Learning / Internship Projects & Reports

Brevisbb


Name: theodoros papathanasiou
Date added: 2011-02-16 20:30:00
Hits: 117
Community Space
Link to internship report if online:http://www.opense.net/index.php?option=com_sobi2&sobi2Task=sobi2Details&catid=18&sobi2Id=167&Itemid=218
Type of learner
0


Description: OPEN SOURCE BULLETIN BOARD SOFTWARE
BrevisBB is a free lightweight-forum bulletin board software solution that can be used to stay in touch with a group of people or can power your entire website.
My Testing of F/OSS Experience!
I download and installed your software (version 0.9.86) for testing purposes I found it lightweight, reconfigurable, flexible and overall a good choice for forum software. Congratulations for your work!
I am writing a short report of my testing hoping that it will be helpful. I tested brevisbb on a Windows 7 machine using xampp with the following configuration:
Apache 2.2
PHP: 5.3.1
MySQL 5.1.4
In this report I would like to present the problems I encountered while
Testing of F/OSS and the ways I used to overcome them.
I had trouble installing the application which I found was caused by the use of short PHP opening tags. In my opinion, this needs to be corrected in future versions. After I enabled the short tags syntax, the installation completed successfully.

Later, when I tried adding posts I got an error message.which I traced to a line in reply.php
WHERE topics.topic_id = " . safeEscape($_GET['t'])); $qqq+=1;

It seems that the database prefix has been overlooked in this case. I corrected it to
WHERE " . $table_prefix . " topics.topic_id = " . safeEscape($_GET['t'])); $qqq+=1;
and it works.

After I made this change, though, I got another error:

I checked the database and indeed, table activities was the only one without the prefix. I traced this error to install.php and in particular:

$result0=mysql_query("CREATE TABLE activities (...
which I change to
$result0=mysql_query("CREATE TABLE $_SESSION[db_prefix]activities (as in the rest of the tables).

The most important bug I found, though, was that unauthorized access to admin scripts is permitted. A direct visit to brevisbb0986/adm from a user who is not logged on resulted in this page which I think allows the user to perform tasks he shouldn’t see.
RSS Feeds