From dirk at haun-online.de Sun Nov 1 05:12:35 2009 From: dirk at haun-online.de (Dirk Haun) Date: Sun, 1 Nov 2009 11:12:35 +0100 Subject: [geeklog-devel] geeklog.net updated to 1.6.1b1 Message-ID: <20091101101235.891568862@smtp.haun-online.de> FYI: I've updated geeklog.net to 1.6.1b1. Let me know if you see any problems. I'll make the announcement later today. In the meantime, you can get the tarball from Also, this now means that development of 1.6.1 is wrapping up, so no more feature additions, please[1]. Bugfixes are fine, of course, as long as they are not too invasive (regarding db, theme, or language file changes). bye, Dirk [1] This shouldn't stop anyone from implementing new features. Remember that we're using a DVCS now. Simply create your own local feature branch and implement it there. Just refrain from pushing those changes until 1.6.1 final is out, please. -- http://www.geeklog.net/ http://geeklog.info/ From devel at portalparts.com Tue Nov 3 09:10:14 2009 From: devel at portalparts.com (Blaine Lang) Date: Tue, 3 Nov 2009 09:10:14 -0500 Subject: [geeklog-devel] Useful Site for developers Message-ID: <7df667c40911030610l13036532h20a9271965bc556b@mail.gmail.com> I think we have all spent time searching for icons and have tried to find them using google or from our bookmarked and have then had to figure out the licensing. Some of us have even paid to have icons created or created them yourself. One of the developer oriented blogs, I follow posted this resource and it's the best search tool I have seen and wanted to share. http://www.iconfinder.net/ Blaine -------------- next part -------------- An HTML attachment was scrubbed... URL: From ironmax at spacequad.com Tue Nov 3 11:05:49 2009 From: ironmax at spacequad.com (Michael Brusletten) Date: Tue, 3 Nov 2009 11:05:49 -0500 Subject: [geeklog-devel] geeklog-devel Digest, Vol 34, Issue 2 References: Message-ID: <000901ca5c9f$8295a0c0$fe00a8c0@node1> Thats really a pretty good site Blaine. Thanks for sharing this with us Michael > Message: 1 > Date: Tue, 3 Nov 2009 09:10:14 -0500 > From: Blaine Lang > Subject: [geeklog-devel] Useful Site for developers > To: geeklog-devel at lists.geeklog.net > Message-ID: > <7df667c40911030610l13036532h20a9271965bc556b at mail.gmail.com> > Content-Type: text/plain; charset="iso-8859-1" > > I think we have all spent time searching for icons and have tried to find > them using google or from our bookmarked and have then had to figure out the > licensing. Some of us have even paid to have icons created or created them > yourself. > > One of the developer oriented blogs, I follow posted this resource and it's > the best search tool I have seen and wanted to share. > > http://www.iconfinder.net/ > > Blaine From cordiste at free.fr Tue Nov 3 12:15:27 2009 From: cordiste at free.fr (cordiste) Date: Tue, 3 Nov 2009 18:15:27 +0100 Subject: [geeklog-devel] Useful Site for developers In-Reply-To: <7df667c40911030610l13036532h20a9271965bc556b@mail.gmail.com> References: <7df667c40911030610l13036532h20a9271965bc556b@mail.gmail.com> Message-ID: <364575ed0911030915r5574790bs9d4c50e5b5d766c7@mail.gmail.com> Nice tool. Thanks, ::Ben 2009/11/3 Blaine Lang > I think we have all spent time searching for icons and have tried to find > them using google or from our bookmarked and have then had to figure out the > licensing. Some of us have even paid to have icons created or created them > yourself. > > One of the developer oriented blogs, I follow posted this resource and it's > the best search tool I have seen and wanted to share. > > http://www.iconfinder.net/ > > Blaine > > > > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://eight.pairlist.net/mailman/listinfo/geeklog-devel > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From sc1245 at messiah.edu Tue Nov 3 14:11:44 2009 From: sc1245 at messiah.edu (Sean Clark) Date: Tue, 03 Nov 2009 14:11:44 -0500 Subject: [geeklog-devel] Useful Site for developers Message-ID: <4AF03A20020000CB00026259@gwia.messiah.edu> Excellent resource Blaine, thanks! To add to it, I like http://www.smashingmagazine.com/ a lot; they have quite a few freebies and great suggestions when developing/designing. - Sean >>> Blaine Lang 11/03/09 9:11 AM >>> I think we have all spent time searching for icons and have tried to find them using google or from our bookmarked and have then had to figure out the licensing. Some of us have even paid to have icons created or created them yourself. One of the developer oriented blogs, I follow posted this resource and it's the best search tool I have seen and wanted to share. http://www.iconfinder.net/ Blaine From dirk at haun-online.de Tue Nov 10 15:23:30 2009 From: dirk at haun-online.de (Dirk Haun) Date: Tue, 10 Nov 2009 21:23:30 +0100 Subject: [geeklog-devel] JavaScript, again Message-ID: <20091110202330.653447652@smtp.haun-online.de> (Continuing from which I thought was growing off-topic and more suited for this mailing list) So we're on the topic of JavaScript again ... Since I seem to be perceived as the one holding things up, let me try and list a few of the things that make me hesitant regarding JavaScript in general: - Believe it or not, but I still use Lynx[1] on a regular basis. It comes in handy that even then I can still change my account settings. It's sad, though, that I can't change the site settings, as the Configuration panel requires JavaScript. Btw, yes, I do have JavaScript enabled in Firefox. - Accessibility. This is an issue for government sites (508[2] or similar local laws) but also affects private and company sites (e.g. the CEO of the company I work for recently "discovered" that as an issue). - Security. Frankly, I don't know a lot about JavaScript security and, as a result, wouldn't feel comfortable telling people that we're "the secure CMS" if there's code of which I don't really know whether it's secure or not. Obviously, those aren't really issues with JavaScript as such but with the way JavaScript is often used (as I see it on other sites). So maybe if we "do it right", that could become a unique selling point for Geeklog: Yes, we do JavaScript, but we're still accessible and secure! I guess it comes down to two things: I see an opening here for a "JavaScript guy" (or gal), i.e. someone with some background in JS who could (help us) answer some of the above questions. Any takers / suggestions? Doesn't have to be someone from the current team (maybe bringing in an "outsider" would even be a good thing at this point). And then there's the issue of adopting a JavaScript library. Since that seems to be about the only consensus on that topic so far: We need to agree on _something_. The last time we discussed this, we ended up with something like 6 different recommendations from 5 different people. Looks like everybody would simply suggest the library they're familiar with. And I guess the ones that are out there and are somewhat popular aren't really all that different from each other. So, I'm trying a different approach and go ahead and suggest we use jQuery. Reasons: Nothing particular, other than that it seems to be popular and that I like what little I have seen from it. Comments? /me steps down from the soapbox and dons asbestos underwear bye, Dirk [1] [2] -- http://www.geeklog.net/ http://geeklog.info/ From tony at tonybibbs.com Tue Nov 10 15:50:52 2009 From: tony at tonybibbs.com (Tony Bibbs) Date: Tue, 10 Nov 2009 14:50:52 -0600 Subject: [geeklog-devel] JavaScript, again In-Reply-To: <20091110202330.653447652@smtp.haun-online.de> References: <20091110202330.653447652@smtp.haun-online.de> Message-ID: Hang in there, it's not as bad as it all sounds On Tue, Nov 10, 2009 at 2:23 PM, Dirk Haun wrote: > - Believe it or not, but I still use Lynx[1] on a regular basis. It > comes in handy that even then I can still change my account settings. > It's sad, though, that I can't change the site settings, as the > Configuration panel requires JavaScript. Btw, yes, I do have JavaScript > enabled in Firefox. > You really need to establish a policy for GL developers (on the wiki?). At play here is the concept of Progressive Enchancement vs. Graceful Degredation. Please take the time to read the section on that here: http://developer.yahoo.com/yui/articles/gbs/ After reading that you have two choices: 1) Agree to use Progressive Enhancement which means make it work without JS and then tweak the user experience using JS for those that have it enabled. Downside is this often means coding a task twice (once for JS support, once without). Upside is it is the best of both worlds. 2) Agree to Gracefully Degrade which means if the browser doesn't support JS, give them a nice message letting them know the feature isn't available on that browser. Now that all said, I still have to give you shit for using Lynx so much still ;-) - Accessibility. This is an issue for government sites (508[2] or > similar local laws) but also affects private and company sites (e.g. the > CEO of the company I work for recently "discovered" that as an issue). > This is again, the issue I noted above. - Security. Frankly, I don't know a lot about JavaScript security and, > as a result, wouldn't feel comfortable telling people that we're "the > secure CMS" if there's code of which I don't really know whether it's > secure or not. > Not sure how much there is really to discuss here. The only real issue I'm aware of is the now infamous MySpace/Facebook cross site domain XML debacle. As for true AJAX requests, you have the benefit of session and cookie variables so you can treat them as you would normal web requests. Aside from the same origin policy what else related to JS security should we be discussing? > So, I'm trying a different approach and go ahead and suggest we use > jQuery. Reasons: Nothing particular, other than that it seems to be > popular and that I like what little I have seen from it. > Coke vs Pepsi. AptitudeCMS only uses jQuery for it's vibrant community and documentation. The most important note, however, is it is completely up to each plugin in AptitudeCMS to decide which JS library they want. Choice there is good but as it pertains to the GL core, yes, you have to pick and I don't think you'll get much complaining. That said, only additional tidbit to mention is I'd be sure that all JS includes occur after the tag instead of the head. Also, there are tools you can pump the JS libraries through to shrink them to reduce their footprint which would be a good thing for production releases. -- Tony Bibbs Phone: (515) 259-0003 Twitter, Skype, Facebook: tonybibbs Web: http://www.tonybibbs.com http://www.apteno.net -------------- next part -------------- An HTML attachment was scrubbed... URL: From dirk at haun-online.de Tue Nov 10 16:03:25 2009 From: dirk at haun-online.de (Dirk Haun) Date: Tue, 10 Nov 2009 22:03:25 +0100 Subject: [geeklog-devel] Meetups Message-ID: <20091110210325.920524853@smtp.haun-online.de> When Tony and myself met again at the Mentor Summit, we agreed that we should try and do this more often, if at all possible (where by "we" I mean any two or more of us Geeklog devs). Email, IRC, VoIP or whatever simply can't beat a face-to-face meeting. There is, of course, this tiny problem of distance. So the idea is that we tell each other which events we're going to, where we're travelling (business or otherwise). If we know of these things well in advance, there might be a chance for a meetup somewhere. And in case money should be an issue - well, we do have some money from our sponsors, so if a few dollars can make a difference, we should consider using them to make it happen. Because ultimately, I believe, the chance to talk something out in person can help the project more than a few more lines of code. Not sure what the best way to organize such dates are, but I've set up a Google Calendar and embedded it here: The dates are a bit Germany-centric for now, obviously. As you can see, there are some regular local events that I'm going to. We should list similar events elsewhere, just in case one of us is in the area. There's an International PHP Conference in Karlsruhe next week that I could have gone to if I really wanted (too late now). I plan to be at the ACCU Conference in Oxford again (in April). FrOSCon 2010 doesn't have a fixed date yet, but should be some time in August. Another possibility for me could be ApacheCon Europe 2010, depending on where and when it takes place. Anyone else want access to that Calendar? Or is there some trendy Web 2.0 site just for this purpose that I haven't heard of yet? bye, Dirk -- http://www.geeklog.net/ http://geeklog.info/ From dirk at haun-online.de Tue Nov 10 16:23:01 2009 From: dirk at haun-online.de (Dirk Haun) Date: Tue, 10 Nov 2009 22:23:01 +0100 Subject: [geeklog-devel] JavaScript, again In-Reply-To: References: <20091110202330.653447652@smtp.haun-online.de> Message-ID: <20091110212301.2106309124@smtp.haun-online.de> Tony Bibbs wrote: >Now that all said, I still have to give you shit for using Lynx so much >still ;-) Yeah, I know. I really should be using Links instead since it can handle those fancy tables ;-) [JS security] >Not sure how much there is really to discuss here. Not knowing how much there is to discuss is part of my problem :) >Coke vs Pepsi. AptitudeCMS only uses jQuery for it's vibrant community and >documentation. The most important note, however, is it is completely up to >each plugin in AptitudeCMS to decide which JS library they want. Choice >there is good but as it pertains to the GL core, yes, you have to pick and I >don't think you'll get much complaining. As I mentioned on the forum discussion, I think we just need some JS code in the core to be able to implement certain features. This shouldn't stop a theme designer or plugin author from using another JS library. bye, Dirk -- http://www.geeklog.net/ http://geeklog.info/ From cordiste at free.fr Tue Nov 10 17:15:48 2009 From: cordiste at free.fr (cordiste) Date: Tue, 10 Nov 2009 23:15:48 +0100 Subject: [geeklog-devel] JavaScript, again In-Reply-To: <20091110212301.2106309124@smtp.haun-online.de> References: <20091110202330.653447652@smtp.haun-online.de> <20091110212301.2106309124@smtp.haun-online.de> Message-ID: <364575ed0911101415x16a8f175vf1b0978e9c8a4684@mail.gmail.com> Hi, +1 for jquery. I tryed it yesterday, very easy to use to make tabs, overlay, tooltips and scrollable. Nice. ::Ben 2009/11/10 Dirk Haun > Tony Bibbs wrote: > > >Now that all said, I still have to give you shit for using Lynx so much > >still ;-) > > Yeah, I know. I really should be using Links instead since it can handle > those fancy tables ;-) > > > [JS security] > >Not sure how much there is really to discuss here. > > Not knowing how much there is to discuss is part of my problem :) > > > >Coke vs Pepsi. AptitudeCMS only uses jQuery for it's vibrant community > and > >documentation. The most important note, however, is it is completely up > to > >each plugin in AptitudeCMS to decide which JS library they want. Choice > >there is good but as it pertains to the GL core, yes, you have to pick and > I > >don't think you'll get much complaining. > > As I mentioned on the forum discussion, I think we just need some JS > code in the core to be able to implement certain features. This > shouldn't stop a theme designer or plugin author from using another JS > library. > > bye, Dirk > > > -- > http://www.geeklog.net/ > http://geeklog.info/ > > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://eight.pairlist.net/mailman/listinfo/geeklog-devel > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From joe at ThrowingDice.com Tue Nov 10 20:03:09 2009 From: joe at ThrowingDice.com (Joe Mucchiello) Date: Tue, 10 Nov 2009 20:03:09 -0500 Subject: [geeklog-devel] Meetups In-Reply-To: <20091110210325.920524853@smtp.haun-online.de> References: <20091110210325.920524853@smtp.haun-online.de> Message-ID: <0KSX0079P6XC3460@mta1.srv.hcvlny.cv.net> At 04:03 PM 11/10/2009, Dirk Haun wrote: >Not sure what the best way to organize such dates are, but I've set up a >Google Calendar and embedded it here: > That you didn't use the calendar on geeklog.net does not speak well of the calendar plugin. ---- Joe Mucchiello Throwing Dice Games http://www.throwingdice.com From info at heatherengineering.com Tue Nov 10 19:56:32 2009 From: info at heatherengineering.com (Euan McKay) Date: Wed, 11 Nov 2009 09:56:32 +0900 Subject: [geeklog-devel] Meetups In-Reply-To: <20091110210325.920524853@smtp.haun-online.de> References: <20091110210325.920524853@smtp.haun-online.de> Message-ID: Good idea. There's Dopplr. http://www.dopplr.com/ Euan. On Wed, Nov 11, 2009 at 06:03, Dirk Haun wrote: > When Tony and myself met again at the Mentor Summit, we agreed that we > should try and do this more often, if at all possible (where by "we" I > mean any two or more of us Geeklog devs). Email, IRC, VoIP or whatever > simply can't beat a face-to-face meeting. > > There is, of course, this tiny problem of distance. > > So the idea is that we tell each other which events we're going to, > where we're travelling (business or otherwise). If we know of these > things well in advance, there might be a chance for a meetup somewhere. > And in case money should be an issue - well, we do have some money from > our sponsors, so if a few dollars can make a difference, we should > consider using them to make it happen. Because ultimately, I believe, > the chance to talk something out in person can help the project more > than a few more lines of code. > > Not sure what the best way to organize such dates are, but I've set up a > Google Calendar and embedded it here: > > > The dates are a bit Germany-centric for now, obviously. As you can see, > there are some regular local events that I'm going to. We should list > similar events elsewhere, just in case one of us is in the area. > > There's an International PHP Conference in Karlsruhe next week that I > could have gone to if I really wanted (too late now). > > I plan to be at the ACCU Conference in Oxford again (in April). FrOSCon > 2010 doesn't have a fixed date yet, but should be some time in August. > > Another possibility for me could be ApacheCon Europe 2010, depending on > where and when it takes place. > > Anyone else want access to that Calendar? Or is there some trendy Web > 2.0 site just for this purpose that I haven't heard of yet? > > bye, Dirk > > > -- > http://www.geeklog.net/ > http://geeklog.info/ > > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://eight.pairlist.net/mailman/listinfo/geeklog-devel > From joe at ThrowingDice.com Tue Nov 10 20:09:17 2009 From: joe at ThrowingDice.com (Joe Mucchiello) Date: Tue, 10 Nov 2009 20:09:17 -0500 Subject: [geeklog-devel] JavaScript, again In-Reply-To: <20091110212301.2106309124@smtp.haun-online.de> References: <20091110202330.653447652@smtp.haun-online.de> <20091110212301.2106309124@smtp.haun-online.de> Message-ID: <0KSX00CZ477GRTZ0@mta1.srv.hcvlny.cv.net> At 04:23 PM 11/10/2009, Dirk Haun wrote: >[JS security] > >Not sure how much there is really to discuss here. > >Not knowing how much there is to discuss is part of my problem :) JS security is not more difficult (or simple) than PHP security. JS allows you to send requests to the server. As long as the server side is secure you are 90% there. The only thing you have to worry about after that is someone intercepting your requests. Not a huge concern really but something to think about. You can pretend AJAX is just a form of webservices from Geeklog's point of view if you wanted. > >Coke vs Pepsi. AptitudeCMS only uses jQuery for it's vibrant community and > >documentation. The most important note, however, is it is completely up to > >each plugin in AptitudeCMS to decide which JS library they want. Choice > >there is good but as it pertains to the GL core, yes, you have to pick and I > >don't think you'll get much complaining. > >As I mentioned on the forum discussion, I think we just need some JS >code in the core to be able to implement certain features. This >shouldn't stop a theme designer or plugin author from using another JS >library. Technically no, but sending more than one JS library to the client are bandwidth and page load time issues. I still say mootools is more Geeklogish but I can't fault choosing jQuery over it. I just associate jQuery with glitz and mootools with substance over style. ---- Joe Mucchiello Throwing Dice Games http://www.throwingdice.com From cordiste at free.fr Wed Nov 11 07:55:17 2009 From: cordiste at free.fr (cordiste) Date: Wed, 11 Nov 2009 13:55:17 +0100 Subject: [geeklog-devel] Meetups In-Reply-To: <0KSX0079P6XC3460@mta1.srv.hcvlny.cv.net> References: <20091110210325.920524853@smtp.haun-online.de> <0KSX0079P6XC3460@mta1.srv.hcvlny.cv.net> Message-ID: <364575ed0911110455x3a240423qc293b802753c3803@mail.gmail.com> Hello, Data API Developer's Guide: PHP Google Calendar allows client applications to view and update calendar events in the form of Google Data API feeds. Your client application can use the Google Calendar Data API to create new events, edit or delete existing events, and query for events that match particular criteria. There are many possible uses for the Calendar Data API. For example, you can create a web front end for your group's calendar that uses Google Calendar as a back end. Or you can generate a public calendar for Google Calendar to display, based on your organization's event database. Or you can search relevant calendars to display a list of upcoming events on those calendars. You can read more on http://code.google.com/intl/en/apis/calendar/data/1.0/developers_guide_php.html ::Ben 2009/11/11 Joe Mucchiello > > At 04:03 PM 11/10/2009, Dirk Haun wrote: >> >> Not sure what the best way to organize such dates are, but I've set up a >> Google Calendar and embedded it here: >> > > That you didn't use the calendar on geeklog.net does not speak well of the calendar plugin. > > ---- > Joe Mucchiello > Throwing Dice Games > http://www.throwingdice.com > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://eight.pairlist.net/mailman/listinfo/geeklog-devel > From joe at ThrowingDice.com Wed Nov 11 09:29:23 2009 From: joe at ThrowingDice.com (Joe Mucchiello) Date: Wed, 11 Nov 2009 09:29:23 -0500 Subject: [geeklog-devel] Meetups In-Reply-To: <364575ed0911110455x3a240423qc293b802753c3803@mail.gmail.co m> References: <20091110210325.920524853@smtp.haun-online.de> <0KSX0079P6XC3460@mta1.srv.hcvlny.cv.net> <364575ed0911110455x3a240423qc293b802753c3803@mail.gmail.com> Message-ID: <0KSY00B7Q893MXZ0@mta2.srv.hcvlny.cv.net> I didn't say Google's calendar wasn't good. I just said Geeklog has a calendar up and running on geeklog.net and it was passed over for an external calendar. If Geeklog devs ate their own dogfood[1] (as the saying goes) they would be a chance they might improve the existing calendar plugin. Instead they are using someone else's calendar which means the existing plugin will not see any loving. The parts of Geeklog that work the best are the parts that the devs use. Here was an opportunity to add the calendar plugin to the set of features the devs use and they didn't. Thus the calendar plugin will probably wither even more than it has. [1] http://en.wikipedia.org/wiki/Eating_one%27s_own_dog_food At 07:55 AM 11/11/2009, cordiste wrote: >Hello, > >Data API Developer's Guide: PHP > >Google Calendar allows client applications to view and update calendar >events in the form of Google Data API feeds. Your client application >can use the Google Calendar Data API to create new events, edit or >delete existing events, and query for events that match particular >criteria. > >There are many possible uses for the Calendar Data API. For example, >you can create a web front end for your group's calendar that uses >Google Calendar as a back end. Or you can generate a public calendar >for Google Calendar to display, based on your organization's event >database. Or you can search relevant calendars to display a list of >upcoming events on those calendars. > >You can read more on >http://code.google.com/intl/en/apis/calendar/data/1.0/developers_guide_php.html > >::Ben > >2009/11/11 Joe Mucchiello > > > > At 04:03 PM 11/10/2009, Dirk Haun wrote: > >> > >> Not sure what the best way to organize such dates are, but I've set up a > >> Google Calendar and embedded it here: > >> > > > > That you didn't use the calendar on geeklog.net does not speak > well of the calendar plugin. > > > > ---- > > Joe Mucchiello > > Throwing Dice Games > > http://www.throwingdice.com > > _______________________________________________ > > geeklog-devel mailing list > > geeklog-devel at lists.geeklog.net > > http://eight.pairlist.net/mailman/listinfo/geeklog-devel > > >_______________________________________________ >geeklog-devel mailing list >geeklog-devel at lists.geeklog.net >http://eight.pairlist.net/mailman/listinfo/geeklog-devel ---- Joe Mucchiello Throwing Dice Games http://www.throwingdice.com From cordiste at free.fr Wed Nov 11 10:04:18 2009 From: cordiste at free.fr (cordiste) Date: Wed, 11 Nov 2009 16:04:18 +0100 Subject: [geeklog-devel] Meetups In-Reply-To: <0KSY00B7Q893MXZ0@mta2.srv.hcvlny.cv.net> References: <20091110210325.920524853@smtp.haun-online.de> <0KSX0079P6XC3460@mta1.srv.hcvlny.cv.net> <364575ed0911110455x3a240423qc293b802753c3803@mail.gmail.com> <0KSY00B7Q893MXZ0@mta2.srv.hcvlny.cv.net> Message-ID: <364575ed0911110704k67aad26boc8d8996775a1cc78@mail.gmail.com> Joe, I just wanted to say it would be great if our client applications (the calendar plugin) could create and show new events, edit or delete existing events and update a Google calendar. ::Ben 2009/11/11 Joe Mucchiello : > I didn't say Google's calendar wasn't good. I just said Geeklog has a > calendar up and running on geeklog.net and it was passed over for an > external calendar. If Geeklog devs ate their own dogfood[1] (as the saying > goes) they would be a chance they might improve the existing calendar > plugin. Instead they are using someone else's calendar which means the > existing plugin will not see any loving. The parts of Geeklog that work the > best are the parts that the devs use. Here was an opportunity to add the > calendar plugin to the set of features the devs use and they didn't. Thus > the calendar plugin will probably wither even more than it has. > > [1] http://en.wikipedia.org/wiki/Eating_one%27s_own_dog_food > > At 07:55 AM 11/11/2009, cordiste wrote: >> >> Hello, >> >> Data API Developer's Guide: PHP >> >> Google Calendar allows client applications to view and update calendar >> events in the form of Google Data API feeds. Your client application >> can use the Google Calendar Data API to create new events, edit or >> delete existing events, and query for events that match particular >> criteria. >> >> There are many possible uses for the Calendar Data API. For example, >> you can create a web front end for your group's calendar that uses >> Google Calendar as a back end. Or you can generate a public calendar >> for Google Calendar to display, based on your organization's event >> database. Or you can search relevant calendars to display a list of >> upcoming events on those calendars. >> >> You can read more on >> >> http://code.google.com/intl/en/apis/calendar/data/1.0/developers_guide_php.html >> >> ::Ben >> >> 2009/11/11 Joe Mucchiello >> > >> > At 04:03 PM 11/10/2009, Dirk Haun wrote: >> >> >> >> Not sure what the best way to organize such dates are, but I've set up >> >> a >> >> Google Calendar and embedded it here: >> >> >> > >> > That you didn't use the calendar on geeklog.net does not speak well of >> > the calendar plugin. >> > >> > ---- >> > Joe Mucchiello >> > Throwing Dice Games >> > http://www.throwingdice.com >> > _______________________________________________ >> > geeklog-devel mailing list >> > geeklog-devel at lists.geeklog.net >> > http://eight.pairlist.net/mailman/listinfo/geeklog-devel >> > >> _______________________________________________ >> geeklog-devel mailing list >> geeklog-devel at lists.geeklog.net >> http://eight.pairlist.net/mailman/listinfo/geeklog-devel > > ---- > Joe Mucchiello > Throwing Dice Games > http://www.throwingdice.com > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://eight.pairlist.net/mailman/listinfo/geeklog-devel > > From vfuria at gmail.com Wed Nov 11 11:14:17 2009 From: vfuria at gmail.com (Vincent Furia) Date: Wed, 11 Nov 2009 09:14:17 -0700 Subject: [geeklog-devel] Meetups In-Reply-To: <364575ed0911110704k67aad26boc8d8996775a1cc78@mail.gmail.com> References: <20091110210325.920524853@smtp.haun-online.de> <0KSX0079P6XC3460@mta1.srv.hcvlny.cv.net> <364575ed0911110455x3a240423qc293b802753c3803@mail.gmail.com> <0KSY00B7Q893MXZ0@mta2.srv.hcvlny.cv.net> <364575ed0911110704k67aad26boc8d8996775a1cc78@mail.gmail.com> Message-ID: <8319e2d60911110814x1fa6fe20u61b6d5e4d23557c8@mail.gmail.com> The calendar plugin has, well, sucked, since I first started working on Geeklog 7+ years ago (wow, has it really been that long?). There have been at least 3 attempts I know of to "fix" the existing calendar and at least one to replace it. They've all fallen through. Maybe a replacement would make a good GSOC project? Or perhaps a sizable bounty to fix or replace it? If we want to either of those routes (or both), we should probably specify some requirements for the new calendar. -Vinny On Wed, Nov 11, 2009 at 8:04 AM, cordiste wrote: > Joe, > > I just wanted to say it would be great if our client applications (the > calendar plugin) could create and show new events, edit or > delete existing events and update a Google calendar. > > ::Ben > > > 2009/11/11 Joe Mucchiello : > > I didn't say Google's calendar wasn't good. I just said Geeklog has a > > calendar up and running on geeklog.net and it was passed over for an > > external calendar. If Geeklog devs ate their own dogfood[1] (as the > saying > > goes) they would be a chance they might improve the existing calendar > > plugin. Instead they are using someone else's calendar which means the > > existing plugin will not see any loving. The parts of Geeklog that work > the > > best are the parts that the devs use. Here was an opportunity to add the > > calendar plugin to the set of features the devs use and they didn't. Thus > > the calendar plugin will probably wither even more than it has. > > > > [1] http://en.wikipedia.org/wiki/Eating_one%27s_own_dog_food > > > > At 07:55 AM 11/11/2009, cordiste wrote: > >> > >> Hello, > >> > >> Data API Developer's Guide: PHP > >> > >> Google Calendar allows client applications to view and update calendar > >> events in the form of Google Data API feeds. Your client application > >> can use the Google Calendar Data API to create new events, edit or > >> delete existing events, and query for events that match particular > >> criteria. > >> > >> There are many possible uses for the Calendar Data API. For example, > >> you can create a web front end for your group's calendar that uses > >> Google Calendar as a back end. Or you can generate a public calendar > >> for Google Calendar to display, based on your organization's event > >> database. Or you can search relevant calendars to display a list of > >> upcoming events on those calendars. > >> > >> You can read more on > >> > >> > http://code.google.com/intl/en/apis/calendar/data/1.0/developers_guide_php.html > >> > >> ::Ben > >> > >> 2009/11/11 Joe Mucchiello > >> > > >> > At 04:03 PM 11/10/2009, Dirk Haun wrote: > >> >> > >> >> Not sure what the best way to organize such dates are, but I've set > up > >> >> a > >> >> Google Calendar and embedded it here: > >> >> > >> > > >> > That you didn't use the calendar on geeklog.net does not speak well > of > >> > the calendar plugin. > >> > > >> > ---- > >> > Joe Mucchiello > >> > Throwing Dice Games > >> > http://www.throwingdice.com > >> > _______________________________________________ > >> > geeklog-devel mailing list > >> > geeklog-devel at lists.geeklog.net > >> > http://eight.pairlist.net/mailman/listinfo/geeklog-devel > >> > > >> _______________________________________________ > >> geeklog-devel mailing list > >> geeklog-devel at lists.geeklog.net > >> http://eight.pairlist.net/mailman/listinfo/geeklog-devel > > > > ---- > > Joe Mucchiello > > Throwing Dice Games > > http://www.throwingdice.com > > _______________________________________________ > > geeklog-devel mailing list > > geeklog-devel at lists.geeklog.net > > http://eight.pairlist.net/mailman/listinfo/geeklog-devel > > > > > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://eight.pairlist.net/mailman/listinfo/geeklog-devel > -------------- next part -------------- An HTML attachment was scrubbed... URL: From dirk at haun-online.de Wed Nov 11 15:51:01 2009 From: dirk at haun-online.de (Dirk Haun) Date: Wed, 11 Nov 2009 21:51:01 +0100 Subject: [geeklog-devel] Meetups In-Reply-To: References: <20091110210325.920524853@smtp.haun-online.de> Message-ID: <20091111205101.834684996@smtp.haun-online.de> Euan McKay wrote: >Good idea. There's Dopplr. Thanks. I've signed up with Dopplr and also with TripIt. TripIt has an integration with LinkedIn but so far I like Dopplr better. http://www.dopplr.com/traveller/dhaun http://www.tripit.com/people/68kmac I don't really want to give any of these sites access to my LinkedIn profile, so if anyone wants to connect, just use the links on those pages. This approach is more closed than the public Google Calendar, but easier to maintain. And it shouldn't be too hard to put the provided widgets up on geeklog.net somewhere. bye, Dirk -- http://www.geeklog.net/ http://geeklog.info/ From kirjaoskamatu at starline.ee Wed Nov 11 17:23:35 2009 From: kirjaoskamatu at starline.ee (=?iso-8859-1?Q?Artur_R=E4pp?=) Date: Thu, 12 Nov 2009 00:23:35 +0200 Subject: [geeklog-devel] JavaScript, again In-Reply-To: <20091110202330.653447652@smtp.haun-online.de> References: <20091110202330.653447652@smtp.haun-online.de> Message-ID: <8D10EEFB882F40398BEB6D661E92F8BC@koduPC> Hi, Maybe you get some answers from this page: WAI-ARIA Implementation in JavaScript UI Libraries http://www.paciellogroup.com/blog/?p=313 HTH Artur R?pp ----- Original Message ----- From: "Dirk Haun" To: "geeklog-devel" Sent: Tuesday, November 10, 2009 10:23 PM Subject: [geeklog-devel] JavaScript, again > (Continuing from showtopic=87955> which I thought was growing off-topic and more suited > for this mailing list) > > So we're on the topic of JavaScript again ... > > Since I seem to be perceived as the one holding things up, let me try > and list a few of the things that make me hesitant regarding JavaScript > in general: > > - Believe it or not, but I still use Lynx[1] on a regular basis. It > comes in handy that even then I can still change my account settings. > It's sad, though, that I can't change the site settings, as the > Configuration panel requires JavaScript. Btw, yes, I do have JavaScript > enabled in Firefox. > > - Accessibility. This is an issue for government sites (508[2] or > similar local laws) but also affects private and company sites (e.g. the > CEO of the company I work for recently "discovered" that as an issue). > > - Security. Frankly, I don't know a lot about JavaScript security and, > as a result, wouldn't feel comfortable telling people that we're "the > secure CMS" if there's code of which I don't really know whether it's > secure or not. > > Obviously, those aren't really issues with JavaScript as such but with > the way JavaScript is often used (as I see it on other sites). So maybe > if we "do it right", that could become a unique selling point for > Geeklog: Yes, we do JavaScript, but we're still accessible and secure! > > I guess it comes down to two things: I see an opening here for a > "JavaScript guy" (or gal), i.e. someone with some background in JS who > could (help us) answer some of the above questions. Any takers / > suggestions? Doesn't have to be someone from the current team (maybe > bringing in an "outsider" would even be a good thing at this point). > > And then there's the issue of adopting a JavaScript library. Since that > seems to be about the only consensus on that topic so far: We need to > agree on _something_. The last time we discussed this, we ended up with > something like 6 different recommendations from 5 different people. > Looks like everybody would simply suggest the library they're familiar > with. And I guess the ones that are out there and are somewhat popular > aren't really all that different from each other. > > So, I'm trying a different approach and go ahead and suggest we use > jQuery. Reasons: Nothing particular, other than that it seems to be > popular and that I like what little I have seen from it. > > Comments? > > /me steps down from the soapbox and dons asbestos underwear > > bye, Dirk > > [1] > [2] > > > -- > http://www.geeklog.net/ > http://geeklog.info/ > > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://eight.pairlist.net/mailman/listinfo/geeklog-devel > From vfuria at gmail.com Wed Nov 11 17:32:56 2009 From: vfuria at gmail.com (Vincent Furia) Date: Wed, 11 Nov 2009 15:32:56 -0700 Subject: [geeklog-devel] Meetups In-Reply-To: <20091111205101.834684996@smtp.haun-online.de> References: <20091110210325.920524853@smtp.haun-online.de> <20091111205101.834684996@smtp.haun-online.de> Message-ID: <8319e2d60911111432w46556311md46b5855f220f47a@mail.gmail.com> I use tripit. It allows you to share your Itineraries as iCal folders. Dopplr might do the same. Then we could display them all in a single place, like Google Calendars (or any other calendar software that supports iCal). -Vinny On Wed, Nov 11, 2009 at 1:51 PM, Dirk Haun wrote: > Euan McKay wrote: > > >Good idea. There's Dopplr. > > Thanks. I've signed up with Dopplr and also with TripIt. TripIt has an > integration with LinkedIn but so far I like Dopplr better. > > http://www.dopplr.com/traveller/dhaun > http://www.tripit.com/people/68kmac > > I don't really want to give any of these sites access to my LinkedIn > profile, so if anyone wants to connect, just use the links on those pages. > > This approach is more closed than the public Google Calendar, but easier > to maintain. And it shouldn't be too hard to put the provided widgets up > on geeklog.net somewhere. > > bye, Dirk > > > -- > http://www.geeklog.net/ > http://geeklog.info/ > > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://eight.pairlist.net/mailman/listinfo/geeklog-devel > -------------- next part -------------- An HTML attachment was scrubbed... URL: From joe at ThrowingDice.com Wed Nov 11 20:19:11 2009 From: joe at ThrowingDice.com (Joe Mucchiello) Date: Wed, 11 Nov 2009 20:19:11 -0500 Subject: [geeklog-devel] Meetups In-Reply-To: <8319e2d60911110814x1fa6fe20u61b6d5e4d23557c8@mail.gmail.co m> References: <20091110210325.920524853@smtp.haun-online.de> <0KSX0079P6XC3460@mta1.srv.hcvlny.cv.net> <364575ed0911110455x3a240423qc293b802753c3803@mail.gmail.com> <0KSY00B7Q893MXZ0@mta2.srv.hcvlny.cv.net> <364575ed0911110704k67aad26boc8d8996775a1cc78@mail.gmail.com> <8319e2d60911110814x1fa6fe20u61b6d5e4d23557c8@mail.gmail.com> Message-ID: <0KSZ003FK2C5DM21@mta2.srv.hcvlny.cv.net> I'm well aware of that, Vinny. There was/is a bounty. Don't need a GSOC or to specify requirements. That all happened over two years ago. I wrote an update and uploaded it in January. It covered 80% of the bounty. The forum thread about it had a few people say they thought it was a worthy improvement. The last post on that forum was in April. The only thing that fell through on that update was no one with hg commit access, committed it. I don't have the time to look into it any more and I have no idea how out of sync the existing plugin and my plugin are. In January Geeklog was still on version 1.5.1. My version adds categories to the calendar that work just like topics do for stories. So if you wanted a private calendar for devs to do meetups, it would be easy to setup. Specs: http://www.geeklog.net/forum/viewtopic.php?forum=2&showtopic=76191 http://www.geeklog.net/forum/viewtopic.php?forum=2&showtopic=76189 http://www.geeklog.net/forum/viewtopic.php?forum=2&showtopic=76193 Release Announcement: http://www.geeklog.net/forum/viewtopic.php?showtopic=85912 File: http://www.geeklog.net/filemgmt/index.php?id=933 At 11:14 AM 11/11/2009, Vincent Furia wrote: >The calendar plugin has, well, sucked, since I first started working >on Geeklog 7+ years ago (wow, has it really been that long?). There >have been at least 3 attempts I know of to "fix" the existing >calendar and at least one to replace it. They've all fallen through. > >Maybe a replacement would make a good GSOC project? Or perhaps a >sizable bounty to fix or replace it? If we want to either of those >routes (or both), we should probably specify some requirements for >the new calendar. > >-Vinny > >On Wed, Nov 11, 2009 at 8:04 AM, cordiste ><cordiste at free.fr> wrote: >Joe, > >I just wanted to say it would be great if our client applications (the >calendar plugin) could create and show new events, edit or >delete existing events and update a Google calendar. > >::Ben > > >2009/11/11 Joe Mucchiello <joe at throwingdice.com>: > > I didn't say Google's calendar wasn't good. I just said Geeklog has a > > calendar up and running on geeklog.net and it > was passed over for an > > external calendar. If Geeklog devs ate their own dogfood[1] (as the saying > > goes) they would be a chance they might improve the existing calendar > > plugin. Instead they are using someone else's calendar which means the > > existing plugin will not see any loving. The parts of Geeklog that work the > > best are the parts that the devs use. Here was an opportunity to add the > > calendar plugin to the set of features the devs use and they didn't. Thus > > the calendar plugin will probably wither even more than it has. > > > > [1] > http://en.wikipedia.org/wiki/Eating_one%27s_own_dog_food > > > > At 07:55 AM 11/11/2009, cordiste wrote: > >> > >> Hello, > >> > >> Data API Developer's Guide: PHP > >> > >> Google Calendar allows client applications to view and update calendar > >> events in the form of Google Data API feeds. Your client application > >> can use the Google Calendar Data API to create new events, edit or > >> delete existing events, and query for events that match particular > >> criteria. > >> > >> There are many possible uses for the Calendar Data API. For example, > >> you can create a web front end for your group's calendar that uses > >> Google Calendar as a back end. Or you can generate a public calendar > >> for Google Calendar to display, based on your organization's event > >> database. Or you can search relevant calendars to display a list of > >> upcoming events on those calendars. > >> > >> You can read more on > >> > >> > http://code.google.com/intl/en/apis/calendar/data/1.0/developers_guide_php.html > >> > >> ::Ben > >> > >> 2009/11/11 Joe Mucchiello > <joe at throwingdice.com> > >> > > >> > At 04:03 PM 11/10/2009, Dirk Haun wrote: > >> >> > >> >> Not sure what the best way to organize such dates are, but I've set up > >> >> a > >> >> Google Calendar and embedded it here: > >> >> > <http://www.geeklog.net/staticpages/index.php/events> > >> > > >> > That you didn't use the calendar on > geeklog.net does not speak well of > >> > the calendar plugin. > >> > > >> > ---- > >> > Joe Mucchiello > >> > Throwing Dice Games > >> > http://www.throwingdice.com > >> > _______________________________________________ > >> > geeklog-devel mailing list > >> > geeklog-devel at lists.geeklog.net > >> > http://eight.pairlist.net/mailman/listinfo/geeklog-devel > >> > > >> _______________________________________________ > >> geeklog-devel mailing list > >> geeklog-devel at lists.geeklog.net > >> http://eight.pairlist.net/mailman/listinfo/geeklog-devel > > > > ---- > > Joe Mucchiello > > Throwing Dice Games > > http://www.throwingdice.com > > _______________________________________________ > > geeklog-devel mailing list > > geeklog-devel at lists.geeklog.net > > http://eight.pairlist.net/mailman/listinfo/geeklog-devel > > > > >_______________________________________________ >geeklog-devel mailing list >geeklog-devel at lists.geeklog.net >http://eight.pairlist.net/mailman/listinfo/geeklog-devel > > >_______________________________________________ >geeklog-devel mailing list >geeklog-devel at lists.geeklog.net >http://eight.pairlist.net/mailman/listinfo/geeklog-devel ---- Joe Mucchiello Throwing Dice Games http://www.throwingdice.com From dirk at haun-online.de Sun Nov 15 07:56:19 2009 From: dirk at haun-online.de (Dirk Haun) Date: Sun, 15 Nov 2009 13:56:19 +0100 Subject: [geeklog-devel] 1.6.1 Message-ID: <20091115125619.1640812690@smtp.haun-online.de> If things stay as quiet as they are right now, it looks like we can skip further RCs and go straight to 1.6.1 "final". We only need to give the translators some more time. So I'm thinking next weekend (21/22) as the release date. FWIW, I've updated geeklog.net with the latest changes from the Mercurial repository. If you find anything wrong, give us a shout. bye, Dirk -- http://www.geeklog.net/ http://geeklog.info/ From sami at sbarakat.co.uk Sun Nov 15 07:49:11 2009 From: sami at sbarakat.co.uk (Sami Barakat) Date: Sun, 15 Nov 2009 12:49:11 +0000 Subject: [geeklog-devel] JavaScript, again In-Reply-To: <20091110212301.2106309124@smtp.haun-online.de> References: <20091110202330.653447652@smtp.haun-online.de> <20091110212301.2106309124@smtp.haun-online.de> Message-ID: <4AFFF8C7.7040500@sbarakat.co.uk> Dirk Haun wrote: > Tony Bibbs wrote: > >> Now that all said, I still have to give you shit for using Lynx so much >> still ;-) >> > > Yeah, I know. I really should be using Links instead since it can handle > those fancy tables ;-) > For what its worth... I have just been reading an article on SEO [1] that uses Lynx as a tool to help robots crawl the site. So the fact that you are still able to use Lynx says a lot for the robot friendly-ness of geeklog. As for which script library to go for, I have just implemented jQuery at the office and so far am very impressed with it, so +1 from me. But there is such a thing as going overboard with JS and when you put SEO into the picture it should mostly be used where robots wont see it, ie user settings, writing posts that sort of thing. Sami [1] http://www.seochat.com/c/a/Search-Engine-Optimization-Help/Using-Lynx-for-SEO-Analysis/1/ From Randy.Kolenko at nextide.ca Mon Nov 16 16:36:38 2009 From: Randy.Kolenko at nextide.ca (Randy Kolenko) Date: Mon, 16 Nov 2009 16:36:38 -0500 Subject: [geeklog-devel] GL zip/tar plugin install Message-ID: <063B8B70CB9DA141B2FC1DB483561B9F356F0A@nex-pluto.nextide.ca> I'm getting odd errors out of the tar.gz/zip upload from the latest GL RC1 package where the system is telling me that the archive I've uploaded is not a valid tar.gz or zip file. This I know is not the case as I physically used 3 different zipping methods to create a zip file (7zip, vista zip and winrar). The zip file is 100% ok as I can unzip it and look inside of it no problem. Anyhow, I've done some var_dumps on the plugins.php file in the upload handler, and what is happening is that there is no error on upload -- rather where we do: $archive = new unpacker($_FILES['plugin']['tmp_name'], $_FILES['plugin']['type']); $tmp = $archive->getlist(); // Grab the contents of the tarball to see what the plugin name is Produces an error in the unpacker: public 'errorno' => string '405' (length=3) public 'error' => string 'Unpacker called getlist with unknown handler.' (length=45) Which of course means that the regex done on $tmp[0]['filename'] produces a null, which of course means that this all fails. The $_FILES upload looks just fine. Any ideas? -randy From dirk at haun-online.de Mon Nov 16 17:32:46 2009 From: dirk at haun-online.de (Dirk Haun) Date: Mon, 16 Nov 2009 23:32:46 +0100 Subject: [geeklog-devel] GL zip/tar plugin install In-Reply-To: <063B8B70CB9DA141B2FC1DB483561B9F356F0A@nex-pluto.nextide.ca> References: <063B8B70CB9DA141B2FC1DB483561B9F356F0A@nex-pluto.nextide.ca> Message-ID: <20091116223246.1021540505@smtp.haun-online.de> Randy Kolenko wrote: >(7zip, vista zip and winrar) Just checking: 7zip at least can create its own format (.7z) - it's not one of those? >Produces an error in the unpacker: >public 'errorno' => string '405' (length=3) >public 'error' => string 'Unpacker called getlist with unknown handler.' >(length=45) What's the handler it's trying to call? I.e. $handler That should probably go into the error message to make debugging easier ... bye, Dirk -- http://www.haun-online.de/accu/ From Randy.Kolenko at nextide.ca Mon Nov 16 18:11:16 2009 From: Randy.Kolenko at nextide.ca (Randy Kolenko) Date: Mon, 16 Nov 2009 18:11:16 -0500 Subject: [geeklog-devel] GL zip/tar plugin install Message-ID: <063B8B70CB9DA141B2FC1DB483561B9F356F0B@nex-pluto.nextide.ca> > > Just checking: 7zip at least can create its own format (.7z) - it's not > one of those? Nope.. that's why I mentioned that I used vista zip and winrar to double check. It's a valid zip.. I tried to tar.gz it even.. same result. > > What's the handler it's trying to call? I.e. $handler > > That should probably go into the error message to make debugging easier > ... > > bye, Dirk $tmp = $archive->getlist(); // Grab the contents of the tarball to see what the plugin name is Is what is failing for me. However the fact that $archive is never set in the first place is really the core issue here. So, just seeing if anyone else is having an issue with this. It would have been great if there was a test archive install package available. From dirk at haun-online.de Tue Nov 17 01:57:32 2009 From: dirk at haun-online.de (Dirk Haun) Date: Tue, 17 Nov 2009 07:57:32 +0100 Subject: [geeklog-devel] GL zip/tar plugin install In-Reply-To: <063B8B70CB9DA141B2FC1DB483561B9F356F0B@nex-pluto.nextide.ca> References: <063B8B70CB9DA141B2FC1DB483561B9F356F0B@nex-pluto.nextide.ca> Message-ID: <20091117065732.1565162920@smtp.haun-online.de> Randy Kolenko wrote: >$tmp = $archive->getlist(); // Grab the contents of the tarball to see >what the plugin name is > >Is what is failing for me. However the fact that $archive is never set >in the first place is really the core issue here. Ah, okay. I was looking at the unpacker class, not at the code in plugins.php >So, just seeing if anyone else is having an issue with this. It would >have been great if there was a test archive install package available. Is it not working for any archives? I've been able to upload things like the Forum, File Management, and FAQ Manager plugins successfully (even though some of them require manual changes, but at least the upload & unpacking worked). bye, Dirk -- http://www.haun-online.de/ http://geeklog.info/ From Randy.Kolenko at nextide.ca Tue Nov 17 07:38:25 2009 From: Randy.Kolenko at nextide.ca (Randy Kolenko) Date: Tue, 17 Nov 2009 07:38:25 -0500 Subject: [geeklog-devel] GL zip/tar plugin install Message-ID: <063B8B70CB9DA141B2FC1DB483561B9F356F0C@nex-pluto.nextide.ca> > Is it not working for any archives? I've been able to upload things > like > the Forum, File Management, and FAQ Manager plugins successfully (even > though some of them require manual changes, but at least the upload & > unpacking worked). Ok.. good to hear that it does work for someone. But for whatever reason it never works on my installation that happens to be on Windows. Wonder if that has anything to do with it. -randy From dirk at haun-online.de Tue Nov 17 13:38:12 2009 From: dirk at haun-online.de (Dirk Haun) Date: Tue, 17 Nov 2009 19:38:12 +0100 Subject: [geeklog-devel] GL zip/tar plugin install In-Reply-To: <063B8B70CB9DA141B2FC1DB483561B9F356F0C@nex-pluto.nextide.ca> References: <063B8B70CB9DA141B2FC1DB483561B9F356F0C@nex-pluto.nextide.ca> Message-ID: <20091117183812.1436922047@smtp.haun-online.de> Randy Kolenko wrote: >Ok.. good to hear that it does work for someone. But for whatever >reason it never works on my installation that happens to be on Windows. >Wonder if that has anything to do with it. Did you check if it's using the PEAR or the PECL version? The PEAR class for Zip is somewhat limited. The PECL class (ZipArchive) should be available as of PHP 5.2.0. Or maybe it is separate install on Windows? bye, Dirk -- http://www.haun-online.de/accu/ From devel at portalparts.com Wed Nov 18 10:38:08 2009 From: devel at portalparts.com (Blaine Lang) Date: Wed, 18 Nov 2009 10:38:08 -0500 Subject: [geeklog-devel] GL zip/tar plugin install In-Reply-To: <20091117183812.1436922047@smtp.haun-online.de> References: <063B8B70CB9DA141B2FC1DB483561B9F356F0C@nex-pluto.nextide.ca> <20091117183812.1436922047@smtp.haun-online.de> Message-ID: <7df667c40911180738i15b31252p94521a32923f9125@mail.gmail.com> I believe the issue is with the unpacker.class.php file. function unpacker($file, $mime_type = null) { // default directory separator $this->d_sep = PATH_SEPARATOR; // if the file doesn't have it's path, assume local if (! strstr($file, $this->d_sep)) { $file = getcwd() . $this->d_sep . $file; } PATH_SEPARATOR is a ';' and the code should really be using $this->d_sep = DIRECTORY_SEPARATOR; I saw a number of related issues reported in a google search - to use DIRECTORY_SEPARATOR. This may be related to PHP version. I am using PHP 5.2.11 Blaine On Tue, Nov 17, 2009 at 1:38 PM, Dirk Haun wrote: > Randy Kolenko wrote: > > >Ok.. good to hear that it does work for someone. But for whatever > >reason it never works on my installation that happens to be on Windows. > >Wonder if that has anything to do with it. > > Did you check if it's using the PEAR or the PECL version? The PEAR class > for Zip is somewhat limited. > > The PECL class (ZipArchive) should be available as of PHP 5.2.0. Or > maybe it is separate install on Windows? > > bye, Dirk > > > -- > http://www.haun-online.de/accu/ > > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://eight.pairlist.net/mailman/listinfo/geeklog-devel > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From dirk at haun-online.de Wed Nov 18 13:01:19 2009 From: dirk at haun-online.de (Dirk Haun) Date: Wed, 18 Nov 2009 19:01:19 +0100 Subject: [geeklog-devel] GL zip/tar plugin install In-Reply-To: <7df667c40911180738i15b31252p94521a32923f9125@mail.gmail.com> References: <063B8B70CB9DA141B2FC1DB483561B9F356F0C@nex-pluto.nextide.ca> <20091117183812.1436922047@smtp.haun-online.de> <7df667c40911180738i15b31252p94521a32923f9125@mail.gmail.com> Message-ID: <20091118180119.52758247@smtp.haun-online.de> Blaine Lang wrote: >PATH_SEPARATOR is a ';' and the code should really be using > >$this->d_sep = DIRECTORY_SEPARATOR; Ugh. That's my fault then. It used to check the OS to figure out whether to use a slash or backslash and I meant to change it to use the constant that PHP provides for this. Seems I accidentally picked the wrong constant. Will fix ASAP. bye, Dirk -- http://www.haun-online.de/ http://spam.tinyweb.net/ From Randy.Kolenko at nextide.ca Fri Nov 20 13:16:26 2009 From: Randy.Kolenko at nextide.ca (Randy Kolenko) Date: Fri, 20 Nov 2009 13:16:26 -0500 Subject: [geeklog-devel] Polls and Static pages upgrade fails Message-ID: <063B8B70CB9DA141B2FC1DB483561B9F356F18@nex-pluto.nextide.ca> Upgrading the polls plugin from 2.1.0 to 2.1.1 and staticpages plugin from 1.6.0 to 1.6.1 fails with an SQL error: Unknown column 'meta_description' in 'field list'. From dirk at haun-online.de Fri Nov 20 13:39:44 2009 From: dirk at haun-online.de (Dirk Haun) Date: Fri, 20 Nov 2009 19:39:44 +0100 Subject: [geeklog-devel] Polls and Static pages upgrade fails In-Reply-To: <063B8B70CB9DA141B2FC1DB483561B9F356F18@nex-pluto.nextide.ca> References: <063B8B70CB9DA141B2FC1DB483561B9F356F18@nex-pluto.nextide.ca> Message-ID: <20091120183944.541229551@smtp.haun-online.de> Randy Kolenko wrote: >Upgrading the polls plugin from 2.1.0 to 2.1.1 and staticpages plugin >from 1.6.0 to 1.6.1 fails with an SQL error: >Unknown column 'meta_description' in 'field list'. How are you upgrading them? Separately or as part of the upgrade to Geeklog 1.6.1? bye, Dirk -- http://www.geeklog.net/ http://geeklog.info/ From Randy.Kolenko at nextide.ca Fri Nov 20 14:09:35 2009 From: Randy.Kolenko at nextide.ca (Randy Kolenko) Date: Fri, 20 Nov 2009 14:09:35 -0500 Subject: [geeklog-devel] Polls and Static pages upgrade fails Message-ID: <063B8B70CB9DA141B2FC1DB483561B9F356F19@nex-pluto.nextide.ca> > How are you upgrading them? Separately or as part of the upgrade to > Geeklog 1.6.1? > Good question -- it was separately. I'll have to re-test the upgrade to GL first and then see what happens to each plugin after that. -randy From dirk at haun-online.de Fri Nov 20 14:54:15 2009 From: dirk at haun-online.de (Dirk Haun) Date: Fri, 20 Nov 2009 20:54:15 +0100 Subject: [geeklog-devel] Polls and Static pages upgrade fails In-Reply-To: <063B8B70CB9DA141B2FC1DB483561B9F356F19@nex-pluto.nextide.ca> References: <063B8B70CB9DA141B2FC1DB483561B9F356F19@nex-pluto.nextide.ca> Message-ID: <20091120195415.754857656@smtp.haun-online.de> Randy Kolenko wrote: >Good question -- it was separately. I'll have to re-test the upgrade to >GL first and then see what happens to each plugin after that. I'm testing upgrades from earlier versions a lot - I'm pretty sure that works. What I haven't tested recently is upgrading with disabled plugins and then upgrading the plugins separately later. bye, Dirk -- http://www.haun-online.de/ http://geeklog.info/ From dirk at haun-online.de Sat Nov 21 09:07:22 2009 From: dirk at haun-online.de (Dirk Haun) Date: Sat, 21 Nov 2009 15:07:22 +0100 Subject: [geeklog-devel] Polls and Static pages upgrade fails In-Reply-To: <063B8B70CB9DA141B2FC1DB483561B9F356F18@nex-pluto.nextide.ca> References: <063B8B70CB9DA141B2FC1DB483561B9F356F18@nex-pluto.nextide.ca> Message-ID: <20091121140722.1235226404@smtp.haun-online.de> Randy Kolenko wrote: >Upgrading the polls plugin from 2.1.0 to 2.1.1 and staticpages plugin >from 1.6.0 to 1.6.1 fails with an SQL error: >Unknown column 'meta_description' in 'field list'. I tried various ways to reproduce this but couldn't. Can you provide step-by-step instructions, please? bye, Dirk -- http://www.geeklog.net/ http://geeklog.info/ From Randy.Kolenko at nextide.ca Sun Nov 22 08:19:55 2009 From: Randy.Kolenko at nextide.ca (Randy Kolenko) Date: Sun, 22 Nov 2009 08:19:55 -0500 Subject: [geeklog-devel] Polls and Static pages upgrade fails Message-ID: <063B8B70CB9DA141B2FC1DB483561B9F356F1A@nex-pluto.nextide.ca> > > I tried various ways to reproduce this but couldn't. Can you provide > step-by-step instructions, please? > I just overlaid the Geeklog plugins with the latest rc1 code and did an upgrade to each of those plugins. Original base GL was 1.6.0. So, for what it's worth, I did something that is probably not going to happen at all/ever or should not happen. -randy From dirk at haun-online.de Sun Nov 22 14:10:42 2009 From: dirk at haun-online.de (Dirk Haun) Date: Sun, 22 Nov 2009 20:10:42 +0100 Subject: [geeklog-devel] Polls and Static pages upgrade fails In-Reply-To: <063B8B70CB9DA141B2FC1DB483561B9F356F1A@nex-pluto.nextide.ca> References: <063B8B70CB9DA141B2FC1DB483561B9F356F1A@nex-pluto.nextide.ca> Message-ID: <20091122191042.1774192026@smtp.haun-online.de> Randy Kolenko wrote: >So, for >what it's worth, I did something that is probably not going to happen at >all/ever or should not happen. Thanks. We should probably fail more gracefully in such a situation, though. Something to look into on occassion ... bye, Dirk -- http://www.geeklog.net/ http://geeklog.info/ From dirk at haun-online.de Sun Nov 22 14:39:35 2009 From: dirk at haun-online.de (Dirk Haun) Date: Sun, 22 Nov 2009 20:39:35 +0100 Subject: [geeklog-devel] Autotags help? Message-ID: <20091122193935.1375157396@smtp.haun-online.de> Now that Geeklog 1.6.1 is out, here's a tiny little feature idea for 1.6.2: With the increasing amount of autotags provided by Geeklog plugins, it's becoming increasingly difficult to tell what they're actually doing. So it would be nice if the plugin could provide some help text along with the autotag's name. Simple idea: Let the plugin provide a short text and display that as an HTML title attribute. For backward compatibility, that information would have to be provided in the form array('description' => 'autotag'). That's ugly but easily fixed by array_flip. Something like if ($op == 'tagname' ) { return array_flip(array('staticpage' => 'Link to a static page', 'staticpage_content' => 'Embed content of a static page') ); } else ... would then be rendered as, say, [staticpage:] Of course, there is only limited space available in a title attribute. So maybe the plugin should provide a URL to the documentation instead? Other ideas? bye, Dirk -- http://www.geeklog.net/ http://geeklog.info/ From websitemaster at cogeco.net Sun Nov 22 16:36:59 2009 From: websitemaster at cogeco.net (Tom) Date: Sun, 22 Nov 2009 16:36:59 -0500 Subject: [geeklog-devel] Autotags help? In-Reply-To: <20091122193935.1375157396@smtp.haun-online.de> References: <20091122193935.1375157396@smtp.haun-online.de> Message-ID: <014001ca6bbb$ec238e50$c46aaaf0$@net> Speaking of new autotag features, I have always wanted to control what autotags a user can use in a post (comment, story, forum post, etc..). I have created autotags (mainly from the autotags plugin) for all sorts of things and I have about 30 to 40 different ones in use. Most of them I don't really want a normal user to use or even know about. I haven't really thought of what the best way to actually do this but I thought I would throw the idea out there. Tom -----Original Message----- From: geeklog-devel-bounces at lists.geeklog.net [mailto:geeklog-devel-bounces at lists.geeklog.net] On Behalf Of Dirk Haun Sent: November-22-09 2:40 PM To: geeklog-devel Subject: [geeklog-devel] Autotags help? Now that Geeklog 1.6.1 is out, here's a tiny little feature idea for 1.6.2: With the increasing amount of autotags provided by Geeklog plugins, it's becoming increasingly difficult to tell what they're actually doing. So it would be nice if the plugin could provide some help text along with the autotag's name. Simple idea: Let the plugin provide a short text and display that as an HTML title attribute. For backward compatibility, that information would have to be provided in the form array('description' => 'autotag'). That's ugly but easily fixed by array_flip. Something like if ($op == 'tagname' ) { return array_flip(array('staticpage' => 'Link to a static page', 'staticpage_content' => 'Embed content of a static page') ); } else ... would then be rendered as, say, [staticpage:] Of course, there is only limited space available in a title attribute. So maybe the plugin should provide a URL to the documentation instead? Other ideas? bye, Dirk -- http://www.geeklog.net/ http://geeklog.info/ _______________________________________________ geeklog-devel mailing list geeklog-devel at lists.geeklog.net http://eight.pairlist.net/mailman/listinfo/geeklog-devel __________ Information from ESET NOD32 Antivirus, version of virus signature database 4628 (20091122) __________ The message was checked by ESET NOD32 Antivirus. http://www.eset.com From joe at ThrowingDice.com Sun Nov 22 16:42:03 2009 From: joe at ThrowingDice.com (Joe Mucchiello) Date: Sun, 22 Nov 2009 16:42:03 -0500 Subject: [geeklog-devel] Autotags help? In-Reply-To: <014001ca6bbb$ec238e50$c46aaaf0$@net> References: <20091122193935.1375157396@smtp.haun-online.de> <014001ca6bbb$ec238e50$c46aaaf0$@net> Message-ID: <0KTJ007UP5POGF80@mta2.srv.hcvlny.cv.net> If you would like some rough code, I had once intended to expand the autotag plugin as a control center for autotags. I have code that can intercept other plugins' autotags and disable them. Wouldn't be too difficult to add permissions based on what was being edited if that was needed. I can mail you what I have (it must be for version 1.5.0 though or perhaps 1.4.1) if you want to look at it. The way to do this in core would be to force autotags to register when the plugin is installed and move a lot of the PLG_collectTags code to a database lookup. With the maturity of the plugin auto install code, adding a "autotag" line to the autoinstaller array wouldn't be hard. At 04:36 PM 11/22/2009, Tom wrote: >Speaking of new autotag features, > > I have always wanted to control what autotags a user can use in a post >(comment, story, forum post, etc..). I have created autotags (mainly from >the autotags plugin) for all sorts of things and I have about 30 to 40 >different ones in use. Most of them I don't really want a normal user to use >or even know about. > >I haven't really thought of what the best way to actually do this but I >thought I would throw the idea out there. > > >Tom > >-----Original Message----- >From: geeklog-devel-bounces at lists.geeklog.net >[mailto:geeklog-devel-bounces at lists.geeklog.net] On Behalf Of Dirk Haun >Sent: November-22-09 2:40 PM >To: geeklog-devel >Subject: [geeklog-devel] Autotags help? > >Now that Geeklog 1.6.1 is out, here's a tiny little feature idea for 1.6.2: > >With the increasing amount of autotags provided by Geeklog plugins, it's >becoming increasingly difficult to tell what they're actually doing. So >it would be nice if the plugin could provide some help text along with >the autotag's name. > >Simple idea: Let the plugin provide a short text and display that as an >HTML title attribute. > >For backward compatibility, that information would have to be provided >in the form array('description' => 'autotag'). That's ugly but easily >fixed by array_flip. Something like > > if ($op == 'tagname' ) { > return array_flip(array('staticpage' => 'Link to a static page', > 'staticpage_content' => 'Embed content >of a static page') > ); > } else ... > >would then be rendered as, say, > > [staticpage:] > >Of course, there is only limited space available in a title attribute. >So maybe the plugin should provide a URL to the documentation instead? >Other ideas? > >bye, Dirk > > >-- >http://www.geeklog.net/ >http://geeklog.info/ > >_______________________________________________ >geeklog-devel mailing list >geeklog-devel at lists.geeklog.net >http://eight.pairlist.net/mailman/listinfo/geeklog-devel > >__________ Information from ESET NOD32 Antivirus, version of virus signature >database 4628 (20091122) __________ > >The message was checked by ESET NOD32 Antivirus. > >http://www.eset.com > > > >_______________________________________________ >geeklog-devel mailing list >geeklog-devel at lists.geeklog.net >http://eight.pairlist.net/mailman/listinfo/geeklog-devel > > >No virus found in this incoming message >Checked by PC Tools AntiVirus (6.0.0.19 - 10.004.115). >http://www.pctools.com/free-antivirus/ ---- Joe Mucchiello Throwing Dice Games http://www.throwingdice.com No virus found in this outgoing message Checked by PC Tools AntiVirus (6.0.0.19 - 10.004.115). http://www.pctools.com/free-antivirus/ From dirk at haun-online.de Sun Nov 22 17:11:22 2009 From: dirk at haun-online.de (Dirk Haun) Date: Sun, 22 Nov 2009 23:11:22 +0100 Subject: [geeklog-devel] Autotags help? In-Reply-To: <014001ca6bbb$ec238e50$c46aaaf0$@net> References: <20091122193935.1375157396@smtp.haun-online.de> <014001ca6bbb$ec238e50$c46aaaf0$@net> Message-ID: <20091122221122.1968584415@smtp.haun-online.de> Tom wrote: > I have always wanted to control what autotags a user can use in a post >(comment, story, forum post, etc..). I thought we had an issue for that on the bugtracker but I can't find any. Yes, this is something that we should have. On a related note, the way we differentiate between $_CONF['user_html'] and $_CONF['admin_html'] is somewhat hand-wavy ... No immediate idea for either of these, but I guess it should involve permissions. bye, Dirk -- http://www.haun-online.de/ http://geeklog.info/ From joe at ThrowingDice.com Sun Nov 22 17:45:32 2009 From: joe at ThrowingDice.com (Joe Mucchiello) Date: Sun, 22 Nov 2009 17:45:32 -0500 Subject: [geeklog-devel] Autotags help? In-Reply-To: <20091122221122.1968584415@smtp.haun-online.de> References: <20091122193935.1375157396@smtp.haun-online.de> <014001ca6bbb$ec238e50$c46aaaf0$@net> <20091122221122.1968584415@smtp.haun-online.de> Message-ID: <0KTJ007OH8NE86D0@mta5.srv.hcvlny.cv.net> I also thought there was an issue for passing the object name and object id into PLG_replaceTags so permissions could be checked but it also appears to be missing. I know I wrote about that several years ago but can't remember if it ever made into the old bugtracker, let alone the new one. The hard part of permissions on autotags is the permission applies to the editor, not the reader. The idea being when a user posts to the forum with [secrettag:scarystuff], the tag needs to be stripped if the poster does not have permission to use the secrettag. This can't be implemented now because when PLG_replaceTags is called, the author of the object is not passed in. If you are going to add permissions to autotags, perhaps you should rethink them from scratch and just create a new set of plugin APIs for them (for GL 1.7 for example). Autotags are one of the cool, unique features of Geeklog. Still, they could use an update since their first inception. At 05:11 PM 11/22/2009, Dirk Haun wrote: >Tom wrote: > > > I have always wanted to control what autotags a user can use in a post > >(comment, story, forum post, etc..). > >I thought we had an issue for that on the bugtracker but I can't find any. > >Yes, this is something that we should have. > >On a related note, the way we differentiate between $_CONF['user_html'] >and $_CONF['admin_html'] is somewhat hand-wavy ... > >No immediate idea for either of these, but I guess it should involve >permissions. > >bye, Dirk ---- Joe Mucchiello Throwing Dice Games http://www.throwingdice.com No virus found in this outgoing message Checked by PC Tools AntiVirus (6.0.0.19 - 10.004.115). http://www.pctools.com/free-antivirus/ From dirk at haun-online.de Thu Nov 26 15:53:20 2009 From: dirk at haun-online.de (Dirk Haun) Date: Thu, 26 Nov 2009 21:53:20 +0100 Subject: [geeklog-devel] Redirect after login Message-ID: <20091126205320.678643612@smtp.haun-online.de> Here's a scenario where we would need to agree on a convention to be more user friendly: We installed the forum plugin at work. Access is restricted, so you need to login first to see anything. Now, when people send around links to discussions and the recipient is not logged in, they get a message and a link to login. After following that link and logging in, however, they expect to be taken to the discussion. Instead they end up on the site's front page. That effect is not limited to the forum plugin - the same happens in Geeklog with the "contribute" link, for example, and a few other places. So I think we need to agree on a way to pass the target URL around during the login. Suggestion: When linking to /users.php, add ?redirect=urlencode ($target_url) to the URL. Then we can change users.php to do the redirect after successful login. Any problems with that? Other suggestions? bye, Dirk -- http://www.haun-online.de/ http://geeklog.info/ From cweiske at cweiske.de Thu Nov 26 16:33:08 2009 From: cweiske at cweiske.de (Christian Weiske) Date: Thu, 26 Nov 2009 22:33:08 +0100 Subject: [geeklog-devel] Redirect after login In-Reply-To: <20091126205320.678643612@smtp.haun-online.de> References: <20091126205320.678643612@smtp.haun-online.de> Message-ID: <20091126223308.7d097c8c@bogo.home.cweiske.de> Hi Dirk, > So I think we need to agree on a way to pass the target URL around > during the login. > > Suggestion: When linking to /users.php, add ?redirect=urlencode > ($target_url) to the URL. Then we can change users.php to do the > redirect after successful login. > > Any problems with that? Other suggestions? I do not know any of geeklog's behavior or code, but I'd like to describe how Typo3's frontend login works: When the user accesses a page that is access restricted, instead of redirecting him to a login page, the login page is displayed /instead/ of the page content. That way the user stays on the original URL, even after submitting the login form. The authentication mechanism recognizes the login data being sent via $_POST and logs the user in - or displays the login form again. When the user sent valid credentials, the normal page content is shown. This login system gets rid of any redirection neccessities. If you cannot follow that approach, I suggest you pass the target URL via POST because otherwise, CSRF attacks may be possible - by sending out links that redirect to a malicious site after login. -- Regards/Mit freundlichen Gr??en Christian Weiske -= Geeking around in the name of science since 1982 =- -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: not available URL: From dirk at haun-online.de Thu Nov 26 16:53:41 2009 From: dirk at haun-online.de (Dirk Haun) Date: Thu, 26 Nov 2009 22:53:41 +0100 Subject: [geeklog-devel] Redirect after login In-Reply-To: <20091126223308.7d097c8c@bogo.home.cweiske.de> References: <20091126205320.678643612@smtp.haun-online.de> <20091126223308.7d097c8c@bogo.home.cweiske.de> Message-ID: <20091126215341.35820611@smtp.haun-online.de> Christian Weiske wrote: >When the user accesses a page that is access restricted, instead of >redirecting him to a login page, the login page is displayed /instead/ >of the page content. That sounds like a good idea. In Geeklog, the login restriction is enforced by the plugin, so we would need to provide some function for that (which would then also take care of all the various login options). Btw, forgot to mention that the site in question does not have the usual login form in the left blocks. >If you cannot follow that approach, I suggest you pass the target URL >via POST because otherwise, CSRF attacks may be possible - by sending >out links that redirect to a malicious site after login. Right. Just before your email came in, I was thinking "oops, we need to check that the redirect URL starts with the site's URL". And with a URL for the links plugin, you could then still send the user to some other site. So the more I think about it, passing the actual redirect URL is beginning to sound like a bad idea ... bye, Dirk -- http://www.haun-online.de/ http://spam.tinyweb.net/ From tony at tonybibbs.com Sat Nov 28 11:17:19 2009 From: tony at tonybibbs.com (Tony Bibbs) Date: Sat, 28 Nov 2009 10:17:19 -0600 Subject: [geeklog-devel] Redirect after login In-Reply-To: <20091126205320.678643612@smtp.haun-online.de> References: <20091126205320.678643612@smtp.haun-online.de> Message-ID: Just use $_SESSION? When you get to login.php be sure to grab referrer and take the back. I know GL isn't using PHP sessions (yet), however, no reason you couldn't use it specifically for this. Regardless of the solution, you can argue the logout should do the same thing. --Tony On Thu, Nov 26, 2009 at 2:53 PM, Dirk Haun wrote: > Here's a scenario where we would need to agree on a convention to be > more user friendly: > > We installed the forum plugin at work. Access is restricted, so you need > to login first to see anything. Now, when people send around links to > discussions and the recipient is not logged in, they get a message and a > link to login. After following that link and logging in, however, they > expect to be taken to the discussion. Instead they end up on the site's > front page. > > That effect is not limited to the forum plugin - the same happens in > Geeklog with the "contribute" link, for example, and a few other places. > > So I think we need to agree on a way to pass the target URL around > during the login. > > Suggestion: When linking to /users.php, add ?redirect=urlencode > ($target_url) to the URL. Then we can change users.php to do the > redirect after successful login. > > Any problems with that? Other suggestions? > > bye, Dirk > > > -- > http://www.haun-online.de/ > http://geeklog.info/ > > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://eight.pairlist.net/mailman/listinfo/geeklog-devel > -- Tony Bibbs Phone: (515) 554-8046 Twitter, Skype, Facebook: tonybibbs Web: http://www.tonybibbs.com http://www.apteno.net -------------- next part -------------- An HTML attachment was scrubbed... URL: From dirk at haun-online.de Sat Nov 28 11:30:02 2009 From: dirk at haun-online.de (Dirk Haun) Date: Sat, 28 Nov 2009 17:30:02 +0100 Subject: [geeklog-devel] Redirect after login In-Reply-To: References: <20091126205320.678643612@smtp.haun-online.de> Message-ID: <20091128163002.587321419@smtp.haun-online.de> Tony Bibbs wrote: >When you get to login.php be sure to grab referrer and take the back. Hmm. We check the referrer only after the login has been confirmed. So at this point, it would refer to the login page, not to the page before that. So we could include the original referrer with the login data. How easily could that be faked? bye, Dirk -- http://www.haun-online.de/ http://spam.tinyweb.net/ From tony at tonybibbs.com Sat Nov 28 12:00:27 2009 From: tony at tonybibbs.com (Tony Bibbs) Date: Sat, 28 Nov 2009 11:00:27 -0600 Subject: [geeklog-devel] Redirect after login In-Reply-To: <20091128163002.587321419@smtp.haun-online.de> References: <20091126205320.678643612@smtp.haun-online.de> <20091128163002.587321419@smtp.haun-online.de> Message-ID: Regardless of how easy you can fake, the redirect logic should throw errors if it isn't in the same domain. If you are extra paranoid then set a security token ala CSRF. On Sat, Nov 28, 2009 at 10:30 AM, Dirk Haun wrote: > Tony Bibbs wrote: > > >When you get to login.php be sure to grab referrer and take the back. > > Hmm. We check the referrer only after the login has been confirmed. So > at this point, it would refer to the login page, not to the page before > that. So we could include the original referrer with the login data. How > easily could that be faked? > > bye, Dirk > > > -- > http://www.haun-online.de/ > http://spam.tinyweb.net/ > > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://eight.pairlist.net/mailman/listinfo/geeklog-devel > -- Tony Bibbs Phone: (515) 554-8046 Twitter, Skype, Facebook: tonybibbs Web: http://www.tonybibbs.com http://www.apteno.net -------------- next part -------------- An HTML attachment was scrubbed... URL: From joe at ThrowingDice.com Sat Nov 28 12:55:29 2009 From: joe at ThrowingDice.com (Joe Mucchiello) Date: Sat, 28 Nov 2009 12:55:29 -0500 Subject: [geeklog-devel] Redirect after login In-Reply-To: <20091128163002.587321419@smtp.haun-online.de> References: <20091126205320.678643612@smtp.haun-online.de> <20091128163002.587321419@smtp.haun-online.de> Message-ID: <0KTT00ISLZ4OTQG0@mta3.srv.hcvlny.cv.net> At 11:30 AM 11/28/2009, Dirk Haun wrote: >Tony Bibbs wrote: > > >When you get to login.php be sure to grab referrer and take the back. > >Hmm. We check the referrer only after the login has been confirmed. So >at this point, it would refer to the login page, not to the page before >that. So we could include the original referrer with the login data. How >easily could that be faked? In the database, no one at all. There is a Geeklog session in the cookies that is destroyed during login. But before it is destroyed the database record referenced by the cookie could store the original referrer. No need for extra post parameters that can be faked. No need to deal with $_SESSION. Just wrap the "display login" in a function and it handles getting the return URL into the session record. ---- Joe Mucchiello Throwing Dice Games http://www.throwingdice.com No virus found in this outgoing message Checked by PC Tools AntiVirus (6.0.0.19 - 10.004.116). http://www.pctools.com/free-antivirus/ From vfuria at gmail.com Sat Nov 28 13:46:08 2009 From: vfuria at gmail.com (Vincent Furia) Date: Sat, 28 Nov 2009 11:46:08 -0700 Subject: [geeklog-devel] Redirect after login In-Reply-To: <0KTT00ISLZ4OTQG0@mta3.srv.hcvlny.cv.net> References: <20091126205320.678643612@smtp.haun-online.de> <20091128163002.587321419@smtp.haun-online.de> <0KTT00ISLZ4OTQG0@mta3.srv.hcvlny.cv.net> Message-ID: <8319e2d60911281046h68a1b7e7m1e2781129d14d987@mail.gmail.com> Instead of using a full path, just use a relative path name. index.php instead of http://www.geeklog.net/index.php. If someone tries to pass another web page they'd just wind up with a 404 from http://www.geeklog.net/http://www.hacker.com. The problem with using the referrer (by itself) to the login page is someone could send them there from an external page. If you go that route, definitely check that the referrer is in the same domain. -Vinny On Sat, Nov 28, 2009 at 10:55 AM, Joe Mucchiello wrote: > At 11:30 AM 11/28/2009, Dirk Haun wrote: > >> Tony Bibbs wrote: >> >> >When you get to login.php be sure to grab referrer and take the back. >> >> Hmm. We check the referrer only after the login has been confirmed. So >> at this point, it would refer to the login page, not to the page before >> that. So we could include the original referrer with the login data. How >> easily could that be faked? >> > > In the database, no one at all. There is a Geeklog session in the cookies > that is destroyed during login. But before it is destroyed the database > record referenced by the cookie could store the original referrer. No need > for extra post parameters that can be faked. No need to deal with $_SESSION. > Just wrap the "display login" in a function and it handles getting the > return URL into the session record. > > > > ---- > Joe Mucchiello > Throwing Dice Games > http://www.throwingdice.com > > > No virus found in this outgoing message > Checked by PC Tools AntiVirus (6.0.0.19 - 10.004.116). > http://www.pctools.com/free-antivirus/ > > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://eight.pairlist.net/mailman/listinfo/geeklog-devel > -------------- next part -------------- An HTML attachment was scrubbed... URL: