Search found 13 matches

by exx8
Sun Feb 22, 2015 10:51 pm
Forum: [3.x][Archive] RFCs
Topic: [RFC] Automated Updating
Replies: 31
Views: 24812

Auto-Update

Hi there, I thought to suggest an auto-update system which will auto update every time a new version is released. The system will be one of the tasks in the schedule system. To avoid a hostile mega-attack against every phpbb board that exists,every patch will be signed electronically(There are algor...
by exx8
Sun Feb 22, 2015 2:28 pm
Forum: [3.x] Tickets Discussion
Topic: PHPBB3-10418 - WYSIWYG Editor/Rich Text Editor
Replies: 450
Views: 245613

Re: WYSIWYG Editor/Rich Text Editor

only as reminder, that a genius solution already exists :roll: http://area51.phpbb.com/phpBB/viewtopic.php?f=108&t=35703&start=320#p275451 Meaning, it was proven that no harm will be made if it will be the default. Because most of the users support it, now we need to let it be part of the phpbb off...
by exx8
Sun Feb 22, 2015 2:20 pm
Forum: [3.x] Tickets Discussion
Topic: PHPBB3-10418 - WYSIWYG Editor/Rich Text Editor
Replies: 450
Views: 245613

Re: WYSIWYG Editor/Rich Text Editor

Shall I bring the context? Actually, is it relevant if it belongs to the notifications feature or the extensions feature? Sure is relevant. One is part of the core (notifications) while the other one isn't (extensions) and even for the latter it was only a possible issue for a small fraction of ext...
by exx8
Sun Feb 22, 2015 1:27 pm
Forum: [3.x] Tickets Discussion
Topic: PHPBB3-10418 - WYSIWYG Editor/Rich Text Editor
Replies: 450
Views: 245613

Re: WYSIWYG Editor/Rich Text Editor

DavidIQ wrote:That has nothing to do with notifications...it's actually related to a possible security issue with extensions.
Shall I bring the context?
Actually, is it relevant if it belongs to the notifications feature or the extensions feature?
by exx8
Sun Feb 22, 2015 12:49 pm
Forum: [3.x] Tickets Discussion
Topic: PHPBB3-10418 - WYSIWYG Editor/Rich Text Editor
Replies: 450
Views: 245613

Re: WYSIWYG Editor/Rich Text Editor

1)The notifications were proven as a great vulnerability for DDOS attacks. And yet, they were implemented. Really? What vulnerability exactly? Through specifically crafted requests with an XMLHttpRequest header it was possible to trigger an infinite loop in a phpBB routine which may end up consumin...
by exx8
Sun Feb 22, 2015 12:08 pm
Forum: [3.x] Tickets Discussion
Topic: PHPBB3-10418 - WYSIWYG Editor/Rich Text Editor
Replies: 450
Views: 245613

Re: WYSIWYG Editor/Rich Text Editor

I try to understand, would anyone of you use Word, if you had to use coding to use it. I wouldn't. Before I get all hormonal below, I'd like to point out that I don't have a problem with a WYSIWYG, Rich Text Editor, or whatever we are calling it this week - as long as there is an option to turn it o...
by exx8
Sat Feb 21, 2015 8:25 pm
Forum: [3.x] Tickets Discussion
Topic: PHPBB3-10418 - WYSIWYG Editor/Rich Text Editor
Replies: 450
Views: 245613

Re: WYSIWYG Editor/Rich Text Editor

I believe that the security issues are solvable. 1.After people suffering from them, right? 2.Think what happened with OpenSSL when they found an error in how memory is handled. It was fixed but until it actually got fixed, lots of potential private data had been stolen. If IPB and VB have added th...
by exx8
Sat Feb 21, 2015 2:06 pm
Forum: [3.x] Tickets Discussion
Topic: PHPBB3-10418 - WYSIWYG Editor/Rich Text Editor
Replies: 450
Views: 245613

Re: WYSIWYG Editor/Rich Text Editor

The most secured computer, is the one which is turned off.
You can uninstall phbb, and then you'll get no vulnerabilities.
Let's say it clearly, the teams are led by conservatism, and are used to BBcode, and this is the only reason why, W... was not introduced.
by exx8
Sat Feb 21, 2015 1:33 pm
Forum: [3.x][Archive] RFCs
Topic: Real time update in the view of the topics and the forums
Replies: 5
Views: 4224

Re: Real time update in the view of the topics and the forums

1.First, what is a "comet"? Second, you'll need to provide better use cases if you want to call this an RFC; otherwise it's just discussion. Consider these cases and tell us what happens: 2. I'm looking at the list of topics in a forum. Just as I go to click the topmost topic, somebody posts to a d...
by exx8
Sat Feb 21, 2015 1:25 pm
Forum: [3.x] Tickets Discussion
Topic: PHPBB3-10418 - WYSIWYG Editor/Rich Text Editor
Replies: 450
Views: 245613

Re: WYSIWYG Editor/Rich Text Editor

I believe that the security issues are solvable. If IPB and VB have added this feature, it is a standard, which phpbb doesn't follow. 1.They don't set any standards on the Internet. 2.Also they "solved" their security issues and other drawbacks by simply winging it.3. You failed to mention that VB'...