Manage Attachments Will Not Work

You'll need to look at whatever you changed between getting it to work over in this thread and now. I'm afraid there is nothing wrong with the forum software, so you'll have to step through all your security software to find the cause.

Since the Manage Attachments function is a combination of a popup window and Javascript, anything at all on your system that can manage, block or otherwise interfere with or filter those is suspect. I don't know the capabilities of the KAV script checker, but if it blocks or filters active scripting, it could cause an effect.

Best recommendation is to start disabling things one at a time until you find the culprit.

 

The issue of being cautious with wildcards on domains is mostly about not trusting all sub-domains where a site allows member pages, or any type of pages that are not published solely by the main site owner. Places where you would not want to put a wildcard based trust in place would include ISP domains, where the customers can put up their own member pages.

This isn't a real world example, but the concept. Say you are a user of megaISP.com. Their webmail site is: mail.megaISP.com and their profile management is done via: myaccount.megaISP.com. You'll probably need to allow active scripting, at the least to use those pages, so you decide to use your browsers trusted zone. However, if their customers are allowed to put their own webpages up at: memberpages.megaISP.com/~membername/index.html, then it is not recommended to trust: *.megaISP.com Instead use just the two sub-domains I listed here (and perhaps a few others you may find through trial and error).

If you trust at that level, then you are trusting every single customer of megaISP.com and their private webpages, (if you ever actually go to any of them). That could be very bad. Regardless of any TOS or AUP at the ISP, bad pages could be up for some time prior to being caught and removed. You could hit many forms of malicious pages that way.

However, the concept mentioned here does not really apply in the same way to most private sites (commercial vendor sites, online forums, and so on). I don't know of any vendor support sites, online forums, or for that matter shopping sites, online banks or any other similar serious sites that give out webpage publishing rights to their users for putting pages up at sub-domains. If they do then move quickly and quietly away from such sites.

For this site, if you are are using some form of trusted site mechanism, you may need to to add both www.wilderssecurity.com and wilderssecurity.com to the allowed list. Those are actually different. For myself, as you can imagine, I trust what's at this domain, so I just use *.wilderssecurity.com but that is not necessary for people using this forum.