Blog

Posts Tagged ‘Development’

Moving on – the future of phpBB development

Posted by naderman in Development with the tags , , , , , , , , , , on February 18th, 2010

About a month ago I was promoted to phpBB’s lead developer position. When I was given that role I was asked to present to the management team what my plans for phpBB are. But since they concern all of you, the phpBB community, I believe they belong here as well.

We are currently in the process of releasing phpBB 3.0.7, a smaller bug fix release of Olympus. After that development will split into multiple branches. Meik has already explained our new versioning system in a previous announcement. What this means is that after 3.0.7 is released we will start working on two branches: Ascraeus – the future phpBB 3.1, and Rhea – the future phpBB4. At the same time we will continue maintanance releases of Olympus.

Over the last few weeks we have made a few important decisions, that we believe can positively impact phpBB development. These include changes to development infrastructure as well as our development model. I will briefly outline these changes here, more details will be posted on the blog or as an announcement soon. Read the rest of this entry »

Developer Meeting

Posted by naderman in Development, Events with the tags , , , , , on July 26th, 2009

The phpBB Development and Management Teams met in Cologne, Germany last week for 4 days of exciting brainstorming and coding.

We discussed future phpBB releases and worked on phpBB 3.0.6. Our plans for 3.0.6 have previously been discussed on this blog, but we decided to add even more. One feature we decided upon and implemented during the meeting was PM reports. This feature allows users to report private messages to moderators just like posts. A reported private message will then appear in a new MCP module so moderators can read the message and act upon it. This is particularly useful for users who want to report spam PMs. From this feature emerged another: emptying a user’s outbox. This option, in the Manage Users section of the ACP, allows the deletion of all unread PMs sent by a spammer.

Yet another idea we had during the meeting, which has already been announced, is the Best CAPTCHA Plugin Competition. I would like to urge all MOD developers to participate in this competition since a large variety of CAPTCHAs is the most effective measure against spammers. With the new CAPTCHA API, creating a CAPTCHA plugin is really simple. The example Q&A CAPTCHA Plugin, which will ship with phpBB 3.0.6, was also created during the meeting.

Details of the decisions made regarding the future of phpBB will be published in separate blog posts over the next several weeks, so make sure to check back for news! Of course, the meeting was also a great opportunity for us to get to know each other better. Most of us had already met at Londonvasion last year, but it was great to catch up with everyone again! We visited the Chocolate Museum and climbed the tower of the Cologne Cathedral. All in all, we had lots of fun too. During the meeting, we were happy to invite bantu to join the Development Team.

View from the Kölner Dom
View from the cathedral
At work
Team at work
Chocolate Fountain
Chocolate fountain

Group Photo

Andreas (bantu), Dominik (dhn), front: Jim (TerraFrost), back: Nils (naderman), Meik (Acyd Burn), Marek (APTX), Chris (ToonArmy), Henry (kellanved), Carolina, Yuriy (Marshalrusty), Igor (evil<3)

Junior Developers

Posted by naderman in Development with the tags , , , , , on June 17th, 2009

phpBB is continuing its process of opening up the development process. After an internal trial phase we have now opened up the Junior Developer Team to regular members of our community. An increasing amount of people involved in phpBB development should both speed up the development and improve quality.

Read the rest of this entry »

phpBB 3.0.6 plans

Posted by Acyd Burn in Development, Modifications, Styles with the tags , , , on June 10th, 2009

Here we are. phpBB 3.0.5 got released and work on phpBB 3.0.6 began. Previously, we concentrated on fixing bugs and only introduced tiny new features. This time, phpBB 3.0.6 will be a “feature” release, packed with numerous new, cool, stunning, breath-taking… err, just new features. 😉 We will now tell you which new features are planned for 3.0.6 and what style authors and modders need to take care of.

Read the rest of this entry »

Tutorial: Injection Vulnerability Prevention

Posted by TerraFrost in Development, Modifications with the tags , , on February 12th, 2009


Notice
Some websites have claimed this article discloses an “injection vulnerability” in phpBB. It does not. What this post actually does is provide an overview of vulnerabilities commonly introduced by third-party modifications to phpBB and discusses what the authors of said modifications need to do to protect their code against attack.

Despite being among the easiest of vulnerabilities to understand, injection vulnerabilities are also among the most common. For most users, they will simply manifest themselves as an error when select characters are used, but a sufficiently adept user may be able to take that error and exploit it to their advantage.

To prevent this from happening, one needs to properly sanitize all user definable variables. Unfortunately, the way one properly sanitizes a variable depends on where it’s being used. In this post, we’ll discuss how to sanitize variables for use in SQL queries and in HTML, in general and in phpBB3, and we’ll discuss what can happen if proper sanitization isn’t used.

Read the rest of this entry »

Fighting CSRF

Posted by Kellanved in Development, Modifications with the tags , , on January 14th, 2009

Cross-Site-Request-Forgery, short CSRF, is a type of vulnerabilities that gets more and more attention. The concept can be translated as “tricking the browser into automatically performing some action using the user’s privileges”. Let’s see what phpBB does about it.

Read the rest of this entry »

Londonvasion Re-Cap – phpBB Ascraeus

Posted by Acyd Burn in Development with the tags , , , on September 19th, 2008

Hi,

I think it is time to write about the presentations we (the developers) gave at Londonvasion revealing the planned features in the upcoming version of phpBB – codenamed Ascraeus.

Please do not take anything mentioned within this blog post as guaranteed. There may be changes, some things may not evolve at all, some may be changed completely. But yeah, this is the current state of planning.

Read the rest of this entry »

“Exploits from the crypt – let’s put them back”

Posted by Kellanved in Development with the tags , , , on July 6th, 2008

Yes, it is no secret that phpBB’s reputation regarding security has not yet recovered completely. We take every report about possible vulnerabilities seriously and are deeply grateful about reports on our security tracker. We give full credit for all undisclosed valid reports made on our trackers.

Even if one is not sure about what happened, the nice guys from the Incident Investigation Team will help you figure it out. If in doubt: report.

The things floating on the web and frequently washing up in our tracker are usually not valid, however. Ready for the fun? Here comes the first installment of “Exploits from the crypt”:

Read the rest of this entry »