Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Try Vanilla Forums Cloud product

Feed Back to Vanilla Team - broken blog links and security flaw.

RiverRiver MVP
edited June 2016 in Feedback

all of the links to the blog in https://vanillaforums.com/resources/faqs appear to be broken and just go to the main blog page.

e.g. http://vanillaforums.com/blog/help/how-to-add-facebook-twitter-google-and-openid-to-your-community/

goes to http://vanillaforums.com/blog

http://vanillaforums.com/blog/help/implementing-jsconnect-single-signon-on/

goes to http://vanillaforums.com/blog

all of the subject go to the main page.

Is that your intention or are you aware?

regarding security flaw...

this plugin has been marked as a security vulnerabilty?

wouldn't it be wise to remove a plugin from the downloads area - add-ons if it allows XSS attacks? considering it is advisable to upgrade php and vanilla when security flaws are found. why upgrade vanilla if you can introduce a security issue with a plugin that has been identified to contain one and hasn't been updated.

https://vanillaforums.org/discussion/26973/remote-cross-site-scripting-xss-attack-vulnerability-in-firstlastnames-1-3-2-plugin

Pragmatism is all I have to offer. Avoiding the sidelines and providing centerline pro-tips.

BleistivtvrijvlinderShadowdare

Comments

  • hgtonighthgtonight ∞ · New Moderator

    @River said:

    wouldn't it be wise to remove a plugin from the downloads area - add-ons if it allows XSS attacks? considering it is advisable to upgrade php and vanilla when security flaws are found. why upgrade vanilla if you can introduce a security issue with a plugin that has been identified to contain one and hasn't been updated.

    https://vanillaforums.org/discussion/26973/remote-cross-site-scripting-xss-attack-vulnerability-in-firstlastnames-1-3-2-plugin

    Yes, and it has.

    Search first

    Check out the Documentation! We are always looking for new content and pull requests.

    Click on insightful, awesome, and funny reactions to thank community volunteers for their valuable posts.

    Linc
  • RiverRiver MVP
    edited June 2016

    Yes I noticed, I sent Todd a message and the plugin with the xss vulnerability was removed in the past 48 hours. perfect. Better late then never. :wink:

    No response as yet related to above blog links going to home page instead of specific subject matter, whether it will be adjusted in the future, but at least it has been reported.

    Pragmatism is all I have to offer. Avoiding the sidelines and providing centerline pro-tips.

  • LincLinc Director of Development Detroit Vanilla Staff
    edited June 2016

    You would do better to direct stuff like that to me rather than Todd. Also, there is an issue tracker for the community: https://github.com/vanilla/community/issues

    hgtonight
  • AdrianAdrian Wandering Spirit Montreal Vanilla Staff

    Sorry I missed this issue earlier. Links in the FAQ have been fixed.

    Sharing is caring

    R_Jhgtonight
  • mission accomplished.

    Pragmatism is all I have to offer. Avoiding the sidelines and providing centerline pro-tips.

    vrijvlinder
  • more feedback if of interest.

    users are spamming your archived discussions.

    for example https://vanillaforums.org/discussion/comment/231513/#Comment_231513

    since these categories do not appear in recent discussions or in the categories page.

    you open yourself up to spamming of the vanilla forum, if you archive discussions and don't close them as well.

    since only a person looking at the archived discussion will see the spam, and it will not pop up on the recent discussions to be flagged. not sure if flagging an archived discussion actually works either.

    Pragmatism is all I have to offer. Avoiding the sidelines and providing centerline pro-tips.

  • RiverRiver MVP
    edited July 2016

    looks like a bit more spamming in archived categories - that are not closed to posting. vanilla 2.1 and before category.

    the comment https://vanillaforums.org/discussion/comment/242142/#Comment_242142
    in this discussion

    https://vanillaforums.org/discussion/27081/anonymous-posting-no-registration-required

    not sure if flagging from archived category works. can it be confirmed if flagging in archived categories works as it should.

    Pragmatism is all I have to offer. Avoiding the sidelines and providing centerline pro-tips.

  • hgtonighthgtonight ∞ · New Moderator

    @River said:

    not sure if flagging from archived category works. can it be confirmed if flagging in archived categories works as it should.

    I didn't see anything in the moderation queue, which is the expected result of flagging something. Di you use the report action under flag?

    Search first

    Check out the Documentation! We are always looking for new content and pull requests.

    Click on insightful, awesome, and funny reactions to thank community volunteers for their valuable posts.

Sign In or Register to comment.