Go Back   vb.org Archive > vBulletin Modifications > vBulletin 3.8 Modifications > vBulletin 3.8 Add-ons
Reload this Page Administrative and Maintenance Tools - Sorky - PE admincp_plugin
FAQ Community Calendar Today's Posts Search

Reply
Page 1 of 2 1 2
 
Thread Tools
Sorky - PE admincp_plugin Details »»
Sorky - PE admincp_plugin
MOD Information
The Developer
 
Version: 1.0.1, by Sorky Sorky is offline
Developer Last Online: Jan 2015 Show Printable Version Email this Page
Category: Administrative and Maintenance Tools - Version: 3.8.x Rating:
Released: 05-15-2009 Last Update: 05-18-2009 Installs: 9
Uses Plugins
 
No support by the author.

Purpose
This Mod is designed to be used by other Mods or PlugIns.

Its primary purpose is very basic - to add hooks to the hook selection list in the PlugIn editor. This is so that other Mods or PlugIns can be created with their own hooks and means that they can add their hooks to the PlugIn Manager, so that they can be edited in the Plugin Manager, without the need to create and upload an XML file.

It's secondary purpose is a lot more interesting - it allows the content of plugin.php to be edited by a PlugIn prior to execution, thus allowing for code level edits to be performed without the administrator having to edit the php file directly. This is how the hook required for the primary purpose is inserted into the code without a file edit.

The name comes from the secondary purpose as it is a lot more interesting

Programmatically Edit admincp/plugin.php before execution through a hook

It reads the content of the original admincp/plugin.php and provides a hook that allows the content to be changed by any PlugIn before executing the content, thus effectively making the admincp/plugin.php file Programmatically Editable.

It then uses this ability to add a hook in admincp/plugin.php that this and other PlugIns can use to make further hooks available for use in the admin control panel. No need to load the XML files!

Once again, this Mod is primarily provided to be used by other Mods/PlugIns. Note: Any product that uses this capability should mark this product as a dependency.
  • Programmatically Edit admincp/plugin.php from within PlugIns
  • Add hooks to the pull-down hook list without installing an XML file

Installation
Import XML file (as product): AdminCP > Plugin System > Manage Products > [Add/Import Product]

Important: On installation it automatically renames admincp/plugin.php and installs a special stub to replace it - No user edit is required. The existing file remains unchanged (just renamed). Uninstallation will restore your original file just as it was. You don't have to worry. Simply load the product and everything else is taken care of for you!

*** NO FILE EDITS ***

*** NO MANUAL UPLOADS ***

Options
To set this plugin's options go to: AdminCP > vBulletin Options > Sorky18 - Customize Announcements

Versions
v1.0.0 - 16th of May, 2009 = Launch (click here)
V1.0.1 - 19th of May, 2009 = Minor improvement (click here)

More Information
See v1.0.0 post (click here)

If you like this Mod please click INSTALL.

Download Now

File Type: xml product-Sorky-PEadmincp_plugin-v1.0.0.xml (7.3 KB, 30 views)
File Type: xml product-Sorky-PEadmincp_plugin-v1.0.1.xml (7.4 KB, 35 views)

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.

Comments
  #2  
Old 05-16-2009, 07:57 AM
Sorky Sorky is offline
 
Join Date: Apr 2007
Location: Australia
Posts: 361
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
This Mod is provided to be used by other Mods/PlugIns

Creates two hooks...
  • admincp_plugin_dynamicmodify
    Use this to Programmatically Edit admincp/plugin.php. See the PlugIn for an example
  • admincp_plugin_addhooks
    Use this to Programmatically add your own hooks. See the PlugIn for an example

No screen shots (no need)

One (1) option: Debug - Outputs the modified code to a file for analysis

Special Reference
This PlugIn should still work even if the admincp/plugin.php file has been manually edited, as long as...
The first 25 lines are unchanged
Line 25 = require_once('./global.php');
Line 438 is still "uksort($hooklocations, 'strnatcasecmp');" [ie: it has not moved]
Reply With Quote
  #3  
Old 05-16-2009, 01:11 PM
SkyCatcher's Avatar
SkyCatcher SkyCatcher is offline
 
Join Date: Feb 2003
Location: Germany
Posts: 310
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
I'm curious about the security. Is it remotely possible to inject code via the new hook to execute sql modifications through the admincp? How does the mod allow other mods to execute code, I would think a permission error would come up?

