Forum Replies Created
-
In reply to: Same forum using http and https
Did some digging, here’s why that happens:
Someone (ahem, Sam?) hard coded the url for
bb-adminand worse than that, they did it as a relative url, instead of full url, so my little plugin can’t detect the page is in https mode.example:
$uri = bb_get_uri('bb-admin/delete-post.php'right there, wow, hardcoding, after all that nonsense with even more CONSTANTS for all those silly paths.
So, what we need is to detect when bb-admin is being requested and convert it back out of the relative url into a full url.
In reply to: Same forum using http and httpsAh those controls (Sticky, delete topic, lock and unlock) are done javascript (ajax) in 1.1 so there is probably yet another url that has to be “adjusted” and hopefully not hard coded.
In reply to: Post Count (5 posts +1 more)“+1 more” means you are admin and can see the deleted/spammed posts in that topic if you click it.
In reply to: How to remove backticks option from acting asDirectly changing the core is really not a good idea unless you are using SVN updates and know what you are doing.
Otherwise you’ll get out of date for security updates.
In reply to: Removing "proudly powered by"In reply to: Security ConcernI’d venture a guess that 99% of the WP security violations over the years have not been via login hacks. There are plenty of other ways to get in.
They don’t even bother to protect the file that contains the MySQL password in plain text!
In reply to: Security ConcernIt’s a point of attack.
The idea of hiding the user id or user login for admin is an old security suggestion that is still around.
Because like wordpress there is no limit of password attempts, someone can do a dictionary attack against the user name or knowing the id they can try to find holes in the API.
So by hiding it, it’s just a little harder.
IMHO this would be not worth the effort and break too many things.
In reply to: Security ConcernAh you mean you want to work under the display name in 1.x
The problem is the user functions in bbpress work with user login or the user id.
Security via obscurity never works for long.
But you’re probably working under user id # 1 which is also a potential security issue as it gives hackers a target.
In reply to: How to remove backticks option from acting asIf you want the code tag to keep working but disable backticks, you’ll have to make a filter that encodes them into a html entity
(`)before it gets to bbpress’s filters.In reply to: Security ConcernI think they mean where the admin is hidden on a system so the account is not a target to get hacked.
On each post, bbpress shows your level.
You can just create a different account to post with and another to administrate.
In reply to: Same forum using http and httpsHmm, we should try to make it also work for bb-admin in case you have to administrate remotely, like over a wifi network.
Can you tell me more specifically how it fails on admin?
In reply to: Whoa! (bbPress.org 2.0 is live)The plugins section needs a little love, not just the backtick problem but all of the “more” pages are not using the same template for some reason (the formatting is different).
It would be nice if those “more” pages also had the download count if that’s in the topic meta (can’t remember what Sam told me, I think they are tracked by day, but there also might be an easy summary right in the meta so the template could show
echo $topic->downloadsor something like that rather easily.Oh and tags are not being imported on new plugins into the system.
I guess most of these problems were from the plugin section previously using a semi-custom version of 0.9 and then they replaced it with 1.0 at stock settings.
In reply to: Show bbPress tag cloud/hot tags in WordPressThere’s a much better way.
My “Hot Tags Plus” plugin makes the output into a static file, already compiled so there’s zero overhead the next time you want to display it.
You can then just use php’s
readfileto include it on any page you want outside of (or even inside) bbPress, you just have to figure out the full path to it on the server.In reply to: new _ck_ plugins for 2010, coming soon…Blocklist is now available:
https://bbpress.org/plugins/topic/blocklist/
bbPress 1.x feedback appreciated as it’s not been strongly tested on it and making the UI compatible with both versions was a little tricky.
In reply to: Where to get the theme of "bbpress.org" for v1.0.1?Sorry about that Trent, I had only posted the theme as you left it.
I’ve now updated it with your newer copy so you don’t get hit with the hotlink.
In reply to: bbpress themeOh I can fix that Trent, sorry I just posted it as it was.
In reply to: Same forum using http and https@zaerl, yeah fortunately I had the code posted in an old post, but I guess I could have used a pastebin or direct download.
In reply to: Same forum using http and httpsI have an HTTPS trick around here somewhere, trying to find it.
ah here it was:
https://bbpress.org/forums/topic/https-with-bbpress-login#post-23667
In reply to: BUG: bbPress 0.9 download not workingThis has to be a communications hickup to the SVN because I occasionally have the same problem downloading the plugins.
Next time it happens, try copying the link and putting a random query after it, ie. https://bbpress.org/legacy.tar.gz?12345 and see if that makes a difference (or not).
In reply to: Whoa! (bbPress.org 2.0 is live)I like this quote on the about page
WordPress and bbPress are siblings, and they get along together a lot better than you and your brother did when you were kids!
I always thought of bbPress as WordPress’s kid sister.
However the alignment of the about page is wonky because of the background image on Customizable Templates.
In reply to: Whoa! (bbPress.org 2.0 is live)Neither is “add your plugin”
It’s also missing the tag cloud.
Hopefully they will test and fixup the plugin section soon!
In reply to: Preferred development tools?Ha, I can’t even get used to Notepad++
Original notepad all the way!
(unfortunately the poor formatting in all my plugins demonstrates that too)
In reply to: the rise of pay-only bbPress themesGreat to see progress there!
Are you back contributing to bbPress? As volunteer or back with Automattic?
With the recount, the sad part is, similar issues exist elsewhere in bbPress.
For example the Bozo plugin attempts to do it’s own recount by first sucking in the entire user id table and then processing them one query at the time. Good luck with that on a large forum! At least the bozo plugin is external now however.
I figured out a workaround for the hyperactive bozo feature by disabling it’s tie to akismet with it’s too many false positives.
instead of checking post status which is not trustworthy
if ( 1 < $bb_post->post_status )(around line 195)directly check if the user is a bozo for this topic (or a bozo overall)
if (bb_current_user_is_bozo( $bb_post->topic_id ) )This prevents akismet from automatically making users into bozos by it’s setting status=2. Instead a user has to be manually set as a bozo for a topic or overall.
Makes the bozo plugin actually useful as akismet’s reliability (radically) decreases.
But since bozo alters queries and prevents them from properly using indexes it’s not a good idea on larger forums anyway.
In reply to: the rise of pay-only bbPress themesWow, Hi Sam ! Nice to see you here!
You pretty much said what I meant, but to try to make it in plain english, what I am saying is if you start with a GPL theme, you have to disclose your source, *forever*.
No-one should expect to start with a GPL theme, modify it, and not give out the source if they distribute it further, it’s against the terms.
@ryanhellyer, I did not say/mean you can’t make your own themes GPL licensed and sell them.
In reply to: Plugin Request: bbP ExportIt was developed when 1.0 alpha was out so it may support it, I dunno.
Details went away when Sam did unfortunately.
But someone could finish it.
