====== Release 1.0.4 ====== Fireboard 1.0.4 is the latest release of the popular FireBoard forum from Best of Joomla. =====What's New in FireBoard 1.0.4===== **Release Date:** 24.12.2007 **Purpose:** This release is primarily focused on fixing bugs and security issues and at the same time provides much overall performance improvements. A lot of effort went into testing and code fixes to make FireBoard much more stable and robust. We believe that FireBoard 1.0.4 marks a significant milestone in this projects evolution. **Improved Session Management:** The original session management algorithm got re-written. Dependency on cookies for session length was eliminated and migrated into the database. Amongst the features listed below, this increases security of FireBoard compared to prior releases. Through the new session management architecture multiple broken FireBoard features are now fully functional: * NEW! item indicator * Double Page re-load elimination * Flood protection * Correct board time offset being utilized for all time calculations **New BBCode Parser:** This is a parser to replace BBCode style tags with their html equivalents. It does not simply do some regex calls, but is complete stack based parse engine. This ensures that all tags are properly nested, if not, extra tags are added to maintain the nesting. This parser should only produce xhtml 1.0 compliant code. All tags are validated and so are all their attributes. It should be easy to extend this parser with your own tags, see the includes/interpreter.fireboard.inc. All the 3rd party developers are highly encouraged to use the new parser syntax and content preparation. The older methods are simply not secure. =====Changes in 1.0.4===== ====Security Fixes==== Through re-architecting several key components like the Code parser and the FireBoard specific session management several potential security exploits have been fixed. In addition the new architecture does this much more intelligently than 1.0.3 and before. No more distorted posts from the old XSS fix that added those famous '_' all over certain keywords. This release fixes the Cross-site scripting (XSS) that accompanies all the versions prior to 1.0.4, including all the versions of JoomlaBoard. Hence, upgrading to this release is **crucial**. The new session management architecture is no longer dependent on cookie information to maintain active sessions. By migrating this into the database it has become impossible to spoof manipulated session length data. ====New Features==== While 1.0.4 has been targeted primarily as a bug fix release, there are a few new feature that have been implemented. While the list might not seem extensive, the architectural improvements inside the application are significant and the foundation for many future features and modules. === List of new features === * Full Joomla 1.5 compatibility in legacy mode - now approved by us! * Completely redesigned Session Management * Duplicate post elimination - prevents exact copies being reposted within a 30 min window ==== ==== Although the new session management algorithm has moved the session logic from a cookie based system into the database, the resulting database upgrade is being performed by the application itself and on demand. This eliminates the need to perform a manual database upgrade from 1.0.3 to 1.0.4. This new strategy will become standard for future releases. ==== Bug-fixes==== With 1.0.4 being primarily a bug fix release, the list of resolved issues is extensive. More problems have been taken care of than ever before. Yes, we know, there are more open and known issues but so much progress was made that we did not want the community to wait any longer for these fixes. ===List of the most important fixes=== * Redesigned BBCode parser - after many tests and improvements. This fixes a whole lot of things, allowing code highlighting, smilies, natural XSS protection, improved autolinking, auto mailto, raw HTML allowed * Redesigned user session management; fixing several embedded bugs * Cookie independent session length management * [[http://joomlacode.org/gf/project/fireboard/tracker/?action=TrackerItemEdit&tracker_item_id=5508|[#5508]]] NEW indicator logic fixed * Correct board offset applied to systime in internal logic * [[http://joomlacode.org/gf/project/fireboard/tracker/?action=TrackerItemEdit&tracker_item_id=8115|[#8115]]] Double