Miscellaneous Hacks - CES Parser Permissions

CES Parser Permissions
vBulletin 3.6.x, 3.7.x, 3.8.x, 4.0.x supported
Version: 2.2.3

If you encounter what you think may be a bug, please include your vBulletin version number when reporting it, since code and fixes differ greatly from 3.6.4 - 3.8.x.

*** NEWS ***
11/8/2010 - 2.2.3 released
5/15/2010 - 2.2.2 released
4/12/2009 - 3.6.x thread separated

Known Issues:
- If you are using the Advanced BB-Code Permissions hack, conflicts can arise when profile fields are parsed in the postbit, causing nothing be parsed. The fix is described here: https://vborg.vbsupport.ru/showthread.php?p=1252480

What It Does:
Allows you to grant only certain usergroups the ability to use HTML, BB-code, smilies, and IMG-code in their profile fields, posts, PMs, and in Project Tools.

Mod Features:
- parse profile fields on user profiles using Usergroup Permissions
- parse profile fields in postbits using Usergroup Permissions
- parse posts using Usergroup Permissions
- parse calendar events using Usergroup Permissions
- parse private messages using Usergroup Permissions
- parse Project Tools issues and replies using Usergroup Permissions
- parse Social Messages and usernotes using Usergroup Permissions
- complete Forum Rules integration
- disallow certain HTML tags

Products to Install: 1
Files to Upload: 3
Files to Edit: 0
Template Edits: 0

*** Changelog ***
As of Version 2.2.3

• non-forum messages don't parse
• poll options don't parse

As of Version 2.2.2

• several bug fixes
• compatible with VaultWiki 2.5.7 PL 1 & 3.0.0 RC 3

* This mod is offered for free here. Please donate if you like this mod *

[YabbaDabba]

I think the Preview window not parsing tags per the user's new permissions is the biggest problem we are seeing.

[YabbaDabba]

Since this hack essentially disables the Preview window for everybody, will you be fixing that problem anytime soon?

Right now, I can't really use this because it causes more problems than it fixes.

[thincom2000]

Fixed the preview window by adding a query when the user clicks the Preview button and combining 2 plugins.

Hopefully these changes fix the PM issues you were having, although I have not been able to test this extensively.

[YabbaDabba]

Wow!

I'll give it a test.

[YabbaDabba]

Quote:

Originally Posted by thincom2000

Fixed the preview window by adding a query when the user clicks the Preview button and combining 2 plugins.

Hopefully these changes fix the PM issues you were having, although I have not been able to test this extensively.

In your new ver 1.2.4 zip, the readme states:

Quote:

INSTALLATION
In forum/
-----------------------------
- upload: product-ces_html_profile.xml

Still not sure what you are after here. Do you actually want this in the forum root?
Do I have to install from the forum root on the server, or can I just install from a local copy on my personal computer?

Sorry for being so thick here.

[YabbaDabba]

And in
admincp > vB Options > CES Profile Fields
the section for the Global Variables for the "anything" tag are no longer there.
I assume that is by design.

[YabbaDabba]

Preview is much, much more consistent now.

Preliminary results:

1 - Preview seemed to function normally for those with all CES tag permissions - like my admin account.

2 - Still some odd behavior for those with no IMG permissions.
A - they can't see any images in any posts by any poster. I think this is too much. I would allow them to see images added to a thread by those posters with image permissions. Those wiith no IMG permissions just can't add images themselves.
B - Inconsistent treatment between WYSIWYG and Preview. This is very, very close, but...
The IMG tag is not parsed at all in the WYSIWYG editor and is parsed in the Preview (as a url tag). I suppose there are arguments for doing it that way, but it seems more consistent to have the WYSIWYG editor parse the IMG tags as a URL, just like Preview.
C - This may be related to "B", but I see some behavior in Preview that seems inconsistent with IMG tags inside URL tags. If there is just an IMG tag, Preview displays the image url as a hot link to the image. If the IMG tag set is sandwiched between a URL tag set, Preview still displays it as a hot link to the image. But the WYSIWYG editor seems to parse just the URL tag. That is, the editor displays the image url inside unparsed IMG tags, but hot linked to the url inside the url tag. After being submitted, the URL/IMG combo is displayed as an image url hotlinked to the image. The URL tag is ignored completely.

============

Some thoughts about the general approach to handling tag permissions:

As is, this current scheme doesn't really solve the porn spammer problem. Anybody with IMG tag permissions ON can see the images. I'd have to deny access to IMG tags for practically all members and guests to stop the spammers and this doesn't make sense to me. Also, even if you can successfully hide the images from members with "tag permissions = ON", there is the situation where a problem member successfully sprinkles his posts with inappropriate images. The images will appear as images once they get promoted to a group with greater image permissions.

Wouldn't it be more sensible to just force the IMG tags to be URL tags forever?

Or even better, I'd much rather FULLY deny access to the IMG tag for all members of that group. That is, just strip (delete) the IMG tag from the post completely. No permission = no use = not in post = not in database. The image url appears as unparsed text.

