vb.org Archive
Page 1 of 9 1 23 Last »
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin 3.6 Add-ons (https://vborg.vbsupport.ru/forumdisplay.php?f=194)
-   -   Miscellaneous Hacks - CES Parser Permissions (https://vborg.vbsupport.ru/showthread.php?t=138476)

thincom2000 02-04-2007 10:00 PM
CES Parser Permissions
 
CES Parser Permissions
vBulletin 3.6.x, 3.7.x, 3.8.x, 4.0.x supported
Version: 2.2.3

If you encounter what you think may be a bug, please include your vBulletin version number when reporting it, since code and fixes differ greatly from 3.6.4 - 3.8.x.

*** NEWS ***
11/8/2010 - 2.2.3 released
5/15/2010 - 2.2.2 released
4/12/2009 - 3.6.x thread separated

Known Issues:
- If you are using the Advanced BB-Code Permissions hack, conflicts can arise when profile fields are parsed in the postbit, causing nothing be parsed. The fix is described here: https://vborg.vbsupport.ru/showthread.php?p=1252480

What It Does:
Allows you to grant only certain usergroups the ability to use HTML, BB-code, smilies, and IMG-code in their profile fields, posts, PMs, and in Project Tools.

Mod Features:
- parse profile fields on user profiles using Usergroup Permissions
- parse profile fields in postbits using Usergroup Permissions
- parse posts using Usergroup Permissions
- parse calendar events using Usergroup Permissions
- parse private messages using Usergroup Permissions
- parse Project Tools issues and replies using Usergroup Permissions
- parse Social Messages and usernotes using Usergroup Permissions
- complete Forum Rules integration
- disallow certain HTML tags

Products to Install: 1
Files to Upload: 3
Files to Edit: 0
Template Edits: 0

*** Changelog ***
As of Version 2.2.3
  • non-forum messages don't parse
  • poll options don't parse

As of Version 2.2.2
  • several bug fixes
  • compatible with VaultWiki 2.5.7 PL 1 & 3.0.0 RC 3

* This mod is offered for free here. Please donate if you like this mod *

Stangsta 02-05-2007 12:29 AM
Does not work in 3.5.4

The hack installs no problem but it will not Parse the HTML. Any suggestions?

thincom2000 02-05-2007 01:12 AM
The 3.5.4 code for generating custom profile fields may be different than 3.6.x. I will look into this and get back to you.

EDIT: It seems to be exactly the same. You are aware that you need to set Usergroup Permissions before it will parse the HTML?

Stangsta 02-05-2007 02:14 AM
Quote:
Originally Posted by thincom2000 (Post 1174876)
The 3.5.4 code for generating custom profile fields may be different than 3.6.x. I will look into this and get back to you.

EDIT: It seems to be exactly the same. You are aware that you need to set Usergroup Permissions before it will parse the HTML?
Yes, I did that and it still posted the HTML as plain text. Maybe someone else will chme in with a success/failure story.

thincom2000 02-05-2007 03:50 AM
What tag did you use?

Stangsta 02-05-2007 04:06 AM
Quote:
Originally Posted by thincom2000 (Post 1174964)
What tag did you use?
Just a simle image tag.

thincom2000 02-05-2007 04:19 AM
Ah, try not using quotes around the URL.

If you were using v1.0.0, quotes were causing a parse error, so the HTML would not be parsed. This has been fixed in v1.0.1

MaestroX 02-05-2007 07:20 AM
Thanks for this i've been waiting for somthing like this to come out. I have couple or requests to make this better:
  • Allow BBcode in profiles
  • Allow Smilies in profile
  • Allow WYSIWYG editor in UserCP to edit profiles for the not HTML savvy ;)

Just a few thoughts ;)

Cheers

Atakan KOC 02-05-2007 08:22 AM
Thanks. Installed


https://vborg.vbsupport.ru/external/2007/02/22.jpg

erinys 02-05-2007 12:49 PM
This has potential! is it porrible to allow a full block with a wysiwyg editor?

Sychev_S 02-05-2007 08:06 PM
Thank you!

thincom2000 02-06-2007 04:49 AM
It wouldn't be too hard to add BBCode and Smilies to this. Unfortunately I currently have several other hacks that I'm working on with a higher priority (multi-domain cookie generation, download forums, latest post on forum home, intelligent poll queries) and at the same time I'm trying to get my site upgraded in a timely manner. I just threw this together real fast because someone requested it, and I thought I would be nice.

Nonetheless, I may update this on the weekend. Until then :cool: !

MaestroX 02-06-2007 06:46 AM
Great thankyou very much :)

Snake 02-06-2007 06:22 PM
Awesome! I've been waiting for this. :D

MissKalunji 02-07-2007 11:46 AM
So what does this do? add html? like what font color background etc?

bada_bing 02-07-2007 03:03 PM
Quote:
Originally Posted by MissKalunji (Post 1176731)
So what does this do? add html? like what font color background etc?
I suppose this depends on the HTML code you insert.

thincom2000 02-07-2007 04:21 PM
Yup, whatever HTML you enter. You can also filter out some tags (which would work as a filter in normal text too, so I wouldn't recommend filtering tags like <b>, <i>, <u>, <tt>, etc or it will start filtering out parts of words. I tried adding an option to make it only filter when followed by a > but that just resulted in really bad tags like iframe, script, and embed still parsing.

thincom2000 02-11-2007 10:23 PM
*bump* This hack now adds permissions to parse BB-code, smilies, and IMG-code as well as HTML.

thincom2000 02-16-2007 08:57 PM
I have expanded this hack to add permissions for posting per usergroup as well. I have also fixed the banned tags filter so that it only filters HTML tags instead of acting as a bad word filter. As soon as I do some testing I'll release this updated version.

bada_bing 02-17-2007 03:08 AM
Anyone have a good screen shot of there memberinfo running this hack. Like to see how you are all using it

thincom2000 02-17-2007 04:08 AM
Currently working on including an extremely dangerous [anything] BB-code tag, though the going is rough. When I release the next version I highly recommend only letting the Super-Admin use this tag since it will parse anything.

EDIT: Finished the anything tag. A little more complicated than I thought it would be, and sadly requires a file edit, thanks to the lack of hooks.

The whole purpose of the anything tag was because I desperately needed to use an <if condition> inside a post.

thincom2000 02-18-2007 04:11 PM
Version 1.2.0 released. The new version includes Usergroup Permissions for posting, and a new BB-code tag [anything] (please use responsibly).

EDIT: Version 1.2.1 will include updated Forum Rules.

zippokid 03-13-2007 12:44 AM
I would be infinitely grateful if this were made to work in 3.5.4

thincom2000 03-13-2007 01:06 AM
Unfortunately I do not have a 3.5.x test board. I don't believe any of the hooks are different or that the bitfields have changed, since I have been able to use 3.5.x products no problem (and in fact I used part of a tutorial from 2.x to write the hack). Try editing the product-xml with Notepad and change the dependency to 3.5.

Let me know if you have any problems.

zippokid 03-13-2007 01:30 AM
Hmm i get some mysql table issues when I try. I'm not too experienced with this. I'm not pushing for it or anything, but I'd appreciate it.

thincom2000 03-13-2007 02:08 AM
What are your errors?

zippokid 03-13-2007 02:20 AM
Code:
Database error in vBulletin 3.5.4:

Invalid SQL:

### INSERT QUERY GENERATED BY fetch_query_sql() ###
INSERT INTO plugin
        (`active`, `executionorder`, `title`, `hookname`, `phpcode`, `product`)

VALUES
        ('1', '5', 'Parse Profile Fields', 'member_customfields', 'global $check_ugp;\r\n\r\n$userinfo[\'permissions\'] =
cache_permissions($userinfo);\r\n$check_ugp =
convert_bits_to_array($userinfo[\'ces_parser_permissions\'],
$vbulletin->bf_ugp[\'ces_parser_permissions\']);\r\n$bad_tags = explode(\',\',
$vbulletin->options[\'bad_tags\']);\r\n\r\nif ($check_ugp[\'can_html_profile\'])\r\n{\r\n       
$allowed[\'html\'] = true;\r\n\r\n        foreach ($bad_tags AS $badtag)\r\n        {\r\n               
$profilefield[\'value\'] = str_replace( \'<\' . trim($badtag), htmlspecialchars(\'<\' .
trim($badtag)), $profilefield[\'value\']);\r\n                $profilefield[\'value\'] = str_replace( \'</\' .
trim($badtag), htmlspecialchars(\'</\' . trim($badtag)), $profilefield[\'value\']);\r\n        }\r\n       
unset($badtag, $badtags);\r\n}\r\n\r\n$allowed[\'bbcode\'] =
$check_ugp[\'can_bbcode_profile\'] ? true : false;\r\n$allowed[\'smilies\'] =
$check_ugp[\'can_smilies_profile\'] ? true : false;\r\n$allowed[\'imgcode\'] =
$check_ugp[\'can_imgcode_profile\'] ? true : false;\r\n\r\nrequire_once(DIR .
\'/includes/class_bbcode.php\');\r\n$parser =& new vB_BbCodeParser($vbulletin,
fetch_tag_list());\r\n$profilefield[\'value\'] = $parser->do_parse($profilefield[\'value\'],
$allowed[\'html\'], $allowed[\'smilies\'], $allowed[\'bbcode\'],
$allowed[\'imgcode\']);\r\n\r\neval(\'$profilefield[value] =
\"$profilefield[value]\";\');\r\n$userinfo[\"$profilefieldname\"] =
$profilefield[\'value\'];\r\n\r\nunset($check_ugp, $parser, $allowed);', 'ces_html_profile');


