From dirk at haun-online.de  Tue Feb  1 16:28:43 2005
From: dirk at haun-online.de (Dirk Haun)
Date: Tue, 1 Feb 2005 22:28:43 +0100
Subject: [geeklog-devel] Interview with a comment spammer
Message-ID: <20050201212843.23852@smtp.haun-online.de>

FYI: <http://www.theregister.co.uk/2005/01/31/link_spamer_interview/>

Nothing too surprising here.

However, this part:

| They usually target comments to old posts, so they won't show up to
| people reading the latest ones, though search engine spiders will spot
| them and index them.

... reminded me that I have here a half-finished patch that automatically
blocks comments to stories after a certain time, provided by a Geeklog
user. So, after say, 14 days, users can't comment on a story any more,
but the admin still can.

That patch actually worked but there was a problem with the permissions
for the admin override (a poll admin should be able to post a comment on
a poll, etc.). And, of course, it was against the old code, before
Vinny's recent changes.

Vinny, should I dig it out and/or contact the submitter? Or is this
something you'd be interested to do yourself?

bye, Dirk


-- 
http://www.haun-online.de/
http://www.handful-of-sparks.de/



From vfuria at gmail.com  Tue Feb  1 16:43:55 2005
From: vfuria at gmail.com (Vincent Furia)
Date: Tue, 1 Feb 2005 16:43:55 -0500
Subject: [geeklog-devel] Interview with a comment spammer
In-Reply-To: <20050201212843.23852@smtp.haun-online.de>
References: <20050201212843.23852@smtp.haun-online.de>
Message-ID: <8319e2d60502011343390f9dfc@mail.gmail.com>

If the code is already written, and is still usable after the recent
updates, I see no reason not to use it.  But if it looks like too much
trouble to forward port let me know and I can take a look at it.

-Vinny


On Tue, 1 Feb 2005 22:28:43 +0100, Dirk Haun <dirk at haun-online.de> wrote:
> FYI: <http://www.theregister.co.uk/2005/01/31/link_spamer_interview/>
> 
> Nothing too surprising here.
> 
> However, this part:
> 
> | They usually target comments to old posts, so they won't show up to
> | people reading the latest ones, though search engine spiders will spot
> | them and index them.
> 
> ... reminded me that I have here a half-finished patch that automatically
> blocks comments to stories after a certain time, provided by a Geeklog
> user. So, after say, 14 days, users can't comment on a story any more,
> but the admin still can.
> 
> That patch actually worked but there was a problem with the permissions
> for the admin override (a poll admin should be able to post a comment on
> a poll, etc.). And, of course, it was against the old code, before
> Vinny's recent changes.
> 
> Vinny, should I dig it out and/or contact the submitter? Or is this
> something you'd be interested to do yourself?
> 
> bye, Dirk
> 
> --
> http://www.haun-online.de/
> http://www.handful-of-sparks.de/
> 
> _______________________________________________
> geeklog-devel mailing list
> geeklog-devel at lists.geeklog.net
> http://lists.geeklog.net/listinfo/geeklog-devel
>


From tony at tonybibbs.com  Wed Feb  2 19:39:21 2005
From: tony at tonybibbs.com (Tony Bibbs)
Date: Wed, 02 Feb 2005 18:39:21 -0600
Subject: [geeklog-devel] sid or auto increment in gl2?
Message-ID: <420172B9.90408@tonybibbs.com>

Vinny brought up a really good point worth a good review before we just 
run with it.  The current GL2 model has the item table with a 
auto_increment PK.  It was suggested by Vinny that many may prefer the 
1.3.x method of using timestamps as it more obscure (security by 
security anyone?)

There are two thoughts, one is that security by obscurity is a better 
route.  The other is that the item-level security in GL2 should make it 
so that if people guess the id because it was autoincremented, it 
wouldn't let them have access unless they truly should.

My only issue against the timestamp is that GL2 was hoping to support 
multiple web servers and this could introduce some PK contention in that 
case.  The auto_increment field would eliminate the risk of that.

So that said, any additional arguments one way or another?  Any preferences?

--Tony


From vfuria at gmail.com  Wed Feb  2 22:57:04 2005
From: vfuria at gmail.com (Vincent Furia)
Date: Wed, 2 Feb 2005 22:57:04 -0500
Subject: [geeklog-devel] sid or auto increment in gl2?
In-Reply-To: <420172B9.90408@tonybibbs.com>
References: <420172B9.90408@tonybibbs.com>
Message-ID: <8319e2d605020219574c78f051@mail.gmail.com>

Why not use the autoincrement as a primary key, and have an "id"
similar to 1.3.x for accessing an item?  The key would be used
internally for joining tables, etc, but the 'id' (which would default
to some random value, but could be user assignable (and unique)) could
be used for external (i.e. user) access to the item.

Sorry Tony, I meant to add that suggestion to the email I originally
sent to you, but looking back I realize I left that off.

-Vinny


On Wed, 02 Feb 2005 18:39:21 -0600, Tony Bibbs <tony at tonybibbs.com> wrote:
> Vinny brought up a really good point worth a good review before we just
> run with it.  The current GL2 model has the item table with a
> auto_increment PK.  It was suggested by Vinny that many may prefer the
> 1.3.x method of using timestamps as it more obscure (security by
> security anyone?)
> 
> There are two thoughts, one is that security by obscurity is a better
> route.  The other is that the item-level security in GL2 should make it
> so that if people guess the id because it was autoincremented, it
> wouldn't let them have access unless they truly should.
> 
> My only issue against the timestamp is that GL2 was hoping to support
> multiple web servers and this could introduce some PK contention in that
> case.  The auto_increment field would eliminate the risk of that.
> 
> So that said, any additional arguments one way or another?  Any preferences?
> 
> --Tony
> _______________________________________________
> geeklog-devel mailing list
> geeklog-devel at lists.geeklog.net
> http://lists.geeklog.net/listinfo/geeklog-devel
>


From tony at tonybibbs.com  Thu Feb  3 10:00:54 2005
From: tony at tonybibbs.com (Tony Bibbs)
Date: Thu, 03 Feb 2005 09:00:54 -0600
Subject: [geeklog-devel] sid or auto increment in gl2?
In-Reply-To: <8319e2d605020219574c78f051@mail.gmail.com>
References: <420172B9.90408@tonybibbs.com> <8319e2d605020219574c78f051@mail.gmail.com>
Message-ID: <42023CA6.5050208@tonybibbs.com>

Perfect middle ground.  I will update the schema and 'make it so'.

--Tony

Vincent Furia wrote:

>Why not use the autoincrement as a primary key, and have an "id"
>similar to 1.3.x for accessing an item?  The key would be used
>internally for joining tables, etc, but the 'id' (which would default
>to some random value, but could be user assignable (and unique)) could
>be used for external (i.e. user) access to the item.
>
>Sorry Tony, I meant to add that suggestion to the email I originally
>sent to you, but looking back I realize I left that off.
>
>-Vinny
>
>
>On Wed, 02 Feb 2005 18:39:21 -0600, Tony Bibbs <tony at tonybibbs.com> wrote:
>  
>
>>Vinny brought up a really good point worth a good review before we just
>>run with it.  The current GL2 model has the item table with a
>>auto_increment PK.  It was suggested by Vinny that many may prefer the
>>1.3.x method of using timestamps as it more obscure (security by
>>security anyone?)
>>
>>There are two thoughts, one is that security by obscurity is a better
>>route.  The other is that the item-level security in GL2 should make it
>>so that if people guess the id because it was autoincremented, it
>>wouldn't let them have access unless they truly should.
>>
>>My only issue against the timestamp is that GL2 was hoping to support
>>multiple web servers and this could introduce some PK contention in that
>>case.  The auto_increment field would eliminate the risk of that.
>>
>>So that said, any additional arguments one way or another?  Any preferences?
>>
>>--Tony
>>_______________________________________________
>>geeklog-devel mailing list
>>geeklog-devel at lists.geeklog.net
>>http://lists.geeklog.net/listinfo/geeklog-devel
>>
>>    
>>
>_______________________________________________
>geeklog-devel mailing list
>geeklog-devel at lists.geeklog.net
>http://lists.geeklog.net/listinfo/geeklog-devel
>  
>



From dwight at trumbower.com  Thu Feb  3 10:10:39 2005
From: dwight at trumbower.com (Dwight Trumbower)
Date: Thu, 3 Feb 2005 09:10:39 -0600 (CST)
Subject: [geeklog-devel] sid or auto increment in gl2?
In-Reply-To: <42023CA6.5050208@tonybibbs.com>
References: <420172B9.90408@tonybibbs.com>
    <8319e2d605020219574c78f051@mail.gmail.com>
    <42023CA6.5050208@tonybibbs.com>
Message-ID: <24597.192.136.16.3.1107443439.squirrel@192.136.16.3>

I'm assuming what you are really talking about is a primary key and an
index. All gl2 and plugins should use the primary key and if someone
wanted to enhance their site, they could use the index.

> Perfect middle ground.  I will update the schema and 'make it so'.
>
> --Tony
>
> Vincent Furia wrote:
>
>>Why not use the autoincrement as a primary key, and have an "id"
>>similar to 1.3.x for accessing an item?  The key would be used
>>internally for joining tables, etc, but the 'id' (which would default
>>to some random value, but could be user assignable (and unique)) could
>>be used for external (i.e. user) access to the item.
>>
>>Sorry Tony, I meant to add that suggestion to the email I originally
>>sent to you, but looking back I realize I left that off.
>>
>>-Vinny
>>
>>
>>On Wed, 02 Feb 2005 18:39:21 -0600, Tony Bibbs <tony at tonybibbs.com>
>> wrote:
>>
>>
>>>Vinny brought up a really good point worth a good review before we just
>>>run with it.  The current GL2 model has the item table with a
>>>auto_increment PK.  It was suggested by Vinny that many may prefer the
>>>1.3.x method of using timestamps as it more obscure (security by
>>>security anyone?)
>>>
>>>There are two thoughts, one is that security by obscurity is a better
>>>route.  The other is that the item-level security in GL2 should make it
>>>so that if people guess the id because it was autoincremented, it
>>>wouldn't let them have access unless they truly should.
>>>
>>>My only issue against the timestamp is that GL2 was hoping to support
>>>multiple web servers and this could introduce some PK contention in that
>>>case.  The auto_increment field would eliminate the risk of that.
>>>
>>>So that said, any additional arguments one way or another?  Any
>>> preferences?
>>>
>>>--Tony
>>>_______________________________________________
>>>geeklog-devel mailing list
>>>geeklog-devel at lists.geeklog.net
>>>http://lists.geeklog.net/listinfo/geeklog-devel
>>>
>>>
>>>
>>_______________________________________________
>>geeklog-devel mailing list
>>geeklog-devel at lists.geeklog.net
>>http://lists.geeklog.net/listinfo/geeklog-devel
>>
>>
>
> _______________________________________________
> geeklog-devel mailing list
> geeklog-devel at lists.geeklog.net
> http://lists.geeklog.net/listinfo/geeklog-devel
>


-- 
Dwight Trumbower


From tony at tonybibbs.com  Thu Feb  3 10:40:16 2005
From: tony at tonybibbs.com (Tony Bibbs)
Date: Thu, 03 Feb 2005 09:40:16 -0600
Subject: [geeklog-devel] sid or auto increment in gl2?
In-Reply-To: <24597.192.136.16.3.1107443439.squirrel@192.136.16.3>
References: <420172B9.90408@tonybibbs.com>    <8319e2d605020219574c78f051@mail.gmail.com>    <42023CA6.5050208@tonybibbs.com> <24597.192.136.16.3.1107443439.squirrel@192.136.16.3>
Message-ID: <420245E0.2080807@tonybibbs.com>

Correct.  The PK will be auto_incremented.  The 'index' would be a 
timestamp or user entered value.

--Tony

Dwight Trumbower wrote:

>I'm assuming what you are really talking about is a primary key and an
>index. All gl2 and plugins should use the primary key and if someone
>wanted to enhance their site, they could use the index.
>
>  
>
>>Perfect middle ground.  I will update the schema and 'make it so'.
>>
>>--Tony
>>
>>Vincent Furia wrote:
>>
>>    
>>
>>>Why not use the autoincrement as a primary key, and have an "id"
>>>similar to 1.3.x for accessing an item?  The key would be used
>>>internally for joining tables, etc, but the 'id' (which would default
>>>to some random value, but could be user assignable (and unique)) could
>>>be used for external (i.e. user) access to the item.
>>>
>>>Sorry Tony, I meant to add that suggestion to the email I originally
>>>sent to you, but looking back I realize I left that off.
>>>
>>>-Vinny
>>>
>>>
>>>On Wed, 02 Feb 2005 18:39:21 -0600, Tony Bibbs <tony at tonybibbs.com>
>>>wrote:
>>>
>>>
>>>      
>>>
>>>>Vinny brought up a really good point worth a good review before we just
>>>>run with it.  The current GL2 model has the item table with a
>>>>auto_increment PK.  It was suggested by Vinny that many may prefer the
>>>>1.3.x method of using timestamps as it more obscure (security by
>>>>security anyone?)
>>>>
>>>>There are two thoughts, one is that security by obscurity is a better
>>>>route.  The other is that the item-level security in GL2 should make it
>>>>so that if people guess the id because it was autoincremented, it
>>>>wouldn't let them have access unless they truly should.
>>>>
>>>>My only issue against the timestamp is that GL2 was hoping to support
>>>>multiple web servers and this could introduce some PK contention in that
>>>>case.  The auto_increment field would eliminate the risk of that.
>>>>
>>>>So that said, any additional arguments one way or another?  Any
>>>>preferences?
>>>>
>>>>--Tony
>>>>_______________________________________________
>>>>geeklog-devel mailing list
>>>>geeklog-devel at lists.geeklog.net
>>>>http://lists.geeklog.net/listinfo/geeklog-devel
>>>>
>>>>
>>>>
>>>>        
>>>>
>>>_______________________________________________
>>>geeklog-devel mailing list
>>>geeklog-devel at lists.geeklog.net
>>>http://lists.geeklog.net/listinfo/geeklog-devel
>>>
>>>
>>>      
>>>
>>_______________________________________________
>>geeklog-devel mailing list
>>geeklog-devel at lists.geeklog.net
>>http://lists.geeklog.net/listinfo/geeklog-devel
>>
>>    
>>
>
>
>  
>



From dirk at haun-online.de  Thu Feb  3 16:57:05 2005
From: dirk at haun-online.de (Dirk Haun)
Date: Thu, 3 Feb 2005 22:57:05 +0100
Subject: [geeklog-devel] Remote authentication
Message-ID: <20050203215705.12776@smtp.haun-online.de>

Just checking:

Is anyone following the discussion about remote authentication over on
geeklog-devtalk? Any input from the GL2 perspective?

bye, Dirk


-- 
http://www.haun-online.de/
http://www.macosx-faq.de/



From tony at tonybibbs.com  Thu Feb  3 21:45:35 2005
From: tony at tonybibbs.com (Tony Bibbs)
Date: Thu, 03 Feb 2005 20:45:35 -0600
Subject: [geeklog-devel] Remote authentication
In-Reply-To: <20050203215705.12776@smtp.haun-online.de>
References: <20050203215705.12776@smtp.haun-online.de>
Message-ID: <4202E1CF.1020608@tonybibbs.com>

Well, the GL2 framework makes it easy to snap in custom authentication.  
We also have Auth_Enteripse which does just this.  It's a much more 
robust (and complicated) method of remote authentication.  It won't be 
included in Gl2 by default, though, the Auth_Enterprise client will be 
included by default.

All the Auth_Enterprise code is PHP5 which is why I haven't said much.  
If you wanted to do something like this in PHP4 and 1.3.x, feel free to 
look at what I have for Account Managers in CVS...wouldn't be too hard 
to rewrite.

--Tony

Dirk Haun wrote:

>Just checking:
>
>Is anyone following the discussion about remote authentication over on
>geeklog-devtalk? Any input from the GL2 perspective?
>
>bye, Dirk
>
>
>  
>



From tony at tonybibbs.com  Thu Feb  3 22:00:37 2005
From: tony at tonybibbs.com (Tony Bibbs)
Date: Thu, 03 Feb 2005 21:00:37 -0600
Subject: [geeklog-devel] Remote authentication
In-Reply-To: <4202E1CF.1020608@tonybibbs.com>
References: <20050203215705.12776@smtp.haun-online.de> <4202E1CF.1020608@tonybibbs.com>
Message-ID: <4202E555.8090201@tonybibbs.com>

Clarification below.

Tony Bibbs wrote:

> Well, the GL2 framework makes it easy to snap in custom 
> authentication.  We also have Auth_Enteripse which does just this.  
> It's a much more robust (and complicated) method of remote 
> authentication.  It won't be included in Gl2 by default, though, the 
> Auth_Enterprise client will be included by default.
>
> All the Auth_Enterprise code is PHP5 which is why I haven't said 
> much.  If you wanted to do something like this in PHP4 and 1.3.x, feel 
> free to look at what I have for Account Managers in CVS...wouldn't be 
> too hard to rewrite.

I'm not implying to rewrite the Auth_Enterprise code at all.  Rather, I 
was suggesting the current method in CVS for GL2 is pretty clean (and 
simple) for separating out the authentication stuff. 

--Tony


From vfuria at gmail.com  Thu Feb  3 23:29:57 2005
From: vfuria at gmail.com (Vincent Furia)
Date: Thu, 3 Feb 2005 23:29:57 -0500
Subject: [geeklog-devel] Dynamic Comments...
In-Reply-To: <41FE9893.5080500@creatype.nl>
References: <8319e2d60501301551495082d9@mail.gmail.com>
	 <20050131200010.25528@smtp.haun-online.de>
	 <8319e2d6050131121241e8e4a@mail.gmail.com>
	 <41FE9893.5080500@creatype.nl>
Message-ID: <8319e2d605020320297a4934f@mail.gmail.com>

On Mon, 31 Jan 2005 21:44:03 +0100, Niels Leenheer <niels at creatype.nl> wrote:
> However, I can see a couple of problems with the code you are currently
> using.
> 
> First of all, you are using a single XMLHttpRequest object without
> protecting
> it from being called more than once. As a result it is possible to
> interrupt an
> ongoing request. Try clicking on quickly on multiple triangles after
> each other,
> without waiting for one to finish loading. Only the request clicked on
> last will
> be honoured, the other ones will be 'loading' indefinately.
> 
This was a big problem, I didn't quite use the solution you suggested
(I couldn't quite get it to work), but I did (if I may say so) a
ingenous little workaround.

> 
> Secondly, there is a bug in the XMLHttpRequest implementation of Opera,
> which basically requeres and extra check inside the onreadystatechange
> function, otherwise it will be called multiple times after each other,
> but only the first time with the proper responseText.
> 
OK, changed the code around to account for this.  Hopefully it will
work with Opera now.

Thanks for all the suggestions Niels.  Anyone else see any problems
(http://vfuria.dyndns.org:8080/article.php?story=geeklog-1.3.10rc2&mode=dynamic#comments)

Thanks,
Vinny


From geeklog at langfamily.ca  Fri Feb  4 00:07:51 2005
From: geeklog at langfamily.ca (Blaine Lang)
Date: Fri, 4 Feb 2005 00:07:51 -0500
Subject: [geeklog-devel] Dynamic Comments...
References: <8319e2d60501301551495082d9@mail.gmail.com> <20050131200010.25528@smtp.haun-online.de> <8319e2d6050131121241e8e4a@mail.gmail.com> <41FE9893.5080500@creatype.nl> <8319e2d605020320297a4934f@mail.gmail.com>
Message-ID: <000901c50a77$7a3cd440$650a10ac@XPBL2>

This is real a neat feature Vinny - nice work.
I like the fact that now I can collapse it again once I view the comment.

Do you have any code that you can send me or direct me to better understand 
how this is being done.
I see immediate use for this in some of my projects.

Blaine
----- Original Message ----- 
From: "Vincent Furia" <vfuria at gmail.com>
To: <geeklog-devel at lists.geeklog.net>
Sent: Thursday, February 03, 2005 11:29 PM
Subject: Re: [geeklog-devel] Dynamic Comments...


On Mon, 31 Jan 2005 21:44:03 +0100, Niels Leenheer <niels at creatype.nl> 
wrote:
> However, I can see a couple of problems with the code you are currently
> using.
>
> First of all, you are using a single XMLHttpRequest object without
> protecting
> it from being called more than once. As a result it is possible to
> interrupt an
> ongoing request. Try clicking on quickly on multiple triangles after
> each other,
> without waiting for one to finish loading. Only the request clicked on
> last will
> be honoured, the other ones will be 'loading' indefinately.
>
This was a big problem, I didn't quite use the solution you suggested
(I couldn't quite get it to work), but I did (if I may say so) a
ingenous little workaround.

>
> Secondly, there is a bug in the XMLHttpRequest implementation of Opera,
> which basically requeres and extra check inside the onreadystatechange
> function, otherwise it will be called multiple times after each other,
> but only the first time with the proper responseText.
>
OK, changed the code around to account for this.  Hopefully it will
work with Opera now.

Thanks for all the suggestions Niels.  Anyone else see any problems
(http://vfuria.dyndns.org:8080/article.php?story=geeklog-1.3.10rc2&mode=dynamic#comments)

Thanks,
Vinny
_______________________________________________
geeklog-devel mailing list
geeklog-devel at lists.geeklog.net
http://lists.geeklog.net/listinfo/geeklog-devel 



From dwight at trumbower.com  Fri Feb  4 00:59:53 2005
From: dwight at trumbower.com (Dwight Trumbower)
Date: Thu, 03 Feb 2005 23:59:53 -0600
Subject: [geeklog-devel] Time flys
In-Reply-To: <20050122134831.16890@smtp.haun-online.de>
References: <20050122134831.16890@smtp.haun-online.de>
Message-ID: <42030F59.609@trumbower.com>

Sorry Tony for not responding to the database questions. I just glanced 
at all the emails since 12/1/04. I will try to look at the ddl this 
week. You might need to kick me a few more times.


From vfuria at gmail.com  Fri Feb  4 09:06:01 2005
From: vfuria at gmail.com (Vincent Furia)
Date: Fri, 4 Feb 2005 09:06:01 -0500
Subject: [geeklog-devel] Dynamic Comments...
In-Reply-To: <000901c50a77$7a3cd440$650a10ac@XPBL2>
References: <8319e2d60501301551495082d9@mail.gmail.com>
	 <20050131200010.25528@smtp.haun-online.de>
	 <8319e2d6050131121241e8e4a@mail.gmail.com>
	 <41FE9893.5080500@creatype.nl>
	 <8319e2d605020320297a4934f@mail.gmail.com>
	 <000901c50a77$7a3cd440$650a10ac@XPBL2>
Message-ID: <8319e2d60502040606d4be256@mail.gmail.com>

Blaine,

I'll be checking it all into CVS soon.

Current ToDo List for dynamic comments:
* get new images that better match the professional theme (Simon?  Anyone?)
* create a $_CONF variable to disable dynamic comments and implement
the disable in the code

-Vinny

On Fri, 4 Feb 2005 00:07:51 -0500, Blaine Lang <geeklog at langfamily.ca> wrote:
> This is real a neat feature Vinny - nice work.
> I like the fact that now I can collapse it again once I view the comment.
> 
> Do you have any code that you can send me or direct me to better understand
> how this is being done.
> I see immediate use for this in some of my projects.
> 
> Blaine
> ----- Original Message -----
> From: "Vincent Furia" <vfuria at gmail.com>
> To: <geeklog-devel at lists.geeklog.net>
> Sent: Thursday, February 03, 2005 11:29 PM
> Subject: Re: [geeklog-devel] Dynamic Comments...
> 
> On Mon, 31 Jan 2005 21:44:03 +0100, Niels Leenheer <niels at creatype.nl>
> wrote:
> > However, I can see a couple of problems with the code you are currently
> > using.
> >
> > First of all, you are using a single XMLHttpRequest object without
> > protecting
> > it from being called more than once. As a result it is possible to
> > interrupt an
> > ongoing request. Try clicking on quickly on multiple triangles after
> > each other,
> > without waiting for one to finish loading. Only the request clicked on
> > last will
> > be honoured, the other ones will be 'loading' indefinately.
> >
> This was a big problem, I didn't quite use the solution you suggested
> (I couldn't quite get it to work), but I did (if I may say so) a
> ingenous little workaround.
> 
> >
> > Secondly, there is a bug in the XMLHttpRequest implementation of Opera,
> > which basically requeres and extra check inside the onreadystatechange
> > function, otherwise it will be called multiple times after each other,
> > but only the first time with the proper responseText.
> >
> OK, changed the code around to account for this.  Hopefully it will
> work with Opera now.
> 
> Thanks for all the suggestions Niels.  Anyone else see any problems
> (http://vfuria.dyndns.org:8080/article.php?story=geeklog-1.3.10rc2&mode=dynamic#comments)
> 
> Thanks,
> Vinny
> _______________________________________________
> geeklog-devel mailing list
> geeklog-devel at lists.geeklog.net
> http://lists.geeklog.net/listinfo/geeklog-devel
> 
> _______________________________________________
> geeklog-devel mailing list
> geeklog-devel at lists.geeklog.net
> http://lists.geeklog.net/listinfo/geeklog-devel
>


From tony at tonybibbs.com  Fri Feb  4 21:59:48 2005
From: tony at tonybibbs.com (Tony Bibbs)
Date: Fri, 04 Feb 2005 20:59:48 -0600
Subject: [geeklog-devel] Time flys
In-Reply-To: <42030F59.609@trumbower.com>
References: <20050122134831.16890@smtp.haun-online.de> <42030F59.609@trumbower.com>
Message-ID: <420436A4.6020505@tonybibbs.com>

Sounds good.  Don't worry, I understand.  FWIW, vinny and I have got it 
into presentable shape, though, I'm sure there is room for improvements

--Tony

Dwight Trumbower wrote:

> Sorry Tony for not responding to the database questions. I just 
> glanced at all the emails since 12/1/04. I will try to look at the ddl 
> this week. You might need to kick me a few more times.
> _______________________________________________
> geeklog-devel mailing list
> geeklog-devel at lists.geeklog.net
> http://lists.geeklog.net/listinfo/geeklog-devel




From vfuria at gmail.com  Fri Feb  4 23:13:27 2005
From: vfuria at gmail.com (Vincent Furia)
Date: Fri, 4 Feb 2005 23:13:27 -0500
Subject: [geeklog-devel] Fwd: Re: Interested in Geeklog patches?
In-Reply-To: <8319e2d605020411001251690@mail.gmail.com>
References: <20050201221635.338@smtp.haun-online.de>
	 <8319e2d605020411001251690@mail.gmail.com>
Message-ID: <8319e2d6050204201368276130@mail.gmail.com>

Oops, sent this one only to Dirk...


---------- Forwarded message ----------
From: Vincent Furia <vfuria at gmail.com>
Date: Fri, 4 Feb 2005 14:00:55 -0500
Subject: Re: Re: Interested in Geeklog patches?
To: Dirk Haun <dirk at haun-online.de>


OK... spend a few minutes looking into this patch (to stop comments
after a certain amount of time).  And...

...I'm going to have redo this patch from scratch.  It will only work
with stories, patched as is it would choke on polls and plugins.  Plus
it won't apply cleanly on top of the changes I just made to the
comment system anyway. I'll accept any recommendations on how to
handle this functionality for plugins (or should I just let plugins
handle this themselves in the new savecomment function?).

-Vinny

P.S.  I need help from at lease one plugin developer who is/will be
using the comment API to document the new API.  Anyone?  Most of the
work is done, I just need example code!

On Tue, 1 Feb 2005 23:16:35 +0100, Dirk Haun <dirk at haun-online.de> wrote:
> Vinny,
>
> Here's the original email and the patches. It's not as much as I thought
> it was - and relatively recent ...
>
> bye, Dirk
>
> ---------------- Anfang Weiterleitung ----------------
> Betreff: Re: Interested in Geeklog patches?
> Gesendet: Sonntag, 5. Dezember 2004 9:16 Uhr
> Von: Steve McInerney <steve at stedee.id.au>
> An: Dirk Haun <dirk at haun-online.de>
>
> Hi Dirk,
>
> patches attached. I've not sent the complete diff against comment.php -
> mainly as most of the diff is whitespace/indentation changes. And
> obscures the actual changes too well.
>
> I have not actually tested this against the 1.3.10 code; but it looks
> like we're running a comment.php that is very near identical to
> 1.3.10's. It was pretty much a drop in replacement.
>
> I've only recently stepped in to do some coding for this site. The lead
> programmer has been very busy lately and unable to devote as much time
> as he or we would like unfortunately.
>
> [snip]
>
> >>A speed limiter that (was backported?) helped a great deal as well.
> > I don't remember the details, but there were a few bugs with the comment
> > speed limit in earlier versions of Geeklog.
>
> Looking at the 1.3.10 code, we have the same one. And the same missing
> global declaration in savecomment. :-)
>
> Comments/Criticism's always welcome.
>
> Cheers!
>
> - Steve


From vfuria at gmail.com  Sat Feb  5 00:11:14 2005
From: vfuria at gmail.com (Vincent Furia)
Date: Sat, 5 Feb 2005 00:11:14 -0500
Subject: [geeklog-devel] Dynamic Comments...
In-Reply-To: <8319e2d60502040606d4be256@mail.gmail.com>
References: <8319e2d60501301551495082d9@mail.gmail.com>
	 <20050131200010.25528@smtp.haun-online.de>
	 <8319e2d6050131121241e8e4a@mail.gmail.com>
	 <41FE9893.5080500@creatype.nl>
	 <8319e2d605020320297a4934f@mail.gmail.com>
	 <000901c50a77$7a3cd440$650a10ac@XPBL2>
	 <8319e2d60502040606d4be256@mail.gmail.com>
Message-ID: <8319e2d605020421111bd38569@mail.gmail.com>

OK, code changes are checked in.  I'm still waiting on better
graphics, but for now the kuro5hin (scoop) graphics will work.

Please test, don't forget to update the commentmodes table (see
sql/mysql_1.3.11_1.3.12.sql)...

-Vinny


On Fri, 4 Feb 2005 09:06:01 -0500, Vincent Furia <vfuria at gmail.com> wrote:
> Blaine,
> 
> I'll be checking it all into CVS soon.
> 
> Current ToDo List for dynamic comments:
> * get new images that better match the professional theme (Simon?  Anyone?)
> * create a $_CONF variable to disable dynamic comments and implement
> the disable in the code
> 
> -Vinny
> 
> On Fri, 4 Feb 2005 00:07:51 -0500, Blaine Lang <geeklog at langfamily.ca> wrote:
> > This is real a neat feature Vinny - nice work.
> > I like the fact that now I can collapse it again once I view the comment.
> >
> > Do you have any code that you can send me or direct me to better understand
> > how this is being done.
> > I see immediate use for this in some of my projects.
> >
> > Blaine
> > ----- Original Message -----
> > From: "Vincent Furia" <vfuria at gmail.com>
> > To: <geeklog-devel at lists.geeklog.net>
> > Sent: Thursday, February 03, 2005 11:29 PM
> > Subject: Re: [geeklog-devel] Dynamic Comments...
> >
> > On Mon, 31 Jan 2005 21:44:03 +0100, Niels Leenheer <niels at creatype.nl>
> > wrote:
> > > However, I can see a couple of problems with the code you are currently
> > > using.
> > >
> > > First of all, you are using a single XMLHttpRequest object without
> > > protecting
> > > it from being called more than once. As a result it is possible to
> > > interrupt an
> > > ongoing request. Try clicking on quickly on multiple triangles after
> > > each other,
> > > without waiting for one to finish loading. Only the request clicked on
> > > last will
> > > be honoured, the other ones will be 'loading' indefinately.
> > >
> > This was a big problem, I didn't quite use the solution you suggested
> > (I couldn't quite get it to work), but I did (if I may say so) a
> > ingenous little workaround.
> >
> > >
> > > Secondly, there is a bug in the XMLHttpRequest implementation of Opera,
> > > which basically requeres and extra check inside the onreadystatechange
> > > function, otherwise it will be called multiple times after each other,
> > > but only the first time with the proper responseText.
> > >
> > OK, changed the code around to account for this.  Hopefully it will
> > work with Opera now.
> >
> > Thanks for all the suggestions Niels.  Anyone else see any problems
> > (http://vfuria.dyndns.org:8080/article.php?story=geeklog-1.3.10rc2&mode=dynamic#comments)
> >
> > Thanks,
> > Vinny
> > _______________________________________________
> > geeklog-devel mailing list
> > geeklog-devel at lists.geeklog.net
> > http://lists.geeklog.net/listinfo/geeklog-devel
> >
> > _______________________________________________
> > geeklog-devel mailing list
> > geeklog-devel at lists.geeklog.net
> > http://lists.geeklog.net/listinfo/geeklog-devel
> >
>


From dirk at haun-online.de  Sat Feb  5 05:11:04 2005
From: dirk at haun-online.de (Dirk Haun)
Date: Sat, 5 Feb 2005 11:11:04 +0100
Subject: [geeklog-devel] Dynamic Comments...
In-Reply-To: <8319e2d605020421111bd38569@mail.gmail.com>
References: <8319e2d605020421111bd38569@mail.gmail.com>
Message-ID: <20050205101104.6222@smtp.haun-online.de>

Vincent Furia wrote:

>Please test, don't forget to update the commentmodes table (see
>sql/mysql_1.3.11_1.3.12.sql)...

Thanks Vinny, working nicely.

One odd issue, though: It seems to be messing with the character set.
When I collapse a comment and expand it again, all of the German umlauts
have turned into question marks (only in that comment, the rest of the
page is fine). Any ideas?

This is with my local install. I'll upgrade geeklog.info later today and
see if I can reproduce the problem there as well.

bye, Dirk


-- 
http://www.haun-online.de/
http://mypod.de/



From dirk at haun-online.de  Sat Feb  5 08:04:31 2005
From: dirk at haun-online.de (Dirk Haun)
Date: Sat, 5 Feb 2005 14:04:31 +0100
Subject: [geeklog-devel] Dynamic Comments...
In-Reply-To: <20050205101104.6222@smtp.haun-online.de>
References: <20050205101104.6222@smtp.haun-online.de>
Message-ID: <20050205130431.16161@smtp.haun-online.de>

I wrote:

>One odd issue, though: It seems to be messing with the character set.
>When I collapse a comment and expand it again, all of the German umlauts
>have turned into question marks

The same thing is happening on geeklog.info:

<http://geeklog.info/article.php?stor
y=20020829000431524&mode=dynamic#comments>


And now for the browser compatibility test (fasten your seatbelts ...):

- The collapsing icon doesn't show up in Safari. You can expand comments,
but then the icon vanishes.

- The same thing happens in OmniWeb 5.1.

- Doesn't work at all in Mac-IE 5.2.3: The collapsing icons don't show
up; the expanding icons do show up but don't work.

- The exact same thing happens in iCab 2.9.8

- The collapsing icon doesn't show up in Opera 7.54u2 for Mac. Expanding
doesn't work (switches to "Loading ..." and stays there).

- The exact same thing happens in OmniWeb 4.5 and iCab 3.0.0 beta 227.


>From Opera, I get the following error message in the JavaScript console:

Event thread: onclick
Error:
name: TypeError
message: Statement on line 61: Expression did not evaluate to a function
object: xmlhttp.open
Backtrace:
  Line 61 of linked script http://geeklog.info/dynamic.js
    xmlhttp.open("GET", fragment_url, true);
  In unknown script
    loadFragmentInToElement("http://geeklog.info/comment.php?
mode=fetch&cid=192&full=true", "192");
  At unknown location
    {event handler trampoline}

To summarize: On the Mac, it currently only works on Gecko-based
browsers. I did use the latest versions available of those browsers (and
in some cases another, older version).

bye, Dirk

-- 
http://www.haun-online.de/
http://www.macosx-faq.de/



From vfuria at gmail.com  Sat Feb  5 15:00:43 2005
From: vfuria at gmail.com (Vincent Furia)
Date: Sat, 5 Feb 2005 15:00:43 -0500
Subject: [geeklog-devel] Dynamic Comments...
In-Reply-To: <20050205130431.16161@smtp.haun-online.de>
References: <20050205101104.6222@smtp.haun-online.de>
	 <20050205130431.16161@smtp.haun-online.de>
Message-ID: <8319e2d60502051200f373d60@mail.gmail.com>

Dirk, the reason why the collapsing icon isn't showing up is you
having anonymous comments turned off and this piece of code:

        // hide reply link from anonymous users if they can't post replies
        $hidefromanon = false;
        if( empty( $_USER['username'] ) && (( $_CONF['loginrequired'] == 1 )
                || ( $_CONF['commentsloginrequired'] == 1 ))) {
            $hidefromanon = true;
        }

        // this will hide HTML that should not be viewed in preview mode
        if( $preview || $hidefromanon ) {
            $template->set_var( 'hide_if_preview', 'style="display:none"' );
        } else {
            $template->set_var( 'hide_if_preview', '' );
        }

Hides the entire "reply to" section of code, including the collapse
image, from anonymous users when anonymous comments are disabled. 
Fixing it could be as easy as changing the theme around.  I'll look
into it a bit...

I already knew this would not work for IE < 5.5 (all versions).  I'm
not sure what is going on with Opera, can anyone with Opera for
windows check it out?

So, in summary, I think safari will probably work after we fix the
anonymous user problem, as will OmniWeb 5.1.  IE < 5.5, iCab, and old
versions of OmniWeb will probably never work as they don't support
xmlhttp.  Opera will take some looking into...

As for the character sets I have no idea what could be messing with
that... Can someone with experience with character sets and PHP take a
look for me?

Thanks,

-Vinny

On Sat, 5 Feb 2005 14:04:31 +0100, Dirk Haun <dirk at haun-online.de> wrote:
> I wrote:
> 
> >One odd issue, though: It seems to be messing with the character set.
> >When I collapse a comment and expand it again, all of the German umlauts
> >have turned into question marks
> 
> The same thing is happening on geeklog.info:
> 
> <http://geeklog.info/article.php?stor
> y=20020829000431524&mode=dynamic#comments>
> 
> And now for the browser compatibility test (fasten your seatbelts ...):
> 
> - The collapsing icon doesn't show up in Safari. You can expand comments,
> but then the icon vanishes.
> 
> - The same thing happens in OmniWeb 5.1.
> 
> - Doesn't work at all in Mac-IE 5.2.3: The collapsing icons don't show
> up; the expanding icons do show up but don't work.
> 
> - The exact same thing happens in iCab 2.9.8
> 
> - The collapsing icon doesn't show up in Opera 7.54u2 for Mac. Expanding
> doesn't work (switches to "Loading ..." and stays there).
> 
> - The exact same thing happens in OmniWeb 4.5 and iCab 3.0.0 beta 227.
> 
> From Opera, I get the following error message in the JavaScript console:
> 
> Event thread: onclick
> Error:
> name: TypeError
> message: Statement on line 61: Expression did not evaluate to a function
> object: xmlhttp.open
> Backtrace:
>   Line 61 of linked script http://geeklog.info/dynamic.js
>     xmlhttp.open("GET", fragment_url, true);
>   In unknown script
>     loadFragmentInToElement("http://geeklog.info/comment.php?
> mode=fetch&cid=192&full=true", "192");
>   At unknown location
>     {event handler trampoline}
> 
> To summarize: On the Mac, it currently only works on Gecko-based
> browsers. I did use the latest versions available of those browsers (and
> in some cases another, older version).
> 
> bye, Dirk
> 
> --
> http://www.haun-online.de/
> http://www.macosx-faq.de/
> 
> _______________________________________________
> geeklog-devel mailing list
> geeklog-devel at lists.geeklog.net
> http://lists.geeklog.net/listinfo/geeklog-devel
>


From vfuria at gmail.com  Sat Feb  5 21:16:17 2005
From: vfuria at gmail.com (Vincent Furia)
Date: Sat, 5 Feb 2005 21:16:17 -0500
Subject: [geeklog-devel] Dynamic Comments...
In-Reply-To: <8319e2d60502051200f373d60@mail.gmail.com>
References: <20050205101104.6222@smtp.haun-online.de>
	 <20050205130431.16161@smtp.haun-online.de>
	 <8319e2d60502051200f373d60@mail.gmail.com>
Message-ID: <8319e2d605020518165261875d@mail.gmail.com>

Dirk,

I just checked in some thtml files that should fix the problems you
saw with the collapse button not appearing.  (Also fixed some w3c
validation problems).

-Vinny


On Sat, 5 Feb 2005 15:00:43 -0500, Vincent Furia <vfuria at gmail.com> wrote:
> Dirk, the reason why the collapsing icon isn't showing up is you
> having anonymous comments turned off and this piece of code:
> 
>         // hide reply link from anonymous users if they can't post replies
>         $hidefromanon = false;
>         if( empty( $_USER['username'] ) && (( $_CONF['loginrequired'] == 1 )
>                 || ( $_CONF['commentsloginrequired'] == 1 ))) {
>             $hidefromanon = true;
>         }
> 
>         // this will hide HTML that should not be viewed in preview mode
>         if( $preview || $hidefromanon ) {
>             $template->set_var( 'hide_if_preview', 'style="display:none"' );
>         } else {
>             $template->set_var( 'hide_if_preview', '' );
>         }
> 
> Hides the entire "reply to" section of code, including the collapse
> image, from anonymous users when anonymous comments are disabled.
> Fixing it could be as easy as changing the theme around.  I'll look
> into it a bit...
> 
> I already knew this would not work for IE < 5.5 (all versions).  I'm
> not sure what is going on with Opera, can anyone with Opera for
> windows check it out?
> 
> So, in summary, I think safari will probably work after we fix the
> anonymous user problem, as will OmniWeb 5.1.  IE < 5.5, iCab, and old
> versions of OmniWeb will probably never work as they don't support
> xmlhttp.  Opera will take some looking into...
> 
> As for the character sets I have no idea what could be messing with
> that... Can someone with experience with character sets and PHP take a
> look for me?
> 
> Thanks,
> 
> -Vinny
> 
> On Sat, 5 Feb 2005 14:04:31 +0100, Dirk Haun <dirk at haun-online.de> wrote:
> > I wrote:
> >
> > >One odd issue, though: It seems to be messing with the character set.
> > >When I collapse a comment and expand it again, all of the German umlauts
> > >have turned into question marks
> >
> > The same thing is happening on geeklog.info:
> >
> > <http://geeklog.info/article.php?stor
> > y=20020829000431524&mode=dynamic#comments>
> >
> > And now for the browser compatibility test (fasten your seatbelts ...):
> >
> > - The collapsing icon doesn't show up in Safari. You can expand comments,
> > but then the icon vanishes.
> >
> > - The same thing happens in OmniWeb 5.1.
> >
> > - Doesn't work at all in Mac-IE 5.2.3: The collapsing icons don't show
> > up; the expanding icons do show up but don't work.
> >
> > - The exact same thing happens in iCab 2.9.8
> >
> > - The collapsing icon doesn't show up in Opera 7.54u2 for Mac. Expanding
> > doesn't work (switches to "Loading ..." and stays there).
> >
> > - The exact same thing happens in OmniWeb 4.5 and iCab 3.0.0 beta 227.
> >
> > From Opera, I get the following error message in the JavaScript console:
> >
> > Event thread: onclick
> > Error:
> > name: TypeError
> > message: Statement on line 61: Expression did not evaluate to a function
> > object: xmlhttp.open
> > Backtrace:
> >   Line 61 of linked script http://geeklog.info/dynamic.js
> >     xmlhttp.open("GET", fragment_url, true);
> >   In unknown script
> >     loadFragmentInToElement("http://geeklog.info/comment.php?
> > mode=fetch&cid=192&full=true", "192");
> >   At unknown location
> >     {event handler trampoline}
> >
> > To summarize: On the Mac, it currently only works on Gecko-based
> > browsers. I did use the latest versions available of those browsers (and
> > in some cases another, older version).
> >
> > bye, Dirk
> >
> > --
> > http://www.haun-online.de/
> > http://www.macosx-faq.de/
> >
> > _______________________________________________
> > geeklog-devel mailing list
> > geeklog-devel at lists.geeklog.net
> > http://lists.geeklog.net/listinfo/geeklog-devel
> >
>


From geeklog at langfamily.ca  Sun Feb  6 17:35:46 2005
From: geeklog at langfamily.ca (Blaine Lang)
Date: Sun, 6 Feb 2005 17:35:46 -0500
Subject: [geeklog-devel] Plugin API's for comments
Message-ID: <00db01c50c9c$332659b0$650a10ac@XPBL2>

Vinny,

I am writting new functions for the filemgmt plugin to use the new comment API's. Once I have these working well on a new install, I can provide some updated docs. Looks like I will need to also have a update script since there will be some data changes.

Looking at the commentbar - I see the URL {parent_url} set for plugins is an assumed plugin_dir/index.php.

This may not be too bad for most plugins and I can add code to handle this in my case since it's not the script I want to use.
But .. I have no idea when the plugin index.php is called that it's being called from the commentbar or that I should now show the comments.

The parm passed is $_POST['id'] which is too generic and most plugins already use a parm called id.
There needs to be another parm used or a parm passed indicating the mode is to displaycomments.

I'd prefer a way that we could set the URL or maybe even just have it call a PLG function to handle the commentbar.
We have PLG_displayComment that is used in comment.php

We could possibly set the parent_url for the "refresh" to comment.php as well. We already have a $type parm in this form.
comment.php already has the logic to handle plugin comments.

I noticed on other oddity with the commentbar. There is a hidden variable called $mode set and can be used to hold "display or view" I believe.
Problem is there is a second variable in the same form called $mode as well - the selectbox for the display mode.

Regards,
Blaine



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist8.pair.net/pipermail/geeklog-devel/attachments/20050206/3d158838/attachment.html>

From vfuria at gmail.com  Mon Feb  7 00:27:57 2005
From: vfuria at gmail.com (Vincent Furia)
Date: Mon, 7 Feb 2005 00:27:57 -0500
Subject: [geeklog-devel] Plugin API's for comments
In-Reply-To: <00db01c50c9c$332659b0$650a10ac@XPBL2>
References: <00db01c50c9c$332659b0$650a10ac@XPBL2>
Message-ID: <8319e2d60502062127505c2ae2@mail.gmail.com>

On Sun, 6 Feb 2005 17:35:46 -0500, Blaine Lang <geeklog at langfamily.ca> wrote:
>  
> Vinny, 
>   
> I am writting new functions for the filemgmt plugin to use the new comment
> API's. Once I have these working well on a new install, I can provide some
> updated docs. Looks like I will need to also have a update script since
> there will be some data changes. 
>   
> Looking at the commentbar - I see the URL {parent_url} set for plugins is an
> assumed plugin_dir/index.php. 
>   
> This may not be too bad for most plugins and I can add code to handle this
> in my case since it's not the script I want to use. 
> But .. I have no idea when the plugin index.php is called that it's being
> called from the commentbar or that I should now show the comments. 
>   
> The parm passed is $_POST['id'] which is too generic and most plugins
> already use a parm called id. 
> There needs to be another parm used or a parm passed indicating the mode is
> to displaycomments. 
That ID refers to the plugins "item".  It should be the unique
identifier for whatever item the comments are about.  It is only used
as a link back up to the "item" that the comments are about.  It is up
to the plugin if/how comments are displayed on that page.

>   
> I'd prefer a way that we could set the URL or maybe even just have it call a
> PLG function to handle the commentbar. 
> We have PLG_displayComment that is used in comment.php
>
I think this would be overkill.  Unless you can think of a time when a
plugin would not have index.php?id=XXX go to the general view of the
"item" described by XXX.
   
> We could possibly set the parent_url for the "refresh" to comment.php as
> well. We already have a $type parm in this form. 
> comment.php already has the logic to handle plugin comments. 
> 
Once on the comments page, all "refreshes" stay on the comment page. 
The only thing the index.php?id=XXX link is used for is to link the
title to the "item".  A "refresh" should stay on the comment page if
that is where the comments are currently being viewed.

> I noticed on other oddity with the commentbar. There is a hidden variable
> called $mode set and can be used to hold "display or view" I believe. 
> Problem is there is a second variable in the same form called $mode as well
> - the selectbox for the display mode. 
>
The select box changes to "format" on comment.php (instead of mode). 
A mode form variable name should never appear twice (if it does let me
know...).
   
> Regards, 
> Blaine 
>   
np,
Vinny


From geeklog at langfamily.ca  Mon Feb  7 09:23:02 2005
From: geeklog at langfamily.ca (Blaine Lang)
Date: Mon, 7 Feb 2005 09:23:02 -0500
Subject: [geeklog-devel] Plugin API's for comments
References: <00db01c50c9c$332659b0$650a10ac@XPBL2> <8319e2d60502062127505c2ae2@mail.gmail.com>
Message-ID: <011501c50d20$8882df80$650a10ac@XPBL2>

Monday, February 07, 2005 12:27 AM, Vinny wrote:
> That ID refers to the plugins "item".  It should be the unique
> identifier for whatever item the comments are about.  It is only used
> as a link back up to the "item" that the comments are about.  It is up
> to the plugin if/how comments are displayed on that page.

Vinny, ok - np. I just need to make a few changes to my plugin. Currently, 
the way this plugin is written, I really want to send it to singlefile.php 
and then display the file details above the commentbar. I agree with the way 
it is currently should work in most cases.

I'll work on it again later this week or this weekend.

Blaine
----- Original Message ----- 
From: "Vincent Furia" <vfuria at gmail.com>
To: <geeklog-devel at lists.geeklog.net>
Sent: Monday, February 07, 2005 12:27 AM
Subject: Re: [geeklog-devel] Plugin API's for comments


On Sun, 6 Feb 2005 17:35:46 -0500, Blaine Lang <geeklog at langfamily.ca> 
wrote:
>
> Vinny,
>
> I am writting new functions for the filemgmt plugin to use the new comment
> API's. Once I have these working well on a new install, I can provide some
> updated docs. Looks like I will need to also have a update script since
> there will be some data changes.
>
> Looking at the commentbar - I see the URL {parent_url} set for plugins is 
> an
> assumed plugin_dir/index.php.
>
> This may not be too bad for most plugins and I can add code to handle this
> in my case since it's not the script I want to use.
> But .. I have no idea when the plugin index.php is called that it's being
> called from the commentbar or that I should now show the comments.
>
> The parm passed is $_POST['id'] which is too generic and most plugins
> already use a parm called id.
> There needs to be another parm used or a parm passed indicating the mode 
> is
> to displaycomments.
That ID refers to the plugins "item".  It should be the unique
identifier for whatever item the comments are about.  It is only used
as a link back up to the "item" that the comments are about.  It is up
to the plugin if/how comments are displayed on that page.

>
> I'd prefer a way that we could set the URL or maybe even just have it call 
> a
> PLG function to handle the commentbar.
> We have PLG_displayComment that is used in comment.php
>
I think this would be overkill.  Unless you can think of a time when a
plugin would not have index.php?id=XXX go to the general view of the
"item" described by XXX.

> We could possibly set the parent_url for the "refresh" to comment.php as
> well. We already have a $type parm in this form.
> comment.php already has the logic to handle plugin comments.
>
Once on the comments page, all "refreshes" stay on the comment page.
The only thing the index.php?id=XXX link is used for is to link the
title to the "item".  A "refresh" should stay on the comment page if
that is where the comments are currently being viewed.

> I noticed on other oddity with the commentbar. There is a hidden variable
> called $mode set and can be used to hold "display or view" I believe.
> Problem is there is a second variable in the same form called $mode as 
> well
> - the selectbox for the display mode.
>
The select box changes to "format" on comment.php (instead of mode).
A mode form variable name should never appear twice (if it does let me
know...).

> Regards,
> Blaine
>
np,
Vinny
_______________________________________________
geeklog-devel mailing list
geeklog-devel at lists.geeklog.net
http://lists.geeklog.net/listinfo/geeklog-devel 



From tomw at pigstye.net  Tue Feb  8 13:44:10 2005
From: tomw at pigstye.net (Tom Willett)
Date: Tue, 08 Feb 2005 13:44:10 -0500
Subject: [geeklog-devel] Spamx Mass Delete
Message-ID: <4209087A.7000006@pigstye.net>

Noticed that on Geeklog.net some were complaining that on a new install 
MassDelete didn't work.  Looked into it and noticed that it was relying 
on old data in the spamx table.  I updated the module to the new reality 
and have attached it.

-- 

Tom Willett
tomw at pigstye.net

-------------- next part --------------
A non-text attachment was scrubbed...
Name: MassDelete.tgz
Type: application/x-compressed
Size: 1812 bytes
Desc: not available
URL: <https://pairlist8.pair.net/pipermail/geeklog-devel/attachments/20050208/f0f437c4/attachment.bin>

From geeklog at langfamily.ca  Tue Feb  8 15:52:33 2005
From: geeklog at langfamily.ca (Blaine Lang)
Date: Tue, 8 Feb 2005 15:52:33 -0500
Subject: [geeklog-devel] MySQL performance - Use of Indexes
Message-ID: <01fd01c50e20$1d164bf0$650a10ac@XPBL2>

This was new for me today and thought that I would share as it may also effect some GL SQL queries.

I have a client project with 3.2M records which is actually only 30 days of data :)
A query that I have was like this:
SELECT * FROM calllogs WHERE 
    StartTime < '2005-02-02 11:02:19' AND 
    (Source_Caller_ID='4162389001' OR Dest_Caller_ID='4162389001') 
    ORDER BY StartTime

All three fields are indexed fields. The query was taking 90 seconds to complete.
But if you ran each query for Source_Caller_ID and Dest_Caller_ID separate ( so instead of the OR ), each query would complete in under 1 second.

Changing the query to use 2 selects and a UNION resulted in a time of about 1 sec to complete.

SELECT * FROM calllogs WHERE Source_Caller_ID='4162389001'
    UNION
    SELECT * FROM calllogs WHERE Dest_Caller_ID='4162389001' 
    Order By startTime;

Reason: MySQL ONLY uses the first index and was then in effect doing tablescan's when the OR condition and second field was added.

Blaine
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist8.pair.net/pipermail/geeklog-devel/attachments/20050208/4855eda2/attachment.html>

From dirk at haun-online.de  Tue Feb  8 15:56:10 2005
From: dirk at haun-online.de (Dirk Haun)
Date: Tue, 8 Feb 2005 21:56:10 +0100
Subject: [geeklog-devel] SpamAssassin WG on blog spam
Message-ID: <20050208205610.25646@smtp.haun-online.de>

FYI: The BlogSpamAssassin project is a SpamAssassin working group
focussing on spam in blogs (comment spam, etc.). So far, they have this
page <http://wiki.apache.org/spamassassin/BlogSpamAssassin> and a (quiet)
mailing list.

I'll keep an eye on it ...

bye, Dirk


-- 
http://www.haun-online.de/
http://www.haun.info/



From tony at tonybibbs.com  Tue Feb  8 16:05:25 2005
From: tony at tonybibbs.com (Tony Bibbs)
Date: Tue, 08 Feb 2005 15:05:25 -0600
Subject: [geeklog-devel] MySQL performance - Use of Indexes
In-Reply-To: <01fd01c50e20$1d164bf0$650a10ac@XPBL2>
References: <01fd01c50e20$1d164bf0$650a10ac@XPBL2>
Message-ID: <42092995.2000908@tonybibbs.com>

That's ridiculous.  I tell you, I see what Postgres has been doing (most 
recently, the addition of table spaces) and I sometimes wonder why I use 
MySQL.  Sure it's easy to learn, fast, etc but man do I miss triggers, 
sp's etc.

This opens up the option of us wanting to review all our SQL in 1.3.x 
and seeing if it may be effected by this.  The search page comes to mind.

--Tony

Blaine Lang wrote:

> This was new for me today and thought that I would share as it may 
> also effect some GL SQL queries.
>  
> I have a client project with 3.2M records which is actually only 30 
> days of data :)
> A query that I have was like this:
> SELECT * FROM calllogs WHERE
>     StartTime < '2005-02-02 11:02:19' AND
>     (Source_Caller_ID='4162389001' OR Dest_Caller_ID='4162389001')
>     ORDER BY StartTime
>  
> All three fields are indexed fields. The query was taking 90 seconds 
> to complete.
> But if you ran each query for Source_Caller_ID and Dest_Caller_ID 
> separate ( so instead of the OR ), each query would complete in under 
> 1 second.
>  
> Changing the query to use 2 selects and a UNION resulted in a time of 
> about 1 sec to complete.
>  
> SELECT * FROM calllogs WHERE Source_Caller_ID='4162389001'
>     UNION
>     SELECT * FROM calllogs WHERE Dest_Caller_ID='4162389001'
>     Order By startTime;
>  
> Reason: MySQL ONLY uses the first index and was then in effect doing 
> tablescan's when the OR condition and second field was added.
>  
> Blaine




From dwight at trumbower.com  Tue Feb  8 16:51:02 2005
From: dwight at trumbower.com (Dwight Trumbower)
Date: Tue, 8 Feb 2005 15:51:02 -0600 (CST)
Subject: [geeklog-devel] MySQL performance - Use of Indexes
In-Reply-To: <42092995.2000908@tonybibbs.com>
References: <01fd01c50e20$1d164bf0$650a10ac@XPBL2>
    <42092995.2000908@tonybibbs.com>
Message-ID: <32940.192.136.16.3.1107899462.squirrel@192.136.16.3>

OR are usually always timely in any DB. Just like using IN or NOT IN. In
other DBs you can usually run a query plan to find this information out. I
haven't heard if MySQL has that capability yet.

You just were reminded that MYSQL was never designed to be a "true" RDMS.
It was great for read/reporting type solutions.

Postgres latest release is suppose to be really nice. I want to look at it
for future projects, but it won't be a while before I can look at it.
Unless someone pays me. :)




> That's ridiculous.  I tell you, I see what Postgres has been doing (most
> recently, the addition of table spaces) and I sometimes wonder why I use
> MySQL.  Sure it's easy to learn, fast, etc but man do I miss triggers,
> sp's etc.
>
> This opens up the option of us wanting to review all our SQL in 1.3.x
> and seeing if it may be effected by this.  The search page comes to mind.
>
> --Tony
>
> Blaine Lang wrote:
>
>> This was new for me today and thought that I would share as it may
>> also effect some GL SQL queries.
>>
>> I have a client project with 3.2M records which is actually only 30
>> days of data :)
>> A query that I have was like this:
>> SELECT * FROM calllogs WHERE
>>     StartTime < '2005-02-02 11:02:19' AND
>>     (Source_Caller_ID='4162389001' OR Dest_Caller_ID='4162389001')
>>     ORDER BY StartTime
>>
>> All three fields are indexed fields. The query was taking 90 seconds
>> to complete.
>> But if you ran each query for Source_Caller_ID and Dest_Caller_ID
>> separate ( so instead of the OR ), each query would complete in under
>> 1 second.
>>
>> Changing the query to use 2 selects and a UNION resulted in a time of
>> about 1 sec to complete.
>>
>> SELECT * FROM calllogs WHERE Source_Caller_ID='4162389001'
>>     UNION
>>     SELECT * FROM calllogs WHERE Dest_Caller_ID='4162389001'
>>     Order By startTime;
>>
>> Reason: MySQL ONLY uses the first index and was then in effect doing
>> tablescan's when the OR condition and second field was added.
>>
>> Blaine
>
>
> _______________________________________________
> geeklog-devel mailing list
> geeklog-devel at lists.geeklog.net
> http://lists.geeklog.net/listinfo/geeklog-devel
>


-- 
Dwight Trumbower


From tony at tonybibbs.com  Tue Feb  8 17:30:19 2005
From: tony at tonybibbs.com (Tony Bibbs)
Date: Tue, 08 Feb 2005 16:30:19 -0600
Subject: [geeklog-devel] MySQL performance - Use of Indexes
In-Reply-To: <32940.192.136.16.3.1107899462.squirrel@192.136.16.3>
References: <01fd01c50e20$1d164bf0$650a10ac@XPBL2>    <42092995.2000908@tonybibbs.com> <32940.192.136.16.3.1107899462.squirrel@192.136.16.3>
Message-ID: <42093D7B.3010305@tonybibbs.com>

I'd argue against "that MYSQL was never designed to be a 'true' RDMS"

Their stance has always been to slowly add features so as to make 
performance and stability a priority.  MySQL 5.x will add most of what I 
feel I need as a developer.

My main gripe is mainly that they sure do take their sweet time getting 
those badly desired features done.  I've got the new Postgres 
installed.  IMHO, it's harder to administer than MySQL but most of my 
issues are covered in the documentation adequately.

--Tony

Dwight Trumbower wrote:

>OR are usually always timely in any DB. Just like using IN or NOT IN. In
>other DBs you can usually run a query plan to find this information out. I
>haven't heard if MySQL has that capability yet.
>
>You just were reminded that MYSQL was never designed to be a "true" RDMS.
>It was great for read/reporting type solutions.
>
>Postgres latest release is suppose to be really nice. I want to look at it
>for future projects, but it won't be a while before I can look at it.
>Unless someone pays me. :)
>
>
>
>
>  
>
>>That's ridiculous.  I tell you, I see what Postgres has been doing (most
>>recently, the addition of table spaces) and I sometimes wonder why I use
>>MySQL.  Sure it's easy to learn, fast, etc but man do I miss triggers,
>>sp's etc.
>>
>>This opens up the option of us wanting to review all our SQL in 1.3.x
>>and seeing if it may be effected by this.  The search page comes to mind.
>>
>>--Tony
>>
>>Blaine Lang wrote:
>>
>>    
>>
>>>This was new for me today and thought that I would share as it may
>>>also effect some GL SQL queries.
>>>
>>>I have a client project with 3.2M records which is actually only 30
>>>days of data :)
>>>A query that I have was like this:
>>>SELECT * FROM calllogs WHERE
>>>    StartTime < '2005-02-02 11:02:19' AND
>>>    (Source_Caller_ID='4162389001' OR Dest_Caller_ID='4162389001')
>>>    ORDER BY StartTime
>>>
>>>All three fields are indexed fields. The query was taking 90 seconds
>>>to complete.
>>>But if you ran each query for Source_Caller_ID and Dest_Caller_ID
>>>separate ( so instead of the OR ), each query would complete in under
>>>1 second.
>>>
>>>Changing the query to use 2 selects and a UNION resulted in a time of
>>>about 1 sec to complete.
>>>
>>>SELECT * FROM calllogs WHERE Source_Caller_ID='4162389001'
>>>    UNION
>>>    SELECT * FROM calllogs WHERE Dest_Caller_ID='4162389001'
>>>    Order By startTime;
>>>
>>>Reason: MySQL ONLY uses the first index and was then in effect doing
>>>tablescan's when the OR condition and second field was added.
>>>
>>>Blaine
>>>      
>>>
>>_______________________________________________
>>geeklog-devel mailing list
>>geeklog-devel at lists.geeklog.net
>>http://lists.geeklog.net/listinfo/geeklog-devel
>>
>>    
>>
>
>
>  
>



From dirk at haun-online.de  Wed Feb  9 16:14:59 2005
From: dirk at haun-online.de (Dirk Haun)
Date: Wed, 9 Feb 2005 22:14:59 +0100
Subject: [geeklog-devel] Spam, spam, bacon, eggs, and spam
Message-ID: <20050209211459.11662@smtp.haun-online.de>

Our special "friend" continues to flood geeklog.info with trackback spam.
A few of them went through since he now also seems to start using HTML
entities to obfuscate his posts:

>&amp;#111;nl&amp;#105;n&amp;#101; p&amp;#111;k&amp;#101;r</a> von &amp;
>#111;nl&amp;#105;n&amp;#101; p&amp;#111;k&amp;#101;r<br>
>Please visit some information in the field of &#111;nl&#105;n&#101;
>p&#111;k&#101;r p&#111;k&#101;r p&#97;rty p&#111;k&#101;r

Tom, would you consider this a feature request? ;-)

No forum spam (at all) on geeklog.info, btw. Maybe because the site's in
German?

I made a small modification to the forum submission forms on geeklog.net
to include a random number in a hidden field. This was just for testing
since I wanted to find out if he actually parses the forms or not. The
random number would have shown up in the SpamX notification emails if he
did, but it didn't.

There's a plugin for Wordpress that does this: It includes a randomly
named field with a random value into the submission form and if that
field and value are not included in the POST data, the post is discarded
right away.

They actually add the field with JavaScript to make it even more
difficult. But then I wouldn't be able to post using Lynx, so maybe
that's too extreme a measure (yet) ;-)

Anyway, the war is on and the enemy isn't sleeping ...

bye, Dirk


-- 
http://www.haun-online.de/
http://www.haun.info/



From justin.carlson at gmail.com  Wed Feb  9 17:06:16 2005
From: justin.carlson at gmail.com (Justin Carlson)
Date: Wed, 9 Feb 2005 16:06:16 -0600
Subject: [geeklog-devel] Spam, spam, bacon, eggs, and spam
In-Reply-To: <20050209211459.11662@smtp.haun-online.de>
References: <20050209211459.11662@smtp.haun-online.de>
Message-ID: <3d1a3f4e050209140666a7add2@mail.gmail.com>

Perhaps you could add a bit of code to the SpamX plugin:

http://us4.php.net/manual/en/function.html-entity-decode.php






On Wed, 9 Feb 2005 22:14:59 +0100, Dirk Haun <dirk at haun-online.de> wrote:
> Our special "friend" continues to flood geeklog.info with trackback spam.
> A few of them went through since he now also seems to start using HTML
> entities to obfuscate his posts:
> 
> >&amp;#111;nl&amp;#105;n&amp;#101; p&amp;#111;k&amp;#101;r</a> von &amp;
> >#111;nl&amp;#105;n&amp;#101; p&amp;#111;k&amp;#101;r<br>
> >Please visit some information in the field of &#111;nl&#105;n&#101;
> >p&#111;k&#101;r p&#111;k&#101;r p&#97;rty p&#111;k&#101;r
> 
> Tom, would you consider this a feature request? ;-)
> 
> No forum spam (at all) on geeklog.info, btw. Maybe because the site's in
> German?
> 
> I made a small modification to the forum submission forms on geeklog.net
> to include a random number in a hidden field. This was just for testing
> since I wanted to find out if he actually parses the forms or not. The
> random number would have shown up in the SpamX notification emails if he
> did, but it didn't.
> 
> There's a plugin for Wordpress that does this: It includes a randomly
> named field with a random value into the submission form and if that
> field and value are not included in the POST data, the post is discarded
> right away.
> 
> They actually add the field with JavaScript to make it even more
> difficult. But then I wouldn't be able to post using Lynx, so maybe
> that's too extreme a measure (yet) ;-)
> 
> Anyway, the war is on and the enemy isn't sleeping ...
> 
> bye, Dirk
> 
> --
> http://www.haun-online.de/
> http://www.haun.info/
> 
> _______________________________________________
> geeklog-devel mailing list
> geeklog-devel at lists.geeklog.net
> http://lists.geeklog.net/listinfo/geeklog-devel
>


From justin.carlson at gmail.com  Wed Feb  9 17:14:53 2005
From: justin.carlson at gmail.com (Justin Carlson)
Date: Wed, 9 Feb 2005 16:14:53 -0600
Subject: [geeklog-devel] Spam, spam, bacon, eggs, and spam
In-Reply-To: <3d1a3f4e050209140666a7add2@mail.gmail.com>
References: <20050209211459.11662@smtp.haun-online.de>
	 <3d1a3f4e050209140666a7add2@mail.gmail.com>
Message-ID: <3d1a3f4e05020914144363c8ae@mail.gmail.com>

Also, as posted elsewhere,  is this live now
?
http://www.google.com/googleblog/2005/01/preventing-comment-spam.html



On Wed, 9 Feb 2005 16:06:16 -0600, Justin Carlson
<justin.carlson at gmail.com> wrote:
> Perhaps you could add a bit of code to the SpamX plugin:
> 
> http://us4.php.net/manual/en/function.html-entity-decode.php
> 
> 
> On Wed, 9 Feb 2005 22:14:59 +0100, Dirk Haun <dirk at haun-online.de> wrote:
> > Our special "friend" continues to flood geeklog.info with trackback spam.
> > A few of them went through since he now also seems to start using HTML
> > entities to obfuscate his posts:
> >
> > >&amp;#111;nl&amp;#105;n&amp;#101; p&amp;#111;k&amp;#101;r</a> von &amp;
> > >#111;nl&amp;#105;n&amp;#101; p&amp;#111;k&amp;#101;r<br>
> > >Please visit some information in the field of &#111;nl&#105;n&#101;
> > >p&#111;k&#101;r p&#111;k&#101;r p&#97;rty p&#111;k&#101;r
> >
> > Tom, would you consider this a feature request? ;-)
> >
> > No forum spam (at all) on geeklog.info, btw. Maybe because the site's in
> > German?
> >
> > I made a small modification to the forum submission forms on geeklog.net
> > to include a random number in a hidden field. This was just for testing
> > since I wanted to find out if he actually parses the forms or not. The
> > random number would have shown up in the SpamX notification emails if he
> > did, but it didn't.
> >
> > There's a plugin for Wordpress that does this: It includes a randomly
> > named field with a random value into the submission form and if that
> > field and value are not included in the POST data, the post is discarded
> > right away.
> >
> > They actually add the field with JavaScript to make it even more
> > difficult. But then I wouldn't be able to post using Lynx, so maybe
> > that's too extreme a measure (yet) ;-)
> >
> > Anyway, the war is on and the enemy isn't sleeping ...
> >
> > bye, Dirk
> >
> > --
> > http://www.haun-online.de/
> > http://www.haun.info/
> >
> > _______________________________________________
> > geeklog-devel mailing list
> > geeklog-devel at lists.geeklog.net
> > http://lists.geeklog.net/listinfo/geeklog-devel
> >
>


From slord at marelina.com  Wed Feb  9 23:44:34 2005
From: slord at marelina.com (Simon Lord)
Date: Wed, 09 Feb 2005 23:44:34 -0500
Subject: [geeklog-devel] Spam, spam, bacon, eggs, and spam
In-Reply-To: <20050209211459.11662@smtp.haun-online.de>
References: <20050209211459.11662@smtp.haun-online.de>
Message-ID: <8ed32b86cadb8d4462ae934f224d7047@marelina.com>

I've noticed that many Flash developers that have blogs have simply 
removed all the submission fields and replaced them with Flash editors. 
  Sample:

http://www.peldi.com/blog/archives/2005/01/pcc_recording_l.html#comments

... scroll to the submission area at the bottom.  Could be a solution 
we provide in a future version to allow users to either use the flash 
submission as an extra layer of protection against spam.


On Feb 9, 2005, at 4:14 PM, Dirk Haun wrote:

> Our special "friend" continues to flood geeklog.info with trackback 
> spam.
> A few of them went through since he now also seems to start using HTML
> entities to obfuscate his posts:
>
>> &amp;#111;nl&amp;#105;n&amp;#101; p&amp;#111;k&amp;#101;r</a> von 
>> &amp;
>> #111;nl&amp;#105;n&amp;#101; p&amp;#111;k&amp;#101;r<br>
>> Please visit some information in the field of &#111;nl&#105;n&#101;
>> p&#111;k&#101;r p&#111;k&#101;r p&#97;rty p&#111;k&#101;r
>
> Tom, would you consider this a feature request? ;-)
>
> No forum spam (at all) on geeklog.info, btw. Maybe because the site's 
> in
> German?
>
> I made a small modification to the forum submission forms on 
> geeklog.net
> to include a random number in a hidden field. This was just for testing
> since I wanted to find out if he actually parses the forms or not. The
> random number would have shown up in the SpamX notification emails if 
> he
> did, but it didn't.
>
> There's a plugin for Wordpress that does this: It includes a randomly
> named field with a random value into the submission form and if that
> field and value are not included in the POST data, the post is 
> discarded
> right away.
>
> They actually add the field with JavaScript to make it even more
> difficult. But then I wouldn't be able to post using Lynx, so maybe
> that's too extreme a measure (yet) ;-)
>
> Anyway, the war is on and the enemy isn't sleeping ...
>
> bye, Dirk
>
>
> -- 
> http://www.haun-online.de/
> http://www.haun.info/
>
> _______________________________________________
> geeklog-devel mailing list
> geeklog-devel at lists.geeklog.net
> http://lists.geeklog.net/listinfo/geeklog-devel
>
>
Sincerely,
Simon



From tomw at pigstye.net  Thu Feb 10 08:51:14 2005
From: tomw at pigstye.net (Tom Willett)
Date: Thu, 10 Feb 2005 08:51:14 -0500
Subject: [geeklog-devel] Spam, spam, bacon, eggs, and spam
In-Reply-To: <20050209211459.11662@smtp.haun-online.de>
References: <20050209211459.11662@smtp.haun-online.de>
Message-ID: <420B66D2.8000405@pigstye.net>

On 2/9/2005 4:14 PM, Dirk Haun wrote:

>Our special "friend" continues to flood geeklog.info with trackback spam.
>A few of them went through since he now also seems to start using HTML
>entities to obfuscate his posts:
>
>  
>
>>&amp;#111;nl&amp;#105;n&amp;#101; p&amp;#111;k&amp;#101;r</a> von &amp;
>>#111;nl&amp;#105;n&amp;#101; p&amp;#111;k&amp;#101;r<br>
>>Please visit some information in the field of &#111;nl&#105;n&#101;
>>p&#111;k&#101;r p&#111;k&#101;r p&#97;rty p&#111;k&#101;r
>>    
>>
>
>Tom, would you consider this a feature request? ;-)
>
>  
>
Its actually pretty easy to get around this.  A minor change will need 
to be made in three files:

All current cvs:

Blacklist.Examine.class.php
Change line 44 from
if (preg_match("#$val#", $comment)) {
to
if (preg_match("#$val#", html_entity_decode($comment))) {

IPofUrl.Examine.class.php
change line 41 from
$num = preg_match_all("#{$regx}#",$comment,$urls);
to
$num = preg_match_all("#{$regx}#",html_entity_decode($comment),$urls);

MTBlackList.Examine.class.php
change line 47 from
if (@preg_match("#$val#", $comment)) {
to
if (@preg_match("#$val#", html_entity_decode($comment))) {

-- 

Tom Willett
tomw at pigstye.net

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist8.pair.net/pipermail/geeklog-devel/attachments/20050210/26b93a2b/attachment.html>

From tony at tonybibbs.com  Thu Feb 10 09:30:23 2005
From: tony at tonybibbs.com (Tony Bibbs)
Date: Thu, 10 Feb 2005 08:30:23 -0600
Subject: [geeklog-devel] Spam, spam, bacon, eggs, and spam
In-Reply-To: <420B66D2.8000405@pigstye.net>
References: <20050209211459.11662@smtp.haun-online.de> <420B66D2.8000405@pigstye.net>
Message-ID: <420B6FFF.9080606@tonybibbs.com>

Makes me wonder if we shouldn't have a mailing list for developer-only 
spam discussions where strategy and stuff can be discuss less openly. 
Just a thought.

--Tony

Tom Willett wrote:

> On 2/9/2005 4:14 PM, Dirk Haun wrote:
>
>>Our special "friend" continues to flood geeklog.info with trackback spam.
>>A few of them went through since he now also seems to start using HTML
>>entities to obfuscate his posts:
>>
>>  
>>
>>>&amp;#111;nl&amp;#105;n&amp;#101; p&amp;#111;k&amp;#101;r</a> von &amp;
>>>#111;nl&amp;#105;n&amp;#101; p&amp;#111;k&amp;#101;r<br>
>>>Please visit some information in the field of &#111;nl&#105;n&#101;
>>>p&#111;k&#101;r p&#111;k&#101;r p&#97;rty p&#111;k&#101;r
>>>    
>>>
>>
>>Tom, would you consider this a feature request? ;-)
>>
>>  
>>
> Its actually pretty easy to get around this.  A minor change will need 
> to be made in three files:
>
> All current cvs:
>
> Blacklist.Examine.class.php
> Change line 44 from
> if (preg_match("#$val#", $comment)) {
> to
> if (preg_match("#$val#", html_entity_decode($comment))) {
>
> IPofUrl.Examine.class.php
> change line 41 from
> $num = preg_match_all("#{$regx}#",$comment,$urls);
> to
> $num = preg_match_all("#{$regx}#",html_entity_decode($comment),$urls);
>
> MTBlackList.Examine.class.php
> change line 47 from
> if (@preg_match("#$val#", $comment)) {
> to
> if (@preg_match("#$val#", html_entity_decode($comment))) {
>
>-- 
>
>Tom Willett
>tomw at pigstye.net
>  
>



From tomw at pigstye.net  Thu Feb 10 09:57:43 2005
From: tomw at pigstye.net (Tom Willett)
Date: Thu, 10 Feb 2005 09:57:43 -0500
Subject: [geeklog-devel] Spam, spam, bacon, eggs, and spam
In-Reply-To: <420B6FFF.9080606@tonybibbs.com>
References: <20050209211459.11662@smtp.haun-online.de> <420B66D2.8000405@pigstye.net> <420B6FFF.9080606@tonybibbs.com>
Message-ID: <420B7667.4090306@pigstye.net>

On 2/10/2005 9:30 AM, Tony Bibbs wrote:

> Makes me wonder if we shouldn't have a mailing list for developer-only 
> spam discussions where strategy and stuff can be discuss less openly. 
> Just a thought.
>
> --Tony
>
> Tom Willett wrote:
>
>> On 2/9/2005 4:14 PM, Dirk Haun wrote:
>>
>>> Our special "friend" continues to flood geeklog.info with trackback 
>>> spam.
>>> A few of them went through since he now also seems to start using HTML
>>> entities to obfuscate his posts:
>>>
>>>  
>>>
>>>> &amp;#111;nl&amp;#105;n&amp;#101; p&amp;#111;k&amp;#101;r</a> von 
>>>> &amp;
>>>> #111;nl&amp;#105;n&amp;#101; p&amp;#111;k&amp;#101;r<br>
>>>> Please visit some information in the field of &#111;nl&#105;n&#101;
>>>> p&#111;k&#101;r p&#111;k&#101;r p&#97;rty p&#111;k&#101;r
>>>>   
>>>
>>>
>>> Tom, would you consider this a feature request? ;-)
>>>
>>>  
>>>
>> Its actually pretty easy to get around this.  A minor change will 
>> need to be made in three files:
>>
>> All current cvs:
>>
>> Blacklist.Examine.class.php
>> Change line 44 from
>> if (preg_match("#$val#", $comment)) {
>> to
>> if (preg_match("#$val#", html_entity_decode($comment))) {
>>
>> IPofUrl.Examine.class.php
>> change line 41 from
>> $num = preg_match_all("#{$regx}#",$comment,$urls);
>> to
>> $num = preg_match_all("#{$regx}#",html_entity_decode($comment),$urls);
>>
>> MTBlackList.Examine.class.php
>> change line 47 from
>> if (@preg_match("#$val#", $comment)) {
>> to
>> if (@preg_match("#$val#", html_entity_decode($comment))) {
>>
>> -- 
>>
>> Tom Willett
>> tomw at pigstye.net
>>  
>>
>
> _______________________________________________
> geeklog-devel mailing list
> geeklog-devel at lists.geeklog.net
> http://lists.geeklog.net/listinfo/geeklog-devel

Would it make any difference if cvs is publically available?

-- 

Tom Willett
tomw at pigstye.net



From tony at tonybibbs.com  Thu Feb 10 14:19:06 2005
From: tony at tonybibbs.com (Tony Bibbs)
Date: Thu, 10 Feb 2005 13:19:06 -0600
Subject: [geeklog-devel] Spam, spam, bacon, eggs, and spam
In-Reply-To: <420B7667.4090306@pigstye.net>
References: <20050209211459.11662@smtp.haun-online.de> <420B66D2.8000405@pigstye.net> <420B6FFF.9080606@tonybibbs.com> <420B7667.4090306@pigstye.net>
Message-ID: <420BB3AA.1050400@tonybibbs.com>

Just harder to get at.  In one case we clearly state our intentions for 
all to see.  The other way we force these yahoo's to lift the hood and 
figure it out on their own.

--Tony

Tom Willett wrote:

> On 2/10/2005 9:30 AM, Tony Bibbs wrote:
>
>> Makes me wonder if we shouldn't have a mailing list for 
>> developer-only spam discussions where strategy and stuff can be 
>> discuss less openly. Just a thought.
>>
>> --Tony
>>
>> Tom Willett wrote:
>>
>>> On 2/9/2005 4:14 PM, Dirk Haun wrote:
>>>
>>>> Our special "friend" continues to flood geeklog.info with trackback 
>>>> spam.
>>>> A few of them went through since he now also seems to start using HTML
>>>> entities to obfuscate his posts:
>>>>
>>>>  
>>>>
>>>>> &amp;#111;nl&amp;#105;n&amp;#101; p&amp;#111;k&amp;#101;r</a> von 
>>>>> &amp;
>>>>> #111;nl&amp;#105;n&amp;#101; p&amp;#111;k&amp;#101;r<br>
>>>>> Please visit some information in the field of &#111;nl&#105;n&#101;
>>>>> p&#111;k&#101;r p&#111;k&#101;r p&#97;rty p&#111;k&#101;r
>>>>>   
>>>>
>>>>
>>>>
>>>> Tom, would you consider this a feature request? ;-)
>>>>
>>>>  
>>>>
>>> Its actually pretty easy to get around this.  A minor change will 
>>> need to be made in three files:
>>>
>>> All current cvs:
>>>
>>> Blacklist.Examine.class.php
>>> Change line 44 from
>>> if (preg_match("#$val#", $comment)) {
>>> to
>>> if (preg_match("#$val#", html_entity_decode($comment))) {
>>>
>>> IPofUrl.Examine.class.php
>>> change line 41 from
>>> $num = preg_match_all("#{$regx}#",$comment,$urls);
>>> to
>>> $num = preg_match_all("#{$regx}#",html_entity_decode($comment),$urls);
>>>
>>> MTBlackList.Examine.class.php
>>> change line 47 from
>>> if (@preg_match("#$val#", $comment)) {
>>> to
>>> if (@preg_match("#$val#", html_entity_decode($comment))) {
>>>
>>> -- 
>>>
>>> Tom Willett
>>> tomw at pigstye.net
>>>  
>>>
>>
>> _______________________________________________
>> geeklog-devel mailing list
>> geeklog-devel at lists.geeklog.net
>> http://lists.geeklog.net/listinfo/geeklog-devel
>
>
> Would it make any difference if cvs is publically available?
>



From dirk at haun-online.de  Thu Feb 10 15:27:32 2005
From: dirk at haun-online.de (Dirk Haun)
Date: Thu, 10 Feb 2005 21:27:32 +0100
Subject: [geeklog-devel] Spam, spam, bacon, eggs, and spam
In-Reply-To: <420B6FFF.9080606@tonybibbs.com>
References: <420B6FFF.9080606@tonybibbs.com>
Message-ID: <20050210202732.12657@smtp.haun-online.de>

Tony Bibbs wrote:

>Makes me wonder if we shouldn't have a mailing list for developer-only 
>spam discussions where strategy and stuff can be discuss less openly. 
>Just a thought.

Since what that guy is currently doing borders on a DDoS attack, I'm all
for it ...

Up to 10 spam posts per minute! And here I was wondering why geeklog.net
was going so slowly. Someone's clearly out of their mind ...

bye, Dirk


-- 
http://www.haun-online.de/
http://www.haun.info/



From tony at tonybibbs.com  Thu Feb 10 15:33:45 2005
From: tony at tonybibbs.com (Tony Bibbs)
Date: Thu, 10 Feb 2005 14:33:45 -0600
Subject: [geeklog-devel] Spam, spam, bacon, eggs, and spam
In-Reply-To: <20050210202732.12657@smtp.haun-online.de>
References: <420B6FFF.9080606@tonybibbs.com> <20050210202732.12657@smtp.haun-online.de>
Message-ID: <420BC529.8000009@tonybibbs.com>

I'll add this to my to-do list.  I've got Mailman on the colo server and 
all I need to do is figure out how the hell to get the archive messages 
moved over.  I'm guessing it is as easy as scp'ing them from one place 
to another but I need to double check that.

--Tony

Dirk Haun wrote:

>Tony Bibbs wrote:
>
>  
>
>>Makes me wonder if we shouldn't have a mailing list for developer-only 
>>spam discussions where strategy and stuff can be discuss less openly. 
>>Just a thought.
>>    
>>
>
>Since what that guy is currently doing borders on a DDoS attack, I'm all
>for it ...
>
>Up to 10 spam posts per minute! And here I was wondering why geeklog.net
>was going so slowly. Someone's clearly out of their mind ...
>
>bye, Dirk
>
>
>  
>




From dirk at haun-online.de  Thu Feb 10 16:01:13 2005
From: dirk at haun-online.de (Dirk Haun)
Date: Thu, 10 Feb 2005 22:01:13 +0100
Subject: [geeklog-devel] Spam, spam, bacon, eggs, and spam
In-Reply-To: <420BC529.8000009@tonybibbs.com>
References: <420BC529.8000009@tonybibbs.com>
Message-ID: <20050210210113.15628@smtp.haun-online.de>

Tony,

>I've got Mailman on the colo server and 
>all I need to do is figure out how the hell to get the archive messages 
>moved over.

