Want to get involved in developing SMF, then why not lend a hand on our github!
Started by Kindred, June 05, 2014, 07:43:06 PM
Quote from: Itchigotim on June 18, 2014, 09:58:55 PMI read nothing but good things
Quote from: BeastMode topic=525177.msg3720020#msg3720020It's so powerful that on this post and even in the two PMs you sent me,you still answered my question very quickly and you're apologizing for the delay. You're the #1 support I've probably ever encountered man, so much respect for that. Thank you, and get better soon.
Quote from: ranseyer on June 19, 2014, 10:44:36 AMMaybe it would be a good idea to sign the "packages" (= SMF patches) like Debian does with a PGP Key. So the Package Manager can only install (per default) Packages which are build by the SMF Team.Yes its work, but i could help.
Quote from: Flavio93Zena on June 19, 2014, 11:16:50 AMQuote from: ranseyer on June 19, 2014, 10:44:36 AMMaybe it would be a good idea to sign the "packages" (= SMF patches) like Debian does with a PGP Key. So the Package Manager can only install (per default) Packages which are build by the SMF Team.Yes its work, but i could help.Also it would restrict any unofficial mod and it's not a good idea. How could modders try their mods if they aren't authorized? Lol
Quote from: ‽ on June 14, 2014, 12:49:21 PMQuoteI have a dozen smf forums, and one xenforo, the xenforo gets more spam and security issues. Spam is not a security issue, nor has XenForo ever had any known security issues.* ‽ is a licence holder btwQuoteMost paid version never come close.On the contrary, I consider XenForo a superior platform in a number of respects, even as much as I like SMF.
QuoteI have a dozen smf forums, and one xenforo, the xenforo gets more spam and security issues.
QuoteMost paid version never come close.
QuoteI beg to differ, XF has security issue particular the last was a Tapatalk issues.Now true its a plugin but it manipulated XF security limits this was not and issue with SMF.A person could access Admin areas pretty easily.
QuoteThey have a very small staffand are very slow to address security issues and support is dismal. You can do your own research and google and see
QuoteSMF is far superior to most forums out there, its not about fluff and add ons like XF has, its about reliability and stability.
Quote from: ‽ on June 19, 2014, 12:20:45 PMAs a trivial example I give you https://github.com/SimpleMachines/SMF2.1/blob/release-2.1/index.php#L39 - doing the same unset operation twice in a row. I know exactly why that's like that, I also know it can now be changed to be sane again but I doubt the bulk of the dev team would understand it without an unnecessarily long explanation of why.
Quote from: ‽ on August 04, 2014, 02:47:59 PMBecause it's a vulnerability in PHP itself that was fixed in PHP 5.1.4.Quick bit of theory: in PHP there are really two kinds of arrays, numeric and hashmap. The latter is where it doesn't use the actual 'key' you give it but instead creates a hash out of it and uses that. Under some circumstances prior to 5.1.4, unsetting a key in an array would clean out one key but a second variation of the key would produce the same hash. It's known as the Zend_Hash_Del_Key_Or_Index vulnerability inside the Zend engine that powers PHP itself.Unsetting it twice in a row is required to neuter the vulnerabilty. SMF 2.0 still supports below PHP 5.1.4 so it had to be patched like that. 2.1 until very recently supported 5.1.0 as a minimum target version, which still required said patch, but now is 5.3.8+ and so it can be changed. But it's the kind of fringe detail that only miserable old farts like me would know about.
Quote from: ‽ on August 10, 2014, 09:24:11 AM. Easier to blame a third party, especially when it's 'written by amateurs' and whatever other nonsense normally gets spouted.