Skip to:
Content
Pages
Categories
Search
Top
Bottom

Search Results for 'code'

Viewing 25 results - 19,426 through 19,450 (of 32,518 total)
  • Author
    Search Results
  • #94774
    Gautam Gupta
    Participant

    @Willabee

    As I said earlier, “And we’re also done with these or I’ve patches ready for these“. I’m still doing testing etc. & I’ll post the patches once I’m finished. :-)

    @alanchrishughes

    If you are talking about one reply per page style threads like creativecow.com please do not, that is the most annoying forum to follow in the world.

    Nothing like that. Moreover, replies per page would be an option given to the user.

    Someone also mentioned the forums/forum/thread problem and I agree, I would like if possible the option to just go http://www.sitename.com/forum/threadname. Not every market or group needs that much organization. And being able to rename “forum” to something else would be nice also, I don’t know if that is already possible or not, I’ve been trying to be patient and just wait until it is done.

    Yup, there would be options to edit any slug.

    Are you still required to use the Twenty Ten theme? Or was that just something during the development process?

    The development process is still going on, though you can port your themes very easily, you just need to add a few files.

    Is this the version that is suppose to be compatible with Buddypress?

    Nop, we’re focussing on the basic forum features right now. No BuddyPress integration yet (I don’t know if jjj’s working on that, but I don’t think so).

    #94767
    Gautam Gupta
    Participant

    @intimez

    Regarding forums/forum, that’s gonna be an option. You could remove the root slug (i.e. forums) from all the slugs, once we just add it.

    And regarding [edit, sticky, move], I said “And we’re also done with these or I’ve patches ready for these“. If you want to test these, just register up on my demo forums, I’ve set the default role as Forum Moderator, so you’d see those links. :-)

    #94764
    Gautam Gupta
    Participant

    @Willabee

    The bleeding-edge (trunk) version is very much working. If jjj wants to release an alpha or beta, then we can. We’re already done with these points (mentioned in the first post):

    1. Topic Counts
    2. Post Counts (except forum -> reply count, afaik, jjj was working on that)
    3. Voice Counts (except forum voices – I don’t think we even need those)
    4. Rough Template
    5. Admin area clean-up
    6. User’s Profiles
    7. User’s Posts
    8. User’s Favorites

    And we’re also done with these or I’ve patches ready for these:

    1. Front-end topic/reply creation, editing, trashing, deleting
    2. Closed/sticky/spammed topics
    3. Closed/private/category forums
    4. Spammed replies
    5. Error handling
    6. Email subscriptions
    7. Widgets
    8. Anonymous posting
    9. Front-end user editing
    10. Some part of settings page
    11. Forum moderator
    12. Merge topics
    13. View – topics with no replies (not actually a view, but a page)

    And today, I’m working on:

    1. Splitting topics
    2. PHPDocs/Code cleanup
    3. After that we’d be just left with these to complete (which are present in bbPress standalone):

    1. Login/Registration/Password reset forms
    2. Feeds
    3. Filter the content for HTML tags
    4. Tag heat map page
    5. Tag management form (renaming/merging/deleting)
    6. View – topics with no tags
    7. Statisitcs
    8. Change the forums back-end UI to bbPress-standalone like
    9. Akismet spam checks (plugin)
    10. XMLRPC!?
    11. Properly integrated pingbacks
    12. Complete the settings page

    For more details, you can checkup the commit log.

    #103372

    In reply to: Wp and bbpress

    Willabee
    Member

    Plugin error with a buddypress plugin, try disabling all plugins and then launch bbpress again.

    Also try emptying your cookies and closing/opening your browser. ;)

    #98272

    In reply to: Wp and bbpress

    Willabee
    Member

    Plugin error with a buddypress plugin, try disabling all plugins and then launch bbpress again.

    Also try emptying your cookies and closing/opening your browser. ;)

    #94763
    Willabee
    Member

    So.. due in 37 hours? Will you guys make it? ^^

    Anyways, would be nice to get an alpha/beta release of the plugin soon. Keep it up! :)

    #103038

    In reply to: HIde Sub-forums

    Hi ONEWAY. You might have better luck asking this question over at buddypress.org.

    As a brief hint, if you want to pick which forum your ‘groups’ forums are under, you need to set that with a code change in a file called ‘bp-custom.php’. This is considered advanced usage so you’ll want to snoop around the BuddyPress code for the constant that defines the forum_id where they go.

    #97938

    In reply to: HIde Sub-forums

    Hi ONEWAY. You might have better luck asking this question over at buddypress.org.

    As a brief hint, if you want to pick which forum your ‘groups’ forums are under, you need to set that with a code change in a file called ‘bp-custom.php’. This is considered advanced usage so you’ll want to snoop around the BuddyPress code for the constant that defines the forum_id where they go.

    #94761
    moshthepitt
    Member

    Thanks everyone for all the hard work put in so far. Waiting eagerly :)

    #103589
    Anonymous User
    Inactive

    Thx for fixing this issue. The next time i’ll create an ticket on trac. :)

    #98489
    Anonymous User
    Inactive

    Thx for fixing this issue. The next time i’ll create an ticket on trac. :)

    #103585

    This is fixed in the bbPress trunk. Give it a go and be sure to report back any more issues. :)

    Thanks for bringing this up!

    #98485

    This is fixed in the bbPress trunk. Give it a go and be sure to report back any more issues. :)

    Thanks for bringing this up!

    #103610
    _ck_
    Participant

    I am guessing but moving up esc_url only works because the vulnerable url fails the list of allowed protocols. This will break relative urls being passed (try using /forums/ for example without http)

    But since relative is a rare case (I use relative but via plugin) I guess it’s acceptable.

    #98510
    _ck_
    Participant

    I am guessing but moving up esc_url only works because the vulnerable url fails the list of allowed protocols. This will break relative urls being passed (try using /forums/ for example without http)

    But since relative is a rare case (I use relative but via plugin) I guess it’s acceptable.

    #103609

    In this topic is fine. Would rather have more eyes on this than less.

    The solution involved the shuffling of things around, as well as this specific addition: https://trac.bbpress.org/browser/trunk/bb-login.php#L51

    Basically if the esc’ed $re is now empty, fall back to the installation root. At first this seemed like a silly solution, but because the login always attempts to smart redirect, there isn’t a circumstance where it would naturally be empty. By moving the esc’s up and letting them filter out the baddies, it’s possible to end up with an empty $re.

    Tested with ampersands and question marks and it appears to work fine. I’ll try more esoteric URL combinations and see if it breaks.

    I indented that code because of the repeated empty( $re ) checks. I had a hard time keeping track of how many times it needed to repeat the same check and bumped them in for clarity. Not a common formatting technique but helpful to me at the time.

    #98509

    In this topic is fine. Would rather have more eyes on this than less.

    The solution involved the shuffling of things around, as well as this specific addition: https://trac.bbpress.org/browser/trunk/bb-login.php#L51

    Basically if the esc’ed $re is now empty, fall back to the installation root. At first this seemed like a silly solution, but because the login always attempts to smart redirect, there isn’t a circumstance where it would naturally be empty. By moving the esc’s up and letting them filter out the baddies, it’s possible to end up with an empty $re.

    Tested with ampersands and question marks and it appears to work fine. I’ll try more esoteric URL combinations and see if it breaks.

    I indented that code because of the repeated empty( $re ) checks. I had a hard time keeping track of how many times it needed to repeat the same check and bumped them in for clarity. Not a common formatting technique but helpful to me at the time.

    #103608
    _ck_
    Participant

    Maybe I am getting rusty, but looking at the diff, I don’t see it.

    Basically it’s the same thing, shuffled around a bit and the same esc_url and esc_attr is being used at the end, which is the same pattern as the existing 1.0/1.1 code.

    Are you sure the fix was not being caused by just having a more updated version of esc_url and esc_attr ?

    Or was it just being solved by moving those two sanitizers up higher before bb_safe_redirect could ever be called. Because that was definitely an oversight on someone’s part (not me). Based on the comments I’d guess they thought their functionality was for display filtering and not actually sanitization.

    Looking at esc_url though, its default is indeed meant for displaying urls by default, note the comment in the code “Replace ampersands and single quotes only when displaying.” and how the context is set by default to “display”.

    Maybe test your solution with a url that contains an ampersand, it probably will not work?

    Also, are you relying on the list of protocols to do the sanitization? Because that could be defeated too (and would prevent using relative urls that are legitimate).

    ps. very minor but you have confusing indentation indicating nesting with the code at line 18 – which actually is not nested

    Feel free to email me directly if that’s better.

    #98508
    _ck_
    Participant

    Maybe I am getting rusty, but looking at the diff, I don’t see it.

    Basically it’s the same thing, shuffled around a bit and the same esc_url and esc_attr is being used at the end, which is the same pattern as the existing 1.0/1.1 code.

    Are you sure the fix was not being caused by just having a more updated version of esc_url and esc_attr ?

    Or was it just being solved by moving those two sanitizers up higher before bb_safe_redirect could ever be called. Because that was definitely an oversight on someone’s part (not me). Based on the comments I’d guess they thought their functionality was for display filtering and not actually sanitization.

    Looking at esc_url though, its default is indeed meant for displaying urls by default, note the comment in the code “Replace ampersands and single quotes only when displaying.” and how the context is set by default to “display”.

    Maybe test your solution with a url that contains an ampersand, it probably will not work?

    Also, are you relying on the list of protocols to do the sanitization? Because that could be defeated too (and would prevent using relative urls that are legitimate).

    ps. very minor but you have confusing indentation indicating nesting with the code at line 18 – which actually is not nested

    Feel free to email me directly if that’s better.

    #103606

    Happy holidays to you too. :)

    I am confident this potential exploit is now fixed, so if anyone wants to put some eyes on the bb-login.php from trunk would be helpful.

    #98506

    Happy holidays to you too. :)

    I am confident this potential exploit is now fixed, so if anyone wants to put some eyes on the bb-login.php from trunk would be helpful.

    #103515
    SEO Shruti
    Member

    Sorry. But there is no such option available.


    edit: Please don’t link offsite unless it’s bbPress related – jjj

    #98415
    SEO Shruti
    Member

    Sorry. But there is no such option available.


    edit: Please don’t link offsite unless it’s bbPress related – jjj

    #64226
    andreao
    Member

    what code? I get the same error.

    #103653

    ok, i managed to install bbpress using the quickinstall item from the cpanel.

    it took just 5 sec. :)

    the bb-config file is set just like i did manually before, so i still wonder why it didnt work previously…

Viewing 25 results - 19,426 through 19,450 (of 32,518 total)
Skip to toolbar