Register Members List Search Today's Posts Mark Forums Read

Reply
 
Mod Options
CES Parser Permissions Details »
CES Parser Permissions
Mod Version: 2.2.3, by thincom2000 (Coder) thincom2000 is offline
Developer Last Online: Oct 2019 I like it Show Printable Version Email this Page

This modification is in the archives.
vB Version: 3.6.x Rating: (10 votes - 4.80 average) Installs: 57
Released: 05 Feb 2007 Last Update: 08 Nov 2010 Downloads: 617
Supported DB Changes Uses Plugins Auto-Template Additional Files  

CES Parser Permissions
vBulletin 3.6.x, 3.7.x, 3.8.x, 4.0.x supported
Version: 2.2.3

If you encounter what you think may be a bug, please include your vBulletin version number when reporting it, since code and fixes differ greatly from 3.6.4 - 3.8.x.

*** NEWS ***
11/8/2010 - 2.2.3 released
5/15/2010 - 2.2.2 released
4/12/2009 - 3.6.x thread separated

Known Issues:
- If you are using the Advanced BB-Code Permissions hack, conflicts can arise when profile fields are parsed in the postbit, causing nothing be parsed. The fix is described here: https://www.vbulletin.org/forum/showthread.php?p=1252480

What It Does:
Allows you to grant only certain usergroups the ability to use HTML, BB-code, smilies, and IMG-code in their profile fields, posts, PMs, and in Project Tools.

Mod Features:
- parse profile fields on user profiles using Usergroup Permissions
- parse profile fields in postbits using Usergroup Permissions
- parse posts using Usergroup Permissions
- parse calendar events using Usergroup Permissions
- parse private messages using Usergroup Permissions
- parse Project Tools issues and replies using Usergroup Permissions
- parse Social Messages and usernotes using Usergroup Permissions
- complete Forum Rules integration
- disallow certain HTML tags

Products to Install: 1
Files to Upload: 3
Files to Edit: 0
Template Edits: 0

*** Changelog ***
As of Version 2.2.3
  • non-forum messages don't parse
  • poll options don't parse

As of Version 2.2.2
  • several bug fixes
  • compatible with VaultWiki 2.5.7 PL 1 & 3.0.0 RC 3

* This mod is offered for free here. Please donate if you like this mod *

Download Now

Only licensed members can download files, Click Here for more information.

Show Your Support

  • To receive notifications regarding updates -> Click to Mark as Installed.
  • If you like this modification support the author by donating.
  • This modification may not be copied, reproduced or published elsewhere without author's permission.
Similar Mod
Mod Developer Type Replies Last Post
Integration with vBulletin NZB Attachment Parser Dismounted vBulletin 3.6 Add-ons 72 11 Apr 2016 01:42

  #31  
Old 05 Apr 2007, 05:04
YabbaDabba YabbaDabba is offline
 
Join Date: May 2004
Error in readme.txt:

IS:
In forum/
-----------------------------
- upload: product-ces_html_profile.xml

SB:
In forum/
-----------------------------
- upload: bitfield_ces_html_profile.xml (I guess <<shrug>>)

And in the zip file, the 2 bitfield files are identified as belonging in the "includes/xml/" folder.

I assume the readme takes precedence, but it could be confusing to us literalists.

How about something like:

*******************************************
** INSTALLATION **
*******************************************

In forum root
-----------------------------
- upload: bitfield_ces_html_profile.xml

In forum/includes/xml/
-----------------------------
- upload: bitfield_ces_parser_perms.xml

In admincp > Plugins & Products > Manage Products > Add/Import Product
Install: product-ces_parser_perms.xml

and you're done.
Also, I would appreciate some screenshots as to what to expect.

What does the modified Manage Usergroups form look like?
What happens within the WYSIWYG editor if some basic tags are disabled?
Does the editor Preview reflect the disabled permissions?
Are the Posting Rules for the Editor changed?

p.s., I think this is the single most important add-on for our boards. Thank you so much for doing this!!
Reply With Quote
  #32  
Old 05 Apr 2007, 07:17
thincom2000 thincom2000 is offline
 
Join Date: Jun 2006
Real name: Ted
Originally Posted by YabbaDabba View Post
What does the modified Manage Usergroups form look like?
What happens within the WYSIWYG editor if some basic tags are disabled?
Does the editor Preview reflect the disabled permissions?
Are the Posting Rules for the Editor changed?
The WYSIWYG editor does not seem to reflect the permissions. Everything parses in the editor until the post is submitted. I will have to fix this.

