Not knowing about your project, I have debugged and enhanced my own XForum
1.81.1 installation during the last couple of weeks. I did not take a look
at your version 1.82 yet; my modifications may overlap with yours. However,
perhaps you can gain a little benefit bit from my work. This is what I've
done so far:
The zip file contains only those files that I have modified. The remainder
conforms to the original 1.81.1 by Trollix. I've included a brief
description of all changes in modules/XForum/docs/changelog.txt.
The most interesting issue thereby is a security flaw. Despite the
changelog for 1.8 mentions it as fixed, it is still possible to inject
JavaScript via BBCode. Some month ago an attacker successfully hijacked
user accounts in our XForum using that method.
Well, I've fixed that by means of more rigid content filtering. However,
the XForum security relies on the principle of "enumerating badness" here,
which is probably not the best way to do.
Hi Stefan and welcome to the Danish PostNuke community
I will take a look at your changelog and ofcourse implement all relevant
fixes and enhancements.
Version 1.82 that can be downloaded here at the moment is NOT current.
My dev version is now running with PHP5 and is W3C compliant.
The reason it's not in the download section yet is a lack of time for basic
testing and that I wanted to do a little more fixing first!
I'm over my head in daily (and nightly) work at the moment so I won't have
time for another week.
Thanks for your (continued??) contribution... come back and visit us again
____________________ /KimE
---------------------------------------------------------
"Der findes 2 måder at udvikle fejlfri software på, men det er kun den 3.
der virker!!"
SAM
Junior medlem
Indlæg: 6 Oprettet: 20/12/06 Status: Offline
indsendt den 21/12/06 kl. 18:19
Just updated the links above to new version 1.9a2.
(Once you start looking at the code, you find more and more bugs...)
SAM
Junior medlem
Indlæg: 6 Oprettet: 20/12/06 Status: Offline
indsendt den 26/12/06 kl. 15:56
Another update to version 1.9a3 in the first post.
Fixed a nasty user profile corruption issue.
kimenemark
Administrator
Indlæg: 2578 Oprettet: 25/3/02 Status: Offline
indsendt den 28/12/06 kl. 14:01
Hi Stefan,
Happy to see you back here, but maybe you schould wait a little with more
changes since at least some of them already have been made in our version
____________________ /KimE
---------------------------------------------------------
"Der findes 2 måder at udvikle fejlfri software på, men det er kun den 3.
der virker!!"
SAM
Junior medlem
Indlæg: 6 Oprettet: 20/12/06 Status: Offline
indsendt den 24/1/07 kl. 20:52
Hi Kim,
yes, you're certainly right. However, I found some more bugs today, and I
could not resist ...
(new Version 1.9a4 above)
SAM
Junior medlem
Indlæg: 6 Oprettet: 20/12/06 Status: Offline
indsendt den 31/1/07 kl. 19:58
1.9a5
I think this is the last one for the time being, since I have fixed those
issues that annoyed me most of all.
SAM
Junior medlem
Indlæg: 6 Oprettet: 20/12/06 Status: Offline
indsendt den 16/2/07 kl. 21:47
Rash words, that.
--> version 1.9a6 above
( It is amazing how many bugs can be placed in such a little bit of code.
)
Besides, a question crossed my mind: Do you plan to make XForum usable with
register_globals=off eventually? Is it even possible to run PostNuke
without register_globals?
kimenemark
Administrator
Indlæg: 2578 Oprettet: 25/3/02 Status: Offline
indsendt den 16/2/07 kl. 22:33
Answer: Yes
W3C compliant: almost complete
PHP5 compliant: almost complete
PN.8 "compliant": asap
pnAPI compliant: eventualy
I'm just too busy working right now
BTW. thanks for your bugfixes!
[Redigeret den 16/2/2007 af kimenemark]
____________________ /KimE
---------------------------------------------------------
"Der findes 2 måder at udvikle fejlfri software på, men det er kun den 3.
der virker!!"
indsendt den 20/12/06 kl. 22:24
)