Best Of
Re: One-click login NO passwords! [FREE]
I like that idea very much. The two factor authentication idea is all around, but I think for forums there is a benefit if registration is as easy as possible "Login in with service XY" SSO solutions are a great way to deal with it, and being able to simply use your mail without setting up a social media account is a nice idea.
The plugin doesn't offer a "register with fast.co" option, though. Only signing in with an existing account seems to be supported. I think it should also be usable to make registration more easy. Since your service doesn't store any information, the only thing which can be made more easy would be to make the password fields superfluous.
But there are several (major) problems with the current implementation (in the order of appearance):
- The plugins file name should be named like the class name.
- When the plugin is enabled, the administrators mail address is automatically sent to your APIs /enroll endpoint. Sending private data without giving the user the choice to do so is a no go.
- Since the admin user is not even notified about the account that has been created with this mail address he cannot even use it to look at the statistics; the mail used for that auto-enrollment is communicated
- Buttons are HUGE. It's that big, that even your "Fast" logo needs to get truncated in the panel. If they are used together with other social network logins, they shouldn't be as big as that, but only a small icon, too.
- If there is that FAB like login button, which helps you at any point to log in, I would have the expectation that after logging in I would be redirected to that page again, but as far as I understood, that is not yet working
- "As far as I understood", because in my setup, a forum behind a proxy secured with basic auth, the button loading api crashes my site as soon as I login and I never see anything different than "transferring data from api.fast.co" and as a result "a website is slowing down your browser"
By the way: that handy api.fast.co/api/enroll endpoint allows using parts of your services with unauthorised mail addresses. I suggest to send a "to finish your enrollment process click here" mail which - well authorises an automagical enrollment
R_J
Re: Vanilla 3.1 is now available
I'm noticing that within first install that the warning for external links is actually broke. Trying to look at forum software to replace "Simple Machines" and realized this was a cool alternative, but is broken in the spot that was a huge selling point for us.
Wont lie, really digging this forum software. :)
Re: FilterForumSearch plugin
Figured it out
in /design/search-style.css you got capital B both places
.SearchForm .Button, .search-form .Button
search-style.css should be
.SearchForm .Button, .search-form .button
May I suggest adding
.Button:hover, .button:hover{
filter:brightness(0.7);
}
Kaspar
Re: Forum too quiet these days
This will be done once we complete our documentation migration.
We're currently in the middle of migrating the public docs into our knowledge base. https://success.vanillaforums.com/kb
Currently ~50% of the content has been migrated, but we still need to migrate the rest of the content and add redirects. Unfortunately in the meantime it's a bit confusing for all involved.
Things should be better in the next few weeks though.
Summer/Fall 2019 Roadmap & Development
I understand these kind of announcements have been kind of ad-hoc in the past, but I'd like to do them more frequently in the future. My intention is to outline in broad strokes what features and parts of the framework we'll be working on in the next few months.
Warning: These notes are not a guarantee of any particular version number or release date. It just represents some of our development goals. In particular any of these numbered releases may be broken up or shifted if we make an extra release.
Primary Goals
- Add some small new features.
- Clear our Low/Medium security backlog.
- Wrap up various on-going technical projects.
Vanilla 3.2
- New Content Embed System & Documentation. See OSS preview + announcement thread.
- User homepage selector plugin.
- Enhanced automated testing on pull requests with CircleCI.
- Various Rich Editor & Forum bug fixes.
- Low/Medium severity security fixes from the backlog.
ETA End of July
Vanilla 3.3
This one likely won't be clarified until after a few more product team meetings.
Rich Editor
- Alt-text for images.
- Better handling of embeds on mobile devices.
Routing
The team has been doing a lot of work over the last few months on a new base controller, and static routing system. A lot of the interface and classes used here are already development but may change between now and the release where they are publicly documented.
Builtin Docker Images
Vanilla currently has a project, vanilla-docker that is used for all of our team's development environment. These images are planned to be moved into the core repo, and have all dependencies placed inside. This will also include a production configured image & setup script for hosts that support Docker (looking at an installer for digital ocean).
Using this system the only dependency will Docker. All other tooling (php, composer, node, yarn, etc) will run inside of the containers.
Formatting Pipeline
Work has begun on a major refactoring of the text rendering pipeline. The goals being:
- Consistent interface for different formatters.
- Unified configuration options between Rich Editor & other formats.
- Configuration options for embeds.
- Break up
Gdn_Format - Increased automated test coverage.
JS module system
We've begun breaking up our core typescript codebase into individual packages and publishing them to NPM. These will be published under the org. The intention is to consolidate various packages & build processes floating around.
ETA End of August
Re: Vanilla 3.1 is now available
Full Content Rendering for Moderation/Spam Queue
The Moderation Queue and Spam Queue now display full user content, allowing for easier triaging.
Full post formatting is now displayed, including Images, GIFs, and Rich Embeds making moderation of your Vanilla Forum easier than ever!
Additionally the moderation toolbar now sticks the top of the page so you don't have to scroll back up to it to take action.
Bug Fixes
API v2
- Update media resource management permission to
Garden.Community.Managevanilla/vanilla-patches#572
Rich Editor
- Fix incorrect editor selection handling (vanilla/vanilla#8967)
- Fix Rich Editor responding slowly in some browsers - vanilla#9012
- Fix clicking on Rich Editor mentions being able to crash the editor -vanilla#9012
- Fix Css bug when creating a spoiler -vanilla#9014
Terms of use manager
- Fix terms of user manager to display properly. #1883 #8928
- Simplify showing and hiding name and password. #1911
Categories
- Fix category following for members. #8979
Search
- Fix Rich Post formatting while using search without Advanced Search. vanilla#9020
Reporting
- Fix broken format when reporting a post internal#1912
MeBox & Profile
- Ensure users can view their own profile information even if they do not have the moderator level permissions to view other users personal information - vanilla#8993
QnA
- Fix category discussion type not respected when creating a question. #715
Vanilla
- Add boilerplate/keystone theming styles fixes vanilla/vanilla#8870
- Add state token support to
Gdn_OAuth2vanilla/vanilla#8949 - Add ability to set standard target after registration by invitation vanilla/vanilla#8950
- Escape the title in
Gdn_Theme::logo()vanilla/vanilla#8971 - Remove file path from some upload error messages vanilla/vanilla-patches#579
Security
This release patches multiple medium severity security issues.
- Fix invitation limits not being enforced patches#541
- Remove dynamic RemoteUrl detection code to fix XSS vulnerability (note: This could potentially be breaking change for sites that were improperly configured using a method deprecated 7 years ago) - patches#585
- Fix potential security vulnerability in
serveFile()method - patches#581 - Fix Right to Left override character scrambling URL on leaving page - patches#582
- Improper Access Control - API V2 media endpoint - patches#545
- Fix Path disclosure - patches#203
- Publish WordPress addon security fixes - wordpress-vanilla#31
- Fix unprivileged setting of QnA status when adding or editing comments - addons-patches#33
- Add additional rate limiting to some Vanilla sign-in URLs vanilla/vanilla-patches#573
- Add rate limiting to SSO connect endpoint vanilla/vanilla-patches#578
Developer Notes
HTTP Headers
Starting in this release, various internal infrastructure headers are no longer being used in the application and have been removed from Gdn_Request - patches#574.
HTTP_X_FORWARDED_HOST HTTP_X_CLUSTER_CLIENT_IP HTTP_X_ORIGINALLY_FORWARDED_PROTO
Re: 3.0.2 - Rich text editor is slow [fixed in 3.1]
Update: rolled out editor fresh from master branch and it is performing much better, and a number of users who had previously had trouble are all reporting an improvement too.
jamesinc
Re: FilterForumSearch plugin
Good work.
Here is another semi major issue.
The plugin does not signify the search section name. Inspect the body element in the browser, this is missing 'Section-SearchResults'.
So, any custom smarty logic in the theme or another PHP plugin or even mere CSS rules that depend on Section-SearchResults, will ultimately fail.
Example of codes that will fail
.Section-SearchResults .SiteSearch{
display:none;
}
or
if(inSection('SearchResults')){
echo 'super duper js code';
}
Solution:
In class.filterforumsearch.plugin.php, insert the line within the function SearchController_Render_Before
Gdn_Theme::section('SearchResults');
Also, I suggest removing the label for the search field, vanilla does not come with one, and it is rather obvious what the search field is used for. A more common method is using a placeholder.
The above cleanup would prevent this glitch
Re: Gopi Activity Comments do not work
Found the issue, sharing my quick fix for the benefit of the community.
/themes/Gopi/design/style.css
Culprit is this -
I'm not sure though if this css class ".Hidden" being used elsewhere (it has the "!important")
For now, I'm gambling to remove it and replace it with the quick patch below.
modify your style.css
1) remove the !important from the .Hidden
2) add the others below
/** Fix for Actvity Comment - start **/
.Hidden {
display: none;
}
.ItemContent.ActivityComments {
margin: 0 0 0 45px;
}
.Activities ul.DataList {
margin-left: 45px;
}
li.CommentForm form.Hidden > div {
display: inline-block;
}
.DataList.ActivityComments li.CommentForm form.Hidden .TextBoxWrapper textarea.TextBox{
width: 100%;
}
/** Fix for Actvity Comment - end **/
Aolee
Re: FilterForumSearch plugin
direct css injection is deprecated, you should
in class.filteredforumsearch.plugin
replace
$Sender->AddCssFile($this->GetResource('views/style.css', FALSE, FALSE));
by
$Sender->addCSSFile('style.css', 'plugins/FilteredForumSearch');
and put style.css file in a design folder
That's all thank you for this plugin!
pioc34