Not a bug Convo Text Editor Error -- Removes forum on unclosed user bbcode

Location of error: Private Messaging System
Severity of error: Renders forum unusable

Description of error:

I had been typing a private message, where I used the line below (in a code block to prevent parsing)
/titles [user] <title> -- changes another user's title if they have the don3 permission
This line was in addition to more writing, as well as code. But, it appears that Xenforo parsed the square brackets as a tag incorrectly.

Results: everything above the top breadcrumb bar is missing (image included with news slider selected for extra irony)


Additionally, everything below my post was missing as well, including the edit/like bar, signature, and the footer.

footer missing.PNG

I have forgotten to close tags in the past. However, in the past, the parser has either ignored it, or in the case of spoiler tags, just assumed everything until the end of the post belonged in the spoiler.

Let me know if you'd like any additional information. The raw webpage html is attached below. Also, here's a code snippet of the problem area:

<div class="messageContent">     
                <blockquote class="messageText ugc baseHtml">
                    Coming to you again for coding assistance. I&#039;ve been away from Java for quite some time and so trying to come from c# makes things interesting, especially with the changes in syntax. I was wondering if you would be able to look over this short bit of code. I have written plugin that is designed to replicate the functionality of the EasyTitles plugin, but instead it changes the prefix of that particular user in PermissionsEx and allows users to create their own from scratch as opposed to choosing from a pre-defined list.<br />
<br />
The end-user functionality is as follows:<br />
<br />
/titles - shows help<br />
/titles help -- shows help<br />
/titles ? -- shows help<br />
/titles &lt;title&gt; -- changes the users&#039; title if they have the don1 permission<br />
/titles <a href="members/title-changes-another-users-title-if-they-have-the-don3-permission-this-plugin-is-based-off-of-the-sparse-permissionsex-documentation-located-here.0/" class="internalLink" rel="nofollow"> <title> -- changes another user's title if they have the don3 permission

This plugin is based off of the sparse PermissionsEx documentation located here: </a>
Edit: I would replicate the issue here, but if I was to successfully replicate the error in this thread, nobody would be able to reply. However, I would be happy to attempt to replicate this error in a private convo (as I'm not sure this affects threads).


XenForo developer
Staff member
I have attempted to reproduce this myself, and failed. The user tag itself isn't valid by default without an option (specifying a user ID). You're free to send me a PM with this content if you want to confirm.

I would have to assume this is from an add-on or a custom BB code. However, your example may imply a vulnerability. I would look into confirming where this is coming from and likely removing/disabling what has changed the behavior of this BB code.