[chrishajer]

The invitation to put code in backticks is actually the least of your worries. Anything in backticks gets escaped and displayed differently. You don’t want to hack that function to exclude backticks. Removing the function wouldn’t help with what you’re worried about.

You need to be concerned with input that is not sanitized, not input that is escaped in backticks.

I think bbPress has a very good security track record. There have been a couple problems in the past year (one XSS and one SQL injection I know of) but in general bbPress has been very secure. I don’t think you have to worry about getting hacked when using it. The software is written by professionals.

[so1o]

https://bbpress.org/plugins/topic/bb-anonymous-posting/

hope this help.. works with 0.9.0.2

[shirestudios]

I have the latest version of bbpress installed to my own server, and it is integrated with wordpress (also the latest).

I added one new forum a few weeks ago, but today I tried and it gave me the error: “Something strange happened. Try reloading the page.”

I did reload the page several times, but it still doesn’t work! I am completely stuck…I can’t add new forums or categories…please HELP!

These plugins I have installed and activated:

Use Display Name

Wordpress Integration

Allow Images

Avatar Upload

bbPress Avatars

bbPress Signatures

That’s all…anyone know how to fix this problem?

Thanks in advance!!!!

[mystifier]

I like the idea of adding a BB to a WordPress website and BBPress offers good integration but, having had one website previously screwed with a Visitor’s Book, I am a bit paranoid about PHP Injection.

Since there is actually an invitation to put code between backticks, how secure is it against injection?

Is there a simple hack to exclude backticks?

[mikeyc]

The checklist was excellent. My problem is that since upgrading BBPress and WP, I can’t log in to my forum at all.

My BBPress was getting users from my WP, but I suspect this isn’t now working. Is there a way to check this?

There must be an instruction somewhere that tells BBPress to access the WP database, but I haven’t found it.

I’d be grateful for a point in the right direction.

[Sam Bauers]

@seryi

Cookies in WordPress 2.5.1 are compatible with cookies in bbPress 0.9.0.2

[Sam Bauers]

WPMU 1.5.1 is probably only compatible with bbPress 0.9.0.2

[Sam Bauers]

@javalizard

You need to upgrade WordPress as well to fix the cookie incompatibility.

[tbaleno]

Those solutions did’t work.

I just upgraded wordpress to 2.5.1 and still no luck.

[Mufasa]

Can somebody set that spammer on fire? Please!!! Seriously hot sticky napalm would be just fine…

Nobody can login to our site at all – including Admin.

We will probably hack it to work – but I think we should all vote for bbPress [shortcodes] and widgets.

1) [bbPress]

2) bbPress widgets

Hail bbPress [shortcodes] and widgets

[kineda]

http://www.kineda.com

Full details here:

https://bbpress.org/forums/topic/kinedacom

[mikeyc]

Hi, I’ve just upgraded bbpress to 0.9.0.2 and I cannot log in at all. BBpress tells me the user name doesn’t exist.

The installation process asked me if I really wanted to run the upgrade script and I said yes.

Previous to the upgrade, I had BBpress integrated with WP.

I’ve checked the secret keys match in both config files.

I’ve tried javalizard’s cookie fix.

But still no joy.

Any hints gratefully received.

[seryi]

The same happened to me after upgrading my wordpress to V.2.5.1

The problem is that auth mechanism in wordpress (based on cookies) has changed and no more compatible with the bbPress’ one. I believe that the next bbPress release will fix it. However now there is only one way to solve the problem – to edit some piece of code(only few lines). This is the instruction:

1) open your bbpress_dir/bb-includes/pluggable.php

2) find function wp_validate_auth_cookie

3) inside this function change next 2 lines of code

$key = wp_hash($username . $expiration);

$hash = hash_hmac(‘md5’, $username . $expiration, $key);

to

$key = wp_hash($username . ‘|’ . $expiration);

$hash = hash_hmac(‘md5’, $username . ‘|’ . $expiration, $key);

4) find function wp_generate_auth_cookie

5) inside this function change next 2 lines of code

$key = wp_hash($user->user_login . $expiration);

$hash = hash_hmac(‘md5’, $user->user_login . $expiration, $key);

to

$key = wp_hash($user->user_login . ‘|’ . $expiration);

$hash = hash_hmac(‘md5’, $user->user_login . ‘|’ . $expiration, $key);

That’s all!

NOTE! It’s only actual for wordpress 2.5.1 with bbpress 0.9.0.1

[seryi]

The same happened to me after upgrading my wordpress to V.2.5.1

The problem is that auth mechanism in wordpress (based on cookies) has changed and no more compatible with the bbPress’ one. I believe that the next bbPress release will fix it. However now there is only one way to solve the problem – to edit some piece of code(only few lines). This is the instruction:

1) open your bbpress_dir/bb-includes/pluggable.php

2) find function wp_validate_auth_cookie

3) inside this function change next 2 lines of code

$key = wp_hash($username . $expiration);

$hash = hash_hmac(‘md5’, $username . $expiration, $key);

to

$key = wp_hash($username . ‘|’ . $expiration);

$hash = hash_hmac(‘md5’, $username . ‘|’ . $expiration, $key);

4) find function wp_generate_auth_cookie

5) inside this function change next 2 lines of code

$key = wp_hash($user->user_login . $expiration);

$hash = hash_hmac(‘md5’, $user->user_login . $expiration, $key);

to

$key = wp_hash($user->user_login . ‘|’ . $expiration);

$hash = hash_hmac(‘md5’, $user->user_login . ‘|’ . $expiration, $key);

That’s all!

NOTE! It’s only actual for wordpress 2.5.1 with bbpress 0.9.0.1

[jldean]

I think I’ve fixed it – fully ‘integrated’ bbpress and wp for cookie sharing AND user database. Now it’s using the wp tables for user data, and is giving out the correct cookie… and all users can login

[mitcho (Michael Yoshitaka Erlewine)]

Hi all,

I just successfully got Michel Fortin’s Markdown to work in bbPress… I’ve submitted it as a plugin here on bbPress.org, but as that page isn’t updating for some reason, you can download it from the WordPress.org page.

Enjoy, and of course let me know if you have any problems with it.

mitcho

[Sam Bauers]

TalkPress is the name of the project to build a hosted version of bbPress. It is currently in development aiming for an initial beta release.

talkpress.com in it’s current state was funny back in January. It will probably change soon.

[marians]

On Multiviews: Never heard of it until I first installed bbPress. If mof_rewrite would work out of the box (i.e.: if bbPress would create the file or dump the necessary content) I wouldn’t need MultiViews.

Here is one aspect I’d like to through in: URL Customization/Localization.

When localizing URLs, it’s very easy to do this via editing of mod_rewrite rules. All my bbPress installations are in german language, thus I want german URLs.

When changing the wording in URLs, e.g. from “forum” to “board” or “topic” to “idea” etc., same thing – just edit the rewrite rules.

How easy would it be to customize URLs with MultiViews in effect? Without having looked into the implementation, I would guess that it requires code changes.

If URL customization is easier in mod_rewrite, please drop MultiViews. Otherwise, please document how URL customization can be done using MultiViews.

[jldean]

Exactly the same problem here – posted yesterday.

It is odd that admin can still login though…? Do you find the same?

[chrishajer]

Someone just posted this:

https://bbpress.org/forums/topic/wordpress-theme-integration#post-16362

Sounds like the same problem?

[mrhoratio]

This has been discussed in a previous thread:

https://bbpress.org/forums/topic/new-login-required-when-between-bbpress-and-wordpress

[Mufasa]

Ya know what…

What would solve all these problems would be shortcodes.

If I could just create a page and add a shortcode:

[bbPress] then all our problems would just go away.

Then if you wanted to get the bbPress “search” and “hot tags” to show in your sidebar you can just add the bbPress widgets and they would in theory just work.

I guess that means my request is:

1) Add a bbPress [forum] shortcode for wordpress

2) Release some bbPress widgets for the wordpress sidebar

[kineda]

Wanted to share with you the new Kineda community built using WordPress and bbPress as the foundation.

Kineda is now part blog, part lookbook thanks to this dynamic pairing of software. The blog at http://www.kineda.com still offers our comprehensive fashion and lifestyle blog features, while the lookbook at http://www.kineda.com/lookbook offers a rare glimpse at what our half a million readers are wearing right this moment.

All of this built on top of WordPress and bbPress with lots of hardwork and many late nights.

Kineda Blog – http://www.kineda.com

Kineda Lookbook – http://www.kineda.com/lookbook

Would love to hear your feedback!

[Mufasa]

In previous versions to get your wp header into your bbPress theme you needed to include the wp-blog-header.php in the config file.

Doing this now breaks logging in to the bbPress site. No error messages – it just does not login.

We want the forums to be here:

http://www.instinct.co.nz/e-commerce/support-forums/

Not looking like this:

http://instinct.co.nz/forums/

There must be as easy way to do this. I must say I thought it would get easier as new versions were released – not harder ;P

Ciao,

Dan

[gerikg]

https://bbpress.org/forums/topic/make-bbpress-a-page-in-wordpress