Best Of
Re: A little re-arrangemnet
Just a followup you guys
I made the plugin! It won't be up on this forum until our next cloud release though. Probably in a couple of weeks.
Vanilla 3.1 is now available
Missed the 3.0 release? Check out the upgrade & release notes here.
Hi everyone! The team has been hard at work over the last month fixing bugs and security holes and even squeezing in a new feature. There should be no breaking changes in this release so it should be a very straightforward update.
Upgrade Notes
- Vanilla 3.x requires PHP 7.1 which is a change from earlier versions. We strongly recommend upgrading to PHP 7.3 as soon as possible. Many hosting plans allow a seamless transition via their control panel.
- Follow the normal upgrade process, including running /utility/update.
- Follow additional specific upgrade instructions.
- Test your plugin & theme compatibility in a safe place before upgrading your production forum.
Download
Get over in the addon directory. https://open.vanillaforums.com/addon/vanilla-core-3.1
charrondev
Re: Passwords no longer work after update from 2.2
The category is closed for a reason: the version of Vanilla you are using has security issues. Any question concerning a Vanilla version prior to 3.0.2 (currently) can be answered with: "Update!"
Simple as that.
R_J
FilterForumSearch plugin
Hello everyone,
For the forum I host, I needed to create a plugin that would allow for filtering searches, without the use of additional software (like Sphinx), as my server host does not support it. This lead to the creation of the FilterForumSearch plugin:
You can find the plugin here: https://open.vanillaforums.com/addon/filteredforumsearch-plugin-2.0
The plugin supports the following filters:
- Category
- Q&A status
- Comment/Reply count
- Username
The plugin has no dependencies outside of Vanilla and the Q&A plugin. This allows it to work with Shared hosting plans and other server plans that otherwise wouldn't allow for filtered searching through additional software. The plugin works by using an SQL query to retrieve data based on the parameters passed in, using Vanilla's SQL interface to (hopefully) minimize SQL injection potential.
Hopefully this plugin will be helpful for others who are looking for search filters but cannot install additional software.
Motivation behind creation
One of the members of the forum I host mentioned that they would prefer additional search parameters/filters to make it easier to find if similar questions have already been answered by using the search page in Vanilla. To me, this was a reasonable request, so I set about finding a solution.
One of the admins on the forum suggested the SphinxSearch plugin, which would have worked great and provided everything we need. Unfortunately, I discovered that my server provider does not have Spinx support with the hosting plan I have bought, making this plugin unusable for the forum.
I found the CategorySearch plugin, which uses SQL queries to filter the search, which looked like exactly what I was looking for. However, the plugin didn't work with the version of Vanilla the forums is using, 2.8.3 currently. After trying to get it to work for a few hours with no result, which is probably due to my lack of PHP experience, I decided to rewrite the non-working parts of the plugin entirely, using a slightly different method than the original.
Having made this decision, I set about rewriting a good chunk of the plugin, using the CategorySearch plugin as a reference. After a couple days of work, testing, and debugging, I finally had a working plugin that filters searches using direct SQL queries.
After this, it was pointed out to me that using SQL queries directly could introduce security vulnerabilities, so I rewrote the plugin to use Vanilla's SQL interface instead and removed all direct SQL queries, hopefully removing and vulnerabilities I introduced through the plugin.
Once I had that working, I cleaned a few things up, changed the plugin info, and uploaded it both here and to the GitHub repository holding all of the modified plugins for the forum I'm hosting.
Special Thanks
Huge thanks to @R_J, the creator of the CategorySearch plugin! Using the plugin as a base was extremely helpful and greatly sped up the time it would have taken to write the plugin if I wrote it entirely from scratch.
Note
One major thing I am not sure about, is the PHP code I wrote for the plugin.
While I have SQL experience, I only have used PHP minimally, so the code may be poorly written. If someone with PHP/SQL experience does not mind looking at the plugin and it's code, I would highly appreciate it! I think the code is probably stable and secure enough for most cases, but I'm concerned that I might have missed something obvious.
Re: Vanilla 3.0 is now available (Updated 3.0.2)
Release Notes
Rich Editor
Rich Editor saw a number of enhancements in this release.
New paragraph level formatting menu
We've added a new paragraph level formatting menu in order to surface more formatting options.
Currently it is broken down into 4 categories.
- Heading Formats (Displays 4 possible levels of headings).
- List Formats (Numbered List, Bulleted List, Indented & Outdent).
- Special Formats (Quote, Code Block, Spoiler).
- Standard Format
New Rich Editor formats
Along with the paragraph formatting menu, we've added support for
- Additional levels of heading (2, 3, 4, 5). Previously only levels 2 & 3 were available.
- Support for nested lists. Lists can now be nested up to 4 levels deep.
Improved Pasting Robustness
This iteration of Rich Editor see much improved ability to paste content into the editor.
The following may now be pasted from other web pages
- Images (multiple at a time, including with mixed content).
- Lists (Including nested lists).
Markdown Macros
Rich editor now has support for markdown based macros. Try out standard markdown input syntax and watch as it is transformed into your Rich Post.
Other
- Fix a memory leak and improve performance of Rich Editor.
- Rich Quotes now properly enable by default when enabling the addon. Thanks @R_J.
Image Upload Limits
It is now possible to limit maximum image upload dimensions through and enhanced dashboard posting page. Any images uploaded above this limit will be resized (while preserving aspect ratio) to fit within the configured dimensions.
These dimensions will be respected in Rich Editor, Advanced Editor, and the /api/v2/media endpoint.
Keystone Theme
The keystone header on desktop now contains core & contextual navigation items. Additionally these items can be found on mobile devices by opening the navigation menu.
Other
SEO & Performance
Blocking Script Tags
By default Vanilla blocks a page from rendering until most of its javascript is loaded. This is not considered best practice, because it negatively impacts user’s page load times. Search engines like google penalize sites that do this.
Site’s may now opt-in to better behaviour here and load all scripts after the main document loads. This can be done by setting the configuration value.
$Configuration['Feature']['DeferredLegacyScripts']['Enabled'] = true;
or in JSON (Vanilla console)
"Feature": {
"DeferredLegacyScripts": {
"Enabled": false
}
}
If this is done properly all scripts in the of the page should have the defer attribute set.
This can lead to large increases in score on google’s page-speed index as well improved load times for users, especially on mobile.
Warning: This may not be compatible with certain custom Pockets or custom themes. Please test on staging environments first.
Sitemaps & Robots.txt
- Robots.txt is now present on all sites, separately of the sitemaps plugin.
- The Sitemaps setting page now displays a warning of private communities are enabled. addons#714
Google Sign In
Due to the fact that Google is sunsetting Google+ Sign In method we are adding Google Sign In. Forums that are using Google+ now are strongly recommended to create an OpenID OAuth 2.0 application at Google and turn on the Google Sign In plugin.
For more information about the user authentication workflow that is being implemented please read this documentation on Google.com. For instructions on how to set up the plugin see Vanilla user docs for Google Sign In
Dashboard
- Keep left panel of the dashboard pinned to the side when scrolling on long pages.
- Allow initial starting values for color forms #8580. Thanks @R_J
- Fix reset password link when password has been reset by an admin#8859
New or Expanded API endpoints
Set the canonical URL of a discussion
PUT /api/v2/discussions/:id/canonical-urlDELETE /api/v2/discussions/:id/canonical-url
Expand accepted answer IDs
The GET /api/v2/discussions/:id endpoint now offers an expand parameter acceptedAnswers. When set the commentID & rendered text of the accepted answer will be included in the response.
Current user endpoints
GET /api/v2/users/meGET /api/v2/users/me-counts
These 2 endpoints may be used to fetch information about the currently signed in user.
Record a page view
POST /api/v2/tick
Updated File Release Permissions
Note: This fix is also present in the 2.8.4 release.
It has been brought to our attention that our file system permissions were far to open in our open source releases. These concerns were initially dismissed because in our version control repository and on all of our infrastructure the permissions were correct.
Thanks to the insistence of @R_J I discovered a bug in our OSS release build tool that reset all of the file permissions to 777 (very dangerous).
Starting in this release file system permissions are essentially 755 for directories and 644 for files.
Other Fixes
Discussions/Comments
- Fixed an issue where drafts would save even though no text had been inputted or changed. #8722
Categories
- Reading all posts in a category will not mark the category as read. #8547
- Remove redundant missing category error. #8886
Embedded Comments
- Inherit dashboard post format type (Fixes embedded comments with Rich Editor). #8767
Twitter SSO
- Fix broken twitter SSO plugin #8881
Accessibility
- The Pager controls should now be more accessible to users with assistive screen devices (Such as screen readers). #8634
Profile
- Profile Extender fields may now be translated. #8566
Re: Vanilla 3.0 RC2 (Release Candidate) & Call for Testers
Features and Fixes
These are the features & fixes for the rc2 release. For the rc1 notes see this post:
Rich Editor
- Rich editor now has support for markdown based macros. Try out standard markdown input syntax and watch as it is transformed into your Rich Post.
- Fix a memory leak and improve performance of Rich Editor.
Updated File Release Permissions
Note: This fix is also present in the 2.8.4 release.
It has been brought to our attention that our file system permissions were far to open in our open source releases. These concerns were initially dismissed because in our version control repository and on all of our infrastructure the permissions were correct.
Thanks to the insistence of @R_J I discovered a bug in our OSS release build tool that reset all of the file permissions to 777 (very dangerous).
Starting in this release file system permissions are essentially 755 for directories and 644 for files.
Categories
- Remove redundant missing category error. #8886
Embedded comments
- Inherit dashboard post format type. #8767
Twitter SSO
- Fix broken twitter SSO plugin
Dashboard
- Allow initial starting values for color forms #8580. Thanks @R_J
- Fix reset password link when password has been reset by an admin #8859
Keystone
Sitemaps & Robots.txt
- Robots.txt is now present on all sites, separately of the sitemaps plugin.
- The Sitemaps setting page now displays a warning of private communities are enabled. addons#714
Re: How to install a plugin/addon/theme
You can download a theme from here and it will be a zip file.
It can be best explained by using a name, e.g. Groovy.
The file needs to be unzipped to your /themes folder. While normally simple unzipping is enough, you can check the following three things to be sure that the unzipping was correct:
- There is a folder
/themes/Groovy - In this folder is a file
about.phporaddon.json=>/themes/Groovy/about.php. If both files exist, the addon.json is the important file! - In the about.php there is the line
$ThemeInfo['Groovy'] =...or if there is a file addon.json, you need to find a line like"key": "Groovy",
The folder must be named exactly like the text you find in addon.json or about.php: "Groovy". If your zip file has been extracted to "Groovy", but in the addon.json/about.php you see it is spelled all lower case "groovy", you have to rename the folder.
If you cannot see the theme in the dasboard, delete /cache/theme-index.php and if there is a file /cache/theme/groovy.php or /cache/theme/Groovy.php, which is not probable, delete that, too
R_J
Vanilla 2.8.4 is now available for download - Important security patches
Get it right here: https://open.vanillaforums.com/addon/vanilla-core-2.8.4
This release contains CRITICAL security patches.
- Patched SSRF in HTTP client.
- Updated release file system permissions to be less permissive.
It has been brought to our attention that our file system permissions were far to open in our open source releases. These concerns were initially dismissed because in our version control repository and on all of our infrastructure the permissions were correct.
Thanks to the insistence of @R_J I discovered a bug in our OSS release build tool that reset all of the file permissions to 777 (very dangerous).
Starting in this release file system permissions are essentially 755 for directories and 644 for files.
Please upgrade to the latest version of Vanilla as soon as possible. No other changes from 2.8.3 are in this version.
charrondev
Re: Migration
Just try it! There is a porter script: https://open.vanillaforums.com/addon/porter-core
Run the porter script on your server, install a clean Vanilla version on your desktop pc, import that old forum and see if all the features you need are available.
Each forum software has a lot of features and you will find out that migrating from one forum to another always will bring some benefits but some other features are worse. Therefore I think it is necessary to test around a little bit.
R_J
Re: Vanilla running on FastComet.com or SiteGround.com hosting
I would advice against using installation scripts for following reasons:
- Vanilla is easy to install, they bring not much use.
- It will always take some time between an officially available Vanilla version and a softaculous update. In the meantime your forum might be open for known security issues.
- In order to work, they need to alter the Vanilla source code slightly. When any error occurs, it might be hard to give support because it might not be easy to tell if the installer/the hoster is causing the issue or Vanilla.
If you are searching for a forum solution and your provider offers a one click installer for Vanilla, then use it to try if Vanilla is the forum solution you are looking for. But after you've made your decision, free yourself from that bounds of the installer version and set up Vanilla by yourself. It's really easy.
R_J