nice addition BUT it has a serious security hole.*anybody* with a username can go to www.yourboard.com/forum/misc.php?do=bbcode this generates a list of bbcode tags your board uses.The "advanced bbcode permissions hack" only handles permissions for bbcode build into vbulletin not custom bbcode tags so without some way to restrict this it is pretty useless
nice addition BUT it has a serious security hole.*anybody* with a username can go to www.yourboard.com/forum/misc.php?do=bbcode this generates a list of bbcode tags your board uses.The "advanced bbcode permissions hack" only handles permissions for bbcode build into vbulletin not custom bbcode tags so without some way to restrict this it is pretty useless
also ......
DO NOT TURN ON DEBUG MODE ON LIVE SITES
danger Will Robinson danger .....
yeh your right dude..
[high]* Smiry Kin's going to uninstall, unless a fix is made soon[/high]
you could add a plugin on hook location bbcodeparse_start which checks the individual permissions using the bitfields from the advanced bbcode permissions hack.But you need to modify this hack a bit.
I've got this working now - rather embarrassing I'd been mucking around class_bbcode a little while ago on my test forum to see if I could implement this and forgot about them, once I started from original files it all worked first time!
I've modified the advanced bbcode permissions to handle the new tags and that works so the codes can only be used by a mod or admin however if I use more then one mod box in the thread only the first one is parsed correctly the subsequent ones are ignored as if I didnt have permission to use the tag,
if u use that hack called "advanced bbcode permissions" then something like this should work
PHP Code:
if(!$vbulletin->userinfo['permissions']['advanced_bbcode_usergroup_permissions'] & !$vbulletin->bf_ugp_advanced_bbcode_usergroup_permissions['allow_bbcode_modwarn'])//this is set in the bitfield XML
{
//no permission
}
I've got the advanced bbcode hack installed and working but if I post more then one tag in a thread only the first one is correctly parsed, the subsequent tags are ignored as if I had no permission.
if u use that hack called "advanced bbcode permissions" then something like this should work
PHP Code:
if(!$vbulletin->userinfo['permissions']['advanced_bbcode_usergroup_permissions'] & !$vbulletin->bf_ugp_advanced_bbcode_usergroup_permissions['allow_bbcode_modwarn'])//this is set in the bitfield XML
{
//no permission
}
would work? instead of Darat's solution? And where to put it?
those are the bitfield values vbulletin uses to identify each bitfield you can read this if you want to better understand it
Quote:
Originally Posted by Luggruff
would work? instead of Darat's solution? And where to put it?
Details please !
that code would check the value of a bitfield.I didn't check if it *does* work correctly.These two tags are a nice thing but it needs some way to reserve it for mods,supermods, or administrators.We need to figure out what hook location can be used to get that effect