[geeklog-devel] Plugin help --- Package Extractor
Joe Mucchiello
joe at ThrowingDice.com
Sat Jun 16 15:37:47 EDT 2007
At 10:56 AM 6/16/2007, Chris 'Chipper' Chiapusio wrote:
>I still see plugins refrence their compatability with geeklog by the geeklog
>version. You might consider versioning the GeekLog PLugIn API, thought its
>honestly too early for me to be posting (and i've only finished on cup of
>coffee).
That's not usually a problem actually. Most plugins are dependent of
a specific function existing and so the geeklog version is just a
minimum. I would assume PEAR allows compatibility with version 1.2.3
__and up__. Also the plugin API changes with just about every
version. It is far more likely that the Geeklog version is changing
to accommodate changes to the plugin API since new functionality
usually means new APIs.
>OK, here is where I wander into themes....
>I've been a die-hard redhat/fedora user for over ten years so I don't know if
>other distros do this but... for example apache. In Fedora apache reads in
>all the config files named /etc/httpd/conf.d/*.conf. Themes should have a
>capability API level, and a structure so the aforementioned PEAR installer
>will drop the appropriate plugin theme templates into an automagicly useful
>location.
Actually themes are almost always invalidated by each new version. At
least one template file gains/loses fields each version.
>I guess to tie this all together and have it make sense: Plugins and Theme
>templates are in the same boat. You should be able to use them for GL 1.4,
>1.5, 1.6, etc. if there has been no significant changes. Your PEAR mechanism
>to retrieve plugins must chech compatability, and will that be a massive
>1-to-1 GLver-to-Plugin ver list? or a GL Plugin API Ver ->Plugin List?
That would make sense if Geeklog used sane version numbers. The "1."
at this point is just decoration. The .3 and .4 are major version
numbers. Major API changes occurred between 1.3.11 and 1.4.0 and
that's why it was not called 1.3.12. The last digit is more what most
projects call minor releases, which can contain new features as well
as bug fixes. If you go back a few weeks Dirk was debating whether or
not to release a 1.4.1-1 with just bug fixes or cutting CVS current
over to 1.4.2. What's new in 1.4.2? The entire story system was
revamped. Most projects would be calling that 1.5 or 2.0. Not
Geeklog. We don't have fast climbing version numbers.
The other reason the 1 is just decoration of course is because GL1
and GL2 will share not a single line of code. They are independent
projects linked only by history of the developers.
>or will it be more granular and the plugins request explicit capabilities? I
>guess the current API is not designed for that type of structure (My brain is
>thinking of ESMTP at this point).
You could write a plugin that would do a functions_exists() to
determine what functionality exists in core. But there are usually
security problems with older versions and it is just easier to assume
no one is running them any more.
>This new installer method might also work for themes, but then we need a
>theme package structure that would support multiple versions/capabilities, or
>a range of version/capabilities.
I have a few rants about themes. The Package Extractor was going to
support them but I find there are few standards when it comes to
theme packaging. I think this is because themes don't follow the
normal geeklog rules for most things.
* Themes don't exist in the database. This means they ignore the
geeklog permissions system. If the theme files are in the right
directories, they just work and are available to all users.
* Plugins have a hard time supporting themes because their templates
would have to be duplicated to every theme directory.
* Themes can have a functions.php file that if it is present, it will
be loaded. Somewhere that must be exploitable but I have figured out
how yet. If someone faked their theme cookie in some manner, an
arbitary file could be loaded by geeklog. If themes were loaded only
via the database, this would require both the bogus cookie and a
bogus database entry.
* ALL of the thtml files in a theme should be outside the document
root. Only images/media, css and javascript files should be
accessible from the web.
* The name of the theme is the name of the directory. It would be
nice if there were a public name and a directory name for each theme
so you could have the theme called "Silver Bullet" and the directory
was "silverbullet". This would be made easy by the database having
two name fields. The database tables would be something like
public_name, dir_name, is_enabled, gl_ver, and the perms sextet.
I would like to see a project for fixing those problems. There should
be a layout directory at the same level as system and plugins where
all the interior theme files (and the functions.php file) are
located. And the current /public_html/layout structure would only
contain files that need to be web accessible. There'd be
$_CONF['path_layout'] which would move to /path_to_gl/layout and
$_CONF['path_public_layout'] which would be the old path_layout value.
Yes, I know. Another one of my major refactoring projects....
>This has never been an issue previous because every install was manual and
>humans are (usually) very good at pattern matching (Read the William Gibson
>book by that name BTW) but now we are going to make it a pretty point n'
>click interface and we probably dont want 17 copies of the forum plugin in a
>repository so you can support GL 1.4.1, 1.4.2, 1.4.2b, ad nauseum, the
>everyones filemgmt plugin has become.
Again, this is really not a problem. Forum 2.3 runs on GL 1.3.8 to
1.4.1 (in my experience).
----
Joe Mucchiello
Throwing Dice Games
http://www.throwingdice.com
More information about the geeklog-devel
mailing list