Forum Replies Created
-
Thank you for the suggestion. I checked for that, but, no, I don’t have WP_DEBUG set at all in my wp-config.php
It worked for me before the bbPress 2.4 upgrade. Not sure if that had anything to do with it.
Unfortunately, I cannot use the back-end to add new members. When I start typing in a name, a pop-up box simply displays “()” for as many users as there are matches. Selecting one of these “()” does anchor them below, but saving the changes does not result in a member being added. Something is broken but I don’t know why.
I can now confirm that there are problems between the integration of bbPress 2.4 and buddypress 1.81.
It turns out that there’s a bug in bbPress 2.4 that does not allow the admin to make a Forum ‘private’ or ‘hidden’. At the moment, the only workaround is to use the bulk edit facility to apply the ‘private’ setting to a forum (but, not, sadly the ‘hidden’ attribute as of yet).
In other words, if you go into the forum setting for the individual forum on the back-end and change the attribute there, it won’t stick. The forum comes back again as ‘Public’.
I used the build editor to change my forum to ‘Private’ and that stopped the replies to topic posts from being broadcast to everyone in the buddypress sitewide activity page. Now, I’m waiting for the ability to make the forums ‘hidden’ for extra security. In the meantime, I’ve been using s2member to lock down the content of the bbPress Group forum. This ONLY works for Group forums, because their topics have a forum-specific URI structure (so URI-restrictions can be used; e.g. ‘/group/<name of group>/forum/’)… whereas non-Group forums just have the ‘/topic/’ URI which is sitewide and cannot be restricted by a particular forum name. This is lamentable, as bbPress is very hard to lock-down otherwise.
It’s taken me many hours to track down all of these niggly problems, which is frustrating, since bbPress and buddypress are meant to be integrated now. So, it seems as if the integration is mucky.
Given all the user confusion regarding forum attributes in bbPress and forum security in buddypress, I would really love to see the development teams come up with a simple, unified interface for managing memberships and access restrictions. Otherwise, we’ll all end up chasing settings in different places, without really understanding their interplay.This is definitely part of the problem that I’m having. It turns out that there’s a bug in bbPress 2.4 that does not allow the admin to make a Forum ‘private’ or ‘hidden’. At the moment, the only workaround is to use the bulk edit facility to apply the ‘private’ setting to a forum (but, not, sadly the ‘hidden’ attribute as of yet).
In other words, if you go into the forum setting for the individual forum on the back-end and change the attribute there, it won’t stick. The forum comes back again as ‘Public’.
I used the build editor to change my forum to ‘Private’ and that stopped the replies to topic posts from being broadcast to everyone in the buddypress sitewide activity page. Now, I’m waiting for the ability to make the forums ‘hidden’ for extra security. In the meantime, I’ve been using s2member to lock down the content of the bbPress Group forum. This ONLY works for Group forums, because their topics have a forum-specific URI structure (so URI-restrictions can be used; e.g. ‘/group/<name of group>/forum/’)… whereas non-Group forums just have the ‘/topic/’ URI which is sitewide and cannot be restricted by a particular forum name. This is lamentable, as bbPress is very hard to lock-down otherwise.
It’s taken me many hours to track down all of these niggly problems, which is frustrating, since bbPress and buddypress are meant to be integrated now. So, it seems as if the integration is mucky.
Given all the user confusion regarding forum attributes in bbPress and forum security in buddypress, I would really love to see the development teams come up with a simple, unified interface for managing memberships and access restrictions. Otherwise, we’ll all end up chasing settings in different places, without really understanding their interplay.I tried running the Tools > Forums but it only solved the problem of new topic posts, but not replies to those posts. Here’s my rundown of the situation:
I think the problem has to do with buddypress – bbPress integration.
The bbPress Group Forums appear to be set to ‘Open’ by default, even if they are hidden within buddypress. In fact, I cannot alter this. I tried changing my secret forum to ‘hidden’ within bbPress (2.4) and it won’t save the change – it always comes back as ‘open’.
Therefore, it’s up to buddypress to manage the privacy of the forum. It seems to be doing this with new topic posts (I can confirm that hide_sitewide in the activity stream table is “1” for new posts). The problem is that if someone replies to that post, the hide_sitewide for that reply is set to “0”, even though it’s inside of a ‘hidden’ group forum. To me, this is a serious security breach, as it exposes the forum name, the original topic name, and the contents of the reply in EVERYONE’s Activity stream, whether they are logged in or not, a member of the hidden forum or not.Actually, this problem is not resolved and appears to be pretty bad. Here’s my rundown:
I think the problem has to do with buddypress – bbPress integration.
The bbPress Group Forums appear to be set to ‘Open’ by default, even if they are hidden within buddypress. In fact, I cannot alter this. I tried changing my secret forum to ‘hidden’ within bbPress (2.4) and it won’t save the change – it always comes back as ‘open’.
Therefore, it’s up to buddypress to manage the privacy of the forum. It seems to be doing this with new topic posts (I can confirm that hide_sitewide in the activity stream table is “1” for new posts). The problem is that if someone replies to that post, the hide_sitewide for that reply is set to “0”, even though it’s inside of a ‘hidden’ group forum. To me, this is a serious security breach, as it exposes the forum name, the original topic name, and the contents of the reply in EVERYONE’s Activity stream, whether they are logged in or not, a member of the hidden forum or not.I think the problem has to do with buddypress – bbPress integration.
The bbPress Group Forums appear to be set to ‘Open’ by default, even if they are hidden within buddypress. In fact, I cannot alter this. I tried changing my secret forum to ‘hidden’ within bbPress (2.4) and it won’t save the change – it always comes back as ‘open’.
Therefore, it’s up to buddypress to manage the privacy of the forum. It seems to be doing this with new topic posts (I can confirm that hide_sitewide in the activity stream table is “1” for new posts). The problem is that if someone replies to that post, the hide_sitewide for that reply is set to “0”, even though it’s inside of a ‘hidden’ group forum. To me, this is a serious security breach, as it exposes the forum name, the original topic name, and the contents of the reply in EVERYONE’s Activity stream, whether they are logged in or not, a member of the hidden forum or not.Well, that sorta fixed it. The topic posts don’t show up but the replies to those posts still do.
I think the problem is coming from my caching scheme!
I deactivated all cachine (except Varnish) and it looks like the hide_sitewide is being obeyed. Hmmm. I specifically told the caching plugin to NOT cache the /activity URI but it ignored this request, it seems!I have the same problem. However, my hide_sitewide values are “1” for private forum entries, but are being completely ignored with the sitewide activity is shown.
I, too, upgraded from legacy groups to sitewide forums.
I am running bbPress 2.4 with buddypress 1.8.1
I have run the forum tools script to repair hidden forums, but this hasn’t made a difference.
I’m really worried about this security breach and – despite seeing a number of posts in here pointing this out – the development team seem unable to recreate it at their end. Nevertheless, it seems it is affecting people like us and we need to lock it down ASAP.
Thanks.I’ve been having the same problem. It’s a huge security breach and I’d love to get to the bottom of it. I’m using buddypress 1.8.1 and bbpress 2.4.
It’s actually really scary, since my private forums are having sensitive conversations that they believe to be private when, in fact, they are being broadcast in their entirety to everyone. This is horrendous.
