WebsiteBaker Community Forum

General Community => Global WebsiteBaker 2.8.x discussion => Topic started by: pcwacht on December 29, 2010, 03:12:36 PM

Title: WebsiteBaker 2.8.2 RC5 - Tests
Post by: pcwacht on December 29, 2010, 03:12:36 PM
As from this post : http://www.websitebaker2.org/forum/index.php/topic,20347.0.html
there is a wb 2.8.2. RC 5 and they want you to test it to make it better ;)


John
Title: Re: WebsiteBaker 2.8.2 RC5 - Tests
Post by: testör on January 17, 2011, 08:27:06 AM
WebsiteBaker RC5 is available.
http://www.websitebaker2.org/modules/download_gallery/dlc.php?file=114&id=1295237979

You can see the (now quite log) changelog here: http://project.websitebaker2.org/projects/WebsiteBaker/repository/entry/branches/2.8.x/CHANGELOG
The detailed changes you can follow in the repository: http://project.websitebaker2.org/projects/WebsiteBaker/repository/changes/branches/2.8.x

There were done many security fixes in 2.8.2 until now, specially sorting out CSRF.

2.8.2 will be running only on PHP 5.2.2 and higher systems.
Also FCKEditor was updated to 2.6.6.
Please let the community and developer know, what you're thinking and testing with WB 2.8.2 RC5!

Title: Re: WebsiteBaker 2.8.2 RC3 - Tests
Post by: Hans on January 17, 2011, 10:49:34 AM
After so many error fixing I wonder if it's safe to use all older versions of WB  :? If so what measures have to be taken eventually?
Hans
Title: Re: WebsiteBaker 2.8.2 RC3 - Tests
Post by: testör on January 17, 2011, 11:17:48 AM
Well, WebsiteBaker 2.8.2 is much safer as 2.8.1, but in most cases only for logged in users.

2.8.2 is not different from 2.8.1 for modules and templates, niehter the database is different.
So you should use 2.8.2 when it's stable.
Title: Re: WebsiteBaker 2.8.2 RC3 - Tests
Post by: Hans on January 17, 2011, 11:34:06 AM
OK thank you for your prompt answer, testör
Hans
Title: Re: WebsiteBaker 2.8.2 RC3 - Tests
Post by: FrankH on January 17, 2011, 01:31:40 PM
Well, WebsiteBaker 2.8.2 is much safer as 2.8.1, but in most cases only for logged in users.

2.8.2 is not different from 2.8.1 for modules and templates, niehter the database is different.
So you should use 2.8.2 when it's stable.

Sorry, but this is not true!
Any anonymous user can do harm to WB 2.8.1 if you are using Form or News modules!
The current version 2.8.2 RC5 does not have this critical security bugs (though it is not the final version 2.8.2, yet)
Title: Re: WebsiteBaker 2.8.2 RC3 - Tests
Post by: Hans on January 17, 2011, 01:43:30 PM
Quote
Any anonymous user can do harm to WB 2.8.1 if you are using Form or News modules!
Is that also true for all versions before 2.8.1? No other modules affected?
Hans
Title: Re: WebsiteBaker 2.8.2 RC3 - Tests
Post by: DarkViper on January 17, 2011, 02:10:47 PM
Quote
Any anonymous user can do harm to WB 2.8.1 if you are using Form or News modules!
Is that also true for all versions before 2.8.1? No other modules affected?
Hans
It only means that no other modules have been tested yet.
We don't have the manpower to test and fix all of the available modules. It is in the responsibility of the module authors to secure their modules accordingly.
Title: Re: WebsiteBaker 2.8.2 RC3 - Tests
Post by: Hans on January 17, 2011, 02:25:13 PM
Quote
We don't have the manpower to test and fix all of the available modules. It is in the responsibility of the module authors to secure their modules accordingly.
Thats completely understandable.. let's hope 2.8.2 core will be safe and sound. I will test the RC5 this week.
Thanks all.
Hans
Title: Re: WebsiteBaker 2.8.2 RC5 - Tests
Post by: crnogorac081 on January 17, 2011, 08:06:09 PM
Hi,

I would like to know=> There will be no releases after 2.8.2 stable, like 2.8.x , and next release is going to be differently recoded 2.9, right ? 

cheers
i.
Title: Re: WebsiteBaker 2.8.2 RC5 - Tests
Post by: FrankH on January 17, 2011, 08:26:12 PM
I'd say: never say never  :-D
But current plans are like you said. WB 2.9 will be more object oriented
Title: Re: WebsiteBaker 2.8.2 RC3 - Tests
Post by: chio on January 17, 2011, 08:36:22 PM
After so many error fixing I wonder if it's safe to use all older versions of WB  :?
Don t worry, the devs mostly fixed their own made bugs.  :-D

For example this one (worked in <= WB 2.8.1, but NOT in WB 2.8.2):
When you add a page, WB now checks, if the PAGES_DIRECTORY is writeable.
If you dont use a pages-directory, but for example in a multilingual site you use en/ and de/ - you cannot add a page, if the root is not writeable (which is mostly not). Seems like RC6 is coming soon.
Title: Re: WebsiteBaker 2.8.2 RC3 - Tests
Post by: DarkViper on January 17, 2011, 11:14:23 PM
For example this one (worked in <= WB 2.8.1, but NOT in WB 2.8.2):
When you add a page, WB now checks, if the PAGES_DIRECTORY is writeable.
I've checked just the old versions and i found that behavior back till WB2.7 (sorry 2.6 also).

If you dont use a pages-directory, but for example in a multilingual site you use en/ and de/ - you cannot add a page, if the root is not writeable (which is mostly not). Seems like RC6 is coming soon.
deny PHP write access to DocumentRoot is not normal. Each good server can deal with it. Too paranoid configured servers only makes problems.
Title: Re: WebsiteBaker 2.8.2 RC5 - Tests
Post by: Argos on January 18, 2011, 12:38:15 AM
I would like to edit the Argos backend theme, as it again has several alignment errors I already have mentioned and corrected a long time ago, but they somehow have gotten back in the latest versions after some people changedthe admin theme core code. Anyway, I would like to correct it now, before the final 2.8.2 will be available. What is the official way to do so?

Also the default backend theme has those errors by the way.

I also wonder why the jquery tabbed backend I created (and was never adopted nor improved by the dev team) is still not implemented in this version?
Title: Re: WebsiteBaker 2.8.2 RC5 - Tests
Post by: DarkViper on January 18, 2011, 01:33:59 AM
Hello Jurgen,

it will be a really good idea to 'repair' your BE-theme for 2.8.2.
The biggest changes will result in the implementation of FTAN & IDKEY. We tried to reduce the changes in the 2.8.2 backend to a minimum (but it's still enough, i know). I don't know if FrankH already finished the implementation yet.
IDKEY in most cases is handled by the php-code only and not visible in the templates.
FTAN mostly needs a additional {FTAN} placeholder only.

All others it will be the best to compare with corresponding templates in 'wb_theme' i guess.
If there are any questions more, don't hesitate to contact Dietmar, he is more into the 2.8. themes then me.

Werner
Title: Re: WebsiteBaker 2.8.2 RC5 - Tests
Post by: FrankH on January 18, 2011, 07:03:02 AM
Quote
I don't know if FrankH already finished the implementation yet.

Not finished, yet. Probably need until end of January.
But Jurgen, all what is required for the htt files is a line
Code: [Select]
{FTAN}in each form. So you could add this line yourself, it will not hurt when the code using it will be added later.