The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
CES Parser Permissions Details »» | |||||||||||||||||||||||||
CES Parser Permissions
vBulletin 3.6.x, 3.7.x, 3.8.x, 4.0.x supported Version: 2.2.3 If you encounter what you think may be a bug, please include your vBulletin version number when reporting it, since code and fixes differ greatly from 3.6.4 - 3.8.x. *** NEWS *** 11/8/2010 - 2.2.3 released 5/15/2010 - 2.2.2 released 4/12/2009 - 3.6.x thread separated Known Issues: - If you are using the Advanced BB-Code Permissions hack, conflicts can arise when profile fields are parsed in the postbit, causing nothing be parsed. The fix is described here: https://vborg.vbsupport.ru/showthread.php?p=1252480 What It Does: Allows you to grant only certain usergroups the ability to use HTML, BB-code, smilies, and IMG-code in their profile fields, posts, PMs, and in Project Tools. Mod Features: - parse profile fields on user profiles using Usergroup Permissions - parse profile fields in postbits using Usergroup Permissions - parse posts using Usergroup Permissions - parse calendar events using Usergroup Permissions - parse private messages using Usergroup Permissions - parse Project Tools issues and replies using Usergroup Permissions - parse Social Messages and usernotes using Usergroup Permissions - complete Forum Rules integration - disallow certain HTML tags Products to Install: 1 Files to Upload: 3 Files to Edit: 0 Template Edits: 0 *** Changelog *** As of Version 2.2.3
As of Version 2.2.2
* This mod is offered for free here. Please donate if you like this mod * Show Your Support
|
Comments |
#82
|
|||
|
|||
Profile fields are admin definable. Hence I would not be able to make a general bitfield file that corresponds to more than one board. It should be possible to do this on your own if you did some coding.
I'm surprised no one has had any conflicts involving this mod yet. I've been sitting on a new reworked version that solves a few... |
#83
|
|||
|
|||
Did some coding? Me? Yeah right
Reworked version you say? Can you share? One of the bugs I have noticed is when my users use <embed> tag to embed google video and it gets cut out due to max characters for this profile fields it break the tables in memberinfo template. Anyway around that? Also is there a way to make the use of html in profile fields more secure? I believe psionic have release his interactive profiles script with custom css feature that is somewhat protected from xss flaws. Can this be integrated into this mod? |
#84
|
|||
|
|||
The bug you mention is more of a limitation of vBulletin itself. In order to "fix" the max characters issue (I have done this on my site), you should alter the db fields for those profile fields. I believe they are set to VARCHAR(255). If you have MySQL 5 you can set the VARCHAR higher I think, but I just changed the fields to MEDIUMTEXT.
I will look at Psionic's mod one of these days and see what you are referring to... but honestly as long as script tags and comment tags exist, or the ability to define new HTML tags, I don't think there is a truly safe way to allow HTML. |
#85
|
|||
|
|||
no worky with 3.7 =(
|
#86
|
|||
|
|||
I will release an updated version as soon as I get around to installing 3.7. Right now I am still in the process of making my site upgrade friendly.
|
#87
|
|||
|
|||
Any update?
|
#88
|
|||
|
|||
I have had no issues running this on 3.7. If you are having issues, try to contact me via AIM. Thanks.
|
#89
|
|||
|
|||
I don't have AIM. You got msn? That's the error i am getting when trying to access a profile:
Warning: Invalid argument supplied for foreach() in /includes/functions.php on line 3767 Fatal error: Call to a member function query_read_slave() on a non-object in /home/xxxx/public_html/beta/forums/includes/class_bbcode.php on line 217 |
#90
|
|||
|
|||
I'm not sure how you are executing the member_customfields plugin, since in 3.7 member_customfields is missing.
EDIT: I found this thread at vb.com: http://www.vbulletin.com/forum/proje...?issueid=23995 Until such time as vBulletin 3.7 GOLD is released, my profile fields feature is unsupported. A lot of changes were made in 3.7, so I will release a new version of this mod at such time. The 3.7 version of this mod is a bit smarter/faster, has even more compatibility with other hacks, and is much easier to integrate should the need arise. |
#91
|
||||
|
||||
Quote:
http://htmlpurifier.org/ I've been thinking about plugging this into vB for a while now. I've done some work with it in other systems (like a classified system I run), and it looks pretty damn solid. I ran a couple of the more comprehensive attack suites on it, and have yet to find anything damaging get through. Although I do agree that there is no such thing as truly safe HTML enabled user input, especially when it comes to 'zero day' attacks using newly discovered vectors before things like HTML Purifier can be updated ... but these guys seem to be pretty much on the ball. Certainly a better option than relying on roll-yer-own XSS cleaning scripts maintained by vB (or whoever), who don't really have the time to stay on top of this stuff on a day to day basis. -- hugh |
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|