Be the first to post a text review of w-agora. Rate and review a project by clicking thumbs up or thumbs down in the right column.

• Tracker comment added

  meleagro commented on the XSS found in w-agora 4.2.1 artifact

  posted by meleagro 675 days ago

• Tracker artifact added

  meleagro created the XSS found in w-agora 4.2.1 artifact

  posted by meleagro 675 days ago

• Code committed

  mdruilhe committed patchset 2147 of module w-agora4 to the w-agora CVS repository, changing 1 files

  posted by mdruilhe 872 days ago

• w-agora 4.2.1 released

  w-agora 4.2.1 is out, It is mainly a maintenance release. It includes a bunch of bugs and security fixes. Several recent vulnerabilities have been fixed, so it is highly recommended for all w-agora to ugrade. Download is available here : http://sourceforge.net/project/showfiles.php?group_id=3413&package_id=3340&release_id=431405 or from the w-agora main site: http://www.w-agora.net/

  posted by mdruilhe 1215 days ago

• w-agora 4.2.1 file released: w-agora-4.2.1-php.zip

  o Enhancements / new features : ------------------------------- * Localization: - Hungarian translations (sohagabor) * multiple wysiwyg editor support (currently htmlarea, tinymce and (almost complete) fckeditor) * ability to send mails to : - all moderators (bn_mail=2) , - all moderators and administrators ($bn_mail = 3) - only the main moderator (bn_mail =1) currently, must be set by hand in forum config o Fixes, code changes : ----------------------- + browse_avatar.php : fix Secunia Advisory SA17201 - force site to be selected in order to set allowed extensions, - remove file if the uploaded file is not an image. + extras/quicklist.php : fix Secunia Advisory SA17201 :sanitize site parameter + index.php : fix (minor) security bug whith $site parameter + globals.inc : fix secunia advisory SA20779 * mail.php : - fix bug in redirect (missing php extension) * include/dbaccess.php : - bad arguments in _openDB() call - use new ListRenderer::displayList() parameters - update user stats when a note / thread is deleted (RUSK) * include/listrenderer.php : - added getStartItem(), add parameters start & count in displayList() - remove site parameter in URLs if not needed - fix typo in $label_posted_by_on * include/misc_func.php : - added "object" in allowed tags - some enhancements in getNavBar(), getListBox(), getListCheckBox(), minimum_phpversion() - added "id" attribute in all generated form elements - remove paragraph substitution in my_br2nl() to avoid annoying extras line feed in preview and emails - added load_php_extension() - change in kill_html() : prevent "raw" (entitized) HTML code to be converted in preview / edit mode - anchor() : fix javascript error in links with ' in the text add unhtmlentities() * include/mail.php, include/misc_func.php : - moved rfcDate() from mail.php to misc_func.php so that it can be used elsewhere - renamed 'X-Posting-Client' header to more commonly used 'X-Originating-IP' * RSS: various bug fixes and enhancements in rss.php + don't list hidden notes - add RSS link in HTML header (<link rel...>) - add $no_cookie option (don't send cookies to browser) - get db parameters from site configuration file - use HTTP authentication for private forums - format RSS using XSL/CSS stylesheets * various bug fixes in Phorum template * init.inc, globals.inc : - Fix "database error" in forums list if site database is different than main agora database - properly set all variables before checking if user is active - added new constant auth_required to force authentication in init.inc - set full URI in HTTP redirections : (header('Location:...) - move "active user" checking after variables settings - added $bn_doctype (<DOCTYPE...>) - fix extra trailing slash bug in $bn_base_url * editconf.php3, include/config.php3, init.inc : - centralize db parameters in getDbaccess() - site level configuration variables ($db*, usersource, directories) are now only defined in site configuration file * include/viewnote.php : - add 'att_table' CSS class * mimetypes handling (include/mimetypes.php3) - XHTML compliance and use CSS in inline attachments rendering * create_site.php, create_forum.php : - some HTML4 cleanup (xhtml compliance) - better error handling - strip magic quotes in form fields * admin_notes.php3 : - fix bug preventing from copying notes to an empty forum * editlist.php3 : - fix magic quote bug * dbaccess.php, include/oci8.php, include/postgres65.php : - truncate index name to 30 chars for OCI compatibility (hixcks) - added alias for unknown "datetime" type * include/mssql7.php3 : - use mssql_get_last_message(), - fix primary key syntax error * include/adomsaccess.php3: - fix warning in preg_match() line 55 * changes and Bug fixes in include/auth.php, register.php and profile.php: - update login infos and increment login count if user start a new browser session but have a permanent cookie set - allow specialchars in userid - don't allow to use username of someone else when changing profile - Ability to allow HTML in some user fields using $user_html_var[] array - fix bug in input fields checking. - fix bug with smileys in signature. - Now smileys and URLs are expanded in details and signature fields + Security fixes: - sanitize input fields + only defined fields are extracted - No longer rely on userid variable: Only an authenticated user can change his own profile - Check for permitted fields to be changed (disallow changing of sensible fields (userpriv, lastlogin, ...) - logout was not working if permanent cookie was set * subscribe.php3 - changes in subscriptions list rendering, use CSS * subscribe_thread.php3: - don't allow guest users to subscribe anymore * Enforce security in directories tools/ user/ conf/ and include/ - updated .htaccess (require valid-user) - prevent directory listing * Fixed some incompatibilities with new default settings in PHP5: - use superglobals => "register_long_arrays = off" compatibility (default in PHP5) - short_open_tag = off compatibility (default in PHP5) - don't pass arguments by reference in some functions * add "in-reply-to" header in emails * made PHP code highlighting working with PHP versions prior to 4.2 * enhancements + bug fixes in search pattern highlighting * view.php: - add pg parameter (page num) - don't increment hits count if note already seen by the same user - don't loose "pattern" argument in pagination - prevent hidden notes from being retreived in next/previous thread - don't show notes where hidden is <> 0 (values>1 can be used for advanced moderation purpose) - adjust the page accordingly in the thread list even if $st not set * include/dbstats.php3 1.3: - fix database error in computeDailyUserStats() and computeDailyForumStats with mysql - avoid duplicate entries in log_table_* * user/http_user.php3 1.7: - set "mail_ok" and "state" user fields properly * stats/wa_bar_graph.php3: - attempt to load gd extension if not already loaded * locales/*_pl.inc - polish translation update from Bibok * locales/* - localize "download file ..." , added LABEL_DOWNLOAD, LABEL_DOWNLOAD_FILE now takes parameters * tools/upgrade_42.php3: - more SQL standard compliant, work with sites using different databases - made alter table cross databases compatible * list.php3, view.php3: - set "view mode" (flat/thread) cookie at site level instead of forum level

  posted 1215 days ago

• w-agora 4.2.1 file released: w-agora-4.2.1-php.tar.gz

  o Enhancements / new features : ------------------------------- * Localization: - Hungarian translations (sohagabor) * multiple wysiwyg editor support (currently htmlarea, tinymce and (almost complete) fckeditor) * ability to send mails to : - all moderators (bn_mail=2) , - all moderators and administrators ($bn_mail = 3) - only the main moderator (bn_mail =1) currently, must be set by hand in forum config o Fixes, code changes : ----------------------- + browse_avatar.php : fix Secunia Advisory SA17201 - force site to be selected in order to set allowed extensions, - remove file if the uploaded file is not an image. + extras/quicklist.php : fix Secunia Advisory SA17201 :sanitize site parameter + index.php : fix (minor) security bug whith $site parameter + globals.inc : fix secunia advisory SA20779 * mail.php : - fix bug in redirect (missing php extension) * include/dbaccess.php : - bad arguments in _openDB() call - use new ListRenderer::displayList() parameters - update user stats when a note / thread is deleted (RUSK) * include/listrenderer.php : - added getStartItem(), add parameters start & count in displayList() - remove site parameter in URLs if not needed - fix typo in $label_posted_by_on * include/misc_func.php : - added "object" in allowed tags - some enhancements in getNavBar(), getListBox(), getListCheckBox(), minimum_phpversion() - added "id" attribute in all generated form elements - remove paragraph substitution in my_br2nl() to avoid annoying extras line feed in preview and emails - added load_php_extension() - change in kill_html() : prevent "raw" (entitized) HTML code to be converted in preview / edit mode - anchor() : fix javascript error in links with ' in the text add unhtmlentities() * include/mail.php, include/misc_func.php : - moved rfcDate() from mail.php to misc_func.php so that it can be used elsewhere - renamed 'X-Posting-Client' header to more commonly used 'X-Originating-IP' * RSS: various bug fixes and enhancements in rss.php + don't list hidden notes - add RSS link in HTML header (<link rel...>) - add $no_cookie option (don't send cookies to browser) - get db parameters from site configuration file - use HTTP authentication for private forums - format RSS using XSL/CSS stylesheets * various bug fixes in Phorum template * init.inc, globals.inc : - Fix "database error" in forums list if site database is different than main agora database - properly set all variables before checking if user is active - added new constant auth_required to force authentication in init.inc - set full URI in HTTP redirections : (header('Location:...) - move "active user" checking after variables settings - added $bn_doctype (<DOCTYPE...>) - fix extra trailing slash bug in $bn_base_url * editconf.php3, include/config.php3, init.inc : - centralize db parameters in getDbaccess() - site level configuration variables ($db*, usersource, directories) are now only defined in site configuration file * include/viewnote.php : - add 'att_table' CSS class * mimetypes handling (include/mimetypes.php3) - XHTML compliance and use CSS in inline attachments rendering * create_site.php, create_forum.php : - some HTML4 cleanup (xhtml compliance) - better error handling - strip magic quotes in form fields * admin_notes.php3 : - fix bug preventing from copying notes to an empty forum * editlist.php3 : - fix magic quote bug * dbaccess.php, include/oci8.php, include/postgres65.php : - truncate index name to 30 chars for OCI compatibility (hixcks) - added alias for unknown "datetime" type * include/mssql7.php3 : - use mssql_get_last_message(), - fix primary key syntax error * include/adomsaccess.php3: - fix warning in preg_match() line 55 * changes and Bug fixes in include/auth.php, register.php and profile.php: - update login infos and increment login count if user start a new browser session but have a permanent cookie set - allow specialchars in userid - don't allow to use username of someone else when changing profile - Ability to allow HTML in some user fields using $user_html_var[] array - fix bug in input fields checking. - fix bug with smileys in signature. - Now smileys and URLs are expanded in details and signature fields + Security fixes: - sanitize input fields + only defined fields are extracted - No longer rely on userid variable: Only an authenticated user can change his own profile - Check for permitted fields to be changed (disallow changing of sensible fields (userpriv, lastlogin, ...) - logout was not working if permanent cookie was set * subscribe.php3 - changes in subscriptions list rendering, use CSS * subscribe_thread.php3: - don't allow guest users to subscribe anymore * Enforce security in directories tools/ user/ conf/ and include/ - updated .htaccess (require valid-user) - prevent directory listing * Fixed some incompatibilities with new default settings in PHP5: - use superglobals => "register_long_arrays = off" compatibility (default in PHP5) - short_open_tag = off compatibility (default in PHP5) - don't pass arguments by reference in some functions * add "in-reply-to" header in emails * made PHP code highlighting working with PHP versions prior to 4.2 * enhancements + bug fixes in search pattern highlighting * view.php: - add pg parameter (page num) - don't increment hits count if note already seen by the same user - don't loose "pattern" argument in pagination - prevent hidden notes from being retreived in next/previous thread - don't show notes where hidden is <> 0 (values>1 can be used for advanced moderation purpose) - adjust the page accordingly in the thread list even if $st not set * include/dbstats.php3 1.3: - fix database error in computeDailyUserStats() and computeDailyForumStats with mysql - avoid duplicate entries in log_table_* * user/http_user.php3 1.7: - set "mail_ok" and "state" user fields properly * stats/wa_bar_graph.php3: - attempt to load gd extension if not already loaded * locales/*_pl.inc - polish translation update from Bibok * locales/* - localize "download file ..." , added LABEL_DOWNLOAD, LABEL_DOWNLOAD_FILE now takes parameters * tools/upgrade_42.php3: - more SQL standard compliant, work with sites using different databases - made alter table cross databases compatible * list.php3, view.php3: - set "view mode" (flat/thread) cookie at site level instead of forum level

  posted 1215 days ago

• w-agora 4.2.1 file released: w-agora-4.2.1-php3.zip

  o Enhancements / new features : ------------------------------- * Localization: - Hungarian translations (sohagabor) * multiple wysiwyg editor support (currently htmlarea, tinymce and (almost complete) fckeditor) * ability to send mails to : - all moderators (bn_mail=2) , - all moderators and administrators ($bn_mail = 3) - only the main moderator (bn_mail =1) currently, must be set by hand in forum config o Fixes, code changes : ----------------------- + browse_avatar.php : fix Secunia Advisory SA17201 - force site to be selected in order to set allowed extensions, - remove file if the uploaded file is not an image. + extras/quicklist.php : fix Secunia Advisory SA17201 :sanitize site parameter + index.php : fix (minor) security bug whith $site parameter + globals.inc : fix secunia advisory SA20779 * mail.php : - fix bug in redirect (missing php extension) * include/dbaccess.php : - bad arguments in _openDB() call - use new ListRenderer::displayList() parameters - update user stats when a note / thread is deleted (RUSK) * include/listrenderer.php : - added getStartItem(), add parameters start & count in displayList() - remove site parameter in URLs if not needed - fix typo in $label_posted_by_on * include/misc_func.php : - added "object" in allowed tags - some enhancements in getNavBar(), getListBox(), getListCheckBox(), minimum_phpversion() - added "id" attribute in all generated form elements - remove paragraph substitution in my_br2nl() to avoid annoying extras line feed in preview and emails - added load_php_extension() - change in kill_html() : prevent "raw" (entitized) HTML code to be converted in preview / edit mode - anchor() : fix javascript error in links with ' in the text add unhtmlentities() * include/mail.php, include/misc_func.php : - moved rfcDate() from mail.php to misc_func.php so that it can be used elsewhere - renamed 'X-Posting-Client' header to more commonly used 'X-Originating-IP' * RSS: various bug fixes and enhancements in rss.php + don't list hidden notes - add RSS link in HTML header (<link rel...>) - add $no_cookie option (don't send cookies to browser) - get db parameters from site configuration file - use HTTP authentication for private forums - format RSS using XSL/CSS stylesheets * various bug fixes in Phorum template * init.inc, globals.inc : - Fix "database error" in forums list if site database is different than main agora database - properly set all variables before checking if user is active - added new constant auth_required to force authentication in init.inc - set full URI in HTTP redirections : (header('Location:...) - move "active user" checking after variables settings - added $bn_doctype (<DOCTYPE...>) - fix extra trailing slash bug in $bn_base_url * editconf.php3, include/config.php3, init.inc : - centralize db parameters in getDbaccess() - site level configuration variables ($db*, usersource, directories) are now only defined in site configuration file * include/viewnote.php : - add 'att_table' CSS class * mimetypes handling (include/mimetypes.php3) - XHTML compliance and use CSS in inline attachments rendering * create_site.php, create_forum.php : - some HTML4 cleanup (xhtml compliance) - better error handling - strip magic quotes in form fields * admin_notes.php3 : - fix bug preventing from copying notes to an empty forum * editlist.php3 : - fix magic quote bug * dbaccess.php, include/oci8.php, include/postgres65.php : - truncate index name to 30 chars for OCI compatibility (hixcks) - added alias for unknown "datetime" type * include/mssql7.php3 : - use mssql_get_last_message(), - fix primary key syntax error * include/adomsaccess.php3: - fix warning in preg_match() line 55 * changes and Bug fixes in include/auth.php, register.php and profile.php: - update login infos and increment login count if user start a new browser session but have a permanent cookie set - allow specialchars in userid - don't allow to use username of someone else when changing profile - Ability to allow HTML in some user fields using $user_html_var[] array - fix bug in input fields checking. - fix bug with smileys in signature. - Now smileys and URLs are expanded in details and signature fields + Security fixes: - sanitize input fields + only defined fields are extracted - No longer rely on userid variable: Only an authenticated user can change his own profile - Check for permitted fields to be changed (disallow changing of sensible fields (userpriv, lastlogin, ...) - logout was not working if permanent cookie was set * subscribe.php3 - changes in subscriptions list rendering, use CSS * subscribe_thread.php3: - don't allow guest users to subscribe anymore * Enforce security in directories tools/ user/ conf/ and include/ - updated .htaccess (require valid-user) - prevent directory listing * Fixed some incompatibilities with new default settings in PHP5: - use superglobals => "register_long_arrays = off" compatibility (default in PHP5) - short_open_tag = off compatibility (default in PHP5) - don't pass arguments by reference in some functions * add "in-reply-to" header in emails * made PHP code highlighting working with PHP versions prior to 4.2 * enhancements + bug fixes in search pattern highlighting * view.php: - add pg parameter (page num) - don't increment hits count if note already seen by the same user - don't loose "pattern" argument in pagination - prevent hidden notes from being retreived in next/previous thread - don't show notes where hidden is <> 0 (values>1 can be used for advanced moderation purpose) - adjust the page accordingly in the thread list even if $st not set * include/dbstats.php3 1.3: - fix database error in computeDailyUserStats() and computeDailyForumStats with mysql - avoid duplicate entries in log_table_* * user/http_user.php3 1.7: - set "mail_ok" and "state" user fields properly * stats/wa_bar_graph.php3: - attempt to load gd extension if not already loaded * locales/*_pl.inc - polish translation update from Bibok * locales/* - localize "download file ..." , added LABEL_DOWNLOAD, LABEL_DOWNLOAD_FILE now takes parameters * tools/upgrade_42.php3: - more SQL standard compliant, work with sites using different databases - made alter table cross databases compatible * list.php3, view.php3: - set "view mode" (flat/thread) cookie at site level instead of forum level

  posted 1215 days ago

• w-agora 4.2.1 file released: w-agora-4.2.1-php3.tar.gz

  o Enhancements / new features : ------------------------------- * Localization: - Hungarian translations (sohagabor) * multiple wysiwyg editor support (currently htmlarea, tinymce and (almost complete) fckeditor) * ability to send mails to : - all moderators (bn_mail=2) , - all moderators and administrators ($bn_mail = 3) - only the main moderator (bn_mail =1) currently, must be set by hand in forum config o Fixes, code changes : ----------------------- + browse_avatar.php : fix Secunia Advisory SA17201 - force site to be selected in order to set allowed extensions, - remove file if the uploaded file is not an image. + extras/quicklist.php : fix Secunia Advisory SA17201 :sanitize site parameter + index.php : fix (minor) security bug whith $site parameter + globals.inc : fix secunia advisory SA20779 * mail.php : - fix bug in redirect (missing php extension) * include/dbaccess.php : - bad arguments in _openDB() call - use new ListRenderer::displayList() parameters - update user stats when a note / thread is deleted (RUSK) * include/listrenderer.php : - added getStartItem(), add parameters start & count in displayList() - remove site parameter in URLs if not needed - fix typo in $label_posted_by_on * include/misc_func.php : - added "object" in allowed tags - some enhancements in getNavBar(), getListBox(), getListCheckBox(), minimum_phpversion() - added "id" attribute in all generated form elements - remove paragraph substitution in my_br2nl() to avoid annoying extras line feed in preview and emails - added load_php_extension() - change in kill_html() : prevent "raw" (entitized) HTML code to be converted in preview / edit mode - anchor() : fix javascript error in links with ' in the text add unhtmlentities() * include/mail.php, include/misc_func.php : - moved rfcDate() from mail.php to misc_func.php so that it can be used elsewhere - renamed 'X-Posting-Client' header to more commonly used 'X-Originating-IP' * RSS: various bug fixes and enhancements in rss.php + don't list hidden notes - add RSS link in HTML header (<link rel...>) - add $no_cookie option (don't send cookies to browser) - get db parameters from site configuration file - use HTTP authentication for private forums - format RSS using XSL/CSS stylesheets * various bug fixes in Phorum template * init.inc, globals.inc : - Fix "database error" in forums list if site database is different than main agora database - properly set all variables before checking if user is active - added new constant auth_required to force authentication in init.inc - set full URI in HTTP redirections : (header('Location:...) - move "active user" checking after variables settings - added $bn_doctype (<DOCTYPE...>) - fix extra trailing slash bug in $bn_base_url * editconf.php3, include/config.php3, init.inc : - centralize db parameters in getDbaccess() - site level configuration variables ($db*, usersource, directories) are now only defined in site configuration file * include/viewnote.php : - add 'att_table' CSS class * mimetypes handling (include/mimetypes.php3) - XHTML compliance and use CSS in inline attachments rendering * create_site.php, create_forum.php : - some HTML4 cleanup (xhtml compliance) - better error handling - strip magic quotes in form fields * admin_notes.php3 : - fix bug preventing from copying notes to an empty forum * editlist.php3 : - fix magic quote bug * dbaccess.php, include/oci8.php, include/postgres65.php : - truncate index name to 30 chars for OCI compatibility (hixcks) - added alias for unknown "datetime" type * include/mssql7.php3 : - use mssql_get_last_message(), - fix primary key syntax error * include/adomsaccess.php3: - fix warning in preg_match() line 55 * changes and Bug fixes in include/auth.php, register.php and profile.php: - update login infos and increment login count if user start a new browser session but have a permanent cookie set - allow specialchars in userid - don't allow to use username of someone else when changing profile - Ability to allow HTML in some user fields using $user_html_var[] array - fix bug in input fields checking. - fix bug with smileys in signature. - Now smileys and URLs are expanded in details and signature fields + Security fixes: - sanitize input fields + only defined fields are extracted - No longer rely on userid variable: Only an authenticated user can change his own profile - Check for permitted fields to be changed (disallow changing of sensible fields (userpriv, lastlogin, ...) - logout was not working if permanent cookie was set * subscribe.php3 - changes in subscriptions list rendering, use CSS * subscribe_thread.php3: - don't allow guest users to subscribe anymore * Enforce security in directories tools/ user/ conf/ and include/ - updated .htaccess (require valid-user) - prevent directory listing * Fixed some incompatibilities with new default settings in PHP5: - use superglobals => "register_long_arrays = off" compatibility (default in PHP5) - short_open_tag = off compatibility (default in PHP5) - don't pass arguments by reference in some functions * add "in-reply-to" header in emails * made PHP code highlighting working with PHP versions prior to 4.2 * enhancements + bug fixes in search pattern highlighting * view.php: - add pg parameter (page num) - don't increment hits count if note already seen by the same user - don't loose "pattern" argument in pagination - prevent hidden notes from being retreived in next/previous thread - don't show notes where hidden is <> 0 (values>1 can be used for advanced moderation purpose) - adjust the page accordingly in the thread list even if $st not set * include/dbstats.php3 1.3: - fix database error in computeDailyUserStats() and computeDailyForumStats with mysql - avoid duplicate entries in log_table_* * user/http_user.php3 1.7: - set "mail_ok" and "state" user fields properly * stats/wa_bar_graph.php3: - attempt to load gd extension if not already loaded * locales/*_pl.inc - polish translation update from Bibok * locales/* - localize "download file ..." , added LABEL_DOWNLOAD, LABEL_DOWNLOAD_FILE now takes parameters * tools/upgrade_42.php3: - more SQL standard compliant, work with sites using different databases - made alter table cross databases compatible * list.php3, view.php3: - set "view mode" (flat/thread) cookie at site level instead of forum level

  posted 1215 days ago

• File released: /w-agora/4.2.1/w-agora-4.2.1-php3.zip

  posted 1215 days ago

• File released: /w-agora/4.2.1/w-agora-4.2.1-php3.tar.gz

  posted 1215 days ago