I don't believe editor Preview currently does, I will have to fix this as well (unfortunately will add a query to the Post Preview in the Editor.

The posting rules do change.
Reply With Quote
  #33  
Old 05 Apr 2007, 07:36
YabbaDabba YabbaDabba is offline
 
Join Date: May 2004
Thanks.

In re-reading the instructions, I think I got it wrong, but I still don't quite understand the intent.

Are you recommending uploading the product-xml to the server and installing it as a product from there? Why not install locally? ANd why are there 2 bitfield files if only one is needed? Or am I still way off the mark? :LOL:
Reply With Quote
  #34  
Old 05 Apr 2007, 07:43
YabbaDabba YabbaDabba is offline
 
Join Date: May 2004
Oops. I see there's a new zip.

I'll give it a shot. Thanks for the quick turn-around!
Reply With Quote
  #35  
Old 05 Apr 2007, 08:10
YabbaDabba YabbaDabba is offline
 
Join Date: May 2004
In your readme, you state:
Don't be disillusioned: it is still possible for hackers to workaround
these limitations. Only grant HTML to members of your site's staff.
I'm not looking for hacking tips here, but I don't understand what you mean by "limitations" specifically.

Are you referring specifically to the html limits?
Are you referring to the vB-imposed html limits or the CES-imposed limits?
Are you saying that CES Parser Perms opens new security holes in the php or are you referring to hacking the vB php or are you saying that once CES opens the html door a tiny bit, the hackers are off to the races?
And if you are suggesting that there are risks once CES opens up some limited html rights, can you give me a general idea of what you mean? That is, what would tip me off that someone is trying to break things (besides a cracked forum, that is ).

Just trying to better understand the risk you are referring to.
Reply With Quote
  #36  
Old 05 Apr 2007, 09:57
YabbaDabba YabbaDabba is offline
 
Join Date: May 2004
Well, I don't know.
I am only interested (right now) in turning off the IMG tag for new users, but I couldn't get it to work?

Steps:
1 - Uploaded product-ces_html_profile.xml to forum root
2 - Upload bitfield_ces_parser_perms.xml to /includes/xml/
3 - set permissions on both to 755
4 - installed product-ces_html_profile.xml as product (from local copy)
5 - vBulletin Options -> CES Profile Fields -> Banned Tags were left as is
6 - vBulletin Options -> CES Profile Fields -> Global Variables were all deleted (not using "anything" tag)
7 - Usergroup Manager -> Edit Usergroup -> CES Profile Permissions left unchanged
8 - Usergroup Manager -> New Members > Edit Usergroup -> Post/Thread Permissions changed only IMG tag to "no"
9 - created new account in "New Members" group
10 - logged in as new member in FF 2.0.0.2 browser
11 - clicked Post Reply
12 - Editor page does indeed show "[IMG] code is Off"
13 - Added text and copy-n-pasted an image into editor (it appeared in editor)
14 - Clicked Preview (did NOT appear in preview - just the img tags and image url)
14 - Clicked "Submit" to display post.
15 - Image graphic appears in post. I can see it as a "New Member" in FF2 and as Admin in IE7.

So, what did I do wrong??

Also tried changing CES Profile Permissions for IMG tag in profile to "No" but this had no effect on posting either (which is good).

Environment:
vB 3.6.5
PHP Version 5.2.0-8+etch1
Server API CGI/FastCGI
MySQL 5.0.32-Debian_7etch1-log
Server lighttpd/1.4.13
OS Linux

Last edited by YabbaDabba; 05 Apr 2007 at 10:11. Reason: added environment layers
Reply With Quote
  #37  
Old 05 Apr 2007, 10:19
YabbaDabba YabbaDabba is offline
 
Join Date: May 2004
If I ALSO disable BB codes in Usergroup -> Post/Thread Permissions, that seems to knock out the IMG tag parsing successfully.

But that seems way harsh.

