Forum Replies Created
-
AuthorPosts
-
December 10, 2013 at 6:55 pm #4068
visionsynergyParticipantI have the same issue after upgrading to WP 3.7.1 and CBOX 1.0.6
Anyone point me to a fix?
December 10, 2013 at 6:48 pm #4066visionsynergyParticipantAfter upgrading to WP 3.7.1 and CBOX 1.0.6
I still have this ongoing issue.
I’m not sure what to do. As I understand the situation, this problem represents a major security flaw.
Every member in my community has the ability to create new groups (public/private/hidden). Every time a private/hidden group is created in my community, I must go to:
Menu > Tools > Forums
and use the bbPress tool:
“Recalculate private and hidden forums”
to reset forum visibility.
Otherwise, forum discussions in my private/hidden groups will be visible in public feeds!
Anyone else have an update or permanent fix on this issue?
This one keeps me up at night.
December 10, 2013 at 6:34 pm #4064visionsynergyParticipantAfter upgrading to WP 3.7.1 and CBOX 1.0.6
I have no wiki home page.
Navigating to mysite/wiki/
shows only the directory of wiki pages (see screenshot) but no home page.
Anyone else have this problem?
Attachments:
You must be logged in to view attached files.December 10, 2013 at 6:21 pm #4063visionsynergyParticipantMy CBOX Theme Options page still doesn’t work.
WP 3.7.1
CBOX 1.0.6
Here’s what I see from my staging server, using either Chrome or Firefox …
Menu > Appearance > CBOX Theme Options
Page is blank except for CBOX logo and theme options buttons (Start, Options, User Docs, Dev Docs).
Clicking any options button opens a new tab showing only the number “0”
For all pages:
mysite/wp-admin/admin-ajax.php?page=infinity-theme&route=cpanel/start … (and /options, /docs, /ddocs)
That’s it.
Anyone else having problems?
September 24, 2013 at 7:35 pm #3676visionsynergyParticipantRe:
https://commonsinabox.org/groups/help-support/forum/topic/theme-options-issues/#post-3657
@r-a-y, is the attached error the kind of thing you are looking for?I am testing this CBOX 1.0.5.1 upgrade on a staging server hosted with WPEngine.
Here’s what my install looks like:
= Versions
Infinity Version: 1.1b
Developer Mode: Disabled
BuddyPress: 1.8.1
MySQL: 5.5.30
Permalinks: custom
PHP: 5.3.2-1ubuntu4.19
WordPress: 3.6.1
WordPress multisite: no= Theme
Current theme: CBOX Child Theme version 1.0
= Active Plugins
Commons In A Box: 1.0.5.1
bbPress: 2.3.2
BuddyPress Docs: 1.4.5
BuddyPress Docs Wiki add-on: 1.0.4
BuddyPress Group Email Subscription: 3.4
CAC Featured Content: 1.0.3
CUNY Academic Commons Buddy Press Admin Bar Mods: 0.1
Google Docs Shortcode: 0.2
Invite Anyone: 1.0.23Akismet: 2.5.9
AVH Extended Categories Widgets: 3.8.0-dev.2
BP Auto Login on Activation: 1.0.1
BP Display Name: 1.0
BP Group Announcements: 1.0.2
Contact Form 7: 3.4.2
Custom Profile Filters for BuddyPress: 0.3.1
Display widgets: 1.24
Google sitemap plugin: 2.8.1
Login Logo: 0.7
Page Links To: 2.9.3
Really Simple CAPTCHA: 1.6
SeedProd Coming Soon Pro: 3.10.1
WordPress HTTPS: 3.3.6
WordPress Importer: 0.6.1
WordPress SEO: 1.4.13Attachments:
You must be logged in to view attached files.September 24, 2013 at 6:55 pm #3675visionsynergyParticipant@bowe, are the new slider features part of the CBOX 1.0.5.1 upgrade?
September 24, 2013 at 6:39 pm #3674visionsynergyParticipantIssues I am currently working to resolve on my installation or figure out what fixes are in places:
1. CBOX theme options editor
2. changes to feature slider
3. ongoing wiki/docs issues (since the last version of CBOX)
4. privacy feeds bug in bbpress forums for private/hidden groupsAugust 20, 2013 at 8:06 pm #3483visionsynergyParticipantI applied both fixes to ../wp-content/plugins/buddypress-docs-wiki/bpdw.php
However, I still have both issues. Here’s what I’m doing and how the site is setup:
Attachment issue:
1. I’m logged in as superadmin
2. I navigate to mysite/docs/
3. I click the Create New Doc button (mysite/docs/create/)
4. I give the doc a title, some text, and click the Add Files button to add an attachment
5. The Upload File window opens, but fails when I try to attach a file (see screenshot)Read/Edit URL issue:
1. I have a custom permalink structure: mysite/resources/%postname%/
2. So, I tried changing the setting to the basic post-name option and saving
3. Then I browsed to the docs directory at mysite/docs/
4. I tried to create a doc as above (without attachment) leaving association/access/tags/parent settings as default
5. After clicking the Save button, I am immediately redirected to my homepage
6. I can see and edit the docs via the WP Admin interface
7. If I try to view/edit the doc via its URL (e.g. mysite/docs/doc-name/edit/) or from the links on the docs directory page, I am again immediately redirected to my homepage
8. I get the same behavior with a wiki pageAny other suggestions?
Attachments:
You must be logged in to view attached files.August 20, 2013 at 6:53 pm #3478visionsynergyParticipantRe:
Hi @albeck. You mention that the theme options editor is broken in CBOX 1.0.4 after upgrade to WP 3.6. At least for me and a few other users, the theme options editor seems to be wonky even after upgrading to CBOX 1.0.5. There’s an active discussion about that issue here:
Also,
Re:
You mention issues with the changed functionality in the slider. I’m trying to sort that one out myself as well:
-
This reply was modified 11 years, 4 months ago by visionsynergy.
August 20, 2013 at 6:48 pm #3477visionsynergyParticipantHi @bowe. Any updates on the slider issues?
I’ve been bouncing around the forums trying to sort out the current state of affairs with the upgrade to CBOX 1.0.5. There are a number of open discussions/posts/comments about issues with the slider. Here are the threads I’m following right now:
https://commonsinabox.org/groups/cbox-developers/forum/topic/cleaning-up-the-slider/#post-3269
https://commonsinabox.org/groups/help-support/forum/topic/slider-issue-with-latest-update/#post-3288
August 20, 2013 at 6:25 pm #3476visionsynergyParticipantJust closing out this issue.
Our site is live now. Empty links in our menu caused problems with the mobile/responsive display. That’s all fixed now and I assume no else has seen any issues with the mobile menu on their own sites.
I haven’t really dug any deeper into the mobile menu CSS. I’m still a bit mystified with how the CBOX Infinity child theme is structured.
Anyhow, has anyone else made any significant changes to the mobile/responsive menu with the CBOX child theme on their own sites?
August 20, 2013 at 5:58 pm #3471visionsynergyParticipantI am seeing the same issues.
Upgraded to CBOX 1.0.5 on staging server.
Confirmed fix already applied (https://commonsinabox.org/groups/help-support/forum/topic/possible-cbox-theme-options-bug-resulting-from-upgrade-to-wordpress-3-6/#post-3453).
I encounter the following two issues with the theme option editor:
1. The media uploader window looks and acts wonky in my browsers (see screenshots 1,2,3). Selecting a new favicon or logo from the media library makes no changes.
2. Intermittently, the option editor just loops without loading (see screenshot 4) and the links are dead as @emeyal and @geoffreysmac-com also said.
So according to this discussion …
the theme options editor is completely broken in CBOX 1.0.4 after upgrading to WP 3.6
and
the theme options editor is still broken in CBOX 1.0.5
Anyone able to successfully upgrade to WP 3.6 & CBOX 1.0.5 without these issues? Anyone seeing something different? Any other suggestions?
Attachments:
You must be logged in to view attached files.August 9, 2013 at 8:14 pm #3383visionsynergyParticipant@mrdale, I am not involved in academia (though I used to be a departmental director at Azusa Pacific University), so my own concerns are not with FERPA or any other legal requirements. My concerns are a little more at the people-might-be-thrown-in-a-North-African-jail-and-disappear-forever scenario.
In our CBOX based community, many of our intended participants are humanitarian activists in various parts of the world. I work with a niche consulting firm that builds and advises partnerships/networks of faith-based nonprofits in more than 80 countries. Altogether, more than 2000 different organizations are involved. We are building our community for the leadership of those networks/partnerships. Over 3000 individuals have signed up to our launch list.
One of the promises we have made to our constituency is that while we want to facilitate free and open communication, we will also pay serious attention to the security & privacy of the community. If people want to form and join what they believe are private/hidden groups, then those conversations should remain private. If people want to create collaborative docs or attach files, those documents and attachments should be locked down.
So far, it’s a little touch-and-go, to be honest. As you’ve already seen in the help&support forum, there was a known issue with bbPress forum visibility settings for private/hidden groups:
I think some other security areas to pay special attention to are file attachments/sharing, the docs/wiki component, and group administration. Depending on your plug-ins and configuration, attachments (to docs/forums) can be exposed to the public. Group association, ownership, and visibility of the docs/wiki pages can be fiddly. If a private group is deleted, its associated docs and forum still exist, so there are constant admin cleanup tasks that must follow. I’m sure the list is much longer, but those are the big red flags on my list at the moment.
After getting my site into a somewhat stable state, my next plan is to hire one of the white hat certified ethical hackers we know to bang away on the site and see if there are other security/privacy issues.
In the end, it all comes down to trust. Your students, clients, or constituents trust that you (as the sponsor of the community) will keep the community platform secure and private. In my case, there are no second chances. So I’m taking a much more cautious approach now.
August 7, 2013 at 2:57 pm #3317visionsynergyParticipantRe:
Okay, here’s the latest.
@bowe and @r-a-y … you guys are a-w-e-s-o-m-e !!!
Many thanks for saving my life.
For anyone else watching this issue, it appears that the solution from @bowe will work if you want to just turn off all feeds. We also implemented the workaround from @r-a-y and it works as advertised. I still don’t know if this is a one-time fix or a regular maintenance task every time a group/forum is created (until the bug is fixed in the next bbPress release).
August 7, 2013 at 2:44 pm #3316visionsynergyParticipantRe:
@helenef, I agree with what @mkgold said. Private and hidden groups are intended to keep membership/activity/discussion within those groups private. A hidden group is simply a private group that is not listed in the directory. A community member would not even know a hidden group existed unless they were invited to join that group. These three levels of group privacy (public/private/hidden) are an important (critical) feature, imho.
In our case, our community involves individuals who work in some very unstable parts of the world in a wide variety of humanitarian activities. The ONLY way I was able to recruit the small group of alpha test users we have right now is by explaining the security/privacy features we were putting in place:
* SSL encryption (entire site) via Cloudflare
* Invitation-only membership (I love the InviteAnyone feature!)
* Limited public/member profile visibility (Extended profiles are great – default settings are only username/avatar publicly visible, other fields visible only to logged in members, and still other fields only visible to friends)
* Private & Hidden groups/forums
* Hosting on a secure & reliable platform (WPEngine)
Two months from now, we had planned to send out our invitations to 3000 people who had signed up to our launch notification list. Naturally, I panicked when we got around to testing feeds and found that the supposedly private discussions of our current users were visible to the public.
-
This reply was modified 11 years, 4 months ago by
-
AuthorPosts
