vBSed development is in a state where you can check back see what you did good or bad or really really bad. I have so many ideas to implement and to start seriously thinking about a release. Don’t ask if it will be a paid product or a free mod. It’s true when I started the project I didn’t give a shit about that but now i regret it and I see how a few mistakes will keep me behind some time schedules.

Firstly the name. vBSed it sounded cool that time but now people think i just ripped seditio, they are terrible wrong on that but i can’t prove it yet. So i am on a name hunt to replace vbsed. I want something without any prefixes cause i don’t want to brand this project as a vbulletin product only. Who knows maybe on some point with only a few changes it will be available for so many other bb forum software out there. I don’t want any fancy things or something meaningless F.C.G.T.H.J.Y lol. It must be unique of course and attractive.

My biggest problem is the structure of the current vbsed which comes with various section but they all interact with each other. The categories/pages, the SFS site file space, Terminology, Portal Page and a few other less important to mention. What i have to do it break these sections apart and make them work independently from the other apps.  It sounds easy but it’s not, they all share some common functions, they all share some common phrases even templates, don’t metion the configuration options.  It’s not hard to do it after you think some unique product ids, it’s mostly search and replace, move this and copy that. I kinda hate these things. I wish i had some new, young underling for that, but hey in my work i am the underling so no luck with that.

If you get over with these “minor” problems we have the portal page problem which everything is hardcoded with no option to change things. I have big plans for this and it will be proved really enjoyable as it will be something new. Widgetize everything, custom layouts for each section with a million options, show this for lists but only for a few categories and only if the user is logged in or not. If i get over this i will try to convert or build new addons/widgets from the vbadvanced. People often mistake it for a cms but it’s not. The truth is that it’s a simple portal page, with a few nice options like adding some custom pages or adding sidebars to specific sections, and it has hundreds of addons for almost every single content addon of vbulletin. It’s funny cause 2/3 people i know hate it bad really bad but they can’t live without it cause of the 3rd party modules.

Before the early stages behind a release, i will have to re-examine the weak points of vbsed. The very few permission rules. eg for pages 1. can view, 2. can submit, 3. can admin. Pretty much ridiculous if you ask me, as i write this i can think at least 6-7 more permissions.  I don’t think vbsed has other so important weak points.  People will always find some but the as it is now vbsed is working as it’s made to be. Of course all parts of the project need to be revisited, don’t forget vbsed it was still is supposed to be a custom cms for my 3dacc.net

I also need to come up or ask help from professionals for some serious logo work, have you noticed how empty this post is?

DBC Backup, is a simple way to schedule daily database backups using the wp cron system. You can select when and where your backup will be generated. If your server has support you can select between three different compression formats: none, Gzip and Bzip2. The plugin will try to auto create the export directory, the .htaccess and an empty index.html file to protect your backups.

The backup file is also protected by a small hash key which make it impossible for someone to guess the backup name and download it.

During generation, a log will be generated which includes, the generation date, file, filesize, status amd the duration of the generation.

Except the cron backup, you have also the ability to take backups immediately. The backups are identical of what phpmyadmin produces because DBC Backup is using the key procedures of phpmyadmin.

DBC Backup was built to be fast, flexible and as simple as possible.
Read the full post

WP Explorer is an easy way to list directories and files on your server. Through a simple shortcode you can transform your posts and pages to file browsers.

Features
- Easy Configuration.
- Easy modification since you have control over templates from the options page.
- Exclude files, folders, extensions from listing.
- Protection from listing directories outside the specified one.
- Hot-linking protection through htaccess.
- Pretty links.
- 100% Ready for translations.
- Ability to include file version through a specific filename format. Read the full post

vBulletin 3.7.0

Today, the vBulletin team is proud to declare version 3.7.0 to be our stable, supported release.

vBulletin 3.7.0 is available immediately from the Members’ Area to all customers with active vBulletin licenses, and will be offered as the primary choice to those making new purchases.

This release supercedes the 3.6.x branch as our primary product. vBulletin 3.6.x will continue to be maintained for a limited time, as outlined in the end-of-life announcement posted today. We recommend that all customers with active licenses upgrade to vBulletin 3.7.0.

There are many new features and improvements to existing functionality in vBulletin 3.7.0 over vBulletin 3.6.x, most of which have already been described in the release announcements for the various pre-release versions, and in the First Look thread that was posted at the beginning of the beta process, but here is a brief list of just a few of the highlights.

• Inline spam management & prevention
• Thread tagging
• Search cloud / tag cloud
• Thread prefixes
• Reciprocal friendships between users
• Public visitor messaging on profile pages with ‘conversation’ feature
• User picture galleries with user comment facility
• User-created social groups with invite only and moderated membership options
• Extended member profile pages
• Customizable member profile pages with admin-controlled styling abilities
• Inline editing of custom user profile fields
• Lightbox viewer for attached images
• Viewable and comparable history maintained for post edits
• Extended re-authentication for inline moderation actions
• Notices system for navigation bar
• Multiple human-verification systems including reCAPTCHA, image verification and Q/A
• User change history
• Social bookmarking integration

Read the full post

Version 2.5.1 of WordPress is now available. It includes a number of bug fixes, performance enhancements, and one very important security fix. We recommend everyone update immediately, particularly if your blog has open registration. The vulnerability is not public but it will be shortly.

In addition to the security fix, 2.5.1 contains many bug fixes. If you are interested only in the security fixes, you can download these corrected copies of wp-includes/pluggable.php, wp-admin/includes/media.php, and wp-admin/media.php. Replace your existing copies of these files with these new copies.

If you download the entire 2.5.1 release, you will be getting over 70 other fixes. 2.5.1 focuses on fixing the most annoying bugs and improving performance. Here are some highlights:

• Performance improvements for the Dashboard, Write Post, and Edit Comments pages.
• Better performance for those who have many categories
• Media Uploader fixes
• An upgrade to TinyMCE 3.0.7
• Widget Administration fixes
• Various usability improvements
• Layout fixes for IE

Secret lives of blogs

Since 2.5 your wp-config.php file allows a new constant called SECRET_KEY which basically is meant to introduce a little permanent randomness into the cryptographic functions used for cookies in WordPress. You can visit this link we set up to get a unique secret key for your config file. (It’s unique and random on every page load.) Having this line in your config file helps secure your blog.

vBulletin Blog 1.0.5 Released

vBulletin Blog 1.0.5 is a maintenance release to our second vBulletin add-on. It contains a number of bug fixes since the release of 1.0.4. This release will work with vBulletin 3.6.8+ and vBulletin 3.7.0+.

Some of the bugs fixed include:

• 24750 - Trackbacks not working
• 25182 - Imagetags with parameters in blog description won’t work
• 24734 - IP-Link showing even IPs are turned off

See a full list of bugs fixed between Blog 1.0.4 and 1.0.5

Upgrading/Installing the Blog

Upgrades and new installations of the Blog follow the same process: upload the files and import the XML. After this, you will see a message that your upgrade or install was successful. For full instructions on how to upgrade or install, please see this manual entry.

About the Blog

vBulletin Blog is a fully featured blogging add-on that enables community members to create their very own online blogs within vBulletin. Giving members a place to post thoughts, ideas and musings will keep users returning to the community again and again, and advanced administration features allow forum owners and moderators to keep control and integrate Blog into vBulletin’s existing look and feel.

vBulletin Blog makes it simple for community members to create their own space within the community. Getting started is as simple as posting the first message (using the same familiar vBulletin editor). There is no lengthy setup process - blog owners are free to personalise their blog at any time by defining a title and a description that will appear at the top of every blog post.

• Find out more about the Blog
• View the Blog’s’ manual
• See the Blog in action on the vBulletin.com community forums

vBulletin 3.6.8 or newer is required to install the Blog. vBulletin 3.7.0 requires Blog version 1.0.3 or higher.

It should be proper for all plugins over vb.org to be updated shortly to implement this new security check, but anyway, this won’t any time soon by all the wanna be coders out there. So let me help you.

The new anti-CSRF is triggered by a specific constant on top of your script, the vb team selected this way to not break a few hundreds mods.

So on top of your script and before the call of the global.php ( under the define of the THIS_SCRIPT is a good place) add this line.

define('CSRF_PROTECTION', true);

Next step is to edit all your forms in your custom plugin templates to add a specific hidden input. A cool way to do this, is to open your product.xml and do a search for <form and under each of finds to add this line of code.

<input type="hidden" name="securitytoken" value="$bbuserinfo[securitytoken]" />

And you are done! You can make a test after the first step to see this nice error during any Post Request that comes from the scripts you added the first line.

Your submission could not be processed because a security token was missing or mismatched.

If this occurred unexpectedly, please inform the administrator and describe the action you performed before you received this error.

After a little search and if you think as i do you will find out how the new check works in the file includes/init.php lines 399-420.

Note that only Post requests are checked not GET too.

If for some reason you want your script to have this extra check but you also want for some reason to bypass it you must specify on top of your script something like this:

define('CSRF_SKIP_LIST', 'save,update,dosex');

Where each of save, update and dosex are the actions specified by the $_REQUEST['do'] or $_POST['do'] if you prefer that.

Happy Coding as always….

vBulletin 3.6.10

Although 3.6.9 was intended to be the final maintenance release for the 3.6.x series, the discovery of a CSRF (cross-site request forgery) vulnerability in vBulletin over the weekend has forced the release of an update to plug the hole.

The CSRF problem potentially enabled an administrator who had been lured to a third-party site to unknowingly submit forms located on the forum he or she administers, resulting in potential damage to the forum. Actions performed via the Admin Control Panel are not vulnerable.

The fix for the CSRF issue involves many files and many templates, so unfortunately it is not feasible to produce a patch or a plugin to address the problem. Only a full-scale update will work.

We recommend that customers running versions of vBulletin older than 3.6.10 upgrade as soon as possible.

Template Changes Automatically Applied

With one exception (userinfraction_view), all the template changes in this release require a revert, but they are simple to apply so the upgrade script will attempt to do this for you. The list below shows which templates will be affected by the change, and how they will be altered. Customized templates will be automatically updated, but your customized changes will be retained.

Read the full post

A security hole involving a CSRF (cross-site request forgery) vulnerability was reported to us over the weekend, requiring changes to significant numbers of templates and files in all of our products including vBulletin 3.x, Blog and Project Tools. The CSRF problem potentially enabled an administrator who had been lured to a third-party site to unknowingly submit forms located on the forum he or she administers, resulting in potential damage to the forum. Actions performed via the Admin Control Panel are not vulnerable.

Incidentally, this vulnerability is not unique to vBulletin - many web applications are affected and always have been, due to the very nature of the web.

It was decided that rather than push ahead and release 3.7.0, it would be better to roll out a further release candidate containing the fix for this problem, as the changes are widespread and it would not be prudent to label 3.7.0 as ’stable’ before it has had at least one outing in pre-release form.

As we release vBulletin 3.7.0 Release Candidate 4, we are simultaneously releasing 3.6.10, which contains various bug fixes back-ported from 3.7.0, and of course the fix for the security problem. New versions of Blog and Project Tools will follow shortly in the coming days.

Unfortunately, due to the number of file and template changes required by the security fix, it is not practical to provide a patch or plugin to resolve the problem - only a full-scale upgrade will be sufficient.

Read the full post

The demo sed site has been updated, from now on all the plugs, or at least those that can be demonstrated in public will be there for you to see them in action. Plugins and Skins, most of them can be found there, to interact with the demo site and the public features please use this dummy account
Username: demo Password: demo

Take your time and browse around, it would help if you could contribute a little, post, topics, posts, entries for the t3 faq, t3 classifieds and the events.