1. Open topic.js
2. comment out the Tags function that starts on line 18

The disadvantage is it's (a) hacking the core and (b) disables javascript updating across the whole site (rather than just the 2-3 forums where I want to limit tags). I would really appreciate any insights from people who better understand javascript/jQuery as to how to conditionally load the function.

I added a simple php switch to handle this. The problem is, tag adding is handled by javascript / ajax, so users can keep adding tags and they'll never trip the switch until they refresh the page.

Is there any simple way to limit the number of tags in certain forums?

Basically bbPress doesn't run it's tag filter on post_text when the text is finally displayed, because it would be too slow.

Instead it only checks tags during saving time and filters then.

If an item is not a tag AT SAVE TIME it won't get checked.

That is how this is slipping through, because bbcode are not html tags.

I have a quick, dirty fix.

Basically anything that gets stuck INSIDE a tag ie. [HERE] = < HERE > is no longer allowed to contain spaces, single quote or double quote. Stuff [blah]HERE[/blah] = <blah>HERE</blah> is okay.

Preventing spaces alone, in theory, should be enough. Even url or entity encoding won't get properly parsed. It will simply display as plain text and then you can see who is posting what instead of hidden stuff.

The only good news is that this problem in theory should not allow admin cookies to be stolen since the last version of 0.9 and 1.x already use HttpOnly cookies which cannot be read by javascript.

The downside of the quick-fix is that secondary attributes are no longer possible until I come up with another way. Example of secondary would be alt or title etc.

Many thanks for reporting this Tom!

Working hard on a fix.

All BBcode-lite users should upgrade to 1.0.5 IMMEDIATELY

(regardless if you allow images or not)

http://bbpress.org/plugins/topic/bbcode-lite/

http://plugins-svn.bbpress.org/bbcode-lite/trunk/

I run through post-text so the bbpress parser never fires.

Fortunately img is disabled by default but I bet people turn it on.

Working on a fix.

$tags['img'] = array('src' => array(), 'title' => array(), 'alt' => array());

only src, title and alt attributes are allowed. Can you share a pastebin link with the exact rogue text?

[img]http://www.whatever.net/forums/bb-admin/images/blank.gi" style="display:none;" onerror="this.parentNode.parentNode.parentNode.parentNode.parentNode.innerHTML = this.parentNode.parentNode.parentNode.parentNode.parentNode.innerHTML.replace(/oldStuff|onerror/g,'newStuff'); [/img]

What are the patching instructions? Thanks.

http://i31.tinypic.com/2yl3dzd.png

Anyways, I'm wondering if there's some sort of plugin here that can do this? We have a lot of lurkers on the forum I moderate and I thought it would be nice to have something like this to encourage them to create an account and post.

If this is the wrong place to post this, I'm sorry, if a moderator can please move it to the appropriate area thanks.

Anyway, we'd need someone to actually take a look and submit those patches: I've already opened tickets about bbPress.org bugs in the past weeks but a lot of them are still there...

http://trac.bbpress.org/newticket

go to "component" and select "bbpress.org website"

feel free to still post them here but on TRAC is even better too

http://bbpress.org/forums/topic/all-member-names-anonymous-on-front-page-bbpressorg#post-70653

wysiwyg site:http://bbpress.org/plugins

I just noticed that download links at Download page should use a background image, but it cannot be found at the moment.

Full background attribute: url("images/button-grad.png") repeat-x scroll left top #333333

Wow, now background attribute is gone, so download links are nearly invisible... =P

I'm seeing him in Manchester in 3 weeks for the WordCamp, and was rather hoping my first sentance would be "thanks so much for the help" and not have him see a middle aged man crying the whole way through the weekend.

He didn't disappoint.

http://backpress.automattic.com/ticket/18 (the blocker for 1.0.3) and http://backpress.automattic.com/ticket/25 (the annoying -> bug) have both been fixed and closed.

If you're listening BackPress team, first drinks on me!

Thanks
Kev

http://backpress.automattic.com/ticket/18

All links to plugins from the plugin browser link to: http://bbpress.org/plugins/topic/#post-

Can be seen/reproduced here: http://bbpress.org/plugins/search.php?q=test

http://bbpress.org/forums/topic/whoa/page/5#post-70519

Full background attribute: url("images/button-grad.png") repeat-x scroll left top #333333