phpBB 3.2

Discuss features as they are added to the new version. Give us your feedback. Don't post bug reports, feature requests, support questions or suggestions here.
Forum rules
Discuss features as they are added to the new version. Give us your feedback. Don't post bug reports, feature requests, support questions or suggestions here. Feature requests are closed.
Post Reply
Cap'n Refsmmat
Registered User
Posts: 219
Joined: Tue Jan 25, 2005 11:31 pm

Re: phpBB 3.2

Post by Cap'n Refsmmat »

Yes indeed, I'm just making sure they don't forget :D
User avatar
Otra
Registered User
Posts: 7
Joined: Fri Mar 02, 2007 3:37 am

Re: phpBB 3.2

Post by Otra »

I only wish to reply to the person who called me "flamebate", and provide yet another short note of what happened. I'll just touch on a few things here.

I'm not here to argue, please stop trying to do so with me. Being flamebait is someone trying to cause trouble. If you think I am trying to cause trouble, go back and read my replies, please.

Listen, people. I read, way way way back, very different ideas as to the hows and why's of their decision. I respect the fact that they think it makes it more like a chat room, but I disagree with that. I'm not insulting anyone, I'm not being a jerk, I simply disagree, and if you want to hate me because I simply disagree with something, then you should look at your priorities. I think it makes life a lot easier at a forum, and makes it a lot easier to use.

The reason I was annoyed - at first - was I was told anyone who so much as spoke about QR would be banned from here. I don't like that idea, and I've since seen that was either a lie from another user, or something they might have said to shut people up. I don't know, I don't care, and it doesn't seem likely they have or will ban for that. If there's even a shred of truth about that, though, it shows that the QR mod is very desirable.

So, if you want to reply to me, and you want to jump all over me for this, again I ask you to go back to the last page or two and see what I said.

---

On a positive note, since I was last here a week or so ago, the new skin is outstanding! Attractive, and wonderful functionality. I do wonder if the avatar and user info is movable? I only ask that because I'm used to it on the left, although it still works well.
User avatar
Nicholas the Italian
Registered User
Posts: 659
Joined: Mon Nov 20, 2006 11:19 pm
Location: 46°8' N, 12°13' E
Contact:

Re: phpBB 3.2

Post by Nicholas the Italian »

Otra wrote: On a positive note, since I was last here a week or so ago, the new skin is outstanding! Attractive, and wonderful functionality. I do wonder if the avatar and user info is movable? I only ask that because I'm used to it on the left, although it still works well.

Yes. Look at one of the one hundred topics about prosilver ("First impressions", for example, on phpbb.com).
User avatar
Eelke
Registered User
Posts: 606
Joined: Thu Dec 20, 2001 8:00 am
Location: Bussum, NL
Contact:

Re: phpBB 3.2

Post by Eelke »

Otra wrote: I only wish to reply to the person who called me "flamebate", and provide yet another short note of what happened. I'll just touch on a few things here.

I think you're the only person who is trying to make a fight out of this, because that comment wasn't directed at you... Personally, when I do not include quotes, that'd usually mean I am replying to the post directly above mine. Also, I think the second sentence of that reply was a pretty obvious clue what I was replying to: "If you're going to accuse the current BBcode handling of being improper, at least provide some kind of motivation." I.e., i was replying to:
Synaptic Anarchy wrote: I'd like proper BBcode handling, myself.

That's just an unfounded, unmotivated statement, which would indeed seem to have as its sole purpose to annoy people. That qualifies as flamebait in my book, until that person motivates their statement to explain why they think the BBcode handling isn't "proper". As I basically said in that reply already.
User avatar
bonelifer
Community Team
Community Team
Posts: 114
Joined: Mon Jan 31, 2005 10:41 am

Re: phpBB 3.2

Post by bonelifer »

I find it funny so many people are bitching about phpBB 3 not having AJAX. When just recently they found that the majority of STABLE and reliable AJAX implementations where found to have a serious security vulnerabilities allowing someone to execute dangerous arbitrary code on the host system.
User avatar
Eelke
Registered User
Posts: 606
Joined: Thu Dec 20, 2001 8:00 am
Location: Bussum, NL
Contact:

Re: phpBB 3.2

Post by Eelke »

Who's they and where did they find it? :) AJAX isn't trivial, that's for sure.
User avatar
bonelifer
Community Team
Community Team
Posts: 114
Joined: Mon Jan 31, 2005 10:41 am

Re: phpBB 3.2

Post by bonelifer »

Reference:
Web 2.0 Apps Vulnerable to Attack -->> http://news.yahoo.com/s/pcworld/2007040 ... rld/130354

More References:
Report warns of critical flaw in Web 2.0, AJAX -->> http://searchsecurity.techtarget.com/or ... 66,00.html

Love Ajax? Hate The Exploits -->> http://www.webpronews.com/topnews/2007/ ... e-exploits

New vulnerability strikes heart of Web 2.0 -->> http://www.regdeveloper.co.uk/2007/04/0 ... hijacking/

JavaScript Hijacking -->> http://www.schneier.com/blog/archives/2 ... _hija.html
User avatar
Handyman
Registered User
Posts: 522
Joined: Thu Feb 03, 2005 5:09 am
Location: Where no man has gone before!
Contact:

Re: phpBB 3.2

Post by Handyman »

bonelifer wrote: Reference:
Web 2.0 Apps Vulnerable to Attack -->> http://news.yahoo.com/s/pcworld/2007040 ... rld/130354

More References:
Report warns of critical flaw in Web 2.0, AJAX -->> http://searchsecurity.techtarget.com/or ... 66,00.html

Love Ajax? Hate The Exploits -->> http://www.webpronews.com/topnews/2007/ ... e-exploits

New vulnerability strikes heart of Web 2.0 -->> http://www.regdeveloper.co.uk/2007/04/0 ... hijacking/

JavaScript Hijacking -->> http://www.schneier.com/blog/archives/2 ... _hija.html

a few things you should be aware of with ajax
IMHO, this paper does not show anything that is new. In order to get any of the examples running you need to have access to the page DOM via XSS or some sort of browser bug. If the attacker has access to the page and the page DOM, of course they can hijack whatever they want.

So the title "JavaScript Hijaking" does not make sense at all, at least not to me. It is almost like saying Python hijacking or Perl hijacking. If someone has access to Python or Perl's dynamic environment they will be able to hijack all of the objects.

This paper is primarily based on using JavaScript capabilities as programming language to show fictitious problems. Every AJAX programmer knows how to overwrite prototype methods and properties but this does not make the programming feature a security problem.

It is time to look at JavaScript the same way you look at other programming languages. There is nothing different about.

That's all I have to say.

Good blog!


and
Curiously, the paper seems to deliberately avoid making the simple recommendation not to use JSON for message exchange in the first place. I've always been extremely wary of JSON--anything that requires calling eval on an interpolated value is something to be avoided in any language. It's an inherently lazy and dangerous construct, and frameworks should not be promulgating it.


JSON is making a big publicity push to try and get that method of using AJAX out there… apparently it's not safe.
So in the end, it really depends on how it's written and how the back end handles the AJAX.
My phpBB3 Mods || My Mod Queue
Search Engine Friendly (SEO) URLs || Profile link on Avatar and/or Username || AJAX Chat
Display Posts Anywhere || CashMod || AJAX Quick Edit || AJAX Quick Reply

Image
User avatar
EXreaction
Registered User
Posts: 1555
Joined: Sat Sep 10, 2005 2:15 am

Re: phpBB 3.2

Post by EXreaction »

As for someone mentioning Soft Delete.

I will probably be making a mod for it later on.

Currently (ok, not really working on it now. I work on it whenever I feel like it, but I only do 1 project at a time) I am working on my User Blog mod. I did some thinking about the deletion method that should be used in it (yes, the User Blog Mod has soft delete) and the thing that worked best was users, mods, and admins can soft delete if they have the permissions. Moderators and admins can un-delete if they have the permissions. Admins can permanently delete (it first needs to be soft deleted, once that is done it can be permanently deleted) if they have the permissions.

I think it would be rather easy to implement that setup in the core package.
User avatar
Otra
Registered User
Posts: 7
Joined: Fri Mar 02, 2007 3:37 am

Re: phpBB 3.2

Post by Otra »

Eelke wrote:
Otra wrote: I only wish to reply to the person who called me "flamebate", and provide yet another short note of what happened. I'll just touch on a few things here.

I think you're the only person who is trying to make a fight out of this, because that comment wasn't directed at you... Personally, when I do not include quotes, that'd usually mean I am replying to the post directly above mine. Also, I think the second sentence of that reply was a pretty obvious clue what I was replying to: "If you're going to accuse the current BBcode handling of being improper, at least provide some kind of motivation." I.e., i was replying to:
Synaptic Anarchy wrote: I'd like proper BBcode handling, myself.

That's just an unfounded, unmotivated statement, which would indeed seem to have as its sole purpose to annoy people. That qualifies as flamebait in my book, until that person motivates their statement to explain why they think the BBcode handling isn't "proper". As I basically said in that reply already.


I'm quoting below instead because I just want to be short.

Eelke, you obviously do things a little different. Considering how people have treated me here, simply because I have a different opinion, I am looking out for more people jumping on my back because I think differently on one subject, yet am not insulting those who insulted me, nor am I trying to argue. I simply and only want the fact that my opinion is different to not affect my standing at a forum I'm beginning to dislike due to people like you. You made a big deal out of this to me, and continued the trend to the person who has a different opinion then you on how BBcode is done.
Nicholas the Italian wrote:
Otra wrote: On a positive note, since I was last here a week or so ago, the new skin is outstanding! Attractive, and wonderful functionality. I do wonder if the avatar and user info is movable? I only ask that because I'm used to it on the left, although it still works well.

Yes. Look at one of the one hundred topics about prosilver ("First impressions", for example, on phpbb.com).


Ya know, this is simply NOT a friendly forum at all. I have to be directed to another post (or posts) simply because I thought I'd insert the comment in here about prosilver? Geez, I only said I liked it and was not trying to start some huge conversation, and I wanted something nice and friendly in my post. What is wrong with everyone here that they have to jump on everyone's back for everything?

This place really needs to learn not to be so all out on people.
Post Reply