Fahlstad Design

WP-Forum 2.0 release is close

2008/10/11

Mostly of the code is written and I’ve had some time to debug using the forum on this site, Much thanks to Bharatk who are helping me with the debugging and for coming with feedback and suggestions. I still need you people to come with input and suggestions about functionality and design. It is after all you who will be using it and I want you all to be happy with it.

So please if you are browsing the forum and encounter any errors please add a comment to this post about it. I have put a lot of effort to get the forum secure and it should be quite safe to use it. Some big changes to the database layout makes the next version not compatible with earlier versions. A initial upgrade is made the first time the new version is activated. All your posts, topics, forums and moderators will be intact.

WP forum beta 2 running

2008/10/06

I have come so far that I decided to run a beta version of WP Forum on this site. Please help me out if you find any bugs.

User clean up

2008/09/26

I have currently over 22000 user on by blog where probably 90% is spam users. I’m gonna remove all users without any blog comments or forum posts.

I’ve started to use Sabre Captcha plugin for user registrations and it’s working like a charm.

Simple Anti Bot Registration Engine By Didier Lorphelin.

If I by mistake remove any correct user I do apologize in advance and urge you to re-register, sorry for the inconvenience.

Some screenshots WP Forum 2.0 admin area

2008/09/23

About

[caption id="attachment_629" align="alignleft" width="150" caption="Skins Options"]

[/caption]

Forum Structure

[caption id="attachment_627" align="alignleft" width="150" caption="General Options"]

[/caption]

User group management (not ready)

Complete re-write of WP Forum

2008/09/23

After many hours of debugging i have decided to completely re-write WP Forum from scratch. And as I go along I’m adding some new features such as User Groups. User Groups can be used to restrict and/or permit certain users to access forums. This is something I have gotten a lot of requests about. Better support for different character sets. Especially the spanish and russian one. Better support for language packs.

And for programmers out there, I’m doing this completely object oriented. This have several benefits:

Less bloated code
Maintenance is much easier
Re-use of code

As a user you can rely upon a much more stable product. This next version will be 2.0 and I’m almost done with the admin interface. It’s gonna take a while but it’s well worth the effort. I have started to use WordPress SVN repository which makes updates a breeze with WordPress’ built in installer.

WP Forum 1.7.8 bugs, bugs…

2008/09/19

I’ve come a cross several bugs in WP Forum lately, mostly it’s from incompability with WordPress. I haven’t been updating my plugins for a while and therefor i have to fix these things. Lots of Captcha bugs fixed and some user handling added and fixed. Version 1.7.8 is available both from WordPress plugin page and from my own plugin page.

I’ve come a cross several bugs in WP Forum lately, mostly it’s from incompability with WordPress. I haven’t been updating my plugins for a while and there fore i have to fix these things. Lots of Captcha bugs fixed and some user handling added and fixed. Version 1.7.8 is available both from WordPress plugin page and from my own plugin page.

Bug hunting is not what i like to do on my free time but what don’t one do for the WordPress community. And as the famous programmer Brian Kernighan said:

Everyone knows that debugging is twice as hard as writing a program in the first place. So if you’re as clever as you can be when you write it, how will you ever debug it? (Brian Kernighan)

Clever dude.

WP Forum 1.8 under development

2008/09/19

I’m currently upgrading WP Forum to include password protected groups and fine tuning the Captcha function. A beta version ca be downloaded at the plugin page.

Please feel free to test this new beta version and give me feedback on bugs and problems that might occur. Downloads is made from the WordPress subversion directory from now on. Makes it easier with the version tagging and lessen my confusion.

WP Forum vers. 1.7.7 with Captcha

2008/09/15

Version 1.7.7 of WP Forum is not released and it features optional Captcha for unregistered users. And as always de-activate and re-activate the plugin to allow WP Forum to update the database.

Security issues in WP Forum fixed

2008/09/12

All security issues in this report is fixed.

New version is 1.7.6

Excerpt from the report

Description:
Some vulnerabilities have been discovered in the WP-Forum plugin for WordPress, which can be exploited by malicious users to conduct script insertion attacks, and by malicious people to conduct cross-site scripting and SQL injection attacks.

1) Input passed to the “user” parameter in the WordPress installation’s index.php script (when “forumaction” is set to “showprofile” and “page_id” to a page with the “” tag) is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation of this vulnerability allows e.g. retrieving usernames, password hashes, and e-mail addresses for all users and administrators, but requires knowledge of the database table prefix.

2) Input passed to the “forum_query” parameter in the WordPress installation’s index.php script (when “forumaction” is set to “search”) is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site.

Successful exploitation of this vulnerability requires that the target user has valid user credentials.

3) Input passed to the “forumtext” parameter in the WordPress installation’s index.php script (when “forumaction” is set to “post”) is not properly sanitised before being stored. This can be exploited to insert arbitrary HTML and script code, which is executed in a user’s browser session in context of an affected site when the malicious data is viewed.

Successful exploitation of this vulnerability requires that the attacker has valid user credentials.

The vulnerabilities are confirmed in version 1.7.4. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
1) websec Team
2, 3) FeDeReR and sinner_01

Addicted to World Of Warcraft

2007/01/01

I reacently discovered the magnificent game of Word Of Warcraft (WOW) and I have been addicted ever since. I always have considered roll playing games to be for the younger people, oh my, was I wrong. It really sound silly a 33 year old can be so addicted to something as simple as a computer game. I really have to cut down my playing hours, but I’m currently a level 33 night elf hunter… and the quest continues.

WOW is a Massive Multiplayer Online Roll Playing Game (MMORPG) and is played online as the genre name says. Anybody else feel the same way?