v 2.0.0 released:
Quote:This version not work with Miuna Shoutbox Server 1.0, you need upgrade Miuna Shoutbox Server to 2.0. You need delete application in openshift and create again with 2.0.
Q: How i know if i has Miuna Shoutbox Server 2.0 ?
A: When access Miuna Shoutbox Server will return message below:
![[Image: JX9fQHf.png]](https://camo.mybb.com/5ddcef6fda3240f7112866fe36bfdcf08809b891/687474703a2f2f692e696d6775722e636f6d2f4a5839665148662e706e67)
If returned "Miuna Shoutbox Server successfully installed!" so you has 1.0 version and need upgrade to 2.0.
Fixed all vulnerability found. Security improved.
Bug fixes:
- Username with quote or double quote that not work.
- Expand/collapse bug (not save state after refresh page).
- Mention regex bug.
- Installation bug (disporder).
- Anti-flood and Ban bug that create new line in editor.
New features:
- On/Off Avatar.
- On/Off Auto image load.
- On/Off color in shoutbox.
Feature removed:
- Font style (issue with vulnerability)
- Style of username (issue with vulnerability)
Upgrade from 1.2.0:
Unistall old version, upload new version and install.
Before unistall copy (save) configuration information in some place (txt file etc.), you will need again miuna shoutbox server information again after install new version.
Demo of new version:
https://martec.ml/test/
User: test
pass: test123
Images of new version:
![[Image: sMW0eVh.png]](https://camo.mybb.com/e2acacd9aa48fc9a7f3121fa5553c05a8a1ea9bd/687474703a2f2f692e696d6775722e636f6d2f734d57306556682e706e67)
![[Image: fLTox4s.png]](https://camo.mybb.com/76a334985fda815c6eb7657e1144ba89e3c53e76/687474703a2f2f692e696d6775722e636f6d2f664c546f7834732e706e67)
![[Image: ziHUNM5.png]](https://camo.mybb.com/c37c5993a89e77be8a429847f1cc974347031f06/687474703a2f2f692e696d6775722e636f6d2f7a6948554e4d352e706e67)
![[Image: ssSjVkX.png]](https://camo.mybb.com/e6c384c22ead6a7f65ad19383dca95f9632987f6/687474703a2f2f692e696d6775722e636f6d2f7373536a566b582e706e67)
![[Image: 40YDHfd.png]](https://camo.mybb.com/74096bc0b94aefbe2728eb331ab0c64ef911d167/687474703a2f2f692e696d6775722e636f6d2f343059444866642e706e67)
(2015-05-26, 03:46 PM)An0ny Wrote: [ -> ]In other words you are not going to support this anymore, that you have no interest? That sucks, guess i'll need to go back to DVZ ..
Can you tell me where I can edit the template chat style though?
i will never said that not has support. If not has support, i will never release 2.0. But not, i will release 2.0 very soon. Support is limited in github, stop using MP, MP not will made release more fast.
2.0 is better, has option on/off auto image, limit characters, avatar, and choice color to shout. And several bug solved.
Style of font (bold, choice type of font, size) is gone definitely and will never return. Only the color is now supported on.
Thank you so much, this is a nice release!
I would pay for a shoutbox like this, you should charge for all your work. I hope color will not be removed, it's nice.
Ah damn! Now all users have same username color no matter what group? Why this? lol
(2015-05-27, 09:56 AM)An0ny Wrote: [ -> ]Thank you so much, this is a nice release!
I would pay for a shoutbox like this, you should charge for all your work. I hope color will not be removed, it's nice.
Ah damn! Now all users have same username color no matter what group? Why this? lol
vulnerability issue... reported.
possibility to change profile link to malicious link
possibility to set color to each group is planned to next version.
for now color to mod and common user only
(2015-05-27, 12:01 PM)martec Wrote: [ -> ] (2015-05-27, 09:56 AM)An0ny Wrote: [ -> ]Thank you so much, this is a nice release!
I would pay for a shoutbox like this, you should charge for all your work. I hope color will not be removed, it's nice.
Ah damn! Now all users have same username color no matter what group? Why this? lol
vulnerability issue... reported.
possibility to change profile link to malicious link
possibility to set color to each group is planned to next version.
for now color to mod and common user only
Okay, that's weird. Wouldn't this be "patched" by putting the allowed colors in array? do a regex check etc etc?
if we delete application to upgrade will it erase all the previous shout data ?
(2015-05-27, 07:17 PM)An0ny Wrote: [ -> ] (2015-05-27, 12:01 PM)martec Wrote: [ -> ] (2015-05-27, 09:56 AM)An0ny Wrote: [ -> ]Thank you so much, this is a nice release!
I would pay for a shoutbox like this, you should charge for all your work. I hope color will not be removed, it's nice.
Ah damn! Now all users have same username color no matter what group? Why this? lol
vulnerability issue... reported.
possibility to change profile link to malicious link
possibility to set color to each group is planned to next version.
for now color to mod and common user only
Okay, that's weird. Wouldn't this be "patched" by putting the allowed colors in array? do a regex check etc etc?
not has anything weired.
setting of color of username in mybb has follow structure <span style="color:#xxxxxx;"><strong>{username}</strong></span> and not only '#xxxxxx'.
and where you have read that array will made secure?
And Object.freeze too not made secure...
Best solution is "const", but not support to IE<10.
https://developer.mozilla.org/en-US/docs...ents/const
http://stackoverflow.com/questions/20150...nitialized
is there anyway to save that shout data ?
(2015-05-28, 03:57 AM)martec Wrote: [ -> ] (2015-05-27, 07:17 PM)An0ny Wrote: [ -> ] (2015-05-27, 12:01 PM)martec Wrote: [ -> ] (2015-05-27, 09:56 AM)An0ny Wrote: [ -> ]Thank you so much, this is a nice release!
I would pay for a shoutbox like this, you should charge for all your work. I hope color will not be removed, it's nice.
Ah damn! Now all users have same username color no matter what group? Why this? lol
vulnerability issue... reported.
possibility to change profile link to malicious link
possibility to set color to each group is planned to next version.
for now color to mod and common user only
Okay, that's weird. Wouldn't this be "patched" by putting the allowed colors in array? do a regex check etc etc?
not has anything weired.
setting of color of username in mybb has follow structure <span style="color:#xxxxxx;"><strong>{username}</strong></span> and not only '#xxxxxx'.
and where you have read that array will made secure?
And Object.freeze too not made secure...
Best solution is "const", but not support to IE<10. https://developer.mozilla.org/en-US/docs...ents/const
http://stackoverflow.com/questions/20150...nitialized
By setting a preset set of allowed colors, allowed fonts etc then do a check in php on the site it self before submission each time. Regex in php would do the job anyway for this, as long as you check it before the shout is sent to the node
(2015-05-28, 09:57 AM)An0ny Wrote: [ -> ]By setting a preset set of allowed colors, allowed fonts etc then do a check in php on the site it self before submission each time. Regex in php would do the job anyway for this, as long as you check it before the shout is sent to the node
you saying to use ajax?
i will never use ajax in this. Ajax use a lot resource of server, and not make any sense. this is websocket shout and not php shoutbox.
(2015-05-28, 07:27 AM)mujeebdgk Wrote: [ -> ]is there anyway to save that shout data ?
not possible...
you can save data in openshift... but you can't restore data, because structure is different.