Recently installed bbpress 1.0.2 and avatar upload 0.8.3
Followed the inst. instruction as follows :
5 Upload the files in the “additional-files” directory to the following locations.
avatars/ – directory to the location specified on the admin page, rename if neccesary
admim page: /avatars/ so I created avatars dir. on bbpress root,writable DONE
avatars/default.png – default avatar image into the directory created above.
DONE
avatar-upload.php – bbPress root directory.
MOVED bb-avatar-upload.php T ROOT DIRECTORY
my-templates/avatar.php – your my-templates/my-template-name/ (or bb-templates/kakumei/) directory.
MOVED TO bb-templates/kakumei/ DONE
Upload the plugin files.
bb-avatar-upload.php – your my-plugins/ directory (and activate it).
DONE
identicon.php – your my-plugins/ directory (it is automatically included).
EXISTS
unsharpmask.php – your my-plugins/ directory (it is automatically included).
EXISTS
I dont see the avatar load button on the profile.
I’m confused, is the filename bb-avatar-upload.php or avatar-upload.php ?
What am I doing wrong ? ( a novice admin )
Do you have bbCode Lite installed? That’s required.
Do you have bbCode Lite installed? That’s required.
Newly installed, bbpress (1.0) and bbcode buttons (0.0.9) plugin and I se the buttons in the reply box. When I press IMG I’m able to enter the image url.
When I press ‘send post’ then what I see is this :
Consequently no image displayed.
What is wrong ? Does it support bbpress 1.0.2
My replies keep getting marked as spam… I’ve tried to post links to the plugins, but Askimet keeps marking them as spam even though they are all links to this forum!
Anyway…
There are two video plugins that you can install… bbVideo works with 0.9 and Easy Video Embed works with 1.0. You’ll have to search for them yourself since I can’t post the links. 
My replies keep getting marked as spam… I’ve tried to post links to the plugins, but Askimet keeps marking them as spam even though they are all links to this forum!
Anyway…
There are two video plugins that you can install… bbVideo works with 0.9 and Easy Video Embed works with 1.0. You’ll have to search for them yourself since I can’t post the links.
@Willabee
As I said earlier, “And we’re also done with these or I’ve patches ready for these“. I’m still doing testing etc. & I’ll post the patches once I’m finished. 
@alanchrishughes
If you are talking about one reply per page style threads like creativecow.com please do not, that is the most annoying forum to follow in the world.
Nothing like that. Moreover, replies per page would be an option given to the user.
Someone also mentioned the forums/forum/thread problem and I agree, I would like if possible the option to just go http://www.sitename.com/forum/threadname. Not every market or group needs that much organization. And being able to rename “forum” to something else would be nice also, I don’t know if that is already possible or not, I’ve been trying to be patient and just wait until it is done.
Yup, there would be options to edit any slug.
Are you still required to use the Twenty Ten theme? Or was that just something during the development process?
The development process is still going on, though you can port your themes very easily, you just need to add a few files.
Is this the version that is suppose to be compatible with Buddypress?
Nop, we’re focussing on the basic forum features right now. No BuddyPress integration yet (I don’t know if jjj’s working on that, but I don’t think so).
@intimez
Regarding forums/forum, that’s gonna be an option. You could remove the root slug (i.e. forums) from all the slugs, once we just add it.
And regarding [edit, sticky, move], I said “And we’re also done with these or I’ve patches ready for these“. If you want to test these, just register up on my demo forums, I’ve set the default role as Forum Moderator, so you’d see those links.
@Willabee
The bleeding-edge (trunk) version is very much working. If jjj wants to release an alpha or beta, then we can. We’re already done with these points (mentioned in the first post):
- Topic Counts
- Post Counts (except forum -> reply count, afaik, jjj was working on that)
- Voice Counts (except forum voices – I don’t think we even need those)
- Rough Template
- Admin area clean-up
- User’s Profiles
- User’s Posts
- User’s Favorites
And we’re also done with these or I’ve patches ready for these:
- Front-end topic/reply creation, editing, trashing, deleting
- Closed/sticky/spammed topics
- Closed/private/category forums
- Spammed replies
- Error handling
- Email subscriptions
- Widgets
- Anonymous posting
- Front-end user editing
- Some part of settings page
- Forum moderator
- Merge topics
- View – topics with no replies (not actually a view, but a page)
And today, I’m working on:
- Splitting topics
- PHPDocs/Code cleanup
After that we’d be just left with these to complete (which are present in bbPress standalone):
- Login/Registration/Password reset forms
- Feeds
- Filter the content for HTML tags
- Tag heat map page
- Tag management form (renaming/merging/deleting)
- View – topics with no tags
- Statisitcs
- Change the forums back-end UI to bbPress-standalone like
- Akismet spam checks (plugin)
- XMLRPC!?
- Properly integrated pingbacks
- Complete the settings page
For more details, you can checkup the commit log.
Plugin error with a buddypress plugin, try disabling all plugins and then launch bbpress again.
Also try emptying your cookies and closing/opening your browser. 
Plugin error with a buddypress plugin, try disabling all plugins and then launch bbpress again.
Also try emptying your cookies and closing/opening your browser.
So.. due in 37 hours? Will you guys make it? ^^
Anyways, would be nice to get an alpha/beta release of the plugin soon. Keep it up!
