[gloom]

Almost, yeah

/%year%/%category%/%postname%/

This is the .htaccess:

<IfModule mod_rewrite.c>

RewriteEngine On

RewriteBase /

RewriteRule ^index.php$ – [L]

RewriteCond %{REQUEST_FILENAME} !-f

RewriteCond %{REQUEST_FILENAME} !-d

RewriteRule . /index.php [L]

</IfModule>

[GeraldS]

To get the HTTP authentication plugin running with bbPress 1.0.3 I had to do a few tweaks. Here is the diff from the original file and my modifications:

42c42,45

< 	global $bb_submenu;

---

>         if (function_exists('bb_admin_add_submenu')) { // Build 794+

> 		bb_admin_add_submenu(__('HTTP authentication'), 'use_keys', 'http_admin_page');

>         } else {

> 		global $bb_submenu;

44c47,48

< 	$bb_submenu['plugins.php'][] = array(__('HTTP authentication'), 'use_keys', 'http_admin_page');

---

> 		$bb_submenu['plugins.php'][] = array(__('HTTP authentication'), 'use_keys', 'http_admin_page');

> 	}

176c180

< 				$user_exists = bb_user_exists( $user );

---

> 				$user_exists = bb_get_user( $user, array('by' => 'login') );

226c230

< ?>

 No newline at end of file

---

> ?>

Hope this helps someone.

Regards,

Gerald

[kai920]

I was able to get Comment Form Quicktags showing on bbP’s reply form by adding add_filter('bbp_get_reply_content', array(&$this, 'detect_start')); but not on the topic content form. I tried:

add_filter('bbp_topic_content', array(&$this, 'detect_start'));

add_filter('bbp_get_topic_content', array(&$this, 'detect_start'));

What am I doing wrong?

[John James Jacoby]

Tools > Import

[John James Jacoby]

@caming – Thanks for taking the time to search around and give it a go on your own. The missing piece to your puzzle can be found at the link below:

https://codex.wordpress.org/Child_Themes

Cheers

[tooltrainer]

Yep agreed on all points. Hopefully though it’s the content that trumps all right?

Jonathan

[John James Jacoby]

The thing with mod_security is getting it dialed in. Since WordPress traditionally has a limited set of data entry points, I imagine we’ll see more of these issues arise. What surprises me is this hasn’t been an issue for BuddyPress yet, and everything within a BuddyPress site happens from within the theme. Glad you’ve got it sorted out though.

I’ve gone through my fair share of forum transitions and they always manage to upset everyone. Forum software is not unlike any other *thing* in that the person interacting with it gets attached to the way it works at a behavioral level. When you move any 1 thing around, it upsets their workflow, and makes things difficult again. When you move everything around, it’s a nightmare, and rarely do forum users rejoice at the change.

No worries, I try not to take anything personally.

[tooltrainer]

Well it’s not so much a matter of censoring, it’s a question of security. Until I had them whitelist a rule in ModSecurity, I couldn’t post a lot of stuff in WordPress either, whether from admin or not. ModSec is treating certain words as SQL language and assuming they are an injection attack attempt. I’ve seen this problem before many times in the past but never realized what it was until this issue and subsequent conversation.

They’ve now whitelisted /topic/, /forum/, and /edit/ and that seems to have fixed this issue. I’m guessing this isn’t really something that can/should be fixed from within bbP itself, but if I’m wrong feel free to do so.

And though I personally believe that bbP is the way to go for my community, my users are used to PHPbb and VBulletin sites and so this already seems “weird” to them. Adding technical issues and using beta software isn’t really helping instill confidence but hey that’s my choice to do. They’re spoiled by forum solutions with all the bells & whistles that I’ve had to add with plugins for things like Private Messaging, showing unread topics, protecting content for members only, signatures, etc. This is of course by design, and though I’m essentially putting back in a lot of the stuff that bbP has intended to leave out, I believe I wouldn’t be happy with the lack of integration of any other forum solution within WP so… bbP it is!

They’ll get used to it, I just hope I don’t lose any because they can’t make the leap. Time will tell, and bbP keeps getting better with time. I hope my posts never suggest a lack of appreciation for this plugin and all the work you’re putting into it!

Jonathan

[kai920]

What do you guys think about adding wp_register(); to the login widget?

https://codex.wordpress.org/Function_Reference/wp_register

[Gautam Gupta]

qzplx: For theme integration, you can either do deep integration – looks like that didn’t work for you OR create a new theme based on your wp theme on your own. There is a theme integrator too.

[John James Jacoby]

If your host is controlling what parts of your site what words are allowed where, to the point where it’s censoring genuine conversation, that’s a conversation to have with them.

There are a few things you can do to confirm, but it depends if they’ve white listed those locations or not.

1. Can you post a blog comment with that same content?

2. Can you create a reply within /wp-admin/ with the same content?

Your members are “unimpressed” because they’re frustrated, and because your site is unfinished because bbPress has only had a handful of testers in recent months. You’re opting to be a tester, which is *great* of course… but making the decision to let other people use an unfinished site never goes well.

Your feedback is invaluable, and their unhappiness is going towards a good cause. If you communicate that to them clearly, in my experience that usually calms them down.

[Kevin Muldoon]

I’m getting the same issue. It runs fine in my test area but when I activate it on my live site the admin area goes white. Will look into what plugin is causing this

[tooltrainer]

Yeah probably true, I’m just impatient. The host have whitelisted URLs beginning with /edit/ which has fixed existing posts that are being edited, but does not fix creation of new posts or replies.

For the moment, I’m having them whitelist /forum/ and /topic/ as well. If JJJ can suggest a better solution or fix to this, then I’ll just have them remove the whitelist rules. I’d certainly rather not have to override any security, but my members are getting annoyed and right now are “very unimpressed” with my choice of forum software.

Jonathan

[Anointed]

before you relax the rules, wait until we hear from JJ. There is a possibility that the info is being saved to the db in a slightly different way than standard posts.

I’ve been reading through the code, but do not have a strong enough understanding of wp to know for sure.

No reason to relax unless needed, more security is always best

[tooltrainer]

Yep I just found the same:

ModSecurity: Access denied with code 500 (phase 2). Pattern match “((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe):space:+[A-Z|a-z|$

I’m guessing it’s my use of the word “create” in my example string.

Given how much my forum discusses code, I think I’m going to have no long term option but to relax ModSec. I’ve already asked the host to look into it so hopefully they come up with something.

Thanks for all your pointers as usual!

Jonathan

[Anointed]

It is not the individual words but the combination spaces and keywords that are usually used to ‘inject malicious code’ into a db.

select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe

*each host uses diff keywords, so your rules may vary

I’d wait until you hear from JJ, just in case the info is saved to the db differently before you mod anything in mod-security

[Anointed]

Yup, it is mod-security, same on my end:

[Sat May 28 18:03:04 2011] [error] [client ip] mod_security: Access denied with code 403. Pattern match ":space:+(select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe):space:+[A-Z|a-z|0-9|\\*| |\\,]+:space:+(from|into|table|database|index|view):space:+[A-Z|a-z|0-9|\\*| |\\,]" at POST_PAYLOAD [severity "EMERGENCY"] [hostname "mysite.com"] [uri "/topic/need-healing/page/3/"] [unique_id "TeFxGEUuJUQAAGLkflw"]

You are probably going to have to have your host think about relaxing the rules.

Only thing I don’t understand is why it works on posts but not topics/replies. I will read through how the topic/reply is being saved to the db and see if I can track it down. If not, I’ll ask JJ later.

(he’s finally asleep after pulling yet another all nighter)

[Anointed]

@tooltrainer

Keep in mind that this is only beta2, and there are very few people using this plugin so far. It is NOT intended for a live site as noted many times.

*one last set of tests if you don’t mind:

1. Try to create a new topic with the exact same string you are trying and see if that works.

2. Try to create a new reply with the exact same string you are trying and see if that works.

That will tell me if it is the replies or topics part of the code to look into.

Finally, understand you have tried this same string a number of times, so it could be a hidden duplicate in the db. I would check your db tables to see if any of these attempts managed to save in a cell behind the scenes.

JJ has been working on this plugin non-stop, check the change-log, and you will see he never sleeps LOL

I still think it may have something to do with mod-rewrite. I am 100% that is what happened to me, although it could be different for you.

What you really need is some server logs in order to really help track this down. If you have a half decent host, then it should only take them 2 mins to track down any errors.

*It is a good idea to ask your host how to access your own error logs for server, security, and php

[tooltrainer]

Yeah I can paste the content into a post without any issue.

I’ll go through line by line until I find the offender(s), but if this is going to be a continued problem, I’m going to have to abandon bbP. If this is a bug I’m surprised nobody else is seeing it.

Jonathan

[scylderon]

Would be helpful to know how to integrate BuddyPress hooks into the bbp template as well. For example:

<?php echo xprofile_get_field_data(#); ?>

or

<a href="<?php bp_displayed_user_link() ?>"><?php bp_displayed_user_fullname() ?></a>

[mhjerde99]

Great stuff!

@kai920 +1 for adding “register” link to the login widget. And I like Register Plus Redux, that plugin works nicely!

@anointed Thanks, good tip! Implemented.

My sidebars disappeared when upgrading to beta 2b. I’m using the Woo Sidebar Manager and I had to move login/registration down in the footer for the time being. I can’t say for sure that there is causation. Esp because Sidebar Manager seems a bit flaky. But it happened at the same time

[Anointed]

@mhjerde99 Can I make a suggestion on the template?

Add the following to your woothemes custom.css file in order to get full width forums. I saw your post over there, but didn’t really have time to answer your questions as I am also very busy building a custom woo theme.

#content table.bbp-topics, #content table.bbp-forums, #content table.bbp-replies, #container table.bbp-topics, #container table.bbp-forums, #container table.bbp-replies, #main table.bbp-topics, #main table.bbp-forums, #main table.bbp-replies {

width: 100% !important;

}

[kai920]

I was just looking into this topic a bit – I wonder if it’s useful to add a “Register” link at the bottom of the login widget inside /bbp-includes/bbp-core-widgets.php? This would bring a user directly to /wp-login.php?action=register and would only display if WP’s “Anyone can register” option was turned on.

I’ve also just installed the Register Plus Redux plugin (https://wordpress.org/extend/plugins/register-plus-redux/) which allows you to upload your own image for the registration page and gives other nice options.

[kai920]

Good to hear – just updated to 3254 and I see Home > Forums > Forum Name breadcrumb

[John James Jacoby]

I’ve been tweaking the breadcrumbs, trying to find the sweet spot. There’s starting to be a lot of possible ways to display the forum archives now. With page templates, archives, shortcodes, etc… it’s hard to know what is the actual root and where.

I think I’ve got it dialed in for Beta 3. I spent the majority of last night testing all of the above scenarios.