Jump to content


  • Posts

  • Joined

  • Last visited

  • Days Won


 Content Type 


Release Notes

IPS4 Guides

IPS4 Developer Documentation

Invision Community Blog

Development Blog

Deprecation Tracker

Providers Directory





Posts posted by Mark

  1. Rather than make the change every new version, you might want to take a look at writing a plugin. This guide has a complete walkthrough but you can skip everything except steps 1, 6 and 8, because all you'll need is a code hook on that class with something like:

    public function __construct( $url, $timeout=5, $httpVersion=NULL, $followRedirects=TRUE, $allowedProtocols=NULL )
    	parent::__construct( $url, $timeout, $httpVersion, $followRedirects, $allowedProtocols );
    	curl_setopt_array( $this->curl, [		
    		CURLOPT_PROXY			=> "",
    		CURLOPT_PROXYPORT		=> "1080",
    		CURLOPT_PROXYUSERPWD	=> "forum:password"
    	] );


  2. Invision Community should automatically capture the transaction once it has verified the transaction passes any anti-fraud rules you've set up (or void it if it doesn't).

    Check that you've got all the Stripe settings correct and then if you submit a support ticket we can take a look. To do this, go to the Support section of the AdminCP and choose "Something isn't working correctly" and then follow the instructions through until you get to the page to submit a support ticket.

  3. 48 minutes ago, onlyME said:

    I got -200 error when uploading file if using \IPS\Session::i()->csrfCheck()

    public function foo()
      $form = new \IPS\Helpers\Form;
      $form->add( new \IPS\Helpers\Form\Upload(....) );


    The form helper already provides CSRF-protection if every change of state is contained within the if ( $values = $form->values() ) { ... }

  4. Specifically, in order to prevent you from locking yourself out of the AdminCP, you can't demote yourself from being an admin. You can move yourself into a different admin group if you have any (they must have the same level of restrictions - not greater or lesser than you have), and admins that have permission to demote other admins can do so, but you can't edit your own account in a way that would affect your admin restrictions.

  5. My understanding is that you cannot generate a client ID without a paid developer account and an iOS app in the App Store, and it would have to be unique to each site (i.e. our upcoming app which is used for every community won't be able to be used).

  6. 4 hours ago, Meddysong said:

    Ah, it's not just us then. Thank you for taking the time to drop me a line.

    Yes, that would work. (Except for the scenario where people want to buy multiples of them, I suppose. 10 copies would still weigh under the 2kg cut-off for Small Parcel ordinarily.)

    EasyPost looks dauntingly impressive, but I'm afraid I wouldn't have the faintest clue where to start. Setting the weight to 1kg seems to be the way we'll have to go.

    It's very easy! Just create an account with them and then go to AdminCP > Community Enhancements > EasyPost and pop your API key in.

  7. @Gauravk Out of interest, can you tell me:

    1. Are you in the UAE or a different country?
    2. What country is selected by default for you?
    3. What language is your computer/browser set to? 
    4. What does this tool say for "Your browser's Accept-Language header:"?
    5. Which OS and browser are you using?

    I am trying to improve the auto detection and understanding more details about anyone it's incorrect for will be very useful.

  8. Just to note on the test gateways one: some providers (off the top of my head, I think Stripe is the only one) don't use that constant but give you different keys for test/live environments.

    Those two (emails and gateways) are the big ones, but there are probably quite a few others. For example, every now and again we get people who have managed to block themselves in our Spam Defense service by registering several accounts on a test site. Really you should avoid using any live data (like real people's emails) and disable all integrations with external sites/services on a test install.

  9. It looks like (though I am still waiting for more details to emerge) that it can be done on standalone websites but you'd need to sign up for Apple's Developer Program, which costs $99/year. We can't create one thing and use it for all sites because each domain and email address you will send emails from to cloaked addresses has to be registered, and there's a limit of 10.

  10. To clarify since @Joel R mentioned me specifically... 😂

    We will be sticking with CKEditor 4 for a little while. While we will presumably move to CKEditor 5 some time in the future, it is currently still very new and maturing (when Joel asked me, it was before was released which is when they re-added paste from word). But most importantly, to move would require a lot of development time (to upgrade our custom plugins) for what will be, to the end-user, very little change. And since CKEditor plans to continue releasing updates to version 4 for the foreseeable future we're not missing out on bug fixes or security patches.

    Obviously if you're experiencing issues, please submit a support ticket and we can look into that - if you're not seeing the same problems on CKEditor's demo, the problem is likely our end and so it's probable that moving to CKEditor 5 wouldn't resolve it.

  11. 3 hours ago, AlexWright said:

    Continuing thoughts on this, architecture a little bit.

    With the ever increasing threat of compromise (dont tell me that it won't/can't/isn't likely), perhaps it's time for a different method of password management? The md5/sha1 types are outdated, and I'm fairly certain that's what Invision still uses? Would be better to use Argon2id and XChaCha20-Poly1305, or something similar, if this hasn't already been dealt with.

    We haven't used salted md5s since v4 😉 We use bcrypt.

  • Create New...