If you want to be really picky, there are exposed tokens parsed via URLS in plain text, which could be considered a security issue BUT those tokens don't expose any identifying information.
Only thing I'd like to see is a way to lockdown Admin Control Panel, whereby attempts to login, result in a blacklisted / blocked IP address.
I'd also recommend changing the default phrase "incorrect_password" to something like:
Code:<p>Username not found or Incorrect Password.</p> <p>Please try again. If you believe this is in error, please contact us.</p> <p>This error has been logged.</p>
This way it never confirms (like it does by default) that a username is correct, but password is not.
I hope 2.2 will take speed (even) more serious.
For example, the FA icons (woff2) take way too long to load imo.
The default theme should be as fast as possible but maybe more important, 3rd party themes should be as fast as possible too. I hope there is a way to "force" developers to use certain templates/workflows/whatever to ensure loading times are as fast as possible.
I like the XF approach. The default install is lean and mean and can be extended with add-ons.
The downside of that approach is the dependability on 3rd party developers. That can result in problems during upgrades. Would be nice if that dependability can be reduced somehow.
I hate sites who do that. Some don't even confirm if you entered correct email and you're left guessing if you enter wrong email or their email isn't delivering/ending up in spam box.
That's not security. That's just crap user experience. Lock an account if more than x number of tries in x amount of time and problem solved. Lock the login pages behind cloudflare maximum security and no bot can access it = no bruteforce.
I don't bother with Google Pagespeed as it has a long and documented history of being highly inaccurate compared to sites like GTmetrix.com.I agree. Especially with Google planning to punish/rank sites based on Pagespeed recommendations, it should be priority number one.
I managed to get my wordpress site score to 95 mobile/97 desktop with a simple plugin and it would be safe when Google implements that change next year.
That creates a Denial of Service attack vector, which is why it is not done.Lock an account if more than x number of tries in x amount of time and problem solved.
That's not security. That's just crap user experience.
Yep as you are effectively admitting that user account exists.That creates a Denial of Service attack vector, which is why it is not done.
I don't bother with Google Pagespeed as it has a long and documented history of being highly inaccurate compared to sites like GTmetrix.com.
Stupid stuff like "you got marked down because your js and css isn't minified", and yet it is. Or "not mobile friendly", yet the entire site is mobile responsive and clean as.
Funny thing with Google is they do all this crap, and yet fail to act on sites that are SEO scam/spam sites. Punish the good guys and let the bad guys continue.I agree with you. I think it's utter garbage but Google brings us traffic and we have to play by their rules. I hope they don't implement it ever.
The important
When is the date of issue?
I am quite surprised not many people (if any) are requesting WYSIWYG editor on pages backend..?
Pages and custom fields are probably the least developed aspect of XF and both are crucial for content delivery. We have already tons of moderator tools, if not for everything an addon. Whereas content focused stuff is underdeveloped or non-existent.I am quite surprised not many people (if any) are requesting WYSIWYG editor on pages backend..?
Xenforos power is in being complex yet simplistic. It's complex areas generally don't break the simplistic things.I am quite surprised not many people (if any) are requesting WYSIWYG editor on pages backend..?
Hold the boat we haven't got to v2.1.10.3 yet!When will 2.1.11 be ready?
A WYSIWYG editor (froala) is already included in the package (I am using it right now to write this message) so I believe it would be extremely easy to implement. I think XF developers have their own reasons for not adding this and it's definitely not related to coding or bloating etc. Maybe they want to keep that platform purely as a forum software and I completely understand that. If you start adding CMS features you open the door for more bugs and problems since people will most probably start using it tobuild non-forum sites.Xenforos power is in being complex yet simplistic. It's complex areas generally don't break the simplistic things.
When you start integrating (often bloaty) WYSIWYG editors for pages, that can change things greatly.
I like the 10-15MB download and install package, and would rather not see it a 150MB download and install package for lesser used features.
Easier to just jump into an online HTML editor, fire it up and format your page as you like (ensuring it complies with HTML5 standards), and then just copy/paste the code into pages.
Hold the boat we haven't got to v2.1.10.3 yet!
Monday | Tuesday | Wednesday | Thursday | Friday | Saturday | Sunday |
---|---|---|---|---|---|---|
Jun 1 | Jun 2 | Jun 3 | Jun 4 | Jun 5 | Jun 6 | Jun 7 |
✓ | ✓ | ✓ | ||||
Jun 8 | Jun 9 | Jun 10 | Jun 11 | Jun 12 | Jun 13 | Jun 14 |
✓ | ✓ | ? | ||||
Jun 15 | Jun 16 | Jun 17 | Jun 18 | Jun 19 | Jun 20 | Jun 21 |
? | ? | ? | ||||
Jun 22 | Jun 23 | Jun 24 | Jun 25 | Jun 26 | Jun 27 | Jun 28 |
? | ? | ? | ||||
Jun 29 | Jun 30 | Jul 1 | Jul 2 | Jul 3 | Jul 4 | Jul 5 |
? | ? | ? |
So why are we going from July 1st back to June 2nd?XF 2.2 HYS cycle?
Monday Tuesday Wednesday Thursday Friday Saturday Sunday Jun 1 Jun 2 Jun 3 Jun 4 Jun 5 Jun 6 Jun 7 ✓ ✓ ✓ Jun 8 Jun 9 Jun 10 Jun 11 Jun 12 Jun 13 Jun 14 ✓ ✓ ? Jun 15 Jun 16 Jun 17 Jun 18 Jun 19 Jun 20 Jun 21 ? ? ? Jun 22 Jun 23 Jun 24 Jun 25 Jun 26 Jun 27 Jun 28 ? ? ? Jun 29 Jun 30 Jul 1 Jun 2 Jun 3 Jun 4 Jun 5 ? ? ?
We use essential cookies to make this site work, and optional cookies to enhance your experience.