Vanilla 1 is no longer supported or maintained. If you need a copy, you can get it here.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Vanilla 1.1.6 release candidate 2

edited March 2009 in Vanilla 1.0 Help
Vanilla 1.1.6 fixes some cookies-related secure issues (thanks to Reed Loden for reporting the bug and submitting the patches). SubJunk is also working on improving the usability of the moderation options. You can find the complete list of changes on the release notes page.

Please test this first release candidate and report any bug:

ps: if we missed some delegation requests, let us know.


  • while I haven't downloaded this to test, can I make a feature request:

    can the userid field be made larger than 20 characters?

    with the Google Login extension, email addresses get saved as userid's, and this results in long email addresses getting chopped.


    upping it to something like 30 characters might be a bit better. is that doable?

  • I have another feature request if possible: Could there be a field in LUM_User called Hidden or Deleted? This way when doing a user list, accounts marked with this wouldn't show up. This could be a privacy feature and a way of having "deleted" accounts not show up.

    thanks :)
  • A user list isn't part of Vanilla, so it wouldn't make sense for Vanilla itself to create a column that it will never use.
    Don't be shy to create the column yourself. It is very common for extensions to add to the database, there is no problem there.

    A similar response to the first post as well. If the Google Login extension would benefit from making the userid field 30 characters long, it can modify the field itself quite easily, as many extensions do.
  • thanks. I've already added a "Hidden" field into my database and am attempting to write an add-on. I think I'm going to have to RTFM tho...
  • "A similar response to the first post as well. If the Google Login extension would benefit from making the userid field 30 characters long, it can modify the field itself quite easily, as many extensions do."

    Could you point me toward some documentation on how to do this, or just let me know here? I have a number of users with >20 char usernames, and have been putting off updating Vanilla because I've forgotten where I clumsily hacked things to allow them to actually login with the long names... I asked here about 6 weeks back, but haven't gotten any suggestions.
  • You can use ALTER TABLE, like this:ALTER TABLE User MODIFY Name varchar(100);, so in an extension code you would put something like this:mysql_query("ALTER TABLE `".$Context->Configuration['DATABASE_TABLE_PREFIX']."User` MODIFY 'Name'",$Context->Database->Connection)
  • After reading the release notes I have a question concerning the upcoming seurity features to integrate vanilla into a larger web application context:
    How will I have to encrypt the UserID into which cookie to enable the log in by a redirected user authentication?
    A short informal statement (no code needed (yet ;-)) will suffice. Thanks in advance.
  • edited January 2009
    It is not for security (the user id is easy to get by other way) but for privacy.

    if $Configuration['ENCRYPT_COOKIE_USER_KEY'] is True, Vanilla with save a md5 hash in the cookie. However, Vanilla can work with the id and its md5 hash.

    If your extension needs the id in the cookie, you should set $Configuration['ENCRYPT_COOKIE_USER_KEY'] to false. $Configuration['ENCRYPT_COOKIE_USER_KEY'] will be set to True by default in Vanilla 1.2 (if such version come out - depends of vanilla 2).
  • Does Vanila feature moderated forums, or is it like PunBB, allowing everything through and forcing site admins to do an emergency removal of 2,500 posts directly from the database?
  • > Does Vanila feature moderated forums?
  • I just loaded vanilla and after I sign in everything I attempt to do with personal, settings, etc. I get the same error below Some problems were encountered There was a problem authenticating your post information. Can someone please help
  • There might be a problem your php session settings or your vanilla cookie settings. Put this script at the root of your forum and visit it:
  • there's a bug installing Vanilla using SSL. even if you run the installation through a https:// URL, a settings.php is created with http:// URLs. it is impossible to login after installation until you change all references of 'http' to 'https' in settings.php.
  • edited March 2009
    I just uploaded Vanilla 1.1.6-rc2. It added a move discussion feature and fix the ssl issue with installer (the installer support ssl and set HTTP_METHOD):
Sign In or Register to comment.