If we can isolate the different scenarios where this happens, I might be able to add Javascript validation of the form (for example making sure the passwords match).
626 2006-06-29 14:47
Re: Undisable submit after timeout (8 replies, posted in PunBB 1.2 bug reports)
627 2006-06-29 14:46
Re: The table "search_matches" is huge (2 replies, posted in PunBB 1.2 troubleshooting)
Yes. 2.6 million isn't that bad. The vBulletin forums we ran at Sweclockers.com pushed the equivalent table to 60 million rows.
However, it is my intention to add support for MySQL fulltext indexing in PunBB 1.3. With that enabled, you will be able to delete that table. With fulltext indexing, MySQL maintains those index tables internally.
628 2006-06-29 14:40
Re: just got it in my blog (16 replies, posted in PunBB 1.2 show off)
MadHatter: Don't let 'em get to you. I have no problem with people removing the footer. When people claim they wrote PunBB, that's when I get grumpy.
629 2006-06-28 15:03
Re: Unclosed Form tag in navlinks (10 replies, posted in PunBB 1.2 troubleshooting)
Well, PunBB is "safe" from that, but most other forums that are template-driven allow administrators to edit the templates from within the admin interface. I guess what I'm saying is, if this should be classed as a vulnerability, then all forum software are vulnerable.
630 2006-06-28 15:01
Re: How leave GoogelBot reads forums as a member? (32 replies, posted in Feature requests)
gog wrote:
I'm not so shure I agree. That would effect your statistics and wouldn't provide google with the means to "check your honesty" by switching his bot's header to something else and comparing the output.
It would affect the statistics, yes, but if Googlebot appeared as IE6, how would you cloak? 
631 2006-06-28 08:14
Re: PunBB vs. Punres (38 replies, posted in PunBB 1.2 discussion)
Yes, I agree. Maybe the hassle of all mod users having to check in multiple forums is greater than me having to move/close a few topics now and then There's still the issue of multiple logins, but I think we're gonna have to live with that.
632 2006-06-28 08:11
Re: How leave GoogelBot reads forums as a member? (32 replies, posted in Feature requests)
This is the reason I think Googlebot should report itself as IE6 or whatever is the most popular browser at the time.
633 2006-06-28 08:09
Re: About detecting user IP (19 replies, posted in PunBB 1.2 bug reports)
"running in an internal reverse proxy server"
Well, there's your problem! No, honestly. I have no idea what actually goes on in your setup. This topic is over two years old, and some of the things I said above don't apply anymore. In version 1.2.12, PunBB relies completely on REMOTE_ADDR (which is the address the proxy is providing). We used to try to sniff out the IP address behind the proxy, but we had to drop that because of some security concerns (was very easy to spoof).
634 2006-06-28 08:03
Re: PunBB vs. Punres (38 replies, posted in PunBB 1.2 discussion)
Thing is, if I close the mod forums, people will just post their questions in general discussions or programming or something.
635 2006-06-28 08:00
Re: French version (4 replies, posted in PunBB 1.2 bug reports)
You can e-mail the updated language pack to me. rickard @ this domain.
636 2006-06-28 07:57
Re: Would this work? (5 replies, posted in PunBB 1.2 modifications, plugins and integrations)
Ah, I see. That's gonna be a lot of work. Can't you just implement your site template in PunBB? I mean, have you had a look at include/template/*?
637 2006-06-28 07:56
Re: Post new topic / Post reply available to guests (2 replies, posted in PunBB 1.2 troubleshooting)
Also, make sure there's a user in your database with id = 1 and group_id = 3. That's the guest user.
638 2006-06-28 07:54
Re: Unclosed Form tag in navlinks (10 replies, posted in PunBB 1.2 troubleshooting)
I really don't think this is a "serious security vulnerability". I don't think it should be classified as a vulnerability at all. Yes, an administrator can control what markup the forum outputs. What about templates? Couldn't an administrator insert malicious markup in the templates? Yes, he could. An administrator can always find ways to do this and there is no way to stop him from doing so. PunBB is no different from any other forum software in this regard. We have no choice but to trust the administrator. If we don't, well, then don't visit the forum in question.
Having said that, some kind of validation on the contents of that form field is probably in order. Not from a security standpoint, but because ill-formed markup can break the forums. I will put it on the list and have a look at it for 1.3.
639 2006-06-26 11:55
Re: Funny ;) (132 replies, posted in General discussion)
This one always makes me laugh
640 2006-06-26 11:54
Re: Forum rules - what should be there to prevent legal trouble? (5 replies, posted in PunBB 1.2 discussion)
In Sweden, there's a law known as the BBS law. It basically states the you, as a host or administrator or whatever, cannot be held responsible for what other people say on an "electronic bulletin board". If you're a registered editor of a publication with a BBS however, other rules apply. Maybe there's something similar in the Netherlands?
641 2006-06-26 11:50
Re: Would this work? (5 replies, posted in PunBB 1.2 modifications, plugins and integrations)
I'm just not sure why you would want to rewrite the URLs.
642 2006-06-26 11:47
Re: Another mail problem, really strange (1 replies, posted in PunBB 1.2 troubleshooting)
If mail() works, so should PunBB's mailer. You haven't put anything in the SMTP boxes in admin/options, have you?
643 2006-06-24 12:25
Re: All those new mod_rewrite rules in 1.3dev .htaccess? (12 replies, posted in PunBB 1.2 discussion)
sirena wrote:
(a) Will they slow down a site that uses them? There are quite a few rules - over 50 - for Apache to parse in there. Is there a server load issue users should be aware of?
I really don't know. They will of course add some overhead, but I doubt Apache parses the rules every time. It will of course have to execute the regular expressions but the actual parsing must be cached.
I will keep the mod_security problem in mind. However, it's more a server configuration issue than a PunBB issue. Most users run their forums hosted by large hosting companies and one must assume they are aware of the issue.
644 2006-06-24 12:13
Re: Lowdown on PHP/MYSQL Based Pixel Scripts (2 replies, posted in Programming)
People still do this?
645 2006-06-24 12:10
Re: The format of the "fancy urls" in 1.3? (26 replies, posted in PunBB 1.2 discussion)
vnpenguin wrote:
So why add encoded text into "fancy" url ? Could you give me a sample for this ? I can not imagine a "fancy" url with encoded text
Maybe you're right. We could use ASCII only characters in the fancy URLs.
646 2006-06-22 10:53
Re: Performance issues... What are these queries? (4 replies, posted in PunBB 1.2 troubleshooting)
It's not pretty, I know. We're working on speeding it up.
647 2006-06-22 07:33
Re: Question: Disabling Javascript (7 replies, posted in PunBB 1.2 discussion)
superjohnyo: True. However, we've removed those back links completely from PunBB 1.3.
648 2006-06-22 07:32
Re: How do you make a thread as "Sticky" or "Announcement" ? (7 replies, posted in PunBB 1.2 discussion)
Nnyan: And you're logged in as an admin or a moderator with moderation privileges in the forum in question?
649 2006-06-21 14:30
Re: The format of the "fancy urls" in 1.3? (26 replies, posted in PunBB 1.2 discussion)
Ah, I see. Well, that's not something we can "solve". URL encoding is what it is.
650 2006-06-21 14:29
Re: Question: Disabling Javascript (7 replies, posted in PunBB 1.2 discussion)
Nope. The only things you will lose are form field autofocus and client side form validation.