bbPress 0.9 users should install my unofficial “block-long-queries” mini-plugin to avoid the security bug that 1.0.3 fixes and similar unknown attacks in the future.
(it also works in 1.0 and WordPress)
<?php
/*
Plugin Name: Block Long Queries (for bbPress and WordPress)
*/
if (strlen($_SERVER['REQUEST_URI'])>255 ||
preg_match('@(eval|base64|unescape)[^a-zA-Z0-9]@si',$_SERVER['REQUEST_URI']))
{
header('HTTP/1.1 414 Request-URI Too Long');
header('Status: 414 Request-URI Too Long');
header('Connection: Close');
exit;
}
bbPress 0.9 users should install my unofficial “block-long-queries” mini-plugin to avoid the security bug that 1.0.3 fixes and similar unknown attacks in the future.
(it also works in 1.0 and WordPress)
<?php
/*
Plugin Name: Block Long Queries (for bbPress and WordPress)
*/
if (strlen($_SERVER['REQUEST_URI'])>255 ||
preg_match('@(eval|base64|unescape)[^a-zA-Z0-9]@si',$_SERVER['REQUEST_URI']))
{
header('HTTP/1.1 414 Request-URI Too Long');
header('Status: 414 Request-URI Too Long');
header('Connection: Close');
exit;
}
These are the changes between 1.0.2 and 1.0.3
https://trac.bbpress.org/changeset/2958/tags/1.0.3?old=2339&old_path=%2Ftags%2F1.0.2
unfortunately the mime property was modified on files that were otherwise unchanged, so the file list looks huge, but most of them are unaffected.
also /jquery/interface.js was added in 1.0.3 but for some wrong reason they are using the packed version which is slower because it has to be unpacked on every page load, it should be the minified only version without packing and just let gzip do the compression work between the server and the browser
I’ve edited down the list and removed the property-only changes
Files changed between bbPress 1.0.2 and 1.0.3
bb-templates/kakumei/style.css (1 diff)
bb-templates/kakumei/favorites.php (1 diff)
bb-templates/kakumei/view.php (2 diffs)
bb-templates/kakumei/forum.php (2 diffs)
bb-templates/kakumei/tag-single.php (1 diff)
bb-templates/kakumei/front-page.php (2 diffs)
bb-templates/kakumei/post-form.php (2 diffs)
bb-templates/kakumei-blue/style.css (1 diff)
bb-includes/functions.bb-users.php (3 diffs)
bb-includes/functions.bb-pluggable.php (3 diffs)
bb-includes/class.bp-options.php (1 diff)
bb-includes/functions.bb-posts.php (1 diff)
bb-includes/functions.bb-template.php (4 diffs)
bb-includes/functions.bb-meta.php (1 diff)
bb-includes/functions.bb-core.php (3 diffs)
bb-includes/functions.bb-deprecated.php (1 diff)
bb-cron.php (3 diffs)
bb-login.php (3 diffs)
rss.php (1 diff)
bb-admin/tools-recount.php (2 diffs)
bb-admin/includes/class.bb-install.php (1 diff)
bb-admin/includes/functions.bb-upgrade.php (3 diffs)
bb-admin/includes/functions.bb-admin.php (4 diffs)
bb-admin/includes/defaults.bb-schema.php (2 diffs)
bb-admin/includes/functions.bb-recount.php (added)
bb-admin/admin.php (2 diffs)
bb-admin/admin-base.php (1 diff)
bb-admin/index.php (2 diffs)
There may be additional backPress changes which are beyond my desire to track/list.
These are the changes between 1.0.2 and 1.0.3
https://trac.bbpress.org/changeset/2958/tags/1.0.3?old=2339&old_path=%2Ftags%2F1.0.2
unfortunately the mime property was modified on files that were otherwise unchanged, so the file list looks huge, but most of them are unaffected.
also /jquery/interface.js was added in 1.0.3 but for some wrong reason they are using the packed version which is slower because it has to be unpacked on every page load, it should be the minified only version without packing and just let gzip do the compression work between the server and the browser
I’ve edited down the list and removed the property-only changes
Files changed between bbPress 1.0.2 and 1.0.3
bb-templates/kakumei/style.css (1 diff)
bb-templates/kakumei/favorites.php (1 diff)
bb-templates/kakumei/view.php (2 diffs)
bb-templates/kakumei/forum.php (2 diffs)
bb-templates/kakumei/tag-single.php (1 diff)
bb-templates/kakumei/front-page.php (2 diffs)
bb-templates/kakumei/post-form.php (2 diffs)
bb-templates/kakumei-blue/style.css (1 diff)
bb-includes/functions.bb-users.php (3 diffs)
bb-includes/functions.bb-pluggable.php (3 diffs)
bb-includes/class.bp-options.php (1 diff)
bb-includes/functions.bb-posts.php (1 diff)
bb-includes/functions.bb-template.php (4 diffs)
bb-includes/functions.bb-meta.php (1 diff)
bb-includes/functions.bb-core.php (3 diffs)
bb-includes/functions.bb-deprecated.php (1 diff)
bb-cron.php (3 diffs)
bb-login.php (3 diffs)
rss.php (1 diff)
bb-admin/tools-recount.php (2 diffs)
bb-admin/includes/class.bb-install.php (1 diff)
bb-admin/includes/functions.bb-upgrade.php (3 diffs)
bb-admin/includes/functions.bb-admin.php (4 diffs)
bb-admin/includes/defaults.bb-schema.php (2 diffs)
bb-admin/includes/functions.bb-recount.php (added)
bb-admin/admin.php (2 diffs)
bb-admin/admin-base.php (1 diff)
bb-admin/index.php (2 diffs)
There may be additional backPress changes which are beyond my desire to track/list.
Hi,
I am on v 1.0.2 of bbpress.
My theme is located in /forum/bb-templates/mytheme.
How would i upgrade to latest version without affecting my sites theme and changes i have made?
Thanks
Paul
Hi,
I am on v 1.0.2 of bbpress.
My theme is located in /forum/bb-templates/mytheme.
How would i upgrade to latest version without affecting my sites theme and changes i have made?
Thanks
Paul
Upgrade the same way you upgrade wordpress.
You can install the new version over the old copy, just don’t delete anything.
Just make sure your template directory is not the same as bbpress default (kakumei) which you seem to be using “mytheme” so that’s fine.
Upgrade the same way you upgrade wordpress.
You can install the new version over the old copy, just don’t delete anything.
Just make sure your template directory is not the same as bbpress default (kakumei) which you seem to be using “mytheme” so that’s fine.
Will upgrading help with the 100’s of spam posts im getting on my forum? I have had to take it off line!?
So i just download the new bbpress zip file and replace all the contents on my ftp? And my theme files wont be affected?
Do my theme files need to be updated as well?
Thanks
Will upgrading help with the 100’s of spam posts im getting on my forum? I have had to take it off line!?
So i just download the new bbpress zip file and replace all the contents on my ftp? And my theme files wont be affected?
Do my theme files need to be updated as well?
Thanks
here’s how i done it (1.0.2 to 1.0.3):
1- backup the bb-config.php or write down the database name, user and password.
2- delete “bb-admin”, “bb-includes” and “bb-templates” folders and all the single files from the bbpress root directory with the exception of “.htacess”
3- download bbpress, extract the contents to a folder, rename bb-config-sample.php to bb.config.php and edit it with the details from step 1.
4- send everything from that folder to your bbpress root directory clicking yes if your ftp program asks to overwrite files on the server.
it worked for me but i not using pluggins that allow visitors to upload files or images
here’s how i done it (1.0.2 to 1.0.3):
1- backup the bb-config.php or write down the database name, user and password.
2- delete “bb-admin”, “bb-includes” and “bb-templates” folders and all the single files from the bbpress root directory with the exception of “.htacess”
3- download bbpress, extract the contents to a folder, rename bb-config-sample.php to bb.config.php and edit it with the details from step 1.
4- send everything from that folder to your bbpress root directory clicking yes if your ftp program asks to overwrite files on the server.
it worked for me but i not using pluggins that allow visitors to upload files or images
Any word if this version will play better with login integration on WordPress?
Any word if this version will play better with login integration on WordPress?
@ricardouk you should also not delete bb-config.php – there is no need to use a new copy of it, especially between minor version updates
@pbul2004 to avoid lots of spam you need a registration captcha plugin or “Human Test” and optionally askismet
Unfortunately there is no documentation on what the improvements between 1.0.2 and 1.0.3 were, there still isn’t even an official release announcement which is why I made one.
You’d have to read the notes from TRAC which unfortunately have been made a mess by changing all the file mime property types, even on unchanged files.
@ricardouk you should also not delete bb-config.php – there is no need to use a new copy of it, especially between minor version updates
@pbul2004 to avoid lots of spam you need a registration captcha plugin or “Human Test” and optionally askismet
Unfortunately there is no documentation on what the improvements between 1.0.2 and 1.0.3 were, there still isn’t even an official release announcement which is why I made one.
You’d have to read the notes from TRAC which unfortunately have been made a mess by changing all the file mime property types, even on unchanged files.
Shocking news… No official annoucement, no changelog, 1.0.3 milestone (11 months late!!) still open, an installation-blocker bug still open (for MySQL 5.5 users only).. WTF?!
Thank you _ck_ for the sticky! If I were looking at my feeds from TRAC I’d be still thinking 1.0.3 was just a dream… 
Shocking news… No official annoucement, no changelog, 1.0.3 milestone (11 months late!!) still open, an installation-blocker bug still open (for MySQL 5.5 users only).. WTF?!
Thank you _ck_ for the sticky! If I were looking at my feeds from TRAC I’d be still thinking 1.0.3 was just a dream…
@mr_pelle let’s be sure to keep reminding them on that mysql 5.5 blocker solved for the 1.1 release candidate which might be out by the end of March.
It’s already flagged critical so it should get some attention.
@mr_pelle let’s be sure to keep reminding them on that mysql 5.5 blocker solved for the 1.1 release candidate which might be out by the end of March.
It’s already flagged critical so it should get some attention.
It was released February 23rd but there was no announcement or blog entry
Thanks ck. Glad I stopped in to the forum today!
It was released February 23rd but there was no announcement or blog entry
Thanks ck. Glad I stopped in to the forum today!
i knew i had read about 1.0.3 release somewhere:
https://buddypress.org/2011/02/buddypress-1-2-8/
i knew i had read about 1.0.3 release somewhere:
https://buddypress.org/2011/02/buddypress-1-2-8/
An automattic employee announcing important bbPress news on a totally different website and not having the common decency to actually tell the people on the bbPress website? It’s unheard of.
Except, it’s not, is it JJJ?
https://bbpress.org/forums/topic/bbpress-plugin-september-15
[jJJ edit: swear in your own house, not ours]
“Those who cannot remember the past are condemned to repeat it.”
