The Arcive of Official vBulletin Modifications Site.

Advanced BBCode (Use conditionals in BBCodes) · **Released**: 06-06-2007

It kind of bothered me that you couldn't use vBulletin conditionals in the BBCodes. For example you couldn't use <if condition="$bbuserinfo[usergroupid] == {option}">{param}</if>.

With this small hack you can customize your BBCodes by using vBulletin's own conditionals.

Installing
Download the plugin XML. Go into to your ACP --> Plugins & Products --> Download / Upload Plugins. Scroll to the bottom of the page. Browse to vbulletin-plugins_adv_bbcodes.xml and click "Import".

View the screenshot for an example BBCode you can use.

Muellmann · #12 06-07-2007, 10:51 PM

For example:

Code:

<if condition="$bbuserinfo['userid']>0">{param}<else />This code is not visible for Guests</if>

or:

Code:

<if condition="$bbuserinfo['reputation']>=100">{param}<else />This code is only visible for reputation points.</if>

Other question security related:
I found out that it would parse vb variables directly in the post.
The question is if there is a security matter / issue or not?!
For example I can write in my post

Code:

$bbuserinfo[reputation]

and it would
directly in my post show my reputation value. So I am afraid it could be used by
members for malicious actions or is this impossible?

harmor19 · #13 06-07-2007, 11:09 PM

The conditionals work for me.

It's not really a security risk but you may have data you don't want them to see.

Murty · #14 06-07-2007, 11:54 PM

Could you use this to specify the bbcode to only be used in a particular forum? If so, what code would you use?

AzzidReign · #15 06-08-2007, 02:01 AM

Hmmm, interesting. I'm going to click install for now and download and install this to my site later!

harmor19 · #16 06-08-2007, 03:24 AM

There are a two problems with this mod. One is where a member can type $bbuserinfo[var] and it will output the value in the database but only for their userid. I used preg_replace to fix the problem.
Another is when someone types an array with either single or double quotes $var['foo'] or $var["foo"].
Can anybody help with the second problem?

mhmd1983 · #17 06-08-2007, 08:10 AM

Great mod , even with the simple example you wrote it'll be much fun to use it

WAR · #18 06-15-2007, 04:42 PM

Did you include the fix for the first problem in the plugin yet?

For restricting multiple usergroups, can you use the is_member_of() function instead of the boolean operator? (I know that this works in templates, not sure about here)

Example:

<if condition="is_member_of($bbuserinfo,{option})">{pa ram}</if>

[bbcode_name=5,6]visible to mods and admins only[/bbcode_name]

or you might need quotes, depending on how things are parsed, and whether or not this is related to problem #2 above:

[bbcode_name='5,6']visible to mods and admins only[/bbcode_name]

I am concerned about the security risk, because I have a ton of private/hidden profile fields with personal information about my users that I wouldn't want people to have access to

raywjohnson · #19 08-05-2007, 12:52 AM

Quote:

Originally Posted by Muellmann

Other question security related:
I found out that it would parse vb variables directly in the post.
The question is if there is a security matter / issue or not?!
For example I can write in my post

Code:

$bbuserinfo[reputation]

and it would
directly in my post show my reputation value. So I am afraid it could be used by
members for malicious actions or is this impossible?

Installed and working great! But, is there any security/abuse concern here? Can this be exploited?

--RayJ

raywjohnson · #20 08-05-2007, 01:27 AM

Quote:

Originally Posted by harmor19

There are a two problems with this mod. One is where a member can type $bbuserinfo[var] and it will output the value in the database but only for their userid. I used preg_replace to fix the problem.
Another is when someone types an array with either single or double quotes $var['foo'] or $var["foo"].
Can anybody help with the second problem?

I have some concern about this, could you give an example of the preg_replace regex and where to put it? I would guess it would go in the plugin, but before or after the

PHP Code:


			
eval('$text = "' . compile_template($text) . '" ;');

?

Thanks for any info!

--RayJ

PS:

PHP Code:


			
My failed attempt: eval(preg_replace('/(\$)(show|stylevar|userinfo|vboptions|vbphrase)(\[.+\])/i',"$1 $2 $3",$text));

raywjohnson · #21 08-05-2007, 09:03 PM

It seems as if this only works on new/updates posts. It fails to function for bbcodes in the post-cache. Any info on how to fix this?

Thanx, RayJ

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.05187 seconds Memory Usage 2,310KB Queries Executed 25 (?)
More Information
Template Usage: (1)SHOWTHREAD (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)ad_showthread_beforeqr (4)bbcode_code (2)bbcode_php (2)bbcode_quote (1)footer (1)forumjump (1)forumrules (1)gobutton (1)header (1)headinclude (1)modsystem_post (1)navbar (6)navbar_link (120)option (1)pagenav (1)pagenav_curpage (2)pagenav_pagelink (11)post_thanks_box (1)post_thanks_box_bit (11)post_thanks_button (1)post_thanks_javascript (1)post_thanks_navbar_search (1)post_thanks_postbit (11)post_thanks_postbit_info (10)postbit (11)postbit_onlinestatus (11)postbit_wrapper (1)spacer_close (1)spacer_open (1)tagbit_wrapper Phrase Groups Available: global inlinemod postbit posting reputationlevel showthread	Included Files: ./showthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/functions_bigthree.php ./includes/class_postbit.php ./includes/class_bbcode.php ./includes/functions_reputation.php ./includes/functions_post_thanks.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete showthread_start showthread_getinfo forumjump showthread_post_start showthread_query_postids showthread_query bbcode_fetch_tags bbcode_create showthread_postbit_create postbit_factory postbit_display_start post_thanks_function_post_thanks_off_start post_thanks_function_post_thanks_off_end post_thanks_function_fetch_thanks_start fetch_musername post_thanks_function_fetch_thanks_end post_thanks_function_thanked_already_start post_thanks_function_thanked_already_end post_thanks_function_fetch_thanks_bit_start post_thanks_function_show_thanks_date_start post_thanks_function_show_thanks_date_end post_thanks_function_fetch_thanks_bit_end post_thanks_function_fetch_post_thanks_template_start post_thanks_function_fetch_post_thanks_template_end postbit_imicons bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete postbit_display_complete post_thanks_function_can_thank_this_post_start pagenav_page pagenav_complete tag_fetchbit_complete forumrules navbits navbits_complete showthread_complete
Messages:

Благодарность от:
career

The Arcive of Official vBulletin Modifications Site.

It is not a VB3 engine, just a parsed copy!