From tony at tonybibbs.com Tue Jul 1 10:21:02 2008 From: tony at tonybibbs.com (Tony Bibbs) Date: Tue, 1 Jul 2008 07:21:02 -0700 (PDT) Subject: [geeklog-devel] Regarding the name change of Geeklog. Message-ID: <938034.63128.qm@web704.biz.mail.mud.yahoo.com> Just an FYI I'm talking to Daniel off-list but will get any updates to you guys. --Tony ----- Original Message ---- From: Daniel Burrows To: geeklog-devel at lists.geeklog.net Sent: Monday, June 30, 2008 10:26:45 PM Subject: [geeklog-devel] Regarding the name change of Geeklog. Hello list, I am the author and maintainer of the aptitude frontend to the apt package management system. apt is a common backend used to install software on Debian GNU/Linux systems and systems derived from Debian (such as Ubuntu and Xandros). aptitude is a frontend to apt that provides terminal and command-line interfaces to apt, with a GTK+ graphical interface in development. The Web page of aptitude is http://algebraicthunk.net/~dburrows/projects/aptitude While as a free software author I have no way of quantifying how many users I have, aptitude is a part of the default Debian installation and appears to be the preferred package manager of many users of Debian and related systems. As you might have guessed by now, I'm writing to you because I just learned that you've decided to rename your software to "aptitude"; see, for instance, this mailing list post: http://eight.pairlist.net/pipermail/geeklog-devel/2008-June/003639.html I'm writing to make you aware of the fact that this name is already in use (for eight years now) by a piece of software that is moderately popular, and is probably even used by some of the same people who use Geeklog. This name change will lead to confusion and namespace difficulties for our users; please don't inflict that on them. I'm sure that there are plenty of perfectly fine names for your software that don't step on the names of established free software programs. Thanks, Daniel _______________________________________________ geeklog-devel mailing list geeklog-devel at lists.geeklog.net http://eight.pairlist.net/mailman/listinfo/geeklog-devel From dirk at haun-online.de Tue Jul 1 15:43:48 2008 From: dirk at haun-online.de (Dirk Haun) Date: Tue, 1 Jul 2008 21:43:48 +0200 Subject: [geeklog-devel] Next version? In-Reply-To: <7b42e7470806301043p93cb238q96d92caed5a78baa@mail.gmail.com> References: <20080629192123.1033801702@smtp.haun-online.de> <7b42e7470806301043p93cb238q96d92caed5a78baa@mail.gmail.com> Message-ID: <20080701194348.2146147386@smtp.haun-online.de> Michael Jervis wrote: >> By our previous numbering scheme, that would call for a version 1.5.1 >>anyway. > >Would that imply we need to support 1.5.0 still then? I guess so. We did abandon a version before (1.3.10) after it turned out too buggy (and needed a security fix on top of that). We could do that again, but it doesn't solve our problem if we get to 1.5.2, 1.5.3, etc. So if we want to abandon the "ugly" version numbers, we need a new formula to make it clear which previous versions we support. bye, Dirk -- http://www.geeklog.net/ http://geeklog.info/ From dirk at haun-online.de Tue Jul 1 16:10:36 2008 From: dirk at haun-online.de (Dirk Haun) Date: Tue, 1 Jul 2008 22:10:36 +0200 Subject: [geeklog-devel] Proposal: Roadmap In-Reply-To: <7b42e7470806301103g6d91558eoa1f8407076fe1b8a@mail.gmail.com> References: <7b42e7470806301103g6d91558eoa1f8407076fe1b8a@mail.gmail.com> Message-ID: <20080701201036.1620018222@smtp.haun-online.de> Michael Jervis wrote: >I've just quickly scratched up what I think is a semi-practical roadmap. Looks okay to me. >Dates may need tweaking. What do people think? Planning more than 2 versions ahead is probably not worth the effort, other than to give a rough timeframe, IMO. bye, Dirk -- http://www.haun-online.de/ http://geeklog.info/ From mjervis at gmail.com Tue Jul 1 16:30:12 2008 From: mjervis at gmail.com (Michael Jervis) Date: Tue, 1 Jul 2008 21:30:12 +0100 Subject: [geeklog-devel] Next version? In-Reply-To: <7b42e7470806301043p93cb238q96d92caed5a78baa@mail.gmail.com> References: <20080629192123.1033801702@smtp.haun-online.de> <7b42e7470806301043p93cb238q96d92caed5a78baa@mail.gmail.com> Message-ID: <7b42e7470807011330o2bf790d1y1946a4e3b7b7ad46@mail.gmail.com> > Links in rtl: > http://project.geeklog.net/tracking/view.php?id=671 Partially resolved, the CSS needs work, and is beyond my CSS skills. > Core plugins use global when they shouldn't: > http://project.geeklog.net/tracking/view.php?id=663 Resolved. > Root Debug: > http://project.geeklog.net/tracking/view.php?id=673 Resolved. Mike From tony at tonybibbs.com Wed Jul 2 11:12:14 2008 From: tony at tonybibbs.com (Tony Bibbs) Date: Wed, 2 Jul 2008 08:12:14 -0700 (PDT) Subject: [geeklog-devel] Regarding the name change of Geeklog. Message-ID: <676453.92805.qm@web701.biz.mail.mud.yahoo.com> The compromise made is AptitudeCMS. --Tony ----- Original Message ---- From: Tony Bibbs To: Geeklog Development Sent: Tuesday, July 1, 2008 9:21:02 AM Subject: Re: [geeklog-devel] Regarding the name change of Geeklog. Just an FYI I'm talking to Daniel off-list but will get any updates to you guys. --Tony ----- Original Message ---- From: Daniel Burrows To: geeklog-devel at lists.geeklog.net Sent: Monday, June 30, 2008 10:26:45 PM Subject: [geeklog-devel] Regarding the name change of Geeklog. Hello list, I am the author and maintainer of the aptitude frontend to the apt package management system. apt is a common backend used to install software on Debian GNU/Linux systems and systems derived from Debian (such as Ubuntu and Xandros). aptitude is a frontend to apt that provides terminal and command-line interfaces to apt, with a GTK+ graphical interface in development. The Web page of aptitude is http://algebraicthunk.net/~dburrows/projects/aptitude While as a free software author I have no way of quantifying how many users I have, aptitude is a part of the default Debian installation and appears to be the preferred package manager of many users of Debian and related systems. As you might have guessed by now, I'm writing to you because I just learned that you've decided to rename your software to "aptitude"; see, for instance, this mailing list post: http://eight.pairlist.net/pipermail/geeklog-devel/2008-June/003639.html I'm writing to make you aware of the fact that this name is already in use (for eight years now) by a piece of software that is moderately popular, and is probably even used by some of the same people who use Geeklog. This name change will lead to confusion and namespace difficulties for our users; please don't inflict that on them. I'm sure that there are plenty of perfectly fine names for your software that don't step on the names of established free software programs. Thanks, Daniel _______________________________________________ geeklog-devel mailing list geeklog-devel at lists.geeklog.net http://eight.pairlist.net/mailman/listinfo/geeklog-devel _______________________________________________ geeklog-devel mailing list geeklog-devel at lists.geeklog.net http://eight.pairlist.net/mailman/listinfo/geeklog-devel From dirk at haun-online.de Wed Jul 2 13:38:09 2008 From: dirk at haun-online.de (Dirk Haun) Date: Wed, 2 Jul 2008 19:38:09 +0200 Subject: [geeklog-devel] Fwd: [tool] ratproxy - passive web application security assessment tool Message-ID: <20080702173809.362248734@smtp.haun-online.de> May be worth a look: ---------------- Anfang Weiterleitung ---------------- Betreff: [tool] ratproxy - passive web application security assessment tool Gesendet: Mittwoch, 2. Juli 2008 2:02 Uhr Von: Michal Zalewski An: bugtraq at securityfocus.com , websecurity at webappsec.org Kopie: full-disclosure at lists.grok.org.uk Hi all, I am happy to announce that we've just open sourced ratproxy - a free, passive web security assessment tool. This utility is designed to transparently analyze legitimate, browser-driven interactions with tested web applications - and automatically pinpoint, annotate, and prioritize potential flaws or areas of concern on the fly. The proxy analyzes problems such as cross-site script inclusion threats, insufficient cross-site request forgery defenses, caching issues, potentially unsafe cross-domain code inclusion schemes and information leakage scenarios, and much more. For a detailed discussion of the utility, please visit: http://code.google.com/p/ratproxy/wiki/RatproxyDoc Source code is available at: http://code.google.com/p/ratproxy/downloads/list And finally, screenshot of a sample report can be found here: http://lcamtuf.coredump.cx/ratproxy-screen.png The tool should run on Linux, *BSD, MacOS X, and Windows (Cygwin). Since it is in beta, there might be some kinks to be ironed out, and not all web technologies might be properly accounted for. Feedback is appreciated. Please keep in mind that the proxy is meant to highlight interesting patterns in web applications; a further analysis by a security professional is required to interpret the significance of results for a particular platform. Cheers, /mz ----------------- Ende Weiterleitung ----------------- From trinity93 at gmail.com Wed Jul 2 13:52:24 2008 From: trinity93 at gmail.com (Trinity) Date: Wed, 2 Jul 2008 12:52:24 -0500 Subject: [geeklog-devel] Regarding the name change of Geeklog. In-Reply-To: <676453.92805.qm@web701.biz.mail.mud.yahoo.com> References: <676453.92805.qm@web701.biz.mail.mud.yahoo.com> Message-ID: i would have just used altitude that way there isnt any posable conection On Wed, Jul 2, 2008 at 10:12 AM, Tony Bibbs wrote: > The compromise made is AptitudeCMS. > > --Tony > > ----- Original Message ---- > From: Tony Bibbs > To: Geeklog Development > Sent: Tuesday, July 1, 2008 9:21:02 AM > Subject: Re: [geeklog-devel] Regarding the name change of Geeklog. > > Just an FYI I'm talking to Daniel off-list but will get any updates to you > guys. > > --Tony > > ----- Original Message ---- > From: Daniel Burrows > To: geeklog-devel at lists.geeklog.net > Sent: Monday, June 30, 2008 10:26:45 PM > Subject: [geeklog-devel] Regarding the name change of Geeklog. > > Hello list, > > I am the author and maintainer of the aptitude frontend to the apt > package management system. apt is a common backend used to install > software on Debian GNU/Linux systems and systems derived from Debian > (such as Ubuntu and Xandros). aptitude is a frontend to apt that > provides terminal and command-line interfaces to apt, with a GTK+ > graphical interface in development. The Web page of aptitude is > > http://algebraicthunk.net/~dburrows/projects/aptitude > > While as a free software author I have no way of quantifying how many > users I have, aptitude is a part of the default Debian installation and > appears to be the preferred package manager of many users of Debian and > related systems. > > > As you might have guessed by now, I'm writing to you because I > just learned that you've decided to rename your software to > "aptitude"; see, for instance, this mailing list post: > > http://eight.pairlist.net/pipermail/geeklog-devel/2008-June/003639.html > > I'm writing to make you aware of the fact that this name is already > in use (for eight years now) by a piece of software that is moderately > popular, and is probably even used by some of the same people who use > Geeklog. This name change will lead to confusion and namespace > difficulties for our users; please don't inflict that on them. I'm > sure that there are plenty of perfectly fine names for your software > that don't step on the names of established free software programs. > > Thanks, > Daniel > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://eight.pairlist.net/mailman/listinfo/geeklog-devel > > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://eight.pairlist.net/mailman/listinfo/geeklog-devel > > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://eight.pairlist.net/mailman/listinfo/geeklog-devel > -------------- next part -------------- An HTML attachment was scrubbed... URL: From tony at tonybibbs.com Wed Jul 2 14:17:32 2008 From: tony at tonybibbs.com (Tony Bibbs) Date: Wed, 2 Jul 2008 11:17:32 -0700 (PDT) Subject: [geeklog-devel] Regarding the name change of Geeklog. Message-ID: <912929.3820.qm@web706.biz.mail.mud.yahoo.com> All is well that ends well. Daniel was perfectly fine with it. Thanks, --Tony ----- Original Message ---- From: Trinity To: Geeklog Development Sent: Wednesday, July 2, 2008 12:52:24 PM Subject: Re: [geeklog-devel] Regarding the name change of Geeklog. i would have just used altitude that way there isnt any posable conection On Wed, Jul 2, 2008 at 10:12 AM, Tony Bibbs wrote: The compromise made is AptitudeCMS. --Tony ----- Original Message ---- From: Tony Bibbs To: Geeklog Development Sent: Tuesday, July 1, 2008 9:21:02 AM Subject: Re: [geeklog-devel] Regarding the name change of Geeklog. Just an FYI I'm talking to Daniel off-list but will get any updates to you guys. --Tony ----- Original Message ---- From: Daniel Burrows To: geeklog-devel at lists.geeklog.net Sent: Monday, June 30, 2008 10:26:45 PM Subject: [geeklog-devel] Regarding the name change of Geeklog. Hello list, I am the author and maintainer of the aptitude frontend to the apt package management system. apt is a common backend used to install software on Debian GNU/Linux systems and systems derived from Debian (such as Ubuntu and Xandros). aptitude is a frontend to apt that provides terminal and command-line interfaces to apt, with a GTK+ graphical interface in development. The Web page of aptitude is http://algebraicthunk.net/~dburrows/projects/aptitude While as a free software author I have no way of quantifying how many users I have, aptitude is a part of the default Debian installation and appears to be the preferred package manager of many users of Debian and related systems. As you might have guessed by now, I'm writing to you because I just learned that you've decided to rename your software to "aptitude"; see, for instance, this mailing list post: http://eight.pairlist.net/pipermail/geeklog-devel/2008-June/003639.html I'm writing to make you aware of the fact that this name is already in use (for eight years now) by a piece of software that is moderately popular, and is probably even used by some of the same people who use Geeklog. This name change will lead to confusion and namespace difficulties for our users; please don't inflict that on them. I'm sure that there are plenty of perfectly fine names for your software that don't step on the names of established free software programs. Thanks, Daniel _______________________________________________ geeklog-devel mailing list geeklog-devel at lists.geeklog.net http://eight.pairlist.net/mailman/listinfo/geeklog-devel _______________________________________________ geeklog-devel mailing list geeklog-devel at lists.geeklog.net http://eight.pairlist.net/mailman/listinfo/geeklog-devel _______________________________________________ geeklog-devel mailing list geeklog-devel at lists.geeklog.net http://eight.pairlist.net/mailman/listinfo/geeklog-devel -------------- next part -------------- An HTML attachment was scrubbed... URL: From michael.tutty at gmail.com Wed Jul 2 19:39:03 2008 From: michael.tutty at gmail.com (Michael Tutty) Date: Wed, 2 Jul 2008 18:39:03 -0500 Subject: [geeklog-devel] Regarding the name change of Geeklog. In-Reply-To: References: <676453.92805.qm@web701.biz.mail.mud.yahoo.com> Message-ID: <62d0f2020807021639gb13f777w4d460295757b9fba@mail.gmail.com> I actually suggested that, too. Tony's right - all's well that ends well. M. On Wed, Jul 2, 2008 at 12:52 PM, Trinity wrote: > i would have just used altitude that way there isnt any posable conection > > > > On Wed, Jul 2, 2008 at 10:12 AM, Tony Bibbs wrote: > >> The compromise made is AptitudeCMS. >> >> --Tony >> >> ----- Original Message ---- >> From: Tony Bibbs >> To: Geeklog Development >> Sent: Tuesday, July 1, 2008 9:21:02 AM >> Subject: Re: [geeklog-devel] Regarding the name change of Geeklog. >> >> Just an FYI I'm talking to Daniel off-list but will get any updates to you >> guys. >> >> --Tony >> >> ----- Original Message ---- >> From: Daniel Burrows >> To: geeklog-devel at lists.geeklog.net >> Sent: Monday, June 30, 2008 10:26:45 PM >> Subject: [geeklog-devel] Regarding the name change of Geeklog. >> >> Hello list, >> >> I am the author and maintainer of the aptitude frontend to the apt >> package management system. apt is a common backend used to install >> software on Debian GNU/Linux systems and systems derived from Debian >> (such as Ubuntu and Xandros). aptitude is a frontend to apt that >> provides terminal and command-line interfaces to apt, with a GTK+ >> graphical interface in development. The Web page of aptitude is >> >> http://algebraicthunk.net/~dburrows/projects/aptitude >> >> While as a free software author I have no way of quantifying how many >> users I have, aptitude is a part of the default Debian installation and >> appears to be the preferred package manager of many users of Debian and >> related systems. >> >> >> As you might have guessed by now, I'm writing to you because I >> just learned that you've decided to rename your software to >> "aptitude"; see, for instance, this mailing list post: >> >> >> http://eight.pairlist.net/pipermail/geeklog-devel/2008-June/003639.html >> >> I'm writing to make you aware of the fact that this name is already >> in use (for eight years now) by a piece of software that is moderately >> popular, and is probably even used by some of the same people who use >> Geeklog. This name change will lead to confusion and namespace >> difficulties for our users; please don't inflict that on them. I'm >> sure that there are plenty of perfectly fine names for your software >> that don't step on the names of established free software programs. >> >> Thanks, >> Daniel >> _______________________________________________ >> geeklog-devel mailing list >> geeklog-devel at lists.geeklog.net >> http://eight.pairlist.net/mailman/listinfo/geeklog-devel >> >> _______________________________________________ >> geeklog-devel mailing list >> geeklog-devel at lists.geeklog.net >> http://eight.pairlist.net/mailman/listinfo/geeklog-devel >> >> _______________________________________________ >> geeklog-devel mailing list >> geeklog-devel at lists.geeklog.net >> http://eight.pairlist.net/mailman/listinfo/geeklog-devel >> > > > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://eight.pairlist.net/mailman/listinfo/geeklog-devel > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From dirk at haun-online.de Thu Jul 3 15:44:36 2008 From: dirk at haun-online.de (Dirk Haun) Date: Thu, 3 Jul 2008 21:44:36 +0200 Subject: [geeklog-devel] Next version? In-Reply-To: <20080629192123.1033801702@smtp.haun-online.de> References: <20080629192123.1033801702@smtp.haun-online.de> Message-ID: <20080703194436.1148943864@smtp.haun-online.de> If you go to and select "Geeklog 1" as the Project (upper right corner), a dropdown "[Reset Filter]" should show up in the block of filter criteria . Opening the dropdown reveals two more entries, "All Open Issues" and "Next Release". The latter lists all open issues currently marked as "Target: Next Release", i.e. those which I think should be included in the upcoming bugfix release, whatever it's going to be called. The "undo function" one (#664) may actually be tricky and/or require db changes, but it's necessary as you can render your site non-working by accidentally activating the multi-language features. The only way to revert that currently is to issue some magic SQL requests. That's not acceptable. In addition to these, there are two minor features that I'd like to suggest for inclusion: Allow to exclude articles with "show only in topic" from main RSS feed A button on a story "subscribe this topic" for better usability They both aren't exactly mission-critical but useful and easy to implement. They both require minor additions to the language files, though (one string each, I would guess). Opinions? bye, Dirk -- http://www.haun-online.de/ http://geeklog.info/ From mjervis at gmail.com Fri Jul 4 02:02:15 2008 From: mjervis at gmail.com (Michael Jervis) Date: Fri, 4 Jul 2008 07:02:15 +0100 Subject: [geeklog-devel] Next version? In-Reply-To: <20080703194436.1148943864@smtp.haun-online.de> References: <20080629192123.1033801702@smtp.haun-online.de> <20080703194436.1148943864@smtp.haun-online.de> Message-ID: <7b42e7470807032302g26cb8659wa64cf3d70f523f93@mail.gmail.com> > Opinions? I think that looks pretty reasonable. Unfortunately, I'm on holiday as of Saturday and won't be back until the 18th so will be unable to contribute further until then. Cheers, Mike From hiroron at hiroron.com Fri Jul 4 04:36:12 2008 From: hiroron at hiroron.com (hiroron) Date: Fri, 04 Jul 2008 17:36:12 +0900 Subject: [geeklog-devel] Bench mark (ab) of Caching Template Library(CTL) was measured. Message-ID: <20080704172451.3693.7F1D6845@hiroron.com> Hello. Bench mark (ab) of Caching Template Library(CTL) was measured. First of all, it says from the conclusion. apache + mod-fastcgi environment, "CTL none" is faster. apache + mod-php environment, "There is CTL" is faster. xcache is slightly faster for geeklog than eaccelerator in the bytalk. From the following to details of measurement situation and measurement result then - This result is being opened to the public with GeeklogJP SNS. (japanese: ?????GeeklogJP SNS?????) http://sns.geeklog.jp/?m=pc&a=page_fh_diary&target_c_diary_id=1631 ==<>== ?It measures it by the access to the top page that installs Geeklog. ?Two Geeklog environments are constructed with the subdomain in the same server, and one is CTL and measures CTL none and one. ?The theme is ProfessionalCSS. ?apache + mod-fastcgi environment. [Hardware] ML115: Athlon64 3500+ 2.2GHz / ECC 2GB / SATA 80GB(xfs) [Version] apache: 2.2.3-4 mod-fastcgi: 2.4.2-8 php: 5.2.0 - This measurement is measured from another Debian server in LAN with ab in local IP. (The domain is for the test of LAN environment limitation. ) <> ab -n 500 -c 15 http://geeklog1.winkey.jp/ Requests per second: 7.50 [#/sec] (mean) <> ab -n 500 -c 15 http://geeklog2.winkey.jp/ Requests per second: 6.32 [#/sec] (mean) <> ab -n 500 -c 15 http://geeklog1.winkey.jp/ Requests per second: 18.39 [#/sec] (mean) <> ab -n 500 -c 15 http://geeklog2.winkey.jp/ Requests per second: 13.92 [#/sec] (mean) <> ab -n 500 -c 15 http://geeklog1.winkey.jp/ Requests per second: 15.29 [#/sec] (mean) <> ab -n 500 -c 15 http://geeklog2.winkey.jp/ Requests per second: 13.38 [#/sec] (mean) ==<>== Because the environment was special, the measurement above was measured for a moment also on a real environment + site that seemed to be usually. ==<>== ?It measures it by accessing top page a real site. ?The measurement without there is CTL/CTL is a measurement that switches the value of $_CONF of config.php 'Use_caching_templates'. ?The theme is professional. ?It is apache+mod-php environment. [Hardware] ML115: Athlon64 3500+ 2.2GHz / ECC 512MB / SATA 80GB(reiserfs) [Version] apache: 2.2.3-4 mod-php: 5.2.0 php: 5.2.0 - This measurement is measured from the Debian machine of the environment connected by the Internet (usual dial-up) with ab. <> ab -n 500 -c 15 http://hiroron.com/ Requests per second: 8.61 [#/sec] (mean) <> ab -n 500 -c 15 http://hiroron.com/ Requests per second: 9.64 [#/sec] (mean) ==<>== ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ wkyGeeklogInstaller - Geeklog automatic installation soft Super simple software that installs Geeklog extremely easily. http://hiroron.com/filemgmt/viewcat.php?cid=3 contact hiroron at hiroron.com / http://hiroron.com/ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ From dirk at haun-online.de Fri Jul 4 05:38:52 2008 From: dirk at haun-online.de (Dirk Haun) Date: Fri, 4 Jul 2008 11:38:52 +0200 Subject: [geeklog-devel] MS SQL escaping Message-ID: <20080704093852.4879821@smtp.haun-online.de> Looking through the config class, there are 3 places where we do some special escaping for MS SQL. In functions set() and set_default(), we do if ($_DB_dbms == 'mssql') { $sql_query = str_replace("\\'", "''", $sql_query); $sql_query = str_replace('\\"', '"', $sql_query); whereas in function add(), we do if ($_DB_dbms == 'mssql') { $sql_query = str_replace("\\'", "''", $sql_query); $sql_query = str_replace('\\"', '""', $sql_query); So in the first case, \" is replaced with a single " while in the second case, it's replaced with two "". Am I missing something or is one of those wrong (and if so, which one's correct)? bye, Dirk -- http://www.geeklog.net/ http://geeklog.info/ From mjervis at gmail.com Fri Jul 4 08:34:22 2008 From: mjervis at gmail.com (Michael Jervis) Date: Fri, 4 Jul 2008 13:34:22 +0100 Subject: [geeklog-devel] MS SQL escaping In-Reply-To: <20080704093852.4879821@smtp.haun-online.de> References: <20080704093852.4879821@smtp.haun-online.de> Message-ID: <7b42e7470807040534q56260447me26856b94da9d7bc@mail.gmail.com> The right one is the one I Committed to fix issues with the installer ;-) " does not require escaping in SQL. ' does, and is escaped as '' Geeklog escapes " to \" then passes that in, so we need to change \" to " in passed in SQL Strings. On Fri, Jul 4, 2008 at 10:38, Dirk Haun wrote: > Looking through the config class, there are 3 places where we do some > special escaping for MS SQL. > > In functions set() and set_default(), we do > > if ($_DB_dbms == 'mssql') { > $sql_query = str_replace("\\'", "''", $sql_query); > $sql_query = str_replace('\\"', '"', $sql_query); > > whereas in function add(), we do > > if ($_DB_dbms == 'mssql') { > $sql_query = str_replace("\\'", "''", $sql_query); > $sql_query = str_replace('\\"', '""', $sql_query); > > So in the first case, \" is replaced with a single " while in the second > case, it's replaced with two "". > > Am I missing something or is one of those wrong (and if so, which one's > correct)? > > bye, Dirk > > > -- > http://www.geeklog.net/ > http://geeklog.info/ > > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://eight.pairlist.net/mailman/listinfo/geeklog-devel > -- Michael Jervis mjervis at gmail.com 504B03041400000008008F846431E3543A820800000006000000060000007765 62676F642B4F4D4ACF4F0100504B010214001400000008008F846431E3543A82 0800000006000000060000000000000000002000000000000000776562676F64 504B05060000000001000100340000002C0000000000 From 1000ideen at gmx.de Fri Jul 4 08:27:43 2008 From: 1000ideen at gmx.de (1000ideen at gmx.de) Date: Fri, 04 Jul 2008 14:27:43 +0200 Subject: [geeklog-devel] thoughts on frequent updates Message-ID: <20080704122743.236200@gmx.net> I followed the discussion on a "road map" ans also on the next update. I understand that a road map shows something like reliability but why are 2 updates per year necessary? In my mind fewer updates show more reliability of the product. One key problem is that users with many installations simply don`t want to update frequently. Even an annual update can be too much. I usually omit it when possible. Don`t forget that some updates required a new badbehavior or other plugin and the changes of the theme are very time consuming. So it is not just updating GL, it is a complete new pack. I really hope that GL will have a security support cycle of at least 2 years and does not release updates with a theme or necessary plugin change more than ones a year. I wouldn`t mind a bug fix update in the meantime as long as it doesn`t touch the theme or requires plugin changes. Another problem is that the last releases hardly had any advantages for the user but only for the admin or plugin developer. And don`t forget that more and more people install Geeklog through a hoster`s autoinstaller like fantastico or similar. Those beginner "admins" have great trouble updating anything at all. Thanks, Markus -- GMX startet ShortView.de. Hier findest Du Leute mit Deinen Interessen! Jetzt dabei sein: http://www.shortview.de/wasistshortview.php?mc=sv_ext_mf at gmx From dirk at haun-online.de Fri Jul 4 13:05:58 2008 From: dirk at haun-online.de (Dirk Haun) Date: Fri, 4 Jul 2008 19:05:58 +0200 Subject: [geeklog-devel] Next version? In-Reply-To: <7b42e7470807032302g26cb8659wa64cf3d70f523f93@mail.gmail.com> References: <20080629192123.1033801702@smtp.haun-online.de> <20080703194436.1148943864@smtp.haun-online.de> <7b42e7470807032302g26cb8659wa64cf3d70f523f93@mail.gmail.com> Message-ID: <20080704170558.1286362732@smtp.haun-online.de> Michael Jervis wrote: >Unfortunately, I'm on holiday as of Saturday and won't be back until >the 18th so will be unable to contribute further until then. np, enjoy your holidays. I will also be mostly offline this Saturday and Sunday, but I'll check my email once or twice a day. bye, Dirk -- http://www.geeklog.net/ http://geeklog.info/ From joe at ThrowingDice.com Fri Jul 4 14:11:19 2008 From: joe at ThrowingDice.com (Joe Mucchiello) Date: Fri, 04 Jul 2008 14:11:19 -0400 Subject: [geeklog-devel] MS SQL escaping In-Reply-To: <7b42e7470807040534q56260447me26856b94da9d7bc@mail.gmail.co m> References: <20080704093852.4879821@smtp.haun-online.de> <7b42e7470807040534q56260447me26856b94da9d7bc@mail.gmail.com> Message-ID: <0K3H001LFUJU4Z00@mta1.srv.hcvlny.cv.net> At 08:34 AM 7/4/2008, Michael Jervis wrote: >The right one is the one I Committed to fix issues with the installer ;-) > >" does not require escaping in SQL. ' does, and is escaped as '' > >Geeklog escapes " to \" then passes that in, so we need to change \" >to " in passed in SQL Strings. That's because GL uses the unrecommended addslashes to quote database strings instead of a GL specific function, such as DB_quoteText. If such a function existed, the mysql.class.php version would call mysql_real_escape_string and the mssql.class.php version would just expand (single tick) to (two single ticks) as done in standard SQL. ---- Joe Mucchiello Throwing Dice Games http://www.throwingdice.com From dirk at haun-online.de Mon Jul 7 16:07:31 2008 From: dirk at haun-online.de (Dirk Haun) Date: Mon, 7 Jul 2008 22:07:31 +0200 Subject: [geeklog-devel] Another name change ... Message-ID: <20080707200731.301214038@smtp.haun-online.de> >Hendrickson Software Components has replaced Sp at mX, its spam tracing and >reporting utility, with Purify. (via macnn.com) And from their homepage: >Sp at mX Retires - after many years of faithful service, the venerable >Sp at mX has been officially retired, and its servers taken off-line. Sp at mX >has been replaced by Purify. Just as an FYI - it does _not_ mean that we can use the old name of our plugin again, of course. bye, Dirk -- http://www.geeklog.net/ http://geeklog.info/ From dirk at haun-online.de Tue Jul 8 15:51:17 2008 From: dirk at haun-online.de (Dirk Haun) Date: Tue, 8 Jul 2008 21:51:17 +0200 Subject: [geeklog-devel] [geeklog-cvs] Geeklog-1.x/system lib-security.php, 1.72, 1.73 lib-sessions.php, 1.45, 1.46 In-Reply-To: <20080708184300.96609F7410@qs1489.pair.com> References: <20080708184300.96609F7410@qs1489.pair.com> Message-ID: <20080708195117.789011062@smtp.haun-online.de> Dirk Haun wrote: >Modified Files: > lib-security.php lib-sessions.php >Log Message: >Terminate a user's session when they are being banned Well - it's the session handling, so chances are that I broke something ... Motivation for that change: The other day I caught a user spamming on geeklog.net and banned his account. But his session stayed active which I felt was wrong. So banning a user will now terminate their session. But they still have the long-term cookie and so when they go back to the site, it will attempt to log them in again. That's already handled and the user will get a message about being banned then. But it was still creating a new session for them, which again felt wrong. So that's what this change is all about. Code reviews and feedback welcome. bye, Dirk -- http://www.geeklog.net/ http://geeklog.info/ From wenerd87 at gmail.com Thu Jul 10 01:24:10 2008 From: wenerd87 at gmail.com (Jared Wenerd) Date: Thu, 10 Jul 2008 01:24:10 -0400 Subject: [geeklog-devel] comment moderation queue and hierarchical data Message-ID: Hello, In my summer of code project, there is the feature to send an already published comment to a submission queue. All replies to this comment (and their replies.. and so on..) are sent back into this as well. The ID of the parent comment is stored in the submission table. When resubmitting these queued comments back into the comment table there can be many different scenarios of some comments being approved, deleted, or no action (just remain in the queue). The problem I've been stuck on the past few days is how to deal with all these different cases of saving data back into the comments table and still preserve the correct tree structure if a comment's parent is deleted. Does anybody know of any resources for problem like this? -Jared -------------- next part -------------- An HTML attachment was scrubbed... URL: From wenerd87 at gmail.com Thu Jul 10 01:28:06 2008 From: wenerd87 at gmail.com (Jared Wenerd) Date: Thu, 10 Jul 2008 01:28:06 -0400 Subject: [geeklog-devel] comment moderation queue and hierarchical data In-Reply-To: References: Message-ID: Hello, In my summer of code project, there is the feature to send an already published comment to a submission queue. All replies to this comment (and their replies.. and so on..) are sent back into this as well. The ID of the parent comment is stored in the submission table. When resubmitting these queued comments back into the comment table there can be many different scenarios of some comments being approved, deleted, or no action (just remain in the queue). The problem I've been stuck on the past few days is how to deal with all these different cases of saving data back into the comments table and still preserve the correct tree structure if a comment's parent is deleted. Does anybody know of any resources for problem like this? -Jared -------------- next part -------------- An HTML attachment was scrubbed... URL: From tony at tonybibbs.com Thu Jul 10 14:32:07 2008 From: tony at tonybibbs.com (Tony Bibbs) Date: Thu, 10 Jul 2008 11:32:07 -0700 (PDT) Subject: [geeklog-devel] comment moderation queue and hierarchical data Message-ID: <131153.51074.qm@web704.biz.mail.mud.yahoo.com> Can you force moderation to happen in order? In otherwords if you have multiple records with the same comment ID make them moderate in FIFO mode? Maybe even show them in the queue group by ID? --Tony ----- Original Message ---- From: Jared Wenerd To: geeklog-devel at lists.geeklog.net Sent: Thursday, July 10, 2008 12:24:10 AM Subject: [geeklog-devel] comment moderation queue and hierarchical data Hello, In my summer of code project, there is the feature to send an already published comment to a submission queue. All replies to this comment (and their replies.. and so on..) are sent back into this as well. The ID of the parent comment is stored in the submission table. When resubmitting these queued comments back into the comment table there can be many different scenarios of some comments being approved, deleted, or no action (just remain in the queue). The problem I've been stuck on the past few days is how to deal with all these different cases of saving data back into the comments table and still preserve the correct tree structure if a comment's parent is deleted. Does anybody know of any resources for problem like this? -Jared -------------- next part -------------- An HTML attachment was scrubbed... URL: From dirk at haun-online.de Thu Jul 10 16:18:47 2008 From: dirk at haun-online.de (Dirk Haun) Date: Thu, 10 Jul 2008 22:18:47 +0200 Subject: [geeklog-devel] comment moderation queue and hierarchical data In-Reply-To: References: Message-ID: <20080710201847.641003903@smtp.haun-online.de> Jared Wenerd wrote: >The ID of the parent comment is stored in the submission table. When >resubmitting these queued comments back into the comment table there can be >many different scenarios of some comments being approved, deleted, or no >action (just remain in the queue). Here's a few thoughts: The comment id is auto_increment, so it won't be reused. You could store the original comment's id in a separate field in the submission queue. Doesn't help when the comment's parent has since been deleted, though. Alternatively: Don't use a table for comment submissions but only mark the comments as being in moderation. That should solve the problems, but may require changes in the moderation API (which are only acceptable if they don't break existing code). And finally: A mixture of the two. That would result in some comments being stored twice (temporarily). But if it helps and the "duplicates" are resolved properly and reliably - why not. Hope that gives you some ideas. bye, Dirk P.S. I think it's great that you're keeping us up to date on your progress and problems. I only wish I had more time to actually look at it ... -- http://www.geeklog.net/ http://geeklog.info/ From joe at ThrowingDice.com Thu Jul 10 16:44:30 2008 From: joe at ThrowingDice.com (Joe Mucchiello) Date: Thu, 10 Jul 2008 16:44:30 -0400 Subject: [geeklog-devel] comment moderation queue and hierarchical data In-Reply-To: <20080710201847.641003903@smtp.haun-online.de> References: <20080710201847.641003903@smtp.haun-online.de> Message-ID: <0K3T005G75NR7991@mta4.srv.hcvlny.cv.net> At 04:18 PM 7/10/2008, Dirk Haun wrote: >Alternatively: Don't use a table for comment submissions but only mark >the comments as being in moderation. That should solve the problems, but >may require changes in the moderation API (which are only acceptable if >they don't break existing code). Please, please, please make this possible. But those APIs are going to need some serious overhauling to do it. My simple solution: http://project.geeklog.net/tracking/view.php?id=619 ---- Joe Mucchiello Throwing Dice Games http://www.throwingdice.com From devel at portalparts.com Thu Jul 17 09:27:35 2008 From: devel at portalparts.com (Blaine Lang) Date: Thu, 17 Jul 2008 09:27:35 -0400 Subject: [geeklog-devel] International number formatting Message-ID: We have a COM_numberFormat function that uses defines in config.php or the config table $_CONF['thousand_separator'] = ","; // could be ' , . etc. $_CONF['decimal_separator'] = "."; // could be , . etc. There is not an user defined option to set these but a site supporting multiple regions would want to be have it change depending on region. If we assume that a user selecting Italian wants to see numbers formatted in the European format, then the decimal separator is a comma. How are sites handling this now? Are they setting these defines in the language file and over-riding the default in the config.php?? Blaine From dirk at haun-online.de Thu Jul 17 13:01:25 2008 From: dirk at haun-online.de (Dirk Haun) Date: Thu, 17 Jul 2008 19:01:25 +0200 Subject: [geeklog-devel] International number formatting In-Reply-To: References: Message-ID: <20080717170125.1270094569@smtp.haun-online.de> Blaine Lang wrote: >How are sites handling this now? >Are they setting these defines in the language file and over-riding the >default in the config.php?? When the multi-language support is enabled, you can override all of the locale-related $_CONF options, e.g. $_CONF['thousand_separator_it'] = "."; // or whatever they use in Italy See bye, Dirk -- http://www.geeklog.net/ http://geeklog.info/ From devel at portalparts.com Thu Jul 17 14:11:35 2008 From: devel at portalparts.com (Blaine Lang) Date: Thu, 17 Jul 2008 14:11:35 -0400 Subject: [geeklog-devel] International number formatting In-Reply-To: <20080717170125.1270094569@smtp.haun-online.de> References: <20080717170125.1270094569@smtp.haun-online.de> Message-ID: Uh very nice -- should have checked the wiki. Thanks! @@ < \/ Dirk Haun wrote: > Blaine Lang wrote: > > >> How are sites handling this now? >> Are they setting these defines in the language file and over-riding the >> default in the config.php?? >> > > When the multi-language support is enabled, you can override all of the > locale-related $_CONF options, e.g. > > $_CONF['thousand_separator_it'] = "."; // or whatever they use in Italy > > See Language_Support#Switching_locale_settings> > > bye, Dirk > > > From dirk at haun-online.de Sat Jul 19 04:06:41 2008 From: dirk at haun-online.de (Dirk Haun) Date: Sat, 19 Jul 2008 10:06:41 +0200 Subject: [geeklog-devel] [geeklog-cvs] Geeklog-SoC: Ported fixes over from the Trunk: Allow $_CONF over... In-Reply-To: References: Message-ID: <20080719080641.409462729@smtp.haun-online.de> geeklog-cvs at lists.geeklog.net wrote: >details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/5d8a28d64a81 >changeset: 6227:5d8a28d64a81 >user: dirk at prospero.local >date: Sat Jul 19 09:48:58 2008 +0200 Hmm, not sure why my commits trigger a notification email but those of others don't. Trying to figure out if it's a problem with the mailing list or with the notification script. When you push something to the Mercurial repository, do you get a message like this? remote: notify: sending 1 subscribers 1 changes bye, Dirk -- http://www.geeklog.net/ http://geeklog.info/ From dirk at haun-online.de Sat Jul 19 08:14:56 2008 From: dirk at haun-online.de (Dirk Haun) Date: Sat, 19 Jul 2008 14:14:56 +0200 Subject: [geeklog-devel] Comment editing Message-ID: <20080719121456.396921662@smtp.haun-online.de> I realize the code in the Mercurial repository may be out of date by now, but I thought I'd mention this anyway: I've played around with the comment editing and noticed it's adding a note like so: Edited on Saturday, July 19 2008 @ 09:44 am CEST by Admin Is the tag necessary? Since we have a for that line anyway, why not add a CSS rule for that class that displays the text in italics? Also, can we avoid CamelCaps in CSS class names, please? I know we already have a few of them, but the majority is using the "somename" or "some-name" style. And then I'm wondering if it's a good idea to add that text to the comment. If an Admin would edit a user's comment and the Admin would use a different language than the user, you would end up with a mixture of languages. To avoid this, though, you would have to store the uid of the editing person and the timestamp in new fields in the db. Not sure how much extra work that would create. Jared, Mike - I don't want to mess with your schedule. Just thought I'd point these things out. Btw, as an Admin I should be able to edit a comment even after the edit time has passed. But I guess this simply hasn't been implemented yet. bye, Dirk -- http://www.haun-online.de/ http://spam.tinyweb.net/ From dirk at haun-online.de Sat Jul 19 14:47:05 2008 From: dirk at haun-online.de (Dirk Haun) Date: Sat, 19 Jul 2008 20:47:05 +0200 Subject: [geeklog-devel] Bugtracker update Message-ID: <20080719184705.502539268@smtp.haun-online.de> FYI: I have installed an update for Mantis (there was a security issue) and also finally enabled anonymous access (viewing only). This version appears to have a problem with Postgres, though. I've installed a patch which hopefully fixes things again. Let me know if you run into any problems. bye, Dirk -- http://www.haun-online.de/accu/ From chipper at llamas.net Sat Jul 26 12:23:19 2008 From: chipper at llamas.net (Chris 'Chipper' Chiapusio) Date: Sat, 26 Jul 2008 12:23:19 -0400 Subject: [geeklog-devel] 1.4.1 to 1.5.0 upgrade bug? Message-ID: <20080726162319.GA29035@chipsworld.llamas.net> I'm not sure how anyone did a clean upgrade to 1.5.0 since linksubmission.date has never existed and was not included in the upgrade sql scripts. patch attached. Chip -- ------ **** Warning **** This e-mail message, without warrant or warning, and despite US law as set forth in the Foreign Intelligence Surveillance Act of 1978, may be subject to monitoring by the United States National Security Agency and/or the Department of Defense. Information contained in this message may be used against any senders or recipients, now or in the future, in a public trial or secret tribunal. Please encrypt anything important. PGP Key: http://wwwkeys.pgp.net:11371/pks/lookup?op=get&search=0x6CFA486D -------------- next part -------------- --- mysql_1.4.1_to_1.5.0.php.broke 2008-07-26 12:16:36.000000000 -0400 +++ mysql_1.4.1_to_1.5.0.php 2008-07-26 12:13:14.000000000 -0400 @@ -620,6 +620,7 @@ $blockadmin_id = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name='Block Admin'"); + $P_SQL[] = "ALTER TABLE {$_TABLES['linksubmission']} ADD date datetime NULL AFTER hits"; $P_SQL[] = "ALTER TABLE {$_TABLES['linksubmission']} ADD owner_id mediumint(8) unsigned NOT NULL default '1' AFTER date"; $P_SQL[] = "ALTER TABLE {$_TABLES['linksubmission']} CHANGE category cid varchar(32) NOT NULL"; $P_SQL[] = "ALTER TABLE {$_TABLES['links']} CHANGE category cid varchar(32) NOT NULL"; From dirk at haun-online.de Sun Jul 27 03:12:03 2008 From: dirk at haun-online.de (Dirk Haun) Date: Sun, 27 Jul 2008 09:12:03 +0200 Subject: [geeklog-devel] 1.4.1 to 1.5.0 upgrade bug? In-Reply-To: <20080726162319.GA29035@chipsworld.llamas.net> References: <20080726162319.GA29035@chipsworld.llamas.net> Message-ID: <20080727071203.854230190@smtp.haun-online.de> Chris 'Chipper' Chiapusio wrote: >I'm not sure how anyone did a clean upgrade to 1.5.0 since >linksubmission.date has never existed and was not included in the upgrade sql >scripts. As I said on IRC yesterday, it has existed in Geeklog since at least 1.3.9 (possibly earlier - didn't check any older versions). It's possible that it was introduced in some prehistoric version but not included in the upgrade script. If that's the case, it would only affect a small portion of our users (those with really old databases). The oldest database I have was originally created with 1.3.2 and it does have the date field. bye, Dirk -- http://www.geeklog.net/ http://geeklog.info/ From dirk at haun-online.de Sun Jul 27 07:23:50 2008 From: dirk at haun-online.de (Dirk Haun) Date: Sun, 27 Jul 2008 13:23:50 +0200 Subject: [geeklog-devel] The road ahead - post 1.5.0 In-Reply-To: <7b42e7470806230443o6876fdf4t1c9c1ba97c97c5c@mail.gmail.com> References: <20080622182508.45447649@smtp.haun-online.de> <7b42e7470806230443o6876fdf4t1c9c1ba97c97c5c@mail.gmail.com> Message-ID: <20080727112350.1055406935@smtp.haun-online.de> Michael Jervis wrote: >I think we should aim to have Geeklog 1.5.1 out by the end of July, it >should have a specific set of items in it. > (...) > >We should have a beta release mid-July, final release 31st July. Well, not quite, but we're not too far away either. We now have a few minor new features in CVS and lots of bug fixes. I'd say we stop with the new features now and decide on which of the remaining bugs should be fixed for 1.5.1. Anybody please peruse the bugtracker to indicate which bugfixes should be considered for inclusion. And anything that's not listed there doesn't exist and can't be handled ... Assuming we don't need any further language file changes for the bugfixes (e.g. for new error messages), this would now allow us to give the translators an advance notice. Theme changes were minimal. I would think a theme for 1.5.0 should work just fine with 1.5.1 as it is in CVS now. Still wondering if it's necessary / worth the effort preparing a 1.5.0-1 "strictly bugfixes only" release. Opinions? bye, Dirk -- http://www.haun-online.de/ http://geeklog.info/ From dirk at haun-online.de Sun Jul 27 14:18:04 2008 From: dirk at haun-online.de (Dirk Haun) Date: Sun, 27 Jul 2008 20:18:04 +0200 Subject: [geeklog-devel] [geeklog-cvs] Geeklog-1.x/system/classes story.class.php, 1.32, 1.33 In-Reply-To: <20080727181012.A4D0EF740F@qs1489.pair.com> References: <20080727181012.A4D0EF740F@qs1489.pair.com> Message-ID: <20080727181804.348218378@smtp.haun-online.de> >Index: story.class.php > >*** 1667,1671 **** > // SID's are a special case: > $sid = COM_sanitizeID($array['sid']); >! $oldsid = COM_sanitizeID($array['old_sid']); > > if (empty($sid)) { >--- 1667,1675 ---- > // SID's are a special case: > $sid = COM_sanitizeID($array['sid']); >! if (isset($array['old_sid'])) { >! $oldsid = COM_sanitizeID($array['old_sid'], false); >! } else { >! $oldsid = ''; >! } Btw, this is a nice trap to fall into: COM_sanitizeID will, by default, create a new ID instead of returning an empty string. So when 'old_sid' is not set, you'll end up with a new ID. Which could have all sorts of interesting side effects if you then try to do something clever with that supposedly "old" sid ... bye, Dirk -- http://www.haun-online.de/ http://geeklog.info/ From mjervis at gmail.com Mon Jul 28 03:45:50 2008 From: mjervis at gmail.com (Michael Jervis) Date: Mon, 28 Jul 2008 08:45:50 +0100 Subject: [geeklog-devel] [geeklog-cvs] Geeklog-1.x/system/classes story.class.php, 1.32, 1.33 In-Reply-To: <20080727181804.348218378@smtp.haun-online.de> References: <20080727181012.A4D0EF740F@qs1489.pair.com> <20080727181804.348218378@smtp.haun-online.de> Message-ID: <7b42e7470807280045w391fbf48gfc34bf3f66bd6c48@mail.gmail.com> > Btw, this is a nice trap to fall into: COM_sanitizeID will, by default, > create a new ID instead of returning an empty string. So when 'old_sid' > is not set, you'll end up with a new ID. Which could have all sorts of > interesting side effects if you then try to do something clever with > that supposedly "old" sid ... Erk, nasty! From mjervis at gmail.com Mon Jul 28 15:31:47 2008 From: mjervis at gmail.com (Michael Jervis) Date: Mon, 28 Jul 2008 20:31:47 +0100 Subject: [geeklog-devel] COM_makeClickableLinks Message-ID: <7b42e7470807281231h158dd9c9m26c57d5d97dcd428@mail.gmail.com> All (especially Sami!), There is a bug in the subject function. If it finds "http://www.url.com" we end up with  ;http://www.url.com ; Which isn't good. The original regexp in COM_MakeClickableLinks is: /([^"]?)((((ht|f)tps?):(\/\/)|www\.)[a-z0-9%&_\-\+,;=:@~#\/.\?\[\]]+(\/|[+0-9a-z]))/is I think the first match ([^"]?) is spurious, it matches anything other than " before a link. So bhttp://www.foo.com" matches, but "http://www.foo.com doesn't. So that gives: /((((ht|f)tps?):(\/\/)|www\.)[a-z0-9%&_\-\+,;=:@~#\/.\?\[\]]+(\/|[+0-9a-z]))/is Resulting in:  http://www.url.com  So, need to add an "ignore trailing  " bit to the clause. Closest I can get is: ((((ht|f)tps?):(\/\/)|www\.)[a-z0-9%&_\-\+,;=:@~#\/.\?\[\]]+(\/|[+0-9a-z]))(?= ) Which results in:  http://www.url.com  However, unless there were quotes round the link, it won't match! So "http://www.foo.com" matches and is correctly processed, but http://www.foo.com is not matched. My head is now hurt. Any suggestions? -- Michael Jervis mjervis at gmail.com 504B03041400000008008F846431E3543A820800000006000000060000007765 62676F642B4F4D4ACF4F0100504B010214001400000008008F846431E3543A82 0800000006000000060000000000000000002000000000000000776562676F64 504B05060000000001000100340000002C0000000000 From furiousdog at gmail.com Tue Jul 29 16:49:34 2008 From: furiousdog at gmail.com (Sami Barakat) Date: Tue, 29 Jul 2008 21:49:34 +0100 Subject: [geeklog-devel] COM_makeClickableLinks In-Reply-To: <7b42e7470807281231h158dd9c9m26c57d5d97dcd428@mail.gmail.com> References: <7b42e7470807281231h158dd9c9m26c57d5d97dcd428@mail.gmail.com> Message-ID: <609505460807291349j5950cdb8h25792c5e92c695d8@mail.gmail.com> Hey, I have tried looking into this and I have come up with a partial solution. From my understanding the problem is when a url has a   at the end which is getting parsed along with the url. I ask because I think Gmail has filtered out some of them. Anyway the following regex ([^"]?)(((ht|f)tps?):(\/\/)|www\.)([a-z0-9%&_\-\+,;=:@~#\/.\?\[\]]+)(?'; $string = "normal link http://www.url.com PASS\n"; echo htmlentities(COM_makeClickableLinks($string)); $string = "link with   and quotes \"http://www.url.com \" PASS\n"; echo htmlentities(COM_makeClickableLinks($string)); $string = "complicated link \"www.sub.url.com/folder/index.php?id=foo&user=bar \" PASS\n"; echo htmlentities(COM_makeClickableLinks($string)); $string = "problem link \"www.url.com/words \" FAIL\n"; echo htmlentities(COM_makeClickableLinks($string)); echo ''; This produces normal link www.url.com PASS link with   and quotes "www.url.com " PASS complicated link "sub.url.com/folder/index.php?id=foo&user=bar " PASS problem link "url.com/words " FAIL As you can see the first 3 work, the problem occurs when a url ends with any of the characters: '&' or 'n' or 'b' or 's' or 'p' or ';' So www.url.com/ps would return url.com/ps This is due to the last bit of the regex "(?\\6', $text ); return $text; } in the original regex I was unsure why the "(\/|[+0-9a-z])" part was included. I dont think its necessary so I took it out, maybe there was a particular case that required it which Im overlooking. Anyhow I will have another crack at it later on, it really is a tough one, but this is as far as ive got so far. Sami 2008/7/28 Michael Jervis : > All (especially Sami!), > > There is a bug in the subject function. If it finds > "http://www.url.com" we end up with   href=";http://www.url.com ">;http://www.url.com ; > > Which isn't good. > > The original regexp in COM_MakeClickableLinks is: > > /([^"]?)((((ht|f)tps?):(\/\/)|www\.)[a-z0-9%&_\-\+,;=:@~#\/.\?\[\]]+(\/|[+0-9a-z]))/is > > I think the first match ([^"]?) is spurious, it matches anything other > than " before a link. So bhttp://www.foo.com" matches, but > "http://www.foo.com doesn't. > > So that gives: > /((((ht|f)tps?):(\/\/)|www\.)[a-z0-9%&_\-\+,;=:@~#\/.\?\[\]]+(\/|[+0-9a-z]))/is > > Resulting in: >  http://www.url.com  > > So, need to add an "ignore trailing  " bit to the clause. Closest > I can get is: > ((((ht|f)tps?):(\/\/)|www\.)[a-z0-9%&_\-\+,;=:@~#\/.\?\[\]]+(\/|[+0-9a-z]))(?= ) > > Which results in: >  http://www.url.com  > > However, unless there were quotes round the link, it won't match! So > "http://www.foo.com" matches and is correctly processed, but > http://www.foo.com is not matched. > > My head is now hurt. Any suggestions? > > -- > Michael Jervis > mjervis at gmail.com > 504B03041400000008008F846431E3543A820800000006000000060000007765 > 62676F642B4F4D4ACF4F0100504B010214001400000008008F846431E3543A82 > 0800000006000000060000000000000000002000000000000000776562676F64 > 504B05060000000001000100340000002C0000000000 > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://eight.pairlist.net/mailman/listinfo/geeklog-devel > From furiousdog at gmail.com Wed Jul 30 09:17:09 2008 From: furiousdog at gmail.com (Sami Barakat) Date: Wed, 30 Jul 2008 14:17:09 +0100 Subject: [geeklog-devel] COM_makeClickableLinks In-Reply-To: <609505460807291349j5950cdb8h25792c5e92c695d8@mail.gmail.com> References: <7b42e7470807281231h158dd9c9m26c57d5d97dcd428@mail.gmail.com> <609505460807291349j5950cdb8h25792c5e92c695d8@mail.gmail.com> Message-ID: <609505460807300617n2c1321a1p15fb383d1523b3a8@mail.gmail.com> Hi, I think I've got it now, although its not a complete solution function COM_makeClickableLinks( $text ) { $text = preg_replace( '/([^"]?)(((ht|f)tps?):(\/\/)|(www\.))+((?=([^\s]+) ))?(\8|[a-z0-9%&_\-\+,;=:@~#\/.\?\[\]]+)/is', '\\1\\6\\9', $text ); return $text; } It seems to work well with the following strings: normal link http://www.url.com normal link with early quote http://www.url.com/folder"stuff link with   and quotes "http://www.url.com " www.url.com/ps  complicated link www.sub.url.com/folder/index.php?id=foo&user=bar  it still fails however on these strings link with two   www.url.com/ps   link with early quote and   "http://www.url.com/folder"stuff  The results of the two failed strings is link with two   www.url.com/ps   link with early quote and   "www.url.com/folder"stuff  The second string could probably be fixed by replacing this part of the regular expression '[^\s]+' with this '[a-z0-9%&_\-\+,;=:@~#\/.\?\[\]]+' But really regular expressions are more helpful when validating strings or trying to find substrings in complicated strings, they are not really made to exclude parts of a string. So it might be more effective and less complicated to run through the expression twice. The first time matching urls with   on the end and the second time without. Hope this helps Sami 2008/7/29 Sami Barakat : > Hey, > > I have tried looking into this and I have come up with a partial > solution. From my understanding the problem is when a url has a   > at the end which is getting parsed along with the url. I ask because I > think Gmail has filtered out some of them. Anyway the following regex > > ([^"]?)(((ht|f)tps?):(\/\/)|www\.)([a-z0-9%&_\-\+,;=:@~#\/.\?\[\]]+)(? > Seems to work fairly well. Here is the test code that I am using. > > echo '
';
> $string = "normal link http://www.url.com PASS\n";
> echo htmlentities(COM_makeClickableLinks($string));
> $string = "link with   and quotes \"http://www.url.com \" PASS\n";
> echo htmlentities(COM_makeClickableLinks($string));
> $string = "complicated link
> \"www.sub.url.com/folder/index.php?id=foo&user=bar \"
> PASS\n";
> echo htmlentities(COM_makeClickableLinks($string));
> $string = "problem link \"www.url.com/words \" FAIL\n";
> echo htmlentities(COM_makeClickableLinks($string));
> echo '
'; > > This produces > > normal link www.url.com PASS > link with   and quotes " href="http://www.url.com">www.url.com " PASS > complicated link " href="http://sub.url.com/folder/index.php?id=foo&user=bar">sub.url.com/folder/index.php?id=foo&user=bar " > PASS > problem link "url.com/words " FAIL > > As you can see the first 3 work, the problem occurs when a url ends > with any of the characters: '&' or 'n' or 'b' or 's' or 'p' or ';' > > So www.url.com/ps would return url.com/ps > > This is due to the last bit of the regex "(? just doing (? previous statement is being too greedy. There is also an issue with > the www. being removed, but thats not too much of a problem at the > moment. > > Also the COM_makeClickableLinks function can be simplified by removing > the str_replace statment resulting in simply this > > function COM_makeClickableLinks( $text ) > { > $text = preg_replace( > '/([^"]?)(((ht|f)tps?):(\/\/)|www\.)([a-z0-9%&_\-\+,;=:@~#\/.\?\[\]]+)(? '\\1\\6', $text ); > return $text; > } > > > in the original regex I was unsure why the "(\/|[+0-9a-z])" part was > included. I dont think its necessary so I took it out, maybe there was > a particular case that required it which Im overlooking. > > Anyhow I will have another crack at it later on, it really is a tough > one, but this is as far as ive got so far. > > Sami > > 2008/7/28 Michael Jervis : >> All (especially Sami!), >> >> There is a bug in the subject function. If it finds >> "http://www.url.com" we end up with  > href=";http://www.url.com ">;http://www.url.com ; >> >> Which isn't good. >> >> The original regexp in COM_MakeClickableLinks is: >> >> /([^"]?)((((ht|f)tps?):(\/\/)|www\.)[a-z0-9%&_\-\+,;=:@~#\/.\?\[\]]+(\/|[+0-9a-z]))/is >> >> I think the first match ([^"]?) is spurious, it matches anything other >> than " before a link. So bhttp://www.foo.com" matches, but >> "http://www.foo.com doesn't. >> >> So that gives: >> /((((ht|f)tps?):(\/\/)|www\.)[a-z0-9%&_\-\+,;=:@~#\/.\?\[\]]+(\/|[+0-9a-z]))/is >> >> Resulting in: >>  http://www.url.com  >> >> So, need to add an "ignore trailing  " bit to the clause. Closest >> I can get is: >> ((((ht|f)tps?):(\/\/)|www\.)[a-z0-9%&_\-\+,;=:@~#\/.\?\[\]]+(\/|[+0-9a-z]))(?= ) >> >> Which results in: >>  http://www.url.com  >> >> However, unless there were quotes round the link, it won't match! So >> "http://www.foo.com" matches and is correctly processed, but >> http://www.foo.com is not matched. >> >> My head is now hurt. Any suggestions? >> >> -- >> Michael Jervis >> mjervis at gmail.com >> 504B03041400000008008F846431E3543A820800000006000000060000007765 >> 62676F642B4F4D4ACF4F0100504B010214001400000008008F846431E3543A82 >> 0800000006000000060000000000000000002000000000000000776562676F64 >> 504B05060000000001000100340000002C0000000000 >> _______________________________________________ >> geeklog-devel mailing list >> geeklog-devel at lists.geeklog.net >> http://eight.pairlist.net/mailman/listinfo/geeklog-devel >> >