One more reason to upgrade Mailman:
<http://lists.netsys.com/pipermail/full-disclosure/2005-February/031562.html>

So make sure you either patch 2.1.5 or upgrade to a new version, if it's
out yet.

bye, Dirk


-- 
http://www.haun-online.de/
http://geeklog.info/



From tony at tonybibbs.com  Fri Feb 11 10:30:00 2005
From: tony at tonybibbs.com (Tony Bibbs)
Date: Fri, 11 Feb 2005 09:30:00 -0600
Subject: [geeklog-devel] Proposal for Plugin API extension
Message-ID: <420CCF78.50207@tonybibbs.com>

I have a custom way of banning users.  I simply have an array of user 
ID's in my config file and if a user is in there I give them a 'your are 
banned' message.  Unfortunately, the nightly digest of topics doesn't 
know anything about my dirty little hack.  This got me to thinking we 
need an plugin API change for the following:

1) plugins should be able to include themselves in the nightly digest.  
I think controlling whether a plugin is allowed to do this by the site 
admin should be done in it's own config file or, better yet, the plugin 
admin page.
2) a way for a plugin to prevent a specific user from being able to 
receive the digest because of being banned.

I'm not saying this is how it should be but merely making suggestions.  
I'd like to open this up for discussion and decision so that I can 
implement this for us all (assuming we agree there is a need)...I really 
need this.

--Tony


From dirk at haun-online.de  Fri Feb 11 12:45:06 2005
From: dirk at haun-online.de (Dirk Haun)
Date: Fri, 11 Feb 2005 18:45:06 +0100
Subject: [geeklog-devel] Home-made problems with forum spam
Message-ID: <20050211174506.9032@smtp.haun-online.de>

Okay, part of yesterday's spam DDoS problem was home-made:

Exhibit #1:

Thu Feb 10 15:11:52 2005 - Found Spam Comment [...] posted by user  from
IP 218.89.189.241
Thu Feb 10 15:11:55 2005 - Found Spam Comment [...] posted by user  from
IP 218.89.189.241

2 Posts from the same IP address within 3 seconds? This shouldn't happen.

Reason: The forum's speed limit defaults to 1(!) second.

Suggested fix: In public_html/forum/include/config.php replace

    $forumSpeedLimit = 1;

with

    $forumSpeedLimit = $_CONF['commentspeedlimit'];


Exhibit #2:

218.89.189.241 - - [10/Feb/2005:15:11:55 -0500] "POST /forum/
createtopic.php HTTP/1.0" 200 15328 "http://www.geeklog.net/forum/
createtopic.php?method=postreply&forum=9&id=20921" "Mozilla/4.0
(compatible; MSIE 6.0; Windows NT 5.2; .NET CLR 1.1.4322)"
218.89.189.241 - - [10/Feb/2005:15:11:56 -0500] "GET /index.php?
msg=8&plugin=spamx HTTP/1.0" 200 47376 "-" "Mozilla/4.0 (compatible; MSIE
6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"

So our friend's spamming scripts have started following the redirect to
display the "Spam detected" message, causing additional load.

Not sure what the best solution would be for this. On the one hand, I
think we should display a message in case a regular user accidentally
posted something that is considered spam (and be it only excerpts from
his logfiles containing blocked URLs). On the other hand, there's no need
to display the entire Geeklog framework page. So maybe just display a
plain-text message and let the script exit?

So instead of

    if ($result > 0) {
        echo COM_refresh($_CONF['site_url'] . '/index.php?
msg='.$result.'&amp;plugin=spamx');
        exit;
    }

do something like
    
    if ($result > 0) {
        $var = 'PLG_spamx_MESSAGE' . $result;
        global $$var, $MESSAGE;
        if (isset ($$var)) {
            $message = $$var;
        } else {
            $message = sprintf ($MESSAGE[61], 'spamx');
        }
        header ('Content-Type: text/plain');
        echo $message;
        exit;
    }

... which is pretty much what COM_showMessage would do as a result of the
above redirect, but without all the surrounding framework. Maybe hiding
that ugly bit of $$var code and echo'ing out in a new COM_ function ...

Thoughts?

bye, Dirk


-- 
http://www.haun-online.de/
http://www.handful-of-sparks.de/



From dirk at haun-online.de  Fri Feb 11 12:49:55 2005
From: dirk at haun-online.de (Dirk Haun)
Date: Fri, 11 Feb 2005 18:49:55 +0100
Subject: [geeklog-devel] Proposal for Plugin API extension
In-Reply-To: <420CCF78.50207@tonybibbs.com>
References: <420CCF78.50207@tonybibbs.com>
Message-ID: <20050211174955.14690@smtp.haun-online.de>

Tony,

>1) plugins should be able to include themselves in the nightly digest.

A good idea in theory. However, the daily digest is already timing out
for a lot of people (because of script limits on shared hosting) and
adding more stuff to it would make it fail more often for those users.

I wrote up this task on the issue:
<http://project.geeklog.net/pm/task.php?
func=detailtask&project_task_id=20&group_id=6&group_project_id=10>


>2) a way for a plugin to prevent a specific user from being able to 
>receive the digest because of being banned.

This sounds backward to me. Instead, we should properly implement banning
finally (this was also briefly mentioned in the discussions about remote
login over in geeklog-devtalk). Which means that all built-in
functionality, including the daily digest, would know about banned users
and not service them

bye, Dirk


-- 
http://www.haun-online.de/
http://mypod.de/



From tomw at pigstye.net  Fri Feb 11 12:55:42 2005
From: tomw at pigstye.net (Tom Willett)
Date: Fri, 11 Feb 2005 12:55:42 -0500
Subject: [geeklog-devel] Home-made problems with forum spam
In-Reply-To: <20050211174506.9032@smtp.haun-online.de>
References: <20050211174506.9032@smtp.haun-online.de>
Message-ID: <420CF19E.5010403@pigstye.net>

On 2/11/2005 12:45 PM, Dirk Haun wrote:

>Okay, part of yesterday's spam DDoS problem was home-made:
>
>Exhibit #1:
>
>Thu Feb 10 15:11:52 2005 - Found Spam Comment [...] posted by user  from
>IP 218.89.189.241
>Thu Feb 10 15:11:55 2005 - Found Spam Comment [...] posted by user  from
>IP 218.89.189.241
>
>2 Posts from the same IP address within 3 seconds? This shouldn't happen.
>
>Reason: The forum's speed limit defaults to 1(!) second.
>
>Suggested fix: In public_html/forum/include/config.php replace
>
>    $forumSpeedLimit = 1;
>
>with
>
>    $forumSpeedLimit = $_CONF['commentspeedlimit'];
>
>
>Exhibit #2:
>
>218.89.189.241 - - [10/Feb/2005:15:11:55 -0500] "POST /forum/
>createtopic.php HTTP/1.0" 200 15328 "http://www.geeklog.net/forum/
>createtopic.php?method=postreply&forum=9&id=20921" "Mozilla/4.0
>(compatible; MSIE 6.0; Windows NT 5.2; .NET CLR 1.1.4322)"
>218.89.189.241 - - [10/Feb/2005:15:11:56 -0500] "GET /index.php?
>msg=8&plugin=spamx HTTP/1.0" 200 47376 "-" "Mozilla/4.0 (compatible; MSIE
>6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
>
>So our friend's spamming scripts have started following the redirect to
>display the "Spam detected" message, causing additional load.
>
>Not sure what the best solution would be for this. On the one hand, I
>think we should display a message in case a regular user accidentally
>posted something that is considered spam (and be it only excerpts from
>his logfiles containing blocked URLs). On the other hand, there's no need
>to display the entire Geeklog framework page. So maybe just display a
>plain-text message and let the script exit?
>
>So instead of
>
>    if ($result > 0) {
>        echo COM_refresh($_CONF['site_url'] . '/index.php?
>msg='.$result.'&amp;plugin=spamx');
>        exit;
>    }
>
>do something like
>    
>    if ($result > 0) {
>        $var = 'PLG_spamx_MESSAGE' . $result;
>        global $$var, $MESSAGE;
>        if (isset ($$var)) {
>            $message = $$var;
>        } else {
>            $message = sprintf ($MESSAGE[61], 'spamx');
>        }
>        header ('Content-Type: text/plain');
>        echo $message;
>        exit;
>    }
>
>... which is pretty much what COM_showMessage would do as a result of the
>above redirect, but without all the surrounding framework. Maybe hiding
>that ugly bit of $$var code and echo'ing out in a new COM_ function ...
>
>Thoughts?
>
>bye, Dirk
>
>
>  
>
It seems to me by the time you get here you have already done most of 
the processing (when lib-common is included), about all you would save 
is the template processing and a small portion of the bandwidth.

-- 

Tom Willett
tomw at pigstye.net



From dirk at haun-online.de  Fri Feb 11 13:49:31 2005
From: dirk at haun-online.de (Dirk Haun)
Date: Fri, 11 Feb 2005 19:49:31 +0100
Subject: [geeklog-devel] Home-made problems with forum spam
In-Reply-To: <420CF19E.5010403@pigstye.net>
References: <420CF19E.5010403@pigstye.net>
Message-ID: <20050211184932.13346@smtp.haun-online.de>

Tom,

>It seems to me by the time you get here you have already done most of 
>the processing (when lib-common is included), about all you would save 
>is the template processing and a small portion of the bandwidth.

The code I was quoting was the one that processes a post, e.g. in the
forum plugin. Currently, we then send a redirect to index.php, which the
spammer's scripts now seem to follow. So rendering index.php causes extra
load - it's an entirely separate HTTP request.

I was proposing that instead of the redirect we abort the script right
when we recognized the post as being spam and output a short message
instead there and then.

bye, Dirk


-- 
http://www.haun-online.de/
http://geeklog.info/



From tomw at pigstye.net  Fri Feb 11 14:06:34 2005
From: tomw at pigstye.net (Tom Willett)
Date: Fri, 11 Feb 2005 14:06:34 -0500
Subject: [geeklog-devel] Home-made problems with forum spam
In-Reply-To: <20050211184932.13346@smtp.haun-online.de>
References: <420CF19E.5010403@pigstye.net> <20050211184932.13346@smtp.haun-online.de>
Message-ID: <420D023A.2040701@pigstye.net>

On 2/11/2005 1:49 PM, Dirk Haun wrote:

>Tom,
>
>  
>
>>It seems to me by the time you get here you have already done most of 
>>the processing (when lib-common is included), about all you would save 
>>is the template processing and a small portion of the bandwidth.
>>    
>>
>
>The code I was quoting was the one that processes a post, e.g. in the
>forum plugin. Currently, we then send a redirect to index.php, which the
>spammer's scripts now seem to follow. So rendering index.php causes extra
>load - it's an entirely separate HTTP request.
>
>I was proposing that instead of the redirect we abort the script right
>when we recognized the post as being spam and output a short message
>instead there and then.
>
>bye, Dirk
>
>
>  
>
Ok I thought you were going back through the whole process again.  If 
you just aborted it when spam was detected that might help with the load 
a bit.

I had someone trying to download for offline use a site I have with 
almost 2000 stories.  The person was very impolite and was asking for a 
story a second ate up all my bandwidth and brought the site to its 
knees.  I put them in the geeklog ban (which just stops processing when 
it hits a ban an exits) but it didn't help because even though it didn't 
get anything he kept on coming and the server load stayed about the 
same.  I finally instituted an apache rewrite ban that freed up my 
bandwidth and server resources. For that reason I am skeptical of any 
technique that causes geeklog to be loaded even though it doesn't return 
much.

-- 

Tom Willett
tomw at pigstye.net

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist8.pair.net/pipermail/geeklog-devel/attachments/20050211/e1296889/attachment.html>

From dirk at haun-online.de  Wed Feb 16 15:55:36 2005
From: dirk at haun-online.de (Dirk Haun)
Date: Wed, 16 Feb 2005 21:55:36 +0100
Subject: [geeklog-devel] Spam, spam, bacon, eggs, and spam
In-Reply-To: <420B66D2.8000405@pigstye.net>
References: <420B66D2.8000405@pigstye.net>
Message-ID: <20050216205536.13708@smtp.haun-online.de>

Tom,

well, looks like the poker spammer is back (after a couple of quite days)
- I got a bunch of trackback spams on geeklog.info about an hour ago
(only 2 made it through, thoug). Which reminded me of this:

>Blacklist.Examine.class.php
>Change line 44 from
>if (preg_match("#$val#", $comment)) {
>to
>if (preg_match("#$val#", html_entity_decode($comment))) {

FYI: html_entity_decode is only available as of PHP 4.3.0.

But it looks like it's also available through the PHP_Compat package
which we already ship with Geeklog 1.3.11, so it should be possible to
use it. Just needs a few extra lines of code.

bye, Dirk


-- 
http://www.haun-online.de/
http://www.handful-of-sparks.de/



From tomw at pigstye.net  Wed Feb 16 16:11:10 2005
From: tomw at pigstye.net (Tom Willett)
Date: Wed, 16 Feb 2005 16:11:10 -0500
Subject: [geeklog-devel] Spam, spam, bacon, eggs, and spam
In-Reply-To: <20050216205536.13708@smtp.haun-online.de>
References: <420B66D2.8000405@pigstye.net> <20050216205536.13708@smtp.haun-online.de>
Message-ID: <4213B6EE.6040506@pigstye.net>

On 2/16/2005 3:55 PM, Dirk Haun wrote:

>Tom,
>
>well, looks like the poker spammer is back (after a couple of quite days)
>- I got a bunch of trackback spams on geeklog.info about an hour ago
>(only 2 made it through, thoug). Which reminded me of this:
>
>  
>
>>Blacklist.Examine.class.php
>>Change line 44 from
>>if (preg_match("#$val#", $comment)) {
>>to
>>if (preg_match("#$val#", html_entity_decode($comment))) {
>>    
>>
>
>FYI: html_entity_decode is only available as of PHP 4.3.0.
>
>But it looks like it's also available through the PHP_Compat package
>which we already ship with Geeklog 1.3.11, so it should be possible to
>use it. Just needs a few extra lines of code.
>
>bye, Dirk
>
>
>  
>
Yes didn't pay attention to the version availability. 

I think we need to figure out some spam that just eliminates the stupid 
people who respond to it.  We could clean out the gene pool and 
eliminate the spam problem all at once.

Oh wait.  My oldest son who is brilliant I might add (a microbiologist), 
has gotten hooked on internet gambling, he has probably been to some of 
our spammers sites.  AHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH

-- 

Tom Willett
tomw at pigstye.net

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist8.pair.net/pipermail/geeklog-devel/attachments/20050216/ef6a20f6/attachment.html>

From vfuria at gmail.com  Fri Feb 18 11:04:28 2005
From: vfuria at gmail.com (Vincent Furia)
Date: Fri, 18 Feb 2005 11:04:28 -0500
Subject: [geeklog-devel] COM_applyFilter doesn't accept negative numbers
Message-ID: <8319e2d6050218080430ad0542@mail.gmail.com>

If you call COM_applyFilter($var, true) you run into a problem if $var
is negative.  In that case COM_applyFiler will return 0.

It comes down to this:
    if( $isnumeric )
    {
        // Note: PHP's is_numeric() accepts values like 4e4 as numeric
        if( !is_numeric( $p ) || ( preg_match( '/^([0-9]+)$/', $p ) == 0 ))
        {
            $p = 0;
        }
    }

Notice the preg_match won't match negative numbers.  This is easily
fixed, but I'm not quite sure why is_numeric by itself isn't
sufficient.  Is there any problem if we allow numbers like 4e4 to be
accepted?

I found this because it is breaking the ability to change comment
display modes in pollbooth.php.

-Vinny

P.S.  Note that I have NOT checked in any fixes for this.


From dirk at haun-online.de  Sat Feb 19 16:37:09 2005
From: dirk at haun-online.de (Dirk Haun)
Date: Sat, 19 Feb 2005 22:37:09 +0100
Subject: [geeklog-devel] COM_applyFilter doesn't accept negative numbers
In-Reply-To: <8319e2d6050218080430ad0542@mail.gmail.com>
References: <8319e2d6050218080430ad0542@mail.gmail.com>
Message-ID: <20050219213709.12682@smtp.haun-online.de>

Vinny,

>If you call COM_applyFilter($var, true) you run into a problem if $var
>is negative.  In that case COM_applyFiler will return 0.

Yep, I noticed this myself some time ago. Someone reported that it wasn't
possible to disable poll comments and it came down to the same problem. I
actually worked around it in admin/poll.php now.


>Notice the preg_match won't match negative numbers.  This is easily
>fixed

Good catch.


>Is there any problem if we allow numbers like 4e4 to be accepted?

I couldn't see a reason for us to accept large numbers, especially not in
that notation. Couple that with an unspecified fear of allowing DoS-type
attacks in some scenarios.

In other words, there's no comprehensible reason and we should probably
be doing more sanity checks before accepting large numeric values instead.


Which reminds me of an observation from this discussion: <http://
www.geeklog.net/forum/viewtopic.php?showtopic=48299>. I tried to figure
out how Geeklog could come up with those SQL errors, and it seems if
someone tries to post a comment as a reply to a nonexistent comment ID,
we throw an SQL error. Shouldn't Geeklog catch those?

bye, Dirk


-- 
http://www.haun-online.de/
http://geeklog.info/



From tony at tonybibbs.com  Sun Feb 20 23:37:07 2005
From: tony at tonybibbs.com (Tony Bibbs)
Date: Sun, 20 Feb 2005 22:37:07 -0600
Subject: [geeklog-devel] PEAR::HTTP_Session2 beta released
Message-ID: <42196573.2090603@tonybibbs.com>

Ok, I just uploaded a beta of HTTP_Session2.  You can install it simply 
by typing this in at a command line 'pear install HTTP_Session2-beta'.

Worth noting is that HTTP_Session2, unlike the 1.x codebase, supports 
Creole out-of-the-box.  I've done limited testing so anybody working 
with Creole is encouraged to give this a try.

Please report any bugs via the PEAR website.  Feel free to fire back any 
general questions or concerns.

Thanks,

--Tony


From tomw at pigstye.net  Mon Feb 21 11:09:36 2005
From: tomw at pigstye.net (Tom Willett)
Date: Mon, 21 Feb 2005 11:09:36 -0500
Subject: [geeklog-devel] New Source of Comment Spam
Message-ID: <421A07C0.8010609@pigstye.net>

I just received two comments representing a new source of comment spam.  
I had two different comments (different IPs) hawking the old Nigerian 
email scam.  A whole new class of things to filter on.  I guess I will 
start saving them and see if I can develop a list of words like 
"barrister" to filter on.

-- 

Tom Willett
tomw at pigstye.net



From dirk at haun-online.de  Mon Feb 21 14:10:18 2005
From: dirk at haun-online.de (Dirk Haun)
Date: Mon, 21 Feb 2005 20:10:18 +0100
Subject: [geeklog-devel] New Source of Comment Spam
In-Reply-To: <421A07C0.8010609@pigstye.net>
References: <421A07C0.8010609@pigstye.net>
Message-ID: <20050221191018.26807@smtp.haun-online.de>

Tom Willett wrote:

>A whole new class of things to filter on.  I guess I will 
>start saving them and see if I can develop a list of words like 
>"barrister" to filter on.

Keep us posted.

I also suggest to check your server's logfiles - our special friend has
registered 2 new domains: isacommie and musicbox1, both of the .com variety.

bye, Dirk

P.S. Tony, what about that geeklog-spam list?


-- 
http://www.haun-online.de/
http://geeklog.info/



From vfuria at gmail.com  Wed Feb 23 13:50:54 2005
From: vfuria at gmail.com (Vincent Furia)
Date: Wed, 23 Feb 2005 13:50:54 -0500
Subject: [geeklog-devel] COM_applyFilter doesn't accept negative numbers
In-Reply-To: <20050219213709.12682@smtp.haun-online.de>
References: <8319e2d6050218080430ad0542@mail.gmail.com>
	 <20050219213709.12682@smtp.haun-online.de>
Message-ID: <8319e2d6050223105019c6df65@mail.gmail.com>

I just committed a change to COM_applyFilter to accept negative
numbers (but still not 'e' notation or decimal numbers).

-Vinny


On Sat, 19 Feb 2005 22:37:09 +0100, Dirk Haun <dirk at haun-online.de> wrote:
> Vinny,
> 
> >If you call COM_applyFilter($var, true) you run into a problem if $var
> >is negative.  In that case COM_applyFiler will return 0.
> 
> Yep, I noticed this myself some time ago. Someone reported that it wasn't
> possible to disable poll comments and it came down to the same problem. I
> actually worked around it in admin/poll.php now.
> 
> 
> >Notice the preg_match won't match negative numbers.  This is easily
> >fixed
> 
> Good catch.
> 
> 
> >Is there any problem if we allow numbers like 4e4 to be accepted?
> 
> I couldn't see a reason for us to accept large numbers, especially not in
> that notation. Couple that with an unspecified fear of allowing DoS-type
> attacks in some scenarios.
> 
> In other words, there's no comprehensible reason and we should probably
> be doing more sanity checks before accepting large numeric values instead.
> 
> Which reminds me of an observation from this discussion: <http://
> www.geeklog.net/forum/viewtopic.php?showtopic=48299>. I tried to figure
> out how Geeklog could come up with those SQL errors, and it seems if
> someone tries to post a comment as a reply to a nonexistent comment ID,
> we throw an SQL error. Shouldn't Geeklog catch those?
> 
> bye, Dirk
> 
> --
> http://www.haun-online.de/
> http://geeklog.info/
> 
> _______________________________________________
> geeklog-devel mailing list
> geeklog-devel at lists.geeklog.net
> http://lists.geeklog.net/listinfo/geeklog-devel
>


From vfuria at gmail.com  Wed Feb 23 15:06:55 2005
From: vfuria at gmail.com (Vincent Furia)
Date: Wed, 23 Feb 2005 15:06:55 -0500
Subject: [geeklog-devel] COM_applyFilter doesn't accept negative numbers
In-Reply-To: <20050219213709.12682@smtp.haun-online.de>
References: <8319e2d6050218080430ad0542@mail.gmail.com>
	 <20050219213709.12682@smtp.haun-online.de>
Message-ID: <8319e2d6050223120639cc9d4d@mail.gmail.com>

Also,

I have a fix for the SQL errors Dirk mentioned in this thread (see
below).  It lead me to find some other problems (none serious) with
the comment code.  I'll check in fixes for all of this sooner or
later.

-Vinny

On Sat, 19 Feb 2005 22:37:09 +0100, Dirk Haun <dirk at haun-online.de> wrote:
> Which reminds me of an observation from this discussion: <http://
> www.geeklog.net/forum/viewtopic.php?showtopic=48299>. I tried to figure
> out how Geeklog could come up with those SQL errors, and it seems if
> someone tries to post a comment as a reply to a nonexistent comment ID,
> we throw an SQL error. Shouldn't Geeklog catch those?


From vfuria at gmail.com  Wed Feb 23 22:31:59 2005
From: vfuria at gmail.com (Vincent Furia)
Date: Wed, 23 Feb 2005 22:31:59 -0500
Subject: [geeklog-devel] slashes (/) in comment titles
Message-ID: <8319e2d605022319315acbad1f@mail.gmail.com>

Currently, and for the past since sometime in late 2002/early 2003
geeklog has been doing an extra stripslashes on things coming out of
the database.  Around that time frame we stopped storing the title and
comment in the databases with escaped special characters.

The problem is that if you want a comment with a slash in it ('/') you
currently need to double slash it to get it in the database so that it
shows up correctly.  This is a real PITA.  So I can fix it.  The
problem is how do we fix the pre 2002/2003 comments that still have
escaped special characters?  They'll show up when viewing comments
will all there extra slashes displayed.  This is rather painful to
see.  Of course we can't depend on a date or the contents of the
comments to decide what needs to be stripped and what doesn't (during
an upgrade presumably).

Any ideas on how to handle this?  Should we just release the fix code
and tell people to manually fix the really old comments.

-Vinny

P.S.  Ready to check these code changes in, just waiting for some
feedback on this issue.


From tony at tonybibbs.com  Thu Feb 24 09:54:41 2005
From: tony at tonybibbs.com (Tony Bibbs)
Date: Thu, 24 Feb 2005 08:54:41 -0600
Subject: [geeklog-devel] GL2 plugins and $_SERVER['ORIG_PATH_INFO']
Message-ID: <421DEAB1.2050905@tonybibbs.com>

I have begin implementing one of the GL2 plugins and getting the 
appropriate framework in place.   I have it so that plugins can live 
happily in one folder in /path/to/geeklog-2/plugins making upgrades, etc 
very easy.  However, I'm using $_SERVER['ORIG_PATH_INFO'] to get 
information on the plugin to call.  Thus:

http://www.example.com/index.php/links

would have $_SERVER['ORIG_PATH_INFO'] = '/links';

This isn't unlike what 1.3.x is doing today.  So my obvious question is 
will this work with PHP5 running under IIS?

I don't have the environment to test that out.  Does someone else?  If 
so I can give you a simple PHP5 script to exercise this.  Next question 
is, if it doesn't work under IIS, do we care?  I'm inclined to say yes 
but figured I'd bring it up one last time.

--Tony


From geeklog at langfamily.ca  Thu Feb 24 15:37:09 2005
From: geeklog at langfamily.ca (Blaine Lang)
Date: Thu, 24 Feb 2005 15:37:09 -0500
Subject: [geeklog-devel] GL2 plugins and $_SERVER['ORIG_PATH_INFO']
References: <421DEAB1.2050905@tonybibbs.com>
Message-ID: <000801c51ab0$9cb08eb0$650a10ac@XPBL2>

Tony,

I have a local Winxp + IIS + PHP5 environnment and could test for you.
And yes - we need IIS suppport and ZEUS support :)

Blaine
----- Original Message ----- 
From: "Tony Bibbs" <tony at tonybibbs.com>
To: "Geeklog-Devel" <geeklog-devel at lists.geeklog.net>
Sent: Thursday, February 24, 2005 9:54 AM
Subject: [geeklog-devel] GL2 plugins and $_SERVER['ORIG_PATH_INFO']


I have begin implementing one of the GL2 plugins and getting the 
appropriate framework in place.   I have it so that plugins can live 
happily in one folder in /path/to/geeklog-2/plugins making upgrades, etc 
very easy.  However, I'm using $_SERVER['ORIG_PATH_INFO'] to get 
information on the plugin to call.  Thus:

http://www.example.com/index.php/links

would have $_SERVER['ORIG_PATH_INFO'] = '/links';

This isn't unlike what 1.3.x is doing today.  So my obvious question is 
will this work with PHP5 running under IIS?

I don't have the environment to test that out.  Does someone else?  If 
so I can give you a simple PHP5 script to exercise this.  Next question 
is, if it doesn't work under IIS, do we care?  I'm inclined to say yes 
but figured I'd bring it up one last time.

--Tony
_______________________________________________
geeklog-devel mailing list
geeklog-devel at lists.geeklog.net
http://lists.geeklog.net/listinfo/geeklog-devel



From dirk at haun-online.de  Sat Feb 26 08:26:00 2005
From: dirk at haun-online.de (Dirk Haun)
Date: Sat, 26 Feb 2005 14:26:00 +0100
Subject: [geeklog-devel] Plugin API: Extend Admin's story editor
Message-ID: <20050226132600.26556@smtp.haun-online.de>

For two clients now, I needed a way to extend the Admin's story editor.
I've added two plugin API functions for this: One that is called before
the story editor is displayed (so that the plugin can provide its items
to be displayed in the editor) and one when the story is saved.

I'll talk about the former at another time. The latter is the more
interesting one anyway.

The way I've currently implemented it is that BEFORE the call to DB_save
that actually saves the story, the new plugin API function is called,
giving the plugins a chance to manipulate the data that goes into the
story and save their own data.

However, I've been thinking if it wouldn't make more sense to do the API
call AFTER the story has been saved. Plugins could still manipulate the
story's data if they needed to (read it and write it back) and it would
also ensure that the story has actually been saved.

Notifying plugins that a story has been saved/changed would also go
nicely with the idea of the forum replacing the comments section, <http:/
/project.geeklog.net/tracker/index.php?
func=detail&aid=249&group_id=6&atid=108>, as well as with this patch,
<http://project.geeklog.net/tracker/index.php?
func=detail&aid=382&group_id=6&atid=107>, to pre-populate some comments.

So the call would be something like

    plugin_storysaved_pluginname($story_id)

and the plugin could return an error message in case something went wrong
(in which case admin/story.php would call up the story editor again and
display that error message).

The only problem (but one that also exists when calling the API function
before the DB_save) would be if plugin #1 already did something based on
the new/changed story and then plugin #2 reports an error. Plugins using
that API function would have to be prepared for that case then.

Thoughts?

bye, Dirk


-- 
http://www.haun-online.de/
http://www.tinyweb.de/



From geeklog at langfamily.ca  Sat Feb 26 12:31:02 2005
From: geeklog at langfamily.ca (Blaine Lang)
Date: Sat, 26 Feb 2005 12:31:02 -0500
Subject: [geeklog-devel] Plugin API: Extend Admin's story editor
References: <20050226132600.26556@smtp.haun-online.de>
Message-ID: <001c01c51c28$f155aa80$650a10ac@XPBL2>

Hi Dirk,

Is this the API change that you were referring to in a forum post on 
geeklog.net?
http://www.geeklog.net/forum/viewtopic.php?forum=6&showtopic=48722

We added a simailar API at 1.3.10 for comments PLG_commentPreSave() but did 
not consider stories at the time.
I wonder if we could not make a generic API for content and then it may be 
possible to have it used for any content (stories, comments, or other 
plugins).

You were noting the API would be called after the save or the story record 
created correct?

Can you give some examples of use ( I know bbcode is definitely one) and why 
it's better to do the call after the record is created and not a  PreSave 
like we have now for the comments.

Blaine
----- Original Message ----- 
From: "Dirk Haun" <dirk at haun-online.de>
To: <geeklog-devel at lists.geeklog.net>
Sent: Saturday, February 26, 2005 8:26 AM
Subject: [geeklog-devel] Plugin API: Extend Admin's story editor


For two clients now, I needed a way to extend the Admin's story editor.
I've added two plugin API functions for this: One that is called before
the story editor is displayed (so that the plugin can provide its items
to be displayed in the editor) and one when the story is saved.

I'll talk about the former at another time. The latter is the more
interesting one anyway.

The way I've currently implemented it is that BEFORE the call to DB_save
that actually saves the story, the new plugin API function is called,
giving the plugins a chance to manipulate the data that goes into the
story and save their own data.

However, I've been thinking if it wouldn't make more sense to do the API
call AFTER the story has been saved. Plugins could still manipulate the
story's data if they needed to (read it and write it back) and it would
also ensure that the story has actually been saved.

Notifying plugins that a story has been saved/changed would also go
nicely with the idea of the forum replacing the comments section, <http:/
/project.geeklog.net/tracker/index.php?
func=detail&aid=249&group_id=6&atid=108>, as well as with this patch,
<http://project.geeklog.net/tracker/index.php?
func=detail&aid=382&group_id=6&atid=107>, to pre-populate some comments.

So the call would be something like

    plugin_storysaved_pluginname($story_id)

and the plugin could return an error message in case something went wrong
(in which case admin/story.php would call up the story editor again and
display that error message).

The only problem (but one that also exists when calling the API function
before the DB_save) would be if plugin #1 already did something based on
the new/changed story and then plugin #2 reports an error. Plugins using
that API function would have to be prepared for that case then.

Thoughts?

bye, Dirk


-- 
http://www.haun-online.de/
http://www.tinyweb.de/

_______________________________________________
geeklog-devel mailing list
geeklog-devel at lists.geeklog.net
http://lists.geeklog.net/listinfo/geeklog-devel 



From dirk at haun-online.de  Sat Feb 26 12:59:58 2005
From: dirk at haun-online.de (Dirk Haun)
Date: Sat, 26 Feb 2005 18:59:58 +0100
Subject: [geeklog-devel] Plugin API: Extend Admin's story editor
In-Reply-To: <001c01c51c28$f155aa80$650a10ac@XPBL2>
References: <001c01c51c28$f155aa80$650a10ac@XPBL2>
Message-ID: <20050226175958.26558@smtp.haun-online.de>

Blaine,

>Is this the API change that you were referring to in a forum post on 
>geeklog.net?

No. The discussion there was about comments and I was referring to the
changes Vinny made to the comment API.


>I wonder if we could not make a generic API for content and then it may be 
>possible to have it used for any content (stories, comments, or other 
>plugins).

Hmm, yes, that may be worth thinking about.


>Can you give some examples of use

Attachments in stories was one example. I've done that with a similar
extension to submit.php, but the client also wants it for admin/story.php.

So the plugin (an extended version of the file management plugin) would
provide extensions of the editor form to add files to upload and once the
story is saved, I'll have to post-process the uploaded files and also add
a new autotag to the story's text.

For another client, I have to ensure that certain permissions are set for
the story.


>and why 
>it's better to do the call after the record is created and not a  PreSave 
>like we have now for the comments.

One problem I already mentioned is when you have several plugins hooked
into the API and one of them reports a problem while another has already
successfully updated its data (e.g. a separate table). I imagine that
it's slightly easier to recover for that plugin if the data has already
been saved.

The other reason was lazyness ;-) A story has - when created from the
Admin's story editor - a lot of fields. All those would have to be passed
to the plugin. In the current story editor, it would require quite a few
changes to be able to pass the data to the plugin in a consistent form.

But I guess if we come up with a proper and solid API, then it would be
worth making those changes.

To summarize, my main issue is that of aborting the save in case one of
the plugins runs into a problem and has to recover (i.e. revert its own
tables back to a state before the save). Other than that a pre-save would
require more changes in the existing code, there's no real reason to
prefer it over a post-save API call.

Maybe the solution would be some sort of abort API call?

bye, Dirk


-- 
http://www.haun-online.de/
http://geeklog.info/



From dirk at haun-online.de  Sat Feb 26 15:16:55 2005
From: dirk at haun-online.de (Dirk Haun)
Date: Sat, 26 Feb 2005 21:16:55 +0100
Subject: [geeklog-devel] Plugin API: Extend Admin's story editor
In-Reply-To: <20050226175958.26558@smtp.haun-online.de>
References: <20050226175958.26558@smtp.haun-online.de>
Message-ID: <20050226201655.10686@smtp.haun-online.de>

Okay, Blaine and I had a little brainstorming session on the phone :-)

On the issue of pre-save vs. post-save:

The good thing about the post-save is that we would only have to pass the
ID of the story to the plugins and they could then get all the
information they need from there. The bad thing is that if one of the
plugins reported a problem, the story would already be saved and visible
on the site, if even for the fraction of a second (which may just be long
enough to make it show up in someone's browser).

This problem wouldn't exist with the pre-save call, but then we would
have to pass around the data in an array and we would have to take care
not to lose that data.

My gut feeling at the moment is that the post-save approach would be more
robust. To prevent the story from showing up temporarily, we'd need
something like the draft flag that's only reset once all the plugins
involved gave their okay (it would be an additional flag - the draft flag
has a different meaning and I don't want to change that).


On the issue of plugins reporting a problem:

We would need an abort call. So say plugin #1 has updated its data, but
then plugin #2 reports a problem. We'd have to issue an abort call to all
the plugins that have been called so far, then go back into the story
editor, displaying all the information the user entered and an error
message, provided by the plugin that caused the abort.

Hmm, we also need to get all the plugin-specific data that the user
entered from somewhere. We still have it in the $_POST array at that
point, so that should be possible.

So far, this would look like this (in pseudo-code):

    story_editor()
    {
        PLG_askPluginsForTheirInputFields()
        displayForm()
    }

Once the user clicks on "save":

    save_story()
    {
        DB_save(...story...) // with status = DONT_PUBLISH_YET
        error = PLG_tellPluginsStoryHasBeenSaved()
        if(error)
        {
            PLG_abortHandlingOfStory()
        }
        else
        {
            // reset DONT_PUBLISH_YET flag, so story can be viewed
        }
    }

Actually, the abort call could be handled in the PLG_ function that
informs the plugins about the story that has been saved, since it knows
which plugins have already been called:

    PLG_storySaved(sid)
    {
        foreach(_PLUGINS)
        {
            if(function_exists('plugin_storysaved'))
            {
                error = plugin_storysaved(sid)
                if(error)
                {
                    foreach(_PLUGINS_SO_FAR)
                    {
                        plugin_abortsave(sid)
                    }
                    return(error)
                }
            }
        }
        return(success)
    }


And now for the fun bit: Since this is all pretty generic, the plugin API
could be generic, too. And every plugin, when saving something, could do
these plugin calls as well. That way, plugins could act on other plugins
saving something. Effectively, this would enable you to extend existing
plugins with your own plugin.

    PLG_itemSaved ($id, $type)

Where, as usual, $id is the generic ID of the item, and $type is the type
of the item ('article', 'comment', etc.). Geeklog would call that
function for everything - stories / storysubmissions, comments,
trackbacks, links / linksubmissions, events / eventsubmissions / personal
events, users, groups, topics, blocks, polls, and feeds. Maybe even for
plugins and backups.

Plugins would have a method

    plugin_itemsaved_pluginname($id, $type)

and could act on the $type if they're interested in it (say, only for
stories and files from the file management plugin) and ignore everything else.

This would also replace the current PLG_commentPreSave function. Vinny?


To list a few use cases:

1) Replacement of smilies or BB code in stories and comments.

2) Using the forum as a replacement for comments: On save, the story's
text is copied into a forum post (to start the thread) and the story
itself is modified to include a link to that thread. Add this as an
option to the gl_commentcodes table and you can even select it on a per-
story basis.

3) Pre-populate comments (as in that patch I mentioned in an earlier
post) to encourage comment posters to use certain predefined sub-threads.
The patch mentions a "corrections" and an "off-topic" default comment,
for example.

4) The attachments plugin I'm working on: The user can upload files with
the story (just like images today). The plugin then adds an [attachments:
] autotag to the story's text. When the story is displayed, the
attachments are listed at the end of the story.

I thought #4 would be an example of a plugin extending a plugin, but it
doesn't quite work out. But I'm sure someone will come up with a nifty
idea to use that.

Blaine, did I forget something?

All: Thoughts?

bye, Dirk


-- 
http://www.haun-online.de/
http://mypod.de/



From geeklog at langfamily.ca  Sat Feb 26 17:11:42 2005
From: geeklog at langfamily.ca (Blaine Lang)
Date: Sat, 26 Feb 2005 17:11:42 -0500
Subject: [geeklog-devel] Plugin API: Extend Admin's story editor
References: <20050226175958.26558@smtp.haun-online.de> <20050226201655.10686@smtp.haun-online.de>
Message-ID: <001d01c51c50$26f3cb00$650a10ac@XPBL2>

Dirk,

Great summary and I like the idea of the PLG_itemSaved function also 
handling the condition of the abort and returning the status to the calling 
script.

And I guess your looking a the askPluginsForTheirInputFields() function as 
also being a generic function that would allow any plugin or GL component be 
extended.

Hum .. if we allow additional fields to be added. This would also need to be 
extended to handle edits and deleting.
 - Does edit story allow you to replace the attachement in this case
 - If I delete the story, I need to delete the attachment

Blaine
----- Original Message ----- 
From: "Dirk Haun" <dirk at haun-online.de>
To: <geeklog-devel at lists.geeklog.net>
Sent: Saturday, February 26, 2005 3:16 PM
Subject: Re: [geeklog-devel] Plugin API: Extend Admin's story editor


Okay, Blaine and I had a little brainstorming session on the phone :-)

On the issue of pre-save vs. post-save:

The good thing about the post-save is that we would only have to pass the
ID of the story to the plugins and they could then get all the
information they need from there. The bad thing is that if one of the
plugins reported a problem, the story would already be saved and visible
on the site, if even for the fraction of a second (which may just be long
enough to make it show up in someone's browser).

This problem wouldn't exist with the pre-save call, but then we would
have to pass around the data in an array and we would have to take care
not to lose that data.

My gut feeling at the moment is that the post-save approach would be more
robust. To prevent the story from showing up temporarily, we'd need
something like the draft flag that's only reset once all the plugins
involved gave their okay (it would be an additional flag - the draft flag
has a different meaning and I don't want to change that).


On the issue of plugins reporting a problem:

We would need an abort call. So say plugin #1 has updated its data, but
then plugin #2 reports a problem. We'd have to issue an abort call to all
the plugins that have been called so far, then go back into the story
editor, displaying all the information the user entered and an error
message, provided by the plugin that caused the abort.

Hmm, we also need to get all the plugin-specific data that the user
entered from somewhere. We still have it in the $_POST array at that
point, so that should be possible.

So far, this would look like this (in pseudo-code):

    story_editor()
    {
        PLG_askPluginsForTheirInputFields()
        displayForm()
    }

Once the user clicks on "save":

    save_story()
    {
        DB_save(...story...) // with status = DONT_PUBLISH_YET
        error = PLG_tellPluginsStoryHasBeenSaved()
        if(error)
        {
            PLG_abortHandlingOfStory()
        }
        else
        {
            // reset DONT_PUBLISH_YET flag, so story can be viewed
        }
    }

Actually, the abort call could be handled in the PLG_ function that
informs the plugins about the story that has been saved, since it knows
which plugins have already been called:

    PLG_storySaved(sid)
    {
        foreach(_PLUGINS)
        {
            if(function_exists('plugin_storysaved'))
            {
                error = plugin_storysaved(sid)
                if(error)
                {
                    foreach(_PLUGINS_SO_FAR)
                    {
                        plugin_abortsave(sid)
                    }
                    return(error)
                }
            }
        }
        return(success)
    }


And now for the fun bit: Since this is all pretty generic, the plugin API
could be generic, too. And every plugin, when saving something, could do
these plugin calls as well. That way, plugins could act on other plugins
saving something. Effectively, this would enable you to extend existing
plugins with your own plugin.

    PLG_itemSaved ($id, $type)

Where, as usual, $id is the generic ID of the item, and $type is the type
of the item ('article', 'comment', etc.). Geeklog would call that
function for everything - stories / storysubmissions, comments,
trackbacks, links / linksubmissions, events / eventsubmissions / personal
events, users, groups, topics, blocks, polls, and feeds. Maybe even for
plugins and backups.

Plugins would have a method

    plugin_itemsaved_pluginname($id, $type)

and could act on the $type if they're interested in it (say, only for
stories and files from the file management plugin) and ignore everything 
else.

This would also replace the current PLG_commentPreSave function. Vinny?


To list a few use cases:

1) Replacement of smilies or BB code in stories and comments.

2) Using the forum as a replacement for comments: On save, the story's
text is copied into a forum post (to start the thread) and the story
itself is modified to include a link to that thread. Add this as an
option to the gl_commentcodes table and you can even select it on a per-
story basis.

3) Pre-populate comments (as in that patch I mentioned in an earlier
post) to encourage comment posters to use certain predefined sub-threads.
The patch mentions a "corrections" and an "off-topic" default comment,
for example.

4) The attachments plugin I'm working on: The user can upload files with
the story (just like images today). The plugin then adds an [attachments:
] autotag to the story's text. When the story is displayed, the
attachments are listed at the end of the story.

I thought #4 would be an example of a plugin extending a plugin, but it
doesn't quite work out. But I'm sure someone will come up with a nifty
idea to use that.

Blaine, did I forget something?

All: Thoughts?

bye, Dirk


-- 
http://www.haun-online.de/
http://mypod.de/

_______________________________________________
geeklog-devel mailing list
geeklog-devel at lists.geeklog.net
http://lists.geeklog.net/listinfo/geeklog-devel 



From dirk at haun-online.de  Sat Feb 26 18:07:54 2005
From: dirk at haun-online.de (Dirk Haun)
Date: Sun, 27 Feb 2005 00:07:54 +0100
Subject: [geeklog-devel] Plugin API: Extend Admin's story editor
In-Reply-To: <001d01c51c50$26f3cb00$650a10ac@XPBL2>
References: <001d01c51c50$26f3cb00$650a10ac@XPBL2>
Message-ID: <20050226230754.7279@smtp.haun-online.de>

Blaine,

>And I guess your looking a the askPluginsForTheirInputFields() function as 
>also being a generic function that would allow any plugin or GL component be 
>extended.

Hadn't really thought about that one, but you've got a point there. We
would have to pass the $type as a parameter so that the plugin knows
which form it's asked to extend.


>Hum .. if we allow additional fields to be added. This would also need to be 
>extended to handle edits and deleting.

Good point. We already have a few API functions where we pass a $mode or
$operation parameter, so we could add one here and give the PLG_itemSaved
function an even more generic name, e.g.

    PLG_handleItem ($id, $type, $operation)

where $operation would be one of 'new', 'edit', or 'delete'.


I'm also beginning to worry if the $type is unique enough, now that we
would use more than just 'article' and 'poll'. Maybe we should prefix the
core types with 'geeklog_' or 'core_' to ensure uniqueness.

bye, Dirk


-- 
http://www.haun-online.de/
http://www.tinyweb.de/



From vfuria at gmail.com  Sat Feb 26 18:40:56 2005
From: vfuria at gmail.com (Vincent Furia)
Date: Sat, 26 Feb 2005 18:40:56 -0500
Subject: [geeklog-devel] Plugin API: Extend Admin's story editor
In-Reply-To: <20050226230754.7279@smtp.haun-online.de>
References: <001d01c51c50$26f3cb00$650a10ac@XPBL2>
	 <20050226230754.7279@smtp.haun-online.de>
Message-ID: <8319e2d605022615405b81e97c@mail.gmail.com>

> 
>     PLG_handleItem ($id, $type, $operation)
> 
> where $operation would be one of 'new', 'edit', or 'delete'.
> 
Just a personal preference, but I like having different functions for
different operations.  When you have a single function handle
different operations it usually ends up producing some pretty ugly
code.

Otherwise I like everything you've guys have been discussing.  I
definitely like doing the plugin call after the story save, seems much
more sane to me. :)

Nice work,
-Vinny


From dirk at haun-online.de  Sun Feb 27 09:02:28 2005
From: dirk at haun-online.de (Dirk Haun)
Date: Sun, 27 Feb 2005 15:02:28 +0100
Subject: [geeklog-devel] Plugin API: Extend Admin's story editor
In-Reply-To: <8319e2d605022615405b81e97c@mail.gmail.com>
References: <8319e2d605022615405b81e97c@mail.gmail.com>
Message-ID: <20050227140228.26520@smtp.haun-online.de>

Vincent Furia wrote:

>Just a personal preference, but I like having different functions for
>different operations.

Fine with me. I tried to keep it consistent with other functions we
already have, but then again consistency is not exactly one of the strong
points of the Geeklog Plugin API ...

bye, Dirk


-- 
http://www.haun-online.de/
http://www.tinyweb.de/



From dirk at haun-online.de  Sun Feb 27 12:56:13 2005
From: dirk at haun-online.de (Dirk Haun)
Date: Sun, 27 Feb 2005 18:56:13 +0100
Subject: [geeklog-devel] slashes (/) in comment titles
In-Reply-To: <8319e2d605022319315acbad1f@mail.gmail.com>
References: <8319e2d605022319315acbad1f@mail.gmail.com>
Message-ID: <20050227175613.13306@smtp.haun-online.de>

Vinny,

>The problem is that if you want a comment with a slash in it ('/') you
>currently need to double slash it to get it in the database so that it
>shows up correctly.  This is a real PITA.

It sure is. And I don't have a solution either. Sorry, just wanted to let
you know that I'm aware of the problem ...

There are a lot of places where Geeklog does too many addslashes() so
that you'll end up with extra backslashes in the DB. Over time, we've
tweaked it such that this goes unnoticed most of the time, but of course
that is no solution. It's some really, really ugly legacy code and I have
no idea how to clean up that mess.

bye, Dirk


-- 
http://www.haun-online.de/
http://mypod.de/



From dirk at haun-online.de  Sun Feb 27 17:01:17 2005
From: dirk at haun-online.de (Dirk Haun)
Date: Sun, 27 Feb 2005 23:01:17 +0100
Subject: [geeklog-devel] The next steps towards 1.3.12
Message-ID: <20050227220117.30590@smtp.haun-online.de>

I think we should start wrapping up a few things to get towards a 1.3.12
release eventually.

The biggest 3 open issues I see at the moment are

1) The generic new/edit/delete plugin API extensions we just talked about.

2) Trackback etc.
Work needed here: Add a trackback counter to the stories table (just like
the comments counter); some code to handle timeouts better; allow resends.

3) The external authorisation stuff
Have to refresh my memory what the remaining open issues here actually were.


Once those are done, I'd like us to do a beta release (or "technology
preview" or whatever) to get some user feedback on the new features.
Adding (or even removing) features after that point would still be
possible (as opposed to Release Candidates). I just happen to think that
we could use some input from our users at this point.


I'm pretty busy at work at the moment, so I will probably not have too
much time to work on these things during the week for at least the next 2
weeks. I could handle #1 and #2 (especially #1, since I need that
functionality in plugins I'm working on).

Is anyone willing / interested in taking care of #3?

bye, Dirk


-- 
http://www.haun-online.de/
http://www.haun.info/



From vfuria at gmail.com  Sun Feb 27 18:09:45 2005
From: vfuria at gmail.com (Vincent Furia)
Date: Sun, 27 Feb 2005 18:09:45 -0500
Subject: [geeklog-devel] slashes (/) in comment titles
In-Reply-To: <20050227175613.13306@smtp.haun-online.de>
References: <8319e2d605022319315acbad1f@mail.gmail.com>
	 <20050227175613.13306@smtp.haun-online.de>
Message-ID: <8319e2d605022715095609d1e3@mail.gmail.com>

Well, I think have things working out correctly for slashes in comment
titles.  With the code I've been working on (tested with
magic_quotes_gpc both on and off), slashes work correctly.  The
problem is that older databases, with comments that date before the
winter of 2002, seem to have slashes in the database (as opposed all
comments created since).  The downside to my fix (and any fix possible
at this point) is those older comments will have the slashes that are
in the database displayed.

I'm going to go ahead and check in the changes.  We can always back
them out later.

Laters,
Vinny


On Sun, 27 Feb 2005 18:56:13 +0100, Dirk Haun <dirk at haun-online.de> wrote:
> Vinny,
> 
> >The problem is that if you want a comment with a slash in it ('/') you
> >currently need to double slash it to get it in the database so that it
> >shows up correctly.  This is a real PITA.
> 
> It sure is. And I don't have a solution either. Sorry, just wanted to let
> you know that I'm aware of the problem ...
> 
> There are a lot of places where Geeklog does too many addslashes() so
> that you'll end up with extra backslashes in the DB. Over time, we've
> tweaked it such that this goes unnoticed most of the time, but of course
> that is no solution. It's some really, really ugly legacy code and I have
> no idea how to clean up that mess.
> 
> bye, Dirk
> 
> --
> http://www.haun-online.de/
> http://mypod.de/
> 
> _______________________________________________
> geeklog-devel mailing list
> geeklog-devel at lists.geeklog.net
> http://lists.geeklog.net/listinfo/geeklog-devel
>