page reload eliminated * [[http://joomlacode.org/gf/project/fireboard/tracker/?action=TrackerItemEdit&tracker_item_id=8623|[#8623]]] Double posts * [[http://joomlacode.org/gf/project/fireboard/tracker/?action=TrackerItemEdit&tracker_item_id=8686|[#8686]]] Incorrect link to CB user list * [[http://joomlacode.org/gf/project/fireboard/tracker/?action=TrackerItemEdit&tracker_item_id=8683|[#8683]]] Incorrect link to CB registration and password retrieval * [[http://joomlacode.org/gf/project/fireboard/tracker/?action=TrackerItemEdit&tracker_item_id=7524|[#7524]]] Serious RSS problem with SOLUTION * Userlist fix case CB column count vary, tnnophoto.jpg * Profile case CB show nophoto.jpg * Search broken in non-default template * [[http://joomlacode.org/gf/project/fireboard/tracker/?action=TrackerItemEdit&tracker_item_id=8652|[#8652]]] Blank/error pages when plugin is activated but not installed * [[http://joomlacode.org/gf/project/fireboard/tracker/?action=TrackerItemEdit&tracker_item_id=8621|[#8621]]] RSS: can not view if you are not logged in * Preview button now returns real parsed bbcode - no popup * [[http://joomlacode.org/gf/project/fireboard/tracker/?action=TrackerItemEdit&tracker_item_id=8637|[#8637]]] Enable save CSS in backend * [[http://joomlacode.org/gf/project/fireboard/tracker/?action=TrackerItemEdit&tracker_item_id=8620|[#8620]]] multiple format and redirection fixes - e.g. after post edit * [[http://joomlacode.org/gf/project/fireboard/tracker/?action=TrackerItemEdit&tracker_item_id=6851|[#6851]]] post number wrong when stats bar disabled * [[http://joomlacode.org/gf/project/fireboard/tracker/?action=TrackerItemEdit&tracker_item_id=5595|[#5595]]] Problems with accented characters in signature * Signature now allowing full bbcode! * Moved many language consts into FB * Search special chars allowed * URLs in mail now not html-encoded * Approve: unapproved messages no more show up anywhere in public * Avatar upload design no more broken * Meta title special chars now correct * Several high risk security vulnerabilities Thanks: Ultra Security Research * Fixed avatar directory for category view * Fixed search problem with international chars * [[http://joomlacode.org/gf/project/fireboard/tracker/?action=TrackerItemEdit&tracker_item_id=6611|[#6611]]] Cleanup of search results (strip smilies and bbcode) * Broken flood protection fixed through new session management * [[http://joomlacode.org/gf/project/fireboard/tracker/?action=TrackerItemEdit&tracker_item_id=8090|[#8090]]] Broken report plugin fixed and success message cleaned up * Who-is-online session timeout synchronized with new session management * Many more Tracker issues have been taken care of through one or more of above fixes and general redesign: [[http://joomlacode.org/gf/project/fireboard/tracker/?action=TrackerItemEdit&tracker_item_id=6420|[#6420]]], [[http://joomlacode.org/gf/project/fireboard/tracker/?action=TrackerItemEdit&tracker_item_id=6610|[#6610]]], [[http://joomlacode.org/gf/project/fireboard/tracker/?action=TrackerItemEdit&tracker_item_id=6196|[#6196]]], [[http://joomlacode.org/gf/project/fireboard/tracker/?action=TrackerItemEdit&tracker_item_id=7325|[#7325]]], [[http://joomlacode.org/gf/project/fireboard/tracker/?action=TrackerItemEdit&tracker_item_id=6420|[#6420]]], [[http://joomlacode.org/gf/project/fireboard/tracker/?action=TrackerItemEdit&tracker_item_id=8161|[#8161]]], [[http://joomlacode.org/gf/project/fireboard/tracker/?action=TrackerItemEdit&tracker_item_id=8151|[#8151]]], [[http://joomlacode.org/gf/project/fireboard/tracker/?action=TrackerItemEdit&tracker_item_id=8558|[#8558]]], [[http://joomlacode.org/gf/project/fireboard/tracker/?action=TrackerItemEdit&tracker_item_id=6118|[#6118]]], [[http://joomlacode.org/gf/project/fireboard/tracker/?action=TrackerItemEdit&tracker_item_id=5872|[#5872]]], [[http://joomlacode.org/gf/project/fireboard/tracker/?action=TrackerItemEdit&tracker_item_id=8562|[#8562]]], [[http://joomlacode.org/gf/project/fireboard/tracker/?action=TrackerItemEdit&tracker_item_id=5433|[#5433]]], [[http://joomlacode.org/gf/project/fireboard/tracker/?action=TrackerItemEdit&tracker_item_id=5740|[#5740]]], [[http://joomlacode.org/gf/project/fireboard/tracker/?action=TrackerItemEdit&tracker_item_id=5774|[#5774]]], [[http://joomlacode.org/gf/project/fireboard/tracker/?action=TrackerItemEdit&tracker_item_id=6386|[#6386]]], [[http://joomlacode.org/gf/project/fireboard/tracker/?action=TrackerItemEdit&tracker_item_id=6418|[#6418]]], [[http://joomlacode.org/gf/project/fireboard/tracker/?action=TrackerItemEdit&tracker_item_id=6462|[#6462]]], [[http://joomlacode.org/gf/project/fireboard/tracker/?action=TrackerItemEdit&tracker_item_id=6494|[#6494]]], [[http://joomlacode.org/gf/project/fireboard/tracker/?action=TrackerItemEdit&tracker_item_id=8402|[#8402]]], [[http://joomlacode.org/gf/project/fireboard/tracker/?action=TrackerItemEdit&tracker_item_id=6984|[#6984]]], [[http://joomlacode.org/gf/project/fireboard/tracker/?action=TrackerItemEdit&tracker_item_id=5550|[#5550]]], [[http://joomlacode.org/gf/project/fireboard/tracker/?action=TrackerItemEdit&tracker_item_id=6419|[#6419]]], [[http://joomlacode.org/gf/project/fireboard/tracker/?action=TrackerItemEdit&tracker_item_id=6631|[#6631]]], [[http://joomlacode.org/gf/project/fireboard/tracker/?action=TrackerItemEdit&tracker_item_id=7817|[#7817]]], [[http://joomlacode.org/gf/project/fireboard/tracker/?action=TrackerItemEdit&tracker_item_id=8597|[#8597]]], [[http://joomlacode.org/gf/project/fireboard/tracker/?action=TrackerItemEdit&tracker_item_id=7729|[#7729]]], [[http://joomlacode.org/gf/project/fireboard/tracker/?action=TrackerItemEdit&tracker_item_id=8625|[#8625]]], [[http://joomlacode.org/gf/project/fireboard/tracker/?action=TrackerItemEdit&tracker_item_id=8624|[#8624]]], [[http://joomlacode.org/gf/project/fireboard/tracker/?action=TrackerItemEdit&tracker_item_id=8622|[#8622]]], [[http://joomlacode.org/gf/project/fireboard/tracker/?action=TrackerItemEdit&tracker_item_id=8594|[#8594]]], [[http://joomlacode.org/gf/project/fireboard/tracker/?action=TrackerItemEdit&tracker_item_id=8619|[#8619]]], [[http://joomlacode.org/gf/project/fireboard/tracker/?action=TrackerItemEdit&tracker_item_id=6016|[#6016]]] As extensive as this list is, we do realize that there are still outstanding issues. However we believe that we have corrected the highest priority items and have improved the overall quality of the project significantly. =====Downloading and Installing===== For information on how to download and install FireBoard 1.0.4 see the following sections within the [[:com_fireboard:release_1.0:start|1.0.x Series]] * [[:com_fireboard:release_1.0:system requirements|Minimum System Requirements]] * [[:com_fireboard:release_1.0:installation|Installation]] * [[:com_fireboard:release_1.0:clean install|Clean Install]] * [[:com_fireboard:release_1.0:configuration options|Configuration]] * [[:com_fireboard:release_1.0:control panel|Control Panel]] * [[:com_fireboard:release_1.0:upgrading|Upgrading]] Although the new re-architected session management requires a modification to the underlying database schema, this upgrade has been embedded into the core logic and is performed on-demand by FireBoard. So, if you are upgrading from [[:com_fireboard:release_1.0:1.0.3:|Release 1.0.3]] there is no need for a manual database upgrade script to be executed. If you are upgrading from an earlier release than 1.0.3 you have to follow the upgrade instructions for 1.0.3 on how to upgrade your database schema. Going forward we will be working on full automation for future upgrades, that will eliminate the need for manual upgrade scripts altogether. =====Known Issues===== With many bug fixes delivered in this release there are still known, outstanding issues that you should be aware of. In addition to this list you might want to check [[http://joomlacode.org/gf/project/fireboard/tracker/|Tracker]] for more up-to-date information on known issues. However, please be aware that bugs submitted in Tracker are not necessarily confirmed and sometimes include wishes and suggestions for future releases. We never expect the list in Tracker to completely go away and the fact that there are open and unassigned bugs listed on Tracker should not alarm you. **Intrasession NEW indicator** The current logic of the NEW indicator is to mark an entire thread as read within a given session. Newer posts, happening after the thread was read but inside the current visit will not be marked as NEW because of that. A more detailed what-was-read history is required with individual timestamps. Too much change of the overall framework to be included in 1.0.4. Most people will never see this timing problem. Overall, the new - NEW indicator logic works very well and the recent rewrite has made it a very stable solution. **Timezone - Board offset issue** Currently FireBoard stores all times in UTC + Board Offset. The Offset is added to the server time and new posts are stored with that time. A change in Board Offset only effects new Posts but can make for some future post time/dates for existing posts. These temporal issues disappear after a few hours (when enough time has past to compensate for the new board offset. This is another area that was deemed too risky to touch in a bug fix release. However, we have put this on our future todo list for improvements. A change will also allow FireBoard to manage user individual timezone settings. **Session View Type** This is a fairly minor issue but warrants more of an explanation how FireBoard handles the session view type (flat vs. threaded). The view type is managed on a per user level and the setting is stored in the users profile. On every new visit the view type will be reset to the users preferred setting. A new visit is defined as the first page view after more than 30 min of inactivity. If the view type gets changed during a visit through the menu system of FireBoard, the current choice will temporarily override the default setting and will supersede it for the current visit. The override will stay in place until the next new visit. As this temporary override has priority over the profile setting, a change in the profile might not become visible until the next new visit. **jQuery vs MooTools Problem** / **Javascript Errors** / **Quickreply boxes still showing** The reason behind it is the conflict of old jQuery versions (prior to 1.2.1) with __MooTools__ Javascript library. As of FireBoard 1.0.4, jQuery 1.2.1 is used. So, if you have someway MooTools in your website (like rockettheme templates) and older FireBoards, most probably you will have this problem. The solution to this problem is remove all the occurences of "any" other jQuery.js library, for example delete the line from ClexusPM mambot, that are older than 1.2.1 and using **only** one instance of jQuery.js, preferably the one shipped with FireBoard. Checklist: - Only 1 jQuery file is loaded and the version is higher than 1.2.1 - jQuery.js is on the top of all other Javascripts loaded in the page - You might have to refresh the browsers cache to see the problem go away. - jQuery and jQuery.packed.js (minified) are the same, just lower in size If you are looking for some tools and how to attack those java script problems check out [[:problem:tools|Useful tools]]. :!:**Notice errors: _FB_COPY_OK during installation** You should not worry about them at all. Installation process can not be multilingual. That's why those language constants are not read correctly. **Legacy html tags in posts and signatures** Older code as well as forum migrations have placed html tags into the posts and signatures. The new bbCode parser no longer converts them to executable html to prevent malicious code from getting to the endusers browser. We have created a very simple fix that can be run against any 1.0.4 Fireboard installation. You can find the patch on SVN: [[http://joomlacode.org/gf/project/fireboard/scmsvn/?action=browse&path=%2Fdevelopment%2Freleases%2F1.0%2FUpgrades%2FFireboard_104_html_cleanup.sql&revision=542&view=markup&pathrev=542|Fireboard_104_html_cleanup.sql]] ===== Frequently Asked Questions ===== * What can I do to help? We need help from developers and the testing community to provide as much feedback as possible to make FireBoard even better. Please read these notes and the [[http://|bug filing instructions]] before reporting any bugs to JoomlaCode Bug Tracker. You can also give us your feedback through [[http://|this feedback]] forum. * Why haven't you responded to the mail I sent you? Use the [[http://www.bestofjoomla.com/component/option,com_fireboard/Itemid,38/|forums]]. The Best of Joomla team reads them regularly. We all get a lot of email and your email may get lost. * Where can I get extensions and themes (add-ons)? Extensions and Themes can be downloaded from [[http://www.bestofjoomla.com/component/option,com_extensions/Itemid,67/|Download Section]]. ===== Localization ===== See the [[:com_fireboard:trans:start| FireBoard Translation page]] about all translation topics. ===== Other Resources and Links ===== * FireBoard Project Page * Best of Joomla's Knowledge Base * Developer Information