These are the changes between 1.0.2 and 1.0.3
https://trac.bbpress.org/changeset/2958/tags/1.0.3?old=2339&old_path=%2Ftags%2F1.0.2
unfortunately the mime property was modified on files that were otherwise unchanged, so the file list looks huge, but most of them are unaffected.
also /jquery/interface.js was added in 1.0.3 but for some wrong reason they are using the packed version which is slower because it has to be unpacked on every page load, it should be the minified only version without packing and just let gzip do the compression work between the server and the browser
I’ve edited down the list and removed the property-only changes
Files changed between bbPress 1.0.2 and 1.0.3
bb-templates/kakumei/style.css (1 diff)
bb-templates/kakumei/favorites.php (1 diff)
bb-templates/kakumei/view.php (2 diffs)
bb-templates/kakumei/forum.php (2 diffs)
bb-templates/kakumei/tag-single.php (1 diff)
bb-templates/kakumei/front-page.php (2 diffs)
bb-templates/kakumei/post-form.php (2 diffs)
bb-templates/kakumei-blue/style.css (1 diff)
bb-includes/functions.bb-users.php (3 diffs)
bb-includes/functions.bb-pluggable.php (3 diffs)
bb-includes/class.bp-options.php (1 diff)
bb-includes/functions.bb-posts.php (1 diff)
bb-includes/functions.bb-template.php (4 diffs)
bb-includes/functions.bb-meta.php (1 diff)
bb-includes/functions.bb-core.php (3 diffs)
bb-includes/functions.bb-deprecated.php (1 diff)
bb-cron.php (3 diffs)
bb-login.php (3 diffs)
rss.php (1 diff)
bb-admin/tools-recount.php (2 diffs)
bb-admin/includes/class.bb-install.php (1 diff)
bb-admin/includes/functions.bb-upgrade.php (3 diffs)
bb-admin/includes/functions.bb-admin.php (4 diffs)
bb-admin/includes/defaults.bb-schema.php (2 diffs)
bb-admin/includes/functions.bb-recount.php (added)
bb-admin/admin.php (2 diffs)
bb-admin/admin-base.php (1 diff)
bb-admin/index.php (2 diffs)
There may be additional backPress changes which are beyond my desire to track/list.
These are the changes between 1.0.2 and 1.0.3
https://trac.bbpress.org/changeset/2958/tags/1.0.3?old=2339&old_path=%2Ftags%2F1.0.2
unfortunately the mime property was modified on files that were otherwise unchanged, so the file list looks huge, but most of them are unaffected.
also /jquery/interface.js was added in 1.0.3 but for some wrong reason they are using the packed version which is slower because it has to be unpacked on every page load, it should be the minified only version without packing and just let gzip do the compression work between the server and the browser
I’ve edited down the list and removed the property-only changes
Files changed between bbPress 1.0.2 and 1.0.3
bb-templates/kakumei/style.css (1 diff)
bb-templates/kakumei/favorites.php (1 diff)
bb-templates/kakumei/view.php (2 diffs)
bb-templates/kakumei/forum.php (2 diffs)
bb-templates/kakumei/tag-single.php (1 diff)
bb-templates/kakumei/front-page.php (2 diffs)
bb-templates/kakumei/post-form.php (2 diffs)
bb-templates/kakumei-blue/style.css (1 diff)
bb-includes/functions.bb-users.php (3 diffs)
bb-includes/functions.bb-pluggable.php (3 diffs)
bb-includes/class.bp-options.php (1 diff)
bb-includes/functions.bb-posts.php (1 diff)
bb-includes/functions.bb-template.php (4 diffs)
bb-includes/functions.bb-meta.php (1 diff)
bb-includes/functions.bb-core.php (3 diffs)
bb-includes/functions.bb-deprecated.php (1 diff)
bb-cron.php (3 diffs)
bb-login.php (3 diffs)
rss.php (1 diff)
bb-admin/tools-recount.php (2 diffs)
bb-admin/includes/class.bb-install.php (1 diff)
bb-admin/includes/functions.bb-upgrade.php (3 diffs)
bb-admin/includes/functions.bb-admin.php (4 diffs)
bb-admin/includes/defaults.bb-schema.php (2 diffs)
bb-admin/includes/functions.bb-recount.php (added)
bb-admin/admin.php (2 diffs)
bb-admin/admin-base.php (1 diff)
bb-admin/index.php (2 diffs)
There may be additional backPress changes which are beyond my desire to track/list.
bbPress 0.9 users should install my unofficial “block-long-queries” mini-plugin to avoid the security bug that 1.0.3 fixes and similar unknown attacks in the future.
