Search Results for 'code'
-
Search Results
-
There is a security bulletin being circulated this week about a “path disclosure” bug in bbPress 1.0.3 – it actually affects all versions.
It’s not a super-serious security bug in itself but it can be used to gain leverage.
Basically someone can discover the real path your files are in by causing a PHP error by trying to access a template file directly, where there is an error in the template because bbPress is not loaded at that time.
Here is a simple workaround for users on Apache (vast majority of users).
Make a file called
.htaccess(note the dot at the start)in it, put this line
php_flag display_errors offThen upload that file to
bb-templatesandmy-templatesThe reason why we don’t put that in the master
.htaccessfile for all of bbPress is because you may need to see any regular errors in the future. However for the template subdirectories, there is no need because those files are never (supposed to be) loaded directly by the browser.Hi there!
I’m an italian user, so sorry for my bad english.
I’m a WordPress’ user since some years and I love it!
I have found bbpress searching an alternative forum for my site (actually I use phpBB).
Testing bbpress and wordpress integration I have a problem with the login…
If I login/logout in bbpress, automatically login/logout in wordpress works, but not the reverse…
If I login in WordPress, I’m not logged in in bbpress…
I have tested it in local with this configuration:
Wordpress folder: /wordpress
BBpress folder: /forum
in wp-config.php:
define(‘AUTH_KEY’, ‘<I;b3RJ:>Fu6.?*uJhfh UUBWA)MRP+.t}q,3dunpj+a!He329#;i,^:Aj~|7tDB’);
define(‘SECURE_AUTH_KEY’, ‘ytd&KN0gfMto{0>i0U7:9]R*%tc5gt/B89wVabirZUNASo1Xw
@)F63Nofs7#[7′);define(‘LOGGED_IN_KEY’, ‘lS!u]1
H=nf=+-/@t.p+15OrfWljzI8&e&-.hs|HE?rH9@&[{t`/1Z0AEl22/~{‘);define(‘NONCE_KEY’, ‘){P:2X}-s[v7PSqS)^%AL<&u)_Qpg,7AtSeN-x:}/SHr–RYq-G hG:8vM9dB8|L’);
define(‘AUTH_SALT’, ‘u2L_v<Prb:`Zr. 9UmDmbkc4d=L[C6NV}(nj<7[%]q|debm4sA,O9f]Y%,(&A7)3’);
define(‘SECURE_AUTH_SALT’, ‘#x9M#;SAy*nnW4QY{; 9l^s1:4Q]glup}NN]/9gX1W2va1{ 2QG7TiE};)rsZj12’);
define(‘LOGGED_IN_SALT’, ‘|2vq/Z6S53Z>*U^2(&kVc`F{d:7QGu[|J(@WJU<uKx:SXA+zx?<.qkM=#-m_V9F.’);
define(‘NONCE_SALT’, ‘<3sR0o>)<!sElq(|DW=s:FqL|XJ_Venp4Flp&K*|FGF(*klrdZ6&7W;uo>lz)7TK’);
in bb-config.php:
define(‘BB_AUTH_KEY’, ‘<I;b3RJ:>Fu6.?*uJhfh UUBWA)MRP+.t}q,3dunpj+a!He329#;i,^:Aj~|7tDB’);
define(‘BB_SECURE_AUTH_KEY’, ‘ytd&KN0gfMto{0>i0U7:9]R*%tc5gt/B89wVabirZUNASo1Xw
@)F63Nofs7#[7′);define(‘BB_LOGGED_IN_KEY’, ‘lS!u]1
H=nf=+-/@t.p+15OrfWljzI8&e&-.hs|HE?rH9@&[{t`/1Z0AEl22/~{‘);define(‘BB_NONCE_KEY’, ‘){P:2X}-s[v7PSqS)^%AL<&u)_Qpg,7AtSeN-x:}/SHr–RYq-G hG:8vM9dB8|L’);
define(‘BB_AUTH_SALT’, ‘u2L_v<Prb:`Zr. 9UmDmbkc4d=L[C6NV}(nj<7[%]q|debm4sA,O9f]Y%,(&A7)3’);
define(‘BB_SECURE_AUTH_SALT’, ‘#x9M#;SAy*nnW4QY{; 9l^s1:4Q]glup}NN]/9gX1W2va1{ 2QG7TiE};)rsZj12’);
define(‘BB_LOGGED_IN_SALT’, ‘|2vq/Z6S53Z>*U^2(&kVc`F{d:7QGu[|J(@WJU<uKx:SXA+zx?<.qkM=#-m_V9F.’);
define(‘BB_NONCE_SALT’, ‘<3sR0o>)<!sElq(|DW=s:FqL|XJ_Venp4Flp&K*|FGF(*klrdZ6&7W;uo>lz)7TK’);
Please, help me!