Is that your intent?
Reply With Quote
  #38  
Old 05 Apr 2007, 13:22
thincom2000 thincom2000 is offline
 
Join Date: Jun 2006
Real name: Ted
In the plugin called Post Parsing Perms, find:

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

Replace with:

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

Originally Posted by YabbaDabba
I'm not looking for hacking tips here, but I don't understand what you mean by "limitations" specifically.
I am saying that the Banned HTML Tags setting in this addon is nowhere near hacker proof. If a hacker wants to use those tags, they will find a way. That being the case, limit the Usergroups allowed to use HTML to those you know probably don't inlcude members who will be trying to hack your site.
Reply With Quote
  #39  
Old 05 Apr 2007, 14:58
YabbaDabba YabbaDabba is offline
 
Join Date: May 2004
That seems to have done the trick.

Thank you, thank you, thank you!

FYI: In both IE and FF, minor weirdness in the editors.

A graphic image pasted into the edit window displays as an image (which can build expectations).

But using preview knocks out the disabled codes. (just see the raw BB codes)

Submitted posts don't parse the disabled codes. IMG source displayed as URL.

Edit Posts doesn't display the parsed tags, just the raw BB codes.

Again, this is in IE7 and FF 2.0.0.2. Your mileage may vary.

Thanks again.
Reply With Quote
  #40  
Old 10 Apr 2007, 09:27
YabbaDabba YabbaDabba is offline
 
Join Date: May 2004
May be seeing some weirdness in un-even coverage of permissions?

Symptoms:
Mod-to-Mod PMs are not parsing BB code. (Mod sees the unparsed tags in PM from another Mod.)
Admin-to-Mod PM is parsing BB code. (Mod says he sees the parsed results in PM from admin.)

Mod says his posting rules on his PM Editor page is:

Posting Rules
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

I assume the PM code permissions are the same as the posting permissions.
For Mods and Admins, they are set the same (via Usergroup Mgr > Edit > Post / Thread Permissions):
- Allow HTML in posts? No
- Allow BB-code in posts? Yes
- Allow Smilies in posts? Yes
- Allow IMG-code in posts? Yes
- Allow Anything-code in posts? No

And "CES Profile Permissions" are set the same as above (except it says "profile fields" ).

Can't see anything else in the Usergroup settings that would be the cause of this.

Suggestions and ideas?

============
NOTE: your ver 1.2.2 is still displaying as 1.2.1 in the Managed Products list.

Last edited by YabbaDabba; 10 Apr 2007 at 10:31.
Reply With Quote
  #41  
Old 10 Apr 2007, 11:24
YabbaDabba YabbaDabba is offline
 
Join Date: May 2004
I think the Preview window not parsing tags per the user's new permissions is the biggest problem we are seeing.
Reply With Quote
  #42  
Old 15 Apr 2007, 11:24
YabbaDabba YabbaDabba is offline
 
Join Date: May 2004
Since this hack essentially disables the Preview window for everybody, will you be fixing that problem anytime soon?

Right now, I can't really use this because it causes more problems than it fixes.
Reply With Quote
  #43  
Old 15 Apr 2007, 18:05
thincom2000 thincom2000 is offline
 
Join Date: Jun 2006
Real name: Ted
Fixed the preview window by adding a query when the user clicks the Preview button and combining 2 plugins.

Hopefully these changes fix the PM issues you were having, although I have not been able to test this extensively.

Last edited by thincom2000; 15 Apr 2007 at 18:18.
Reply With Quote
  #44  
Old 17 Apr 2007, 15:36
YabbaDabba YabbaDabba is offline
 
Join Date: May 2004
Wow!

I'll give it a test.
Reply With Quote
  #45  
Old 17 Apr 2007, 15:45
YabbaDabba YabbaDabba is offline
 
Join Date: May 2004
Originally Posted by thincom2000 View Post
Fixed the preview window by adding a query when the user clicks the Preview button and combining 2 plugins.

Hopefully these changes fix the PM issues you were having, although I have not been able to test this extensively.
In your new ver 1.2.4 zip, the readme states:
INSTALLATION
In forum/
-----------------------------
- upload: product-ces_html_profile.xml
Still not sure what you are after here. Do you actually want this in the forum root?
Do I have to install from the forum root on the server, or can I just install from a local copy on my personal computer?

Sorry for being so thick here.

Last edited by YabbaDabba; 17 Apr 2007 at 16:04.
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Mod Options

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


New To Site? Need Help?

All times are GMT. The time now is 08:41.

Layout Options | Width: Wide Color: