Upgrade issues

finid

@julian

Now works fine on FF, but hanging on Chrome. Screenshot of my footer.

julian

Yeah, try clearing the /public/templates folder.

finid

@julian

I did. And it was only after I deleted it that it started working properly on FF.

finid

In dev mode, when I go from the home page to a category page, Chrome Web console shows:

WebSocket connection to 'ws://forum.linuxbsdos.com/socket.io/1/websocket/IzIwzImA1otZflxqwQAn' failed: Unexpected response code: 502 

julian

@planner Still a bit wonky on Chrome, and it's dropping back to xhr-polling, which is quite weird.

Make sure your vanilla and lavender themes are 0.0.18-5 and 0.0.24-5 respectively.

finid

@julian

While we on this, I think there's a major security bug on NodeBB that gives me admin rights on our posts. I can edit, delete, move them. See screenshot

That's weird. After navigating away from this page and coming back, I lost the privilege of editing your post.

finid

Messages from the Web console of FF 28 when moving from page to page.

Firefox can't establish a connection to the server at ws://forum.site.com/socket.io/1/websocket/SR0lQK_OJLDCEwYiuhMO. socket.io.js:2
Use of getPreventDefault() is deprecated.  Use defaultPrevented instead. nodebb.min.js:2
Empty string passed to getElementById(). nodebb.min.js:1
Empty string passed to getElementById(). nodebb.min.js:1
Empty string passed to getElementById(). nodebb.min.js:1
Empty string passed to getElementById(). nodebb.min.js:1
Empty string passed to getElementById().

And if it helps, here's a screenshot of the files associate with the errors.

julian

Thanks @planner -- try running it in dev mode (./nodebb dev), since in production mode, everything's on one line

finid

@julian

I'm actually running in dev mode. See message below. (For the record, the emailer-local and db-search plugins are current. I uninstalled and reinstalled them just to be sure):

warn: Route requested but not found: /plugins/fireHook
warn: [plugins/nodebb-plugin-dbsearch] "callbacked" deprecated as of 0.4x. Use asynchronous method instead for hook: filter:admin.header.build
warn: [plugins/nodebb-plugin-emailer-local] "callbacked" deprecated as of 0.4x. Use asynchronous method instead for hook: filter:admin.header.build
warn: Route requested but not found: /vendor/fontawesome/css/font-awesome.min.css
warn: Route requested but not found: /api/admin/plugins/emailer-smtp?_=1396398300353

Btw, see this screenshot. Also, I can attempt to move your post, but the Move is greyed-out. Still, something's not right.

finid

Make sure your vanilla and lavender themes are 0.0.18-5 and 0.0.24-5 respectively.

@julian

Since I just upgraded, all themes and plugins should be current, right? In any case, Vanilla is 0.0.18 while Lavender is 0.0.24.

And I don't have that many plugins installed. Colors plugin was last updated a month ago. Is the code still kosher?

julian

@planner said:

Vanilla is 0.0.18 while Lavender is 0.0.24.

Actually, no! We made a mistake in publishing 0.0.18 and 0.0.24, and the latest versions are actually -5.

I've republished them as 0.0.19 and 0.0.25, please update and try again.

finid

@julian

just npm up nodebb-theme-*, nothing else, right?

julian

Actually, that probably wouldn't work. You can just pull the latest version from master of v0.4.x branch, and run npm install

finid

@julian

You mean *git-pull the theme itself or NodeBB?

julian

NodeBB itself -- package.json got updated

finid

@julian

Help me further, so I know I'm doing the right thing. After git-pull, npm install or ./nodebb upgrade?

julian

Both will work, though just so people don't get the wrong idea, ./nodebb upgrade is the official recommendation.

finid

@julian

All done. However, Emailer local bug has not been resolved.

Btw, let's chat. I've got something private for you.

frissdiegurke

@planner said:

@julian

While we on this, I think there's a major security bug on NodeBB that gives me admin rights on our posts. I can edit, delete, move them. See screenshot

That's weird. After navigating away from this page and coming back, I lost the privilege of editing your post.

Edit/Delete/Move post shown if loaded via ajax · Issue #1322 · NodeBB/NodeBB

It seems if any post gets posted by user B while user A reads the topic, the Edit, Delete and Move buttons are shown like user A would have the privileges of user B (tested Edit that doesn't work ^^ so no real security problem) noticed b...

GitHub (github.com)

julian

@frissdiegurke Thanks for the repro steps, now I know where to search