MySQL Error  : Unknown column 'executionorder' in 'field list'
Error Number : 1054
Date        : Monday, March 12th 2007 @ 08:18:06 PM
Script      : http://www.site.com/bb/admincp/plugin.php
Referrer    : http://www.site.com/bb/admincp/plugin.php?do=productadd
IP Address  : xx.xx.xx.xx
Username    : admin
Classname    : vB_Database

thincom2000 03-13-2007 02:59 AM
Oh, right. No execution order in those days. Well if that's the only conflict (I hope), it should be a relatively simple conversion... Do you have a test board where you could do some beta-testing of a 3.5.4 version?

zippokid 03-13-2007 03:12 AM
yes i do, i'd be glad to help with that kind of thing.

YabbaDabba 04-03-2007 07:31 AM
Seems like I should be able to block use of the IMG tag by new users, right?

MOST EXCELLENT!!

I will install ASAP.

YabbaDabba 04-05-2007 03:04 AM
Error in readme.txt:

IS:
In forum/
-----------------------------
- upload: product-ces_html_profile.xml

SB:
In forum/
-----------------------------
- upload: bitfield_ces_html_profile.xml (I guess <<shrug>>)

And in the zip file, the 2 bitfield files are identified as belonging in the "includes/xml/" folder.

I assume the readme takes precedence, but it could be confusing to us literalists. :D

How about something like:

Quote:
*******************************************
** INSTALLATION **
*******************************************

In forum root
-----------------------------
- upload: bitfield_ces_html_profile.xml

In forum/includes/xml/
-----------------------------
- upload: bitfield_ces_parser_perms.xml

In admincp > Plugins & Products > Manage Products > Add/Import Product
Install: product-ces_parser_perms.xml

and you're done.
Also, I would appreciate some screenshots as to what to expect.

What does the modified Manage Usergroups form look like?
What happens within the WYSIWYG editor if some basic tags are disabled?
Does the editor Preview reflect the disabled permissions?
Are the Posting Rules for the Editor changed?

p.s., I think this is the single most important add-on for our boards. Thank you so much for doing this!!

thincom2000 04-05-2007 05:17 AM
Quote:
Originally Posted by YabbaDabba (Post 1220106)
What does the modified Manage Usergroups form look like?
What happens within the WYSIWYG editor if some basic tags are disabled?
Does the editor Preview reflect the disabled permissions?
Are the Posting Rules for the Editor changed?
The WYSIWYG editor does not seem to reflect the permissions. Everything parses in the editor until the post is submitted. I will have to fix this.

I don't believe editor Preview currently does, I will have to fix this as well (unfortunately will add a query to the Post Preview in the Editor.

The posting rules do change.

YabbaDabba 04-05-2007 05:36 AM
Thanks.

In re-reading the instructions, I think I got it wrong, but I still don't quite understand the intent.

Are you recommending uploading the product-xml to the server and installing it as a product from there? Why not install locally? ANd why are there 2 bitfield files if only one is needed? Or am I still way off the mark? :LOL:

YabbaDabba 04-05-2007 05:43 AM
Oops. I see there's a new zip.

I'll give it a shot. Thanks for the quick turn-around!

YabbaDabba 04-05-2007 06:10 AM
In your readme, you state:
Quote:
Don't be disillusioned: it is still possible for hackers to workaround
these limitations. Only grant HTML to members of your site's staff.
I'm not looking for hacking tips here, but I don't understand what you mean by "limitations" specifically.

Are you referring specifically to the html limits?
Are you referring to the vB-imposed html limits or the CES-imposed limits?
Are you saying that CES Parser Perms opens new security holes in the php or are you referring to hacking the vB php or are you saying that once CES opens the html door a tiny bit, the hackers are off to the races?
And if you are suggesting that there are risks once CES opens up some limited html rights, can you give me a general idea of what you mean? That is, what would tip me off that someone is trying to break things (besides a cracked forum, that is :D ).