Same for html, smilies, and BB codes. If they don't have permission, the tags are stripped completely from the post when they use Preview or Submit or Save.

=============

Thanks again for your continuing efforts.

[thincom2000]

Quote:

Originally Posted by YabbaDabba

2 - Still some odd behavior for those with no IMG permissions.
A - they can't see any images in any posts by any poster. I think this is too much. I would allow them to see images added to a thread by those posters with image permissions. Those wiith no IMG permissions just can't add images themselves.

This is indeed odd behavior. Are you positive this is only happening with the IMG tag? I didn't modify the way in which any permissions were determined, just the spelling errors from before.

Quote:

Originally Posted by YabbaDabba

B - Inconsistent treatment between WYSIWYG and Preview. This is very, very close, but...
The IMG tag is not parsed at all in the WYSIWYG editor and is parsed in the Preview (as a url tag). I suppose there are arguments for doing it that way, but it seems more consistent to have the WYSIWYG editor parse the IMG tags as a URL, just like Preview.

Not exactly sure why there are differences here. It may have something to do with the overall problems with the IMG tag you seem to be having.

Quote:

Originally Posted by YabbaDabba

If the IMG tag set is sandwiched between a URL tag set, Preview still displays it as a hot link to the image. But the WYSIWYG editor seems to parse just the URL tag. That is, the editor displays the image url inside unparsed IMG tags, but hot linked to the url inside the url tag. After being submitted, the URL/IMG combo is displayed as an image url hotlinked to the image. The URL tag is ignored completely.

This is not an issue related to this mod. I have read elsewhere that vBulletin has this strange behavior when combining URL and IMG tags, because vBulletin automatically converts unparsed IMGs to URLs (this was not functionality I added). I have also read about strange behavior when using [noparse] and [font]. These are what we may consider bugs but more often than not Jelsoft claims is "Working as Designed."

Quote:

Originally Posted by YabbaDabba

As is, this current scheme doesn't really solve the porn spammer problem. Anybody with IMG tag permissions ON can see the images. I'd have to deny access to IMG tags for practically all members and guests to stop the spammers and this doesn't make sense to me. Also, even if you can successfully hide the images from members with "tag permissions = ON", there is the situation where a problem member successfully sprinkles his posts with inappropriate images. The images will appear as images once they get promoted to a group with greater image permissions.

Wouldn't it be more sensible to just force the IMG tags to be URL tags forever?

What you are describing is the inverse of what this mod was designed to do. I spent many hours getting around this before the original release, so again I really hope this is only occurring with IMG tags.

[YabbaDabba]

Does this uninstall cleanly?

What I'll do is uninstall and do a fresh install and check with more browsers.

Above problems noted in IE7.

[thincom2000]

Try replacing your bbcode_parse_start plugin with this:

PHP Code:

if (THIS_SCRIPT != 'member')
{
    global $newpost, $userinfo;

    $postusername = (($newpost['username'] != '') AND ($newpost['username'] != $this->registry->userinfo['username'])) ? $newpost['username'] : '';

    if (!$this->post['usergroupid'] AND $postusername)
    {
        $userinfo = $this->registry->db->query_first("
            SELECT usergroupid, membergroupids 
            FROM " . TABLE_PREFIX . "user
            WHERE userid = $newpost[username]
        ");
    }
    else if (!$this->post['usergroupid'] AND isset($newpost))
    {
        $userinfo['usergroupid'] = $this->registry->userinfo['usergroupid'];
        $userinfo['membergroupids'] = $this->registry->userinfo['membergroupids'];
    }
    else if (!isset($newpost) AND ($this->post['usergroupid'] OR $newpost['usergroupid']))
    {
        $userinfo['usergroupid'] = $newpost ? $newpost['usergroupid'] : $this->post['usergroupid'];
        $userinfo['membergroupids'] = $newpost ? $newpost['membergroupids'] : $this->post['membergroupids'];
    }

    $userinfo['permissions'] = cache_permissions($userinfo);
}

$this->set_parse_userinfo($userinfo, $userinfo['permissions']);

$check_ugp = convert_bits_to_array($this->parse_userinfo['permissions']['ces_parser_permissions'], $this->registry->bf_ugp['ces_parser_permissions']);
$bad_tags = explode(',', $this->registry->options['bad_tags']);

$dobbcode = ($check_ugp['can_bbcode_post'] AND $dobbcode) ? true : false;
$dosmilies = ($check_ugp['can_smilies_post'] AND $dosmilies) ? true : false;
$dobbimagecode = ($check_ugp['can_imgcode_post'] AND $dobbimagecode) ? true : false;

if ($check_ugp['can_html_post'] AND $dohtml)
{
    $dohtml = true;
    foreach ($bad_tags AS $badtag)
    {
        $badtag = html_entity_decode($badtag);
        $text = str_replace( '<' . trim($badtag), htmlspecialchars('<' . trim($badtag)), $text);
        $text = str_replace( '</' . trim($badtag), htmlspecialchars('</' . trim($badtag)), $text);
    }
    unset($badtag, $badtags);
}
else
{
    $dohtml = false;
}