[Peter Anselmo]

Hi @rossagrant, @r-a-y & @hkcharlie,
Thanks for the good question. So, there are three separate questions here that are slightly but significantly different, and often get merged into one.

First: ‘Can people upload malicious things?’
Yes. Say I have a file MyVirus.exe. I can rename it to MyVirus.exe.txt, and upload it to the site. Adding a MIME type check would help significantly, but it’s not foolproof, as the MIME type can also be spoofed. What it would do is take what I would call a “casual” malicious user out of the picture, as only more experienced and/or motivated malicious users are going to go through the trouble of spoofing MIME types. Although this sounds terrible, it’s not as bad as you might think, leading into the next question…

‘Will this cause any problems for my website/server?’
No. This is not much of an issue for several reasons. The main reason is that Apache doesn’t give uploaded files executable permission. So, even if a virus is uploaded, and a user clicks on it, the most likely scenario is that the user will see the source code (which may be a bunch of junk if it’s a binary file). Even if it was a file that the web server could process (like a PHP file or shell script), it still would just display the source.

‘Is this a hazard to my users?
Not Likely. Given the above scenario, Someone malicious would need to rename a file extension, upload it to the site, get people to download it, and get people to change the extension. So, if the user is really dumb, it’s possible. I’d like to think that someone that goes around downloading things and changing extensions from txt to exe would learn their lesson pretty quick.

I hope that helps. If someone is a security expert, I hope they might add more to the topic, but those are the risks to the best of my knowledge.

[Peter Anselmo]

Is it tied to any action hook? PHP reads in all the BP code before executing much of it. If your function is called too early, the BP global won’t have been populated yet. That may or may not be the problem, but worth experimenting with.

[Peter Anselmo]

@samuelaguilera
@Tapaninaho

+1 to airfoil’s comment for using Group Documents as a filesharing plugin.

[Peter Anselmo]

Awesome! Don’t forget to leave a good rating

[Peter Anselmo]

I’ve tested this on three different installs, with several browsers, I can’t re-create any of the bugs I’m gonna tag it stable.

Gibby – Would it be possible to email me a url and a login for where you are having trouble?

[Peter Anselmo]

Sorry this has taken so long, I’ve had trouble duplicating some of the bugs I’ve found, and I’ve also run into some issues with the wp3.0 beta. Turns out some of the 2.9 Taxonomy API simply doesn’t work in the new version, which is quite frustrating. More new soon, I promise.

[Peter Anselmo]

Hmm,

Sounds like I need to do some more cross-browser checking. The Submit button certainly should not be above the categories!

[Peter Anselmo]

The <title> tag is in your theme’s header.php file. In the case of the default theme, it’s:

/wp-content/plugins/buddypress/bp-themes/bp-default/header.php.

By default it uses the function bp_page_title() to change the title depending on your page. That function can be found in:

/buddypress/bp-core/bp-core-templatetags.php

It’s on line 884 in version 1.2.2.1

[Peter Anselmo]

@Gibby: Almost.

I had a couple bugs reports emailed to me, I should be able to get to them this weekend. Stay tuned, I’ll mark it stable soon.

Cheers,

Peter

[Peter Anselmo]

If you’re seeing a blank page, that means a PHP error is being thrown, but not displayed.

Try adding the following to your .htaccess file:

php_flag display_errors on

php_value error_reporting 7

That will make debugging much easier.

Alternately, if you have access to the Apache logs, it will probably be there.

[Peter Anselmo]

Yeah, I had no idea about Pods. Seems pretty sweet. Kudos to el_terko!

[Peter Anselmo]

@Dfa327,

Hi, giving this plugin a whirl, and it’s pretty sweet. One thing I’ve noticed: It seems that any plugin using the generic group/single/plugins template (including all that use the Group Extension API) conflicts with chat.

I’ve noticed when using these plugins (Group Wiki, Invite Anyone, Group Documents), and you navigate to one of these pages, The chat window pops up and all online users are shown above the navigation. Not totally sure what’s causing this conflict, any ideas?

Thanks.

[Peter Anselmo]

@chopo87

Email me: peter@studio66design.com

[Peter Anselmo]

As PCWriter said, if you’re collections are picture-based, BP-Albums could do the trick.

If your colelctions are more information-based, I don’t know of any plugins that would fit your needs right out of the box. Do you have a target “collection type” in mind? You mentioned paintings – would it only be paintings for your site?

I think it would be tough to make a generic “collections” plugin. The info you would want for baseball cards, paintings, bottle caps, books, etc are all somewhat different. If you have a client or a site with one specific collection, I would start there, and then see what you could change to make it more generic (if that’s your goal).

That being said, I think your idea sounds cool, and many people would dig such a plugin.

[Peter Anselmo]

style.css in your theme.

[Peter Anselmo]

In your css file:

.widget_bp_groups_widget .item .item-title,

.widget_bp_groups_widget .item .item-meta {

display:none;

}

I haven’t tested that, you may have to tweak it.

[Peter Anselmo]

Hi kb,

The problem you are experiencing is a different issue than rossagrant was referring to. However, I think I’ve fixed your issue in the most recent (pre-release) version. Please visit this link:

https://wordpress.org/extend/plugins/buddypress-group-documents/download/

And click on the “Development Version” link. After you install this newer version of the plugin (the version number is still 0.3.1) please let me know if your problem continues.

Also, Are you able to upload and view avatars? I’ve found most of the time this is caused by shared code between Group Documents and Avatars.

Thanks for giving the plugin a whirl, and letting me know.

[Peter Anselmo]

idotter,

For a second I thought you meant that Andy was gonna set up “User Documents”, and I was quite confused. But then I caught your pitch

[Peter Anselmo]

Chopo87,

At the moment, there isn’t a very efficient “Hire a developer” system around here.

That being said, I’ve been toying with the idea of making a version of my Group Docs plugin that does just what you suggest. Monetary compensation could make that happen a lot faster

Email me: peter@studio66design.com

[Peter Anselmo]

Yes, you can install bbPress separately and link it to BuddyPress. That is how this site works. There is information on the bbPress site, and many other places. A google search should be fruitful.

[Peter Anselmo]

@Mariusooms,

Although there’s not an interface for it, if you know how to use subversion, you can submit enhancements or fixes for anything on the WordPress repository (prettymuch everything around here). All plugins can be checked out from the repository by anyone, then you can make changes, submit your changes to the maintainer. Check out this link:

https://codex.wordpress.org/Using_Subversion#Saving_patch.2Fdiff_files

[Peter Anselmo]

Yeah, the idea has been kicked around a bit, it’s definitely a good idea, no doubt about it. I know this is on Andy’s radar (it’s been mentioned over IRC), but like ray said, implementation is a beast. I’m currently exploring different options for implementing tags & categories for Group Documents. The current plan is to utilize the WP Taxonomy “bucket”, and see how that goes.

[Peter Anselmo]

It seems like you should use the bp_get_featured_group() function in your if statement, as it returns the value rather than echoing it.

Maybe something like this?

<?php if ( bp_get_featured_group() == "featured") : ?>

I’m not totally sure, You might have to insert some “echos” in there and debug along the way.

[Peter Anselmo]

Cool, Glad to hear it’s working. Perhaps I should include a check for those permissions when the plugin is activated.

[Peter Anselmo]

fskv,

I ran into the same thing. It usually happens if you use the class “pagination” for a div. Buddypress searches the page for divs with that class and “Hijacks” the click to use ajax. Here is the specific line in global.js:

if ( target.parent().parent().hasClass('pagination') && !target.parent().parent().hasClass('no-ajax') ) {

Look at where you created the divs for your pagination, and as Andy said: add “no-ajax” to the class.