Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Mar 30 19:54
    Deltik commented #4116
  • Mar 30 19:25
    Kojack-59 commented #4116
  • Mar 30 14:53
    Kojack-59 edited #4116
  • Mar 30 14:53
    Kojack-59 labeled #4116
  • Mar 30 14:53
    Kojack-59 opened #4116
  • Mar 30 13:35
    Jimmi08 commented #1886
  • Mar 30 13:15
    Kojack-59 commented #1886
  • Mar 30 07:22
    Kojack-59 commented on 03dfb5c
  • Mar 30 06:48
    Deltik commented on 03dfb5c
  • Mar 30 06:35
    Kojack-59 commented on 03dfb5c
  • Mar 29 20:56

    Deltik on master

    Hotfix: Don't fatal error if co… (compare)

  • Mar 29 19:23
    LaocheXe commented #4115
  • Mar 29 19:19
    LaocheXe commented #4115
  • Mar 29 18:56
    LaocheXe edited #4115
  • Mar 29 18:52
    LaocheXe labeled #4115
  • Mar 29 18:52
    LaocheXe opened #4115
  • Mar 29 18:51
    Deltik commented on 03dfb5c
  • Mar 29 18:49

    Deltik on master

    Hotfix: Don't fatal error if co… (compare)

  • Mar 29 16:02
    Kojack-59 commented on 03dfb5c
  • Mar 29 15:47
    Deltik commented on 03dfb5c
DBSdevelopment
@DBSdevelopment
SECURITY ISSUE: When the User log saves a Login in event The password is saved in plain txt.
image.png
oui3kings
@oui3kings
Not sure if I brought this up before. I almost forgot about this issue until I went to go install the EU Cookie plugin again. Anyway, after plugin install it caused all of the admin icons and even links in the main menus to disappear. I have another cookie notification solution so I'm not too worried about this but figured I'd let people know so the issue could be looked into for others.
oui3kings
@oui3kings
A little further detail. The installation changed all links to /e107_admin/admin.php# The left sidebar is there showing Latest (submitted news etc). If you click one of those links you can then see the list, links, icons again under the top most admin menu. But the main admin page is blank, no icons and no list/icons under main menu
Tijn Kuyper
@Moc
@DBSdevelopment it should only be the hash, the plaintext password is not saved. If not, please report this through the appropriate channel (being security@e107.org) and not through public channels at first. Thank you.
@oui3kings that sounds like a poorly coded plugin
oui3kings
@oui3kings
@Moc I don’t know enough to make that claim but you’re probably right. Anyway, that plugin is out there so I don’t know if anyone wants to pull the plugin or fix it. I just want to make the issue known. It’s easy to panic if all your admin links and icons are gone. If anyone finds themselves in this situation with this plugin, do not just delete the plugin folder and expect the icons to reappear. Instead, you will still have access to the LATEST links on the left side of admin page. Click any of those (submitted news) etc. Once you leave e107_admin/admin.php you will be able to get to plugin manager from the top admin links. You can then uninstall EU Cookie plugin through plugin manager. If you just try to delete or rename the plugin folder the problem of no links & icons remains
Tijn Kuyper
@Moc
@oui3kings Who is the author?
oui3kings
@oui3kings
@Moc - Roland Graf (OxigenO2)
DBSdevelopment
@DBSdevelopment
@Moc I will confirm the findings and submit at the appropriate channel
Nick L.
@Deltik

@CaMer0n: Is it intentional that only the system/xup/signup endpoint be used in e107_core/shortcodes/batch/signup_shortcodes.php? @LaocheXe is depending on his login form using only the system/xup/signup endpoint, but I made a change that determines whether to use system/xup/login or system/xup/signup depending on whether the visitor is on a login or on a signup page: https://github.com/e107inc/e107/blame/8c072e243b853cfaab16b1b8bd6327d1401ab79c/e107_core/shortcodes/batch/signup_shortcodes.php#L138

This was your commit on 2015-01-24 that effectively disabled system/xup/login from being used anywhere except on the system/xup/test page: https://github.com/e107inc/e107/commit/e2a72b40a95211bd76278f6b89dd025b51d8b413#diff-3851683a299196893acaeeffdb67cf31R75


Ancillary question: Is it intended that user signups are allowed regardless of the user_reg core preference? As far as I can tell, system/xup/signup signs up users no matter what because user_reg is not checked.

