XF 2.0 Render a bbcode where we need to take into account the \XF::visitor() and issue with watched threads (email)

Scandal

Well-known member
Hello all!
Well, I have built a bbcode which is showing its contents only to staff members.
Here is some part of the code:
PHP:
class StaffBBCode
{
    public static function render($tagChildren, $tagOption, $tag, array $options, \XF\BbCode\Renderer\AbstractRenderer $renderer)
    {
        //blah blah

        $userinfo = \XF::visitor();   
        $visible = false;
        
        if ($userinfo->is_admin
            OR $userinfo->is_moderator
            OR $userinfo->is_staff)
        {
            $visible = true;
        }
        
       return blahblah
    }
}

When someone who is belonging to Staff is posting on a thread, then he can see the staff bbcode which is correct because he is the $userinfo.
The issue is that if the thread creator (other user / not Staff) has select to Watch the thread, he can see on the e-mail the content of that staff bbcode which is not normal.

As you understand, during the e-mail prepare and sending, the system is taking into account the $userinfo of the current visitor which is Staff. But the receiver of the e-mail is not belonging to Staff.

How could I get the $userinfo / user_id of the user who is receiving the e-mail so I could make the compare of the userids etc?
 
There isn't a way to do that.

The best you could do is check which renderer is being used, and blank it out for the Email renderer:

PHP:
class StaffBBCode
{
    public static function render($tagChildren, $tagOption, $tag, array $options, \XF\BbCode\Renderer\AbstractRenderer $renderer)
    {
        //blah blah

        $userinfo = \XF::visitor();   
        $visible = false;
        
        if (!($renderer instanceof \XF\BbCode\Renderer\EmailHtml) && ($userinfo->is_admin
            || $userinfo->is_moderator
            || $userinfo->is_staff))
        {
            $visible = true;
        }
        
       return blahblah
    }
}

I'm not sure which renderer is used for plain text emails... or if there are any plain text emails sent with XF 2.0 at that, actually (and I can't be arsed to check).
 
Hi Liam and thanks for you post :)

Yes, I think too that is not possible to compare users for this.
I used your code but it still showing the bbcode as $visible = true;

Any other idea? :)
 
Well, I was able to fix it. I used the code of Liam, but I had a $renderer variable changed on blah blah part which was incorrect. Now all ok.

Thank you very much for your help :)
 
Hello guys! :)

I have a new issue about it.
It seems that in some locations on the XF2 like What's New / Latest Activity etc, where the post content is parsed as plain text for final view, the content of the tag [STAFF] is still displaying instead of trimed or be hide like the render() method.

Where I have to fix it? I have checked lots of render / html files, but I can't find what method is parsing the post contents on the above page (Latest Activity, Profile - Postings).
 

Attachments

  • 111.webp
    111.webp
    31.5 KB · Views: 19
That stuff doesn't go through any BB Code rendering process, so your BB Code rules are not applied. You'll need to extend the XF\Str\Formatter to strip out those parts. My Editor Manager has a working example in it.

Your users will still be able to "guess" the content through searching, for example they could search for "Only for staff" and your post would show up, even though the matched text won't be shown to them. That's a limitation that can't be worked around.
 
Back
Top Bottom