In the current bbP Plugin there is a limited set of tags allowed:
You may use these HTML tags and attributes:
<a href="" title=""> <abbr title=""> <acronym title=""> <b>
<blockquote cite=""> <cite
<del datetime=""> <em> <i> <q cite=""> <strike> <strong>I’d really like to include at least one or two more tags, but I can’t for the life of me find where the list of tags is actually defined. I found functions that request them, like bbp_get_allowed_tags() but can’t find where the list itself is.
Anyone know the answer to this mystery?
Thanks!
Jonathan
I’m trying to make the user interface a bit more friendly in my bbpress install and I can’t seem to find the text “You must log in to post.”
This is the text that shows up to guests when they are trying to start a new topic or if they want to reply to a post.
I’d like to add a nice “Login” button there as a call to action so people easily know where to go.
Anybody know where that text is in the code so I can edit it or add something to it?
Topic: Basically allowed markup
As you know there is some markup allowed in bbPress. This is pretty good but i think the allowed tags are not enough. So I’m asking if there are plans to integrate the
<u>and the<i>in future releases of bbPress. I modified the “allow Images”-Plug-In. But I think there is nothing that speaks against the integration of these tags.I just downloaded bbPress 1.0.3 to my webserver (Debian Lenny with ISPConfig) and unzipped it. After that I tried to reach the installation script in my browser on bbpress.example.com and got the following error messages:
Warning: file_exists() [function.file-exists]: open_basedir restriction in effect. File(/var/www/clients/client4/web8/bb-config-path.php) is not within the allowed path(s): (/var/www/clients/client4/web8/web:/var/www/clients/client4/web8/tmp:/var/www/bbpress.example.com/web:/srv/www/bbpress.example.com/web:/usr/share/php5:/tmp:/usr/share/phpmyadmin:/etc/phpmyadmin:/var/lib/phpmyadmin) in /var/www/clients/client4/web8/web/bb-load.php on line 141Warning: file_exists() [function.file-exists]: open_basedir restriction in effect. File(/var/www/clients/client4/web8/bb-config.php) is not within the allowed path(s): (/var/www/clients/client4/web8/web:/var/www/clients/client4/web8/tmp:/var/www/bbpress.example.com/web:/srv/www/bbpress.example.com/web:/usr/share/php5:/tmp:/usr/share/phpmyadmin:/etc/phpmyadmin:/var/lib/phpmyadmin) in /var/www/clients/client4/web8/web/bb-load.php on line 165Warning: Cannot modify header information - headers already sent by (output started at /var/www/clients/client4/web8/web/bb-load.php:141) in /var/www/clients/client4/web8/web/bb-load.php on line 179PHP open_basedir is set to:
/var/www/clients/client4/web8/web:/var/www/clients/client4/web8/tmp:/var/www/bbpress.example.com/web:/srv/www/bbpress.example.com/web:/usr/share/php5:/tmp:/usr/share/phpmyadmin:/etc/phpmyadmin:/var/lib/phpmyadminbbPress is located in “/var/www/clients/client4/web8/web/” none of the bbPress files is located in “/var/www/clients/client4/web8/”. So why should bb-config-path.php or bb-config.php be there?
How can I solve this problem?