mobieus — Profile

mobieus profile picture

Patrick Bass

@mobieus 🚀
Super Admin 0
Message
Trade feedback Collections RSS feed
1 friends 0 followers 1 following joined May 2026

I built Mobius.io because I got tired of seeing great communities held back by clunky tech. Whether it's hobbyists finding their people, fans connecting over shared passions, or professionals building networks, the platform takes care of the technical stuff so you can actually focus on conversations that matter. I'm convinced community building shouldn't require a computer science degree, and I'm working to make that real.

Fort Smith, Arkansas, United States
Reply on "RSS feed-URL Copy button silently fails with no fallback or toast when clipboard API is unavailable"
Resolved — fixed and deployed. Commit ea9f0311e960, shipped dev-first then to all tenants on 2026-06-06.Removed the inline onclick from #copyRssBtn and moved copy logic into a nonce'd block (inside th…
in Bug Reports · score 0 · Jun 7, 2026
Reply on "Notifications detail modal uses inline onclick handlers instead of the standard listener pattern"
Resolved — fixed and deployed. Commit ea9f0311e960, shipped dev-first then to all tenants on 2026-06-06.Removed the three inline onclick handlers on /notifications (the #notifModal overlay backdrop an…
in Bug Reports · score 0 · Jun 7, 2026
Reply on "Served app.min.js is stale relative to app.js — minified bundle still contains native alert() removed by the a11y sweep"
Resolved — fixed and deployed. Commit 059d6bf29b6f, shipped dev-first then to all tenants on 2026-06-06.Served bundle /home/patrick/mobieus-io/platform/public/js/app.min.js was stale (May 22, 186861 b…
in Bug Reports · score 0 · Jun 7, 2026
Reply on "Missing CSRF protection on all SCORM runtime state-changing POSTs"
Resolved — fixed and deployed. Commit 059d6bf29b6f, shipped dev-first then to all tenants on 2026-06-06.Added $this->validateCsrf() to all six state-mutating SCORM runtime POST handlers: start(), next…
in Bug Reports · score 0 · Jun 7, 2026
Reply on "cmi5 launch does not verify learner enrollment/entitlement before minting a session"
Resolved — fixed and deployed. Commit 059d6bf29b6f, shipped dev-first then to all tenants on 2026-06-06.Added an entitlement gate to LearnCmi5RuntimeController::start() mirroring PlayerController::res…
in Bug Reports · score 0 · Jun 7, 2026
Reply on "LTI login forwards attacker-controlled target_link_uri as OIDC redirect_uri without validating it against the registered tool URLs"
Resolved — fixed and deployed. Commit 059d6bf29b6f, shipped dev-first then to all tenants on 2026-06-06.Added isAllowedTargetLinkUri() guard called in login() before building the OIDC auth request. Th…
in Bug Reports · score 0 · Jun 7, 2026
Reply on "SCORM player toolbar references FontAwesome icon but the standalone wrapper never loads FontAwesome (Law 1)"
Resolved — fixed and deployed. Commit 059d6bf29b6f, shipped dev-first then to all tenants on 2026-06-06.Replaced the FontAwesome Exit icon with a Unicode arrow '← Exit' in the SCORM wrapper bar. This …
in Bug Reports · score 0 · Jun 7, 2026
Reply on "Course form uses fixed 2- and 3-column grids with no mobile stacking (Law 5)"
Resolved — fixed and deployed. Commit 059d6bf29b6f, shipped dev-first then to all tenants on 2026-06-06.Made both form grids responsive in _form.php: converted the Language/Estimated-minutes 2-col gri…
in Bug Reports · score 0 · Jun 7, 2026
Reply on "Open redirect: AdminAchievementController redirects to unvalidated $_POST['return_to']"
Resolved — fixed and deployed. Commit 059d6bf29b6f, shipped dev-first then to all tenants on 2026-06-06.Wrapped all 7 return_to redirects in grant(), revoke(), and the update/grant flow with \App\Serv…
in Bug Reports · score 0 · Jun 7, 2026
Reply on "Stored XSS via javascript: URL in project BOM supplier_url (no scheme validation on write)"
Resolved — fixed and deployed. Commit 059d6bf29b6f, shipped dev-first then to all tenants on 2026-06-06.In addBomItem() the user-supplied supplier_url was stored raw (trim ?: null). Added the same val…
in Bug Reports · score 0 · Jun 7, 2026
Reply on "State-changing GET spends user credits without CSRF protection (terminal games)"
Resolved — fixed and deployed. Commit 059d6bf29b6f, shipped dev-first then to all tenants on 2026-06-06.Removed the credit-spend and game-session creation from the three GET handlers (guessTheByte/tri…
in Bug Reports · score 0 · Jun 7, 2026
Reply on "Retro-game card placeholder uses a theme-blind hardcoded #2a2a4a background"
Resolved — fixed and deployed. Commit 059d6bf29b6f, shipped dev-first then to all tenants on 2026-06-06.Swapped the placeholder card's hardcoded background:#2a2a4a for var(--color-bg-elevated) and cha…
in Bug Reports · score 0 · Jun 7, 2026
Reply on "State-changing email confirmation performed over GET with no CSRF token (CourseCatalog/Verification confirm-email)"
Resolved — fixed and deployed. Commit 059d6bf29b6f, shipped dev-first then to all tenants on 2026-06-06.Hardened GET /account/verified/confirm-email (confirmEmail). Added a redactToken() helper and ap…
in Bug Reports · score 0 · Jun 7, 2026
Reply on "Unscoped global `.card:hover { ... !important }` leaked from the courses catalog page"
Resolved — fixed and deployed. Commit 059d6bf29b6f, shipped dev-first then to all tenants on 2026-06-06.Added dedicated `.course-card` class to the catalog card div and rescoped the inline hover rule …
in Bug Reports · score 0 · Jun 7, 2026
Reply on "Hardcoded #ef4444 text/border on enrol error box bypasses semantic danger token"
Resolved — fixed and deployed. Commit 059d6bf29b6f, shipped dev-first then to all tenants on 2026-06-06.Replaced both hardcoded #ef4444 occurrences in the #enrol-error alert (the 1px solid border colo…
in Bug Reports · score 0 · Jun 7, 2026
Reply on "mv-price-unit uses --color-text-muted (#888 in light) on the dark mobieusVerified banner"
Resolved — fixed and deployed. Commit 059d6bf29b6f, shipped dev-first then to all tenants on 2026-06-06.Changed .mv-price-unit color from var(--color-text-muted) to fixed rgba(255,255,255,0.6) so the …
in Bug Reports · score 0 · Jun 7, 2026
Reply on "mobieusAI Q&A drawer source pill hardcodes blue text (#1d4ed8) that fails on dark themes"
Resolved — fixed and deployed. Commit 059d6bf29b6f, shipped dev-first then to all tenants on 2026-06-06.Changed .meta-pill color from hardcoded #1d4ed8 to var(--color-accent,#5f86ff) on line 88 of mob…
in Bug Reports · score 0 · Jun 7, 2026
Reply on "/admin/ai hardcodes dark status colors (#b91c1c / #15803d / #b45309) that fail on c64 + other themes"
Resolved — fixed and deployed. Commit 059d6bf29b6f, shipped dev-first then to all tenants on 2026-06-06.Replaced hardcoded status hex with semantic tokens: .ai-pill--ok/warn/err/muted and .ai-badge--o…
in Bug Reports · score 0 · Jun 7, 2026
Reply on "Open redirect: AdminAchievementController redirects to raw $_POST['return_to'] without the safe-path allowlist used by sibling controllers"
Resolved — fixed and deployed. Commit 059d6bf29b6f, shipped dev-first then to all tenants on 2026-06-06.Same fix as 367 (overlapping surface): each $this->redirect($_POST['return_to'] ?? '/admin/achie…
in Bug Reports · score 0 · Jun 7, 2026
Reply on "Learn path add-item form uses a fixed 5-column px grid with no mobile breakpoint"
Resolved — fixed and deployed. Commit 059d6bf29b6f, shipped dev-first then to all tenants on 2026-06-06.Converted the two fixed multi-column grids in edit.php (Title/Slug metadata grid `1fr 1fr` and t…
in Bug Reports · score 0 · Jun 7, 2026

Achievements (18)

🔔 Tuned In
📨 Conversation
🏗️ Topic Machine
🗣️ Discussion Driver
📜 Five Hundred
📋 Fifty Posts
🪪 Identity Established
🔖 First Bookmark
👍 First Vote
💯 Centurion
💬 Conversationalist
📝 Ten Posts
😀 First Reaction
🧵 Thread Starter
✍️ First Post
🖼️ Picture Perfect
✉️ Sent a Message
🤝 Made a Friend
Share Profile (QR Code)
Profile QR Code

Scan to visit this profile

Recent Activity

🏆 Earned "Tuned In" — Jun 15, 2026
🏆 Earned "Conversation" — Jun 15, 2026
🏆 Earned "Topic Machine" — Jun 15, 2026
🏆 Earned "Discussion Driver" — Jun 15, 2026
🏆 Earned "Five Hundred" — Jun 15, 2026
📝 Started thread "[Fixed] Hardened outbound notification delivery (Slack and Teams)" in Bug Reports — Jun 15, 2026
📝 Started thread "[Fixed] Marketplace listing fee can no longer be reused for multiple listings" in Bug Reports — Jun 15, 2026
📝 Started thread "[Fixed] Forum file downloads now fully respect forum membership" in Bug Reports — Jun 15, 2026
📝 Started thread "[Fixed] Notification grouping now counts correctly" in Bug Reports — Jun 15, 2026
📝 Started thread "[Fixed] Help desk round-robin assignment no longer skips agents" in Bug Reports — Jun 15, 2026
📝 Started thread "[Fixed] Course checkout now asks you to sign in before paying" in Bug Reports — Jun 15, 2026
📝 Started thread "[Fixed] Web push notifications and moderator modmail digests now send" in Bug Reports — Jun 15, 2026
📝 Started thread "[Fixed] Paid forum subscriptions now renew and expire on schedule" in Bug Reports — Jun 15, 2026
📝 Started thread "What does Mobieus mean?" in General Discussions — Jun 12, 2026
📝 Started thread "[Enhancement] Files/photos (re-run): Bulk file upload accepts .zip but never extracts it" in Feature Requests — Jun 6, 2026