Hi ONEWAY. You might have better luck asking this question over at buddypress.org.
As a brief hint, if you want to pick which forum your ‘groups’ forums are under, you need to set that with a code change in a file called ‘bp-custom.php’. This is considered advanced usage so you’ll want to snoop around the BuddyPress code for the constant that defines the forum_id where they go.
Hi ONEWAY. You might have better luck asking this question over at buddypress.org.
As a brief hint, if you want to pick which forum your ‘groups’ forums are under, you need to set that with a code change in a file called ‘bp-custom.php’. This is considered advanced usage so you’ll want to snoop around the BuddyPress code for the constant that defines the forum_id where they go.
Thanks everyone for all the hard work put in so far. Waiting eagerly
Anonymous UserInactive
Thx for fixing this issue. The next time i’ll create an ticket on trac.
Anonymous UserInactive
Thx for fixing this issue. The next time i’ll create an ticket on trac.
This is fixed in the bbPress trunk. Give it a go and be sure to report back any more issues.
Thanks for bringing this up!
This is fixed in the bbPress trunk. Give it a go and be sure to report back any more issues.
Thanks for bringing this up!
I am guessing but moving up esc_url only works because the vulnerable url fails the list of allowed protocols. This will break relative urls being passed (try using /forums/ for example without http)
But since relative is a rare case (I use relative but via plugin) I guess it’s acceptable.
I am guessing but moving up esc_url only works because the vulnerable url fails the list of allowed protocols. This will break relative urls being passed (try using /forums/ for example without http)
But since relative is a rare case (I use relative but via plugin) I guess it’s acceptable.
In this topic is fine. Would rather have more eyes on this than less.
The solution involved the shuffling of things around, as well as this specific addition: https://trac.bbpress.org/browser/trunk/bb-login.php#L51
Basically if the esc’ed $re is now empty, fall back to the installation root. At first this seemed like a silly solution, but because the login always attempts to smart redirect, there isn’t a circumstance where it would naturally be empty. By moving the esc’s up and letting them filter out the baddies, it’s possible to end up with an empty $re.
Tested with ampersands and question marks and it appears to work fine. I’ll try more esoteric URL combinations and see if it breaks.
I indented that code because of the repeated empty( $re ) checks. I had a hard time keeping track of how many times it needed to repeat the same check and bumped them in for clarity. Not a common formatting technique but helpful to me at the time.
In this topic is fine. Would rather have more eyes on this than less.
The solution involved the shuffling of things around, as well as this specific addition: https://trac.bbpress.org/browser/trunk/bb-login.php#L51
Basically if the esc’ed $re is now empty, fall back to the installation root. At first this seemed like a silly solution, but because the login always attempts to smart redirect, there isn’t a circumstance where it would naturally be empty. By moving the esc’s up and letting them filter out the baddies, it’s possible to end up with an empty $re.
Tested with ampersands and question marks and it appears to work fine. I’ll try more esoteric URL combinations and see if it breaks.
I indented that code because of the repeated empty( $re ) checks. I had a hard time keeping track of how many times it needed to repeat the same check and bumped them in for clarity. Not a common formatting technique but helpful to me at the time.
Maybe I am getting rusty, but looking at the diff, I don’t see it.
Basically it’s the same thing, shuffled around a bit and the same esc_url and esc_attr is being used at the end, which is the same pattern as the existing 1.0/1.1 code.
Are you sure the fix was not being caused by just having a more updated version of esc_url and esc_attr ?
Or was it just being solved by moving those two sanitizers up higher before bb_safe_redirect could ever be called. Because that was definitely an oversight on someone’s part (not me). Based on the comments I’d guess they thought their functionality was for display filtering and not actually sanitization.
Looking at esc_url though, its default is indeed meant for displaying urls by default, note the comment in the code “Replace ampersands and single quotes only when displaying.” and how the context is set by default to “display”.
Maybe test your solution with a url that contains an ampersand, it probably will not work?
Also, are you relying on the list of protocols to do the sanitization? Because that could be defeated too (and would prevent using relative urls that are legitimate).
ps. very minor but you have confusing indentation indicating nesting with the code at line 18 – which actually is not nested
Feel free to email me directly if that’s better.
Maybe I am getting rusty, but looking at the diff, I don’t see it.
Basically it’s the same thing, shuffled around a bit and the same esc_url and esc_attr is being used at the end, which is the same pattern as the existing 1.0/1.1 code.
Are you sure the fix was not being caused by just having a more updated version of esc_url and esc_attr ?
Or was it just being solved by moving those two sanitizers up higher before bb_safe_redirect could ever be called. Because that was definitely an oversight on someone’s part (not me). Based on the comments I’d guess they thought their functionality was for display filtering and not actually sanitization.
Looking at esc_url though, its default is indeed meant for displaying urls by default, note the comment in the code “Replace ampersands and single quotes only when displaying.” and how the context is set by default to “display”.
Maybe test your solution with a url that contains an ampersand, it probably will not work?
Also, are you relying on the list of protocols to do the sanitization? Because that could be defeated too (and would prevent using relative urls that are legitimate).
ps. very minor but you have confusing indentation indicating nesting with the code at line 18 – which actually is not nested
Feel free to email me directly if that’s better.
