Not a bug Custom Bb Codes - Signature restrictions problems

cclaerhout

Well-known member
Class: XenForo_ControllerPublic_Account

Please read the comments inside the code:
PHP:
  /**
    * Save signature
    *
    * @return XenForo_ControllerResponse_Redirect
    */
   public function actionSignatureSave()
   {
     $this->_assertPostOnly();

     $visitor = XenForo_Visitor::getInstance();

     if (!$visitor->canEditSignature())
     {
       return $this->responseNoPermission();
     }

     $signature = $this->getHelper('Editor')->getMessageText('signature', $this->_input);
     $signature = XenForo_Helper_String::autoLinkBbCode($signature, false);

     /** @var $formatter XenForo_BbCode_Formatter_BbCode_Filter */
     $formatter = XenForo_BbCode_Formatter_Base::create('XenForo_BbCode_Formatter_BbCode_Filter');
     $formatter->configureFromSignaturePermissions($visitor->getPermissions());

     $parser = XenForo_BbCode_Parser::create($formatter);
     $signature = $parser->render($signature);
    
     if ($formatter->getDisabledTally()) /*The signature must first be parsed to get access to the disabled tally*/
     {
       $formatter->setStripDisabled(false);
       $signature = $parser->render($signature); /*The signature which now should not contain any Bb Codes is parsed again*/
     }

     if (!$formatter->validateAsSignature($signature, $visitor->getPermissions(), $errors))
     {
       /*
         The first argument, $signature, should be the signature with Bb Codes whereas the provided variable has already been parsed
         => The error "your_signature_may_not_contain_disabled_tags" will then never be displayed
       */
       return $this->responseError($errors);
     }

     $spamModel = $this->_getSpamPreventionModel();

     if ($signature && $spamModel->visitorRequiresSpamCheck())
     {
       $spamResult = $spamModel->checkMessageSpam($signature, array(), $this->_request);
       switch ($spamResult)
       {
         case XenForo_Model_SpamPrevention::RESULT_MODERATED:
         case XenForo_Model_SpamPrevention::RESULT_DENIED;
           $spamModel->logSpamTrigger('user_signature', XenForo_Visitor::getUserId());
           return $this->responseError(new XenForo_Phrase('your_content_cannot_be_submitted_try_later'));
       }
     }

     $settings = array('signature' => $signature);

     if (!$writer = $this->_saveVisitorSettings($settings, $errors))
     {
       return $this->responseError($errors);
     }

     return $this->responseRedirect(
       XenForo_ControllerResponse_Redirect::SUCCESS,
       XenForo_Link::buildPublicLink('account/signature')
     );
   }

Modification to solve the problem:
PHP:
  /**
    * Save signature
    *
    * @return XenForo_ControllerResponse_Redirect
    */
   public function actionSignatureSave()
   {
     $this->_assertPostOnly();

     $visitor = XenForo_Visitor::getInstance();

     if (!$visitor->canEditSignature())
     {
       return $this->responseNoPermission();
     }

     $signature = $this->getHelper('Editor')->getMessageText('signature', $this->_input);
     $signature = XenForo_Helper_String::autoLinkBbCode($signature, false);

     /** @var $formatter XenForo_BbCode_Formatter_BbCode_Filter */
     $formatter = XenForo_BbCode_Formatter_Base::create('XenForo_BbCode_Formatter_BbCode_Filter');
     $formatter->configureFromSignaturePermissions($visitor->getPermissions());

     $parser = XenForo_BbCode_Parser::create($formatter);
     $signatureParsed = $parser->render($signature);
    
     if ($formatter->getDisabledTally())
     {
       $formatter->setStripDisabled(false);
       $signatureParsed = $parser->render($signature);
     }

     if (!$formatter->validateAsSignature($signature, $visitor->getPermissions(), $errors))
     {
       return $this->responseError($errors);
     }

     $spamModel = $this->_getSpamPreventionModel();

     if ($signatureParsed && $spamModel->visitorRequiresSpamCheck())
     {
       $spamResult = $spamModel->checkMessageSpam($signatureParsed, array(), $this->_request);
       switch ($spamResult)
       {
         case XenForo_Model_SpamPrevention::RESULT_MODERATED:
         case XenForo_Model_SpamPrevention::RESULT_DENIED;
           $spamModel->logSpamTrigger('user_signature', XenForo_Visitor::getUserId());
           return $this->responseError(new XenForo_Phrase('your_content_cannot_be_submitted_try_later'));
       }
     }

     $settings = array('signature' => $signatureParsed);

     if (!$writer = $this->_saveVisitorSettings($settings, $errors))
     {
       return $this->responseError($errors);
     }

     return $this->responseRedirect(
       XenForo_ControllerResponse_Redirect::SUCCESS,
       XenForo_Link::buildPublicLink('account/signature')
     );
   }
($signature => $signatureParsed)


Tested with the official custom Bb Codes.

P.S: it would be nice the phrase "your_signature_may_not_contain_disabled_tags" has an argument to display which Bb Code TagName has been wrongly used.
 

Mike

XenForo developer
Staff member
Can you please explain what the problem is and steps to reproduce it (and what you expect to happen)?

I think you're making an implication that the issue involves us stripping disabled BB codes automatically, but this is actually something we do intentionally -- it was mentioned in the original Have You Seen. The only case where we don't strip them is to prevent an obscure method for potentially avoiding the signature limits.
 

cclaerhout

Well-known member
Then what is the purpose of the code below (class XenForo_BbCode_Formatter_BbCode_Filter) ?
PHP:
    if (!$this->_stripDisabled)
     {
       foreach ($this->_disabledTags AS $disabledTag)
       {
         if ($this->getTagTally($disabledTag))
         {
           $errors[] = new XenForo_Phrase('your_signature_may_not_contain_disabled_tags');
           break;
         }
       }
     }
It will never be used(*) with a Custom Bb Code whereas it was supposed to be (function actionSignatureSave):
PHP:
$formatter->setStripDisabled(false);

*: see the reason in my previous post.
 

cclaerhout

Well-known member
Ok ! So the normal behavior is to strip in silence Bb Codes that can't be used in signature. I got it thanks. Then this thread goes to the "not a bug" category :)
 
Top