• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Tim Cooke
  • Devaka Cooray
Sheriffs:
  • Liutauras Vilda
  • paul wheaton
  • Rob Spoor
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Piet Souris
  • Mikalai Zaikin
Bartenders:
  • Carey Brown
  • Roland Mueller

2.1.8

 
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Can you let us know when 2.1.8 will be released, and what the name in the cvs will be for checkout?

I've done some modifications to the actual jforum code too, be allow changes to the email-flag depending on a jforum_custom.conf setting, be it to add a new database field (company name) .. or be it to add a new member to the group given in the request parameters ...

So a merge would be dandy ;)
[originally posted on jforum.net by Sid]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I really would appreciate to know when the next version will be for general public.
I've also done some workarounds on version 2.1.7 and I think that most of them will be solved in 2.1.8.
Thanks in advance.
[originally posted on jforum.net by ramons]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Sounds nice Rafeal - one question though: Will the bbcode flaw be fixed (see http://www.jforum.net/posts/list/3971.page)?

Actually, the flaw is well known for years - and used for SQL injections too. Currently the user only has to terminate the "bbcode" literal - like the src string with a " character... and can write javascript functions afterwards that will be bound and executed.

I think this fix should be definitely included into the 2.1.8 version - or bbcode should be disabled by default, with a warning about the security issues that might be involved, considering that with javascript sometimes you can do quite some bad stuff, if the machine/browser is not fully updated/patched ...
[originally posted on jforum.net by Sid]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Version 2.1.8 is in production testing for about 3 weeks (as of 18/09). As long as we consider it 100% OK, we'll release it.

Rafael
[originally posted on jforum.net by Rafael Steil]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I fixed this bug this morning. Chances are in the CVS already.

Rafael
[originally posted on jforum.net by Rafael Steil]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Rafael Steil wrote:I fixed this bug this morning. Chances are in the CVS already.

Rafael


Just checked out the updates, built, & deployed to my test server and it blocks the BB code Javascript just fine! Thanks for fixing this so quickly Rafael!
[originally posted on jforum.net by GatorBait3]
 
I wasn't selected to go to mars. This tiny ad got in ahead of me:
We need your help - Coderanch server fundraiser
https://coderanch.com/wiki/782867/Coderanch-server-fundraiser
reply
    Bookmark Topic Watch Topic
  • New Topic