Register Members List Search Today's Posts Mark Forums Read

Reply
 
Thread Tools
  #1  
Old 22 Aug 2019, 20:52
vbSuperfan vbSuperfan is offline
 
Join Date: Jun 2019
Extension/product for creating custom BBcode executing my PHP code?

I'm quite surprised that I cannot find anything on this topic on Google, since it seems like an extremely likely thing for people to want to do, that is: Creating a special BBcode that can execute some certain PHP code of mine and then produce some string based on it?

In my case, I simply want the BBcode to return the user ID of the vBulletin user currently viewing the post where this BB code is located, like this:

Your User ID is: 1234

Does anyone have any tips for good skeleton code, tutorials or other useful starting points for creating your own PHP-based BBcodes like this, by means of an extension/product? The official vBulletin support indicates to me that this should at least be possible, here?

I've even heard that this (PHP-based custom BB codes) was standard functionality in vB4, available directly from the AdminCP, but removed in vB5, which makes it even more likely that a lot of people would have liked to created such extensions/products for vB5, so what am I missing?
Reply With Quote
  #2  
Old 22 Aug 2019, 21:10
In Omnibus's Avatar
In Omnibus In Omnibus is offline
 
Join Date: Apr 2010
Real name: Kris
The UserID appears when you hover over the user avatar. It's in the User Profile URL. Why would you need to create a PHP function to call the UserID when it's already easily available? I mean, it can be done but if it's not necessary it's a lot of work for nothing.
Reply With Quote
  #3  
Old 23 Aug 2019, 14:31
delicjous's Avatar
delicjous delicjous is offline
 
Join Date: Nov 2014
You could not execute php in a bbcode as far as I know. But yiu could execute javascript and you should use javascript for any task like this. By the way... Not anything that sounds not logical for anybody isn't logical for someone!
__________________
vBulletin-Forum.de closed!
Reply With Quote
  #4  
Old 23 Aug 2019, 15:20
Dave Dave is online now
 
Join Date: Jun 2010
Real name: Dave
Originally Posted by delicjous View Post
You could not execute php in a bbcode as far as I know. But yiu could execute javascript and you should use javascript for any task like this. By the way... Not anything that sounds not logical for anybody isn't logical for someone!
Problem is that he seems to need mobile support too on which you cannot execute custom JavaScript.

Anyway pretty sure they removed any kind of "eval" call in vBulletin because it opens the site up for many security risks.
__________________
https://technidev.com - security, development, exploits, vBulletin
dave[at]technidev[dot]com

Contact me for custom vBulletin 3/4 work & server/website management.
Reply With Quote
  #5  
Old 23 Aug 2019, 16:44
In Omnibus's Avatar
In Omnibus In Omnibus is offline
 
Join Date: Apr 2010
Real name: Kris
Originally Posted by delicjous View Post
You could not execute php in a bbcode as far as I know. But yiu could execute javascript and you should use javascript for any task like this. By the way... Not anything that sounds not logical for anybody isn't logical for someone!
I didn't mean to imply the customer doesn't need it, only that it's not going to be easy to code if it genuinely is necessary to whatever ends are trying to be served. When you start getting into trying to reverse engineer code to make it work you're asking for problems. Security would be the primary one. If you can backdoor into the core code then so can someone else.
Reply With Quote
  #6  
Old 27 Aug 2019, 00:26
vbSuperfan vbSuperfan is offline
 
Join Date: Jun 2019
Originally Posted by In Omnibus View Post
The UserID appears when you hover over the user avatar. It's in the User Profile URL. Why would you need to create a PHP function to call the UserID when it's already easily available? I mean, it can be done but if it's not necessary it's a lot of work for nothing.
Please see my justification for this functionality here.

Believe me, it's necessary.


Originally Posted by In Omnibus View Post
When you start getting into trying to reverse engineer code to make it work you're asking for problems.
The entire extension architecture of vBulletin 5 is more or less based on having to "reverse engineer code" in order to do anything (i.e. knowing which class methods to override/extend), so this statement doesn't make sense at all I'd say?

Originally Posted by In Omnibus View Post
Security would be the primary one. If you can backdoor into the core code then so can someone else.
This doesn't make any sense either. If I create a custom BB code that executes some static PHP code to generate its output (e.g. in order to display the user ID of the viewing user), this:

a) Doesn't open up any security vulnerabilities whatsoever.

b) Doesn't constitute any "backdooring" any more than any other PHP code added to vBulletin by any other extension, of for that matter, the core developers of vBulletin itself.

PS.
My main occupation is being a senior IT security expert, performing code security audits and providing advice for large organizations like banks and government entities...
Reply With Quote
Reply



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


New To Site? Need Help?

All times are GMT. The time now is 21:17.

Layout Options | Width: Wide Color: