51 Reply by whatrevolution

(48 replies, posted in PunBB 1.3 extensions)

Garciat wrote:

I'm supposing most people don't go around making every person an admin.

As you can see, both the dev team and I think that it's your responsibility that your admins behave well.

I must strongly disagree with this philosophy.  A person who is a friend today, could easily be an enemy tomorrow.  The conflict between administrators could be between a second and third person, neither of which are you.  It is very naive to interact with humans, or program software, based on an assumption of trust.

That said, consider another scenario.  A black-hat-hacker has used a man in the middle WiFi attack on your administrator's laptop at a coffee shop that has a WiFi-hotspot.  Your administrator's forum password is sent via clear-text HTTP, and is caught by the hacker.  Because of the forum post I am replying to, this vulnerability in your extention (or one like it in PunBB itself, if we bothered to look) is found in MetaSploit (google it!).

The hacker owns your administrator, and YOU... because you were too lazy to write a regex filter for <META NAME="KEYWORDS" CONTENT="your keywords,go here,separated by a comma,but not a space">

(\s*[a-zA-Z0-9]+\s*\,\s+)+

Go to forum: PunBB 1.3 extensions

52 Reply by whatrevolution

(10 replies, posted in PunBB 1.3 extensions)

<bump>

Administrators should be able to register new accounts from within their admin panel.

</bump>

Go to forum: PunBB 1.3 extensions

53 Topic by whatrevolution

(9 replies, posted in PunBB 1.3 extensions)

[center]I saw a reference to this in another thread, but no explicit request.[/center]

I peeked at Neck's [video] extension and made liberal use of copy/paste to end up with the following code:

Update (Slavok's edit, plus my own):

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE extension SYSTEM "ext-1.0.dtd">

<!--
/**
 * BBCode [center][/center] extension for PunBB forum
 * A new BBcode tag to center text.
 *
 * @author whatrevolution - http://www.honestlyillustrated.com
 * @license GPL - http://www.gnu.org/copyleft/gpl.html
 * @package pun_bbcode_center
 */
-->

<extension engine="1.0">
    <id>bbcode_center</id>
    <title>BBCode [center][/center]</title>
    <version>0.1.1</version>
    <description>A new BBcode tag to center text.</description>
    <author>whatrevolution - http://www.honestlyillustrated.com</author>
    <minversion>1.3</minversion>
    <maxtestedon>1.3.1</maxtestedon>

    <hooks>
        <hook id="ps_start"><![CDATA[

// tag handling function
function handle_center_tag($inputText) {
    return '<div style="text-align:center;">'.$inputText.'</div>';
}

        ]]></hook>

        <hook id="ps_preparse_tags_start"><![CDATA[

// add our tag to the list
$tags[] = 'center';
$tags_opened[] = 'center';
$tags_closed[] = 'center';
// $tags_inline[] = 'center';
// $tags_trim[] = 'center';

        ]]></hook>
        <hook id="ps_do_bbcode_replace"><![CDATA[

// add pattern to catch [center]blahblah[/center]
$pattern[] = '#\[center\](.*?)\[/center\]#se';
$replace[] = 'handle_center_tag(\'$1\')';

        ]]></hook>
    </hooks>
</extension>

Go to forum: PunBB 1.3 extensions

54 Reply by whatrevolution

(41 replies, posted in PunBB 1.3 extensions)

Thanks for this. _o_O/

Edit:  Can you add documentation to /help/bbcode/?

Go to forum: PunBB 1.3 extensions

55 Reply by whatrevolution

(9 replies, posted in PunBB 1.3 extensions)

You need to find (or write) a hook for the site-configured /img/avatars directory, and put a dropdown box (already populated with the available images) in place of the text input you have now.  The path you're writing into <img src=""> right now is broken by non-default URL styles, like so:

forum.tofhq.org/topic/2/daniel/img/avatars/kb_headbang.gif

This happens when you try to use a relative path to the image.

But thank you, I like the idea, and a full URL works.

Oh, forgot to mention:  You left .svn directories in "lang" and "lang/English". wink

Go to forum: PunBB 1.3 extensions

56 Reply by whatrevolution

(6 replies, posted in PunBB 1.3 troubleshooting)

A note for anyone finding this thread later (as I just did, 10 months later), an upgrade on this forum seems to have changed the opening post content and parsed the second &amp; into &, though it won't happen with this post I'm writing now... in case it happens again (lol) we were talking about the HTML entity for & being printed as plain text.

big_smile

Go to forum: PunBB 1.3 troubleshooting

57 Reply by whatrevolution

(19 replies, posted in PunBB 1.3 extensions)

Neck wrote:

-If a user only change a question then results shouldn't be flushed or it should be an option (I'm assuming most edits will be for typos).

An unsafe assumption.  The poll questions could be swapped to cheat the results.  A simple sollution: compare the original string with the new one.  It doesn't have to be a complicated comparison, just tokenize both strings by whitespace and compare the words; and allow the administrator to set an integer value for "maximum word change in poll question edits".

The most complicated aspect of that is short questions in polls.  Disregard the "maximum word" threshold when the original string's word-count is below the "maximum" integer.

Go to forum: PunBB 1.3 extensions

58 Reply by whatrevolution

(6 replies, posted in PunBB 1.3 troubleshooting)

View source and see if it is actually " &amp; " , no quotes.

& generally isn't allowed in usernames and such, for the chance that it appears in a URL where it is a special character, etc.  Though I can't speak for PunBB itself.  That DOES look like the username is passing through htmlentities() or htmlspecialchars().  Maybe it is going through more than once?

Go to forum: PunBB 1.3 troubleshooting