Error in readme.txt:

IS:
In forum/
-----------------------------
- upload: product-ces_html_profile.xml

SB:
In forum/
-----------------------------
- upload: bitfield_ces_html_profile.xml (I guess <<shrug>>)

And in the zip file, the 2 bitfield files are identified as belonging in the "includes/xml/" folder.

I assume the readme takes precedence, but it could be confusing to us literalists. :D

How about something like:

Also, I would appreciate some screenshots as to what to expect.

What does the modified Manage Usergroups form look like?
What happens within the WYSIWYG editor if some basic tags are disabled?
Does the editor Preview reflect the disabled permissions?
Are the Posting Rules for the Editor changed?

p.s., I think this is the single most important add-on for our boards. Thank you so much for doing this!!

The WYSIWYG editor does not seem to reflect the permissions. Everything parses in the editor until the post is submitted. I will have to fix this.

I don't believe editor Preview currently does, I will have to fix this as well (unfortunately will add a query to the Post Preview in the Editor.

The posting rules do change.

Thanks.

In re-reading the instructions, I think I got it wrong, but I still don't quite understand the intent.

Are you recommending uploading the product-xml to the server and installing it as a product from there? Why not install locally? ANd why are there 2 bitfield files if only one is needed? Or am I still way off the mark? :LOL:

Oops. I see there's a new zip.

I'll give it a shot. Thanks for the quick turn-around!

In your readme, you state:
I'm not looking for hacking tips here, but I don't understand what you mean by "limitations" specifically.

Are you referring specifically to the html limits?
Are you referring to the vB-imposed html limits or the CES-imposed limits?
Are you saying that CES Parser Perms opens new security holes in the php or are you referring to hacking the vB php or are you saying that once CES opens the html door a tiny bit, the hackers are off to the races?
And if you are suggesting that there are risks once CES opens up some limited html rights, can you give me a general idea of what you mean? That is, what would tip me off that someone is trying to break things (besides a cracked forum, that is :D ).

Just trying to better understand the risk you are referring to. :D

Well, I don't know. :confused:
I am only interested (right now) in turning off the IMG tag for new users, but I couldn't get it to work?

Steps:
1 - Uploaded product-ces_html_profile.xml to forum root
2 - Upload bitfield_ces_parser_perms.xml to /includes/xml/
3 - set permissions on both to 755
4 - installed product-ces_html_profile.xml as product (from local copy)
5 - vBulletin Options -> CES Profile Fields -> Banned Tags were left as is
6 - vBulletin Options -> CES Profile Fields -> Global Variables were all deleted (not using "anything" tag)
7 - Usergroup Manager -> Edit Usergroup -> CES Profile Permissions left unchanged
8 - Usergroup Manager -> New Members > Edit Usergroup -> Post/Thread Permissions changed only IMG tag to "no"
9 - created new account in "New Members" group
10 - logged in as new member in FF 2.0.0.2 browser
11 - clicked Post Reply
12 - Editor page does indeed show "[IMG] code is Off"
13 - Added text and copy-n-pasted an image into editor (it appeared in editor)
14 - Clicked Preview (did NOT appear in preview - just the img tags and image url)
14 - Clicked "Submit" to display post.
15 - Image graphic appears in post. I can see it as a "New Member" in FF2 and as Admin in IE7.

So, what did I do wrong??

Also tried changing CES Profile Permissions for IMG tag in profile to "No" but this had no effect on posting either (which is good).

Environment:
vB 3.6.5
PHP Version 5.2.0-8+etch1
Server API CGI/FastCGI
MySQL 5.0.32-Debian_7etch1-log
Server lighttpd/1.4.13
OS Linux

If I ALSO disable BB codes in Usergroup -> Post/Thread Permissions, that seems to knock out the IMG tag parsing successfully.

But that seems way harsh. :eek:

Is that your intent?

In the plugin called Post Parsing Perms, find:
Replace with:
I am saying that the Banned HTML Tags setting in this addon is nowhere near hacker proof. If a hacker wants to use those tags, they will find a way. That being the case, limit the Usergroups allowed to use HTML to those you know probably don't inlcude members who will be trying to hack your site. ;)

That seems to have done the trick. :D

Thank you, thank you, thank you!

FYI: In both IE and FF, minor weirdness in the editors.

A graphic image pasted into the edit window displays as an image (which can build expectations).

But using preview knocks out the disabled codes. (just see the raw BB codes) :up:

Submitted posts don't parse the disabled codes. IMG source displayed as URL. :up:

Edit Posts doesn't display the parsed tags, just the raw BB codes. :up:

Again, this is in IE7 and FF 2.0.0.2. Your mileage may vary.

Thanks again.

May be seeing some weirdness in un-even coverage of permissions?

Symptoms:
Mod-to-Mod PMs are not parsing BB code. (Mod sees the unparsed tags in PM from another Mod.)
Admin-to-Mod PM is parsing BB code. (Mod says he sees the parsed results in PM from admin.)

Mod says his posting rules on his PM Editor page is:

Posting Rules
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

I assume the PM code permissions are the same as the posting permissions.
For Mods and Admins, they are set the same (via Usergroup Mgr > Edit > Post / Thread Permissions):
- Allow HTML in posts? No
- Allow BB-code in posts? Yes
- Allow Smilies in posts? Yes
- Allow IMG-code in posts? Yes
- Allow Anything-code in posts? No

And "CES Profile Permissions" are set the same as above (except it says "profile fields" :D ).

Can't see anything else in the Usergroup settings that would be the cause of this.

Suggestions and ideas?

============
NOTE: your ver 1.2.2 is still displaying as 1.2.1 in the Managed Products list.