Easy MyCodes
Author Message
If you take a look around, for example, the MyCodes forum at MyBB community, you'll probably notice a number of MyCodes posted there using the "(.*?)" expression. (note, previous statement is true at time of writing)

This particular expression allows almost any input to be placed by the user, which can be dangerous in certain circumstances by potentially allowing various injections.  This is perhaps due to the fact that many such "MyCode developers" really don't know how to properly use regular expressions.

This plugin aims to make it easier for administrators to write properly sanitised MyCodes which aren't vulnerable to such injections.  Instead of writing custom MyCodes in regular expression form, you just enter what you want and place appropriate tokens in the expression.
Furthermore, you can actually still use regular expressions in custom MyCodes, so no functionality is actually lost using this plugin (regular expressions need to be escaped however; more information is supplied in the AdminCP when adding/editing MyCodes).



To demonstrate an example of an injection, this is what an innocent looking MyCode for allowing custom background colours, might look like:
Expression: \[bg=(.*?)\](.*?)\[/bg\]
Replacement: <span style="background-color: $1;">$2</span>

Perhaps it looks okay, until a user enters something like this in their post:

Code:
[bg=red; display: block; position: absolute; top: 0; left: 0; width: 100%; height: 1000%; font-size: 144pt]hahahahahaha[/bg]


Using Easy MyCodes, the admin would use the following instead:
Expression: [bg={COLOR}]{ANYTHING}[/bg]
Replacement: <span style="background-color: $1;">$2</span>
And prevent the injection at the same time.

(This post was last modified: 11-24-2014 10:45 PM by ZiNgA BuRgA.)
Find all posts by this user
Quote this message in a reply
Download: easymycode.php (6.01 KB)
Plugin Version: 1.2
Last Updated: 11-24-2014, 10:45 PM

Downloads: 970
MyBB Compatibility: 1.4.x, 1.6.x, 1.8.x
Plugin License: WTFPLv2
Uploader: ZiNgA BuRgA
XPMai Offline
Junior Member
**
Posts: 8
Joined: May 2015
Post: #21
RE: Easy MyCodes
MyBB v1.8 no longer vulnerable right?
06-07-2015 10:20 PM
Find all posts by this user Quote this message in a reply
ZiNgA BuRgA Offline
Fag
*******
Posts: 3,338
Joined: Jan 2008
Post: #22
RE: Easy MyCodes
???

You mean the above demonstration?  I don't believe anything's changed in MyBB 1.8 to address that, but feel free to test it yourself.

My Blog
06-11-2015 07:01 PM
Find all posts by this user Quote this message in a reply
terzier Offline
Member
***
Posts: 90
Joined: Feb 2012
Post: #23
RE: Easy MyCodes
@Yumi.
please check my code, here Yipi

Un-Official MyBB from Indonesia| Facebook Page|Twitter
GARUDA DIDADA KU
06-25-2015 01:17 AM
Visit this user's website Find all posts by this user Quote this message in a reply
aolko Offline
Junior Member
**
Posts: 4
Joined: Oct 2015
Post: #24
RE: Easy MyCodes
Hi there, how do i make optional/default parameters?
like

Code:
[mycode (optional=123)]123[/mycode]
result: 123
[mycode]456[/mycode]
this one will match
<span style="border 1px solid {{$1|#default}}">456</span>


also for some reason mycodes wont work in posts
[Image: EHRuUeX.png]
but do work in usercp
[Image: R4ak0mX.png]


well, this post is being ignored, huh.
(This post was last modified: 10-12-2015 11:34 PM by aolko.)
10-12-2015 06:55 PM
Find all posts by this user Quote this message in a reply
aolko Offline
Junior Member
**
Posts: 4
Joined: Oct 2015
Post: #25
RE: Easy MyCodes
anyone?
10-13-2015 02:02 AM
Find all posts by this user Quote this message in a reply
RateU Offline
Administrator
*******
Posts: 2,327
Joined: Mar 2010
Post: #26
RE: Easy MyCodes
I think we are not allowed using conditional statement.

10-13-2015 04:41 AM
Find all posts by this user Quote this message in a reply
aolko Offline
Junior Member
**
Posts: 4
Joined: Oct 2015
Post: #27
RE: Easy MyCodes
(10-13-2015 04:41 AM)RateU Wrote:  I think we are not allowed using conditional statement.

wait, why?
(This post was last modified: 10-13-2015 08:06 AM by aolko.)
10-13-2015 06:03 AM
Find all posts by this user Quote this message in a reply
aolko Offline
Junior Member
**
Posts: 4
Joined: Oct 2015
Post: #28
RE: Easy MyCodes
ugh, no answer yet, just tell me how to make optional parameters Erf
10-14-2015 05:28 AM
Find all posts by this user Quote this message in a reply
ZiNgA BuRgA Offline
Fag
*******
Posts: 3,338
Joined: Jan 2008
Post: #29
RE: Easy MyCodes
MyCodes never supported conditionals, and this plugin doesn't change that.
Just make two copies of the MyCode - one with the parameter, and one without.

As for signatures not working, perhaps check other plugins?  Does it work on a clean install of MyBB?

My Blog
10-29-2015 11:22 AM
Find all posts by this user Quote this message in a reply
xensor Offline
Junior Member
**
Posts: 22
Joined: Jan 2014
Post: #30
RE: Easy MyCodes
I have noticed on 1.8 the mycodes do not work on posts.

for some reason they get unprocessed and are entered right.

it works when I put this plug-in into inactive. Something with this plug-in doesn't work.

Code:
[box={ANYTHING}]{ANYTHING}[/box]


it does nothing.

(This post was last modified: 03-05-2017 11:40 AM by xensor.)
03-05-2017 11:36 AM
Find all posts by this user Quote this message in a reply


Forum Jump: