Can't upload image if option "restrict file type" is set when I do post creation

Bug Reports

Suggested Topics

  • 0 Votes
    3 Posts

    @jtsimoes said in Reputation system disabled but still get warnings about low reputation for post frequency:

    It happened to me on v1.11.1 too. You can "fix" it by setting this to 0 on posts settings.

    Thanks! 👍 👍

  • 1 Votes
    2 Posts

    I see he same issue as @Technowix was just going to report. Plugins that are upgradable for me seem to want to downgrade to previous version.

  • 0 Votes
    19 Posts

    @julian No wait julian - something's wrong. Look here the tags work!


  • 0 Votes
    1 Posts

    I just upgraded to the current git version of nodebb after I noticed that upgrading to 0.4.3. removed the Reply and New Topic buttons (no idea why that happened). The upgrade fixed that, but now when I try to create a new topic I just get the message "Category doesn't exist" when I click Submit (reply works though).
    I'm running nodebb on Windows using mongodb. I had problems with categories before but managed to fix it manually, see

  • 0 Votes
    4 Posts

    Meanwhile I got it fixed. Apparently I had some problems with my browser (I mostly use a Chromebook) not showing certain items on screen and sometimes not giving feedback about saves. Seems to work fine with the current code :).

    Regarding my security certificate: that is perfectly fine. It is not the safest certificate (which is a self-signed certificate contrary to what vendors try to tell you), but a free from CACERT. Since my site will be geared towards white-hat hackers, it is some kind of inside joke while at the same time scares away some spammers. Bit off-topic to explain the inside joke, but:

    According to group thinking, certificates need a trusted third party to proof that an identity (e.g. your email, or a URL of a server) belongs to a person or a server. Those trusted third parties are the certificate authorities. An organised man-in-the-middle in a security protocol! Crazy! Especially since none of these authorities really can be trusted: many of them have been hacked, most of them are US based, in this post-Snowden era you already know who else has the private keys of those CA ... They even invented the more expensive EV-SLL ("enhanced validation") certificates, in fact admitting that before they didn't really validate an identity as documented in their own procedures. I once worked for a company that owned 3 of those certificate authorities. We were not even using the certificates internally ...

    It is even worse. Not you" decide which certificate authority to trust, the browser vendors maintain a list, that is even different between the browser vendors. If they have that CA listed in the browser, you won't even see a warning. It costs for a certificate vendor about 50.000 USD to be "trusted" by the browser companies. When I see at the "trusted" CA list I notice a lot of malicious organisations yet they are trusted by the browsers. And mal-ware writers even know how to modify the list. A broken security model, or at least the implementation, yes ...

    Personally I think we can fix the model, but keep all browser vendors and certificate authorities outside the picture. The first problem is to trust that a specific public key belongs to a person/server. The problem was distribution. Really? I can send/publicize my certificate in hundreds of ways (We-chat attachment, Weibo posting, Facebook posting, tweet, ...). It unfeasible to intercept/modify all possible communications for any government or malicious organisation even if you control my ISP. Maybe we can have something like bit-coin transactions, certificate validated if X third parties agree ...

    DO not even get me started about the current OpenSSL issues :).