Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - CerealGuy
46
Plugins / [Plugin] Re: HideMod
« on January 22nd, 2017, 12:05 PM »
Quote from CerealGuy on February 8th, 2014, 02:36 PM
Im using the display_post_done hook to replace the hide(-reply) stuff and check if user is allowed to do so. But perhaps the bbcode stuff in plugin-info.xml is bether?
Quite an old one, but I finally found a solution for this and wanna share it with you.
The Problem with my first approach was that i used regexes to figure out where my
bbc tags for hide & hide-reply where. So I didn't drop in the normal bbc parsing wedge
does and did it just after everything was already parsed. This is a thing which definetly
can be done, but it has many downsides. For example you have to handle every "special"
cases the wedge bbc parser handles already again. Like bbc tags inside a code tag etc.
And you have to make sure that your regex really works in every case :lol:
All in all it would be better to just inject it somehow in the normal bbc parsing process.
And it's possible, even when you want to do more complex stuff like in this plugin.
The key to glory is the validate-func which allows us to inject php code in the normal bbc
parsing process. Because the most bbc tags only add some html before or after and don't
care about who's viewing this post (we do, because we want to determine if the current user
is allowed to watch the content in the hide tag or not).
I guess the purpose of the validate-func was to validate anything related to the tag in more
complex use cases. Eg. validating complex urls or stuff like that. But we can also modify the
part of the message containing the bbc tag, and that's what we want to do.
All you need to do is adding a php file to your plugin with a function which gets called by the
validate-func eval block. And you need to add the bbcodes to your plugin-info.xml:
Code: [Select]
  <bbcodes>
    <bbcode tag="hide" type="unparsed_content" block-level="no">
      <content>HIDDEN CONTENT: Like to see</content>
      <validate-func>loadPluginSource('CerealGuy:HideModv2', 'src/Hide'); validate_hide_bbc($tag, $data, $disabled);</validate-func>
    </bbcode>
    <bbcode tag="hide-reply" type="unparsed_content" block-level="no">
      <content>HIDDEN CONTENT: Reply to see</content>
      <validate-func>loadPluginSource('CerealGuy:HideModv2', 'src/Hide'); validate_hide_reply_bbc($tag, $data, $disabled);</validate-func>
    </bbcode>
As you see, i call plugin function named "validate_hide_bcc" (or "validate_hide_reply_bbc") with three arguments.
If you catch them in your function header as referenced variables, you are free to modify all values of them. Play around with them, you will understand what's where easily.
Sounds straight forward, but there was still a hurdle to clear. The Problem was that I didn't know of which type my bbc tags have to be. With some types just nothing happend, with some others it got parsed at some times and sometimes not. Don't ask me why, i didn't understand the differences and purposes of those types. Maybe someone knows this stuff @Nao? :whistle:.
Anyways finally i found the right one, "unparsed_content".
This was a small background report about stuff which took me quite some time to figure out. Maybe it helps somebody.

Tl;dr: If you want to do more complex stuff with bbc tags, add them via plugin-info.xml and use the validate-func to inject your own code. Setting the type of your custom bbc tags to "unparsed_content" did work for me best, other types didn't work out that good.
47
The Pub / Re: Wedge&PHP 7
« on January 20th, 2017, 08:22 PM »
No idea about the Problem, but fixing the queries sounds better. Does wedge get incompatible to old mysql versions with those new queries?
48
Archived fixes / [CSS] Re: .postheader and previous/next post title looking bad
« on January 17th, 2017, 12:45 AM »
It's not a bug, it's a feature :lol:

Still it looks for me a bit... weird.

Mobile with "fix"


Mobile without


I get what you mean, on mobile the default one looks ways better. How about join together both worlds?

Otherwise this is stuff for custom skins :whistle:

What I don't like about this, is the inconsisty. When the topic names of prev and next are similiar long, it kinda looks like my fix. Some other times it's aligned to top and bottom. It sometimes looks broken. For example on the next topic, it looks a bit like with my fix ^^

PS: This thing bugged me out very early, it's the reason why i disabled this thing completely. The only reason I stumbled across this once again was some bug with topic length. You can't set how long topic names can be in the moment, and it's done a bit weird. Have to dig around this Mange Stuff and add it as a new setting i think. Not the right stuff for a plugin :lol:
49
Archived fixes / [CSS] .postheader and previous/next post title looking bad
« on January 16th, 2017, 03:01 PM »
There are some problems with .postheader and the .prevnext_prev/.prevnext_next css clasess.
- .postheader does align the items in center but strecht is better because otherwise items don't
vertically aligned on the same level.
- #top_subject has no fixed weight. Set to 60% (prev's have 20%)
- All the elements should have an word-wrap: break-word.