Seems interesting, just don't know if hooks in the admincp are safe.
Reply With Quote
  #4  
Old 05-16-2009, 01:32 PM
EnIgMa1234 EnIgMa1234 is offline
 
Join Date: Mar 2006
Location: .:: Ireland ::.
Posts: 1,306
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by SkyCatcher View Post
I'm curious about the security. Is it remotely possible to inject code via the new hook to execute sql modifications through the admincp? How does the mod allow other mods to execute code, I would think a permission error would come up?

Seems interesting, just don't know if hooks in the admincp are safe.
You can do SQL modifications through any hook.
Reply With Quote
  #5  
Old 05-17-2009, 12:03 AM
Sorky Sorky is offline
 
Join Date: Apr 2007
Location: Australia
Posts: 361
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by SkyCatcher View Post
Seems interesting, just don't know if hooks in the admincp are safe.
There are already hooks in there, just (as any coder will attest) not always in the places that are needed.

And in answer to the security question... ANY PlugIn that has installation code could erase an SQL db or wipe a hard drive!!! It's not the PlugIn that's the problem, it's the ability to install one, which basically comes down to access to the Administrator Control Panel. A good idea to always add extra security to your admincp directory to restrict who can access it!
Reply With Quote
  #6  
Old 05-17-2009, 06:47 AM
SkyCatcher's Avatar
SkyCatcher SkyCatcher is offline
 
Join Date: Feb 2003
Location: Germany
Posts: 310
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
I'm not talking about installing the plugin, I'm talking about exploiting the new hook to execute code with a higher permission base.

I haven't played around with the admincp files much at all but as far as I know it doesn't use the template system nor does it use any of the standard hooks. Adding a hook to the files in the admincp could ease life for everyone sure, but as I'm not sure about how it works I guess I'll just wait and see what others think.
Reply With Quote
  #7  
Old 05-17-2009, 09:03 AM
EnIgMa1234 EnIgMa1234 is offline
 
Join Date: Mar 2006
Location: .:: Ireland ::.
Posts: 1,306
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by SkyCatcher View Post
I'm not talking about installing the plugin, I'm talking about exploiting the new hook to execute code with a higher permission base.

I haven't played around with the admincp files much at all but as far as I know it doesn't use the template system nor does it use any of the standard hooks. Adding a hook to the files in the admincp could ease life for everyone sure, but as I'm not sure about how it works I guess I'll just wait and see what others think.
Of course there are standard hooks in the admincp.
Reply With Quote
  #8  
Old 05-17-2009, 11:22 AM
Sorky Sorky is offline
 
Join Date: Apr 2007
Location: Australia
Posts: 361
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by SkyCatcher View Post
...but as far as I know it doesn't use the template system nor does it use any of the standard hooks
It sure does... Just open plugin.php and go to line 2555 Many of the functions that it calls also have hooks as well
Reply With Quote
  #9  
Old 05-19-2009, 08:16 AM
Sorky Sorky is offline
 
Join Date: Apr 2007
Location: Australia
Posts: 361
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Just relocated the initial dynamic edits from the plugin to the stub php file to ensure that the Mod (or its PlugIns) can be disabled.

Note: Must uninstall then re-install

PS: The product was designed on 3.8.2 and as such the plugin.php file of other 3.8.x versions should conform but should be checked to be sure. I also have versions with the changes that are required for 3.6.x and 3.7.x if anyone is interested.
Reply With Quote
  #10  
Old 05-19-2009, 01:07 PM
RTMdotORG RTMdotORG is offline
 
Join Date: Dec 2008
Posts: 282
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
im still confused on what this does...
Reply With Quote
Reply
Page 1 of 2 1 2

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 05:23 AM.

Contact Us - Archive - Top

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.08098 seconds
  • Memory Usage 2,324KB
  • Queries Executed 24 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (4)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (4)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (9)postbit
  • (2)postbit_attachment
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 
Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_attachment
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete