By popular request, I took a look at ikonBoard. The version I checked is the brand new 3.11.
My first look made me grimace:
$SIG{__WARN__} = sub { my $wn = shift; return if $wn =~ /Use of uninitialized value/i; #Most annoying return if $wn =~ /name "(?:.+?)" used only once/i; #Very annoying warn $wn; };
Ugh. We're off to a grand start. No taint mode either. But strict! Well, it wants to be mod_perl compliant..
The codebase is pretty large so I didn't examine it as closely as YaBB's, even though I spent a lot more time looking at this one. However, the more I looked, the more it made up for the initially awful impression. The global configuration variables have been stuck into package iB and there's no other globals - parameters are passed as subroutine arguments. Great. Its SQL bindings modules appear to be carefully proofed against SQL injection attempts.
There is no central input validation instance, but wherever I looked data seems to get validated, somehow or other, at one point or other, in safe fashion. It still leaves me with the uneasy feeling in the stomach that a developer may overlook a variable or other and open up a hole, but in contrast to the YaBB team they do seem to have a healthy distrust for external input.
At this point, I feel I can recommend ikonBoard in good consciousness as a suitable messageboard engine.
Makeshifts last the longest.
In reply to Re: How about Ikonboard?
by Aristotle
in thread What do people think of the YaBB forum script?
by kiat
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |