XF 2.2 Getting the post author user_id in a custom bbcode with Callback

[Lee]

I have the following code:

public static function renderChar(array $children, $option, array $tag, array $options, AbstractRenderer $renderer)
    {
        $output = trim($renderer->renderSubTree($children, $options));

        $charCode = \XF::visitor()->Profile->custom_fields->CharCode;

            return $renderer->wrapHtml(
            '<div style="color: ' . $charCode . '">',
            $output,
            '</div>'
        );
    }

I am looking to get the user entity of the user who is posting the message so I can load their custom_field "CharCode". At the moment I am loading the visitors value, which is not the outcome I want.

I guess I need to load the user entity by doing something like:

$userId = $attributes;

$user = \XF::em()->find('XF:User', $userId);

to make this data available, but how do I get the user ID of the posting user to get the right entity?

Thanks

 

[Lee]

Sorry to bump, still struggling with this

 

[Xon]

This is sadly more complex than you think, as XenForo doesn't actually have the concept of an "owner" for content.

In my Advanced bbcodes pack add-on, I've got "moderator only" bb-code which needs todo the following sort of hoop jumping to extract the owning user:

protected function populateRenderState(array $options, \XF\Entity\User &$user = null)
{
    $helperRepo = \SV\StandardLib\Helper::repo();
    $entity = $options['entity'] ?? null;
    if ($entity instanceof \XF\Mvc\Entity\Entity)
    {
...
        $user = $helperRepo->getUserEntity($entity);
        if ($user !== null && ($entity->isValidGetter('Content') || $entity->isValidRelation('Content')))
        {
            $user = $helperRepo->getUserEntity($entity->get('Content'));
        }
        // XFRM support, as it doesn't have a User/Content relationship...
        if ($user !== null && ($entity->isValidGetter('Resource') || $entity->isValidRelation('Resource')))
        {
            $user = $helperRepo->getUserEntity($entity->get('Resource'));
        }
    }
    else if ($this->renderer->getRules()->getSubContext() === 'preview')
    {
        $user = $options['user'] ?? null;
        if ($user !== null)
        {
            $user = $helperRepo->getUserEntity($user);
        }
    }
}

getUserEntity is from my (free) StandardLib addon

XenForo2-StandardLib/upload/src/addons/SV/StandardLib/Repository/Helper.php at aa5a194caf16f4b0d5a21e463ac93a7fe14872a9 · Xon/XenForo2-StandardLib

A number of helper utilities designed to ease add-on development - Xon/XenForo2-StandardLib

github.com

(I probably should move the "Content" and "Resource" checking code into it, but haven't gotten around to that yet.

 

[Lee]

Thanks Xon, such a massive help!

 

[Lee]

Working now, thank you. I should of known that you would have something in your library which resolved this!

 

[Xon]

You should also make sure $charCode is escaped when rendering:

$charCode = \XF::visitor()->Profile->custom_fields->CharCode;
$charCode = htmlspecialchars($charCode);

    return $renderer->wrapHtml(
    '<div style="color: ' . $charCode  . '">',
    $output,
    '</div>'
);

 

[Lee]

You should also make sure $charCode is escaped when rendering:

$charCode = \XF::visitor()->Profile->custom_fields->CharCode;
$charCode = htmlspecialchars($charCode);

    return $renderer->wrapHtml(
    '<div style="color: ' . $charCode  . '">',
    $output,
    '</div>'
);

Thanks @Xon - is this to ensure nobody can run any harmful code?

 

[Xon]

It is to avoid the custom field's data potentially escaping the HTML attribute and becoming a persistent HTML/javascript injection. You might have validation on data being set, but that doesn't apply to any existing data

 

[Lee]

It is to avoid the custom field's data potentially escaping the HTML attribute and becoming a persistent HTML/javascript injection. You might have validation on data being set, but that doesn't apply to any existing data

Thanks Xon. Appreciate your help.

 

[Lee]

Thanks Xon. Appreciate your help.

@Xon - if I wanted to get the owner of a quoted users content, how hard would that be?

Whilst this works great, it can’t differentiate between a reply and a quote.

 

[Xon]

That would require extending XF\BbCode\Renderer\Html and extending the getRenderedQuote method.

You can extract the user id with $source['id'] ?? $attributes['member'] null (recommend you double check, was just a quick look!) and then fetch the user and extract the custom field and push back into the $attributes argument to get passed to the template. Then use a template modification on the public:bb_code_tag_quote to inject the relevant css/html as required.

You might be able to get away with wrapping the entire results if required, but I think you'ld need to modify the bb_code_tag_quote template