NationStates Jolt Archive

Whoever's admin around here should read this article:
http://www.phpbb.com/phpBB/viewtopic.php?t=113826

And once you've recovered from the shock, give these forums an update to 2.0.6.

You don't have to if you don't want to, of course, but I strongly recommend that you do.

Problem is that these forums aren't just phpbb 2.0.4 - they're heavily modded versions. To upgrade to 2.0.6 would require effectively remaking all the changes that have been made to this

That doesn't require a full update, though. Just changing a bit of code. (Unless I missed something).

-----
The Most Serene People's Republic of Naleth
"Life is a suicide mission"
Shameless Plug for Adelaide (http://www.nationstates.net/cgi-bin/index.cgi/page=display_region/region=Adelaide)
Getting Help Page (http://www.nationstates.net/cgi-bin/index.cgi/page=help)
The Tech FAQ (http://www.nationstates.net/forum/viewtopic.php?t=81296)

Looks to me like it's just the default template that's been modded. Shouldn't take much to redo those changes.

Mind you, I don't know what Max modded around here...

Problem is that these forums aren't just phpbb 2.0.4 - they're heavily modded versions. To upgrade to 2.0.6 would require effectively remaking all the changes that have been made to this

Pfft, this is light compared to Writers Ramblings (http://www.writers-ramblings.com)...

We decided to not update the forums until 2.2 comes out, because we've added some 300 odd hacks... :?

Looks to me like it's just the default template that's been modded. Shouldn't take much to redo those changes.

Mind you, I don't know what Max modded around here...

They've (in essence) completely removed profiles and the usergroups, so that in itself will make an update a pain...

We decided to not update the forums until 2.2 comes out, because we've added some 300 odd hacks... :?

Makes sense to me.

Looks to me like it's just the default template that's been modded. Shouldn't take much to redo those changes.

Mind you, I don't know what Max modded around here...

They've (in essence) completely removed profiles and the usergroups, so that in itself will make an update a pain...

Not to mention writing completely new registration code, deletion code, etc

Looks to me like it's just the default template that's been modded. Shouldn't take much to redo those changes.

Mind you, I don't know what Max modded around here...

They've (in essence) completely removed profiles and the usergroups, so that in itself will make an update a pain...

Not to mention writing completely new registration code, deletion code, etc

That's just tying in URL's to the Moderator centre. phpBB's forms basically just submit information back to the page they're in. I'm guessing all [violet]'s done with regards to that is submit that deletion information to the forums using either a special account with admin access, or she's made one or two small changes in the semantics to allow the game moderators to delete users from the forums as well as the game.

Looks to me like it's just the default template that's been modded. Shouldn't take much to redo those changes.

Mind you, I don't know what Max modded around here...

They've (in essence) completely removed profiles and the usergroups, so that in itself will make an update a pain...

Not to mention writing completely new registration code, deletion code, etc

That's just tying in URL's to the Moderator centre. phpBB's forms basically just submit information back to the page they're in. I'm guessing all [violet]'s done with regards to that is submit that deletion information to the forums using either a special account with admin access, or she's made one or two small changes in the semantics to allow the game moderators to delete users from the forums as well as the game.

What about the code to replace all posts of a user with ----Post Deleted by the NationStates Moderators----

Looks to me like it's just the default template that's been modded. Shouldn't take much to redo those changes.

Mind you, I don't know what Max modded around here...

They've (in essence) completely removed profiles and the usergroups, so that in itself will make an update a pain...

Not to mention writing completely new registration code, deletion code, etc

That's just tying in URL's to the Moderator centre. phpBB's forms basically just submit information back to the page they're in. I'm guessing all [violet]'s done with regards to that is submit that deletion information to the forums using either a special account with admin access, or she's made one or two small changes in the semantics to allow the game moderators to delete users from the forums as well as the game.

What about the code to replace all posts of a user with ----Post Deleted by the NationStates Moderators----

*shrugs*

They're bound to have made a few changes. Either way, this wouldn't be affected by the update because the updates only find and replace code, and add/remove new code where needed.

I'm sure [vi]'s patching skills are up to par. :P

Actually, as long as the the new phpBB is backward compatible with the current table structure, there should be minimal changes required. This just is one of many things on our "When everything else is stabilized." list.

Actually, as long as the the new phpBB is backward compatible with the current table structure, there should be minimal changes required. This just is one of many things on our "When everything else is stabilized." list.

There will be an update script to convert 2.0 to 2.2 boards. It won't be backwards compatible in the normal 'lets stick it in and see if it'll work' sort of way though I don't think...

bleh

I will happily donate 5 pounds to the admin who sets up the quick reply mod.

Hello,

I run phpBBSupport.co.uk (http://www.phpBBSupport.co.uk), and I have pointed out these security flaws to Max and he has informed me of his fixes to corrispond to this.

He has also patched other fixes I ahve not submitted to the phpBB Group because they irriate the shit out of me on a good day, but now John is gone I may think about it.

I am the author of over 100 hacks myself, and almost all are now 2.0.6 compliant.

I say that sticking with 2.0.4 is not a bad idea until 2.2 comes out now at M2, and expected late next summer early autumn.

You require anymore information on the working of phpBB then please join the relivant site and ask there, I say this because this is not a phpBB support site, but the one I run is.

Regards,
Rapid Dr3am.

Lordy - what have I started off here?
:D