Search Results for 'bbpress'
-
Search Results
-
HttpOnly cookies are a security advancement that is finally supported now by all major browsers (Firefox eventually got it right in 3.1, while IE 7 still has a bug but it generally works).
HttpOnly means a cookie cannot be read by javascript in the browser, only by the server (via PHP, etc.) This practically stops XSS exploits and makes it much harder if not impossible in most cases.
HttpOnly may “save your bacon” when a plugin has a security hole (like Private Messaging and bb-Reputation 0.0.5) and prevent a malicious script from forwarding your keymaster cookie to someone else via a XSS script.
I manged to get them to include HttpOnly in WordPress 2.7 and bbPress 1.0 but it’s still not in older WordPress or bbPress 0.9 because they worried about backward compatibility with some WordPress plugins that try to directly read the cookie (bad technique) instead of using server-side helpers.
However there are NO bbPress plugins that direct read the auth cookie and very few WordPress plugins still do this. I am not 100% positive how it will affect ajax but it shouldn’t because it’s still authorized on the server-side via PHP.
So if you’d like to try out HttpOnly on your bbPress 0.9, here’s how, it’s as simple as a mini-plugin. Note that if you are already using a cookie replacement plugin like my “Freshly Baked Cookies” or “Year Long Cookies” you will need to edit them instead of using the following (you can only use one cookie replacement plugin at a time).
I’d appreciate any feedback or experiences with this, especially if it causes problems:
Save this as
_HttpOnly.php
and upload into yourmy-plugins/
directory:<?php
/*
Plugin Name: HttpOnly Auth Cookie
*/
function wp_set_auth_cookie($user_id, $remember = false) {
global $bb;
if ( $remember ) {
$expiration = $expire = time() + 1209600;
} else {
$expiration = time() + 172800;
$expire = 0;
}
$cookie = wp_generate_auth_cookie($user_id, $expiration);
do_action('set_auth_cookie', $cookie, $expire);
setcookie($bb->authcookie, $cookie, $expire, $bb->cookiepath, $bb->cookiedomain. '; HttpOnly' );
if ( $bb->cookiepath != $bb->sitecookiepath )
setcookie($bb->authcookie, $cookie, $expire, $bb->sitecookiepath, $bb->cookiedomain. '; HttpOnly' );
}
?>To prove it’s working, you CANNOT use the Firefox webdeveloper plugin because that looks at the cookie in Firefox’s chrome, not at the user level. What you have to do is
1. prove you can see your bbpress/wordpress cookie by typing or copying this to your browser address bar
javascript:alert(document.cookie);
2. install the plugin
3. log out and then log in
4. again type or copy this to your browser address bar
javascript:alert(document.cookie);
5. if it’s working, you should NOT see your wordpress/bbpress cookie in the alert
Currently the only plugin I am aware of that tries to read the cookie directly in WordPress is the
WP-UserOnline
plugin from GamerZ, and he may have even fixed that by now in the newest versions. However there may be others, so test your setup.Hi everyone
We are a web development agency from Belgium that’s working on a bbPress project, we are moving a big forum (1.5 million posts) from phpBB to bbPress. The only phpBB converter I found out there is quite outdated, so we need someone to write a new one. When the project is done we will make the converter free and open-source, so that everyone can use it.
Please email your portfolio and/or cv to andreas at madewithlove dot be if you are interested in doing this job.
Disclaimer:
We had contact with someone of this forum but since a couple of weeks he does not (or at least very slow) respond on our emails. If that person is reading this post, please get back in touch with us, we still want to work with you!
Topic: There are no 404’s
I’ve just installed bbPress and I’m not using pretty permalinks and for some reason I never get a 404. Which at first doesn’t sound bad but I don’t get and 404 errors, no matter what I write in the address bar. I’d like to fix it (I’ve even specified a 404 page in .htaccess) but I’m really at a loss.
If you use my bb-reputation plugin, please update to 0.0.6 ASAP.
http://bbpress.org/plugins/topic/bb-reputation
(remember to copy over your settings at the top if you have customized them)
Topic: Plugin @ ForumMatrix
Not a great title but it’s after 3am here.
I remembered in October last year _ck_ posted a link to ForumMatrix and it’s information on BBpress:
http://www.forummatrix.org/show/bbPress
Now, if it’s not someone involved with the project that keeps ForumMatrix up to date, then i’m very sorry for asking but right now i find it a good source of “where we’re at”, but ee seem to have PLUGIN listed in every box. The thing is, i dont think we have plugins for some of this stuff.
For example, where is the WYSIWYG plugin?
According to forum matrix BBpress has plugins for Full BBcode, WYSIWYG editor, nested quotes, syntax highlighting, multiple file attatchments, acl, blacklist, warnings, suspensions, ip-block, audit logging, user reports, rating/karma system, custom profile fields, split threads, calendar, pruning , archiving, export private messages, lo-fi view.
Thing is, i dont see any working plugins that do those jobs. Now, i’m more than happy to admit that i may be wrong (be great if i was), but i do find the whole current plugin page a bit of a mess (given that the latest plugins, latest talked about plugins, and the highest rated plugins are generally quite similar).
Any help in finding working plugins that BBpress is supposed to have would be really helpful
Thank you all
when posting a topic within any forum, after I click submit, it goes directly to a This topic has been closed page. Nothing else shows, no errors. Just the standard green bbpress error page.
Anyone else experience this? ANy fixes?