(it also works in 1.0 and WordPress)
<?php
/*
Plugin Name: Block Long Queries (for bbPress and WordPress)
*/
if (strlen($_SERVER['REQUEST_URI'])>255 ||
preg_match('@(eval|base64|unescape)[^a-zA-Z0-9]@si',$_SERVER['REQUEST_URI']))
{
header('HTTP/1.1 414 Request-URI Too Long');
header('Status: 414 Request-URI Too Long');
header('Connection: Close');
exit;
}
bbPress 0.9 users should install my unofficial “block-long-queries” mini-plugin to avoid the security bug that 1.0.3 fixes and similar unknown attacks in the future.
(it also works in 1.0 and WordPress)
<?php
/*
Plugin Name: Block Long Queries (for bbPress and WordPress)
*/
if (strlen($_SERVER['REQUEST_URI'])>255 ||
preg_match('@(eval|base64|unescape)[^a-zA-Z0-9]@si',$_SERVER['REQUEST_URI']))
{
header('HTTP/1.1 414 Request-URI Too Long');
header('Status: 414 Request-URI Too Long');
header('Connection: Close');
exit;
}
Trac unfortunately doesn’t disclose where the tag was created from, the only documentation is the comment JJJ made.
https://trac.bbpress.org/changeset/2930
However it’s easy to test.
Checkout a copy from the trunk, then do a “switch” to tag/1.0.3 and see what files (if any are changed).
The SVN itself may disclose more details but let’s see what happens…
ah no, I forgot the trunk is actually 1.1
Yeah 1.0.3 is a branch from 1.0.2, not the trunk.
If a fix wasn’t committed to the 1.0 branch, it won’t be in 1.0.3
But you can always use the trunk for 1.1 preview
Trac unfortunately doesn’t disclose where the tag was created from, the only documentation is the comment JJJ made.
https://trac.bbpress.org/changeset/2930
However it’s easy to test.
Checkout a copy from the trunk, then do a “switch” to tag/1.0.3 and see what files (if any are changed).
The SVN itself may disclose more details but let’s see what happens…
ah no, I forgot the trunk is actually 1.1
Yeah 1.0.3 is a branch from 1.0.2, not the trunk.
If a fix wasn’t committed to the 1.0 branch, it won’t be in 1.0.3
But you can always use the trunk for 1.1 preview
They just announced it to the world this morning so I hope the 1.x users have upgraded to 1.0.3
http://seclists.org/fulldisclosure/2011/Mar/155
I suspect it was not enough time but there never is.
Note that my “block-long-queries” mini-plugin will protect you from this kind of attack and other yet unknown ones via the URL (GET requests)
https://bbpress.org/forums/topic/bbpress-103-released#post-84690
It will work in both bbPress and WordPress
There is really no reason to allow URIs to be longer than 255 characters but apache will allow up to 4000 by default which can carry a massive payload. I have seen some wordpress installs that need that limit bumped up to 320 or even 512, something about the akismet plugin needs very long URIs for some bad reason.
They just announced it to the world this morning so I hope the 1.x users have upgraded to 1.0.3
http://seclists.org/fulldisclosure/2011/Mar/155
I suspect it was not enough time but there never is.
Note that my “block-long-queries” mini-plugin will protect you from this kind of attack and other yet unknown ones via the URL (GET requests)
https://bbpress.org/forums/topic/bbpress-103-released#post-84690
It will work in both bbPress and WordPress
There is really no reason to allow URIs to be longer than 255 characters but apache will allow up to 4000 by default which can carry a massive payload. I have seen some wordpress installs that need that limit bumped up to 320 or even 512, something about the akismet plugin needs very long URIs for some bad reason.
I am bumping this as it’s become more important since so many people have upgraded to 1.x and the problem still exists (and gets magnified with every extra plugin you install).
Some translations do not have all the phrases done. They may be from older versions of bbpress or the person who did it just didn’t bother.
There may be a newer translation file or you may have to add the translations yourself.
See my topic here about it all:
http://bbshowcase.org/forums/topic/bbpress-translation-internationalization-into-local-languages
Some translations do not have all the phrases done. They may be from older versions of bbpress or the person who did it just didn’t bother.
There may be a newer translation file or you may have to add the translations yourself.
See my topic here about it all:
http://bbshowcase.org/forums/topic/bbpress-translation-internationalization-into-local-languages
Okay I had never written the special routine for “topics to which each user has replied” so it never even appeared in the last 0.9 although Sam incorporated some of my other improved queries.
But I sat down and wrote it just for you now 
http://bbshowcase.org/plugins/fast-recount.zip
Basically the old 0.9 bbPress api loops through each and every user and does a few queries for each one, completely overloading any server and timing out and never finishing.
ie. 6 queries per user x 1000 users = 6000 queries !!!!
