[Velocd]

Hmm, a problem I've come in contact with this hack is whether to make the functions return a value relative to the first time they're called, or upon every page refresh.

For example, I'll use the code from my last post:

Usage: [random="100"]200[/random]
Masked: [random="{option}"]{param}[/random]
PHP: rand({option}, {param});

Because vBulletin retains BBCode tags in posts, and doesn't substitute them with hard-coded values (which absolutely makes sense), this would mean upon page refresh a function is called everytime.

In the case of functions that return non-static values, like rand(), you're going to get a new random number everytime you refresh the page.

I'm not sure if your hack will be affected by this mudpyr8 in a negative way, but let me know your thoughts.

I could hard-code the values for specific functions, making the first generated return value replaced with its tag, and upon page refresh it'll never update.

This would also be a tad more efficient since you aren't calling custom functions over and over again upon page refresh, but the downside is if you were to ever change the bbcode tag or bbcode function from the AdminCP, the previous instances that have already been posted wouldn't be updated. Although, whether that is a huge concern.. I wouldn't think so.

I'll probably add an option for the administrator to decide how they want it.

Quote:

intentially calling a function with invalid paramaters to cause a parse error & the ability to by inject PHP code

A user can only pass a string as a argument (either {param} or {option}) and nothing more. This solves one from passing PHP code to screw stuff up. You cannot pass functions or variables as arguments either.

As for passing an incorrect amount of arguments, or the wrong datatype of a argument, normally this would result in a parse error.

But, just apply the @ in front of a function, and you suppress its error messages.