Welcome to Geeklog, Anonymous Thursday, March 28 2024 @ 10:12 am EDT

Geeklog Forums

Forum Version 2.3.2 and Security Issue with version 2.3.1


Status: offline

Blaine

Forum User
Moderator
Registered: 07/16/02
Posts: 1232
Location:Canada
determined
I have just released version 2.3.2 of the Forum Plugin on my site. This is a Release Candidate and want to get some testing results and feedback before making a general release available. You can view the details of the release on my site here. It includes a number of fixes and a few new features.

A security issue was reported on Sept 13th by member magomarcelo in this post
here

In version 2.3.1: I introduced a new Admin Navbar and inadvertently removed the include of the code to check if the user had admin forum access. There are other logic checks for perms but this was clearly a big issue. I posted a fix within 15 minutes of seeing this report.

If you are running version 2.3.1: Add the following code to your gf_functions.php located in the admin/plugins/forum folder - just after the line that does the include of lib-common.php.
Text Formatted Code

if (!SEC_hasRights('forum.edit')) {
  echo COM_siteHeader();
  echo COM_startBlock($LANG_GF00['access_denied']);
  echo $LANG_GF00['admin_only'];
  echo COM_endBlock();
  echo adminfooter();
  echo COM_siteFooter(true);
  exit();
}

 




Geeklog components by PortalParts -- www.portalparts.com
 Quote

Status: offline

Blaine

Forum User
Moderator
Registered: 07/16/02
Posts: 1232
Location:Canada
curious
It's been a week and I've had over 75 downloads from my site for this new release but no real feedback and better yet no reported issues.

I don't want to assume there are no problems but has anyone really done much testing. I want to release a final version to address the noted issue asap.

Also this is the time to update any language files and send them to me to be included. I've not had anyone contact me as of yet.
Geeklog components by PortalParts -- www.portalparts.com
 Quote

Nijntje

Anonymous
Hi Blaine,

I've installed the latest version of the Forum plugin and am experiencing some Story.admin problems within Geeklog.
Users that are a member of the story.admin group and topic.group in Geeklog now can't edit story's, it keeps displaying stories as read-only. I've also upgraded to Geeklog version 1.3.9sr2 so I don't really know if its caused by the plugin or the upgrade. I've upgraded first and then installed your plugin.
)
Any idea?
 Quote

Status: offline

Blaine

Forum User
Moderator
Registered: 07/16/02
Posts: 1232
Location:Canada
The forum would have no effect on the story and topic permissions. You may want to check that the members have edit permissions for the topic as well as the story.
Geeklog components by PortalParts -- www.portalparts.com
 Quote

Nijntje

Anonymous
Don't bother. If fiixed it.
Was a topic permission setting.
 Quote

Zippo

Anonymous
Hello,

Yesterday I installed geeklog and today your forum.

I added a category but after clicking forum index:

I see active forum, quiet forum and select forum.

Active forum and quiet forum are not clickable (no change of cursor) and my added category appears in the box, but is not clickable also.

What have I done wrong?
(Everything else seems to work fine, Forum menu, settings..)

Grtz.
Peter
 Quote

Zippo

Anonymous
Quote by: Zippo

Hello,

Yesterday I installed geeklog and today your forum.

I added a category but after clicking forum index:

I see active forum, quiet forum and select forum.

Active forum and quiet forum are not clickable (no change of cursor) and my added category appears in the box, but is not clickable also.

What have I done wrong?
(Everything else seems to work fine, Forum menu, settings..)

Grtz.
Peter



Sorry... just found forum link... problem solved!
 Quote

Status: offline

uyghurmen

Forum User
Chatty
Registered: 02/16/11
Posts: 56
Hi Blaine,
I wonder this forum version solved change direction problem? My mean is I need to change direction RIGHT to Left, can I do that?
Before the versions can't.
Thanks
 Quote

Status: offline

Dirk

Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
Quote by: uyghurmen

Hi Blaine,
I wonder this forum version solved change direction problem?


You may want to check the date on Blaine's post - this is a very old discussion thread. It only came back up since somebody commented on it (when they should really have started a new discussion thread).

Your best bet is still the current effort to revamp the forum plugin. The second beta has just been announced: Forum Plugin 2.8.0 - BETA 2.

bye, Dirk
 Quote

Status: offline

uyghurmen

Forum User
Chatty
Registered: 02/16/11
Posts: 56
Quote by: Blaine

It's been a week and I've had over 75 downloads from my site for this new release but no real feedback and better yet no reported issues.

I don't want to assume there are no problems but has anyone really done much testing. I want to release a final version to address the noted issue asap.

Also this is the time to update any language files and send them to me to be included. I've not had anyone contact me as of yet.



I wonder how about forum direction change? Last version not able to change direction RTL (right to left), How about this one? I downloaded already, but not sure about the direction change so didn't install yet.
 Quote

Status: offline

uyghurmen

Forum User
Chatty
Registered: 02/16/11
Posts: 56
Quote by: Dirk

Quote by: uyghurmen

Hi Blaine,
I wonder this forum version solved change direction problem?


You may want to check the date on Blaine's post - this is a very old discussion thread. It only came back up since somebody commented on it (when they should really have started a new discussion thread).

Your best bet is still the current effort to revamp the forum plugin. The second beta has just been announced: Forum Plugin 2.8.0 - BETA 2.

bye, Dirk


but anything about direction change. If you know direct link can you writedown here? another questin is: whichone is last version forum? I checked old the posts and saw some 2.6..., 2.7.1 version and 2.3.2.... I'm confusing at all.
 Quote

Status: offline

::Ben

Forum User
Full Member
Registered: 01/14/05
Posts: 1569
Location:la rochelle, France
Last official release is forum 2.7.4 but 2.8.0 will be out in few days.

Ben
I'm available to customise your themes or plugins for your Geeklog CMS
 Quote

All times are EDT. The time is now 10:12 am.

  • Normal Topic
  • Sticky Topic
  • Locked Topic
  • New Post
  • Sticky Topic W/ New Post
  • Locked Topic W/ New Post
  •  View Anonymous Posts
  •  Able to post
  •  Filtered HTML Allowed
  •  Censored Content