The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
CES Parser Permissions Details »» | |||||||||||||||||||||||||
CES Parser Permissions
vBulletin 3.6.x, 3.7.x, 3.8.x, 4.0.x supported Version: 2.2.3 If you encounter what you think may be a bug, please include your vBulletin version number when reporting it, since code and fixes differ greatly from 3.6.4 - 3.8.x. *** NEWS *** 11/8/2010 - 2.2.3 released 5/15/2010 - 2.2.2 released 4/12/2009 - 3.6.x thread separated Known Issues: - If you are using the Advanced BB-Code Permissions hack, conflicts can arise when profile fields are parsed in the postbit, causing nothing be parsed. The fix is described here: https://vborg.vbsupport.ru/showthread.php?p=1252480 What It Does: Allows you to grant only certain usergroups the ability to use HTML, BB-code, smilies, and IMG-code in their profile fields, posts, PMs, and in Project Tools. Mod Features: - parse profile fields on user profiles using Usergroup Permissions - parse profile fields in postbits using Usergroup Permissions - parse posts using Usergroup Permissions - parse calendar events using Usergroup Permissions - parse private messages using Usergroup Permissions - parse Project Tools issues and replies using Usergroup Permissions - parse Social Messages and usernotes using Usergroup Permissions - complete Forum Rules integration - disallow certain HTML tags Products to Install: 1 Files to Upload: 3 Files to Edit: 0 Template Edits: 0 *** Changelog *** As of Version 2.2.3
As of Version 2.2.2
* This mod is offered for free here. Please donate if you like this mod * Show Your Support
|
Comments |
#32
|
|||
|
|||
Error in readme.txt:
IS: In forum/ ----------------------------- - upload: product-ces_html_profile.xml SB: In forum/ ----------------------------- - upload: bitfield_ces_html_profile.xml (I guess <<shrug>>) And in the zip file, the 2 bitfield files are identified as belonging in the "includes/xml/" folder. I assume the readme takes precedence, but it could be confusing to us literalists. How about something like: Quote:
What does the modified Manage Usergroups form look like? What happens within the WYSIWYG editor if some basic tags are disabled? Does the editor Preview reflect the disabled permissions? Are the Posting Rules for the Editor changed? p.s., I think this is the single most important add-on for our boards. Thank you so much for doing this!! |
#33
|
|||
|
|||
Quote:
I don't believe editor Preview currently does, I will have to fix this as well (unfortunately will add a query to the Post Preview in the Editor. The posting rules do change. |
#34
|
|||
|
|||
Thanks.
In re-reading the instructions, I think I got it wrong, but I still don't quite understand the intent. Are you recommending uploading the product-xml to the server and installing it as a product from there? Why not install locally? ANd why are there 2 bitfield files if only one is needed? Or am I still way off the mark? :LOL: |
#35
|
|||
|
|||
Oops. I see there's a new zip.
I'll give it a shot. Thanks for the quick turn-around! |
#36
|
|||
|
|||
In your readme, you state:
Quote:
Are you referring specifically to the html limits? Are you referring to the vB-imposed html limits or the CES-imposed limits? Are you saying that CES Parser Perms opens new security holes in the php or are you referring to hacking the vB php or are you saying that once CES opens the html door a tiny bit, the hackers are off to the races? And if you are suggesting that there are risks once CES opens up some limited html rights, can you give me a general idea of what you mean? That is, what would tip me off that someone is trying to break things (besides a cracked forum, that is ). Just trying to better understand the risk you are referring to. |
#37
|
|||
|
|||
Well, I don't know.
I am only interested (right now) in turning off the IMG tag for new users, but I couldn't get it to work? Steps: 1 - Uploaded product-ces_html_profile.xml to forum root 2 - Upload bitfield_ces_parser_perms.xml to /includes/xml/ 3 - set permissions on both to 755 4 - installed product-ces_html_profile.xml as product (from local copy) 5 - vBulletin Options -> CES Profile Fields -> Banned Tags were left as is 6 - vBulletin Options -> CES Profile Fields -> Global Variables were all deleted (not using "anything" tag) 7 - Usergroup Manager -> Edit Usergroup -> CES Profile Permissions left unchanged 8 - Usergroup Manager -> New Members > Edit Usergroup -> Post/Thread Permissions changed only IMG tag to "no" 9 - created new account in "New Members" group 10 - logged in as new member in FF 2.0.0.2 browser 11 - clicked Post Reply 12 - Editor page does indeed show "[IMG] code is Off" 13 - Added text and copy-n-pasted an image into editor (it appeared in editor) 14 - Clicked Preview (did NOT appear in preview - just the img tags and image url) 14 - Clicked "Submit" to display post. 15 - Image graphic appears in post. I can see it as a "New Member" in FF2 and as Admin in IE7. So, what did I do wrong?? Also tried changing CES Profile Permissions for IMG tag in profile to "No" but this had no effect on posting either (which is good). Environment: vB 3.6.5 PHP Version 5.2.0-8+etch1 Server API CGI/FastCGI MySQL 5.0.32-Debian_7etch1-log Server lighttpd/1.4.13 OS Linux |
#38
|
|||
|
|||
If I ALSO disable BB codes in Usergroup -> Post/Thread Permissions, that seems to knock out the IMG tag parsing successfully.
But that seems way harsh. Is that your intent? |
#39
|
|||
|
|||
In the plugin called Post Parsing Perms, find:
PHP Code:
PHP Code:
Quote:
|
#40
|
|||
|
|||
That seems to have done the trick.
Thank you, thank you, thank you! FYI: In both IE and FF, minor weirdness in the editors. A graphic image pasted into the edit window displays as an image (which can build expectations). But using preview knocks out the disabled codes. (just see the raw BB codes) :up: Submitted posts don't parse the disabled codes. IMG source displayed as URL. :up: Edit Posts doesn't display the parsed tags, just the raw BB codes. :up: Again, this is in IE7 and FF 2.0.0.2. Your mileage may vary. Thanks again. |
#41
|
|||
|
|||
May be seeing some weirdness in un-even coverage of permissions?
Symptoms: Mod-to-Mod PMs are not parsing BB code. (Mod sees the unparsed tags in PM from another Mod.) Admin-to-Mod PM is parsing BB code. (Mod says he sees the parsed results in PM from admin.) Mod says his posting rules on his PM Editor page is: Posting Rules BB code is On Smilies are On [IMG] code is On HTML code is Off I assume the PM code permissions are the same as the posting permissions. For Mods and Admins, they are set the same (via Usergroup Mgr > Edit > Post / Thread Permissions): - Allow HTML in posts? No - Allow BB-code in posts? Yes - Allow Smilies in posts? Yes - Allow IMG-code in posts? Yes - Allow Anything-code in posts? No And "CES Profile Permissions" are set the same as above (except it says "profile fields" ). Can't see anything else in the Usergroup settings that would be the cause of this. Suggestions and ideas? ============ NOTE: your ver 1.2.2 is still displaying as 1.2.1 in the Managed Products list. |
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|