Just trying to better understand the risk you are referring to. :D

YabbaDabba 04-05-2007 07:57 AM
Well, I don't know. :confused:
I am only interested (right now) in turning off the IMG tag for new users, but I couldn't get it to work?

Steps:
1 - Uploaded product-ces_html_profile.xml to forum root
2 - Upload bitfield_ces_parser_perms.xml to /includes/xml/
3 - set permissions on both to 755
4 - installed product-ces_html_profile.xml as product (from local copy)
5 - vBulletin Options -> CES Profile Fields -> Banned Tags were left as is
6 - vBulletin Options -> CES Profile Fields -> Global Variables were all deleted (not using "anything" tag)
7 - Usergroup Manager -> Edit Usergroup -> CES Profile Permissions left unchanged
8 - Usergroup Manager -> New Members > Edit Usergroup -> Post/Thread Permissions changed only IMG tag to "no"
9 - created new account in "New Members" group
10 - logged in as new member in FF 2.0.0.2 browser
11 - clicked Post Reply
12 - Editor page does indeed show "[IMG] code is Off"
13 - Added text and copy-n-pasted an image into editor (it appeared in editor)
14 - Clicked Preview (did NOT appear in preview - just the img tags and image url)
14 - Clicked "Submit" to display post.
15 - Image graphic appears in post. I can see it as a "New Member" in FF2 and as Admin in IE7.

So, what did I do wrong??

Also tried changing CES Profile Permissions for IMG tag in profile to "No" but this had no effect on posting either (which is good).

Environment:
vB 3.6.5
PHP Version 5.2.0-8+etch1
Server API CGI/FastCGI
MySQL 5.0.32-Debian_7etch1-log
Server lighttpd/1.4.13
OS Linux

YabbaDabba 04-05-2007 08:19 AM
If I ALSO disable BB codes in Usergroup -> Post/Thread Permissions, that seems to knock out the IMG tag parsing successfully.

But that seems way harsh. :eek:

Is that your intent?

thincom2000 04-05-2007 11:22 AM
In the plugin called Post Parsing Perms, find:
PHP Code:
$dobbimgcode = ($check_ugp['can_imgcode_post'] AND $dobbimgcode) ? true false
Replace with:
PHP Code:
$dobbimagecode = ($check_ugp['can_imgcode_post'] AND $dobbimagecode) ? true false
Quote:
Originally Posted by YabbaDabba
I'm not looking for hacking tips here, but I don't understand what you mean by "limitations" specifically.
I am saying that the Banned HTML Tags setting in this addon is nowhere near hacker proof. If a hacker wants to use those tags, they will find a way. That being the case, limit the Usergroups allowed to use HTML to those you know probably don't inlcude members who will be trying to hack your site. ;)

YabbaDabba 04-05-2007 12:58 PM
That seems to have done the trick. :D

Thank you, thank you, thank you!

FYI: In both IE and FF, minor weirdness in the editors.

A graphic image pasted into the edit window displays as an image (which can build expectations).

But using preview knocks out the disabled codes. (just see the raw BB codes) :up:

Submitted posts don't parse the disabled codes. IMG source displayed as URL. :up:

Edit Posts doesn't display the parsed tags, just the raw BB codes. :up:

Again, this is in IE7 and FF 2.0.0.2. Your mileage may vary.

Thanks again.

YabbaDabba 04-10-2007 07:27 AM
May be seeing some weirdness in un-even coverage of permissions?

Symptoms:
Mod-to-Mod PMs are not parsing BB code. (Mod sees the unparsed tags in PM from another Mod.)
Admin-to-Mod PM is parsing BB code. (Mod says he sees the parsed results in PM from admin.)

Mod says his posting rules on his PM Editor page is:

Posting Rules
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

I assume the PM code permissions are the same as the posting permissions.
For Mods and Admins, they are set the same (via Usergroup Mgr > Edit > Post / Thread Permissions):
- Allow HTML in posts? No
- Allow BB-code in posts? Yes
- Allow Smilies in posts? Yes
- Allow IMG-code in posts? Yes
- Allow Anything-code in posts? No

And "CES Profile Permissions" are set the same as above (except it says "profile fields" :D ).

Can't see anything else in the Usergroup settings that would be the cause of this.

Suggestions and ideas?

============
NOTE: your ver 1.2.2 is still displaying as 1.2.1 in the Managed Products list.


All times are GMT. The time now is 05:23 PM.
Page 1 of 9 1 23 Last »
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01594 seconds
  • Memory Usage 1,843KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_code_printable
  • (2)bbcode_php_printable
  • (7)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (2)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (40)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete