xoops forums

andrax

Just popping in
Posted on: 2012/8/14 19:01
andrax
andrax (Show more)
Just popping in
Posts: 60
Since: 2010/9/10
#201

Re: Newbb 4.3

It's just my impression or we have two independent lines of work in this module?!? Alfred still working on a version and here I see another in parallel..., in the end what the "official" version?!?
Why not work together to improve this module?!? I honestly do not understand this difficulty working in teams...

A few days ago I reported security flaws in this module... but when I check the repository in souceforge, I see that security holes are still there... far as I could see, Alfred has already begun to implement the corrections in your private repository...

Well, I think is extremely unproductive have to test two different versions of the same module... when we could all be focusing and efforts into a single version.

irmtfan

Module Developer
Posted on: 2012/8/15 4:58
irmtfan
irmtfan (Show more)
Module Developer
Posts: 3419
Since: 2003/12/7
#202

Re: Newbb 4.3

deka87:
As you can see yourself you have this:
[6]=> string(23"Content-type: text/html"

after the newbb_1LV=1344940223;
there should not be any header after newbb.

Therefore Im completely sure that you have either a newline/space before <?php OR newline/space after ?> in one important file like mainfile.php header.php and like that.
the other possibility is a BOM in your language files.

If i were you i will copy all files from main website to a subdomain and try to replace them with xoops 2.5.3 originals and test with just english language.

andrax:
the official version is Alfred version.
He is the true developer of newbb.
Im not a developer and i dont develop this newbb module.
if you see my changes i just want to clean this newbb from:
1- hardcodes in using php commands instead of XOOPS API
2- hardcodes css like style=" and align="left/right" in php and html files
3- find minor mistypes like an extra / here and there
4- copy/paste better codes from other modules/core. eg: newbb/makepdf.php is completely re-writen.

Also you can see i emphasis all my changes with "irmtfan". i did that because i want to make it easier for anybody to implement my changes.

I could not solve the security holes. Anyway i didnt see your reports here in xoops.org

I will release a new version today which is hopefully the last version of my corrections.

Also i will be in vacation for the next 5 days from tomorrow afternoon until the next week monday afternoon.

I hope Alfred could take time and review my codes and corrections.

Also i wish he could develop this module. I have a wish list like this:
- makepdf.php group permission system
- makepdf.php could create pdf from a topic (not only post)
- print.php could print a whole topic (not only post)
- remove all hardcodes from language files like %s, url, html codes

Hope i could explain that.
Im looking forward to see community opinions.



irmtfan

Module Developer
Posted on: 2012/8/15 7:39
irmtfan
irmtfan (Show more)
Module Developer
Posts: 3419
Since: 2003/12/7
#203

Re: Newbb 4.3

A new version is now available and i think it would be my final correction.
Other hardcodes could be removed but now it is good to have a final 4.3 version.
then we can have a newbb 4.4

Please download the newest version(rev.10073):
http://www.jadoogaran.org/test255/mod ... 83_irmtfan_2012_08_15.zip

changelog for rev.10073 start from the last official rev.9883:
Changelog from rev.9883

date
2012-08-15
================================================
1minor fixdouble slash fixed in rpg url
in newbb
/class/user.php

2
hardcode removed in rpg image alignment align="left -> class="icon_left"
in newbb/class/user.php

3- some english/persian language definitions has been revised. All extra spaces/newlines have been removed.
All changed to end method windows(CR+LF).See docs/lang_diff.txt for detail. 
in newbb/language/english/*.php, newbb/language/persian/*.php

4- add lang_diff.txt
in newbb/docs/lang_diff.txt

5- expand readme.txt add guides to get a backup from old images before update, introduce Image customization and some FAQ
in newbb/docs/readme.txt

6- makepdf.php from black_beard - add RTL - remove unneeded TCPDF config language requirements - add multi-lang EMLH by GIJ and Xlanguage by phppp DJ.
Add Forum Index - cat - forum - sub forum - topic names to the pdf header.
in newbb/makepdf.php

