Community
    • Login
    1. Home
    2. Popular
    Log in to post
    • All Time
    • Day
    • Week
    • Month
    • All Topics
    • New Topics
    • Watched Topics
    • Unreplied Topics
    • All categories
    • H

      Harmandeep Singh Kandhari - Enhancing Plugin Security and Preventing Malicious Code Execution

      Watching Ignoring Scheduled Pinned Locked Moved Security
      2
      0 Votes
      2 Posts
      25 Views
      CoisesC

      @harmansinghdeepkandhari:

      When you install through Plugins Admin, Notepad++ verifies that the hash of the downloaded zip file containing the plugin matches the hash that was supplied when the plugin was added to or updated in the plugins list.

      That is all that is done. Aside from the three plugins included with Notepad++ (MIME Tools, Converter and NppExport), the author/maintainer of Notepad++ does not vet plugins.

      Realistically, he could not do that comprehensively. And — in my opinion, wisely — he does not make a halfway, superficial attempt (like running them through a “virus checker”) which would only give a false sense of security and open up the project to claims that it didn’t do “enough.”

      Further, it should be understood that plugins in Notepad++ are fully capable of doing anything Notepad++ itself can do. They are C++ programs (or the equivalent) running in the same security context as Notepad++. The architecture is very flexible, but it presumes one only installs plugins worthy of trust.

      The user (or system administrator, in a managed system) is completely responsible for establishing the suitability of Notepad++ plugins (just as the same responsibility applies regarding Notepad++ itself). Nearly all are open source; you can examine the code, the issues, and so on. You cannot assume that inclusion in the plugins list means any plugin is “safe”; your own due diligence is required.

    • วีรภัทร ทวีทรัพย์ว

      The official repository, download.notepad-plus-plus.org, is down!

      Watching Ignoring Scheduled Pinned Locked Moved General Discussion
      2
      0 Votes
      2 Posts
      31 Views
      PeterJonesP

      @ว-รภ-ทร-ทว-ทร-พย ,

      This was announced some weeks back.

      It was shut down for security reasons, and indications are it’s not coming back.

      As I indicated in this GitHub issue, that location was not the primary storage for downloads: the official https://notepad-plus-plus.org/downloads/ page has linked to the installer/zip file binaries stored in the GitHub Releases page https://github.com/notepad-plus-plus/notepad-plus-plus/releases/ for years.

      The only thing the developer really used that https://download.notepad-plus-plus.org/repository for was temporarily holding the “RC” Release Candidate versions (which he now does in an RC tag in his GitHub fork, when he’s got an active RC Announcement), and as a backup of historical releases.

      It appears that backup wasn’t sufficient to overcome the security issues involved.

    • Bob SmithB

      notepad++ treat sc files as c files

      Watching Ignoring Scheduled Pinned Locked Moved Help wanted · · · – – – · · ·
      2
      0 Votes
      2 Posts
      42 Views
      bdoserrorB

      @Bob-Smith
      Settings | Style Conifigurator

      Choose “C” from the Langugae dropdown
      Enter “sc” in the “User Ext.” box at the bottom left

      b0b56e34-e32b-477e-b902-1e9bbcc2a9a2-image.png

    • Jerry DJ

      V8.9.1 Cannot get all of UDL to load

      Watching Ignoring Scheduled Pinned Locked Moved Help wanted · · · – – – · · ·
      4
      0 Votes
      4 Posts
      105 Views
      PeterJonesP

      @Jerry-D ,

      You need to add : to the Operators 1 list on Operators & Delimiter, so that the UDL text parser can see that the : isn’t meant to be part of the non-keyword string ABILITYCATEGORY: instead of the keyword string ABILITYCATEGORY

      Here’s replicating your issue (with a small example):
      e9dc8ed7-a0a9-4ef6-9524-da69412c6974-image.png
      Note that ABILITYCATEGORY, Background, VISIBLE, and QUALIFY are all defined as keywords, but none are highlighted.

      Now edit Operators & Delimiter > Operators 1 list (with operator style set RED to make it obvious):
      31e1f3d6-6108-47e2-ab2c-0510807e80b8-image.png

    • donhoD

      Notepad++ v8.9.1 Release

      Watching Ignoring Scheduled Pinned Locked Moved Announcements
      18
      6 Votes
      18 Posts
      10k Views
      PeterJonesP

      @Drift91 said in Notepad++ v8.9.1 Release:

      the user had outdated themes, which didn’t have the KEY style for either Langage:INI or Language:Properties.

      Were the preinstalled themes out-of-date,

      Yes. Only stylers.model.xml and themes\DarkModeDefault.xml were guaranteed to have all updates; all other themes were up to the original theme author and/or other volunteers to keep up to date, and volunteer ever took real ownership of them. That’s why I implemented the new feature, to make sure that themes would never get hopelessly out of date again.

      I didn’t see a changelog entry about it.

      The changes involved in this new feature were announced as:

      v8.8.9 Announcement, Item 8 v8.9 Announcement, Item 7 v8.9.1 Announcement, Item 10 (above)
    • LaMar ML

      Modleine Parser No Longer Works

      Watching Ignoring Scheduled Pinned Locked Moved General Discussion
      1
      0 Votes
      1 Posts
      5 Views
      No one has replied
    • mr10008M

      Installation takes looooong time

      Watching Ignoring Scheduled Pinned Locked Moved Help wanted · · · – – – · · ·
      1
      0 Votes
      1 Posts
      41 Views
      No one has replied
    • Daniel CaldwellD

      Disconnect on save with NPPFTP

      Watching Ignoring Scheduled Pinned Locked Moved Help wanted · · · – – – · · · nppftp
      5
      0 Votes
      5 Posts
      1k Views
      Bob SmithB

      @iChal2112 That worked. Thank you :).

      I will add the steps in case anyone finds this post with google.

      Click the settings icon in the notepad ++ ftp plugin, profile settings, click a profile you want to edit, cache, click the … button by add new button, set a local path I chose C:\Users\user_name\Downloads, set a external path I chose /, click the add new button

      An odd thing to note. I am using Windows 11. I also have admin privileges on my computer but still needed to do this. Not sure why I was having trouble. This issue occurred on a red hat server. The red hat server has time out issues all the time.

      I have zero problems on my sunos servers. I did not change my cache settings at all on my sunos servers.

      Someone that is good with copilot pointed out another option is to use winscp with notepad ++. This required no setup. Just use winscp to open your remote file in notepad++. I have notepad ++ setup as my default text editor. Not sure if this is the case for all Linux/Unix servers but scp is more stable on the red hat server I am using.

    • donhoD

      Notepad++ v8.9.2 Release

      Watching Ignoring Scheduled Pinned Locked Moved Announcements
      3
      1 Votes
      3 Posts
      698 Views
      PeterJonesP

      @donho ,

      Regression with UDL. See #17520 for details.

      Steps to Reproduce

      Launch fresh portable v8.9.2 In Language > User Defined Language > Define your language…, set KEYWORDS1 = ABILITYCATEGORY Paste the following:ABILITYCATEGORY:Haunted VISIBLE:QUALIFY ABILITYCATEGORY:Background / Quirk VISIBLE:INVISIBLE ABILITYCATEGORY:Arcane VISIBLE:QUALIFY Set Language > User-Defined Crash

      Issue report has NppDump.dmp file.

      Same steps work just fine in fresh portable 8.9.1, so it’s a regression in this version.

      (This occurred while I was trying to create my reply here – it would crash when I was trying to create the new UDL in v8.9.2, but if I went to v8.9.1 portable, it worked just fine.)