Date added: 2011-02-16 20:30:00
Link to internship report if online:
Type of learner
Description: OPEN SOURCE BULLETIN BOARD SOFTWARE
BrevisBB is a free lightweight-forum bulletin board software solution that can be used to stay in touch with a group of people or can power your entire website.
My Testing of F/OSS Experience!
I download and installed your software (version 0.9.86) for testing purposes I found it lightweight, reconfigurable, flexible and overall a good choice for forum software. Congratulations for your work!
I am writing a short report of my testing hoping that it will be helpful. I tested brevisbb on a Windows 7 machine using xampp with the following configuration:
In this report I would like to present the problems I encountered while
Testing of F/OSS and the ways I used to overcome them.
I had trouble installing the application which I found was caused by the use of short PHP opening tags. In my opinion, this needs to be corrected in future versions. After I enabled the short tags syntax, the installation completed successfully.
Later, when I tried adding posts I got an error message.which I traced to a line in reply.php
WHERE topics.topic_id = " . safeEscape($_GET['t'])); $qqq+=1;
It seems that the database prefix has been overlooked in this case. I corrected it to
WHERE " . $table_prefix . " topics.topic_id = " . safeEscape($_GET['t'])); $qqq+=1;
and it works.
After I made this change, though, I got another error:
I checked the database and indeed, table activities was the only one without the prefix. I traced this error to install.php and in particular:
$result0=mysql_query("CREATE TABLE activities (...
which I change to
$result0=mysql_query("CREATE TABLE $_SESSION[db_prefix]activities (as in the rest of the tables).
The most important bug I found, though, was that unauthorized access to admin scripts is permitted. A direct visit to brevisbb0986/adm from a user who is not logged on resulted in this page which I think allows the user to perform tasks he shouldnâ€™t see.