7- add local stylesheet (xoops_header) in print.php
in newbb/print.php

date: 2012-08-06
================================================
1- hardcode fix: using header php command instead of redirect_header XOOPS function (deka87/irmtfan)
in newbb/search.php
(Also hardcoded in latest core in xoops2.5.5/htdocs/search.php)

2- hardcode fix: icon_path smarty variable was hardcoded in viewtopic and viewpost and is not defined in class/forum.php  (irmtfan)
in newbb/viewtopic.php, newbb/viewpost.php, newbb/class/forum.php

3- hardcode icons and some hardcodes has been solved in templates:
in newbb/templates/newbb_thread.html, newbb/templates/newbb_index.html, newbb/templates/newbb_viewforum_subforum.html

4- add readme.txt for install and upgrade
in docs/readme.txt

5- a poll class misses in english style.css
in newbb/templates/images/language/english/style.css
 
date: 2012-08-04
================================================
1- bug fixed: error in newbb/polls.php when the strtotime is not defined in XoopsLocal class (irmtfan)
solution: replace XoopsLocal::strtotime(
$end_time) by method_exists('XoopsLocal', 'strtotime') ? XoopsLocal::strtotime($end_time) : strtotime($end_time)
in newbb/polls.php
2- more hardcodes in newbb/templates has been removed

date: 2012-08-01
================================================
1- localization: input date localized (for other date systems like hegira) by replacing strtotime by XoopsLocal::strtotime
in newbb/polls.php

2- customization&localization: newbb style.css is fully localized and customized and is not hard-coded anymore.
in newbb/header.php
file changes: 
-- deleted newbb/templates/style.css
-- added   newbb/templates/images/language/english/style.css
-- added   newbb/templates/images/language/persian/style.css
priorities:
if exist in themes/YOUR_THEME/modules/newbb/images/language/YOUR_LANG/style.css take it
else if exist in themes/default/modules/newbb/images/language/YOUR_LANG/style.css take it
else if exist in modules/newbb/templates/images/language/YOUR_LANG/style.css take it
else if exist in modules/newbb/templates/images/language/english/style.css take it
else if exist in modules/newbb/templates/style.css take it (for backward compatibility)

3- many hardcodes in newbb/templates and style.css has been removed
 
date: 2012-07-30
================================================
1- bug fix: edit not displayed when the reason is not filled (irmtfan)
2- bug fix: only the last edit is recorded. (irmtfan/alfred)
in newbb/class/post.php
3- bug fix: 'noapprove' permission incorrectly recorded in database. (irmtfan)
in newbb/class/permission.php
4- bug fix: load user ranks has been hardcoded. it works in old/upgraded websites but not works in new installed websites. a new getting rank introduced. (black_beard/irmtfan)
in newbb/class/user.php, newbb/templates/newbb_thread.html
5- minor bug fix: mysql 5.1 was incorrectly needed (irmtfan)
in newbb/xoops_version.php
6- hardcode: some style.css color hardcodes has been removed. (irmtfan)
in newbb/templates/style.css
7- feature added: text links instead of buttons. (deka87/irmtfan)
in newbb/class/icon.php , newbb/include/functions.render.php , newbb/include/plugin.php


Also i updated the svn:
http://xoops.svn.sourceforge.net/view ... bb/branches/irmtfan/newbb

I decide to not work on newbb anymore unless i receive a feedback or important reported hardcode.

*/

deka87

Friend of XOOPS
Posted on: 2012/8/15 8:30
deka87
deka87 (Show more)
Friend of XOOPS
Posts: 1124
Since: 2007/10/5
#204

Re: Newbb 4.3

Thanks for the work done, irtmfan! Greatly appeciated!

Cesagonchu

Moderator
Posted on: 2012/8/15 8:32
Cesagonchu
Cesagonchu (Show more)
Moderator
Posts: 864
Since: 2010/2/1 2
#205

Re: Newbb 4.3

I'll test tomorrow. Sorry for the delay.

irmtfan

Module Developer
Posted on: 2012/8/16 5:33
irmtfan
irmtfan (Show more)
Module Developer
Posts: 3419
Since: 2003/12/7
#206

Re: Newbb 4.3

deka87:
today i recognize that the following php files in newbb have extra newline after ?>

newbb/votepolls.php, newbb/include/notification.inc.php, newbb/class/permission.forum.php, newbb/admin/admin_groupmod.php

I know maybe your issue will not solved by removing those extra lines.
But it show us that we may have these problems in our websites.

IMO Xoops should have an error manager for headers and recognize when there is a problem like your issue when the headers are already sent.


Cesagonchu

Moderator
Posted on: 2012/8/16 17:52
Cesagonchu
Cesagonchu (Show more)
Moderator
Posts: 864
Since: 2010/2/1 2
#207

Re: Newbb 4.3

Newbb 4.3 last irmtfan revision (10073 rev.).

Attachments works but when I post a message with it, I have this error :
NoticeUndefined variablepseudo_height in file /modules/newbb/include/functions.image.php line 86


SIMPLE-XOOPS (bad link)

newbb\xoops_version.php
Line 24:
replace:
$modversion['author_website_url']     = "http://www.simple-xoops.de/";

with:
$modversion['author_website_url']     = "www.simple-xoops.de/";


I did not find anything else for the moment. Great work

deka87

Friend of XOOPS
Posted on: 2012/8/16 18:31
deka87
deka87 (Show more)
Friend of XOOPS
Posts: 1124
Since: 2007/10/5
#208

Re: Newbb 4.3

irtmfan,

yeah, cleaning the empty lines in those files didn't help.

DCrussader

Friend of XOOPS
Posted on: 2012/8/18 10:42
DCrussader
DCrussader (Show more)
Friend of XOOPS
Posts: 573
Since: 2005/7/4 7
#209

Re: Newbb 4.3

(This newbb 4.3(www.xoops.org) have and problems with sessions)
Grrr, do I have to click several times submit, so I can post something... How I can exceed time on copy & paste and logged in from 2 seconds ?
Invalid submissionYou could have exceeded session timePlease re-submit or make a backup of your post and login to resubmit if necessary.

irmtfan

Module Developer
Posted on: 2012/8/25 5:49
irmtfan
irmtfan (Show more)
Module Developer
Posts: 3419
Since: 2003/12/7
#210

Re: Newbb 4.3

Cesag:
Nice findings. can be easily correct but i prefer to wait for Alfred.

DCrussader:
I have this issue only in xoops.org newbb and not in 10 other newbb forum websites. mainly you should click and the post will submitted.
Im sure that it is because of some issues in other parts like that headers_sent() issue or protector issue.
I told several times that solving these issues in xoops.org forum is vitally important because new arrivals can see something good in their first impression.

To everybody:
I can see Alfred release the final version of 4.3 only in the german website. but that final version at least have the following reported and solved bugs:
1bug fixedit not record and displayed when the reason is not filled
2
bug fixload user ranks has been wrongly linked in newbb_thread.html (black_beard reported it)


Also i can see he update the SVN which is good.

IMo it also be good to implement the removing hardcodes in templates. i mean those align=left/right

Also i, sure black_beard correctly reported the unneeded ranks in url because in 2.5.5 ranks are store in the database like this in the field:
ranks/RANK.jpg

but in versions < 2.5.5 ranks are stored like this:
RANK.jpg

so it should be like this in template newbb_thread.html

<{$xoops_upload_url}>/<{$topic_post.poster.rank_image}>


Edit:
IMO this setting in include/plugin.php is dangerous:
// perform forum/topic synchronization on module update
$customConfig["syncOnUpdate"] = true;

If you update the newbb and this config was set to true you will lost all your pending and deleted posts/topics/forums.

It means just your approved data will be remain in the database.
IMO it should be set to false as default.