Cameron
@CaMer0n
@Deltik yes, it is intentional and addresses the many issues raised following its implementation.
Nick L.
@Deltik
@CaMer0n and @LaocheXe: I've renamed the system/xup/signup route to system/xup/login following @CaMer0n's feedback. This change was made in https://github.com/e107inc/e107/pull/4099/commits/ae6340c2336ad577f43914174813db73e5ba5df6 and should restore the signup-and-login behavior you used to have.
Travis Thoene
@LaocheXe
just fyi when updating and if someone is login via social - fatal error
Nick L.
@Deltik
Aw geez
Travis Thoene
@LaocheXe
it's fix easy by applying the update social plugin database - I had to login main admin account on another browser to fix it
Nick L.
@Deltik
Yes, that's how it's got to be, unfortunately :confused:
There's too much different between HybridAuth 2.9.6 and Hybridauth 3.1.1 for it to be worth making e_user_provider work on both major versions.
Indylogan
@Indylogan
I use e107 2.2.1 with the built in Forum engine. I'd like to ask how to prevent users to open their own topics? I mean, only me, the admin should create topics, then the members could write comments to only these topics. Thank you.
Cameron
@CaMer0n
@Indylogan Take a look at the Forum admin page settings for "Thread Creation Class". /e107_plugins/forum/forum_admin.php You'll want to set it to Admin.
Indylogan
@Indylogan
@CaMer0n Thank you, but I already tried it. It is not working, because any members, who can read the forum, can open new topic.
Cameron
@CaMer0n
@Indylogan Okay, Thank you for letting us know. Once it is fixed this issue will be updated: e107inc/e107#3974
kreos
@kreossino
hi hello!
in bootstrap theme i see the news how to remove this in FRONTPAGE (index.php) thank you
kreos
@kreossino

hi hello!
in bootstrap theme i see the news how to remove this in FRONTPAGE (index.php) thank you

help is urgently ... how i remove in home page the news and the alert message 'LAN_NEWS_83"? i use the bootstrap3 theme without directory "layouts"

leo
@tgtje
@kreossino normally duiring install you have when selecting install theme 2 lines below to either yes or no add plugins and content..
In neither case (if on or off you should see news...) only a block ala welcome message. NOw did you a change the frontpage link? )FRONTPAGE=welcome message) or did you change the layouts ? This is rhe normal setting when all is off
leo
@tgtje
normal.jpg
Seeing the LAN means your languagepack is corrupted or not up to date... 3 fresh installs...all the same outcome..no news on frontpage
kreos
@kreossino
@tgtje thank you Leo, i have reinstalled and now is perfect! ;)
Indylogan
@Indylogan
Hello! Thank you for your support! Could you please help me: how can I set in the built in forum plugin to show the exact time of a post? Right now it just show the time as "1 day ago, 2 days ago, etc".
unhyphenatedanarchy
@unhyphenatedanarchy
I am getting Server 500 errors on a new successful install of e107. I'm thinking it is related to the htaccess file?
if i use domainname.com/e107 the pages resolve properly but if i use e107.domainname.com i get server 500 errors
Indylogan
@Indylogan
@unhyphenatedanarchy I have faced exactly the same issue with e107 2.2.1 on PHP 5.6.40 randomly. On PHP 7.3.14 no issue.
Indylogan
@Indylogan
Does somebody know why there is no pop up on PM message?
leo
@tgtje
@unhyphenatedanarchy you are posting 2 domains ? first has domainname/subfolder e107 the second one would point to another domain (or a parked domain, but works only if it actual exists=paid domain). You can not do testing this way on localhost, then it is different server behaviour. In a live case your domainnames would have also different IP's (range might be similar).
@Indylogan i also have no popup like earlier in v1, just when selected an icon (envelope on front) and numbers in admin navbar.
Reading through pm files it could be a JS problem, and mind also (i can not guarantee such) browsers suppress them these days...
,ake it an issue if needed, but if js should be the culprit recoding to modal necessary?? (i am no coder).
kreos
@kreossino
hi, i have the website under construction "offline" and i can't login with correct password with my smartphone in admin area why?
Alex
@Alex-e107nl
Good morning, surprised by https://github.com/e107inc/e107/releases/tag/v2.1.0 what version is that? Is it really new? Version number? Gives a compleet blank page front and admin when i try to update an existing site.. Hope everyone is allright!
leo
@tgtje
@Alex-e107nl good morning too. Imo think that the release versions on github missed this one in the release branch (just guessing); however between the existing branch on SF and the one released (as you mentioned ) are 3 differences to see a) small changes to core_images.php and ver.php (they are smaller in the sf ones) and the 0B config php is deleted (ok gitignore is in the released new one and both files are a little larger, config is gone..).
Seems more like a little missclick ?
Alex
@Alex-e107nl
Hi Leo, got 2 mails about it... so i thought test it right away but it really is a no go...
leo
@tgtje
@Alex-e107nl well, i am not going to try it at all ( to install) as it is basically for php 5.3 and do not know iff you using the newer dutch lang pack... there would be lan def troubles anyhow... ( ps look inside github release list and click on notes button.... could be a github restore... who knows??? )
Cameron
@CaMer0n
@Deltik ^^
Nick L.
@Deltik

Good morning, surprised by https://github.com/e107inc/e107/releases/tag/v2.1.0 what version is that? Is it really new? Version number? Gives a compleet blank page front and admin when i try to update an existing site.. Hope everyone is allright!

@Alex-e107nl: e107 v2.1 was a release from 2016-03-19. As part of a project I'm working on, I normalized the tagged version numbers but accidentally messed up the v2.1 release by normalizing it into v2.1.0. Unfortunately, that wiped out the v2.1 release and GitHub made v2.1.0 look like it came out yesterday. v2.1 was singled out because it was the only stable tag without a patch version number. This was an error on my part. Sorry about that and the emails!

small changes to core_images.php and ver.php

@tgtje: core_image.php, ver.php, and e107_config.php are generated by a build script, so the release will differ in those files. My project is the automation of release builds. The latest progress is temporarily in the build-release branch, and the output is on GitHub Actions. I'm also reworking how core_image.php is generated.

leo
@tgtje
@Deltik Ok, i understand. Reason for mentioning file changes is just meant as pointing out iff (little security related) something else is/has happened. ;-)
Tijn Kuyper
@Moc
There are quite some major changes since the last release. When a new release (2.3.0) is ready we will communicate all the changes properly using the regular channels. The 2.1.0 release you saw was caused by a (minor) mistake in the amazing work of Deltik, who's helping us automate things including automated testing and automated release builds :)
Olivier Troccaz
@OTroccaz
Hello! Is there always an email address for security issues?
Tijn Kuyper
@Moc
@OTroccaz yes, as instructed here https://e107.org/community ,please email to security@e107.org
Olivier Troccaz
@OTroccaz
@Moc I already did, but I'm getting the error message: A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed: docs@secure.awscloudservices.net (ultimately generated from security@e107.org) Unrouteable address
Cameron
@CaMer0n
@OTroccaz I'll look into that and fix it shortly.
Olivier Troccaz
@OTroccaz
@CaMer0n Thanks Cameron!
mostym
@mostym
Hey all is there a way to disable the password requirement of an upper case and special character?