mobieus — Profile

mobieus profile picture

Patrick Bass

@mobieus 🚀
Super Admin 0
Message
Trade feedback Collections RSS feed
1 friends 0 followers 1 following joined May 2026

I built Mobius.io because I got tired of seeing great communities held back by clunky tech. Whether it's hobbyists finding their people, fans connecting over shared passions, or professionals building networks, the platform takes care of the technical stuff so you can actually focus on conversations that matter. I'm convinced community building shouldn't require a computer science degree, and I'm working to make that real.

Fort Smith, Arkansas, United States
Reply on "Hardcoded dark error/status text in inline styles across learn admin — unreadable on default dark theme"
Resolved — fixed and deployed. Commit dd336ac47616, shipped dev-first then to all tenants on 2026-06-06.Replaced all three hardcoded inline dark colors in /home/patrick/mobieus-io/platform/templates/l…
in Bug Reports · score 0 · Jun 7, 2026
Reply on "mobieusGate write_gated mode is a no-op — paywall never blocks any write"
Resolved — fixed and deployed. Commit dd336ac47616, shipped dev-first then to all tenants on 2026-06-06.write_gated surfaces no longer just set $_REQUEST['_gate_write_blocked'] (which nothing consumed…
in Bug Reports · score 0 · Jun 7, 2026
Reply on "Gate paywall (middleware path) emits an empty CSRF token from a mis-keyed session read, breaking checkout"
Resolved — fixed and deployed. Commit dd336ac47616, shipped dev-first then to all tenants on 2026-06-06.renderPaywall() was reading the wrong session key ($_SESSION['_csrf_token'], which is never popu…
in Bug Reports · score 0 · Jun 7, 2026
Reply on "Moderation/content-filter AI endpoints are role-gated but NOT feature-flag-gated — direct POST runs paid AI on tenants with the feature OFF"
Resolved — fixed and deployed. Commit dd336ac47616, shipped dev-first then to all tenants on 2026-06-06.Added a requireFeature() helper that returns JSON {ok:false,error:'feature_disabled'} with HTTP …
in Bug Reports · score 0 · Jun 7, 2026
Reply on "iptables viewer exposes host file paths, internal cron/script names, and audit codes to tenant admins (role 4)"
Resolved — fixed and deployed. Commit dd336ac47616, shipped dev-first then to all tenants on 2026-06-06.Removed the entire 'Operations reference' section (section-head + .ipt-ops ) from /home/patrick/…
in Bug Reports · score 0 · Jun 7, 2026
Reply on "Stored XSS in mobieusGate paywall body — strip_tags allowlist preserves event-handler attributes and javascript: URIs"
Resolved — fixed and deployed. Commit dd336ac47616, shipped dev-first then to all tenants on 2026-06-06.savePaywallContent() now sanitizes paywall_body via App\Services\MarkdownService::purifyLongForm…
in Bug Reports · score 0 · Jun 7, 2026
Reply on "Environment editor tells tenant super-admin to run `sudo systemctl reload php8.3-fpm` and leaks .env file mechanics in flash messages"
Resolved — fixed and deployed. Commit dd336ac47616, shipped dev-first then to all tenants on 2026-06-06.In updateEnv() (the /admin/config Environment/System tab handler): replaced the mechanic-leaking…
in Bug Reports · score 0 · Jun 7, 2026
Reply on "Marketplace 'Bans' tab is unreachable — controller whitelist omits 'bans' so the tab never activates and ban/unban redirects land on the wrong tab"
Resolved — fixed and deployed. Commit dd336ac47616, shipped dev-first then to all tenants on 2026-06-06.Added 'bans' to the tab whitelist on line 61 of AdminMarketplaceController.php. banUser() and un…
in Bug Reports · score 0 · Jun 7, 2026
Reply on "Information disclosure: /tag/{slug} leaks thread titles + forum names from hidden / private / paid forums to anonymous visitors"
Resolved — fixed and deployed. Commit dd336ac47616, shipped dev-first then to all tenants on 2026-06-06.Added forum-visibility filtering to Tag::recentThreads. New backward-compatible params $viewerId…
in Bug Reports · score 0 · Jun 7, 2026
Reply on "Banned window.confirm() shipped in friend-requests + blocked pages (duplicates the themed data-confirm modal)"
Resolved — fixed and deployed. Commit dd336ac47616, shipped dev-first then to all tenants on 2026-06-06.Deleted the inline block (lines 146-153) that used the banned native window.confirm() on form[da…
in Bug Reports · score 0 · Jun 7, 2026
Reply on "Literal triple-apostrophe typo "they'''re yours" renders on the post-payment credit success page"
Resolved — fixed and deployed. Commit dd336ac47616, shipped dev-first then to all tenants on 2026-06-06.Fixed the malformed apostrophe typo `they'''re` -> `they're` on both lines 18 and 22 of credits-…
in Bug Reports · score 0 · Jun 7, 2026
Reply on "togglePin lets a user pin any thread by ID with no ownership/visibility check — leaks restricted thread titles + working links on a public profile (IDOR / broken access control)"
Resolved — fixed and deployed. Commit dd336ac47616, shipped dev-first then to all tenants on 2026-06-06.Hardened ProfileController::togglePin so a thread can only be pinned if the current user owns it…
in Bug Reports · score 0 · Jun 7, 2026
Reply on "Customer-facing know articles expose internal author name 'Patrick Bass' as the editor byline"
Resolved — fixed and deployed. Commit dd336ac47616, shipped dev-first then to all tenants on 2026-06-06.Fixed the wiki-wide real-name leak on public /know/* pages. The contributors query in show() no …
in Bug Reports · score 0 · Jun 7, 2026
Reply on "Trade-feedback reputation poisoning: seller can forge a sale + negative feedback against any user via markSold buyer_username"
Resolved — fixed and deployed. Commit e23a8fec596a, shipped dev-first then to all tenants on 2026-06-06.Verified the seller cannot bind an arbitrary buyer: markSold() (lines 836-884) forces $buyerId=n…
in Bug Reports · score 0 · Jun 7, 2026
Reply on "Reject-upload flow uses native prompt() for the rejection reason (banned dialog)"
Resolved — fixed and deployed. Commit e23a8fec596a, shipped dev-first then to all tenants on 2026-06-06.Removed the inline onsubmit=prompt() handler on the Reject form and wired the Reject button to A…
in Bug Reports · score 0 · Jun 7, 2026
Reply on "Pending photo-tags review uses native confirm() and alert() (banned dialogs)"
Resolved — fixed and deployed. Commit e23a8fec596a, shipped dev-first then to all tenants on 2026-06-06.Replaced native confirm() on the Reject button with App.modal.confirm('Reject tag', ...) wrappin…
in Bug Reports · score 0 · Jun 7, 2026
Reply on "Photo album delete/share/tag flows use native confirm() and alert() (banned dialogs)"
Resolved — fixed and deployed. Commit e23a8fec596a, shipped dev-first then to all tenants on 2026-06-06.Replaced both native confirm() delete calls (tile delete + lightbox delete) with App.modal.confi…
in Bug Reports · score 0 · Jun 7, 2026
Reply on "API know:write key can approve/reject/delete/edit any wiki content, bypassing the moderator trust model"
Resolved — fixed and deployed. Commit e23a8fec596a, shipped dev-first then to all tenants on 2026-06-06.Added requireKnowModerator() gate (role>=4 or KnowledgeTrust::isModerator) to revisionsApprove/r…
in Bug Reports · score 0 · Jun 7, 2026
Reply on "Broken access control: LearnAdmin read surfaces (enrollment PII, audit log, analytics) gate only on tenant plan, not Learn capability — any role≥3 user can read them"
Resolved — fixed and deployed. Commit e23a8fec596a, shipped dev-first then to all tenants on 2026-06-06.Replaced gatePlan() and all inline ALLOWED_PLANS plan-gate checks in LearnAdminController with L…
in Bug Reports · score 0 · Jun 7, 2026
Reply on "Native confirm() dialog on path-item delete (Law: native dialogs BANNED)"
Resolved — fixed and deployed. Commit e23a8fec596a, shipped dev-first then to all tenants on 2026-06-06.The path-item delete form (lines 153-159) already carries data-confirm="Remove this item from th…
in Bug Reports · score 0 · Jun 7, 2026

Achievements (18)

🔔 Tuned In
📨 Conversation
🏗️ Topic Machine
🗣️ Discussion Driver
📜 Five Hundred
📋 Fifty Posts
🪪 Identity Established
🔖 First Bookmark
👍 First Vote
💯 Centurion
💬 Conversationalist
📝 Ten Posts
😀 First Reaction
🧵 Thread Starter
✍️ First Post
🖼️ Picture Perfect
✉️ Sent a Message
🤝 Made a Friend
Share Profile (QR Code)
Profile QR Code

Scan to visit this profile

Recent Activity

🏆 Earned "Tuned In" — Jun 15, 2026
🏆 Earned "Conversation" — Jun 15, 2026
🏆 Earned "Topic Machine" — Jun 15, 2026
🏆 Earned "Discussion Driver" — Jun 15, 2026
🏆 Earned "Five Hundred" — Jun 15, 2026
📝 Started thread "[Fixed] Hardened outbound notification delivery (Slack and Teams)" in Bug Reports — Jun 15, 2026
📝 Started thread "[Fixed] Marketplace listing fee can no longer be reused for multiple listings" in Bug Reports — Jun 15, 2026
📝 Started thread "[Fixed] Forum file downloads now fully respect forum membership" in Bug Reports — Jun 15, 2026
📝 Started thread "[Fixed] Notification grouping now counts correctly" in Bug Reports — Jun 15, 2026
📝 Started thread "[Fixed] Help desk round-robin assignment no longer skips agents" in Bug Reports — Jun 15, 2026
📝 Started thread "[Fixed] Course checkout now asks you to sign in before paying" in Bug Reports — Jun 15, 2026
📝 Started thread "[Fixed] Web push notifications and moderator modmail digests now send" in Bug Reports — Jun 15, 2026
📝 Started thread "[Fixed] Paid forum subscriptions now renew and expire on schedule" in Bug Reports — Jun 15, 2026
📝 Started thread "What does Mobieus mean?" in General Discussions — Jun 12, 2026
📝 Started thread "[Enhancement] Files/photos (re-run): Bulk file upload accepts .zip but never extracts it" in Feature Requests — Jun 6, 2026