[MMO] Hide Bb-Code Content System 2.2.7

Change log

Min version Core Lib 2.2.5
Delete option: "The hide tag will work as a reply tag" added in 2.2.0
Add new option to match the tag of a hide with another
Hide tag completely redesigned. Now if the user specifies an option for the tag that starts and ends with (). For example [HIDE=(option)], will now handle conditions. If the user has not specified options and the tag does not match other tags, then it will work as before for output to registered users.
Tag [HIDE] is used for hidden content. If [HIDE=(condition)] is specified, the condition will be applied to the hidden content. Note: After the = sign, you must enclose the conditions in parentheses to indicate the start and end of condition processing. Inside, you can use any condition grouping.
Allowed expressions (tags):
  • posts: Number of user posts.
  • likes: User reaction count.
  • reactions: User reaction count (same as likes).
  • trophies: Number of user trophies.
  • days: Number of days since user registration.
  • isMemberOf(id): User group, for multiple groups you can use comma-separated values.
  • username: User's username.
  • user_id: User's identifier.
  • user_state: User's state.
  • is_staff: Flag indicating whether the user is a staff member.
  • is_admin: Flag indicating whether the user is an administrator.
  • is_moderator: Flag indicating whether the user is a moderator.
Allowed operators:
  • Arithmetic operators:
    Arithmetic operators are used for performing mathematical calculations:
    • +
    • -
    • *
    • /
    • % (modulus)
    • ** (exponentiation)
  • Comparison operators:
    Comparison operators are used for comparing values and returning a boolean result:
    • == (equal to)
    • === (strictly equal to)
    • != (not equal to)
    • !== (strictly not equal to)
    • < (less than)
    • > (greater than)
    • <= (less than or equal to)
    • >= (greater than or equal to)
  • Logical operators:
    Logical operators are used for performing logical operations and returning a boolean result:
    • and or && (logical AND)
    • or or || (logical OR)
    • not or ! (logical NOT)
  • Bitwise operators:
    Bitwise operators are performed on binary representations of numbers:
    • & (bitwise AND)
    • | (bitwise OR)
    • ^ (bitwise XOR)
  • String operators:
    The ~ operator is used for string concatenation:
    • ~ (string concatenation)
  • Array operators:
    Array operators are used for checking element membership in an array:
    • in (element present in array)
    • not in (element not present in array)
  • Numeric operators:
    The .. operator is used to create a range of numbers:
    • .. (number range)
  • Ternary operator:
    The ?: operator is used to perform conditional operations in a single line:
    • ?: (ternary operator)
Security and how safe is the use of such a wide range? Yes, it is completely safe, and for expression interpretation, the addon does not use eval.
This is important from a security perspective because the use of eval() can pose a risk, especially if the input data is not properly validated. The eval() function allows for the execution of arbitrary code, including potentially dangerous operations, and can be used for injecting malicious code or performing unwanted operations.
So how does it work then if eval() is not used?
When an expression is passed, it is first parsed into tokens such as identifiers, operators, numbers, and strings. Then, the expression is analyzed using grammar and syntax rules.
The analyzer constructs a syntax tree (AST) that represents the structure of the expression.
After the AST is built, the expression is interpreted by traversing the AST and executing the corresponding operations and functions defined in the context.
This approach, based on parsing and interpreting expressions using a context, provides safe execution of expressions as it does not require the use of the eval() function and allows for control over available operations and functions, minimizing potential vulnerabilities.

Release notes

Min version Core Lib 2.2.5
Delete option: "The hide tag will work as a reply tag" added in 2.2.0
Add new option to match the tag of a hide with another
Hide tag completely redesigned. Now if the user specifies an option for the tag that starts and ends with (). For example [HIDE=(option)], will now handle conditions. If the user has not specified options and the tag does not match other tags, then it will work as before for output to registered users.
Tag [HIDE] is used for hidden content. If [HIDE=(condition)] is specified, the condition will be applied to the hidden content. Note: After the = sign, you must enclose the conditions in parentheses to indicate the start and end of condition processing. Inside, you can use any condition grouping.
Allowed expressions (tags):
  • posts: Number of user posts.
  • likes: User reaction count.
  • reactions: User reaction count (same as likes).
  • trophies: Number of user trophies.
  • days: Number of days since user registration.
  • isMemberOf(id): User group, for multiple groups you can use comma-separated values.
  • username: User's username.
  • user_id: User's identifier.
  • user_state: User's state.
  • is_staff: Flag indicating whether the user is a staff member.
  • is_admin: Flag indicating whether the user is an administrator.
  • is_moderator: Flag indicating whether the user is a moderator.
Allowed operators:
  • Arithmetic operators:
    Arithmetic operators are used for performing mathematical calculations:
    • +
    • -
    • *
    • /
    • % (modulus)
    • ** (exponentiation)
  • Comparison operators:
    Comparison operators are used for comparing values and returning a boolean result:
    • == (equal to)
    • === (strictly equal to)
    • != (not equal to)
    • !== (strictly not equal to)
    • < (less than)
    • > (greater than)
    • <= (less than or equal to)
    • >= (greater than or equal to)
  • Logical operators:
    Logical operators are used for performing logical operations and returning a boolean result:
    • and or && (logical AND)
    • or or || (logical OR)
    • not or ! (logical NOT)
  • Bitwise operators:
    Bitwise operators are performed on binary representations of numbers:
    • & (bitwise AND)
    • | (bitwise OR)
    • ^ (bitwise XOR)
  • String operators:
    The ~ operator is used for string concatenation:
    • ~ (string concatenation)
  • Array operators:
    Array operators are used for checking element membership in an array:
    • in (element present in array)
    • not in (element not present in array)
  • Numeric operators:
    The .. operator is used to create a range of numbers:
    • .. (number range)
  • Ternary operator:
    The ?: operator is used to perform conditional operations in a single line:
    • ?: (ternary operator)
Security and how safe is the use of such a wide range? Yes, it is completely safe, and for expression interpretation, the addon does not use eval.
This is important from a security perspective because the use of eval() can pose a risk, especially if the input data is not properly validated. The eval() function allows for the execution of arbitrary code, including potentially dangerous operations, and can be used for injecting malicious code or performing unwanted operations.
So how does it work then if eval() is not used?
When an expression is passed, it is first parsed into tokens such as identifiers, operators, numbers, and strings. Then, the expression is analyzed using grammar and syntax rules.
The analyzer constructs a syntax tree (AST) that represents the structure of the expression.
After the AST is built, the expression is interpreted by traversing the AST and executing the corresponding operations and functions defined in the context.
This approach, based on parsing and interpreting expressions using a context, provides safe execution of expressions as it does not require the use of the eval() function and allows for control over available operations and functions, minimizing potential vulnerabilities.
  • Like
Reactions: Fred1
Back
Top