Go Back   vb.org Archive > vBulletin 5 Connect Discussion > vB5 Programming Discussions
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 08-22-2019, 06:52 PM
vbSuperfan vbSuperfan is offline
 
Join Date: Jun 2019
Posts: 9
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Extension/product for creating custom BBcode executing my PHP code?

I'm quite surprised that I cannot find anything on this topic on Google, since it seems like an extremely likely thing for people to want to do, that is: Creating a special BBcode that can execute some certain PHP code of mine and then produce some string based on it?

In my case, I simply want the BBcode to return the user ID of the vBulletin user currently viewing the post where this BB code is located, like this:

Your User ID is: 1234

Does anyone have any tips for good skeleton code, tutorials or other useful starting points for creating your own PHP-based BBcodes like this, by means of an extension/product? The official vBulletin support indicates to me that this should at least be possible, here?

I've even heard that this (PHP-based custom BB codes) was standard functionality in vB4, available directly from the AdminCP, but removed in vB5, which makes it even more likely that a lot of people would have liked to created such extensions/products for vB5, so what am I missing?
Reply With Quote
  #2  
Old 08-22-2019, 07:10 PM
In Omnibus's Avatar
In Omnibus In Omnibus is offline
 
Join Date: Apr 2010
Location: Inside A Blade Server
Posts: 840
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

The UserID appears when you hover over the user avatar. It's in the User Profile URL. Why would you need to create a PHP function to call the UserID when it's already easily available? I mean, it can be done but if it's not necessary it's a lot of work for nothing.
Reply With Quote
  #3  
Old 08-23-2019, 12:31 PM
delicjous's Avatar
delicjous delicjous is offline
 
Join Date: Nov 2014
Posts: 352
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

You could not execute php in a bbcode as far as I know. But yiu could execute javascript and you should use javascript for any task like this. By the way... Not anything that sounds not logical for anybody isn't logical for someone!
Reply With Quote
  #4  
Old 08-23-2019, 01:20 PM
Dave Dave is offline
 
Join Date: May 2010
Posts: 2,583
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by delicjous View Post
You could not execute php in a bbcode as far as I know. But yiu could execute javascript and you should use javascript for any task like this. By the way... Not anything that sounds not logical for anybody isn't logical for someone!
Problem is that he seems to need mobile support too on which you cannot execute custom JavaScript.

Anyway pretty sure they removed any kind of "eval" call in vBulletin because it opens the site up for many security risks.
Reply With Quote
  #5  
Old 08-23-2019, 02:44 PM
In Omnibus's Avatar
In Omnibus In Omnibus is offline
 
Join Date: Apr 2010
Location: Inside A Blade Server
Posts: 840
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by delicjous View Post
You could not execute php in a bbcode as far as I know. But yiu could execute javascript and you should use javascript for any task like this. By the way... Not anything that sounds not logical for anybody isn't logical for someone!
I didn't mean to imply the customer doesn't need it, only that it's not going to be easy to code if it genuinely is necessary to whatever ends are trying to be served. When you start getting into trying to reverse engineer code to make it work you're asking for problems. Security would be the primary one. If you can backdoor into the core code then so can someone else.
Reply With Quote
  #6  
Old 08-26-2019, 10:26 PM
vbSuperfan vbSuperfan is offline
 
Join Date: Jun 2019
Posts: 9
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by In Omnibus View Post
The UserID appears when you hover over the user avatar. It's in the User Profile URL. Why would you need to create a PHP function to call the UserID when it's already easily available? I mean, it can be done but if it's not necessary it's a lot of work for nothing.
Please see my justification for this functionality here.

Believe me, it's necessary.


Quote:
Originally Posted by In Omnibus View Post
When you start getting into trying to reverse engineer code to make it work you're asking for problems.
The entire extension architecture of vBulletin 5 is more or less based on having to "reverse engineer code" in order to do anything (i.e. knowing which class methods to override/extend), so this statement doesn't make sense at all I'd say?

Quote:
Originally Posted by In Omnibus View Post
Security would be the primary one. If you can backdoor into the core code then so can someone else.
This doesn't make any sense either. If I create a custom BB code that executes some static PHP code to generate its output (e.g. in order to display the user ID of the viewing user), this:

a) Doesn't open up any security vulnerabilities whatsoever.

b) Doesn't constitute any "backdooring" any more than any other PHP code added to vBulletin by any other extension, of for that matter, the core developers of vBulletin itself.

PS.
My main occupation is being a senior IT security expert, performing code security audits and providing advice for large organizations like banks and government entities...
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 01:40 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.09194 seconds
  • Memory Usage 2,219KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (5)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (6)post_thanks_box
  • (6)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (6)post_thanks_postbit_info
  • (6)postbit
  • (6)postbit_onlinestatus
  • (6)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete