Blog

Archive for the ‘Development’ Category

Vote For phpBB’s Next Codename

Posted by MattF in Development with the tags , , , , , on October 16th, 2016

At phpBB we love codenames as much as we love Bertie.

Previously we have travelled to Mars and Saturn to find the most prominent features to name our versions. Now it’s time to come up with another codename for the version of phpBB.

In line with having an open mind for new features, looks, and changes in phpBB’s next major version we’re also opening up the decision on the codename to the community.

The phpBB Team has already pre-selected four possibilities from a rather long list.

Now it’s time for you, the community, to have the final say:
[Vote] Codename of next phpBB version

The vote will end in two weeks on October 30th, 2016.

Happy voting!


 beer_bertie

phpBB not vulnerable to ImageMagick exploit

Posted by Marc in Development, Security, Support on May 5th, 2016

As some of you might have noticed, a security issue has recently been uncovered in ImageMagick, a widely used software suite for displaying and modifying images. You can read about the full details of the exploit on news outlets like Ars Technica (article on ImageMagick exploit) and the ImageMagick community forum.

It has come to our attention that admins are unsure whether this affects their phpBB installation and/or what they might have to do to secure their installation.
First and foremost let me make it clear that, based on the currently available information, phpBB is not vulnerable to the exploits.
phpBB already verifies the supplied image types and therefore already contains one of the described mitigations for the ImageMagick vulnerabilities.

phpBB supports using ImageMagick for creating thumbnails only. Other parts of phpBB, such as image or general attachment uploads, are not using ImageMagick at all. The described exploits rely on directly passing uploads to ImageMagick and/or passing “clear text” image formats such as SVG or MVG to it. phpBB itself does not support these image types for creating thumbnails and therefore will not pass them onto ImageMagick. Additionally, supported image types are checked for integrity before passing it onto ImageMagick for thumbnail creation. Passing malicious files as described and disguising them as other image types is therefore not possible.

We hope this will help with clearing up any confusion or uncertainty on this subject.

phpBB 3.2 Rhea is near – help us test it now!

Posted by naderman in Development with the tags , , on March 26th, 2016

On October 28th, 2014, we published phpBB 3.1 Ascraeus, the culmination of nearly 8 years of development since phpBB 3.0—an eternity when it comes to web development. We learned our lesson from trying to build a major feature release over a timespan that saw major changes in web technologies; while our roadmap had to change frequently, none of the progress was made available to you—our users. When we finally released phpBB 3.1, I announced that phpBB would from now on see feature releases on an annual basis.

It has now been one year and 6 months since I made this statement. Our most recent release has been phpBB 3.2 Rhea 3.2.0 Beta2, on March 7th 2016. So we missed our goal, but we’re well on the way to reaching a new stable feature release before summer this year. We’ve been making great progress with tweaking our workflows to more strictly adhere to the schedule in the future.

As the Development Team Leader, I updated you much too infrequently on development progress, partly due to having many other tasks to also focus on. Unless you follow our development forums at Area51, or our social media accounts on Facebook or Twitter, you are unlikely to have heard of our recent 3.2 Beta releases. As these responsibilities exceed what a single person can do well, Marc Alexander stepped up in February to take over the Development Team Lead position. From now on, I will be responsible for more frequently informing you of all developments regarding phpBB, as its new Product Manager.

We are looking forward to your feedback on the Beta releases and upcoming final release candidates of phpBB 3.2 Rhea.We cannot produce a stable final product without your testing and bug reporting. Download Beta packages from our archive at https://download.phpbb.com/pub/release/3.2/unstable/3.2.0-b2/. Please keep in mind that you should not run this version of phpBB on your live sites yet, and no support will be offered until the RC phase.

If you’d like to get involved with phpBB development to help us finish new features faster, check out the information available on Area51. And lastly, if you’d like to stay up to date on phpBB development progress, follow this blog!

phpBB Developer Documentation

Posted by nickvergessen in Development, Extensions with the tags , , , on July 5th, 2015

When the phpBB Team met in Prague last month for a short productivity meeting we achieved many things. We fixed bugs, worked on our bamboo infrastructure, reduced the size of the extension validation queue and worked on a new phpBB/Symfony Authentication bridge however one of the most significant things we did was start the base of our new developer documentation:
https://area51.phpbb.com/docs/dev/31x/

The plan with this documentation is to consolidate all core and extension development related information that is currently spread out on our wiki, Area51 (and a variety of other places) into one central location.

As a first step the “[HowTo] Convert a 3.0 modification into a 3.1 extension” tutorial was converted and is now available to view here.

Since then, we have ported over many many other Wiki pages and readmes to the new doc system including:

The documentation is written using rst and our documentation source can be found in the “development” folder of our pre-existing documentation repository: https://github.com/phpbb/documentation/

We will be continuing to move existing documentation over the coming months and if you are familiar with rst and git(hub) and want to help, please do feel free to send pull requests. Whether it is with porting existing documentation over, fixing typos or even writing brand new pieces of documentation, every contribution is appreciated.

Development Update: Notifications & Custom Profile Fields

Posted by naderman in Development with the tags on February 19th, 2014

After releasing Alpha3 last week, the development team is working on fixing outstanding bugs and getting ready for the first Beta release. As I mentioned in a previous blog post, we are now working on transitioning existing hard coded profile fields – such as occupation or location – to custom profile fields. The pull request converting location to a custom profile field also introduced a new option to display custom profile fields on the memberlist. As we are turning hard coded fields into custom profile fields, we are ensuring that all previous functionality can be achieved through configuration. At the same time these options can now be used for other custom profile fields you may wish to display.

Ascraeus Notifications Dropdown

Ascraeus Notifications Dropdown

As we fixed a bug regarding the display of avatars in notifications I want to use this opportunity to show you the new notifications functionality we built into phpBB Ascraeus 3.1. You may be familiar with the concept of a central location for notifications from Facebook or Google+. The idea is to provide users with a single location that will inform them about all the activity they are interested in. So far this includes notifications regarding posts, such as replies to bookmarked or subscribed topics or posts you have been quoted in, notifications regarding moderation of newly submitted posts waiting for approval and reported posts as well as notifications for new private messages and requests to join a group you lead. You can configure whether and how you would like to be notified for each of these notification types individually in the User Control Panel. The options are email, Jabber or the notification on the website. Extensions can easily add new notification types making the system very flexible.

Further we’re now testing phpBB automatically with the alpha releases of PHP 5.6 on Travis CI. A final version of PHP 5.6 is expected this summer.

phpBB 3.1 Alpha3 Preview Release

Posted by naderman in Development with the tags on February 10th, 2014

We’re happy to announce the immediate availability of the third preview release of the upcoming phpBB 3.1, codenamed Ascraeus.

This preview release is targeted at phpBB developers and advanced users who wish to assist us with this very important testing phase. We do not recommend, and will not support, running this version in a live production environment.

As with previous releases we compiled a list of feature and bugfix highlights on our wiki. We now have a generic framework for dropdowns in prosilver. We’ve started to use it for the new topic tools button from where you can manage bookmarking, attachment downloads and subscriptions to topics. Topic titles now link directly to the oldest unread post.

The only known issue remains that updating from 3.0 to 3.1 on Microsoft SQL Server is not possible.

Please use this release for testing purposes only. As always, we will provide no support for upgrading until the RC stage and urge users not to use testing releases in a production site. Please help us by reporting any bugs you find via a ticket on our tracker.

Unstable packages are available on Area51 at area51.phpbb.com/downloads/. Information on moving from 3.0 to 3.1 (currently only for testing purposes) is available at wiki.phpbb.com/PhpBB3.1#Moving_from_3.0_to_3.1

Please note that phpBB 3.1 has some requirements that differ from phpBB 3.0:

PHP version 5.3.3 or greater
PHP’s json extension
Only PostgreSQL versions 8.3 and above are supported

Stuttgart Developer Meetup

Posted by naderman in Development, Events with the tags on February 5th, 2014

After the German phpBB Association’s general meeting on Saturday a group of developers spent Sunday making some great progress toward a first phpBB 3.1 Beta release. The German phpBB Association runs phpBB.de – one of our many international support sites. A number of German phpBB developers – including me – are members of the German association and decided to use the opportunity to work face-to-face for a day. We were joined by phpBB.de volunteers who helped with bug triaging and pull requests and worked on translation related projects.

Sunday group picture of phpbb.com and phpbb.de team members

Sunday group picture of phpbb.com and phpbb.de team members

We managed to merge the password hashing manager which will allow us to easily transition to newer more secure password hashing algorithms in the future. It will be the basis for an easier conversion process from hashing algorithms used by other forum software. Currently switching from another forum software to phpBB requires the use of a custom authentication plugin to keep passwords working.

The refactoring of profile fields which was merged at the event will allow extensions to work with profile fields and add new types of profile fields. This is a first step toward modularizing the entire profile so that all default fields can be configured by administrators.

The group working on phpBB in Stuttgart

The group working on phpBB in Stuttgart

After a lot of debugging over the past weeks we finally worked out why our tests were failing on PHP 5.5. It turned out that PHP 5.5.7 which is used on Travis CI has a bug in the OPcache extension. The OPcache extension is the new default opcode caching mechanism in PHP 5.5 which greatly speeds up the execution of PHP code.

On our path to Alpha3 – hopefully the last Alpha release of phpBB 3.1 – we also spent some time working on bugs in the build process. These prevented us from building packages for Alpha3 so far. As a consequence we will stop providing old text format MOD files for style and language file changes. We realized the algorithm may generate incorrect results which could go unnoticed, resulting in incorrectly updated styles or language files. Instead we will provide regular patch files generated with GNU diff. Alpha3 will contain all the improvements we finished over the weekend.

Development Update: Uploading & Downloading Attachments

Posted by naderman in Development with the tags on December 12th, 2013

phpBB 3.1 codenamed Ascraeus has already seen a number of improvements to the process of uploading attachments. We have recently updated the plupload library introduced as part of a GSoC project in the summer of 2012 to version 2.0. I want to use this as an opportunity to present new functionality relating to attachments introduced in Ascraeus.

Plupload file upload

Uploading multiple files simultaneously

Firstly it is now more easily possible to upload multiple files at the same time. You can even drag and drop files into the upload area directly. Uploaded file size limits are no longer as limited as before and there is visual feedback throughout the uploads making use of new HTML5 features. So you can watch the upload progress as you continue to edit your post.

topic tool dropdown

Topic Tool Dropdown offers options such as attachment archive download

Further we now offer an option to download all attachments contained in a topic as an archive file (zip, bz2, gz, tar). This feature has been integrated into a new topic toolbox which contains topic options such as subscription management and bookmarks.

Recent user interface improvements also included changing the topic title link to point directly to the oldest unread post of a topic instead of the first post. Previously you had to be aware of the purpose of the small yellow icon next to topic titles to get there.

Just before the Alpha2 release we fixed bug PHPBB3-11525 which resulted in users having their avatars set to seemingly random avatars of other users. This happened to a few users on Area51, so you may want to check your avatar on Area51 and correct it if it was modified.

phpBB 3.1 Alpha2 Preview Release

Posted by naderman in Development with the tags on November 21st, 2013

We’re happy to announce the immediate availability of the second preview release of the upcoming phpBB 3.1, codenamed Ascraeus.

This preview release is targeted at phpBB developers and advanced users who wish to assist us with this very important testing phase. We do not recommend, and will not support, running this version in a live production environment.

As with previous releases we compiled a list of feature and bugfix highlights on our wiki. Most note-worthily Alpha2 ships with a new responsive version of prosilver optimised for handheld devices which we introduced in previous blog posts. Based on feedback from extension authors we have additionally made a number of changes to the extension system to better accomodate the different needs extensions have.

There are a number of known issues with this release which will be fixed in upcoming versions. It is currently impossible to upgrade from 3.0 to 3.1 on Microsoft SQL Server and the redirect() function does not work correctly from within (extension) controllers.

Please use this release for testing purposes only. As always, we will provide no support for upgrading until the RC stage and urge users not to use testing releases in a production site. Please help us by reporting any bugs you find via a ticket on our tracker.

Unstable packages are available on Area51 at area51.phpbb.com/downloads/. Information on moving from 3.0 to 3.1 (currently only for testing purposes) is available at wiki.phpbb.com/PhpBB3.1#Moving_from_3.0_to_3.1

Please note that phpBB 3.1 has some requirements that differ from phpBB 3.0:

  • PHP version 5.3.3 or greater
  • PHP’s json extension
  • Only PostgreSQL versions 8.3 and above are supported

Development Update: Command Line Interface

Posted by naderman in Development with the tags on November 13th, 2013

As we are preparing to release Alpha2 of phpBB Ascraeus 3.1 we merged another new feature. Ascraeus will ship with a new command line interface. This will become a useful utility for phpBB administrators who have access to a shell on the server they run phpBB on as well as extension developers. The command line interface was built using the Symfony Console Component. The component automatically creates a rich command line user experience with generated help pages and detailed explanations of all options and arguments.

For now the console’s functionality is limited to displaying, enabling and disabling extensions as well as clearing extension data and recalculating email hashes in the database. However with the console application framework in place it is now very easy to add new commands as part of our regular development process. This project had originally been proposed for this year’s Google Summer of Code on our Ideas Page on the Wiki. Other ideas for future functionality include editing of configuration, managing styles, users and groups or other administrative tasks currently accessible in the administration control panel.

Extension developers can add their own commands to the console by creating respective service definitions with a “console.command” tag, as seen in phpBB’s console.yml. We expect the command line interface to become a useful utility for system administrators running phpBB forums who wish to automate some of their administrative tasks.