UBB.Dev
Posted By: isaac UBB.threads 7.7.2 - Progress Report (2019-06-10) - 06/10/2019 10:47 PM
Changelog 2019-06-10
[NEW] CP: New forum feature toggle to require HTTPS for hotlinked inlined images. Enabling this feature will only allow hotlinking of images from secure urls (HTTPS) to be displayed inline. Hotlinked images from insecure urls (HTTP) will be presented as a clickable link. When you enable this feature, its recommended that you also rebuild your Posts, Signatures, and Private Messages with the Content Rebuilder, to update your older posts. When enabled, users editing their profile are notified, "Remote avatars must be https" and "Hotlinked signature images must be https." The Site Permissions editor (CP) for those permissions will also display a notice if this enabled feature.
[NEW] CP: New Content Transition tool. This tool will update all existing Main Forum URL references from HTTP to HTTPS (SSL). This action includes posts, private topics, profile comments, signatures, and user avatars. This performs the actions described in the OP of this thread [ubbcentral.com]. Preview: http://www.ubbcentral.com/forums -> https://www.ubbcentral.com/forums

[UPDATE] SECURITY UPDATE: Fetch IP library has been updated to clean up any ports, comma separated lists, and perform additional IPv4/IPv6 validation & handling. In the uncommon case where a valid IP address cannot be determined, the connection will be refused with an "Invalid IP address received" notice.
[UPDATE] CP: When debugging is enabled, on some pages which execute database actions, the database commands will be displayed.
[UPDATE] Profile Editor "Avatar (Profile Picture)" section has been updated with; 1/ Radio buttons for NONE and STOCK will now automatically highlight when they are being used. 2/ If not using a system assigned avatar, you'll get the warning about removing your preferred avatar if you select it. 3/ A broken avatar image no longer displays when there is no avatar. That code bug is now squashed. 4/ Cleaned up the "browse for file" button presentation. 5/ If the forum requires https and allows remote avatars, you'll get a warning of this requirement.
[UPDATE] Updated FontAwesome library from 5.8.2 to version 5.9.0 [fontawesome.com].
[UPDATE] Updated TinyMCE from 5.0.6 to version 5.0.7 [tiny.cloud].

[FIX] Breadcrumb not wrapping issue has been fixed. (Thanks to PianoWorld for reporting this bug!)
[FIX] The modern Hop-To Menu (in toolbar above post) and the classic Jump-Box Menu (footer of posts) lists will now truncate titles correctly.
[FIX] CP: Subscription date modifications have been corrected to use proper date formats of "YYYY-MM-DD" rather than relying on language strings, which vary with each language. (Thanks to BlackMale for reporting this bug!)
[FIX] "Remove nofollow in post content links if the link has the main forum url in it" introduced in UBBT759 now works as described.
[FIX] Cleaned up several scripts and templates.
Control Panel > Features > Require HTTPS for Hotlinked Images
Enabling this feature will only allow hotlinking of images from secure urls (HTTPS) to be displayed inline. Hotlinked images from insecure urls (HTTP) will be presented as a clickable link.

When enabled, users editing their profile are notified, "Remote avatars must be https" and "Hotlinked signature images must be https."

The Site Permissions editor (CP) for those permissions will also display a notice if this enabled feature.

** When you enable this feature, its recommended that you also rebuild your Posts, Signatures, and Private Messages with the Content Rebuilder, to update your older posts.

Attached picture https-for-hotlinked-images_01.png
Attached picture https-for-hotlinked-images_02.PNG
Control Panel > Content Rebuilder/Transition Actions > Update Forum URL References from HTTP to HTTPS
This tool will update all existing Main Forum URL references from HTTP to HTTPS. This action includes posts, private topics, profile comments, signatures, and user avatars.

This performs the actions described in the OP of this thread:
https://www.ubbcentral.com/forums/u...transition-your-forum-from-http-to-https

Preview: http://www.ubbcentral.com/forums -> https://www.ubbcentral.com/forums

Attached picture update-forum-url-refs.png
Profile Editor "Avatar (Profile Picture)" section has been updated with;

1/ Radio buttons for NONE and STOCK will now automatically highlight when they are being used.
2/ If not using a system assigned avatar, you'll get the warning about removing your preferred avatar if you select it.
3/ A broken avatar image no longer displays when there is no avatar. That code bug is now squashed.
4/ Cleaned up the "browse for file" button presentation.
5/ If the forum requires https and allows remote avatars, you'll get a warning of this requirement.

Attached picture avatar-profile-picture_01.png
Attached picture avatar-profile-picture_02.png
Attached picture avatar-profile-picture_03.png
URL examples in the following posts:

images hotlinked from the HTTP and HTTPS here:
https://id242.com/forums/ubbthreads.php/topics/20/attached-photos


This image is hot-linked to a domain on HTTPS.
IMAGE HTTPS:
[Linked Image from id242.com]

IMAGE HTTPS wrapped in URL BBCode:
[Linked Image from id242.com] [id242.com]

** if enabled, linked images from HTTP urls will get a link instead of trying to imbed. the hosted domain is displayed so the end user can decide if they want to click it or not.
IMAGE HTTP:
[Linked Image]

IMAGE HTTP wrapped in URL BBCode:
[Linked Image] [id242.com]
** links where the LINK TITLE and its URL match will remain the same output as previous versions of UBB.threads
example 1: https://www.amazon.com/dp/B07DRMSTX6
example 2: https://www.amazon.com/dp/B07DRMSTX...B07DRMSTX6B07DRMSTX6B07DRMSTX6B07DRMSTX6

** links where the LINK TITLE and its URL do not match will have the URL HOST placed after the title. it will have the www stripped and presented in all lower case as, [example.com]
BATMAN TOY [amazon.com]

** links where the URL HOST is our own, will display the same as previous versions of UBB.threads
Hello World

Notes:
* The "BBCode only" version is stored in the BBCode column of the post table, and and HTML version is generated upon saving.
* The "HTML only" version remains exactly as the user entered it, and will be presented back to the user if they return to make edits to it.
© UBB.Developers