Three weeks ago we released the first public alpha of SMF 2.1 which has been met with some interesting and positive feedback. Issues are now being logged on our bug reports board. Since SMF 2.1 is an open source project, constant feedback from the community (that means you) is crucial to the team's ability to meet our high standards for SMF 2.1.

The first in our series of blog posts focussing on SMF 2.1 looked at security enhancements.

This week we're taking a look at improvements to one of our key features; Posting.
We have learned from these forums at simplemachines.org that posting is important to every SMF install. So we identified several posting related  features that seemed important to a large number of users. We feel that these posting enhancements really take SMF up a notch, and we are truly proud of these features.

WYSIWYG Editor
SMF led the way among free forum software with a built in WYSIWYG editor in version 2.0.  Because WYSIWIG editors are complex and must support so many browsers, we have been evaluating third party WYSIWIG editors. It was a recent mod from Nibogo that showed off the beauty of Sam Clarke's SCEditor. After investigating the editor further, we decided it was a perfect fit for SMF 2.1.  It is lean, sharp, and stable.  After 2.1 install, this editor will be a profile option for every user.  We won't be surprised if other open source projects begin using this excellent WYSIWIG editor, too. Thank you, Sam Clarke!

Drafts
A new, but powerful feature to SMF 2.1 is the ability to save a draft version of a forum post.  This means that, if your browser crashes, you experience an internet interruption, or you are called to dinner, you won't entirely lose your long, well thought out post.  The most recent saved version of your draft will be available when things settle down.  Just turn this on through Core Features and give it a test drive.

Attachments
SMF has had attachments support from its very first release. It has improved over the years to meet the growing demands of faster internet connections and more social interaction. In SMF 2.1, we have improved performance without changing the way members interact with the board by introducing new functionality to manage the number files in a given directory, automatically manage folders locations/creation and maintenance options for administrators to work with. Imagemagick support has also been added. In addition, when SMF 2.1 is forced to reject a file for an attachment (unsupported file format, file to large, file seems to be infected), SMF will tell the user exactly what was wrong so they can fix it and resubmit it, SMF will also check it has enough memory available to resize images.  Finally, we have added to the number of supported file formats, and improved our file checks so SMF can protect your members from infection while rejecting far fewer files.

SMF has always been a polished, streamlined, and efficient forum system, and we are sure you will agree that this new release represents a solid step forward for SMF.

Do you want to watch our progress?
SMF is Open Source software released under the BSD license. You can view our current progress and see the work on these and other features.  You are welcome to view the latest code, and also to submit your own suggested changes or fixes.  Just check out our code base at github -- http://github.com/SimpleMachines/SMF2.1

QuoteAfter 2.1 install, this editor will be a profile option for every user.

Interesting.  One thing I noticed about some editors is that if you copy something and paste it into the window the format is unpredictable.  Another thing is load speed.  I look forward to the new editor.

Attachments checked for infection.  Interesting.  Looking forward to the new version.

Quote from: butchs on September 16, 2012, 09:46:28 AM

QuoteAfter 2.1 install, this editor will be a profile option for every user.

Interesting.  One thing I noticed about some editors is that if you copy something and paste it into the window the format is unpredictable.  Another thing is load speed.  I look forward to the new editor.

Attachments checked for infection.  Interesting.  Looking forward to the new version.

Hi butchs,

If you want, you can try out an alpha build with the new editor for your testing purposes
http://www.simplemachines.org/community/index.php?topic=485590.0

Or I'd be happy to let you have a shot with my install

Quote from: butchs on September 16, 2012, 09:46:28 AM

QuoteAfter 2.1 install, this editor will be a profile option for every user.

Interesting.  One thing I noticed about some editors is that if you copy something and paste it into the window the format is unpredictable.

That is most likely true for any editor that has to cope with BBCode.
If for example you copy and paste from a web page, you will bring many many things that are not possible to convert: h1, h2, h3, hx, styles applied through classes, tags without an equivalent bbcode, etc.
It's basically impossible in most of these cases to convert the html to a meaningful bbcode.

Quote from: Trekkie101 on September 16, 2012, 10:04:14 AM
Or I'd be happy to let you have a shot with my install

Ok, I downloaded the zip file.  I tested it and actually the paste issue "from non-html sources" has disappeared for my browsers.  It seems faster and looks cleaner.  Me likes...

Great! Validation that we made the right choice.

Many many thanks to you  for your tropics.

With the best,

Jahangir Alam

What about updates? I mean, do you intend to release an update every time there's a new version of SCEditor, even if that means no code changes to SMF itself, or you'll be including bugs fixed up to date when the new SCeditor is released?

I wouldn't.

That's how *I* would deal with it, personal preference.
If by the time 2.1 will be ready there will be another release *and* it is  a considerable improvement *and* someone is willing to port the custom code we added (and that reminds me acronym is broken! I have to fix it!) to the new version, then I think we should consider to include it, but after that stop. Any new version will not be considered unless there is some serious bug.
Of course this is my personal opinion, nothing more.

I meant how you want to deal with it after 2.1 with SCeditor has been released.

If you mean 2.1.1, 2.1.2, that's what I wanted to explain but apparently I failed...
Making it a bit more straight: from my point of view the version included with 2.1 shouldn't be update until 2.2.

And if there's a vulnerability found in SCeditor before the release of 2.2?

A question that has not already asked about jQuery?

It would be nice if you can provide a link I don't know all the content here by memory

vulnerability updates and security fixes will always be patched on SMF with a security patch as soon as possible.

that is different from an "update"

2 topics below that one: http://www.simplemachines.org/community/index.php?topic=463767.0

I see there's a Youtube tag in the js of the new editor. Will this be active in the final release of SMF 2.1?

Since there is no corresponding bbcode no, it will not be active by default (though it will be there because I modified the editor as little as possible in order to simplify as much as possible future upgrades).

Quote from: emanuele on September 16, 2012, 10:17:02 AM

Quote from: butchs on September 16, 2012, 09:46:28 AM

QuoteAfter 2.1 install, this editor will be a profile option for every user.

Interesting.  One thing I noticed about some editors is that if you copy something and paste it into the window the format is unpredictable.

That is most likely true for any editor that has to cope with BBCode.
If for example you copy and paste from a web page, you will bring many many things that are not possible to convert: h1, h2, h3, hx, styles applied through classes, tags without an equivalent bbcode, etc.
It's basically impossible in most of these cases to convert the html to a meaningful bbcode.

Ive not test driven the new version yet but if tags like h1 ,h2 ect are an issue can the editor be made to ignore them and only use the tags we would normally need in a post if the content is copy - pasted in ?  Ive played a few juggling games here on smf with this issue and end up dropping it in a notepad first to strip it before posting if the editor goes crazy.

Never tried me too, but my comment was more referring to the fact that there are tags and other styles that cannot be represented by the editor and by SMF itself, but many people using the WYSIWYG editor expect that it works like a word processor and reproduce exactly the webpage they copied to the editor. That is impossible for several reasons (and the first is that SMF is not a word processor ).

If the world was made of notepad simple docs, without tags, you could!

You just have to imagine it

Really? You see colors? I'm still doing with the punched cards!

Command line is almost as bad.

Some of us can do an awful lot with a command line. In some ways it's *way* more efficient than a GUI

I can also get into way more trouble with a command line than I can a GUI heh

Most of my dos capabilities sneaked out of my brain years ago. But it was fun back then, tweaking config.sys etc.

Quote from: Trekkie101 on September 16, 2012, 09:20:19 AM
[...] SMF 2.1 is forced to reject a file for an attachment (unsupported file format, file to large, file seems to be infected), [..] improved our file checks so SMF can protect your members from infection while rejecting far fewer files. [..]

Interesting how exactly can it check a file for virus infections?

SMF 2.0 already does it to a certain degree.

It's a little bit disingenuous to call it 'virus infection' because it isn't.

It primarily checks for things like images containing scripts when they shouldn't, which is a known injection method for getting malware onto a computer.

Quote from: Arantor on February 09, 2013, 04:05:01 PM
SMF 2.0 already does it to a certain degree.

It's a little bit disingenuous to call it 'virus infection' because it isn't.

It primarily checks for things like images containing scripts when they shouldn't, which is a known injection method for getting malware onto a computer.

I haven't noticed that feature actually, good to know that it exist.

Quote from: Arantor on February 09, 2013, 04:05:01 PM
It primarily checks for things like images containing scripts when they shouldn't, which is a known injection method for getting malware onto a computer.

Interesting.  Was this after RC4?  Where is the code located?

Forum Firewall for 2.0X also checks for the same type of thing, possibly a little more, as it scans your system once a week.

This was added in RC4. Though apparently the post here suggests it was changed again in 2.1.

It would be great if someone would've conducted security tests against built-in SMF security features and 3rd party protection like forum firewall to see how useful they actually are, like we're doing on other non-PHP security products. Twice as great with comparison to other concurrent bulletin boards . The same about Cloudflare security mechanisms, they're flaunting and advertising their protection, but how much does  all of it actually works in real world, we don't know. I know that dedicated application firewalls (like from Barracuda) have protected a lot of servers, at least, against SQL attacks, but hard to say how much useful are above mentioned products.

I just created a Free Discussion Board with 2.0.6 version, and I'm now waiting to up-to-date it to 2.1 ASAP!
I am so curious to see what news will really be in the new version you're coding these days...     

Quote from: MeloBart95 on January 12, 2014, 11:24:58 AM
I just created a Free Discussion Board with 2.0.6 version, and I'm now waiting to up-to-date it to 2.1 ASAP!
I am so curious to see what news will really be in the new version you're coding these days...     

From what i understand, 2.1 wont be released for some time 

http://www.simplemachines.org/community/index.php?topic=516764.0

http://www.simplemachines.org/community/index.php?topic=515977.0

Never mind the fact that you can - if you want to - grab it right now from Github, with the understanding that things are broken, unfinished and not going to receive support...