Go Back   vb.org Archive > Community Central > vBulletin.org Site Feedback
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 03-23-2016, 06:54 AM
vbresults vbresults is offline
 
Join Date: Apr 2009
Posts: 687
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Request - Framework for Secure Legacy Plugins

From this:
PHP Code:
($hook vBulletinHook::fetch_hook('global_start')) ? eval($hook) : false
To this:
PHP Code:
foreach (vBulletinHook::fetch_hook_includes("global_start") as $filename) {
    include_once 
$filename;

In other words, drop each plugin's phpcode to the filesystem. From there, we can generate md5 sums corresponding to each plugin of each product and distribute them with a md5 sum php file, and add it to the built in file integrity checking tool.

We'd be dropping the plugin table's phpcode column, putting the php code in files, and the execution order as a prefix to the filenames. This requires plugins to be formatted differently, and a conversion tool for old plugins.

That said, conversion is simple, non-destructive, and there's not a lot of room for bugs, except references to the deleted phpcode column. It eliminates the use of the datastore that keeps sites infected, increases performance, and enables the use of file scanning tools.
Reply With Quote
Благодарность от:
Gio~Logist
  #2  
Old 03-23-2016, 11:22 AM
squidsk's Avatar
squidsk squidsk is offline
 
Join Date: Nov 2010
Posts: 969
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

You can achieve similar results with no changes already by simply having the content of a hook be a php include or requires line with the file located in the system. Then just add the file with its md5 sum to a file for your mod that has a similar structure to the default md5sums file from vb. There's even a product for vb3.6 which will generate the vb5sums file for any files you point it to.
Reply With Quote
  #3  
Old 03-23-2016, 12:11 PM
vbresults vbresults is offline
 
Join Date: Apr 2009
Posts: 687
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

It doesn't matter if it's not enforced or implemented at the vBulletin level (one mod doing this and others not, while still having the phpcode in datastore, achieves nothing). This, if implemented automates everything, and the converter is able to import mods in the old format.
Reply With Quote
  #4  
Old 03-23-2016, 12:11 PM
Gio~Logist's Avatar
Gio~Logist Gio~Logist is offline
 
Join Date: Jun 2004
Location: San Francisco
Posts: 2,575
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I do most of my mods with the filesystem as it is now as well, by requiring.

I can DEFINITELY see the value in making this the standard for everyone though. Aside from just not having to create a plugin for each hook location I want to effect (which is beyond annoying), there can be a lot more benefits :up:
Reply With Quote
  #5  
Old 03-23-2016, 12:31 PM
Dave Dave is offline
 
Join Date: May 2010
Posts: 2,583
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

If the fetch_hook function is completely removed, it will break some plugins though because some of them use custom hooks in the code. (For example DBTech's chatbox plugin)

The only way this will work out for all other plugins is if vBulletin feels like implementing exporter/generator functionality that automatically converts the current PHP hooks system to the new one.

Besides that, it's a good idea.
Reply With Quote
  #6  
Old 03-23-2016, 12:35 PM
Gio~Logist's Avatar
Gio~Logist Gio~Logist is offline
 
Join Date: Jun 2004
Location: San Francisco
Posts: 2,575
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Wouldn't be that hard to export plugins as phpcode in their respective "product directories.

All in all though, I think it really comes down to whether or not 3rd party development is a focus for vBulletin at the moment (although I agree it should be).
Reply With Quote
  #7  
Old 03-23-2016, 03:42 PM
squidsk's Avatar
squidsk squidsk is offline
 
Join Date: Nov 2010
Posts: 969
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Gio~Logist View Post
Wouldn't be that hard to export plugins as phpcode in their respective "product directories.

All in all though, I think it really comes down to whether or not 3rd party development is a focus for vBulletin at the moment (although I agree it should be).
Given vb5 uses a different plugin model rather than the eval one used by vb3 and vb4 the probability of this ever seeing the light of day is essentially zero. Further due to scoping differences between eval and importing a file this change would end up breaking a significant number of plugins.

As Dave pointed out this also does nothing about products that implement their own custom hooks. Further where are these "product" directories located and how will vb know to look there for any particular hook, or are you suggesting that it should look in the product directory for every product for every hook to see if there's a file that should run on that hook? If not how are suggesting vb knows that a product wants to use a particular hook? If so that's very inefficient.
Reply With Quote
Благодарность от:
In Omnibus
  #8  
Old 03-23-2016, 04:16 PM
Paul M's Avatar
Paul M Paul M is offline
 
Join Date: Sep 2004
Location: Nottingham, UK
Posts: 23,748
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

The hook code you are referring to does not exist in vB5, only vB4 & vB3.
No such major change will ever be made to them, since they are no longer in development.
(Even if they were, its unlikely this would ever have happened, since its a major redesign of the way hooks work).

As an aside, requesting changes to any vB core requires a Jira, its never going to happen (even for vB5) from a thread on this forum (or indeed on vbulletin.com forum).
Reply With Quote
Благодарность от:
ozzy47
  #9  
Old 03-24-2016, 12:24 AM
vbresults vbresults is offline
 
Join Date: Apr 2009
Posts: 687
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by squidsk View Post
As Dave pointed out this also does nothing about products that implement their own custom hooks. Further where are these "product" directories located and how will vb know to look there for any particular hook, or are you suggesting that it should look in the product directory for every product for every hook to see if there's a file that should run on that hook? If not how are suggesting vb knows that a product wants to use a particular hook? If so that's very inefficient.
No problem, those in-product hooks can be handled/rewritten by the converter non-destructively just like the core hooks. The plugin table provides a database reference to the plugins, there is no apache-style recursive folder scanning.

Quote:
Originally Posted by Paul M View Post
The hook code you are referring to does not exist in vB5, only vB4 & vB3.
No such major change will ever be made to them, since they are no longer in development.
(Even if they were, its unlikely this would ever have happened, since its a major redesign of the way hooks work).

As an aside, requesting changes to any vB core requires a Jira, its never going to happen (even for vB5) from a thread on this forum (or indeed on vbulletin.com forum).
Yes, that is why I said Legacy plugins;

There have been updates made to vB 3.x recently so I was under the impression some of the staff here was informally keeping the product up to date, so wanted to go straight to the source.

I think due to the nature of the redesign it's actually not that big of a deal to implement on a technical level, almost nothing can break, but the benefits for people, especially those who got hacked, can be big.

Also, I can't log into JIRA and I'm showing as unlicensed here so I couldn't post it anywhere else.
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 01:55 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.05185 seconds
  • Memory Usage 2,259KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (2)bbcode_php
  • (3)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (9)post_thanks_box
  • (3)post_thanks_box_bit
  • (9)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (3)post_thanks_postbit
  • (9)post_thanks_postbit_info
  • (9)postbit
  • (9)postbit_onlinestatus
  • (9)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • fetch_musername
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • post_thanks_function_fetch_thanks_bit_start
  • post_thanks_function_show_thanks_date_start
  • post_thanks_function_show_thanks_date_end
  • post_thanks_function_fetch_thanks_bit_end
  • post_thanks_function_fetch_post_thanks_template_start
  • post_thanks_function_fetch_post_thanks_template_end
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete