Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Options
Spyware Proof
Vanilla sends back the following information about your install without permission. That is a violation of privacy and that is what makes it spyware.
\applications\dashboard\js\settings.js
jQuery(document).ready(function($) {
// Phone-home to the VanillaForums server to check for updates
var updateChecks = gdn.definition('UpdateChecks', '');
if (updateChecks != '') {
var webroot = gdn.definition('WebRoot', '');
var data = 'source='+webroot
+ '&users=' + gdn.definition('CountUsers', 0)
+ '&conversations=' + gdn.definition('CountConversations', 0)
+ '&messages=' + gdn.definition('CountConversationMessages', 0)
+ '&discussions=' + gdn.definition('CountDiscussions', 0)
+ '&comments=' + gdn.definition('CountComments', 0)
+ '&updateChecks=' + updateChecks
$.ajax({
type: "POST",
url: gdn.url('/dashboard/utility/updateproxy'),
data: data,
dataType: 'json',
success: function(json) {
if (json.messages != '' || json.response != '') {
// Save the message
$.ajax({
type: "POST",
url: gdn.url('/dashboard/utility/updateresponse'),
data: 'Messages='+json.messages+'&Response='+json.response+'&TransientKey='+gdn.definition('TransientKey'),
success: function() {
// After the responses have been saved, re-fill the
// #Content with this page's view (in case there are any
// messages to be displayed)
if (json.messages != '')
$('#Content').load(
gdn.url('/dashboard/settings/index'),
'DeliveryType=ASSET&DeliveryMethod=XHTML'
);
}
});
}
}
});
}
});
\applications\dashboard\js\settings.js
jQuery(document).ready(function($) {
// Phone-home to the VanillaForums server to check for updates
var updateChecks = gdn.definition('UpdateChecks', '');
if (updateChecks != '') {
var webroot = gdn.definition('WebRoot', '');
var data = 'source='+webroot
+ '&users=' + gdn.definition('CountUsers', 0)
+ '&conversations=' + gdn.definition('CountConversations', 0)
+ '&messages=' + gdn.definition('CountConversationMessages', 0)
+ '&discussions=' + gdn.definition('CountDiscussions', 0)
+ '&comments=' + gdn.definition('CountComments', 0)
+ '&updateChecks=' + updateChecks
$.ajax({
type: "POST",
url: gdn.url('/dashboard/utility/updateproxy'),
data: data,
dataType: 'json',
success: function(json) {
if (json.messages != '' || json.response != '') {
// Save the message
$.ajax({
type: "POST",
url: gdn.url('/dashboard/utility/updateresponse'),
data: 'Messages='+json.messages+'&Response='+json.response+'&TransientKey='+gdn.definition('TransientKey'),
success: function() {
// After the responses have been saved, re-fill the
// #Content with this page's view (in case there are any
// messages to be displayed)
if (json.messages != '')
$('#Content').load(
gdn.url('/dashboard/settings/index'),
'DeliveryType=ASSET&DeliveryMethod=XHTML'
);
}
});
}
}
});
}
});
Tagged:
0
Comments
"// Phone-home to the VanillaForums server to check for updates"
This is a normal process that practically all web based apps, linux distros, cell phone operating systems use..... if it has automatic updates, it has to check for the updates. If it didnt check for updates and offer you to install them, this could be a security threat, staying up to date is one of the easiest ways to protect ones self against exploits/malware.
I like Marks Response to your other three threads regarding the same topic, if you want to submit code improvements, you may do so. Possibly including an option to turn off automatic updates.. though, they aren't fully automatic yet so ..
to be honest i think vanilla should have an option to send the developers more information for site statistics relevant to development. What apps are installed, how many apps are installed, tracking errors, site stats, etc etc ... this is a feature request ive been needing to post in GIT.
Are you trying to get some cheap glory spreading yellow stuff around? You are just presenting yourself as either a retard or idealist - you choose.
http://vanillaforums.org/page/updates
Although we highly recommend you don't use it as you will no longer be notified of important security updates, we've added a permanent solution for disabling this feature:
http://github.com/vanillaforums/Garden/commit/490ccfb844d9f35874bb1187b5f71487ee0a6800
can you please reiterate that the application is not collecting any personal identifying information and its purpose is non malicious in any shape or form. If not others will be asking.
Vanilla phones home, reporting a summary of the number of discussions, comments, and users, as well as the name and versions of any add-ons installed. We use this information to (a) figure out what needs to be updated on the client installation and (b) help us promote our product usage.
Vanilla does not collect any personal identifying information and its purpose is non-malicious. Instructions to disable this feature can be found here: http://vanillaforums.org/page/updates
Have a great day!