I still need to test and see if it fails properly for some cases but it seems like it should.
for example I have added an [insert] tag which allows me to to specify a url
that will be inserted into the post at the insert point through an AJAX request.
Needless to say it would be a BAD idea to allow users to access this tag. One could
start putting whole web pages all over the place all willynilly. So I wanted only admins to be
able to use this command.
Note this is not active on even my forums yet because im not sure this code even works...
along with the code mod you need to add a field to the phpbb_bbcode table
//Not copy and pasted so this sql may have an error or two
Code: Select all
ALTER TABLE phpbb_bbcode ADD COLUMN bbcode_grp INT NOT NULL DEFAULT -1 AFTER bbcode_id
Code: Select all
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
var $parsed_items = array();
/**
* Check BBCode group id for user membership
*/
function checkbb_grp( $bbcode_grp )
{
global $user, $db;
if( $bbcode_grp < 0 )
return TRUE; //all mask -1
$sql ="SELECT g.group_id FROM ".
SESSIONS_TABLE . " s, ".
USER_GROUP_TABLE . " g ".
"WHERE".
"s.session_id = \"$user->session_id\" AND
g.user_id = s.session_user_id AND
g.group_id = $bbcode_grp";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if( $row == FALSE || !isset($row['group_id']) )
return FALSE;
return TRUE;
}
/**
* Parse BBCode
*/
function parse_bbcode()
{<<<<<<<<<<<<<<<<<<<<<<<<<
>>>>>>>>>>>>>>>>>>>>>>>>>>>
foreach ($this->bbcodes as $bbcode_name => $bbcode_data)
{
if ((isset($bbcode_data['disabled']) && $bbcode_data['disabled'])||
(isset($bbcode_data['bbcode_grp']) && !$this->checkbb_grp($bbcode_data['bbcode_grp'])))
{
foreach ($bbcode_data['regexp'] as $regexp => $replacement)
{
if (preg_match($regexp, $this->message))
{
$this->warn_msg[] = sprintf($user->lang['UNAUTHORISED_BBCODE'] , '[' . $bbcode_name . ']');
continue;
}
}
}
<<<<<<<<<<<<<<<<<<<<<