[Motoko-chan]

Umm... from http://www.simplemachines.org/community/index.php?topic=369616.msg2530002#msg2530002

Is it true that session checks were removed from quick reply & quick edit? Wouldn't that be a security risk, maybe allowing hackers to edit other people's posts? I thought that was the original reason for these annoying session checks really...

And a reply to that.

http://www.simplemachines.org/community/index.php?topic=369616.msg2530401#msg2530401

Haven't checked quick edit, but quick reply definitely still has the session check in it (indeed it would be more work to actually remove it), given that it calls Post.php/Post2() which does a session check on the back of the form response from the main reply template too.

Bad topic to ask that question, really. Way too much noise to signal on those things.

[DarkLite]

Congrats on that. I'm gonna hang around till all the mods are RC3-compat before upgrading, though

[babjusi]

They sure took their time. I don''t understand what is all this ado when it should have been released a long time ago.

[Motoko-chan]

Oh, and further on the session check thing:


http://www.simplemachines.org/community/index.php?topic=369616.msg2530713#msg2530713

No, that is not the case. In fact, no session checks have been removed for POST requests as, indeed, that would form a security risk.

The session check has been removed for a few GET requests though, for example on the requests for the quick quote buttons and the 'add poll' button. The reason behind this is that those requests don't manipulate data -- therefore they do not need the check The forms they link to will require a check on submit, though!

So, I think that the check removal thing can be declared a misunderstanding.

[Antechinus]

I honestly couldn't see the devs doing anything silly that would open a hole like that.

[royalduke]

How many lines of code is SMF?

Are the DEVs experts? (they must be, to build something as big and usefull as SMF).

Just 2 general questions  I always had.

[akabugeyes]

Oooooh, is this a Q&A?

Then may I ask, when will SMF become self-aware?

[Kindred]

aka....   that happened last Tuesday,

[Owdy]

aka....   that happened last Tuesday,

What happend then?

[Kindred]

Then may I ask, when will SMF become self-aware?

aka....   that happened last Tuesday,

[Paracelsus]

Despite the troubled times, I think some of the remaining SMF Devs are doing a good effort, releasing RC3 and updating many major MODs to this latest version.

Not that it moves the software towards a new level of development, but at least things are moving forward at least to have a gold and stable version, which would surely calm down the end-users and allow people to discuss properly about SMF future without too much drama or anxiety.

[Nao]

In fact in some ways, for what I want to do, 1.1.x is actually more flexible and easier to work with.

In what ways? Apart from the annoying $smcFunc query changes (which are definitely a hassle to handle, but not totally useless in terms of security), I don't see where...

[Antechinus]

Just the way some of the templating works is more convenient at times. Menus in particular are a bit easier to customise on a theme by theme basis in 1..1.x. I'm not writing mods like AEVA. I'm just hacking the interface to get the looks and layout I want.

[ballmdr]

I've upgraded. 

[Owdy]

I upgraded to RC3. They have restored those ugly blue bars in polls I liked that Blocs design much more.