vBulletin 3.7.0

Today, the vBulletin team is proud to declare version 3.7.0 to be our stable, supported release.

vBulletin 3.7.0 is available immediately from the Members’ Area to all customers with active vBulletin licenses, and will be offered as the primary choice to those making new purchases.

This release supercedes the 3.6.x branch as our primary product. vBulletin 3.6.x will continue to be maintained for a limited time, as outlined in the end-of-life announcement posted today. We recommend that all customers with active licenses upgrade to vBulletin 3.7.0.

There are many new features and improvements to existing functionality in vBulletin 3.7.0 over vBulletin 3.6.x, most of which have already been described in the release announcements for the various pre-release versions, and in the First Look thread that was posted at the beginning of the beta process, but here is a brief list of just a few of the highlights.

• Inline spam management & prevention
• Thread tagging
• Search cloud / tag cloud
• Thread prefixes
• Reciprocal friendships between users
• Public visitor messaging on profile pages with ‘conversation’ feature
• User picture galleries with user comment facility
• User-created social groups with invite only and moderated membership options
• Extended member profile pages
• Customizable member profile pages with admin-controlled styling abilities
• Inline editing of custom user profile fields
• Lightbox viewer for attached images
• Viewable and comparable history maintained for post edits
• Extended re-authentication for inline moderation actions
• Notices system for navigation bar
• Multiple human-verification systems including reCAPTCHA, image verification and Q/A
• User change history
• Social bookmarking integration

Read the full post

Version 2.5.1 of WordPress is now available. It includes a number of bug fixes, performance enhancements, and one very important security fix. We recommend everyone update immediately, particularly if your blog has open registration. The vulnerability is not public but it will be shortly.

In addition to the security fix, 2.5.1 contains many bug fixes. If you are interested only in the security fixes, you can download these corrected copies of wp-includes/pluggable.php, wp-admin/includes/media.php, and wp-admin/media.php. Replace your existing copies of these files with these new copies.

If you download the entire 2.5.1 release, you will be getting over 70 other fixes. 2.5.1 focuses on fixing the most annoying bugs and improving performance. Here are some highlights:

• Performance improvements for the Dashboard, Write Post, and Edit Comments pages.
• Better performance for those who have many categories
• Media Uploader fixes
• An upgrade to TinyMCE 3.0.7
• Widget Administration fixes
• Various usability improvements
• Layout fixes for IE

Secret lives of blogs

Since 2.5 your wp-config.php file allows a new constant called SECRET_KEY which basically is meant to introduce a little permanent randomness into the cryptographic functions used for cookies in WordPress. You can visit this link we set up to get a unique secret key for your config file. (It’s unique and random on every page load.) Having this line in your config file helps secure your blog.

vBulletin Blog 1.0.5 Released

vBulletin Blog 1.0.5 is a maintenance release to our second vBulletin add-on. It contains a number of bug fixes since the release of 1.0.4. This release will work with vBulletin 3.6.8+ and vBulletin 3.7.0+.

Some of the bugs fixed include:

• 24750 - Trackbacks not working
• 25182 - Imagetags with parameters in blog description won’t work
• 24734 - IP-Link showing even IPs are turned off

See a full list of bugs fixed between Blog 1.0.4 and 1.0.5

Upgrading/Installing the Blog

Upgrades and new installations of the Blog follow the same process: upload the files and import the XML. After this, you will see a message that your upgrade or install was successful. For full instructions on how to upgrade or install, please see this manual entry.

About the Blog

vBulletin Blog is a fully featured blogging add-on that enables community members to create their very own online blogs within vBulletin. Giving members a place to post thoughts, ideas and musings will keep users returning to the community again and again, and advanced administration features allow forum owners and moderators to keep control and integrate Blog into vBulletin’s existing look and feel.

vBulletin Blog makes it simple for community members to create their own space within the community. Getting started is as simple as posting the first message (using the same familiar vBulletin editor). There is no lengthy setup process - blog owners are free to personalise their blog at any time by defining a title and a description that will appear at the top of every blog post.

• Find out more about the Blog
• View the Blog’s’ manual
• See the Blog in action on the vBulletin.com community forums

vBulletin 3.6.8 or newer is required to install the Blog. vBulletin 3.7.0 requires Blog version 1.0.3 or higher.

It should be proper for all plugins over vb.org to be updated shortly to implement this new security check, but anyway, this won’t any time soon by all the wanna be coders out there. So let me help you.

The new anti-CSRF is triggered by a specific constant on top of your script, the vb team selected this way to not break a few hundreds mods.

So on top of your script and before the call of the global.php ( under the define of the THIS_SCRIPT is a good place) add this line.

define('CSRF_PROTECTION', true);

Next step is to edit all your forms in your custom plugin templates to add a specific hidden input. A cool way to do this, is to open your product.xml and do a search for <form and under each of finds to add this line of code.

<input type="hidden" name="securitytoken" value="$bbuserinfo[securitytoken]" />

And you are done! You can make a test after the first step to see this nice error during any Post Request that comes from the scripts you added the first line.

Your submission could not be processed because a security token was missing or mismatched.

If this occurred unexpectedly, please inform the administrator and describe the action you performed before you received this error.

After a little search and if you think as i do you will find out how the new check works in the file includes/init.php lines 399-420.

Note that only Post requests are checked not GET too.

If for some reason you want your script to have this extra check but you also want for some reason to bypass it you must specify on top of your script something like this:

define('CSRF_SKIP_LIST', 'save,update,dosex');

Where each of save, update and dosex are the actions specified by the $_REQUEST['do'] or $_POST['do'] if you prefer that.

Happy Coding as always….

vBulletin 3.6.10

Although 3.6.9 was intended to be the final maintenance release for the 3.6.x series, the discovery of a CSRF (cross-site request forgery) vulnerability in vBulletin over the weekend has forced the release of an update to plug the hole.

The CSRF problem potentially enabled an administrator who had been lured to a third-party site to unknowingly submit forms located on the forum he or she administers, resulting in potential damage to the forum. Actions performed via the Admin Control Panel are not vulnerable.

The fix for the CSRF issue involves many files and many templates, so unfortunately it is not feasible to produce a patch or a plugin to address the problem. Only a full-scale update will work.

We recommend that customers running versions of vBulletin older than 3.6.10 upgrade as soon as possible.

Template Changes Automatically Applied

With one exception (userinfraction_view), all the template changes in this release require a revert, but they are simple to apply so the upgrade script will attempt to do this for you. The list below shows which templates will be affected by the change, and how they will be altered. Customized templates will be automatically updated, but your customized changes will be retained.

Read the full post

A security hole involving a CSRF (cross-site request forgery) vulnerability was reported to us over the weekend, requiring changes to significant numbers of templates and files in all of our products including vBulletin 3.x, Blog and Project Tools. The CSRF problem potentially enabled an administrator who had been lured to a third-party site to unknowingly submit forms located on the forum he or she administers, resulting in potential damage to the forum. Actions performed via the Admin Control Panel are not vulnerable.

Incidentally, this vulnerability is not unique to vBulletin - many web applications are affected and always have been, due to the very nature of the web.

It was decided that rather than push ahead and release 3.7.0, it would be better to roll out a further release candidate containing the fix for this problem, as the changes are widespread and it would not be prudent to label 3.7.0 as ’stable’ before it has had at least one outing in pre-release form.

As we release vBulletin 3.7.0 Release Candidate 4, we are simultaneously releasing 3.6.10, which contains various bug fixes back-ported from 3.7.0, and of course the fix for the security problem. New versions of Blog and Project Tools will follow shortly in the coming days.

Unfortunately, due to the number of file and template changes required by the security fix, it is not practical to provide a patch or plugin to resolve the problem - only a full-scale upgrade will be sufficient.

Read the full post

The demo sed site has been updated, from now on all the plugs, or at least those that can be demonstrated in public will be there for you to see them in action. Plugins and Skins, most of them can be found there, to interact with the demo site and the public features please use this dummy account
Username: demo Password: demo

Take your time and browse around, it would help if you could contribute a little, post, topics, posts, entries for the t3 faq, t3 classifieds and the events.

The main reason i selected wordpress to power the new T3 was the pretty big plugin directory of wordpress. The plugin directory as i write this post serves more than 2018 plugins with 4.000.000 downloads. That’s pretty impressive but expected from the #1 blogtool in the world. Developers and authors deserve many credits but i can’t deny most of them are crap in my opinion always. After hours of searching, browsing, inspecting the plugins over the wp directory for weeks, i am left with a negative impression.

My bad impression comes from the fact that most of the plugin authors never heard the word “performance”. Let’s get serious wordpress plugin system is cool but for Pit’s shake the memory usage, is super hight. 9-11MB average with only 10 plugins ? Yeap that’s right these are the numbers in my case. People will say it’s not much but when you see some of the most successful php products out there like vbulletin or IPB to use only the half of that of wordpress makes you wonder. Maybe it’s me, i have adopted a way of thinking that says performance must be balanced with features. Read the full post

T3-Faq plugin v2.5 is a powerful faq-knowledgebase script with easy configuration and smart structure to support unlimited levels of categories and subcategories.
Read the help.html inside the docs folder for more information

Version 2.5 Speed Fighter
————
- Pre-Parsed BBcodes in anwsers. In some cases over 400-600% performance improvement.
- Added Question counters for categories, -1 query in categories list.
- Added Comments counter for questions, -1x query in questions list.
- Added Ratings Average for questions, -2x/3x queries in questions list.
- Added 4 new maintenance modes to support the new version.
- Added 2 new modules for the main page, most commented and most rated.
- Adopted jquery for the main ajax call, hopefully now it will work for everyone.
- Updated various code blocks. Nice and Clean.
- Updated Template files is now as simple as possible.
- Replaced sort options with a form, more easy to use.
- Fixed various small bugs everywhere.

Read the full post

New skin release for seditio, after one year since my the last skin release.

Features:
- Dark Brown Skin for clans gaming sites and not only.
- Fixed width optimized for 860*760 and up
- Rounded borders everywhere
- Highly optimized graphics. Extra graphics are only 36.5kb in size.
- Rollover navigation effect
- Rollover effect for lists forum sections and topics

Included files:
- Layered .psd files that you can alter and use them on your site.
- Fonts used for various graphics
- Brand new folder icons.
- The skin files of course.

Read the full post