Arrow Home arrow Forums
larger font smaller font default font Fixed screen resolution Auto adjust screen size

Joomlapolis Forums  


Boardwalk :: Forum List CB 1.2.1 CB 1.2.1 General Discussion
<< Start < Prev 1 2 Next > End >>
Link articles to CB Profile
Date: 2009/06/23 19:22 By: Seanstex Status: User  
Karma: 0  
Fresh Joomlapolitan

Posts: 8
graphgraph
Pretty much what the subject says. I tried using ZaKAuthor but it seems with 1.2.1 it just displays a href code where the name should be.

Agora author bot will link to their profile, but only if I want their real names displayed as the link. And I don't

Alias name doesn't link at all.

It's a pain because if I want to publish articles after members submit them, I have to set parameters to Hide name, show alias then type in their username manually for each article which also doesn't link to profile.

There has got to be an easier way to do this?
Click here to see the profile of this user The administrator has disabled public write access.

Re:Link articles to CB Profile
Date: 2009/06/23 21:08 By: krileon Status: CB Doc subscriber  
Karma: 289  
Moderator

Posts: 11051
graph
A new method is being rethought. Due to Joomla 1.5.11 security changes adding a link as author name is no longer as easy as previously. Essentially all bots that do this are broken.
Kyle (Krileon)
Community Builder Team Member

Before posting on forums: Read all CB Articles | Specially the FAQ | Help us help you
CB links: Subscribe to CB documentation | Our templates | Paid Subscriptions | Get Hosting | Our Forge
Visit my CB Profile | Read my CB Blog
--
My personal site(s)/link(s): AllMySocials - Tutorials | Downloads | Forum
Click here to see the profile of this user The administrator has disabled public write access.

Re:Link articles to CB Profile
Date: 2009/06/24 02:51 By: Seanstex Status: User  
Karma: 0  
Fresh Joomlapolitan

Posts: 8
graphgraph
Well it's good to know that there's something in the works atleast . I'll just have to deal with the long linkless route for the time being.
Click here to see the profile of this user The administrator has disabled public write access.

Re:Link articles to CB Profile
Date: 2009/08/11 12:07 By: lemur Status: User  
Karma: 0  
Fresh Joomlapolitan

Posts: 20
graphgraph
The problem was solved by Yuri Volkov (yvcomment).
See:
http://forum.joomla.org/viewtopic.php?f=473&t=428193&p=1804749#p1804749
Click here to see the profile of this user The administrator has disabled public write access.

Re:Link articles to CB Profile
Date: 2009/08/11 16:30 By: krileon Status: CB Doc subscriber  
Karma: 289  
Moderator

Posts: 11051
graph
lemur wrote:
The problem was solved by Yuri Volkov (yvcomment).
See:
http://forum.joomla.org/viewtopic.php?f=473&t=428193&p=1804749#p1804749

Do not do as instructed in the post. This was done for a reason, security. By reverting what Joomla team has done you just open up the vulnerability again. This is not a resolution to the problem, but creates an even bigger problem.

Here's how to fix this... create a joomla plugin and remove the heading (author, date, etc...) then add the heading to the very top of the article. You can then use links. In your code just format it the same way it's formatted by Joomla and it'll work exactly the same as it did before, but respecting security and working at the same time.
Kyle (Krileon)
Community Builder Team Member

Before posting on forums: Read all CB Articles | Specially the FAQ | Help us help you
CB links: Subscribe to CB documentation | Our templates | Paid Subscriptions | Get Hosting | Our Forge
Visit my CB Profile | Read my CB Blog
--
My personal site(s)/link(s): AllMySocials - Tutorials | Downloads | Forum
Click here to see the profile of this user The administrator has disabled public write access.

Re:Link articles to CB Profile
Date: 2009/08/11 21:05 By: yvolk Status: User  
Karma: 2  
Fresh Joomlapolitan

Posts: 9
graphgraph
krileon wrote:

lemur wrote:
The problem was solved by Yuri Volkov (yvcomment).
See:
http://forum.joomla.org/viewtopic.php?f=473&t=428193&p=1804749#p1804749

Do not do as instructed in the post. This was done for a reason, security. By reverting what Joomla team has done you just open up the vulnerability again. This is not a resolution to the problem, but creates an even bigger problem.
Very interesting. What a security risk is to show on HTML page some part of the Article (namely "created_by_alias" property) that was just retrieved from the database (from _our_ database)?
One possible scenario that I can think of is that some attacker managed to save this article with some evil "injection" to his "alias" and so we're fighting with injections stored in our database.

In this case I'm sure we should better care about filtering (escaping...) that injection _before_ it is written to the database, and not _after_ it is read from it?!

Post edited by: yvolk, at: 2009/08/11 21:08
Click here to see the profile of this user The administrator has disabled public write access.

<< Start < Prev 1 2 Next > End >>
Boardwalk :: Forum List CB 1.2.1 CB 1.2.1 General Discussion

Joomlaboard Forum Component 1.1.3 Stable
Two Shoes M-Factory

CBSubs 1.0

CBSubs 1.0.3 released!

Find out more about the revolutionary new Joomla subscription system:

Info on CBSubs

CB 1.2.3 Documentation

Thank you bonus:

ProfileBook (+Blog) 1.2RC
ProfileGallery 1.2RC2
CB Privacy 1.0RC

What? Why? Where?

Click here for a yearly subscription: subscribe now

CB 1.2.3 Download

Community Builder 1.2.3
Stable and native for:
Joomla 1.5 & 1.0 & Mambo
(incl. CB 1.2.3 Installation pdf)
You need to be a registered member to download.

Full 180 pages updated
CB 1.2.3 documentation:
You need to be a CB doc subscriber to download.

CB Login