View Full Version : Miscellaneous Hacks - Mod-Approved HTML Signatures for vBulletin 3.6

21 Aug 2006, 22:00
This is a 3.6 version of this hack for vBulletin 3.5.x. Upgrading is necessary if you had previously installed the hack. (Screenshots can also be found there.)


To avoid security risks (and general page mess-ups by users who are inexperienced at HTML), it is generally not a good idea to allow HTML in signatures. However, the annoying fact is that most people have perfectly legitimate reasons to want to use HTML in their signatures, and many of them know what they're doing and won't forget to close table tags that will embed the rest of the page into their signatures. Wouldn't it be great if you and your moderators could just look over the code of all HTML signatures before they actually get put on the forums? Well, look no further.

Admin and approver features:

- Fully phrased
- Specify groups which can approve HTML signatures in the Admin CP (moderators, super moderators and administrators by default)
- View list of all unapproved HTML signatures by clicking an unobtrusive link at the bottom of every page
- View and edit a single HTML signature's code without having it executed on the page or preview it after making sure it does not posess any obvious security risk

User features:

- Either use a normal BBCode signature, which does not need approval, or an advanced HTML signature
- Normal BBCode signature, if any, is used while HTML signature has not yet been approved
- HTML is shown as "on" in Signature Permissions box when editing HTML signature to avoid confusion, and is of course parsed in HTML signature preview
- Line breaks are not parsed in HTML signatures, so you can space out your code as you like without worrying about extra line breaks appearing in the finished product

Version History:

[vBulletin 3.6.x]
2.0: Adapted to 3.6, and that's pretty much it. If you had the hack installed on 3.5.x and just upgraded your board, you must import the new product (with Allow Overwrite set to Yes) and remake (or make, in the case of new ones) the template edits marked with an asterisk. Reuploading htmlsig.php should not be necessary; no changes have been made to the file.
[vBulletin 3.5.x]
1.6: Another missing TABLE_PREFIX added and the setting is now definitely included. No changes have been made to htmlsig.php, so to upgrade you only need to download the zip and import the new product-htmlsigapproval.xml.
1.5: HTML signatures now work in PMs. Added missing TABLE_PREFIX in a query. To upgrade: Again, reupload htmlsig.php and import the new product-htmlsigapproval.xml, making sure that "Allow Overwrite" is on.
1.1: It used to make HTML disabled in your already-approved HTML signature again after you edited it; now that's fixed. To upgrade: Reupload htmlsig.php and import the new product-htmlsigapproval.xml through the Admin CP, making sure that "Allow Overwrite" is ON.
1.0: Initial release.


Difficulty: Medium
Template edits: 6
Product installs: 1
File uploads: 1
Code modifications: 0
Additional database rows: 2


Support will be given in this thread if you have any questions, comments, suggestions, etc.

21 Aug 2006, 22:44
Great idea, and definitely reduces the risk of having signatures on by default...

MGM out

21 Aug 2006, 23:10
Sweet :)

/me is waiting if people ask for screenshots instead of checking old 3.5 version :D

/me clicks install of course too

22 Aug 2006, 01:07
Steps 2 and 3 cannot be done. The files do not exist in the ZIP you included. ><

Difficulty: Medium
Template edits: 6
Product installs: 1
File uploads: 1
Code modifications: 0
Additional database rows: 2


1: Unzip htmlsigapproval.zip.
2: Upload htmlsig.php to your main forum folder (the one containing global.php, forumdisplay.php, etc.)
3: Import product-htmlsigapproval.xml via the Admin CP Product Manager.
4: Go to vBulletin Options in the Admin CP, select User Profile Options and scroll to the bottom. Edit the setting "Groups that can approve of HTML signatures" to the groups you want to be able to approve HTML signatures. (Leave it as 5,6,7 if you want moderators, super moderators and administrators to have that ability.)
5: Be sure to disable HTML in regular signatures (located on the Edit Usergroup pages) - not much of a point in making people get their HTML signatures approved if their normal signatures can have HTML in them anyway.
6: Make the following template edits:

22 Aug 2006, 12:44

22 Aug 2006, 20:41
Okay, that is odd because I remember putting them in very clearly. o_O I guess I accidentally put them into the 3.5 zip instead of the one I was going to upload here or something. The correct one is there now...

EDIT: Ack, there was a short delay in actually putting it there (Firefox started misbehaving) but now it's definitely there.

22 Aug 2006, 21:20
Thank you. :)

24 Aug 2006, 11:50
it seems like something I really could use..

But what happens when someone who has an approved html signature edits his/her signature? Will it be re-qeued for moderation, or are edits automatically approved?

28 Aug 2006, 07:19
Does anyone know?

28 Aug 2006, 23:11
The edits will be put under moderation again, but the previous HTML signature will be shown until the edits are approved.

29 Aug 2006, 06:09
The edits will be put under moderation again, but the previous HTML signature will be shown until the edits are approved.

Fantastic! That answer was exactly the one that I was hoping for :D

31 Aug 2006, 04:03
Awesome Hack. Installed :D

Though I just noticed something. When I go to the Approval Page IE says it has a Error (The annoying lil ! in the bottom right of IE)

Gives me the following Information.

Line: 998
Char: 2
Error: Object Unexpected
Code: 0

31 Aug 2006, 17:03
Hmm, that is rather odd since there is no Javascript in the file at all. Admittedly I can't see the page as I'm not logged in (the less somebody with permission to edit HTML signatures). IE doesn't have a problem with the page on my forum, at least.

31 Aug 2006, 17:19
Hmmm odd ..

31 Aug 2006, 18:21
& what happens if someone puts <noscript> .. then you probably wont even be able to see the moderation qeue

31 Aug 2006, 20:41
Uhh... what?

01 Sep 2006, 01:49
Say you allowed users to customize their usertitles, then it's like a glitch & a security issue, because if you put an html code "<noscript>" it messes up the page.

Try it ..


01 Sep 2006, 16:33
The signature HTML isn't executed on any page anywhere until either the user or the approver chooses to preview it. When viewing somebody's HTML sig, you will simply see it in plaintext inside a textarea and can remove malicious code or tags that will mess up the page such as <noscript> before you actually preview the sig.

26 Apr 2008, 02:36
I'm currently using this mod since I want only a certain type of sig allowed at my site.

The small hitch I have right now is that when previewing sigs waiting to be approved, they don't render (BBCode, at the very least).

Is there something wrong, or does this not actually render the sigs? If the latter, any help on making it do so?