Jump to content

CoffeeCake

Clients
  • Posts

    1,916
  • Joined

  • Days Won

    24

 Content Type 

Downloads

Release Notes

IPS4 Guides

IPS4 Developer Documentation

Invision Community Blog

Development Blog

Deprecation Tracker

Providers Directory

Forums

Events

Store

Gallery

Everything posted by CoffeeCake

  1. Additional note. If you can start fresh, I'd go with that. The above comments were assuming you have significant content you'd like to keep.
  2. Here's another, different example, of how this is broken: After posting a reply to a thread, navigating away and looking at other threads, I clicked on a notification that someone had reacted, click on it, see the thread, then decide to add additional thoughts as a new reply. As soon as the editor expanded, I see the previous message I submitted eleven minutes ago in the editor saved as a draft, even though that should be gone now.
  3. I'm assuming "nulled" means you pirated the software and its been modified in some way by someone to make it easier to pirate or not require a valid license key. Whoever modified the software to allow you to do this may not have the highest ethical standards, and for all you know, your copy may be doing not great things. You should likely treat your data and filesystem as suspect and as if they were compromised. Rather than copy over valid files on your existing site, I would suggest that the safest way to proceed would be to use the importers to import the data from your existing situation into a legally purchased copy. I would not bring over any themes or plugins from your existing version, and instead ensure that those are acquired separately and from legitimate sources. Kudos on you for being open and transparent.
  4. This is a depends situation, and will vary by community. I want anyone with elevated permissions (moderators, etc.) to get these alerts, but we had resounding feedback from our general members to turn this off. We turned it off because it was all or nothing. Administrator should be able to say: "We talk about sensitive topics here, where access to anyone's account would be bad. This is a requirement here for everyone." "We have lots of security conscious people here, so this should be the default for everyone, but recognize that some people will browse from a different place every time, or a private browser and be spammed every time they log in by this message, so let's give them the option to turn it off." "We have certain usergroups that require a different setting on this. For Member group A, forcing this on and/or making this the default makes more sense. For member group B, turn this off completely, for Member group C, give them the choice and set it to off by default" "This makes no sense for anyone here. Turn this off globally." This should have the same configurability as two-factor authentication. And.... sometimes the e-mail is too much. Give the configuration option (matching granularity above) to use notifications (or something like an announcement header) for this instead. "Welcome back, Matt. Someone has logged into a new device since your last login. Click here to see device logins associated with your account."
  5. It depends. Do you allow image or file attachments? Each message will take space on your database. So, depending on the number of members, how much private messages are used, and whether or not attachments are enabled, you may have serious impacts if you choose not to limit it. Also, consider limiting the number of new conversations a single member might start in a given day. Imagine if someone registered an account and then tried to send a message to as many members as possible letting them know about an exciting business opportunity, or about difficulties moving wealth out of a certain country and offering them a chance to make some cash while helping royalty escape terrible geopolitical conditions. There are lots of factors to consider, and only you know what's right for your community. Edit: To be clear, attachments will have a size impacts according to your file storage settings. The messages/conversations reside in the database.
  6. SendGrid works wonderfully when there's not a problem. We've been using it before IPS and with vBulletin. When there is a problem (in our case, it was an issue with used credits--but it can also happen if you invalidate an API key, or if SendGrid has an outage), and you attempt to manually resend e-mails after fixing that problem, IPS sends a mangled API request on the resend click that you do for each failed e-mail from the E-mail Error Log. In our case, I clicked that resend button thousands of times and then still had members complaining that they hadn't received an e-mail. We logged into SendGrid and saw that they were all received with an invalid e-mail address, where the address is surrounded in quotes and brackets. It looks like bad array conversion to JSON. Tickets don't have any perceivable number any more that I see, but I've opened one. If one follows the steps to reproduce above, they will be able to duplicate the issue and we don't have to wait for us to get an edge account to make it into our firewall to look at our production environment. The screenshots above are from a fresh dev environment that I spun up just to test this, with no applications or plugins installed.
  7. Sitting here with a console window open and watching local storage has proven insightful, @Nathan Explosion. Thanks for the tip. Try composing a reply, hitting submit, and then compose another reply without reloading the window in the same thread. It is reproduceable across three machines and three different browsers. Here's things as I type this reply: @Jordan Invision, it would be lovely if you could get this defect reported. Here's things as I type this reply to a reply after the magical ajax loads my reply above (these replies may get merged). Note there's no editorSave entry. Steps to reproduce: Post in a thread Submit a second post after someone else's content is loaded (Xxxx has posted. Click to show reply.) or attempt to add another reply to the thread without hard reloading the page. Note that ckeditor does not store a draft of your post. This is especially problematic if the new reply is the first post on the next page. Clicking the link erases the editor content and there is no stored copy.
  8. Here's what it looks like on the Sendgrid end of things: If it's not immediately clear what the problem is, SendGrid expects that you won't surround the address in brackets and quotation marks.
  9. Understood, @Charles. I'll continue finding a way to get IPS onto our parking lot. As far as car analogies go, I think this is more along the lines of telling you there's a manufacturing defect in all of the cars, and you can stare at the defect on the ones sitting neatly on your dealership and factory floor. You wanting to look under the hood of the one parked in my garage, and not wanting to push the garage door button to open up the building is a weird way to go about it. I suppose there's a possible chance I've got a live snake wrapped all around the make-it-go-vroom-inator, but we are able to reproduce this behavior every time in a dev environment with nothing installed but a fresh out of the oven 4.5.4.2: For now the part where we tell you that we encountered an issue with outbound e-mail + Sendgrid when there are API failures, and that attempts to resend things using the interface provided by IPS one e-mail at a time mangles the "to" address (and who knows what else) is an item we're checking off the list as "did what we could, barrier to get this recognized and fixed might be too high." Future time travelers can find this when they are trying to figure out why a part of the engine fell out while driving down the highway and then it can be their problem.
  10. Just did it here. Saw the editorSave.reply-forums/forums-xxxxxx key appear and disappear over and over again about once per second. Navigated away and came back to thread and confirmed that it did not populate with a saved draft. Not sure why/how it happens. Just using plain ol' up-to-date Chrome with AdBlock Plus. I've seen the behavior on two computers and on mobile Chrome here and on our community, and have members raising the issue. Would love to log a ticket if it's happening to anyone else.
  11. Sometimes when typing a draft, I'll see that someone else has replied popup as a notification. I'll click that notification to see the new message and my post is lost when I go back to the editor. Othertimes, I'll go to reply to a new post and see that a previous post that I have already submitted is in the editor as my draft. I've noticed this here on these forums as well as our own community. Anyone else? Is it just me? I'd like to officially make a feature request that we fix this. Thanks.
  12. Yeah, turning on that feature on our test site with no load made it completely non-functional. We're not talking a few milliseconds. I imagine the underlying SQL needed refinement and did something silly like retrieve all the things.
  13. We're stuck at IPS wanting to log into our ACP, and not quite on board with entertaining our elevated security practices for ACP access (we have a separate login before the ACP will even prompt for IPS login, and that separate login uses a timed two-factor code). We'll try and sort a way to work around that for IPS. Then we'll probably hear about the add-ons that all need to be disabled. We can reproduce it on our clean dev environment. I get the support script and processes, yet absent tinkering around in our production environment, maybe we could skip to trying to replicate this issue by using a dev copy as follows: Enabling Sendgrid, however provide invalid API key. Generating emails from things like notifications, private messages, etc. Confirming that the ACP notes failed e-mail delivery Update Sendgrid API key by providing a valid key Attempting to resend the e-mails and observe what happens (look for invalid e-mails in Sendgrid's activity reporting) Maybe something as an advocate you can assist with?
  14. You need to remember that each release is iterative and builds on the previous, so things included after 4.4.10's release notes are not in 4.4.10. Things preceding it are in it. I only linked the ones with the security flag set to true, but there are certainly security improvements in many releases that aren't flagged with a red triangle. If you are concerned about doing all you can to prevent another exploit against your site and being hacked, you need to stay as close to the current version as possible and upgrade. I think your current approach is a bit backwards, though can understand that you're hesitant to put trust in new versions after that experience. The largest hit can be addressed by turning off the function that gives an expanded forum view (where you see a bit of the first post in the forum table view). That's hot garbage in 4.5 in terms of performance. Jordan was excited to note that there would be improvements in this area with 4.6.
  15. I'm all for this! I don't think anyone (in this thread) told you the warning wasn't applicable for the 4.4.x branch. There are multiple security vulnerabilities that were fixed in the 4.4.x branch. If you're running 4.4.10, then the only outstanding security fix are those addressed in 4.5.4.2. You can see each of the security vulnerabilities listed in the release notes (look for the red triangle). There are general security improvements in 4.5 from 4.4. Here's the release notes for 4.4.x to present with security issues addressed: 4.5.4.2 4.4.9.1 4.4.7 4.4.6 4.4.1
  16. It would also be nice to enforce by member group.
  17. I'm confused. You created this thread because you received notice. Granted, a bit more of an explicit message about the dangers of staying on the 4.4 branch may be warranted, but they did push the alert to you.
  18. This sounds like a good idea, and is likely the same challenge of insufficient metadata in the search engine as the request for # of replies + reply-ible.
  19. Absolutely terrible experience, but the alternative isn't a choice for us. Much improvement can be done here.
  20. To be super clear, @sadams101, 4.4.x is not receiving security updates, there have been multiple vulnerabilities impacting 4.4.x and lower, and the supported way to get the latest security updates is to upgrade to 4.5.x. Presumably with the release of 4.6 at some point in the future, security updates will stop for 4.5.x. The IPS model isn't presently one which continues to support older versions it appears, which can be an understandable challenge for those communities lacking an upgrade path for third-party integrations, applications, extensions, themes, etc.
  21. Our account was all sorts of messed up. We had to engage with support to resolve it. We couldn't even see or adjust the plan settings when logged into their system. I think it has to do with GCP integration, as we signed up through GCP.
  22. The reasons we haven't tested the IPS app is the same reason why we never added Tapatalk in vBulletin nor IPS. You are completely dependent on a third-party getting it right.
  23. No. Our email provider is Sendgrid. We hit our maximum number of e-mails for the month and Sendgrid stopped sending out e-mails. These backed up into a queue in the ACP. Not a bulk mail, but rather all the sorts of e-mails that go out (registration validation, notifications, digests, etc.). We do not send out bulk mail. We reached out to Sendgrid to increase our limit, but that took a while. Once our quota was increased, the only way to resend those e-mails was clicking on a "resend" button next to each one. Over and over again. To add insult to injury, whatever resends the e-mails is broken so all that clicking was for naught. The e-mail address provided to the Sendgrid API was completely mangled, surrounded in brackets and quotes, instead of an actual e-mail address. I opened a support ticket reporting the bug for the mangled data to the API, but that you'd need to click over and over again one at a time is absurd. I'd consider looking into some sort of third party solution instead of ever doing that again (maybe something like this: https://sendgrid.com/docs/for-developers/sending-email/postfix/). In the past, if we had an MTA issue before IPS, we'd simply run through our mailq.
  24. You will need to customize your theme CSS to make your navigation bar sticky. There is not an out of the box setting. Someone recently claimed this worked for them: Your screenshot seems to show a custom theme though, so you might want to check with your theme provider. Some have this as a feature in the theme settings. I would love for this to be an out of the box setting. It's particularly useful from a moderation workflow standpoint.
×
×
  • Create New...