My version accomplishes the exact same results with only a handful of queries right inside the mysql engine regardless of how many users, so it should always finish in under 30 seconds (unless perhaps it’s millions of users)
Once you install and activate, under your recount menu you will see (among others)
FAST RECOUNT topics to which each user has replied
So check that box and leave the old one unchecked.
Until I have some time to fix the order in which the boxes appear, you should probably do the fast recount AFTER the other regular counts are done.
Oh and last but certainly not least, I highly recommend backing up your mysql database for wordpress/bbpress before using this plugin, because it’s experimental and does actually delete old data before creating the new data. Something could go wrong (in theory you could run it a second time to fix the problem but always best to be safe).
ps. make sure you update bbpress to 0.9.0.6 too
Okay I had never written the special routine for “topics to which each user has replied” so it never even appeared in the last 0.9 although Sam incorporated some of my other improved queries.
But I sat down and wrote it just for you now
http://bbshowcase.org/plugins/fast-recount.zip
Basically the old 0.9 bbPress api loops through each and every user and does a few queries for each one, completely overloading any server and timing out and never finishing.
ie. 6 queries per user x 1000 users = 6000 queries !!!!
My version accomplishes the exact same results with only a handful of queries right inside the mysql engine regardless of how many users, so it should always finish in under 30 seconds (unless perhaps it’s millions of users)
Once you install and activate, under your recount menu you will see (among others)
FAST RECOUNT topics to which each user has replied
So check that box and leave the old one unchecked.
Until I have some time to fix the order in which the boxes appear, you should probably do the fast recount AFTER the other regular counts are done.
Oh and last but certainly not least, I highly recommend backing up your mysql database for wordpress/bbpress before using this plugin, because it’s experimental and does actually delete old data before creating the new data. Something could go wrong (in theory you could run it a second time to fix the problem but always best to be safe).
ps. make sure you update bbpress to 0.9.0.6 too
This may happen if you have a very large number of topics/posts/users.
The functions in bbPress 0.9 are very inefficient and use a horrifying number of queries that will get blocked by many servers or timeout after 30 seconds.
I wrote some experimental fast replacement routines, let me see if I can find them.
This may happen if you have a very large number of topics/posts/users.
The functions in bbPress 0.9 are very inefficient and use a horrifying number of queries that will get blocked by many servers or timeout after 30 seconds.
I wrote some experimental fast replacement routines, let me see if I can find them.
@Ashfame, the bug is not really a showstopper and I am researching another possible issue.
I need to update “check-for-updates” though.
@Ashfame, the bug is not really a showstopper and I am researching another possible issue.
I need to update “check-for-updates” though.
Speaking of security, anyone using bb-attachments should please update to 0.2.8
(you’ll only need to update bb-attachments-init.php)
Speaking of security, anyone using bb-attachments should please update to 0.2.8
(you’ll only need to update bb-attachments-init.php)
Downgrade tool is on permanent delay.
Sorry, I simply do not have the time.
Restore backups from before upgrading 0.9 to 1.x
I updated it a couple of days ago but even I see a spammer about every other week.
I have to assume it’s humans doing the account creation because it’s so cheap to get labor now, it might be semi automated where it fills out the info and allows the human to deal with the question.
You’d think they’d figure out this is a waste of time but I guess they are looking for the sites where the postings stick around for awhile.
I can deal with it once a week until I figure out another way to tackle them.
By the way I don’t use akismet and I always recommend you disable the bozo feature which Sam made a plugin you can turn off at my request, because it just causes havoc with false positives.
Yes I am seeing them defeat Human Test too.
I will push an update to the svn tonight (Friday) so keep an eye out for a version update.
Each topic already carries the name of the person that started it, so this is very easy to do without a plugin.
Simply edit your front-page.php and forums.php templates and put
<?php echo $topic->topic_poster_name; ?>
where you’d like it.
also see this tag
https://bbpress.org/forums/tags/topic-author
Each topic already carries the name of the person that started it, so this is very easy to do without a plugin.
Simply edit your front-page.php and forums.php templates and put
<?php echo $topic->topic_poster_name; ?>
where you’d like it.
also see this tag
https://bbpress.org/forums/tags/topic-author
I know y’all are in super-dooper alpha state right now but be sure to put on your list to test the plugin under windows (try the 1 minute xampp lite install for testing).
I’m not even sure where to start with some of the errors, I’ll try to debug.
ps. can an admin please turn off the hash-to-trac link plugin that’s running on bbpress.org? It’s incredibly annoying because it makes no effort to determine if it’s really a ticket reference.
