Search found 1155 matches

by Oleg
Fri Mar 12, 2010 4:46 am
Forum: [3.0/Olympus] Discussion
Topic: Outstanding security issues in feeds
Replies: 4
Views: 4406

Re: Outstanding security issues in feeds

You need to have No or Never moderator permissions assigned to the authenticated user for them to show. So what are you saying, that only some boards and configurations are vulnerable? Users should not be required to comb through the code and set up test cases to determine whether vulnerabilities a...
by Oleg
Thu Mar 11, 2010 5:15 pm
Forum: [3.0/Olympus] Discussion
Topic: Outstanding security issues in feeds
Replies: 4
Views: 4406

Outstanding security issues in feeds

There are two unpatched security issues in feeds:

Posts in moderation queue are returned

Passworded forums are returned

Are there plans to release another security update correcting these issues? As much as it sucks to have frequent updates, having unpatched issues is arguably even worse.
by Oleg
Thu Mar 11, 2010 9:54 am
Forum: [3.x] Rejected RFCs
Topic: [RFC|Rejected] Removal of subsilver2
Replies: 238
Views: 159882

Re: subsilver2

Can someone explain what is so bad about subsilver for those of us who are not styling experts? Clearly all style changes need to be made twice, but if subsilver and prosilver are genuinely different and some users prefer subsilver, why would these users be happy with prosilver should subsilver be d...
by Oleg
Wed Mar 10, 2010 8:22 pm
Forum: [3.0/Olympus] Discussion
Topic: Root .htaccess in 3.0.7 breaks boards on some hosts
Replies: 10
Views: 10112

Re: Root .htaccess in 3.0.7 breaks boards on some hosts

I was mistaken in claiming that htaccess was not packaged in earlier versions, but people's boards break regardless so the problem does not go away, I just don't know what causes it precisely.
by Oleg
Wed Mar 10, 2010 8:14 pm
Forum: General Development Discussion
Topic: Git hooks
Replies: 53
Views: 41501

Re: Git hooks

I would suggest using mktemp to create a temporary file name.
by Oleg
Wed Mar 10, 2010 1:07 pm
Forum: [3.x] Discussion
Topic: Static stylesheets for themes stored in db
Replies: 7
Views: 6693

Static stylesheets for themes stored in db

I was going to keep this to myself due to it being fairly tied to my environment but since there's interest in such functionality maybe someone will find what I've done useful. Generating 75k css file dynamically when its contents may only ever change as a result of deployment is a waste, thus I hav...
by Oleg
Wed Mar 10, 2010 12:08 pm
Forum: [3.0/Olympus] Discussion
Topic: How do you deal with install directory during development?
Replies: 6
Views: 5134

Re: How do you deal with install directory during developmen

I created http://wiki.phpbb.com/Getting_Started. I can't edit the main page and I'm not sure which page to link to Getting Started from other than the main page.
by Oleg
Wed Mar 10, 2010 9:12 am
Forum: Chit Chat
Topic: topsecret area51 word game
Replies: 1281
Views: 468805

Re: topsecret area51 word game

Translation
by Oleg
Wed Mar 10, 2010 8:38 am
Forum: Chit Chat
Topic: Mysql and durability?
Replies: 0
Views: 2566

Mysql and durability?

http://dev.mysql.com/doc/refman/5.1/en/repair-table.html Warning If the server dies during a REPAIR TABLE operation, it is essential after restarting it that you immediately execute another REPAIR TABLE statement for the table before performing any other operations on it. In the worst case, you migh...
by Oleg
Tue Mar 09, 2010 6:39 am
Forum: [3.x][Archive] RFCs
Topic: [RFC] Secure Automatic Upgrades
Replies: 21
Views: 19131

Re: [RFC] Secure Automatic Upgrades

What if the signature checking code contains a bug and does not work correctly? What if there is a bug allowing signature checking to be bypassed? What if the signature itself happens to be weak (see Debian ssl vulnerability)? Giving code write access to itself is dangerous. It is unfortunately inev...