UOAA Discussion Board

I have just learned of a security vulnerability in the software we're using (phpBB) involving uploadable avatars. This vulnerability could allow a malicious person to insert a script into our site. Consequently, I have disabled support for such avatars.

I know that people were having a lot of fun with these avatars. I even posted some messages myself to provide help in preparing avatar files. However, it's more important to keep our site secure. So, for now, I've turned off avatar support. I'll re-enable it when I know that the vulnerability has been patched.

Bob

Does this mean we cannot post photos at this time? Duh? Sorry for the "senior moment" but not sure what your info means.

Bob found a security issue that affects avatars and is waiting for the software folks to devise a "fix". This issue does not affect any other part of these boards. There are sites that alert folks to vulnerabilities to different internet software applications and Bob keeps a close eye on these. Steve S

mrs franz eder - I believe we can still post photos, just not avatars. You can do so by using html tags, particularly the Img tag. You can find it by the Img button above. Click it, and you will get something that says " ." Between the "img's," insert the url of the photo you want to post.

An update has just been released for this software - from version 2.0.17 to 2.0.18. I have installed the update and re-enabled the avatar feature.

Sweet Bob! Thanks for updating hooking us up with avatars again! While you were installing the update, did that relate to this

"message_die() was called multiple times. This isn't supposed to happen. Was message_die() used in page_tail.php?"

message I received while trying to access the discussion board? Out.

Thanks, Bob. My avatar actually seems perfect for Halloween which I never thought about before.

I also just had trouble with the Board - I have always been Logged In automatically but this time I had to Log in.....

Yeah, Mara, I had the same problem too...

I had to log in too...however, I checked the little "log me in automatically" box. Havent had a problem!

Eric, your problem apparently occurred when you tried refreshing one of the board pages after I had taken the board down to upgrade the software. The contents of that message are strange: the software does include a page_tail.php file but that file doesn't include a message_die() function, so I can't make much sense of it. Anyway, things seem to be working normally now, since I re-enabled the board after the upgrade.

As for the automatic login failures: this feature depends on a "cookie" stored on your computer. Possibly, the cookie written by phpBB 2.0.17 isn't recognized when read by phpBB 2.0.18. But everything should work fine once you create a new cookie with the 2.0.18 version.