New forum! Post bugs & errors in here *CHECK FIRST POST FOR ISSUES FIRST - P.S. THE MM IS OPEN*

[Mr Men]

Gilly, I want to quote your use of functionality and ask you to define it. But can't figure out how quoting works now because I hit the quote button, something weird happens up top and then it never appears in my post. Is that some of the improved functionality you're referring too?

Hit reply instead of multi-quote

 

[Gilly]

Oh this works. Whats the "+ Quote" button for then if "Reply" does the same job?

That's the multi-quote function

 

[james.miller]

Oh this works. Whats the "+ Quote" button for then if "Reply" does the same job?

Multi quote.

click on multiple quotes then there's an insert quotes button on the left under the quick reply

edit:


oh, this sometimes happens:

 

[Maccapacca]

I understand the forum package might be better under the hood but the front-end is utterly awful, not just a "I don't like it" awful, but fundamentally flawed from a usability perspective on so many counts.

Gilly, I want to quote your use of functionality and ask you to define it. But can't figure out how quoting works now because I hit the quote button, something weird happens up top and then it never appears in my post. Is that some of the improved functionality you're referring too?

Oh this works. Whats the "+ Quote" button for then if "Reply" does the same job?

Multi quote

 

[nemtizz]

Option to remove avatar, please.

 

[darket]

Did the forum brexit ?

 

[koolpc]

Who 'developed' this look?

 

[Uther]

There is so much useless crap that is easy to stumble upon like "Notable members" and not easy to find my previous threads I created or posts I made. I don't give a monkeys who has posted the most or who the "current visitors" are. Just bring back the vb3 easy navigation to my posts and my threads. Or if someone can show me how to find this, it would be great.

I'm not liking this change one bit.

Click on your name top right, and in the drop down box look for 'your content' (I think...)

 

[qqg3]

Multi quote.

click on multiple quotes then there's an insert quotes button on the left under the quick reply

Yikes

 

[Subliminal Aura]

Option to remove avatar, please.

+1

 

[koolpc]

Trump made an 'Executive Order' and this new look was born!! lol

 

[LoadsaMoney]

Uh? Works for me...

Ahh so it is there, i wasn't logged in at the time, so it didn't show up

 

[Gilly]

There is so much useless crap that is easy to stumble upon like "Notable members" and not easy to find my previous threads I created or posts I made. I don't give a monkeys who has posted the most or who the "current visitors" are. Just bring back the vb3 easy navigation to my posts and my threads. Or if someone can show me how to find this, it would be great.

I'm not liking this change one bit.

Mouseover your name at the top of the page then click 'your content'

 

[Gilly]

Ahh so it is there, i wasn't logged in at the time, so it didn't show up

Spent 5 mins wondering why it wouldn't show up for you. D'Oh.

 

[Zaphan58]

All the drop shadows and gradients on everything in sight are a bit dated.

Plus the styling on the main forums listing is hard to read, its not broken up enough/looks too flat.

 

[FrankJH]

There were a huge amount of things wrong with the old forum. The layout might not be to everyone's tastes but functionality is hugely improved.

1st off - I tried to use "quote" to quote you, and I got the initial quote you used in your post - which to me is very bizarre (apart from the fact as a user you press"+quote" as normal and then have to press "insert quotes " at the bottom which should be redundant if you only want to quote one person

(didnt have "reply" button , only trust and quote)

It may be "hugely improved" to moderate - but as a user / reader its pretty horrendous , apart from anything else no DIRECT link to sub forums having to fully expand pictures to make them legible rather than having them correct size to start with

edit - also lost a number of posts from post count (no biggie, just interesting - Im guessing those actual posts have disappeared also)

 

[V_R]

BUG REPORT : Forums look krap

SECURITY REPORT : SQL injection exploitable, root available - noted you've not even dirty cow patched, for public disclosure shortly on pastebin

REMEDY : ROLL BACK THIS GOD DAMN RELEASE IMMEDIATELY

The only thing I like is the SSL cert

https://www.ssllabs.com/ssltest/analyze.html?d=forums.overclockers.co.uk

Spoiler: gremlins within

p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo} p.p2 {margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo; min-height: 13.0px}

Starting Nmap 7.01 ( https://nmap.org ) at 2017-02-14 21:48 GMT

Nmap scan report for forums.overclockers.co.uk (185.103.4.11)

Host is up (0.0068s latency).

PORT STATE SERVICE

443/tcp open https

| ssl-cert: Subject: commonName=*.overclockers.co.uk/organizationName=OCUK Ltd/stateOrProvinceName=Staffordshire/countryName=GB

| Issuer: commonName=thawte SSL CA - G2/organizationName=thawte, Inc./countryName=US

| Public Key type: rsa

| Public Key bits: 4096

| Signature Algorithm: sha256WithRSAEncryption

| Not valid before: 2016-09-29T00:00:00

| Not valid after: 2017-11-28T23:59:59

| MD5: 8d52 5b57 21fd fca6 f156 12cf 632b b63b

|_SHA-1: b1c2 64ef eb6f e973 479f c44a d562 627d 65b1 b23c

| ssl-enum-ciphers:

| TLSv1.0:

| ciphers:

| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 4096) - A

| TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 4096) - A

| compressors:

| NULL

| cipher preference: server

| TLSv1.1:

| ciphers:

| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 4096) - A

| TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 4096) - A

| compressors:

| NULL

| cipher preference: server

| TLSv1.2:

| ciphers:

| TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 4096) - A

| TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 4096) - A

| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 4096) - A

| TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 4096) - A

| compressors:

| NULL

| cipher preference: server

|_ least strength: A



Nmap done: 1 IP address (1 host up) scanned in 1.72 seconds

CONNECTED(00000003)

depth=2 C = US, O = "thawte, Inc.", OU = Certification Services Division, OU = "(c) 2006 thawte, Inc. - For authorized use only", CN = thawte Primary Root CA

verify return:1

depth=1 C = US, O = "thawte, Inc.", CN = thawte SSL CA - G2

verify return:1

depth=0 C = GB, ST = Staffordshire, L = Newcastle, O = OCUK Ltd, CN = *.overclockers.co.uk

verify return:1

---

Certificate chain

0 s:/C=GB/ST=Staffordshire/L=Newcastle/O=OCUK Ltd/CN=*.overclockers.co.uk

i:/C=US/O=thawte, Inc./CN=thawte SSL CA - G2

-----BEGIN CERTIFICATE-----

MIIGyjCCBbKgAwIBAgIQESEup3KNtYeJ1t0MAq94JzANBgkqhkiG9w0BAQsFADBB

MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMuMRswGQYDVQQDExJ0

aGF3dGUgU1NMIENBIC0gRzIwHhcNMTYwOTI5MDAwMDAwWhcNMTcxMTI4MjM1OTU5

WjBrMQswCQYDVQQGEwJHQjEWMBQGA1UECAwNU3RhZmZvcmRzaGlyZTESMBAGA1UE

BwwJTmV3Y2FzdGxlMREwDwYDVQQKDAhPQ1VLIEx0ZDEdMBsGA1UEAwwUKi5vdmVy

Y2xvY2tlcnMuY28udWswggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCz

ZEj8J50toJ/+rI+chJehwRvtQaIAGbC6rSfUzxKU7qZWCDM20kLyyzFkeEj7Rjii

iikXn/VHmeAtuozYf6P2VFsTc3nE3lhyTugDbAW0PuPO67A9M74dZymbmBOlKlxt

j6ceQjjcKzhI7vDCUdn8at2kdLEV+jvh70GA0jGMmOmlrUD2NN9Dc524s42rEcbU

dRaso5e+zSHwFMyhSsonUjD0CuAemOqi3WtBDkmTzvMqLuePWS7G+zf6gPMs2t1t

kUAutL7mD3WCKxPCuBtwqUtbL3s7ZD1Sb+28VsSa+tOH2um4wVCzKG1Hun2Ppw1c

oYSQznkOvEFox7Mq/GflgI9RV/O7sbCXmDo4FN5qx62DHR/y1QIWBwAqWmgYKnHd

WMo4LnvbAYceW29y2fwTfKjztMCX0rMatzUxEwV+aTYnwEHyYjLbNa0NG7mXl26y

dxYk3C2qXhtWDg4rqZCnKsejEtWxnuhwrVoNu46XD9fSMPE4M0mKJuhFTtWgardu

DdY3gjRxIiMHcq2FcH+SBN9kizUVPO5v9QEzDbHqN03gt9XeudOFQTKQbxsHaDp+

XjeVrPOoEDR3KaYxAHW2qUiCzHH+S/02FHhBFQz1wJnnXW0YFDmmUpI0p5BxIlI9

iBl/8yMbn6lWoSbiKzuvyd5xFg/6aYtDsCGIeuYVqwIDAQABo4ICkjCCAo4wMwYD

VR0RBCwwKoIUKi5vdmVyY2xvY2tlcnMuY28udWuCEm92ZXJjbG9ja2Vycy5jby51

azAJBgNVHRMEAjAAMG4GA1UdIARnMGUwYwYGZ4EMAQICMFkwJgYIKwYBBQUHAgEW

Gmh0dHBzOi8vd3d3LnRoYXd0ZS5jb20vY3BzMC8GCCsGAQUFBwICMCMMIWh0dHBz

Oi8vd3d3LnRoYXd0ZS5jb20vcmVwb3NpdG9yeTAOBgNVHQ8BAf8EBAMCBaAwHwYD

VR0jBBgwFoAUwk9IV/zRT5rAXTh9DgXb2S61UmAwKwYDVR0fBCQwIjAgoB6gHIYa

aHR0cDovL3RqLnN5bWNiLmNvbS90ai5jcmwwHQYDVR0lBBYwFAYIKwYBBQUHAwEG

CCsGAQUFBwMCMFcGCCsGAQUFBwEBBEswSTAfBggrBgEFBQcwAYYTaHR0cDovL3Rq

LnN5bWNkLmNvbTAmBggrBgEFBQcwAoYaaHR0cDovL3RqLnN5bWNiLmNvbS90ai5j

cnQwggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdgDd6x0reg1PpiCLga2BaHB+Lo6d

AdVciI09EcTNtuy+zAAAAVd1zD6GAAAEAwBHMEUCIQC2z1ReCpQFiNvg/7U0svJ7

MJw/XKidtKdKBH7yUAkUsAIgc3bzjoTJcfC6OQLKYtRU1HuIUcMlh7nt3jYzkR0w

oC4AdgBo9pj4H2SCvjqM7rkoHUz8cVFdZ5PURNEKZ6y7T0/7xAAAAVd1zD7bAAAE

AwBHMEUCIB6HOhKvwLHnd9WO/fCzA7A3+2VhWMFZHvZfUPrudqx9AiEA+j3HvdHL

iTBSvUh25xnAvGCqHd5vlyOUOas4DOrqo48wDQYJKoZIhvcNAQELBQADggEBAGxO

/kTaKSHdgJDlhHroDBQ45pE37GZptztqJ+7xcTP1Vih1Cd4wc0U+3gqELJwhY0bY

XtZOh9OGwoQY0sM28QQzQOAl3nvUmBhLEIwCZI8P/fe98cQvKNkS6PA+iJNtNvUT

GOvEtkwUnk3d0w/S2F+e4bQtONmyFjSZllToGmhRIjefC2v3l+lr/pxirbRCAiCk

zxXOlWwu6rVEkljEjc6IDct5KTVzGem0ND1G6bBp7l7e7VJOMF0O0oI8m0vsjuRq

uv3OemyTBMcXeWfdPeHyvRYqKI0AREq8H5bHHmmz3hMHRrNfEGbgrGG7fY2VwYqt

NiWCdorzPN85MawwqPU=

-----END CERTIFICATE-----

1 s:/C=US/O=thawte, Inc./CN=thawte SSL CA - G2

i:/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2006 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA

-----BEGIN CERTIFICATE-----

MIIEsjCCA5qgAwIBAgIQFofWiG3iMAaFIz2/Eb9llzANBgkqhkiG9w0BAQsFADCB

qTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf

Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw

MDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNV

BAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwHhcNMTMxMDMxMDAwMDAwWhcNMjMx

MDMwMjM1OTU5WjBBMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMu

MRswGQYDVQQDExJ0aGF3dGUgU1NMIENBIC0gRzIwggEiMA0GCSqGSIb3DQEBAQUA

A4IBDwAwggEKAoIBAQCy/Ab7BJPS6lkgO0SFl1I55xDweuCwlEDaRvgMKLu5zmA4

P9LYEUIbka1J7o/H3mzeN2/9iyA8bed009zVJIhBgInuNr7E1b6NUxOq5KW4kwq+

7NrNPNQyVu/QTqC4l7s5UB5uZcP9ss7gWalICcb+vq78PjuBIJeLj0bfYGQHdbsb

hjifR3s0zqHRl6122J+3Jtt5gDZI8sU3+NkyrnykU4HHmaFUOC9PdaC7WqW7zawC

WxkC1RMYp86sdFUSBYubopVGZHI4zVobOhanvnGZjFQDuJZsAdM+Bpg/IYE7An4A

R1MBHg5GQ/tLLdwLGugvmPh+0ZmrE2ykF95v9hX1AgMBAAGjggE7MIIBNzASBgNV

HRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBBjAyBgNVHR8EKzApMCegJaAj

hiFodHRwOi8vdDEuc3ltY2IuY29tL1RoYXd0ZVBDQS5jcmwwLwYIKwYBBQUHAQEE

IzAhMB8GCCsGAQUFBzABhhNodHRwOi8vdDIuc3ltY2IuY29tMEEGA1UdIAQ6MDgw

NgYKYIZIAYb4RQEHNjAoMCYGCCsGAQUFBwIBFhpodHRwczovL3d3dy50aGF3dGUu

Y29tL2NwczApBgNVHREEIjAgpB4wHDEaMBgGA1UEAxMRU3ltYW50ZWNQS0ktMS01

MzcwHQYDVR0OBBYEFMJPSFf80U+awF04fQ4F29kutVJgMB8GA1UdIwQYMBaAFHtb

Rc+vzst6/TGSGmq280brV0hQMA0GCSqGSIb3DQEBCwUAA4IBAQCNBt5DyXYCytkj

l17zY9d9RMIPawr1B+WLuPrgo/prgJK1AyzFN+DC5ZW1knAYKEKU7kt3agEPiyPs

Vk30AGnlhMji6t5bPvY8BzqUymwnscyDGmBxJ9K/AvUeRNNI1abTdiEAnPqYZOsX

Nj/rGzw+prHZWAYOctlovvGnINdS5KR3H3FwnVU1hTfhHU2UwnB/lUBuS32ytCkq

A3nIuUxnYQSgiyf/WQDrVX/GtzM1LV5OrLjqEsXo97mrvnSSLLfZTcqELxzC8HJ8

sjFuz4DliAc2UXu6Ya9tjSNbNKOVvKIxf/L157fo78S1JzLp955pxyvovrsMqufq

YBLqJop4

-----END CERTIFICATE-----

---

Server certificate

subject=/C=GB/ST=Staffordshire/L=Newcastle/O=OCUK Ltd/CN=*.overclockers.co.uk

issuer=/C=US/O=thawte, Inc./CN=thawte SSL CA - G2

---

No client certificate CA names sent

---

SSL handshake has read 3259 bytes and written 879 bytes

---

New, TLSv1/SSLv3, Cipher is AES256-GCM-SHA384

Server public key is 4096 bit

Secure Renegotiation IS supported

Compression: NONE

Expansion: NONE

No ALPN negotiated

SSL-Session:

Protocol : TLSv1.2

Cipher : AES256-GCM-SHA384

Session-ID: EA7485FD78A81552F7A4AFB93B3F3419522205904BC4368BD874A072DC17DCDB

Session-ID-ctx:

Master-Key: BCA41C36B4CC1AB0A33B8F64ACDC1225A1C78D256D687E5B6729E99D3E220BE32BEC9174F5B86B39CA93DD66723C2EA5

Key-Arg : None

PSK identity: None

PSK identity hint: None

SRP username: None

TLS session ticket lifetime hint: 300 (seconds)

TLS session ticket:

0000 - 3b 19 30 f3 13 5b 57 ec-da 52 9a bc 83 49 b6 1e ;.0..[W..R...I..

0010 - 8a c1 c7 ad a6 bf b3 68-97 15 68 20 8c 50 4c 06 .......h..h .PL.

0020 - a3 17 16 40 66 b2 9a c8-fc d0 d4 c1 ab 62 a0 44 [email protected]

0030 - 6b 8b 64 1b b0 11 a8 4a-82 58 81 41 b8 8e b1 1e k.d....J.X.A....

0040 - c4 0d bf 0f 00 a3 9c 35-27 71 91 72 6b 49 c9 53 .......5'q.rkI.S

0050 - 31 11 8e 8d c1 80 18 74-50 da 81 b6 df 83 0e d2 1......tP.......

0060 - c5 e3 9f 86 41 99 ed 3c-81 e2 6b 07 19 44 41 5b ....A..<..k..DA[

0070 - 79 d2 ea 0f 93 45 00 bf-ae 1f d9 da 07 e5 b7 ec y....E..........

0080 - fb f8 87 d0 40 38 62 6b-2e 96 4a 02 9f c0 33 4c [email protected]

0090 - 37 62 48 a0 9d 0c 75 43-a9 3c 8f 2a 61 e7 cd 5c 7bH...uC.<.*a..\



Start Time: 1487108883

Timeout : 300 (sec)

Verify return code: 0 (ok)

---

DONE

THE REST .... BURN IT WITH NAPALM

Seriously guys, take it down before a spotty 13 year old kid discovers the SQL injection hole on your site and p0wns you.

That doesn't sound good...

 

[Goberpiles316]

Sorry I dont like it

 

[LoadsaMoney]

Spent 5 mins wondering why it wouldn't show up for you. D'Oh.

 

[Subliminal Aura]

That doesn't sound good...

Yep, falling on deaf ears it appears...

The CVEs are all over the Xenforo website and publically accessible. Only a matter of time till we're haxored