Search found 381 matches

by JoshyPHP
Sat Dec 07, 2019 11:53 pm
Forum: [3.x] Tickets Discussion
Topic: PHPBB3-16250 - Improve detection of unsafe BBCodes in ACP
Replies: 0
Views: 4142

PHPBB3-16250 - Improve detection of unsafe BBCodes in ACP

https://tracker.phpbb.com/browse/PHPBB3-16250 https://github.com/phpbb/phpbb/pull/5770 Some context: when adding or editing a custom BBCode, the form produces an error if the BBCode is deemed risky. The user is warned but can still create the risky BBCode. The error message mentions the possibility ...
by JoshyPHP
Thu Aug 15, 2019 8:08 pm
Forum: [3.x] Discussion
Topic: Use modern PHP syntax and features in all new code
Replies: 2
Views: 6278

Re: Use modern PHP syntax and features in all new code

phpBB already uses autoloading, just not for everything. There's a couple dozen of old files that need to be loaded manually, most of them are in common.php anyway.
by JoshyPHP
Sun Jun 16, 2019 3:38 am
Forum: [3.x] Discussion
Topic: Use modern PHP syntax and features in all new code
Replies: 2
Views: 6278

Use modern PHP syntax and features in all new code

Now that phpBB requires a contemporary version of PHP, I suggest that the coding guidelines be updated to take advantage of it. For instance, if that's not already the case, all new code should use the short array syntax. All new code should use scalar typing where available and return typing too. P...
by JoshyPHP
Mon May 27, 2019 12:58 am
Forum: [3.x] Discussion
Topic: [Solved]Install the dependencies (4.0.0-a1-dev)
Replies: 8
Views: 14786

Re: Install the dependencies (4.0.0-a1-dev)

You're probably not using PHP 7, somehow. Try php -v.

Although it's weird Composer didn't warn about it. Might be a weird edge case.
by JoshyPHP
Mon Nov 05, 2018 3:29 pm
Forum: [3.x] Discussion
Topic: Future support for Sphinx Search
Replies: 15
Views: 20357

Re: Future support for Sphinx Search

SphinxQL has been around since 0.9.9-rc2 so it should cover any version of Sphinx released this decade.
by JoshyPHP
Sat Oct 13, 2018 8:20 pm
Forum: [3.x] Discussion
Topic: PhpBB server load management
Replies: 6
Views: 11104

Re: PhpBB server load management

A quick test on my local 3.2.x install shows that it takes between 200-300 files and 1-6 queries to get past session_begin() , the smaller number being for a hot cache. I don't think the exact number of queries really matters, it's more about having to create a connection. It takes about ~60ms to ge...
by JoshyPHP
Sat Oct 13, 2018 12:16 pm
Forum: [3.x] Discussion
Topic: PhpBB server load management
Replies: 6
Views: 11104

Re: PhpBB server load management

If you push load management to the application, by the time it starts checking whether the request should be served, a hundred different PHP files have already been loaded, a connection to the database has been established, a dozen different tables have already been queried and ~40% of the work requ...
by JoshyPHP
Fri Sep 28, 2018 9:52 am
Forum: [3.x] Tickets Discussion
Topic: Support for Emojis
Replies: 66
Views: 135900

Re: Support for Emojis

For future reference, starting with 1.3 the Emoji plugin provides an easier way to use Twemoji assets from their CDN using the @tseq attributes. phpBB currently ships with the 0.13.1 version and there's been a few backward-incompatible changes between 0.x and 1.x but only one of them directly affect...
by JoshyPHP
Sat Aug 18, 2018 9:51 pm
Forum: [3.x] Discussion
Topic: .svg as user uploaded attachments or [img] links
Replies: 10
Views: 17842

Re: .svg as user uploaded attachments or [img] links

If you let someone upload a SVG, it becomes possible for someone to link to it and then it becomes possible to execute scripts. Same as letting users upload a HTML file.
by JoshyPHP
Sat Aug 18, 2018 4:15 pm
Forum: [3.x] Discussion
Topic: .svg as user uploaded attachments or [img] links
Replies: 10
Views: 17842

Re: .svg as user uploaded attachments or [img] links

I am not an expert on .svg format, but some quick searching has taught me that .svg files may contain scripts and are thus a potential security hole. Scripts are not executed by the browser if the resource is fetched as an image. In order to execute scripts you need to link to the SVG image and for...