Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Three features(fixes?) I'd like to see in MyBB 1.6
#11
Okay, Pirata. Ofcourse that makes sense.
You call it a feature/fix, but then say that I'm wrong saying that 1.6 is feature frozen.
#12
(05-21-2010, 07:59 PM)Nitrus Wrote: Either way, I doubt it will make it into 1.6. So either submit it to the ideas site or just wait until the next release.

This thread is a suggestion to MyBB, and I don't care about you think. This is a matter of security and by the looks of it you, those who use MyBB on your webistes, do not care about it.

@Rozzy get out of the thread if you have nothing useful to say, I didn't say it was not feature frozen.
#13
*Sigh* Maybe re-read the "feature frozen" part.
#14
Yes this should be patched, I think. All of those variables don't need to be accessible from the templates in the first place. $theme, $user and $settings should be the only ones available in templates besides the other specific ones.
good u
#15
(05-21-2010, 08:02 PM)Rozzy Wrote: *Sigh* Maybe re-read the "feature frozen" part.

I've edited my post so people like you don't come here just to say that it's feature frozen. If you look at the sticky, it mentions "whole features", these are small changes but important ones.
#16
Perhaps even limited at that, maybe use config.php to whitelist which fields/variables can be accessed from templates?
good u
#17
(05-21-2010, 08:04 PM)Scoutie44 Wrote: Perhaps even limited at that, maybe use config.php to whitelist which fields/variables can be accessed from templates?

I don't know. I've provided a solution posted by Yumi. It's up to the team to decide weather to take it into consideration or not but this is definitly something that, in my opinion, needs to be done.
#18
This user has been denied support. This user has been denied support.
Pointless effort is pointless.

MyBB 1.6 is in beta already, these changes were suggested long before that, if they wanted to implement it they'd have done so already, and in 1.4 too. The suggestion is made, whether they want to implement it or not is up to them. Arguing about it is a waste of time on both sides.
#19
(05-21-2010, 08:41 PM)frostschutz Wrote: Pointless effort is pointless.

MyBB 1.6 is in beta already, these changes were suggested long before that, if they wanted to implement it they'd have done so already, and in 1.4 too. The suggestion is made, whether they want to implement it or not is up to them. Arguing about it is a waste of time on both sides.

I'm starting to believe that as well
#20
(05-21-2010, 07:55 PM)Pirata Nervo Wrote:
(05-21-2010, 07:39 PM)Rozzy Wrote: MyBB 1.6 is feature frozen.

Please do not post if you do not know what you're talking about.

Ehm, he knows what he's talking about. I've stated a few times already that MyBB 1.6 is feature frozen as well.

You've had plenty of time to make suggestions before we went into beta.

That being said I took a look at the link and the information provided is incorrect. While they are problems that we would like to address in the future with a solid rewrite of the templating system they are not vulnerabilities. MyBB was never built to be used on a multiforum system so you have to be responsible for taking care of that.

In the other scenario, if you have admins that you don't trust with access to the templating system then you obviously shouldn't be an administrator of a forum. Just like I'm not gonna let John Doe 32 use my laptop to buy tickets online for the baseball game that night.

Obviously I am slighty concerned about an issue like this, but there is not enough backing to it (the conditions in which it could be done, to be specific) to require massive changes during a beta or maintenance release (when things are NOT supposed to be changed that much) unless someone can come up with a good, simple, non-hacky solution. The plugin that Zinga wrote is seriously hacky and it wouldn't stand close to the kinda of stable code that MyBB needs to push out in it's releases.


Forum Jump:


Users browsing this thread: 1 Guest(s)