors occurred when this message was submitted 1. BB code yt is not allowed. Is there a way to allow it? Its also ignored in "about me". |
Yeah the reason for this was the way Visitor Messages were hardcoded. I suspect that the developers thought we wouldn't want users embedding videos and images and such on people's profiles. Of course it's always possible to block individual codes and not kill the whole list.
I have implemented a workaround for this in my dev version, so that IMG and custom BB-Codes are working. I just have to figure out why HTML and IMG aren't parsed immediately following the AJAX edit pencils (until page refresh). |
Quote:
PHP Code:
But I do need to test and make sure this doesn't screw up display perms when not using AJAX ... EDIT - yup, it does need another change to work right in both cases: PHP Code:
-- hugh |
Quote:
Thanks for your fix, though. It saved me some time looking this afternoon. |
Yeah, I figured there'd be some other gotchas.
I'd like to get my hands on your latest fixes ASAP. I have a different issue - profile fields will display correctly after an AJAX edit, but not on a regular profile page load. I'm working on a semi-related hack, which replaces the regular About Me tab (but shows the same About Me profile field info by default unless you crate an HTML profile). And I'm not sure if it's a bug in my code, or some weird interaction between mine and yours, but the default field display isn't parsed. Except when loaded via AJAX ... *sigh* ... -- hugh |
| All times are GMT. The time now is 01:33 PM. |
Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
| X vBulletin 3.8.12 by vBS Debug Information | |
|---|---|
|
|
 More Information |
|
|
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|