vb.org Archive - Disable conditional function filters

vb.org Archive (https://vborg.vbsupport.ru/index.php)

- vBulletin 3.0 Full Releases (https://vborg.vbsupport.ru/forumdisplay.php?f=33)

- - Disable conditional function filters (https://vborg.vbsupport.ru/showthread.php?t=67947)

Disable conditional function filters

This hack will allow you to by-pass the function filters built into the template conditional's. Currently you are restricted to the following functions:

PHP Code:


		
			
        $safe_functions = array(

            // logical stuff

            0 => 'and',              // logical and

            1 => 'or',               // logical or

            2 => 'xor',              // logical xor



            // built-in variable checking functions

            'in_array',              // used for checking

            'is_array',              // used for checking

            'is_numeric',            // used for checking

            'isset',                 // used for checking

            'empty',                 // used for checking

            'defined',               // used for checking

            'array',                 // used for checking



            // vBulletin-defined functions

            'can_moderate',          // obvious one

            'can_moderate_calendar', // another obvious one

            'exec_switch_bg',        // harmless function that we use sometimes

            'is_browser',            // function to detect browser and versions

            'is_member_of',          // function to check if $user is member of $usergroupid

        );

With this hack installed you will be allowed to use ANY avaiable php or vBulletin defined function within your templates. I have also included a on/off switch that allows you to disable filtering via config.php.

PHP Code:


		
			
// filtering off

define('C_PASSTHRU', false);



// filtering on

define('C_PASSTHRU', true);

This hack is ment to be used on test boards for functionality testing, do not run it in production enviroments.

mm coolies

/me runs off to test

i'm not sure to understand here... do you have a patent example before i put this in ?

Quote:

Originally Posted by nexialys

i'm not sure to understand here... do you have a patent example before i put this in ?

It just allows you to pass anything via the templates to be prased into php code, use it for some form of checking that you can not currently to with allowed functions. I use it to quickly do some dirty checking in the templates when I build hacks, later on I go back and put the logic into the php code.

This is just something to make it a little eaiser on developers, I found it to save some time while developing with vBulletin on local test copies.

ok then... (i never code inside the templates, i prefer directly into files, so anyway...)

Checking with the templates has its benifits in some cases, lets say I created some new functions to be used to display differing html inside forums depending on what the forumid is.

So lets asume I have two functions i've inserted into functions.php:

PHP Code:


		
			
// returns list of forumid's

fetch_forumids()

{

       $forumids = '1,2,3';

       return $forumids;

}



// Match current forumid to list of ids

match_forums($forumid)

{

    eval('$var = in_array($forumid, array(' . fetch_forumids() . '));');

    return $var;

}

So with these functions I wan't to code my template like this:

HTML Code:

<if conditional="match_forums($forumid)">

// do special forum display here

<else />

// do normal forum display here

</if>

With filtering on I have to edit this block in adminfunctions_template.php everytime I want to use a new function in the templates:

PHP Code:


		
			
 $safe_functions = array(

            // logical stuff

            0 => 'and',              // logical and

            1 => 'or',               // logical or

            2 => 'xor',              // logical xor



            // built-in variable checking functions

            'in_array',              // used for checking

            'is_array',              // used for checking

            'is_numeric',            // used for checking

            'isset',                 // used for checking

            'empty',                 // used for checking

            'defined',               // used for checking

            'array',                 // used for checking



            // vBulletin-defined functions

            'can_moderate',          // obvious one

            'can_moderate_calendar', // another obvious one

            'exec_switch_bg',        // harmless function that we use sometimes

            'is_browser',            // function to detect browser and versions

            'is_member_of',          // function to check if $user is member of $usergroupid

        );

If you are like me your code is changing all the time, keeping this block up to date in the development phase gets old fast :)

Nice.

Unless there are cases where the user can inject code, the default should be less restrictive. It is very handy to have more power on the template side.

Excellent work - what a great thought!

It's so simple and i didn't come across the idea myself. ^^

Excellent stuff Brad!! Will be using it from now on.

X vBulletin 3.8.12 by vBS Debug Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)bbcode_html_printable (4)bbcode_php_printable (1)bbcode_quote_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)pagenav (1)pagenav_curpage (1)pagenav_pagelink (1)post_thanks_navbar_search (1)printthread (10)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start pagenav_page pagenav_complete bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages:

Phrase Groups Available:

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.02076 seconds Memory Usage 1,766KB Queries Executed 10 (?)
More Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)bbcode_html_printable (4)bbcode_php_printable (1)bbcode_quote_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)pagenav (1)pagenav_curpage (1)pagenav_pagelink (1)post_thanks_navbar_search (1)printthread (10)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start pagenav_page pagenav_complete bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages: