Search options (Page 7 of 77)

2009-03-23 13:38

Slavok wrote:

Agree with you. It will be implemented in the next version of pun_quote.
What method do you suggest to determine whether client's JavaScript is enabled at server?

Cheers.

As Rich mentioned, javascript itself should enable the links being displayed. A display: none in the CSS for the id of the div, (or whichever parent tag they're enclosed in), containing the links and then set to display via javascript. If javascript isn't enabled, they can't ever become visible.

2009-03-20 23:42

Might one suggest that the bbcode tools, i.e: the smiley bar and editor tool blocks, are only visible when javascript is enabled. They are totally useless without.

Plus, it isn't necessary to load all of the quickquote/multiquote information for guests. The page size is being bloated unnecessarily for no reason whatsoever.

2009-03-20 23:38

njwoods wrote:

When you filter input never try to worry about what characters to block, only worry about what characters you should let in. Use functions like preg_match or similar functions to specify rules where if the input is not between 0-9 and a-z or A-Z - strip it out silently or report an error to the user.

To clarify what that means specifically, is that you start off with a blacklist which blocks everything and then you only specifically allow the characters or other info you require.

njwoods wrote:

If you're using php be sure to use mysql_real_escape_string before your database queries (all of them). That alone should prevent most if not all sql injection attacks.

Not if you're running PostgreSQL it won't. Use the specific *sql escape function fr your DB if creating your own code from scratch. The likes of PunBB have database layers so that the DB specific query is unnecessary. It uses one common name for all DB types.

2009-03-20 23:30

You had made no alterations to the code whatsoever? Post your viewtopic up here, (within code tags). Everything else appears to be functioning fine.

2009-03-20 23:25

kierownik wrote:

When people have to login or register to help you, you will proberbly will not get any help.
People do not like to register to help people.
Make your board public availible so we can have a look or have a demo acount so people can have a look.

You've done the same trick as I did the other week.

Log in with
user: reiner
password: 650099

2009-03-20 01:41

There is no problem that I can see. Everything displays just fine.

2009-03-19 13:19

Best of wishes in your new venture, Anatoly.

Re: User Inuput Validation · 2009-03-19 13:18

I was actually going to write an indepth reply to your post above, but realised I might as well try to plait snuff. Hence this shortened version.

You are perfectly entitled to your opinion. PunBB, however, shoud be sanitising, (which is perfectly relevant, might I add), and validating all input where possible. Simple fact. Crap in, crap out.

That is personally my last post on this subject. I can bang my head against a wall here if I'm feeling the urge, rather than responding further to your posts.

2009-03-18 23:14

If 1.3 still uses a header and footer include, then just creating another index file and just including the header and footer alone in it should give you practically what you want.

2009-03-18 22:59

I believe smarty's posted a mod over on Punres awhile ago for adding the feature to 1.2.

2009-03-18 22:57

You can alter it via the stylesheet.

Re: User Inuput Validation · 2009-03-18 22:55

pepak wrote:

SiCo wrote:
It's always possible to miss escaping sql input,
Actually, if developers (in general, not specifically of PunBB) finally started to use prepared statements, the whole problem of SQL injection would go away.

I believe you'll find that statement is incorrect, if I remember correctly. Prepared statements are, (from memory), an extra layer of protection but not a foolproof one. Besides, there is still no excuse for not parsing, sanitising and validating wherever humanly possible. Any other approach is plain old sloppiness where security is concerned, no matter how you phrase it. You cannot make a silk purse out of a sows ear. Period.

pepak wrote:

I see it as a line in the defences, backed up by escaping the sql and the output etc. It should be standard coding practice to check all input is at least within reasonable bounds.
I agree generally, but I do think that there are cases where rigorous validation isn't worth it. E-mail-like logins for various IM services are one such case.

Rigourous validation and sanitisation is *always* worth it. Any other approach is, inevitably, at some point in time, just putting up a big sign asking for problems.

If you wish to take the haphazard approach personally, then by all means do so. A project such as this should have no coding practices such as those inplace, however. Security is paramount.

Re: User Inuput Validation · 2009-03-18 16:24

Parpalak wrote:

But I have an objection about the 'website' field. Forum can be installed for users of a LAN. Users may write there simply their computer names. A computer name doesn't have a form like '<something>.com' and will fail a validation.

If an internal zone is set up incorrectly, that is not for PunBB to decide. A domain should be in the form of *.*. Only localhost is exempt from that rule.

Btw, in reference to your earlier post, sloppy, (or none, in this case, it seems), input validation is *never* a feature request. It is a bug.

Re: User Inuput Validation · 2009-03-18 16:22

pepak wrote:

Validating e-mail isn't exactly easy to do.

The old devs managed it perfectly well where 1.2 was concerned, so I see no reason why 1.3 should be any different.

pepak wrote:

With most of these values, I pretty much fail to see their importance. So someone enters a wrong homepage or wrong AIM - where's the harm? It only hurts him, nobody else.

The point is? The input is invalid. Pure and simple. Consequence is irrelevant.

2009-03-17 11:06

I believe the function to run on the string is now called forum_htmlencode().

Re: User Inuput Validation · 2009-03-17 11:04

Slavok wrote:

I don't think that it is a bug, but if you want you can create an extension to validate this information. I think, real members of forum are interested in stating the real and correct contact information about themselves in their profiles. Fake users will enter something useless in these fields, and you will notice this.

That is just pure poppycock. The first, most simple rule of security, is to validate all user input, where humanly possible. It should *never* be an extension or afterthought. When that input can be guaranteed to be of a predefined format, there is no excuse whatsoever for not validating it.

Unless you'd prefer that forum admins turn around and tell the scripters and spammers to stop being cocks and behave themselves? I'm sure they'd feel awfully ashamed at being berated and behave in a civilised manner.

Honestly Slavok, that response you posted belies belief.

2009-03-16 18:09

Check in the 1.3* sections and the wiki. They may already have a version for 1.3. If not, regrading from 1.3 is going to be a feature of FluxBB when they bring 1.4 out. I don't think PunBB have anything which does it.

2009-03-16 17:44

You're trying to install 1.2* mods on 1.3*? You'll have a fun time getting nowhere with that. Mods and extensions are vastly different things and not cross version compatible.

2009-03-16 16:49

I doubt anyone could be "desperate" for chatbox or reputation mods, especially less than one hour after your initial post.

Check your logs for errors. Pyschic abilities have never been my strongpoint personally, I must admit.

Edit: However, if you're on 1.2, one does wonder why you're trying to run anything from the admin directory?

2009-03-09 13:38

esupergood wrote:

p.s. how can a punbb support manager be unaware of the latest extensions? Sorry if that is a bad question but it seems like you should be on top of latest releases

User extensions aren't official code.

2009-03-07 02:38

esupergood wrote:

what's that matt?

An online style generator for 1.3.

2009-03-06 23:19

http://spinkbb.jsand.net/punbb/index.php

2009-03-06 16:11

If you have access to the mysql command, then you should also have the mysqldump command available. There is no more portable and cross-platform a method than MySQL's own utilities.

mysqldump [database_name] > [output_filename]

2009-03-06 11:44

Just do a db dump via your normal SQL admin utility.

2009-03-05 14:59

You mean you only want the code to execute on one specific page? If so, which page?

Search options (Page 7 of 77)

Posts found: 151 to 175 of 1,922

151 Reply by MattF 2009-03-23 13:38

Re: A couple of existing extension javascript suggestions (14 replies, posted in PunBB 1.3 discussion)

152 Topic by MattF 2009-03-20 23:42

Topic: A couple of existing extension javascript suggestions (14 replies, posted in PunBB 1.3 discussion)

153 Reply by MattF 2009-03-20 23:38

Re: Top tips for a beginner coder? (25 replies, posted in Programming)

154 Reply by MattF 2009-03-20 23:30

Re: Board footer (11 replies, posted in PunBB 1.2 troubleshooting)

155 Reply by MattF 2009-03-20 23:25

Re: Board footer (11 replies, posted in PunBB 1.2 troubleshooting)

156 Reply by MattF 2009-03-20 01:41

Re: Board footer (11 replies, posted in PunBB 1.2 troubleshooting)

157 Reply by MattF 2009-03-19 13:19

Re: Changes in development team (19 replies, posted in News)

158 Reply by MattF 2009-03-19 13:18

Re: User Inuput Validation (17 replies, posted in PunBB 1.3 troubleshooting)

159 Reply by MattF 2009-03-18 23:14

Re: Changing index page (2 replies, posted in General discussion)

160 Reply by MattF 2009-03-18 22:59

Re: Email Flood Protection (2 replies, posted in PunBB 1.2 discussion)

161 Reply by MattF 2009-03-18 22:57

Re: Topic tags error (2 replies, posted in PunBB 1.3 troubleshooting)

162 Reply by MattF 2009-03-18 22:55

Re: User Inuput Validation (17 replies, posted in PunBB 1.3 troubleshooting)

163 Reply by MattF 2009-03-18 16:24

Re: User Inuput Validation (17 replies, posted in PunBB 1.3 troubleshooting)

164 Reply by MattF 2009-03-18 16:22

Re: User Inuput Validation (17 replies, posted in PunBB 1.3 troubleshooting)

165 Reply by MattF 2009-03-17 11:06

Re: Encoding problems when trying to display forum content outside of foru (2 replies, posted in PunBB 1.3 troubleshooting)

166 Reply by MattF 2009-03-17 11:04

Re: User Inuput Validation (17 replies, posted in PunBB 1.3 troubleshooting)

167 Reply by MattF 2009-03-16 18:09

Re: need help with chatbox, reputation, and styles (6 replies, posted in PunBB 1.2 modifications, plugins and integrations)

168 Reply by MattF 2009-03-16 17:44

Re: need help with chatbox, reputation, and styles (6 replies, posted in PunBB 1.2 modifications, plugins and integrations)

169 Reply by MattF 2009-03-16 16:49

Re: need help with chatbox, reputation, and styles (6 replies, posted in PunBB 1.2 modifications, plugins and integrations)

170 Reply by MattF 2009-03-09 13:38

Re: switch from phpbb (12 replies, posted in PunBB 1.2 troubleshooting)

171 Reply by MattF 2009-03-07 02:38

Re: Smaller styles? (5 replies, posted in PunBB 1.3 additions)

172 Reply by MattF 2009-03-06 23:19

Re: Smaller styles? (5 replies, posted in PunBB 1.3 additions)

173 Reply by MattF 2009-03-06 16:11

Re: Should i go for 1.2, since the plugin architecture was changed? (4 replies, posted in PunBB 1.2 discussion)

174 Reply by MattF 2009-03-06 11:44

Re: Should i go for 1.2, since the plugin architecture was changed? (4 replies, posted in PunBB 1.2 discussion)

175 Reply by MattF 2009-03-05 14:59

Re: ask about music provide (5 replies, posted in PunBB 1.2 troubleshooting)

Posts found: 151 to 175 of 1,922