Fix:
Code: (section.css) [Select]
// Topic title and Quick access
.posthead
width: 100%
padding: 8px
border-radius: 12px
background: rgba(0,0,0, .015)
box-sizing: border-box
@if ie[-7]
div mixes .inline-block
@elseif $can_flex
display: flex
align-items: stretch
> div
flex: 1 1 auto
@else
display: table
> div
display: table-cell
vertical-align: middle
@endif

#top_subject
padding: 4px 8px
font: 100 1.6em/1.2em $head_font
text-align: center
color: gray
letter-spacing: -1px
width: 60%

#top_subject, .prevnext_prev
word-wrap: break-word;

// Previous/next topic links inside .posthead
.prevnext_prev
font: 400 1em/1.3em $main_font
text-align: left
width: 20%
a
color: $reddish

.prevnext_next extends .prevnext_prev
text-align: right

Pictures:
before:

after:


PR: https://github.com/Wedge/wedge/pull/49

EDIT: You can watch this bug right in this topic :lol:
50
Archived fixes / [CSS] Re: Login looking bad on small screens
« on January 16th, 2017, 01:23 PM »
Fixable without changing any html.
Code: (section.css) [Select]
@if guest
.login
margin: auto
dl
overflow: none
clear: right !important
dt, dd
margin: 0 0 .4em
width: 44% !important
padding: .1em
dt
float: left
clear: both !important
text-align: right
font-weight: 700
dd
width: 54% !important
float: right
text-align: left
padding-left: 0px !important
clear: none !important
p
text-align: center
input
max-width: 100%

@media (max-width: 450px)
.login
dt, dd
float, text-align: left
width: 100% !important

This stuff caused problems:
Code: (section.css) [Select]
// Even smaller? A smartphone, maybe..?
@media all and (max-width: 600px)
body #wedge // Precedence killjoy.
overflow: hidden

dt, dd
clear: both
width: 100%
dd
padding-left: 12px
On small screens (<= 600px) dt, dd got modified.
 Clear got set to both, width to 100%, padding-left: 12px got added to dd.
Nothing we want on .login dd or .login dt. Therefore added !important flags
that those rules don't get overwritten. Also i removed an overflow, those
added scrollbars look really bad and aren't needed. Everything's on screen.
And input rules for max-width :100% didn't get set for the password input.
Now setting it for all inputs.
Besides that, on very small screens (<= 450px) we now do line breaks
between dt and dd. Looks better.

Small Screen (screen width: 630px)

Very small screen (screen width: 353px)


PR: https://github.com/Wedge/wedge/pull/48
51
Plugins / [Plugin] Advanced Home Topics
« on January 15th, 2017, 02:06 PM »
Advanced Home Topics

A plugin for wedge giving you more control over the topics block you can add to you Homepage->Custom Content.
Features:
  - Multiple working `topics` blocks
  - Change title of each `topics` block
  - Limit include boards
  - Limit exclude boards
  - Modify steps in which n increases
 
Can you give me an Example?
Sure, look here:


How to install?

Drop the `advanced-home-topics` folder which you can find in this repository in to your `<wedge_install>/plugins` folder and activate it over your Admin Control Panel.

How to configure?

1. Go to `Admin->Configuration->General Options->Homepage`
2. Modify `Custom Contents`
3. Add something like `topics:1|Some Special Posts|3;4||false|1;2;3;4;5;6;7`
4. Format looks like this `topics:<num posts to show by default>|<custom name, empty for default>|<include these boards, empty for all, divide with ;>|<exclude these boards, empty for none, divide with ;>|<set to true if you want to hide Boards>|<steps in which we shall increase. By default 5;10;20;50;100. Divide with ;>`

Where to find?
https://github.com/C3realGuy/AdvancedHomeTopics
52
Archived fixes / [LOW-SQLi] Possible SQL injection on ssi_recentTopics
« on January 14th, 2017, 12:31 PM »
ssi_recentTopics() is not filtering the $num_recent argument correctly.
Code: [Select]
// Find all the posts in distinct topics. Newer ones will have higher IDs.
$request = wesql::query('
SELECT
t.id_topic, b.id_board, b.name AS board_name, b.url
FROM {db_prefix}topics AS t
INNER JOIN {db_prefix}messages AS ml ON (ml.id_msg = t.id_last_msg)
LEFT JOIN {db_prefix}boards AS b ON (b.id_board = t.id_board)
WHERE {query_see_topic}
AND t.id_last_msg >= {int:min_message_id}' . (empty($exclude_boards) ? '' : '
AND b.id_board NOT IN ({array_int:exclude_boards})') . '' . (empty($include_boards) ? '' : '
AND b.id_board IN ({array_int:include_boards})') . '
AND {query_wanna_see_board}' . (empty(we::$user['can_skip_approval']) ? '
AND ml.approved = {int:is_approved}' : '') . '
ORDER BY t.id_last_msg DESC
LIMIT ' . $num_recent,
array(
'include_boards' => empty($include_boards) ? '' : $include_boards,
'exclude_boards' => empty($exclude_boards) ? '' : $exclude_boards,
'min_message_id' => $settings['maxMsgID'] - 35 * $num_recent,
'is_approved' => 1,
)
);

The dangerous part: 'LIMIT ' . $num_recent,'
You can exploit it through custom homepage contents over acp. (Adding something like 'topics:10 UNION SELECT...'). But you need permissions to acp. And even if you have them, the anti hacking protection of wedge looks quite nice. No multiple statemants, it detects weird behaviour couldn't really exploit it besides an more or less useless blind sqli which just worked once :lol:.
But still, better fix it.

How to fix:
Code: [Select]

// Find all the posts in distinct topics. Newer ones will have higher IDs.
$request = wesql::query('
SELECT
t.id_topic, b.id_board, b.name AS board_name, b.url
FROM {db_prefix}topics AS t
INNER JOIN {db_prefix}messages AS ml ON (ml.id_msg = t.id_last_msg)
LEFT JOIN {db_prefix}boards AS b ON (b.id_board = t.id_board)
WHERE {query_see_topic}
AND t.id_last_msg >= {int:min_message_id}' . (empty($exclude_boards) ? '' : '
AND b.id_board NOT IN ({array_int:exclude_boards})') . '' . (empty($include_boards) ? '' : '
AND b.id_board IN ({array_int:include_boards})') . '
AND {query_wanna_see_board}' . (empty(we::$user['can_skip_approval']) ? '
AND ml.approved = {int:is_approved}' : '') . '
ORDER BY t.id_last_msg DESC
LIMIT {int:num_recent}',
array(
'num_recent' => $num_recent,
'include_boards' => empty($include_boards) ? '' : $include_boards,
'exclude_boards' => empty($exclude_boards) ? '' : $exclude_boards,
'min_message_id' => $settings['maxMsgID'] - 35 * $num_recent,
'is_approved' => 1,
)
);

PR: https://github.com/Wedge/wedge/pull/43

Many limit arguments don't get passed parameterized in SSI.php. We should change that.

EDIT1: WTF. This is nearly the same in the SMF codebase. Do I miss something or is this just really bad practice? I mean, i don't know if they have a hacking protection like wedge, but if they don't...
Besides that it looks like they fixed it sometimes and sometimes not :whistle:
https://github.com/SimpleMachines/SMF2.1/blob/release-2.1/SSI.php#L518

EDIT2: Fixed other limits too. https://github.com/Wedge/wedge/pull/44
53
Code: (diff) [Select]
-$txt['mark_read_short'] = 'Ale Themen als gelesen markieren';
 +$txt['mark_read_short'] = 'Alle Themen als gelesen markieren';

https://github.com/Wedge/languages/pull/30
54
Support / Re: Profile Picture
« on January 3rd, 2017, 12:08 PM »
Make sure that you set the correct permissions for the various folders. Seems like wedge cannot write to the attachements folder.
55
Archived fixes / [CSS] Login looking bad on small screens
« on December 19th, 2016, 06:33 PM »


Idea is to do something like this, but would need CSS3.
https://jsfiddle.net/1dqm3rgt/ (zoom in/out to see the difference)
56
Archived fixes / Re: 'ViewRemote' not found or invalid function name
« on December 19th, 2016, 04:36 PM »
Still getting it, but low priority i guess. Nothing looks broken, just this odd error.
57
Archived fixes / [CSS] Quote not aligning left in center block
« on December 19th, 2016, 04:28 PM »
Bug:
When centering a quote block, the header text and icon get's centered too. Should be still left aligned.
Because of that the icon is also behind the text.

Example:
foo
Quote from bar
lorem ipsum

Fix:
Forcing text-align: left for bbc_quote->header
Code: [Select]
.bbc_quote>header {
    padding: 2px 2px 2px 24px;
    text-align: left;
}

PR: https://github.com/Wedge/wedge/pull/47
58
Plugin Support / Re: How to install Plugins.
« on December 6th, 2016, 01:23 PM »
You have to copy the mentions folder to your <wedgeinstall>/plugins and activate it in your Admin control panel.
59
The Pub / Re: How I miss the freedom of coding the easy way...
« on November 27th, 2016, 12:55 AM »
I like it, but $txt stuff should still work in the beginning.
How do you wan't to call the function?
Code: [Select]
we:txt('This is some example txt', 'test_example')

And how do you want to do the translation stuff?
Again some
Code: [Select]
$txt['test_example'] = 'Das ist ein beispiel txt';
?
60
The Pub / Re: How I miss the freedom of coding the easy way...
« on November 19th, 2016, 10:59 AM »
It's never too late. Write a fancy script replacing all $txt['stuff'] with the proper translation and let's go. I think for wedge it would be always easy to change core stuff, just because there are not many plugins which relay on those thing. And even if so like in this case, it's just some handful plugins which shouldn't be too hard to update. I like the idea and i hate it to always have to load some language stuff. Plus, the translation system is shit if there's no translation available. Wedge (and i'm sure it's the same with smf) don't fall back to the default translation if there's a translation missing. Better approach would be to log an errror about a missing translation and show the default message.

I really like the possibility to do those in-same-file templates. Should be same with language and everything else. Best to hack something together and it's easier to learn for new plugin developers.