Thread: Extension/product for creating custom BBcode executing my PHP code?
View Single Post
  #6  
Old 08-26-2019, 10:26 PM
vbSuperfan vbSuperfan is offline
 
Join Date: Jun 2019
Posts: 9
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by In Omnibus View Post
The UserID appears when you hover over the user avatar. It's in the User Profile URL. Why would you need to create a PHP function to call the UserID when it's already easily available? I mean, it can be done but if it's not necessary it's a lot of work for nothing.
Please see my justification for this functionality here.

Believe me, it's necessary.


Quote:
Originally Posted by In Omnibus View Post
When you start getting into trying to reverse engineer code to make it work you're asking for problems.
The entire extension architecture of vBulletin 5 is more or less based on having to "reverse engineer code" in order to do anything (i.e. knowing which class methods to override/extend), so this statement doesn't make sense at all I'd say?

Quote:
Originally Posted by In Omnibus View Post
Security would be the primary one. If you can backdoor into the core code then so can someone else.
This doesn't make any sense either. If I create a custom BB code that executes some static PHP code to generate its output (e.g. in order to display the user ID of the viewing user), this:

a) Doesn't open up any security vulnerabilities whatsoever.

b) Doesn't constitute any "backdooring" any more than any other PHP code added to vBulletin by any other extension, of for that matter, the core developers of vBulletin itself.

PS.
My main occupation is being a senior IT security expert, performing code security audits and providing advice for large organizations like banks and government entities...
Reply With Quote
 
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01203 seconds
  • Memory Usage 1,768KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD_SHOWPOST
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (3)bbcode_quote
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_box
  • (1)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit_info
  • (1)postbit
  • (1)postbit_onlinestatus
  • (1)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • reputationlevel
  • showthread
Included Files:
  • ./showpost.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showpost_start
  • bbcode_fetch_tags
  • bbcode_create
  • postbit_factory
  • showpost_post
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • showpost_complete