From dirk at haun-online.de Sun Feb 1 08:25:19 2004 From: dirk at haun-online.de (Dirk Haun) Date: Sun, 1 Feb 2004 14:25:19 +0100 Subject: [geeklog-devel] Group Admin revisited In-Reply-To: <001b01c3e45e$f5135710$640a10ac@XPBL2> References: <001b01c3e45e$f5135710$640a10ac@XPBL2> Message-ID: <20040201132519.6026@smtp.haun-online.de> Just checking if I'm on the right track here ... So say we're restricting Group Admin such that he can only assign users to groups of which he himself is a member. But he can still create new groups. Obviously, he needs to be assigned to these new groups automatically or he won't be able to assign anyone else to that group. Correct? Also, the permissions that can be used for a new group need to be restricted such that they only list permissions that the Group Admin already has (through his membership in other groups). Correct? As I said - just checking. I'm not going to implement this just yet (and if anyone else wants to do it, feel free to do so ...). bye, Dirk -- http://www.haun-online.de/ http://www.haun.info/ From dirk at haun-online.de Sun Feb 1 12:26:11 2004 From: dirk at haun-online.de (Dirk Haun) Date: Sun, 1 Feb 2004 18:26:11 +0100 Subject: [geeklog-devel] "Default entries are displayed in bold" In-Reply-To: <20040126220802.9220@smtp.haun-online.de> References: <20040126220802.9220@smtp.haun-online.de> Message-ID: <20040201172611.30452@smtp.haun-online.de> I wrote: >And while reviewing the code, I keep finding little oddities and bugs Like this one ... In your preferences, you have the section entitled "News box Configuration" where you can deselect blocks if you don't want to see them. The comment above the list of blocks to select reads Default entries are displayed in bold. So why is the "Resources" block listed in bold on geeklog.net? Or the "Need Help?" block? Well, it's because in usersettings.php we have this: $preferences->set_var ('boxes_checklist', COM_checkList ($_TABLES['blocks'], 'bid,title,blockorder', $whereblock, $selectedblocks)); And in COM_checkList, we have this: if( $A[2] < 10 && $A[2] > 0 ) { $retval .= '>' . stripslashes( $A[1] ) . '
' . LB; } else { $retval .= '>' . stripslashes( $A[1] ) . '
' . LB; } Translation: If the blockorder is lower than 10, then display the block title in bold. Ouch. I've also noticed that COM_checkList does a if( $table == 'topics' which won't match on most sites, as the table will be called 'gl_topics' almost everywhere else (exept on geeklog.net). I'm not even sure what it's used for ... Oh well. Just wanted to share my surprise of the day ... bye, Dirk -- http://www.haun-online.de/ http://mypod.de/ From geeklog at langfamily.ca Sun Feb 1 12:46:31 2004 From: geeklog at langfamily.ca (Blaine Lang) Date: Sun, 1 Feb 2004 12:46:31 -0500 Subject: [geeklog-devel] Group Admin revisited References: <001b01c3e45e$f5135710$640a10ac@XPBL2> <20040201132519.6026@smtp.haun-online.de> Message-ID: <002501c3e8eb$53a5cfc0$650a10ac@XPBL2> Dirk, I think that makes sense. I wonder if the changes to support this will be restricted to the group admin script or cascade into other security replated functions. I hope not but as you know - sometimes these kind of changes unveil existing bugs. Blaine ----- Original Message ----- From: "Dirk Haun" To: Sent: Sunday, February 01, 2004 8:25 AM Subject: Re: [geeklog-devel] Group Admin revisited > Just checking if I'm on the right track here ... > > So say we're restricting Group Admin such that he can only assign users > to groups of which he himself is a member. > > But he can still create new groups. Obviously, he needs to be assigned to > these new groups automatically or he won't be able to assign anyone else > to that group. Correct? > > Also, the permissions that can be used for a new group need to be > restricted such that they only list permissions that the Group Admin > already has (through his membership in other groups). Correct? > > As I said - just checking. I'm not going to implement this just yet (and > if anyone else wants to do it, feel free to do so ...). > > bye, Dirk > > > -- > http://www.haun-online.de/ > http://www.haun.info/ > > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://lists.geeklog.net/listinfo/geeklog-devel > From vmf at abtech.org Sun Feb 1 13:25:32 2004 From: vmf at abtech.org (Vincent Furia) Date: Sun, 01 Feb 2004 13:25:32 -0500 Subject: [geeklog-devel] Group Admin revisited In-Reply-To: <20040201132519.6026@smtp.haun-online.de> References: <001b01c3e45e$f5135710$640a10ac@XPBL2> <20040201132519.6026@smtp.haun-online.de> Message-ID: <401D449C.8060207@abtech.org> Here is an off the wall idea. It will require quite a bit of rework, but it may make group administration a bit more intuitive... Why not add the idea of "ownership" to groups. So that a group has an owner (user id), a group owner, membership access and anonymous access (like what is used for story access). Root, the owner or a member of the "group owner" group can all add or remove users from that group. The membership access and anonymous access can probably be ignored, unless someone can think of a good usage for them. (Perhaps only Root can adjust these "owner" settings, and a check in membership access or anonymous access can say whether membership group or the anonymous group are allowed to be assigned to this group?) Just an idea, seems this way would be more intuitive and easier to control the power of any group admins. -Vinny Dirk Haun wrote: >Just checking if I'm on the right track here ... > >So say we're restricting Group Admin such that he can only assign users >to groups of which he himself is a member. > >But he can still create new groups. Obviously, he needs to be assigned to >these new groups automatically or he won't be able to assign anyone else >to that group. Correct? > >Also, the permissions that can be used for a new group need to be >restricted such that they only list permissions that the Group Admin >already has (through his membership in other groups). Correct? > >As I said - just checking. I'm not going to implement this just yet (and >if anyone else wants to do it, feel free to do so ...). > >bye, Dirk > > > > From geeklog at langfamily.ca Sun Feb 1 13:38:30 2004 From: geeklog at langfamily.ca (Blaine Lang) Date: Sun, 1 Feb 2004 13:38:30 -0500 Subject: [geeklog-devel] SR4 Bug -- err so it would appear Message-ID: <003a01c3e8f2$96914ba0$650a10ac@XPBL2> The recent posts about Plugin (forum) extra settings not being saved or over-writting other users. I was looking into it this today and noticed that the UID field in the Edit form -> Account Information is being set to a encrypted 16 char field. To be specific $reqid. Line 156 of usersettings.php $preferences->set_var ('uid_value', $reqid); I believe this is a typo and not some secuity change. This triggers all sorts of problems that are looking for the UID in the POST_VARS from this form. Blaine -------------- next part -------------- An HTML attachment was scrubbed... URL: From dirk at haun-online.de Sun Feb 1 18:14:17 2004 From: dirk at haun-online.de (Dirk Haun) Date: Mon, 2 Feb 2004 00:14:17 +0100 Subject: [geeklog-devel] SR4 Bug -- err so it would appear In-Reply-To: <003a01c3e8f2$96914ba0$650a10ac@XPBL2> References: <003a01c3e8f2$96914ba0$650a10ac@XPBL2> Message-ID: <20040201231417.11784@smtp.haun-online.de> Blaine, >Line 156 of usersettings.php > $preferences->set_var ('uid_value', $reqid); > >I believe this is a typo and not some secuity change. No, this was a deliberate change. To quote myself (from geeklog-security): >I've re-used the hidden "uid" field in the form, so there's no need to >update the templates. The field wasn't used anyway as the value can't be >trusted. You could simply use $_USER['uid'], which has the added advantage that it can't be manipulated. bye, Dirk -- http://www.haun-online.de/ http://www.macosx-faq.de/ From tony at tonybibbs.com Mon Feb 2 10:05:58 2004 From: tony at tonybibbs.com (Tony Bibbs) Date: Mon, 02 Feb 2004 09:05:58 -0600 Subject: [geeklog-devel] Server changes coming... In-Reply-To: <20040130190756.19124@smtp.haun-online.de> References: <40186BA6.4090503@tonybibbs.com> <20040130190756.19124@smtp.haun-online.de> Message-ID: <401E6756.5090701@tonybibbs.com> Don't worry about it. I am pretty sure the server geeklog.net runs on isn't RAID5'd and not having RAID on the box with our CVS bothers me a bit. I have the temporary server setup...it is a dual pentium pro 200 with 256MB of ram and two 9GB SCSI drives (no raid of any kind). All the software is installed on it and I have already begun moving stuff over (starting with my personal stuff). I will save the move of project.geeklog.net and CVS until last but I'm hoping to have moved everything by the end of this week. I won't move CVS until I have a version of it working on the new server via ssh and anonymous pserver (sigh). After things are moved to the temporary server I'll then begin rebuilding the current server to get it ready for the colo. That won't happen for a couple of weeks and we'll have to repeat this process again. It's a pain, I know but I'm sure we can do all this with little to no downtime. --Tony Dirk Haun wrote: > Tony, > > >>In doing this I think >>we should at least consider if we don't want to move CVS and the project >>site to Pair. I only mention this because we have a dedicated server >>for www.geeklog.net and it seems to make sense to have it all on one >>server (until the MySQL instance dies). Any thoughts? > > > Err, can we even do this? For one, we don't have root access on that > server and the project site would need postgres installed to run. Similar > issues with CVS. > > > >>Also, if we decide to leave things as they are I will have to move CVS >>and the project site to a temporary server > > > Any idea for how long? > > bye, Dirk > > From dirk at haun-online.de Tue Feb 3 13:04:05 2004 From: dirk at haun-online.de (Dirk Haun) Date: Tue, 3 Feb 2004 19:04:05 +0100 Subject: [geeklog-devel] Search Engine Friendly URLs for Stories In-Reply-To: <401BD188.90707@abtech.org> References: <401BD188.90707@abtech.org> Message-ID: <20040203180405.23112@smtp.haun-online.de> It works! :-) 64.68.82.38 - - [02/Feb/2004:04:37:51 +0100] "GET /article.php/ 20040126211219933 HTTP/1.0" 200 16008 "-" "Googlebot/2.1 (+http:// www.googlebot.com/bot.html)" 64.68.82.7 - - [02/Feb/2004:04:37:52 +0100] "GET /article.php/ 20031221195551350 HTTP/1.0" 200 14461 "-" "Googlebot/2.1 (+http:// www.googlebot.com/bot.html)" These are from the geeklog.info logfiles. AFAICS, this is the first time that GoogleBot actually touched article.php on that site. I helped things a bit by making the story title a link to the article page in the default theme (Simple Orange): {story_title} Where the CSS takes away the underlining for the link. Excellent. Thanks again, Vinny. bye, Dirk -- http://www.haun-online.de/ http://geeklog.info/ From dirk at haun-online.de Thu Feb 5 14:44:43 2004 From: dirk at haun-online.de (Dirk Haun) Date: Thu, 5 Feb 2004 20:44:43 +0100 Subject: [geeklog-devel] Script to update foreign language files Message-ID: <20040205194443.13749@smtp.haun-online.de> I've just posted a note over at geeklog-translations announcing the availability of a script that can update (foreign) language files. It merges any new strings that have been added to english.php into the other language file. http://www.geeklog.net/filemgmt/singlefile.php?lid=290 Just posting this here in case you come across someone looking for something like this ... bye, Dirk -- http://www.haun-online.de/ http://www.tinyweb.de/ From tony at tonybibbs.com Thu Feb 5 20:01:33 2004 From: tony at tonybibbs.com (Tony Bibbs) Date: Thu, 05 Feb 2004 19:01:33 -0600 Subject: [geeklog-devel] Notice, anonymous CVS, mailing lists and project.geeklog.net will be unavailable for a short period Message-ID: <4022E76D.2000207@tonybibbs.com> I am busy moving our CVS repository, to do this the anonymous CVS access will be down temporarily. The server is due to go down here anytime in the next 24hrs and should be back up by Sunday evening sometime. The reason for the move is our current server is being moved to a higher speed ISP and before the move the current server will be rebuilt. To do this CVS must be moved to another, lesser server for a little while. For the same reasons, the mailing lists and the geeklog project site will be down. Thanks for understanding, --Tony +-------------------+--------------------------------------------------+ |Tony Bibbs |[R]egardless of what you may think of our penal | |tony at tonybibbs.com |system, the fact is that every man in jail is one | | |less potential fisherman to clutter up your | | |favorite pool or pond. --Ed Zern | +-------------------+--------------------------------------------------+ From dirk at haun-online.de Sun Feb 8 11:34:52 2004 From: dirk at haun-online.de (Dirk Haun) Date: Sun, 8 Feb 2004 17:34:52 +0100 Subject: [geeklog-devel] 1.3.9rc1 is nearing ... Message-ID: <20040208163453.27277@smtp.haun-online.de> (hmm, I thought the mailing lists were down?) Gentlemen, I'm through with adding the parameter checking and I've changed the way the Group Admin group works (as discussed earlier). Which means that all the major points from my to-do list are done. I will be going through the list of open bugs (as far as I have them in my email database) and my notes to see what is left that should be fixed / implemented in this release. But all in all, it looks like it would be possible to do an 1.3.9rc1 release after the next weekend. So if you have anything left that you want to see in the next release, please bring it forward now (or wait for 1.3.10 ...). bye, Dirk -- http://www.haun-online.de/ http://www.haun.info/ From tony at tonybibbs.com Sun Feb 8 15:48:32 2004 From: tony at tonybibbs.com (Tony Bibbs) Date: Sun, 08 Feb 2004 14:48:32 -0600 Subject: [geeklog-devel] 1.3.9rc1 is nearing ... In-Reply-To: <20040208163453.27277@smtp.haun-online.de> References: <20040208163453.27277@smtp.haun-online.de> Message-ID: <4026A0A0.7020705@tonybibbs.com> Well, I was hoping to sneak in the spellchecking feature (disabled by default). I had it implemented into /admin/story.php and was going to do it with comments as well. As for other things links, etc. we will have to figure out an interface for them as they don't have a handy 'preview' interface I can biggy back on. Anyway, your call if it should be a .9 feature or wait until .10...just let me know. --Tony Dirk Haun wrote: > (hmm, I thought the mailing lists were down?) > > Gentlemen, > > I'm through with adding the parameter checking and I've changed the way > the Group Admin group works (as discussed earlier). Which means that all > the major points from my to-do list are done. > > I will be going through the list of open bugs (as far as I have them in > my email database) and my notes to see what is left that should be fixed > / implemented in this release. > > But all in all, it looks like it would be possible to do an 1.3.9rc1 > release after the next weekend. So if you have anything left that you > want to see in the next release, please bring it forward now (or wait for > 1.3.10 ...). > > bye, Dirk > > -- +-------------------+--------------------------------------------------+ |Tony Bibbs |[R]egardless of what you may think of our penal | |tony at tonybibbs.com |system, the fact is that every man in jail is one | | |less potential fisherman to clutter up your | | |favorite pool or pond. --Ed Zern | +-------------------+--------------------------------------------------+ From jens at peino.de Mon Feb 9 07:53:37 2004 From: jens at peino.de (Jens A. Tkotz) Date: Mon, 9 Feb 2004 13:53:37 +0100 Subject: [geeklog-devel] (no subject) Message-ID: <20040209135337.0hxpys8ssk00scww@horde.peino.de> Hello Geeklog Developers, my Name is Jens Tkotz (aka Tim_j) and a Member of Gallery Developer Team. Today a user came in our irc Channel and reported something Gallery <-> Geeklog integration. So i visited your site and see that there is an existing Modification. What about integrating your code for integration into official Gallery Code ? I recently have done the phpBB2 integration and would be happy to do it for geeklog too. Please let me/us know if you are interested. Regards, Jens -- _____________________________ Ich sag mal ... Charisma From geeklog at langfamily.ca Mon Feb 9 14:53:51 2004 From: geeklog at langfamily.ca (Blaine Lang) Date: Mon, 9 Feb 2004 14:53:51 -0500 Subject: [geeklog-devel] 1.3.9rc1 is nearing ... References: <20040208163453.27277@smtp.haun-online.de> Message-ID: <048b01c3ef46$710f6790$650a10ac@XPBL2> I have a feature that I have been asked to add for a client and will be working on this week. I'd like to see this added to Geeklog as well and should have it ready in a few days. The client wants to be able to auto-archive stories. - Admin can set archive date - stories moved to a "archive" topic that may be hidden or restricted - option to auto delete or archive - different template used when displaying archived stories. Are there any concerns about adding this to CVS when comleted? Do you see any problems or additional features that should be considered? Blaine ----- Original Message ----- From: "Dirk Haun" To: "Geeklog" Sent: Sunday, February 08, 2004 11:34 AM Subject: [geeklog-devel] 1.3.9rc1 is nearing ... > (hmm, I thought the mailing lists were down?) > > Gentlemen, > > I'm through with adding the parameter checking and I've changed the way > the Group Admin group works (as discussed earlier). Which means that all > the major points from my to-do list are done. > > I will be going through the list of open bugs (as far as I have them in > my email database) and my notes to see what is left that should be fixed > / implemented in this release. > > But all in all, it looks like it would be possible to do an 1.3.9rc1 > release after the next weekend. So if you have anything left that you > want to see in the next release, please bring it forward now (or wait for > 1.3.10 ...). > > bye, Dirk > > > -- > http://www.haun-online.de/ > http://www.haun.info/ > > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://lists.geeklog.net/listinfo/geeklog-devel > From vmf at abtech.org Mon Feb 9 14:57:24 2004 From: vmf at abtech.org (Vincent Furia) Date: Mon, 09 Feb 2004 14:57:24 -0500 Subject: [geeklog-devel] 1.3.9rc1 is nearing ... In-Reply-To: <048b01c3ef46$710f6790$650a10ac@XPBL2> References: <20040208163453.27277@smtp.haun-online.de> <048b01c3ef46$710f6790$650a10ac@XPBL2> Message-ID: <4027E624.6060106@abtech.org> I'd suggest not allowing users to add comments to archived stories. -Vinny Blaine Lang wrote: >I have a feature that I have been asked to add for a client and will be >working on this week. I'd like to see this added to Geeklog as well and >should have it ready in a few days. > >The client wants to be able to auto-archive stories. > - Admin can set archive date > - stories moved to a "archive" topic that may be hidden or restricted > - option to auto delete or archive > - different template used when displaying archived stories. > >Are there any concerns about adding this to CVS when comleted? >Do you see any problems or additional features that should be considered? > >Blaine >----- Original Message ----- >From: "Dirk Haun" >To: "Geeklog" >Sent: Sunday, February 08, 2004 11:34 AM >Subject: [geeklog-devel] 1.3.9rc1 is nearing ... > > > > >>(hmm, I thought the mailing lists were down?) >> >>Gentlemen, >> >>I'm through with adding the parameter checking and I've changed the way >>the Group Admin group works (as discussed earlier). Which means that all >>the major points from my to-do list are done. >> >>I will be going through the list of open bugs (as far as I have them in >>my email database) and my notes to see what is left that should be fixed >>/ implemented in this release. >> >>But all in all, it looks like it would be possible to do an 1.3.9rc1 >>release after the next weekend. So if you have anything left that you >>want to see in the next release, please bring it forward now (or wait for >>1.3.10 ...). >> >>bye, Dirk >> >> >>-- >>http://www.haun-online.de/ >>http://www.haun.info/ >> >>_______________________________________________ >>geeklog-devel mailing list >>geeklog-devel at lists.geeklog.net >>http://lists.geeklog.net/listinfo/geeklog-devel >> >> >> > >_______________________________________________ >geeklog-devel mailing list >geeklog-devel at lists.geeklog.net >http://lists.geeklog.net/listinfo/geeklog-devel > > > From dirk at haun-online.de Mon Feb 9 15:26:01 2004 From: dirk at haun-online.de (Dirk Haun) Date: Mon, 9 Feb 2004 21:26:01 +0100 Subject: [geeklog-devel] 1.3.9rc1 is nearing ... In-Reply-To: <048b01c3ef46$710f6790$650a10ac@XPBL2> References: <048b01c3ef46$710f6790$650a10ac@XPBL2> Message-ID: <20040209202601.14347@smtp.haun-online.de> Blaine, >Are there any concerns about adding this to CVS when comleted? Sounds like something that has been requested before, but it also sounds like a lot of new code. Can we hold this off until 1.3.10? Maybe we don't need another 7 months until the next release (yeah, 1.3.8 was released on July 17 2003 ...). bye, Dirk P.S. Vinny, did you see that Gallery post? -- http://www.haun-online.de/ http://www.tinyweb.de/ From vmf at abtech.org Mon Feb 9 15:32:20 2004 From: vmf at abtech.org (Vincent Furia) Date: Mon, 09 Feb 2004 15:32:20 -0500 Subject: [Fwd: Re: [geeklog-devel] (no subject)] Message-ID: <4027EE54.2040203@abtech.org> Ooops, somehow the geeklog-devel address got left off my reply post. -Vinny -------- Original Message -------- From: - Mon Feb 09 15:09:13 2004 Message-ID: <4027E8E9.2080100 at abtech.org> Date: Mon, 09 Feb 2004 15:09:13 -0500 From: Vincent Furia User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040113 X-Accept-Language: en-us, en MIME-Version: 1.0 To: jens at peino.de CC: gallery-devel at lists.sourceforge.net Subject: Re: [geeklog-devel] (no subject) References: <20040209135337.0hxpys8ssk00scww at horde.peino.de> In-Reply-To: <20040209135337.0hxpys8ssk00scww at horde.peino.de> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Jens, I am currently the primary maintainer of the Geeklog/Gallery integration. You're more than welcome to incorporate it into the official Gallery code (it would certainly save effort on my part). An "unofficial" gallery release using Gallery 1.4.1-pl1 with alterations to make it embeddable in Geeklog is avialable from: http://sourceforge.net/project/showfiles.php?group_id=68255&package_id=69388&release_id=212674 The only problem I forsee with integrating it "officially" is that the Geeklog version required a few hacks to the core Gallery files. Please keep me up to date on any progress you make or if you require testers (they should be pretty easy to recruit). -Vinny Jens A. Tkotz wrote: >Hello Geeklog Developers, > >my Name is Jens Tkotz (aka Tim_j) and a Member of Gallery Developer Team. > >Today a user came in our irc Channel and reported something Gallery <-> Geeklog >integration. >So i visited your site and see that there is an existing Modification. > >What about integrating your code for integration into official Gallery Code ? >I recently have done the phpBB2 integration and would be happy to do it for >geeklog too. > >Please let me/us know if you are interested. > >Regards, > >Jens > >-- >_____________________________ >Ich sag mal ... Charisma >_______________________________________________ >geeklog-devel mailing list >geeklog-devel at lists.geeklog.net >http://lists.geeklog.net/listinfo/geeklog-devel > > > From geeklog at langfamily.ca Mon Feb 9 15:51:25 2004 From: geeklog at langfamily.ca (Blaine Lang) Date: Mon, 9 Feb 2004 15:51:25 -0500 Subject: [geeklog-devel] 1.3.9rc1 is nearing ... References: <048b01c3ef46$710f6790$650a10ac@XPBL2> <20040209202601.14347@smtp.haun-online.de> Message-ID: <04b701c3ef4e$7bd52680$650a10ac@XPBL2> Vinny wrote: > I'd suggest not allowing users to add comments to archived stories. That makes sense - thanks :) Dirk wrote: > Sounds like something that has been requested before, but it also sounds > like a lot of new code. Can we hold this off until 1.3.10? I'm hoping it is not a lot of new code but agree it has to hook in a number of places. I'm hoping to start on this tonight and get a better sense of it. My question is really a 2 part one 1) Any concerns about adding this to GL CVS 2) If I get it done this week (may not be possible) could it be added to 1.3.9 If not - are you ok with it being added to GL 1.3.10 Blaine ----- Original Message ----- From: "Dirk Haun" To: Sent: Monday, February 09, 2004 3:26 PM Subject: Re: [geeklog-devel] 1.3.9rc1 is nearing ... > Blaine, > > >Are there any concerns about adding this to CVS when comleted? > > Sounds like something that has been requested before, but it also sounds > like a lot of new code. Can we hold this off until 1.3.10? > > Maybe we don't need another 7 months until the next release (yeah, 1.3.8 > was released on July 17 2003 ...). > > bye, Dirk > > P.S. Vinny, did you see that Gallery post? > > > -- > http://www.haun-online.de/ > http://www.tinyweb.de/ > > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://lists.geeklog.net/listinfo/geeklog-devel From dirk at haun-online.de Mon Feb 9 16:06:03 2004 From: dirk at haun-online.de (Dirk Haun) Date: Mon, 9 Feb 2004 22:06:03 +0100 Subject: [geeklog-devel] 1.3.9rc1 is nearing ... In-Reply-To: <04b701c3ef4e$7bd52680$650a10ac@XPBL2> References: <04b701c3ef4e$7bd52680$650a10ac@XPBL2> Message-ID: <20040209210603.342@smtp.haun-online.de> Blaine, >My question is really a 2 part one >1) Any concerns about adding this to GL CVS No. As I said, we've had requests for this before. >2) If I get it done this week (may not be possible) could it be added to >1.3.9 I'm just anxious to get 1.3.9 out of the door and am uncomfortable with introducing entirely new code at this stage. >If not - are you ok with it being added to GL 1.3.10 That would be fine with me. bye, Dirk -- http://www.haun-online.de/ http://mypod.de/ From slord at marelina.com Mon Feb 9 17:18:13 2004 From: slord at marelina.com (Simon Lord) Date: Mon, 9 Feb 2004 17:18:13 -0500 Subject: [geeklog-devel] 1.3.9rc1 is nearing ... In-Reply-To: <20040209210603.342@smtp.haun-online.de> References: <04b701c3ef4e$7bd52680$650a10ac@XPBL2> <20040209210603.342@smtp.haun-online.de> Message-ID: So what the h.e.double hockey sticks are we going to do with the new theme pages? Before they rot and get outdated? I'm not entirely sure how we're going to apply them. :P On Feb 9, 2004, at 4:06 PM, Dirk Haun wrote: > Blaine, > >> My question is really a 2 part one >> 1) Any concerns about adding this to GL CVS > > No. As I said, we've had requests for this before. > > >> 2) If I get it done this week (may not be possible) could it be added >> to >> 1.3.9 > > I'm just anxious to get 1.3.9 out of the door and am uncomfortable with > introducing entirely new code at this stage. > > >> If not - are you ok with it being added to GL 1.3.10 > > That would be fine with me. > > bye, Dirk > > > -- > http://www.haun-online.de/ > http://mypod.de/ > > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://lists.geeklog.net/listinfo/geeklog-devel > > Sincerely, Simon From dirk at haun-online.de Sat Feb 14 14:58:09 2004 From: dirk at haun-online.de (Dirk Haun) Date: Sat, 14 Feb 2004 20:58:09 +0100 Subject: [geeklog-devel] 1.3.9rc1 is nearing ... In-Reply-To: <20040208163453.27277@smtp.haun-online.de> References: <20040208163453.27277@smtp.haun-online.de> Message-ID: <20040214195809.15146@smtp.haun-online.de> Things are looking good for 1.3.9rc1. I'm through with my to-do list (well, the important bits from it - had to resist the temptation on a few items ;-) Since the CVS notifications aren't working, I'd like to point out two important / interesting changes I made: There is now an option to not stay logged in after your session expires. The "stay logged in for ..." option is a convenience function, but a dangerous one these days (as our special friend Jelmer has already pointed out). Should someone manage to steal your cookies, they could easily log in to your account. I hope I didn't break session handling when changing this. Further testing appreciated ... Also, I've made a last-minute extension of the plugin API so that plugins can now add their own entries to the What's New block. I've been wanting to add this for a long time, but it always seems to slip through the cracks. I've attached an implementation of the two new functions for the File Management plugin (pretty much the same code that's already behind the "New Downloads" block on geeklog.net). Just paste it into your filemgmt/ functions.inc So what's left to do? More testing, of course. Documentation updates. Running the language files through my lm.php script. And synching the German version with CVS. I'm still aiming at a release on Monday and hope to have a tarball ready for pre-release testing by tomorrow evening. I'll keep you posted ... bye, Dirk -- http://www.haun-online.de/ http://www.haun.info/ -------------- next part -------------- A non-text attachment was scrubbed... Name: filmgmt_whatsnew.php.gz Type: application/x-gzip Size: 629 bytes Desc: not available URL: From geeklog at langfamily.ca Sun Feb 15 01:33:37 2004 From: geeklog at langfamily.ca (Blaine Lang) Date: Sun, 15 Feb 2004 01:33:37 -0500 Subject: [geeklog-devel] 1.3.9rc1 is nearing ... References: <20040208163453.27277@smtp.haun-online.de> <20040214195809.15146@smtp.haun-online.de> Message-ID: <002001c3f38d$a4914cf0$650a10ac@XPBL2> Sounds good -- Any idea when CVS will be back online? * Update on Story Archive Mgmt * I have completed the modifications to support Archive Mgmt of stories and have someone else testing it now. I only needed to add one field to the story table. There already is a statuscode field that was not being used. You have 2 options now to expire a story 1) Delete upon Expiry or 2) Archive upon Expiry You need to create a topic that you will use to hold the expired topics and set it up using a new $_CONF parm: // Topic ID (tid) that Auto-Archived topics will be moved to at their expire date $_CONF['archivetopic'] = 'archive'; You would normally restrict permissions to only story.admin so these stories and topic will not be accessible. I also modified COM_article to use a new set of templates so that if you do want these stories accessible to your members, the template would indicate they are older stories. I have not added the logic to disable new comments but that should not be hard. Effected files: index.php lib-common admin/story storyeditor.thtml Cheers, Blaine ----- Original Message ----- From: "Dirk Haun" To: Sent: Saturday, February 14, 2004 2:58 PM Subject: Re: [geeklog-devel] 1.3.9rc1 is nearing ... > Things are looking good for 1.3.9rc1. > > I'm through with my to-do list (well, the important bits from it - had to > resist the temptation on a few items ;-) > > Since the CVS notifications aren't working, I'd like to point out two > important / interesting changes I made: > > There is now an option to not stay logged in after your session expires. > The "stay logged in for ..." option is a convenience function, but a > dangerous one these days (as our special friend Jelmer has already > pointed out). Should someone manage to steal your cookies, they could > easily log in to your account. > > I hope I didn't break session handling when changing this. Further > testing appreciated ... > > > Also, I've made a last-minute extension of the plugin API so that plugins > can now add their own entries to the What's New block. I've been wanting > to add this for a long time, but it always seems to slip through the cracks. > > I've attached an implementation of the two new functions for the File > Management plugin (pretty much the same code that's already behind the > "New Downloads" block on geeklog.net). Just paste it into your filemgmt/ > functions.inc > > > So what's left to do? More testing, of course. Documentation updates. > Running the language files through my lm.php script. And synching the > German version with CVS. > > I'm still aiming at a release on Monday and hope to have a tarball ready > for pre-release testing by tomorrow evening. > > I'll keep you posted ... > > bye, Dirk > > > -- > http://www.haun-online.de/ > http://www.haun.info/ From dirk at haun-online.de Sun Feb 15 04:01:15 2004 From: dirk at haun-online.de (Dirk Haun) Date: Sun, 15 Feb 2004 10:01:15 +0100 Subject: [geeklog-devel] 1.3.9rc1 is nearing ... In-Reply-To: <002001c3f38d$a4914cf0$650a10ac@XPBL2> References: <002001c3f38d$a4914cf0$650a10ac@XPBL2> Message-ID: <20040215090115.16901@smtp.haun-online.de> Blaine, >Sounds good -- Any idea when CVS will be back online? CVS _is_ online, including the web frontend. The only thing that's not working are the notification emails. bye, Dirk -- http://www.haun-online.de/ http://www.haun.info/ From dirk at haun-online.de Sun Feb 15 16:16:36 2004 From: dirk at haun-online.de (Dirk Haun) Date: Sun, 15 Feb 2004 22:16:36 +0100 Subject: [geeklog-devel] 1.3.9rc1 is nearing ... In-Reply-To: <20040214195809.15146@smtp.haun-online.de> References: <20040214195809.15146@smtp.haun-online.de> Message-ID: <20040215211636.17716@smtp.haun-online.de> Here it is then: http://www.geeklog.net/nightly/geeklog-1.3.9rc1.tar.gz If I don't hear any complaints, I'll install it on geeklog.net after work tomorrow and release it. bye, Dirk -- http://www.haun-online.de/ http://www.haun.info/ From dirk at haun-online.de Mon Feb 16 15:17:31 2004 From: dirk at haun-online.de (Dirk Haun) Date: Mon, 16 Feb 2004 21:17:31 +0100 Subject: [geeklog-devel] geeklog.net running on 1.3.9rc1 Message-ID: <20040216201731.31903@smtp.haun-online.de> Okay, I messed up things a little while upgrading geeklog.net :-( I accidentally deleted both the lib-custom.php and the forum themes. I've recovered the Shoutbox and Who's New blocks from some posts on geeklog.net and the Theme Tester block is now the one that I'm using on geeklog.info (which one did we use before?). I don't have the source for the Stats block (Blaine?). The New Downloads block won't be missed, I guess, as I installed the extension for the File Management plugin that I posted here a few days ago (using 1.3.9's extended plugin API). As for the forum themes: I downloaded the forum 2.3rc3 from portalparts.com and used the theme files from that file. Blaine, are there any differences? Time to think about doing automatic updates of our customizations, I guess ... bye, Dirk -- http://www.haun-online.de/ http://mypod.de/ From geeklog at langfamily.ca Mon Feb 16 15:48:21 2004 From: geeklog at langfamily.ca (Blaine Lang) Date: Mon, 16 Feb 2004 15:48:21 -0500 Subject: [geeklog-devel] geeklog.net running on 1.3.9rc1 References: <20040216201731.31903@smtp.haun-online.de> Message-ID: <011701c3f4ce$36fb1210$650a10ac@XPBL2> Dirk, The Forum templates from RC3 should be fine. I just updated all the themes style.css files on geeklog.net to add the forum css. I'll have to edit the colors later. I also added the code for the stats block and enabled it. Blaine ----- Original Message ----- From: "Dirk Haun" To: Sent: Monday, February 16, 2004 3:17 PM Subject: [geeklog-devel] geeklog.net running on 1.3.9rc1 > Okay, I messed up things a little while upgrading geeklog.net :-( > > I accidentally deleted both the lib-custom.php and the forum themes. > > I've recovered the Shoutbox and Who's New blocks from some posts on > geeklog.net and the Theme Tester block is now the one that I'm using on > geeklog.info (which one did we use before?). > > I don't have the source for the Stats block (Blaine?). The New Downloads > block won't be missed, I guess, as I installed the extension for the File > Management plugin that I posted here a few days ago (using 1.3.9's > extended plugin API). > > As for the forum themes: I downloaded the forum 2.3rc3 from > portalparts.com and used the theme files from that file. Blaine, are > there any differences? > > Time to think about doing automatic updates of our customizations, I guess ... > > bye, Dirk > > > -- > http://www.haun-online.de/ > http://mypod.de/ > > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://lists.geeklog.net/listinfo/geeklog-devel > From dirk at haun-online.de Mon Feb 16 17:04:23 2004 From: dirk at haun-online.de (Dirk Haun) Date: Mon, 16 Feb 2004 23:04:23 +0100 Subject: [geeklog-devel] geeklog.net running on 1.3.9rc1 In-Reply-To: <011701c3f4ce$36fb1210$650a10ac@XPBL2> References: <011701c3f4ce$36fb1210$650a10ac@XPBL2> Message-ID: <20040216220423.21286@smtp.haun-online.de> >The Forum templates from RC3 should be fine. I just updated all the themes >style.css files on geeklog.net to add the forum css. I'll have to edit the >colors later. > >I also added the code for the stats block and enabled it. Thanks, Blaine. And sorry about that ... bye, Dirk -- http://www.haun-online.de/ http://geeklog.info/ From tony at tonybibbs.com Mon Feb 16 22:33:19 2004 From: tony at tonybibbs.com (Tony Bibbs) Date: Mon, 16 Feb 2004 21:33:19 -0600 Subject: [geeklog-devel] geeklog.net running on 1.3.9rc1 In-Reply-To: <20040216220423.21286@smtp.haun-online.de> References: <011701c3f4ce$36fb1210$650a10ac@XPBL2> <20040216220423.21286@smtp.haun-online.de> Message-ID: <40318B7F.3080001@tonybibbs.com> Any chance of turning on the URL rewriting on geeklog.net? It's a feature I think that would help people find us better *and* it is one that I personally have been waiting for. Might as well show off that work. --Tony Dirk Haun wrote: >>The Forum templates from RC3 should be fine. I just updated all the themes >>style.css files on geeklog.net to add the forum css. I'll have to edit the >>colors later. >> >>I also added the code for the stats block and enabled it. > > > Thanks, Blaine. And sorry about that ... > > bye, Dirk > > From dirk at haun-online.de Tue Feb 17 17:55:31 2004 From: dirk at haun-online.de (Dirk Haun) Date: Tue, 17 Feb 2004 23:55:31 +0100 Subject: [geeklog-devel] The first 1.3.9rc1 bugs are in ... Message-ID: <20040217225532.1493@smtp.haun-online.de> 1. PATH_SEPARATOR is only defined as of PHP 4.3.0 - any older versions will have the actual text "PATH_SEPARATOR" in the path ... Affects the ini_set call for the path to PEAR in lib-common.php. Needs a workaround, something like if( defined( PATH_SEPARATOR )) { // use it } else { // try to guess it } 2. function COM_getComment() needs a $template->set_var( 'order', $order ); 3. (reported by Turias over on the contact-us list): >You probably already know this, but it appears as though threaded >comments are broken. Clicking on a non-root level comment brings up a >blank screen. Actually, I think it only happens with the very last comment in each thread. Vinny, is this (#3) something you could be looking into? bye, Dirk -- http://www.haun-online.de/ http://www.tinyweb.de/ From vmf at abtech.org Tue Feb 17 20:22:38 2004 From: vmf at abtech.org (Vincent Furia) Date: Tue, 17 Feb 2004 20:22:38 -0500 Subject: [geeklog-devel] The first 1.3.9rc1 bugs are in ... In-Reply-To: <20040217225532.1493@smtp.haun-online.de> References: <20040217225532.1493@smtp.haun-online.de> Message-ID: <4032BE5E.2080408@abtech.org> Dirk Haun wrote: >3. (reported by Turias over on the contact-us list): > > >>You probably already know this, but it appears as though threaded >>comments are broken. Clicking on a non-root level comment brings up a >>blank screen. >> >> > >Actually, I think it only happens with the very last comment in each thread. > >Vinny, is this (#3) something you could be looking into? > >bye, Dirk > > > > Ooops. Looks like a small mistake got thrown in. Change is in lib-common.php around line 2678: This line: $template->set_var( 'pid', $A['cid'] ); Should be: $template->set_var( 'pid', $A['pid'] ); -Vinny From dirk at haun-online.de Wed Feb 18 02:10:41 2004 From: dirk at haun-online.de (Dirk Haun) Date: Wed, 18 Feb 2004 08:10:41 +0100 Subject: [geeklog-devel] The first 1.3.9rc1 bugs are in ... In-Reply-To: <4032BE5E.2080408@abtech.org> References: <4032BE5E.2080408@abtech.org> Message-ID: <20040218071041.17341@smtp.haun-online.de> Vinny, >Ooops. Looks like a small mistake got thrown in. Change is in >lib-common.php around line 2678: >This line: > $template->set_var( 'pid', $A['cid'] ); >Should be: > $template->set_var( 'pid', $A['pid'] ); Applied on geeklog.net, looking good. Thanks. bye, Dirk -- http://www.haun-online.de/ http://www.haun.info/ From vmf at abtech.org Wed Feb 18 10:21:50 2004 From: vmf at abtech.org (Vincent Furia) Date: Wed, 18 Feb 2004 10:21:50 -0500 Subject: [geeklog-devel] The first 1.3.9rc1 bugs are in ... In-Reply-To: <20040218071041.17341@smtp.haun-online.de> References: <4032BE5E.2080408@abtech.org> <20040218071041.17341@smtp.haun-online.de> Message-ID: <4033830E.6010106@abtech.org> OKay, Found a slightly deeper problem that is all tied up in this. With the below change the reply-to-link is now broken (it responds to the comment/story an extra level up). The easy way to change this is to add a line: $template->set_var( 'cid', $A['cid'] ); to the comment function and then change the themes (comment.thtml) so that the reply-to-link has "pid={cid}". The better fix is to add a reply_to_link theme variable (along with theme variables for the other links that the comments have) and eliminate the 'extra' theme variables. If you give me some guidance on how you want to handle this I can code up the changes. Write cvs access would be convenient at this point. ;) Another minor issue is that the "parent" link is missing when browsing non-top-level comments in threaded mode. This should be easy to add. -Vinny Dirk Haun wrote: > Vinny, > > >>Ooops. Looks like a small mistake got thrown in. Change is in >>lib-common.php around line 2678: >>This line: >> $template->set_var( 'pid', $A['cid'] ); >>Should be: >> $template->set_var( 'pid', $A['pid'] ); > > > Applied on geeklog.net, looking good. Thanks. > > bye, Dirk > > From dirk at haun-online.de Wed Feb 18 13:37:26 2004 From: dirk at haun-online.de (Dirk Haun) Date: Wed, 18 Feb 2004 19:37:26 +0100 Subject: [geeklog-devel] The first 1.3.9rc1 bugs are in ... In-Reply-To: <4033830E.6010106@abtech.org> References: <4033830E.6010106@abtech.org> Message-ID: <20040218183727.26977@smtp.haun-online.de> Vinny, >Found a slightly deeper problem that is all tied up in this. With the >below change the reply-to-link is now broken (it responds to the >comment/story an extra level up). Yep, noticed this as well. >If you give me some guidance on how you want to handle this I can code >up the changes. I would have preferred a solution that didn't require theme changes, but if that's not possible, I leave it up to you to decide. >Write cvs access would be convenient at this point. ;) Agreed. Tony? bye, Dirk -- http://www.haun-online.de/ http://www.tinyweb.de/ From dirk at haun-online.de Wed Feb 18 13:43:16 2004 From: dirk at haun-online.de (Dirk Haun) Date: Wed, 18 Feb 2004 19:43:16 +0100 Subject: [geeklog-devel] The first 1.3.9rc1 bugs are in ... In-Reply-To: <20040217225532.1493@smtp.haun-online.de> References: <20040217225532.1493@smtp.haun-online.de> Message-ID: <20040218184316.22411@smtp.haun-online.de> I'm a bit short on time this week, so I try to delegate as much as possible ;-) Next person on my list: Blaine. I've received a report from someone who has a lot of blocks on his site. Apparantly, since the new block list code will number them in steps of 10, it will eventually come up with block order numbers in the 300s. But Geeklog only allows order numbers up to 255. I'd prefer a solution that doesn't require theme and database changes, but if that's not possible or would require too much work, then so be it ... bye, Dirk -- http://www.haun-online.de/ http://mypod.de/ From dirk at haun-online.de Wed Feb 18 14:29:54 2004 From: dirk at haun-online.de (Dirk Haun) Date: Wed, 18 Feb 2004 20:29:54 +0100 Subject: [geeklog-devel] MySQL issue / table lockups Message-ID: <20040218192954.613@smtp.haun-online.de> Here's some other issue altogether, slighlty edited from IRC: I have noticed that the hit couter can lock the whole stories table when viewing the story what happens when you have large number of stories and someone performs a search is that update gets locked then everything behind the update gets locked so, basically a long search on an active site can lock the whole site it can be solved in 2 ways changing the stories table type to innodb or, what I have been doing, splitting the table a stories and a stories_stat the stories table is myisam so I an use fulltext indexing and the stat table is innodb to prevent locks I see - innodb is supported in MySQL since when? late 3 I ubderstand the problem of supporting install on ISP's with old setups mysql.com isn't very clear on the version number for innodb support. it mentions 3.23.34a but the wording indicates it may not have been availabe in default installs right away ... we have user with versions down to 3.22.something :-/ that may be, I seem to remember having to dl the max install to get it originally or something like that yeah, that is unfortunate maybe an install option for those that know they have innodb installed to set table types on appropriate tables but maybe putting all the stats into a separate table would be a way around it - those that run into the problem could then change the type of the table exactly shouldn't affect anything coul dbe posted as a note for performance on large systems k, stuff to think about for 1.3.10 :P so far that is the only scalability issue I have come across Comments? bye, Dirk -- http://www.haun-online.de/ http://geeklog.info/ From tony at tonybibbs.com Wed Feb 18 16:36:27 2004 From: tony at tonybibbs.com (Tony Bibbs) Date: Wed, 18 Feb 2004 15:36:27 -0600 Subject: [geeklog-devel] MySQL issue / table lockups In-Reply-To: <20040218192954.613@smtp.haun-online.de> References: <20040218192954.613@smtp.haun-online.de> Message-ID: <4033DADB.9010601@tonybibbs.com> Any reason why we don't ship new GL installs with option of Innodb or MyISAM with a default of Innodb? Or to be even slicker, once we know what version of MySQL supported Innodb we can query it before creating any new tables and figure it out on the fly. --Tony Dirk Haun wrote: > Here's some other issue altogether, slighlty edited from IRC: > > I have noticed that the hit couter can lock the whole stories table > when viewing the story > what happens when you have large number of stories and someone > performs a search > is that update gets locked > then everything behind the update gets locked > so, basically a long search on an active site can lock the > whole site > it can be solved in 2 ways > changing the stories table type to innodb > or, what I have been doing, splitting the table > a stories and a stories_stat > the stories table is myisam so I an use fulltext indexing and > the stat table is innodb to prevent locks > I see - innodb is supported in MySQL since when? > late 3 > I ubderstand the problem of supporting install on ISP's with > old setups > mysql.com isn't very clear on the version number for innodb > support. it mentions 3.23.34a but the wording indicates it may not have > been availabe in default installs right away ... > we have user with versions down to 3.22.something :-/ > that may be, I seem to remember having to dl the max install to > get it originally > or something like that > yeah, that is unfortunate > maybe an install option for those that know they have innodb > installed > to set table types on appropriate tables > but maybe putting all the stats into a separate table would be > a way around it - those that run into the problem could then change the > type of the table > exactly > shouldn't affect anything > coul dbe posted as a note for performance on large systems > k, stuff to think about for 1.3.10 :P > so far that is the only scalability issue I have come across > > Comments? > > bye, Dirk > > From geeklog at langfamily.ca Wed Feb 18 20:06:18 2004 From: geeklog at langfamily.ca (Blaine Lang) Date: Wed, 18 Feb 2004 20:06:18 -0500 Subject: [geeklog-devel] The first 1.3.9rc1 bugs are in ... References: <20040217225532.1493@smtp.haun-online.de> <20040218184316.22411@smtp.haun-online.de> Message-ID: <007d01c3f684$94cfd3f0$650a10ac@XPBL2> Well we could change the interval but I like 10 :) Only 2 options - change the interval or change the field type that I see. It could be changed to use 2 as the interval and that still allows someone to manually enter a number to fit between 2 blocks. Blaine ----- Original Message ----- From: "Dirk Haun" To: Sent: Wednesday, February 18, 2004 1:43 PM Subject: Re: [geeklog-devel] The first 1.3.9rc1 bugs are in ... > I'm a bit short on time this week, so I try to delegate as much as > possible ;-) > > Next person on my list: Blaine. > > I've received a report from someone who has a lot of blocks on his site. > Apparantly, since the new block list code will number them in steps of > 10, it will eventually come up with block order numbers in the 300s. But > Geeklog only allows order numbers up to 255. > > I'd prefer a solution that doesn't require theme and database changes, > but if that's not possible or would require too much work, then so be it ... > > bye, Dirk > > > -- > http://www.haun-online.de/ > http://mypod.de/ > > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://lists.geeklog.net/listinfo/geeklog-devel From tony at tonybibbs.com Thu Feb 19 07:56:01 2004 From: tony at tonybibbs.com (Tony Bibbs) Date: Thu, 19 Feb 2004 06:56:01 -0600 Subject: [geeklog-devel] The first 1.3.9rc1 bugs are in ... In-Reply-To: <20040218183727.26977@smtp.haun-online.de> References: <4033830E.6010106@abtech.org> <20040218183727.26977@smtp.haun-online.de> Message-ID: <4034B261.8040803@tonybibbs.com> Vinny, you have an email with your CVS account info. --Tony Dirk Haun wrote: > Vinny, > > >>Found a slightly deeper problem that is all tied up in this. With the >>below change the reply-to-link is now broken (it responds to the >>comment/story an extra level up). > > > Yep, noticed this as well. > > > >>If you give me some guidance on how you want to handle this I can code >>up the changes. > > > I would have preferred a solution that didn't require theme changes, but > if that's not possible, I leave it up to you to decide. > > > >>Write cvs access would be convenient at this point. ;) > > > Agreed. Tony? > > bye, Dirk > > From tony at tonybibbs.com Thu Feb 19 07:58:08 2004 From: tony at tonybibbs.com (Tony Bibbs) Date: Thu, 19 Feb 2004 06:58:08 -0600 Subject: [geeklog-devel] The first 1.3.9rc1 bugs are in ... In-Reply-To: <007d01c3f684$94cfd3f0$650a10ac@XPBL2> References: <20040217225532.1493@smtp.haun-online.de> <20040218184316.22411@smtp.haun-online.de> <007d01c3f684$94cfd3f0$650a10ac@XPBL2> Message-ID: <4034B2E0.9080205@tonybibbs.com> I tend to order my blocks in increments of ten as well. Just a preference so I'd vote for the db change since that seem like the 'right' way though I do appreciate the hassle that creates. Blaine Lang wrote: > Well we could change the interval but I like 10 :) > Only 2 options - change the interval or change the field type that I see. > > It could be changed to use 2 as the interval and that still allows someone > to manually enter a number to fit between 2 blocks. > > Blaine > ----- Original Message ----- > From: "Dirk Haun" > To: > Sent: Wednesday, February 18, 2004 1:43 PM > Subject: Re: [geeklog-devel] The first 1.3.9rc1 bugs are in ... > > > >>I'm a bit short on time this week, so I try to delegate as much as >>possible ;-) >> >>Next person on my list: Blaine. >> >>I've received a report from someone who has a lot of blocks on his site. >>Apparantly, since the new block list code will number them in steps of >>10, it will eventually come up with block order numbers in the 300s. But >>Geeklog only allows order numbers up to 255. >> >>I'd prefer a solution that doesn't require theme and database changes, >>but if that's not possible or would require too much work, then so be it > > ... > >>bye, Dirk >> >> >>-- >>http://www.haun-online.de/ >>http://mypod.de/ >> >>_______________________________________________ >>geeklog-devel mailing list >>geeklog-devel at lists.geeklog.net >>http://lists.geeklog.net/listinfo/geeklog-devel > > > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://lists.geeklog.net/listinfo/geeklog-devel From tony at tonybibbs.com Fri Feb 20 09:15:03 2004 From: tony at tonybibbs.com (Tony Bibbs) Date: Fri, 20 Feb 2004 08:15:03 -0600 Subject: [geeklog-devel] Spam to members of lists Message-ID: <40361667.4000503@tonybibbs.com> I got this complaint today: Tony, I joined geeklog-users a little more than a week ago using newly created email addresses and posted only twice, and already I received two spam emails today to the new addresses (one of the addresses appears only in the Received header ). Either the spammer is a member of the list and receives emails with the full headers, or a list member's computer is infected and collects addresses. I know how seriously you and the development team of Geeklog think about security. I would like to ask your help to consider what could be done to stop spammers from collecting email addresses from geeklog lists. Right now I'm having second thoughts about publicly contributing to the development (at least not without stripping some mail headers). FYI below are transcripts of the blocked SPAM going to these two email addresses. They were received 1 second apart from two different IP addresses. sincerely, Drago Goricanec I then reviewed the privacy options and the only thing I see that we can do to fix this is set the very last option, "Hide the sender of a message, replacing it with the list address (Removes From, Sender and Reply-To fields)" to 'yes'. I think spam is enough of a problem where we should simply turn this off but I wanted to make sure I wasn't forgetting something because all this rings a bell with a situation way back when we were addressing this last. ...which reminds me I should probably upgrade mailman to see if we don't get some new anti-spam features (i.e. baysian filters, etc) Thoughts? --Tony From vmf at abtech.org Fri Feb 20 10:31:04 2004 From: vmf at abtech.org (Vincent Furia) Date: Fri, 20 Feb 2004 10:31:04 -0500 Subject: [geeklog-devel] Spam to members of lists In-Reply-To: <40361667.4000503@tonybibbs.com> References: <40361667.4000503@tonybibbs.com> Message-ID: <40362838.7030706@abtech.org> Tony, We have gone through this before. Last time we switched many people (including myself) complained that not having the email addresses of the people sending emails to the list was a major PITA when it came to keeping track of who said what. This is especially true since many people don't sign their email. I'd rather put up with a bit of SPAM (which SPAM filters can catch) then have to figure out from context who was sending a message to the mailing list. Also I like to be able to email people directly (especially for some of the questions that pop-up on geeklog-users). Note that the SPAMers could have gotten his email by scouring the archive. Some people do a reply-to that includes something like: joe at some.email.com said: Which doesn't get filtered and an email address winds up on the lists archive web pages to be grabbed by SPAM bots. Maybe there is a way to filter email addresses out of the body of messages before they posted to the archive? -Vinny Tony Bibbs wrote: > I got this complaint today: > > > Tony, > > I joined geeklog-users a little more than a week ago using newly created > email > addresses and posted only twice, and already I received two spam emails > today > to the new addresses (one of the addresses appears only in the Received > header > ). > > Either the spammer is a member of the list and receives emails with the > full > headers, or a list member's computer is infected and collects addresses. > > I know how seriously you and the development team of Geeklog think about > security. I would like to ask your help to consider what could be done > to stop > spammers from collecting email addresses from geeklog lists. Right now I'm > having second thoughts about publicly contributing to the development > (at least > not without stripping some mail headers). > > FYI below are transcripts of the blocked SPAM going to these two email > addresses. They were received 1 second apart from two different IP > addresses. > > sincerely, > Drago Goricanec > > > I then reviewed the privacy options and the only thing I see that we can > do to fix this is set the very last option, "Hide the sender of a > message, replacing it with the list address (Removes From, Sender and > Reply-To fields)" to 'yes'. > > I think spam is enough of a problem where we should simply turn this off > but I wanted to make sure I wasn't forgetting something because all this > rings a bell with a situation way back when we were addressing this last. > > ...which reminds me I should probably upgrade mailman to see if we don't > get some new anti-spam features (i.e. baysian filters, etc) > > Thoughts? > > --Tony > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://lists.geeklog.net/listinfo/geeklog-devel > From dirk at haun-online.de Fri Feb 20 13:45:53 2004 From: dirk at haun-online.de (Dirk Haun) Date: Fri, 20 Feb 2004 19:45:53 +0100 Subject: [geeklog-devel] Spam to members of lists In-Reply-To: <40362838.7030706@abtech.org> References: <40362838.7030706@abtech.org> Message-ID: <20040220184553.8017@smtp.haun-online.de> Vinny wrote: >Note that the SPAMers could have gotten his email by scouring the >archive. Some people do a reply-to that includes something like: > > joe at some.email.com said: I found the two posts by Drago. Tony responded to both of them, but without quoting his email address. There were no other replies. A search for Drago's email address (in my local mail database) only returns his own posts. So that's not the way the address got out. Of course, everyone else on the list has his email address on their PC as well and if they caught a virus, for example, it's possible that the address got out that way (e.g. used as a fake return address). >Maybe there is a way to >filter email addresses out of the body of messages before they posted to >the archive? That would still be a good idea. bye, Dirk -- http://www.haun-online.de/ http://geeklog.info/ From vmf at abtech.org Fri Feb 20 20:29:18 2004 From: vmf at abtech.org (Vincent Furia) Date: Fri, 20 Feb 2004 20:29:18 -0500 Subject: [geeklog-devel] COM_extractlinks Message-ID: <4036B46E.6040808@abtech.org> I noticed this post in the Forum: http://www.geeklog.net/forum/viewtopic.php?forum=10&showtopic=30857 You probably don't want to go with (quite) what the suggestion there is (due to problems the author states). But the function getting confused by the image tags is Not A Good Thing. (-rc2 perhaps?) I'll fix this if no one else wants to. I'll just need to brush up on my regexs a bit first. -Vinny From vmf at abtech.org Fri Feb 20 21:59:10 2004 From: vmf at abtech.org (Vincent Furia) Date: Fri, 20 Feb 2004 21:59:10 -0500 Subject: [geeklog-devel] comment.php Message-ID: <4036C97E.7000603@abtech.org> In 1.3.8, when displaying comments using comment.php (?mode=display) GL would assume threaded mode. This made sense since the other comment modes (nested, flat) can display all the comments on a single page without needing a click through to see more comments. In 1.3.9's comment.php we are setting the comment mode (threaded, nested, etc) to the user's choice or the default value. Unfortunately if a user has his prefs set to 'nested' but then uses the title bar to select 'threaded' and then clicks on a threaded comment it causes the comment to display as his preferenced value. So I guess I'm asking is what is the desired behavior here? Should comment.php only be used to display threaded comments (notice the code to display in comment.php takes a 'pid' rather than a 'cid' to display all the children of a parent - but not the parent, rather than a particular comment and its children). Or should it use whatever the user's preferences indicate (overriding a previous commentbar choice). Or should it 1st go by choice, then preference? Or something else... After that question is answered here is an related enhancement for comment.php that we may consider looking at: we can add a bit of logic to display a comment based on 'cid' (along with its children) in addition to the current display by parent ('pid'). This would allow users to link to a particular comment in a story/poll/plugin/etc. Have enough time to think about all that? Once you have my opinion (vote?) is below. ///////////////////// My opinion: I think the comment.php display as it is ('pid') should only be available in threaded comments. It doesn't make much sense to have it for nested or flat comments. I like the idea of being able to link to a particular comment, so I'd vote yes for that feature (available in any comment mode). I'll code it all up once the votes are in. Also if you vote yes the display by 'cid' should it be in 1.3.9 or should it wait for 1.3.10. -Vinny From geeklog at langfamily.ca Fri Feb 20 23:44:49 2004 From: geeklog at langfamily.ca (Blaine Lang) Date: Fri, 20 Feb 2004 23:44:49 -0500 Subject: [geeklog-devel] comment.php References: <4036C97E.7000603@abtech.org> Message-ID: <001401c3f835$7036a390$650a10ac@XPBL2> What I see is that nested looks like flat mode now. I've tried setting my preference to nested and threaded and really did not see a difference when viewing comments in nested mode. They always appeared as flat. Nested used to have the threaded look but would expand out all the comments. Example story with 50 comments: http://www.geeklog.net/article.php?story=20021208122743130 Blaine ----- Original Message ----- From: "Vincent Furia" To: Sent: Friday, February 20, 2004 9:59 PM Subject: [geeklog-devel] comment.php > In 1.3.8, when displaying comments using comment.php (?mode=display) GL > would assume threaded mode. This made sense since the other comment > modes (nested, flat) can display all the comments on a single page > without needing a click through to see more comments. > > In 1.3.9's comment.php we are setting the comment mode (threaded, > nested, etc) to the user's choice or the default value. Unfortunately > if a user has his prefs set to 'nested' but then uses the title bar to > select 'threaded' and then clicks on a threaded comment it causes the > comment to display as his preferenced value. > > So I guess I'm asking is what is the desired behavior here? Should > comment.php only be used to display threaded comments (notice the code > to display in comment.php takes a 'pid' rather than a 'cid' to display > all the children of a parent - but not the parent, rather than a > particular comment and its children). Or should it use whatever the > user's preferences indicate (overriding a previous commentbar choice). > Or should it 1st go by choice, then preference? Or something else... > > After that question is answered here is an related enhancement for > comment.php that we may consider looking at: we can add a bit of logic > to display a comment based on 'cid' (along with its children) in > addition to the current display by parent ('pid'). This would allow > users to link to a particular comment in a story/poll/plugin/etc. > > Have enough time to think about all that? Once you have my opinion > (vote?) is below. > > ///////////////////// > > My opinion: I think the comment.php display as it is ('pid') should > only be available in threaded comments. It doesn't make much sense to > have it for nested or flat comments. I like the idea of being able to > link to a particular comment, so I'd vote yes for that feature > (available in any comment mode). > > I'll code it all up once the votes are in. Also if you vote yes the > display by 'cid' should it be in 1.3.9 or should it wait for 1.3.10. > > -Vinny > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://lists.geeklog.net/listinfo/geeklog-devel From vmf at abtech.org Sat Feb 21 08:17:52 2004 From: vmf at abtech.org (Vincent Furia) Date: Sat, 21 Feb 2004 08:17:52 -0500 Subject: [geeklog-devel] comment.php In-Reply-To: <001401c3f835$7036a390$650a10ac@XPBL2> References: <4036C97E.7000603@abtech.org> <001401c3f835$7036a390$650a10ac@XPBL2> Message-ID: <40375A80.90107@abtech.org> There was a bug in -rc1 that was contributing to that. I don't see a problem with the article you pointed to (I'm seeing it nested just fine). What browser/OS (brand and version) are you using? Are you seeing threaded sub-comments indented in? If possible a screenshot or two of what you're seeing would be helpful in trouble shooting. Thanks, Vinny Blaine Lang wrote: > What I see is that nested looks like flat mode now. > I've tried setting my preference to nested and threaded and really did not > see a difference when viewing comments in nested mode. They always appeared > as flat. Nested used to have the threaded look but would expand out all the > comments. > > Example story with 50 comments: > http://www.geeklog.net/article.php?story=20021208122743130 > > Blaine > ----- Original Message ----- > From: "Vincent Furia" > To: > Sent: Friday, February 20, 2004 9:59 PM > Subject: [geeklog-devel] comment.php > > > >>In 1.3.8, when displaying comments using comment.php (?mode=display) GL >>would assume threaded mode. This made sense since the other comment >>modes (nested, flat) can display all the comments on a single page >>without needing a click through to see more comments. >> >>In 1.3.9's comment.php we are setting the comment mode (threaded, >>nested, etc) to the user's choice or the default value. Unfortunately >>if a user has his prefs set to 'nested' but then uses the title bar to >>select 'threaded' and then clicks on a threaded comment it causes the >>comment to display as his preferenced value. >> >>So I guess I'm asking is what is the desired behavior here? Should >>comment.php only be used to display threaded comments (notice the code >>to display in comment.php takes a 'pid' rather than a 'cid' to display >>all the children of a parent - but not the parent, rather than a >>particular comment and its children). Or should it use whatever the >>user's preferences indicate (overriding a previous commentbar choice). >>Or should it 1st go by choice, then preference? Or something else... >> >>After that question is answered here is an related enhancement for >>comment.php that we may consider looking at: we can add a bit of logic >>to display a comment based on 'cid' (along with its children) in >>addition to the current display by parent ('pid'). This would allow >>users to link to a particular comment in a story/poll/plugin/etc. >> >>Have enough time to think about all that? Once you have my opinion >>(vote?) is below. >> >>///////////////////// >> >>My opinion: I think the comment.php display as it is ('pid') should >>only be available in threaded comments. It doesn't make much sense to >>have it for nested or flat comments. I like the idea of being able to >>link to a particular comment, so I'd vote yes for that feature >>(available in any comment mode). >> >>I'll code it all up once the votes are in. Also if you vote yes the >>display by 'cid' should it be in 1.3.9 or should it wait for 1.3.10. >> >>-Vinny >>_______________________________________________ >>geeklog-devel mailing list >>geeklog-devel at lists.geeklog.net >>http://lists.geeklog.net/listinfo/geeklog-devel > > > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://lists.geeklog.net/listinfo/geeklog-devel > From geeklog at langfamily.ca Sat Feb 21 11:24:09 2004 From: geeklog at langfamily.ca (Blaine Lang) Date: Sat, 21 Feb 2004 11:24:09 -0500 Subject: [geeklog-devel] comment.php References: <4036C97E.7000603@abtech.org> <001401c3f835$7036a390$650a10ac@XPBL2> <40375A80.90107@abtech.org> Message-ID: <002101c3f897$22253600$650a10ac@XPBL2> Vinny, I am using IE 6 and have uploaded two images for you to see. http://www.langfamily.ca/temp/threaded.jpg http://www.langfamily.ca/temp/nested.jpg Blaine ----- Original Message ----- From: "Vincent Furia" To: Sent: Saturday, February 21, 2004 8:17 AM Subject: Re: [geeklog-devel] comment.php > There was a bug in -rc1 that was contributing to that. I don't see a > problem with the article you pointed to (I'm seeing it nested just > fine). What browser/OS (brand and version) are you using? > > Are you seeing threaded sub-comments indented in? If possible a > screenshot or two of what you're seeing would be helpful in trouble > shooting. > > Thanks, > Vinny > > Blaine Lang wrote: > > What I see is that nested looks like flat mode now. > > I've tried setting my preference to nested and threaded and really did not > > see a difference when viewing comments in nested mode. They always appeared > > as flat. Nested used to have the threaded look but would expand out all the > > comments. > > > > Example story with 50 comments: > > http://www.geeklog.net/article.php?story=20021208122743130 > > > > Blaine > > ----- Original Message ----- > > From: "Vincent Furia" > > To: > > Sent: Friday, February 20, 2004 9:59 PM > > Subject: [geeklog-devel] comment.php > > > > > > > >>In 1.3.8, when displaying comments using comment.php (?mode=display) GL > >>would assume threaded mode. This made sense since the other comment > >>modes (nested, flat) can display all the comments on a single page > >>without needing a click through to see more comments. > >> > >>In 1.3.9's comment.php we are setting the comment mode (threaded, > >>nested, etc) to the user's choice or the default value. Unfortunately > >>if a user has his prefs set to 'nested' but then uses the title bar to > >>select 'threaded' and then clicks on a threaded comment it causes the > >>comment to display as his preferenced value. > >> > >>So I guess I'm asking is what is the desired behavior here? Should > >>comment.php only be used to display threaded comments (notice the code > >>to display in comment.php takes a 'pid' rather than a 'cid' to display > >>all the children of a parent - but not the parent, rather than a > >>particular comment and its children). Or should it use whatever the > >>user's preferences indicate (overriding a previous commentbar choice). > >>Or should it 1st go by choice, then preference? Or something else... > >> > >>After that question is answered here is an related enhancement for > >>comment.php that we may consider looking at: we can add a bit of logic > >>to display a comment based on 'cid' (along with its children) in > >>addition to the current display by parent ('pid'). This would allow > >>users to link to a particular comment in a story/poll/plugin/etc. > >> > >>Have enough time to think about all that? Once you have my opinion > >>(vote?) is below. > >> > >>///////////////////// > >> > >>My opinion: I think the comment.php display as it is ('pid') should > >>only be available in threaded comments. It doesn't make much sense to > >>have it for nested or flat comments. I like the idea of being able to > >>link to a particular comment, so I'd vote yes for that feature > >>(available in any comment mode). > >> > >>I'll code it all up once the votes are in. Also if you vote yes the > >>display by 'cid' should it be in 1.3.9 or should it wait for 1.3.10. > >> > >>-Vinny > >>_______________________________________________ > >>geeklog-devel mailing list > >>geeklog-devel at lists.geeklog.net > >>http://lists.geeklog.net/listinfo/geeklog-devel > > > > > > _______________________________________________ > > geeklog-devel mailing list > > geeklog-devel at lists.geeklog.net > > http://lists.geeklog.net/listinfo/geeklog-devel > > > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://lists.geeklog.net/listinfo/geeklog-devel From dirk at haun-online.de Sat Feb 21 11:45:54 2004 From: dirk at haun-online.de (Dirk Haun) Date: Sat, 21 Feb 2004 17:45:54 +0100 Subject: [geeklog-devel] comment.php In-Reply-To: <002101c3f897$22253600$650a10ac@XPBL2> References: <002101c3f897$22253600$650a10ac@XPBL2> Message-ID: <20040221164554.23116@smtp.haun-online.de> Blaine, >http://www.langfamily.ca/temp/threaded.jpg That's how it should look like (at least I think so ...). >http://www.langfamily.ca/temp/nested.jpg That's not okay, though. But it looks fine (i.e. nested) in Mozilla. Blame Microsoft ... bye, Dirk P.S. geeklog.net is running on the latest CVS version of lib-common.php (1.289), not the one from the rc1 tarball. -- http://www.haun-online.de/ http://geeklog.info/ From geeklog at langfamily.ca Sat Feb 21 12:13:28 2004 From: geeklog at langfamily.ca (Blaine Lang) Date: Sat, 21 Feb 2004 12:13:28 -0500 Subject: [geeklog-devel] comment.php References: <002101c3f897$22253600$650a10ac@XPBL2> <20040221164554.23116@smtp.haun-online.de> Message-ID: <023101c3f89e$0603cf20$650a10ac@XPBL2> > >http://www.langfamily.ca/temp/threaded.jpg > > That's how it should look like (at least I think so ...). Agree that what I had noted in my previous email , it's nested that is not showing correct I had not tried Mozilla but yeh, it does appear to be IE related. The issue is with the CSS for padding being defined at the TABLE level and not the TD level style="padding-left: 50px"Have a look at this testhttp://www.langfamily.ca/temp/tablestyletest.htmlBlaine ----- Original Message ----- From: "Dirk Haun" To: Sent: Saturday, February 21, 2004 11:45 AM Subject: Re: [geeklog-devel] comment.php > Blaine, > > >http://www.langfamily.ca/temp/threaded.jpg > > That's how it should look like (at least I think so ...). > > > >http://www.langfamily.ca/temp/nested.jpg > > That's not okay, though. But it looks fine (i.e. nested) in Mozilla. > Blame Microsoft ... > > bye, Dirk > > P.S. geeklog.net is running on the latest CVS version of lib-common.php > (1.289), not the one from the rc1 tarball. > > > -- > http://www.haun-online.de/ > http://geeklog.info/ > > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://lists.geeklog.net/listinfo/geeklog-devel From dirk at haun-online.de Sun Feb 22 15:12:11 2004 From: dirk at haun-online.de (Dirk Haun) Date: Sun, 22 Feb 2004 21:12:11 +0100 Subject: [geeklog-devel] The first 1.3.9rc1 bugs are in ... In-Reply-To: <007d01c3f684$94cfd3f0$650a10ac@XPBL2> References: <007d01c3f684$94cfd3f0$650a10ac@XPBL2> Message-ID: <20040222201211.5769@smtp.haun-online.de> Blaine, >Well we could change the interval but I like 10 :) >Only 2 options - change the interval or change the field type that I see. Looks like the least painful method would be to simply change the field type for "blockorder" from a TINYINT to a SMALLINT. Vinny, what's the status on the problem with the nested comments? A few people seem to have problems with PEAR::Mail when safe_mode is on. At least when selecting 'mail' as the backend, PHP complains about the fifth parameter for mail() not being allowed in safe_mode. Switching to 'sendmail' or 'smtp' fixes that (in my local tests), but obviously not for all people. I have just added a hook that lets you override COM_mail() with a CUSTOM_mail() function (i.e. if such a function exists, COM_mail() calls it instead of handling emails itself). If the safe_mode problems persist, we might even have to add a 'geeklog' backend option that re-implements Geeklog's old way of sending emails. Have to do some digging on documented problems with PEAR::Mail first - maybe there's a better solution. So these are the showstoppers for rc2 at the moment, AFAICS. Anything else? bye, Dirk -- http://www.haun-online.de/ http://mypod.de/ From dirk at haun-online.de Sun Feb 22 15:55:08 2004 From: dirk at haun-online.de (Dirk Haun) Date: Sun, 22 Feb 2004 21:55:08 +0100 Subject: [geeklog-devel] Desktop pictures Message-ID: <20040222205508.26492@smtp.haun-online.de> I came across this site the other day. It has screenshots of desktops of a few "famous geeks": http://unix.se/gallery/folk So I thought - how does YOUR desktop look like when you're working on Geeklog? Here's mine: http://geeklog.info/images/desktop-dirk.jpg bye, Dirk -- http://www.haun-online.de/ http://www.haun.info/ From geeklog at langfamily.ca Sun Feb 22 18:00:10 2004 From: geeklog at langfamily.ca (Blaine Lang) Date: Sun, 22 Feb 2004 18:00:10 -0500 Subject: [geeklog-devel] Desktop pictures References: <20040222205508.26492@smtp.haun-online.de> Message-ID: <00e801c3f997$9fa0cf80$650a10ac@XPBL2> Neat site Dirk, Here is my desktop - which is 2560 x 1280 dual screen. Image is 666kb. http://www.langfamily.ca/temp/myscreen.jpg ----- Original Message ----- From: "Dirk Haun" To: Sent: Sunday, February 22, 2004 3:55 PM Subject: [geeklog-devel] Desktop pictures > > > I came across this site the other day. It has screenshots of desktops of > a few "famous geeks": > > http://unix.se/gallery/folk > > So I thought - how does YOUR desktop look like when you're working on > Geeklog? Here's mine: > > http://geeklog.info/images/desktop-dirk.jpg > > bye, Dirk > > > -- > http://www.haun-online.de/ > http://www.haun.info/ > > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://lists.geeklog.net/listinfo/geeklog-devel From geeklog at langfamily.ca Sun Feb 22 18:01:29 2004 From: geeklog at langfamily.ca (Blaine Lang) Date: Sun, 22 Feb 2004 18:01:29 -0500 Subject: [geeklog-devel] The first 1.3.9rc1 bugs are in ... References: <007d01c3f684$94cfd3f0$650a10ac@XPBL2> <20040222201211.5769@smtp.haun-online.de> Message-ID: <00ee01c3f997$ce89ef70$650a10ac@XPBL2> Not that I can think of Dirk - do you need my help on anything? Blaine ----- Original Message ----- From: "Dirk Haun" To: Sent: Sunday, February 22, 2004 3:12 PM Subject: Re: [geeklog-devel] The first 1.3.9rc1 bugs are in ... > Blaine, > > >Well we could change the interval but I like 10 :) > >Only 2 options - change the interval or change the field type that I see. > > Looks like the least painful method would be to simply change the field > type for "blockorder" from a TINYINT to a SMALLINT. > > Vinny, what's the status on the problem with the nested comments? > > A few people seem to have problems with PEAR::Mail when safe_mode is on. > At least when selecting 'mail' as the backend, PHP complains about the > fifth parameter for mail() not being allowed in safe_mode. Switching to > 'sendmail' or 'smtp' fixes that (in my local tests), but obviously not > for all people. > > I have just added a hook that lets you override COM_mail() with a > CUSTOM_mail() function (i.e. if such a function exists, COM_mail() calls > it instead of handling emails itself). > > If the safe_mode problems persist, we might even have to add a 'geeklog' > backend option that re-implements Geeklog's old way of sending emails. > Have to do some digging on documented problems with PEAR::Mail first - > maybe there's a better solution. > > So these are the showstoppers for rc2 at the moment, AFAICS. Anything else? > > bye, Dirk > > > -- > http://www.haun-online.de/ > http://mypod.de/ > > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://lists.geeklog.net/listinfo/geeklog-devel From vmf at abtech.org Sun Feb 22 22:05:55 2004 From: vmf at abtech.org (Vincent Furia) Date: Sun, 22 Feb 2004 22:05:55 -0500 Subject: [geeklog-devel] The first 1.3.9rc1 bugs are in ... In-Reply-To: <20040222201211.5769@smtp.haun-online.de> References: <007d01c3f684$94cfd3f0$650a10ac@XPBL2> <20040222201211.5769@smtp.haun-online.de> Message-ID: <40396E13.80108@abtech.org> Dirk Haun wrote: >Blaine, > > > >>Well we could change the interval but I like 10 :) >>Only 2 options - change the interval or change the field type that I see. >> >> > >Looks like the least painful method would be to simply change the field >type for "blockorder" from a TINYINT to a SMALLINT. > >Vinny, what's the status on the problem with the nested comments? > >A few people seem to have problems with PEAR::Mail when safe_mode is on. >At least when selecting 'mail' as the backend, PHP complains about the >fifth parameter for mail() not being allowed in safe_mode. Switching to >'sendmail' or 'smtp' fixes that (in my local tests), but obviously not >for all people. > >I have just added a hook that lets you override COM_mail() with a >CUSTOM_mail() function (i.e. if such a function exists, COM_mail() calls >it instead of handling emails itself). > >If the safe_mode problems persist, we might even have to add a 'geeklog' >backend option that re-implements Geeklog's old way of sending emails. >Have to do some digging on documented problems with PEAR::Mail first - >maybe there's a better solution. > >So these are the showstoppers for rc2 at the moment, AFAICS. Anything else? > >bye, Dirk > > > > Well... I'm going to try a few things out. I think I'm going to make some demo pages (tomorrow night maybe?) and then ask people in the forums to take a look with their browser and see what works and what doesn't. I'll end up implementing whatever works in the most number of browsers. If nothing seems to work widely, I can reimplement (in the templates) the nested tables that are how comments are done in 1.3.8 and prior. As for the issues I brought up in my email titled "comment.php" unless I hear any contrary opinions I'm going to implement as I suggested in my "opinion" at the end of the email, pushing off displaying by 'cid' until 1.3.10. -Vinny P.S. I'm "on the road" this week so I'll only really be available in the evenings (EST). I should be able to put in enough time to get these comment issues worked out though. From dirk at haun-online.de Mon Feb 23 14:48:51 2004 From: dirk at haun-online.de (Dirk Haun) Date: Mon, 23 Feb 2004 20:48:51 +0100 Subject: [geeklog-devel] comment.php In-Reply-To: <4036C97E.7000603@abtech.org> References: <4036C97E.7000603@abtech.org> Message-ID: <20040223194851.14233@smtp.haun-online.de> Vinny, >In 1.3.9's comment.php we are setting the comment mode (threaded, >nested, etc) to the user's choice or the default value. Unfortunately >if a user has his prefs set to 'nested' but then uses the title bar to >select 'threaded' and then clicks on a threaded comment it causes the >comment to display as his preferenced value. I made that change (using the user's preferences) since I noticed that comments on plugins (e.g. file management) were always displayed in threaded mode, even so I have set my preferences to nested. This and the above seems to indicate that the "current" mode gets lost somewhere. So ideally, we want both - it should start with the user's preferred mode, but when they change it (temporarily, in the comment bar), it should of course use whatever has been selected from the comment bar. >This would allow >users to link to a particular comment in a story/poll/plugin/etc. That's certainly a nice thing to have (btw, I'd also like to have this in the forums, so that I can link to one specific post). >Also if you vote yes the >display by 'cid' should it be in 1.3.9 or should it wait for 1.3.10. The first issue is a bug and should be fixed in 1.3.9. The second one is an improvement and should wait for 1.3.10. Especially since it will no doubt require changes in other places, too (e.g. search should use it, may require changes in template files, ...). bye, Dirk -- http://www.haun-online.de/ http://geeklog.info/ From dirk at haun-online.de Mon Feb 23 14:51:38 2004 From: dirk at haun-online.de (Dirk Haun) Date: Mon, 23 Feb 2004 20:51:38 +0100 Subject: [geeklog-devel] COM_extractlinks In-Reply-To: <4036B46E.6040808@abtech.org> References: <4036B46E.6040808@abtech.org> Message-ID: <20040223195138.16173@smtp.haun-online.de> Vinny, >But the function getting confused >by the image tags is Not A Good Thing. (-rc2 perhaps?) > >I'll fix this if no one else wants to. Yes, please. Thanks. bye, Dirk -- http://www.haun-online.de/ http://www.macosx-faq.de/ From tony at tonybibbs.com Wed Feb 25 12:51:32 2004 From: tony at tonybibbs.com (Tony Bibbs) Date: Wed, 25 Feb 2004 11:51:32 -0600 Subject: [geeklog-devel] Desktop pictures In-Reply-To: <20040222205508.26492@smtp.haun-online.de> References: <20040222205508.26492@smtp.haun-online.de> Message-ID: <403CE0A4.8050606@tonybibbs.com> Great topic. Here's mine: http://209.234.80.119/~tony/Screenshot.png --Tony Dirk Haun wrote: > > > I came across this site the other day. It has screenshots of desktops of > a few "famous geeks": > > http://unix.se/gallery/folk > > So I thought - how does YOUR desktop look like when you're working on > Geeklog? Here's mine: > > http://geeklog.info/images/desktop-dirk.jpg > > bye, Dirk > > From dirk at haun-online.de Thu Feb 26 13:11:51 2004 From: dirk at haun-online.de (Dirk Haun) Date: Thu, 26 Feb 2004 19:11:51 +0100 Subject: [geeklog-devel] How to use COM_applyFilter Message-ID: <20040226181151.27701@smtp.haun-online.de> I wrote this little piece to explain the use of COM_applyFilter. It's mainly aimed at authors of plugins and other add-ons, but most of it applies to new code that's supposed to go into Geeklog as well. Comments welcome (as well as suggestions on where to post it so that it can easily be found ...). bye, Dirk --- snip --- Abstract: Geeklog 1.3.9 introduced a new function, COM_applyFilter, that is used to filter parameters passed in HTTP GET and POST requests. It is strongly suggested that plugins and other add-ons make use of this function. This post explains how to use COM_applyFilter and also provides additional information on how to make your scripts more secure. Whenever parameters are passed in an HTTP GET request (usually in a URL of the form script.php?parameter=value) or an HTTP POST request (usually from an input field in a form, e.g. ) there is a potential risk that these parameters are manipulated. With GET requests, it is easy to edit the URL and manipulated POST requests can be sent through manipulated forms or by using tools like netcat. It is therefore important not to trust these parameters too much! The COM_applyFilter function was designed to clear parameters from the most commonly used injection attempts (both SQL and JavaScript injections). So, to strip any potentially malicious content from parameters, use COM_applyFilter as follows: $myvalue = COM_applyFilter ($HTTP_POST_VARS['myparameter']); Or, in case, of a parameter that is supposed to be numeric: $myvalue = COM_applyFilter ($HTTP_POST_VARS['myparameter'], true); Your script should be prepared to handle the case that $myparameter is empty (or 0, for numerical parameters) after the call to COM_applyFilter. This will usually be the case when content was stripped from the parameter (unless it was empty / zero to begin with). Whether your script aborts in those cases or continues with default values instead of the empty / zeroed parameter, is up to you. Both may make sense, depending on the circumstances. As can be seen in the examples above, it is recommended NOT to rely on register_globals being "on" (although Geeklog still requires this) but to use the global $HTTP_GET_VARS and $HTTP_POST_VARS arrays instead (don't forget to declare them as "global" when you're using them inside a function). The $_GET, $_POST, and $_REQUEST arrays could be used instead of $HTTP_GET_VARS and $HTTP_POST_VARS, but since they were only introduced in PHP 4.2.0, you may restrict the audience for your plugin / add-on somewhat, as quite a few Geeklog installs out there are still running on older versions of PHP. If possible, you should NOT follow Geeklog's example of testing whether a parameter is set in the $HTTP_GET_VARS or $HTTP_POST_VARS array. Instead, write your code such that at any moment you know exactly where your parameters would be in case of proper execution of the script. So if you know that at a specific point in your script, parameters can only be in the $HTTP_GET_VARS array (because you are expecting to be called through an HTTP GET request), don't bother checking the $HTTP_POST_VARS array (instead, simply ignore it). Geeklog's core code contains a few bad examples where at specific points in a script it is not clear whether we came there through a GET or a POST request and thus have to test both for the proper parameters. Depending on the situation, it may make things easier for an attacker and the code is in general much harder to maintain. Don't repeat that mistake. Please note that you can NOT use COM_applyFilter on any sort of "free- form" content, such as the text of a story or things like a user's full name, since the function would strip out many special characters (such as quotes) and make the content illegible and / or useless. Instead, you should do something like this: $mytext = COM_stripslashes ($HTTP_POST_VARS['mytext']); // do something with it $mytext = addslashes ($mytext); DB_save ($_TABLES['mytable'], "mytext", '$mytext'); The COM_stripslashes function will strip any slashes that may have been added during the POST operation, if the PHP option magic_quotes_qpc is "on" (and leaves the text untouched, if it is off), thus ensuring that you get the text back exactly as it was entered by the user. You can then process the text as needed by your plugin / add-on. Before you store the text in the database, you should call addslashes on it to ensure that any special characters are properly escaped. This will NOT add slashes to the content in the database, it will only ensure that the text is properly stored (and in case it contains any SQL injection attempts, those would be stored as text, too, instead of being executed as part of the save operation). Actually, it may be a good idea to apply addslashes on ALL parameters that go into the database, even if they have been passed through COM_applyFilter before, just in case. On a side note, if you need to identify the current user, you should NEVER rely on the user's id passed through GET or POST requests (e.g. by embedding it in a form and reading it back when the form was submitted). Instead, ALWAYS use the global variable $_USER['uid']. This variable may be empty or contain 1, which indicates an anonymous user, i.e. a user that is not logged in. So you should use something like if (!empty ($_USER['uid']) && ($_USER['uid'] > 1)) { // this is a logged-in user } else { // this is an anonymous user } To summarize: - use COM_applyFilter on any parameters passed through an HTTP GET or POST request - add "true" to the call when the parameter is supposed to be numeric - be prepared for the parameter to be empty or zero afterwards - don't rely on register_globals - use $HTTP_POST_VARS and $HTTP_GETS_VARS instead - write your script such that you know whether your parameters are in $HTTP_POST_VARS or $HTTP_GETS_VARS - for "free-form" content, don't use COM_applyFilter but be careful to filter it otherwise and apply addslashes before storing it in the database - always rely on $_USER['uid'] to identify a user -- http://www.geeklog.net/ http://geeklog.info/ From geeklog at langfamily.ca Thu Feb 26 14:01:53 2004 From: geeklog at langfamily.ca (Blaine Lang) Date: Thu, 26 Feb 2004 14:01:53 -0500 Subject: [geeklog-devel] How to use COM_applyFilter References: <20040226181151.27701@smtp.haun-online.de> Message-ID: <006e01c3fc9a$ff9abd00$650a10ac@XPBL2> Dirk, This is a good discussion and one we spent a lot of time in our code addressing. I have been using your function and variations of it now for a couple months. I think it's a great addition to the common functions. I had a reason (can't recall the details now) where I added the option to "not return 0" - it would return '' instead. The default was return for a numeric test and the parameter being tested turned out to not be numeric. COM_ApplyFilter( $parameter, $isnumeric = false ,$returnzero=true) The other purpose I had was a stronger version that only allowed "letters and numbers" $p = preg_replace('/^[^(0-9a-zA-Z)]+/','', $parameter ); Plugin developer either not support versions prior to 1.3.9 or need to add their own plugin version. I often use the same variable name for GET and POST for something like "what operation" is being performed. Sometimes you have links which trigger an operation but in the same application there may be a form. I have been using $op to indicate the operation (add/delete/edit etc ...) and use code like this: if (isset($HTTP_POST_VARS['op']) ) { $op = clubApplyFilter($HTTP_POST_VARS['op']); } elseif (isset($HTTP_GET_VARS['op']) ) { $op = clubApplyFilter($HTTP_GET_VARS['op']); } else { $op = ''; } I first check the POST for a request and then the GET string. This is a repeatitive piece of code as I may have other common used variables like recid, mode, page, sortoption etc. Example: Page navigation needs to pass page# and Sort options in the URL string but I also need to pass these variable in forms if I want to return the user to same view. I have been thinking, it would be nice to be have a common function that would filter all the POST and GET vars. It is possible to walk the arrays and maybe send it a list of variables to clean - using array_walk(). Cheers, Blaine From dirk at haun-online.de Thu Feb 26 17:16:38 2004 From: dirk at haun-online.de (Dirk Haun) Date: Thu, 26 Feb 2004 23:16:38 +0100 Subject: [geeklog-devel] How to use COM_applyFilter In-Reply-To: <006e01c3fc9a$ff9abd00$650a10ac@XPBL2> References: <006e01c3fc9a$ff9abd00$650a10ac@XPBL2> Message-ID: <20040226221638.4367@smtp.haun-online.de> Blaine, >The other purpose I had was a stronger version that only allowed "letters >and numbers" > $p = preg_replace('/^[^(0-9a-zA-Z)]+/','', $parameter ); That may make sense. We should review some of the "freedoms" that Geeklog is giving users for 1.3.10 anyway. E.g. user names (we've discussed this one before, I remember) or topic IDs. >if (isset($HTTP_POST_VARS['op']) ) { > $op = clubApplyFilter($HTTP_POST_VARS['op']); >} elseif (isset($HTTP_GET_VARS['op']) ) { > $op = clubApplyFilter($HTTP_GET_VARS['op']); >} else { > $op = ''; >} I was actually discouraging the use of this in my writings. Although it probably makes sense to do this for one parameter (the mode of operation, as in your example) and then, depending on that mode parameter, get the other parameters ONLY from the array they are supposed to be in. I.e. something like if ($op == 'submit') { // 'submit' will always indicate a POST request $something = COM_applyFilter ($HTTP_POST_VARS['something']); } else if ($op == 'new') { $whatever = COM_applyFilter ($HTTP_GET_VARS['whatever']); } >I have been thinking, it would be nice to be have a common function that >would filter all the POST and GET vars. It is possible to walk the arrays >and maybe send it a list of variables to clean - using array_walk(). array_walk sounds useful, but I'm not sure how you would derive a common function from it. How would it know which parameters are supposed to be numeric? bye, Dirk -- http://www.haun-online.de/ http://geeklog.info/ From geeklog at langfamily.ca Thu Feb 26 17:46:18 2004 From: geeklog at langfamily.ca (Blaine Lang) Date: Thu, 26 Feb 2004 17:46:18 -0500 Subject: [geeklog-devel] How to use COM_applyFilter References: <006e01c3fc9a$ff9abd00$650a10ac@XPBL2> <20040226221638.4367@smtp.haun-online.de> Message-ID: <001b01c3fcba$58e030b0$650a10ac@XPBL2> Dirk wrote: > array_walk sounds useful, but I'm not sure how you would derive a common > function from it. How would it know which parameters are supposed to be > numeric? I was thinking we would have to pass it an array of variables and type and options. Maybe pass the array of variables by reference. Not sure - just thinking out loud. Maybe this would be better as a class. Blaine ----- Original Message ----- From: "Dirk Haun" To: Sent: Thursday, February 26, 2004 5:16 PM Subject: Re: [geeklog-devel] How to use COM_applyFilter > Blaine, > > >The other purpose I had was a stronger version that only allowed "letters > >and numbers" > > $p = preg_replace('/^[^(0-9a-zA-Z)]+/','', $parameter ); > > That may make sense. We should review some of the "freedoms" that Geeklog > is giving users for 1.3.10 anyway. E.g. user names (we've discussed this > one before, I remember) or topic IDs. > > > >if (isset($HTTP_POST_VARS['op']) ) { > > $op = clubApplyFilter($HTTP_POST_VARS['op']); > >} elseif (isset($HTTP_GET_VARS['op']) ) { > > $op = clubApplyFilter($HTTP_GET_VARS['op']); > >} else { > > $op = ''; > >} > > I was actually discouraging the use of this in my writings. Although it > probably makes sense to do this for one parameter (the mode of operation, > as in your example) and then, depending on that mode parameter, get the > other parameters ONLY from the array they are supposed to be in. I.e. > something like > > if ($op == 'submit') { > // 'submit' will always indicate a POST request > $something = COM_applyFilter ($HTTP_POST_VARS['something']); > } else if ($op == 'new') { > $whatever = COM_applyFilter ($HTTP_GET_VARS['whatever']); > } > > > >I have been thinking, it would be nice to be have a common function that > >would filter all the POST and GET vars. It is possible to walk the arrays > >and maybe send it a list of variables to clean - using array_walk(). > > array_walk sounds useful, but I'm not sure how you would derive a common > function from it. How would it know which parameters are supposed to be > numeric? > > bye, Dirk > > > -- > http://www.haun-online.de/ > http://geeklog.info/ > > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://lists.geeklog.net/listinfo/geeklog-devel From tony at tonybibbs.com Fri Feb 27 09:48:40 2004 From: tony at tonybibbs.com (Tony Bibbs) Date: Fri, 27 Feb 2004 08:48:40 -0600 Subject: [geeklog-devel] Re: [geeklog-users] An SQL error has occured In-Reply-To: <403F5195.6090601@linsoftlabs.com> References: <403E0B8D.40608@sympatico.ca> <403E3BAF.3090306@tonybibbs.com> <1077842668.403e92ece792b@webmail.lecielbleu.net> <403EB616.1040504@linsoftlabs.com> <403F4F39.8060609@tonybibbs.com> <403F5195.6090601@linsoftlabs.com> Message-ID: <403F58C8.5070002@tonybibbs.com> Ah, good catch. I read through too quick. Anyway, the thing that annoys me most about Geeklog right now is the fact that topic ID's are text-based instead of numeric values and, unlike most other primary keys in Geeklog, these you can key in yourself. This is simply bad legacy code from Geeklog's days of infancy. Report this as a bug to http://project.geeklog.net/ and we'll need to finally make this a priority and get it working right. I'm cc'ing this to the geeklog-devel list to be sure it gets seen by the entire crew. Again, if you decide to look into this yourself, any help is appreciated. The fix would need to occur in admin/topic.php most likely. --Tony Chris Besignano wrote: > I am not using the Journal Plugin. Just staight-up geeklog. The topic I > was creating just happened to include the word Journal. > > Tony Bibbs wrote: > >> Again, note that the *fix* will happen in the journal plugin's code. >> If you find it and fix it please send the fix to >> geeklog-devtalk at lists.geeklog.net. Thanks for looking into this... >> >> --Tony >> >> Chris Besignano wrote: >> >>> I realized why the error occured but was unable to resolve the issue. >>> Geeklog simply locked up and kept returning the SQL error no matter >>> which page I accessed. I agree that this is something that should be >>> validated. It shouldn't be much work to make it happen, maybe I'll >>> poke at it this weekend and add some validation code. Who do I send >>> my changes to? >>> >>> Chris Besignano >>> >>> Drago Goricanec wrote: >>> >>>> This is something geeklog should protect against. Either escape the >>>> data, or >>>> validate it prior to injecting it into SQL. If there are plans to do >>>> this in a >>>> future version that's fine, but I don't think it's reasonable for >>>> geeklog to >>>> expect users to provide it with valid data. >>>> >>>> The other thing I would suggest is that either we always use POST >>>> methods, or >>>> encrypt and sign the arguments generated in a GET method to avoid >>>> either >>>> replaying or injecting bad data to geeklog. Nevertheless, all data >>>> should be >>>> validated/sanitized prior to use. >>>> >>>> regards, >>>> Drago >>>> >>>> Quoting Tony Bibbs : >>>> >>>> >>>> >>>>> the problem is the journal name has a single quote (') in it. >>>>> Change "Chris' Journal" to "Chris Journal" and all would be well. >>>>> >>>>> --Tony >>>>> >>>>> Chris Besignano wrote: >>>>> >>>>> >>>>>> Hello, >>>>>> >>>>>> I am runnning geeklog 1.3.8-lsr4 on linux. I attempted to add a >>>>>> new topic, but left a space in the topic id. Now I get this SQL >>>>>> error and cannot access any part of the site. What can I do to >>>>>> recover from this? Below is a section of my error log. >>>>>> >>>>>> >>>>>> Thu Feb 26 09:51:31 2004 - 1064: You have an error in your SQL >>>>>> syntax near 'Journal')' at line 1. SQL in question: SELECT >>>>>> count(*) AS count FROM gl_stories WHERE (draft_flag = 0) AND (date >>>>>> <= NOW()) AND (tid = 'Chris'Journal') >>>>>> Thu Feb 26 09:51:46 2004 - 1064: You have an error in your SQL >>>>>> syntax near 'Journal')' at line 1. SQL in question: SELECT >>>>>> count(*) AS count FROM gl_stories WHERE (draft_flag = 0) AND (date >>>>>> <= NOW()) AND (tid = 'Chris'Journal') >>>>>> Thu Feb 26 09:51:52 2004 - 1064: You have an error in your SQL >>>>>> syntax near 'Journal')' at line 1. SQL in question: SELECT >>>>>> count(*) AS count FROM gl_stories WHERE (draft_flag = 0) AND (date >>>>>> <= NOW()) AND (tid = 'Chris'Journal') >>>>>> Thu Feb 26 09:51:56 2004 - 1064: You have an error in your SQL >>>>>> syntax near 'Journal')' at line 1. SQL in question: SELECT >>>>>> count(*) AS count FROM gl_stories WHERE (draft_flag = 0) AND (date >>>>>> <= NOW()) AND (tid = 'Chris'Journal') >>>>>> >>>>>> _______________________________________________ >>>>>> geeklog-users mailing list >>>>>> geeklog-users at lists.geeklog.net >>>>>> http://lists.geeklog.net/listinfo/geeklog-users >>>>>> >>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> geeklog-users mailing list >>>>> geeklog-users at lists.geeklog.net >>>>> http://lists.geeklog.net/listinfo/geeklog-users >>>>> >>>>> >>>> >>>> >>>> >>>> >>>> >>>> _______________________________________________ >>>> geeklog-users mailing list >>>> geeklog-users at lists.geeklog.net >>>> http://lists.geeklog.net/listinfo/geeklog-users >>>> >>>> >>>> >>> >>> _______________________________________________ >>> geeklog-users mailing list >>> geeklog-users at lists.geeklog.net >>> http://lists.geeklog.net/listinfo/geeklog-users >> >> >> _______________________________________________ >> geeklog-users mailing list >> geeklog-users at lists.geeklog.net >> http://lists.geeklog.net/listinfo/geeklog-users >> > > _______________________________________________ > geeklog-users mailing list > geeklog-users at lists.geeklog.net > http://lists.geeklog.net/listinfo/geeklog-users From tony at tonybibbs.com Fri Feb 27 16:58:45 2004 From: tony at tonybibbs.com (Tony Bibbs) Date: Fri, 27 Feb 2004 15:58:45 -0600 Subject: [geeklog-devel] How to use COM_applyFilter In-Reply-To: <001b01c3fcba$58e030b0$650a10ac@XPBL2> References: <006e01c3fc9a$ff9abd00$650a10ac@XPBL2> <20040226221638.4367@smtp.haun-online.de> <001b01c3fcba$58e030b0$650a10ac@XPBL2> Message-ID: <403FBD95.4090201@tonybibbs.com> FWIW, I think that we should not necessarily insist that plugin authors require the minimum level of the PHP version that Geeklog does. Specifically, I mean the use of $_REQUEST should be encouraged. Also, I think that if we aren't encouraging the coding style required to eliminate the requiring of register_globals = ON then we should be slapped. Specifically plugins/developer.README and docs/plugin.html should point to Geeklog coding standards as well as how to prevent injection attempts. To that end, Dirk, I assume you will like both of those documents to your proposed COM_applyFilter documentation (which si great by the way). My main point is that my hopes is that after a year of being complete vaporware, my hopes are to have GL2 to a point where a semi-working alpha release can be made in the first half of '04 to encourage that plugin authors try their hand at making their work GL2 compatible (no small feat) and to that end we should encourage the coding practices we would want in this new world. Done rambling... --Tony Blaine Lang wrote: > Dirk wrote: > >>array_walk sounds useful, but I'm not sure how you would derive a common >>function from it. How would it know which parameters are supposed to be >>numeric? > > > I was thinking we would have to pass it an array of variables and type and > options. Maybe pass the array of variables by reference. Not sure - just > thinking out loud. Maybe this would be better as a class. > > Blaine > > ----- Original Message ----- > From: "Dirk Haun" > To: > Sent: Thursday, February 26, 2004 5:16 PM > Subject: Re: [geeklog-devel] How to use COM_applyFilter > > > >>Blaine, >> >> >>>The other purpose I had was a stronger version that only allowed "letters >>>and numbers" >>> $p = preg_replace('/^[^(0-9a-zA-Z)]+/','', $parameter ); >> >>That may make sense. We should review some of the "freedoms" that Geeklog >>is giving users for 1.3.10 anyway. E.g. user names (we've discussed this >>one before, I remember) or topic IDs. >> >> >> >>>if (isset($HTTP_POST_VARS['op']) ) { >>> $op = clubApplyFilter($HTTP_POST_VARS['op']); >>>} elseif (isset($HTTP_GET_VARS['op']) ) { >>> $op = clubApplyFilter($HTTP_GET_VARS['op']); >>>} else { >>> $op = ''; >>>} >> >>I was actually discouraging the use of this in my writings. Although it >>probably makes sense to do this for one parameter (the mode of operation, >>as in your example) and then, depending on that mode parameter, get the >>other parameters ONLY from the array they are supposed to be in. I.e. >>something like >> >> if ($op == 'submit') { >> // 'submit' will always indicate a POST request >> $something = COM_applyFilter ($HTTP_POST_VARS['something']); >> } else if ($op == 'new') { >> $whatever = COM_applyFilter ($HTTP_GET_VARS['whatever']); >> } >> >> >> >>>I have been thinking, it would be nice to be have a common function that >>>would filter all the POST and GET vars. It is possible to walk the arrays >>>and maybe send it a list of variables to clean - using array_walk(). >> >>array_walk sounds useful, but I'm not sure how you would derive a common >>function from it. How would it know which parameters are supposed to be >>numeric? >> >>bye, Dirk >> >> >>-- >>http://www.haun-online.de/ >>http://geeklog.info/ >> >>_______________________________________________ >>geeklog-devel mailing list >>geeklog-devel at lists.geeklog.net >>http://lists.geeklog.net/listinfo/geeklog-devel > > > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://lists.geeklog.net/listinfo/geeklog-devel From dirk at haun-online.de Sat Feb 28 09:28:34 2004 From: dirk at haun-online.de (Dirk Haun) Date: Sat, 28 Feb 2004 15:28:34 +0100 Subject: [geeklog-devel] geeklog.net updated Message-ID: <20040228142835.1082@smtp.haun-online.de> geeklog.net is now running on the latest CVS version, including Vinny's recent comment changes. Please report any problems you may come across. I'm only waiting for Vinny's attempts at fixing a problem with the What's Related block now and expect 1.3.9rc2 to be ready by tomorrow or Monday. bye, Dirk -- http://www.haun-online.de/ http://www.macosx-faq.de/ From dirk at haun-online.de Sat Feb 28 13:12:46 2004 From: dirk at haun-online.de (Dirk Haun) Date: Sat, 28 Feb 2004 19:12:46 +0100 Subject: [geeklog-devel] How to use COM_applyFilter In-Reply-To: <403FBD95.4090201@tonybibbs.com> References: <403FBD95.4090201@tonybibbs.com> Message-ID: <20040228181246.17381@smtp.haun-online.de> Tony, >Specifically plugins/developer.README and docs/plugin.html >should point to Geeklog coding standards as well as how to prevent >injection attempts. To that end, Dirk, I assume you will like both of >those documents to your proposed COM_applyFilter documentation Those two documents are more or less the same, though. With the difference that docs/plugin.html is up to date while plugins/ developer.README is not ... But plugin.html is much too short and basically only lists the API functions. Ideally, it should be replaced with the Plugin Developer Guide by Tom and Blaine (which, unfortunately, only describes the API up until 1.3.7). We had a volunteer (Wim Niemans) over in geeklog-devtalk to bring it up to date, though. We'll see ... bye, Dirk -- http://www.haun-online.de/ http://www.macosx-faq.de/ From geeklog at langfamily.ca Sat Feb 28 13:49:10 2004 From: geeklog at langfamily.ca (Blaine Lang) Date: Sat, 28 Feb 2004 13:49:10 -0500 Subject: [geeklog-devel] geeklog.net updated References: <20040228142835.1082@smtp.haun-online.de> Message-ID: <001001c3fe2b$8d4b0a60$650a10ac@XPBL2> The nested view is working on IE 6 now ok. I noticed a problem with trying to change the commend view mode for polls. It won't accept any changes - logged in or anonymous. Comments in Stories and for the filemgmt Plugin worked ok. Blaine ----- Original Message ----- From: "Dirk Haun" To: Sent: Saturday, February 28, 2004 9:28 AM Subject: [geeklog-devel] geeklog.net updated > geeklog.net is now running on the latest CVS version, including Vinny's > recent comment changes. Please report any problems you may come across. > > I'm only waiting for Vinny's attempts at fixing a problem with the What's > Related block now and expect 1.3.9rc2 to be ready by tomorrow or Monday. > > bye, Dirk > > > -- > http://www.haun-online.de/ > http://www.macosx-faq.de/ > > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://lists.geeklog.net/listinfo/geeklog-devel From dirk at haun-online.de Sat Feb 28 16:45:20 2004 From: dirk at haun-online.de (Dirk Haun) Date: Sat, 28 Feb 2004 22:45:20 +0100 Subject: [geeklog-devel] geeklog.net updated In-Reply-To: <001001c3fe2b$8d4b0a60$650a10ac@XPBL2> References: <001001c3fe2b$8d4b0a60$650a10ac@XPBL2> Message-ID: <20040228214520.32335@smtp.haun-online.de> Blaine, >I noticed a problem with trying to change the commend view mode for polls. >It won't accept any changes - logged in or anonymous. Vinny and myself did a little "live" debugging on geeklog.net :-) It should work now. Any other comment problems, anyone? bye, Dirk -- http://www.haun-online.de/ http://www.haun.info/