View Single Post
  #6  
Old 27 Aug 2019, 00:26
vbSuperfan vbSuperfan is offline
 
Join Date: Jun 2019
Originally Posted by In Omnibus View Post
The UserID appears when you hover over the user avatar. It's in the User Profile URL. Why would you need to create a PHP function to call the UserID when it's already easily available? I mean, it can be done but if it's not necessary it's a lot of work for nothing.
Please see my justification for this functionality here.

Believe me, it's necessary.


Originally Posted by In Omnibus View Post
When you start getting into trying to reverse engineer code to make it work you're asking for problems.
The entire extension architecture of vBulletin 5 is more or less based on having to "reverse engineer code" in order to do anything (i.e. knowing which class methods to override/extend), so this statement doesn't make sense at all I'd say?

Originally Posted by In Omnibus View Post
Security would be the primary one. If you can backdoor into the core code then so can someone else.
This doesn't make any sense either. If I create a custom BB code that executes some static PHP code to generate its output (e.g. in order to display the user ID of the viewing user), this:

a) Doesn't open up any security vulnerabilities whatsoever.

b) Doesn't constitute any "backdooring" any more than any other PHP code added to vBulletin by any other extension, of for that matter, the core developers of vBulletin itself.

PS.
My main occupation is being a senior IT security expert, performing code security audits and providing advice for large organizations like banks and government entities...
Reply With Quote