Go Back   vb.org Archive > vBulletin Modifications > Archive > vB.org Archives > vBulletin 3.6 > vBulletin 3.6 Add-ons
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools
CES Parser Permissions Details »»
CES Parser Permissions
Version: 2.2.3, by thincom2000 thincom2000 is offline
Developer Last Online: Sep 2022 Show Printable Version Email this Page

Category: Miscellaneous Hacks - Version: 3.6.x Rating:
Released: 02-04-2007 Last Update: 11-07-2010 Installs: 59
DB Changes Uses Plugins Auto-Templates
Additional Files  
No support by the author.

CES Parser Permissions
vBulletin 3.6.x, 3.7.x, 3.8.x, 4.0.x supported
Version: 2.2.3

If you encounter what you think may be a bug, please include your vBulletin version number when reporting it, since code and fixes differ greatly from 3.6.4 - 3.8.x.

*** NEWS ***
11/8/2010 - 2.2.3 released
5/15/2010 - 2.2.2 released
4/12/2009 - 3.6.x thread separated

Known Issues:
- If you are using the Advanced BB-Code Permissions hack, conflicts can arise when profile fields are parsed in the postbit, causing nothing be parsed. The fix is described here: https://vborg.vbsupport.ru/showthread.php?p=1252480

What It Does:
Allows you to grant only certain usergroups the ability to use HTML, BB-code, smilies, and IMG-code in their profile fields, posts, PMs, and in Project Tools.

Mod Features:
- parse profile fields on user profiles using Usergroup Permissions
- parse profile fields in postbits using Usergroup Permissions
- parse posts using Usergroup Permissions
- parse calendar events using Usergroup Permissions
- parse private messages using Usergroup Permissions
- parse Project Tools issues and replies using Usergroup Permissions
- parse Social Messages and usernotes using Usergroup Permissions
- complete Forum Rules integration
- disallow certain HTML tags

Products to Install: 1
Files to Upload: 3
Files to Edit: 0
Template Edits: 0

*** Changelog ***
As of Version 2.2.3
  • non-forum messages don't parse
  • poll options don't parse

As of Version 2.2.2
  • several bug fixes
  • compatible with VaultWiki 2.5.7 PL 1 & 3.0.0 RC 3

* This mod is offered for free here. Please donate if you like this mod *

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.

Comments
  #82  
Old 09-20-2007, 04:48 AM
thincom2000 thincom2000 is offline
 
Join Date: May 2006
Location: Bronx, NY
Posts: 1,205
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Profile fields are admin definable. Hence I would not be able to make a general bitfield file that corresponds to more than one board. It should be possible to do this on your own if you did some coding.

I'm surprised no one has had any conflicts involving this mod yet. I've been sitting on a new reworked version that solves a few...
Reply With Quote
  #83  
Old 09-20-2007, 05:25 AM
Sychev_S Sychev_S is offline
 
Join Date: Oct 2005
Location: Toronto
Posts: 173
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Did some coding? Me? Yeah right

Reworked version you say? Can you share?

One of the bugs I have noticed is when my users use <embed> tag to embed google video and it gets cut out due to max characters for this profile fields it break the tables in memberinfo template. Anyway around that?

Also is there a way to make the use of html in profile fields more secure?

I believe psionic have release his interactive profiles script with custom css feature that is somewhat protected from xss flaws. Can this be integrated into this mod?
Reply With Quote
  #84  
Old 09-20-2007, 02:39 PM
thincom2000 thincom2000 is offline
 
Join Date: May 2006
Location: Bronx, NY
Posts: 1,205
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

The bug you mention is more of a limitation of vBulletin itself. In order to "fix" the max characters issue (I have done this on my site), you should alter the db fields for those profile fields. I believe they are set to VARCHAR(255). If you have MySQL 5 you can set the VARCHAR higher I think, but I just changed the fields to MEDIUMTEXT.

I will look at Psionic's mod one of these days and see what you are referring to... but honestly as long as script tags and comment tags exist, or the ability to define new HTML tags, I don't think there is a truly safe way to allow HTML.
Reply With Quote
  #85  
Old 12-18-2007, 07:14 PM
Sychev_S Sychev_S is offline
 
Join Date: Oct 2005
Location: Toronto
Posts: 173
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

no worky with 3.7 =(
Reply With Quote
  #86  
Old 12-19-2007, 09:08 AM
thincom2000 thincom2000 is offline
 
Join Date: May 2006
Location: Bronx, NY
Posts: 1,205
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I will release an updated version as soon as I get around to installing 3.7. Right now I am still in the process of making my site upgrade friendly.
Reply With Quote
  #87  
Old 01-03-2008, 05:49 AM
Sychev_S Sychev_S is offline
 
Join Date: Oct 2005
Location: Toronto
Posts: 173
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Any update?
Reply With Quote
  #88  
Old 01-03-2008, 03:52 PM
thincom2000 thincom2000 is offline
 
Join Date: May 2006
Location: Bronx, NY
Posts: 1,205
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I have had no issues running this on 3.7. If you are having issues, try to contact me via AIM. Thanks.
Reply With Quote
  #89  
Old 01-05-2008, 11:27 AM
Sychev_S Sychev_S is offline
 
Join Date: Oct 2005
Location: Toronto
Posts: 173
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I don't have AIM. You got msn? That's the error i am getting when trying to access a profile:

Warning: Invalid argument supplied for foreach() in /includes/functions.php on line 3767

Fatal error: Call to a member function query_read_slave() on a non-object in /home/xxxx/public_html/beta/forums/includes/class_bbcode.php on line 217
Reply With Quote
  #90  
Old 01-05-2008, 03:31 PM
thincom2000 thincom2000 is offline
 
Join Date: May 2006
Location: Bronx, NY
Posts: 1,205
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I'm not sure how you are executing the member_customfields plugin, since in 3.7 member_customfields is missing.

EDIT: I found this thread at vb.com: http://www.vbulletin.com/forum/proje...?issueid=23995

Until such time as vBulletin 3.7 GOLD is released, my profile fields feature is unsupported. A lot of changes were made in 3.7, so I will release a new version of this mod at such time. The 3.7 version of this mod is a bit smarter/faster, has even more compatibility with other hacks, and is much easier to integrate should the need arise.
Reply With Quote
  #91  
Old 01-05-2008, 10:49 PM
cheesegrits's Avatar
cheesegrits cheesegrits is offline
 
Join Date: May 2006
Posts: 500
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by thincom2000 View Post
I will look at Psionic's mod one of these days and see what you are referring to... but honestly as long as script tags and comment tags exist, or the ability to define new HTML tags, I don't think there is a truly safe way to allow HTML.
Have you looked at something like the HTML Purifier at:

http://htmlpurifier.org/

I've been thinking about plugging this into vB for a while now. I've done some work with it in other systems (like a classified system I run), and it looks pretty damn solid. I ran a couple of the more comprehensive attack suites on it, and have yet to find anything damaging get through.

Although I do agree that there is no such thing as truly safe HTML enabled user input, especially when it comes to 'zero day' attacks using newly discovered vectors before things like HTML Purifier can be updated ... but these guys seem to be pretty much on the ball.

Certainly a better option than relying on roll-yer-own XSS cleaning scripts maintained by vB (or whoever), who don't really have the time to stay on top of this stuff on a day to day basis.

-- hugh
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 04:09 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04725 seconds
  • Memory Usage 2,312KB
  • Queries Executed 25 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (6)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (1)pagenav_pagelinkrel
  • (11)post_thanks_box
  • (11)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (11)post_thanks_postbit_info
  • (10)postbit
  • (11)postbit_onlinestatus
  • (11)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete