IMPORTANT: SciForums Update - Report All Issues Here

I cannot understand why people are worrying about avatars, animated or not

1. Latex doesn't work - this is a major problem

2. "Go to last post" isn't available - this is very inconvenient

The guys at Physics Forums recently made the same server migration, and it works seamlessly. It may be worth the admins here talking to the admins there.

Otherwise this site is all but useless
 
LaTeX should be one of the simplest things to implement. If y'all would like to use mathtex.cgi instead of mimetex.cgi, I will offer my server to parse the calls. It looks much better as png graphics, anyway.
 
Latex doesn't work - this is a major problem
You mean the XenForo consultants are aware of and concerned that this is a science forum trying to using their software? Fascinating, the way things are going I felt that would be one of the tail-end breakthroughs requiring days, weeks, months.
"Go to last post" isn't available - this is very inconvenient
Only an extra step of the "Page Down" key after clicking the last page number link displayed. Topics displayed up-front on the SF index already seem to go to the last post.
The guys at Physics Forums recently made the same server migration, and it works seamlessly. It may be worth the admins here talking to the admins there. Otherwise this site is all but useless
Remarkable that there are people actually trying to carry on the usual discussions. I see no point in doing anything here other than irregularly visiting the Site Feedback porch to watch the corn grow.
 
LaTeX bbcode is called in the same way it is on free software like phpBB3. I just created a demo xenforo site, and here's a screenshot of the "Add custom bbCode" page.

bbcode.png


All we need is to be defined and pointed to <img src="http://myserver.net/cgi-bin/mathtex.cgi?{TEXT}" align="absmiddle" title="{TEXT}">
 
As I said, I'll host tex on my machine. Trippy can attest that it is robust and reasonably complete in packages. Y'all let me know.
 
Breadcrumbs work for the thread views, but not for "who's online".

Do you need to edit functions for every file? This is getting ridiculous. Are the XenForo devs working on this?
 
The image I posted is visible in the editor, and was visible on the thread view a moment ago, but now it's not? What the hell?

Edit: And now it is again. :?
 
Sorry, guys. Now y'all should be able to see the images too. I had to modify my .htaccess to allow images from my site to be viewable here. :oops:

Let's check:
alien.gif


Animated gifs display in the editor window at least. And in the thread view, for me. Do y'all see the image?
 
The image posted in #124 gives me "denied access". Anyway, this is hardly a full solution. Only fully operational tex tags and embedded url links will even go part way to restoring full functionality here.

Are members willing to go that extra mile (in terms of number of key strokes etc) to get even a fraction of what they had before the migration?

I doubt it - get on the case!!
 
A lot seems to be browser dependant. My son has Chrome on Win 7, and the CSS isn't properly rendered I guess. Everything here is in black and white for his machine..

rpenner said:
Something like TEX support from a CGI program is the number one attack vector for running arbitrary commands on your system.

Mathtex.cgi is a compiled C program not called by the shell, and my bash is fully patched. If the LaTeX markup isn't parsed properly it throws an error graphic, just like mimetex. But you know that..
 
Hey guys.

A couple of answers to your questions and reports.

We're trying to fix the JS error, we created a ticket and apparently it's XenForo problem. Some of the problems are related, so they'll probably be fixed too when the JS error is solved.

1. LaTex

We installed the BB Code pack add-on, but apparently it doesn't work. We'll play around until we enable it.

2. Ban List

Same goes here. Ban list is also an add-on. We installed it, options are ok, but it still doesn't show.

3. Last post

I thought that XenForo will use same structure for posts (but apparently that's not the case). Currently, when you click the thread title you'll open the last post. We'll figure out something.
 
Mathtex.cgi is a compiled C program not called by the shell, and my bash is fully patched. If the LaTeX markup isn't parsed properly it throws an error graphic, just like mimetex. But you know that..
Having bash patched is the important part, because if Mathtex.cgi passes environmental variables to the shell (the default behavior of the system(3) call and simpler variants) then there remains a shellshock vector.

The bash shell since at least version 2, has allowed passing of not just environmental variables in the environment, but arbitrary shell functions.
bash(1) man page said:
Functions may be exported so that subshells automatically have them defined with the -f option to the export builtin.
That's pretty insane if useful in a programming sense:
Code:
env echo='() { :; }; # Silence echo' bash -c "echo This is a test"
However as dangerous it is to be able to re-write unqualified command names (for protection write code with exact paths or totally lock down the environment passed to bash), it is entirely possible to inject arbitrary code even when no shell functions are called, because the shell runs code trailing functions at time of reading the environmental variables and function definitions.
Code:
env x='() { :; }; echo vulnerable to running arbitrary command' bash -c "echo This is a test"
On an unpatched system this gives:
Code:
vulnerable to running arbitrary command
This is a test
as output.
 
Back
Top