ParseHTML - Permission-enabled HTML BBCode

[Luke F]

This addon, as requested here, allows your members with the appropriate permission to post plain HTML within [parsehtml] BBCode tags.

Currently the tag is only enabled within threads and post previews (edit, reply, new thread).


Update 0.0.4 to 0.0.5:

1. Upload contents of upload folder to forum root
2. Upgrade using new addon xml file

Installation:

1. Upload contents of upload folder to forum root
2. Install addon xml file
3. Configure the extra permission as you see fit.
4. Optional XenPorta support

​

​

Changelog:


0.0.5 (26/12/2011):

• Brought up to date with latest 1.1.1 code
• Added support for edit previews
• Added support for inline edit saves
• Prevented media/url auto linking within parsehtml tags

0.0.4 (21/11/2010):

• Added a nasty workaround to actually fix the incompatibility BBCode Manager this time

0.0.3 (21/11/2010):

• Removed unnecessary code which was probably breaking BBCode Manager.

0.0.2 (21/11/2010):

• Added support for Reply and Create Thread Preview, and AJAX Quick Reply.
• Removed extra line break after [parsehtml] tag.
• Fixed auto linked url tags from showing up.
• Text inside [parsehtml] no longer bypasses the word censor.

​

0.0.1 (20/11/2010): First public release


Disclaimer: This uses a very non-standard way of checking user permissions (mainly to avoid file edits), so please take this into consideration given what the addon allows users to do. I have only given it limited testing and take no responsibility if your board is compromised through nasty HTML. Also keep in mind that this addon overrides a large chunk of XenForo code for thread viewing (for now), and will probably need updated on each XF release.


Donations go here.

 

[Brogan]

Excellent work as always.

 

[NolF]

I can't thank you enough Darkinmortal It works very well

For those wondering, bbcode will not be parsed in any part of the post if [parsehtml] is present, and the AJAX posting does not show parsedHTML, you will need to refresh the page. But it works!!!

 

[maidos]

now i wonder if darkmortall got the 100 usd donation
btw thanks needed mod here aswel

 

[NolF]

I'm contacting him for details

Xenforo is still parsing urls though which doesn't work

<a href="http://google.com">G </a> is becoming  <a href="[URL]http://google.com[/URL]">G</a>

 

[Luke F]

0.0.2 released

I couldn't reproduce the bit about it stopping other bbcode from being parsed however.

 

[NolF]

I couldn't be any happier Update fixed the URL issue

The bbcode issue seems to be related to using the bbcode manager and using bbcodes created through that manager, othe rnormal bbcodes work fine, so no problem ^^

 

[Jeremy]

I couldn't be any happier Update fixed the URL issue

The bbcode issue seems to be related to using the bbcode manager and using bbcodes created through that manager, othe rnormal bbcodes work fine, so no problem ^^

Hm?

 

[NolF]

Hm?

I hope this helps clarify what I meant

 

[Jeremy]

Hm. So this in essence removes all PHP callback methods from BB Code Manager?

 

[NolF]

That's what it seems like. I think how it works (I could be mistaken is) it creates a somewhat alternative pathway to render the pages which does not have the callbacks methods from BB Code Manager :/

 

[Jeremy]

The callbacks are called statically via PHP, so location doesn't matter. I'm not entirely sure why this would be working in such a way, will try to expose a method for setting extra array parameters for advanced tags such as this with the manager, so it can render an add-on such as this obsolete (no offense Dark...!), where once its written, it could be stand alone or placed into the BB Code Manager, this, in theory could solve your issues. I will continue to investigate this over the next few days. But a quick fix that should work would be to open the file located at KingK/BbCodeManager/BbCode/Formatter/Base.php and replace the function getTags() with the following code:

	public function getTags()
	{
		$this->_tags = parent::getTags();
		$customTags = XenForo_Model::create('KingK_BbCodeManager_Model_CustomBbCode')->getAllCustomBbCodes();
		foreach($customTags AS $custom)
		{
			if((boolean)$custom['active'])
			{
				if($custom['replacementBegin'])
				{
					$this->_tags[$custom['tag']] = array(
						'hasOption' => $this->_hasOption($custom['requiresOption']),
						'replace' => array($custom['replacementBegin'], $custom['replacementEnd'])
				}
				else if($custom['phpcallback_class'])
				{
					$this->_tags[$custom['tag']] = array(
						'parseCallback' => array($this, 'parseValidatePlainIfNoOption'),
						'callback' => array($this, 'renderAdvancedTag')
					);
				}
			}
		}
		$tags['parsehtml'] = array(
				'hasOption' => false,
				'plainChildren' => true,
				'stopSmilies' => true,
				'stopLineBreakConversion' => true,
				'trimLeadingLinesAfter' => 1,
				'callback' => array($this, 'renderTagParseHtml')
			);
		return $this->_tags;
	}

	public function renderTagParseHtml(array $tag, array $rendererStates)
	{
		if($this->user_id < 1)
			return $this->renderTagUnparsed($tag, $rendererStates);
		@$usermodel = XenForo_Model::getModelFromCache('XenForo_Model_User');
		$user = $usermodel->getUserById($this->user_id, array(
			'join' => XenForo_Model_User::FETCH_USER_PERMISSIONS
		));
		if(!XenForo_Permission::hasPermission(unserialize($user['global_permission_cache']), 'dark_parsehtml', 'thread'))
			return $this->renderTagUnparsed($tag, $rendererStates);		
		$content = $this->stringifyTree($tag['children']);
		$content = str_ireplace(array("[url]", "[/url]", "[email]", "[/email]", "[media]", "[/media]"), "", $content);
		$content = XenForo_Helper_String::censorString($content);
		//$content = $this->filterString($content, $rendererStates);

		return '<div class="parseHTML">' . $content . '</div>';
	}

Then, in this add-on, remove the PHP file located at Dark/ParseHTML/BbCode/Formatter/Ritsu.php. Don't worry, its contents are in the edit I provided above. Doing so should in theory and hopefully fix your problem. If not, there are some more issues within my manager that need to be worked out.

 

[NolF]

I think you missed a ); here

                if($custom['replacementBegin'])
                {
                    $this->_tags[$custom['tag']] = array(
                        'hasOption' => $this->_hasOption($custom['requiresOption']),
                        'replace' => array($custom['replacementBegin'], $custom['replacementEnd'])
                    );
                }

The solution is not working though

After changing KingK/BbCodeManager/BbCode/Formatter/Base.php and removing Dark/ParseHTML/BbCode/Formatter/Ritsu.php I get the following error
Fatal error: Class name must be a valid object or a string in /public_html/library/XenForo/BbCode/Formatter/Base.php on line 1360 contains

$tag['children'][$first] = ltrim($tag['children'][$first]);

Disabling the parseHTML hack gives the following error
Fatal error: Call to undefined method KingK_BbCodeManager_BbCode_Formatter_Base::_hasOption() in /public_html/library/KingK/BbCodeManager/BbCode/Formatter/Base.php on line 18

I hope that helps you debug the problem

 

[Luke F]

Fixed the incompatibility with BBCode Manager, I think.

Dunno why I left the getTagsAgain function from TaigaChat in >.>

 

[Jeremy]

NoIF, revert back to normal. If it had worked, I wouldn't have minded figuring out teh real reason with Dark. But I wrote it late without much sleep. Ooops.

 

[NolF]

NoIF, revert back to normal. If it had worked, I wouldn't have minded figuring out teh real reason with Dark. But I wrote it late without much sleep. Ooops.

Wish it had Thanks for the effort though

Fixed the incompatibility with BBCode Manager, I think.

The 0.03 is still giving me the same problem as reported in post #9. BBcodes using the BBcode Manager callback methods are still not working

 

[Luke F]

0.0.4 released - seems to work with BBCode Manager now

 

[Floris]

What happens if someone has permission to use that code, but someone quotes the post. It shows as plain text and doesn't get executed right? Security is a must.

 

[Luke F]

What happens if someone has permission to use that code, but someone quotes the post. It shows as plain text and doesn't get executed right? Security is a must.

Yup, the permissions are based on who the poster is, regardless of quotes etc.

 

[Floris]

Excellent.