From mkaurkhalsa at gmail.com  Sat May  4 15:11:04 2013
From: mkaurkhalsa at gmail.com (Sandeep kaur)
Date: Sun, 5 May 2013 00:41:04 +0530
Subject: [geeklog-devel] Issue Assignment
Message-ID: <CAF66xG3o_mOq1_-kv+j49E_h0CdqtHw7cQgwT62z+roOoQEtZg@mail.gmail.com>

Greetings,

Can you please Open and assign this issue to me :
http://project.geeklog.net/tracking/view.php?id=1572&history=1#history

Moreover am not able to comment any of the issues. Can you open them please.
Thank you.

-- 
Sandeep Kaur
E-Mail: mkaurkhalsa at gmail.com
Blog: sandymadaan.wordpress.com


From mkaurkhalsa at gmail.com  Sat May  4 15:26:00 2013
From: mkaurkhalsa at gmail.com (Sandeep kaur)
Date: Sun, 5 May 2013 00:56:00 +0530
Subject: [geeklog-devel] Issue Assignment
In-Reply-To: <CAF66xG3o_mOq1_-kv+j49E_h0CdqtHw7cQgwT62z+roOoQEtZg@mail.gmail.com>
References: <CAF66xG3o_mOq1_-kv+j49E_h0CdqtHw7cQgwT62z+roOoQEtZg@mail.gmail.com>
Message-ID: <CAF66xG1O0YEzc8GYMp5Z8C-6XZ=i0UN38ZYhFJZcyN8Swv1Pjw@mail.gmail.com>

On Sun, May 5, 2013 at 12:41 AM, Sandeep kaur <mkaurkhalsa at gmail.com> wrote:
> Greetings,
>
> Can you please Open and assign this issue to me :
> http://project.geeklog.net/tracking/view.php?id=1572&history=1#history
>
> Moreover am not able to comment any of the issues. Can you open them please.

Am able to comment it. Sorry for inconvenience.
Thank you.

-- 
Sandeep Kaur
E-Mail: mkaurkhalsa at gmail.com
Blog: sandymadaan.wordpress.com


From dirk at haun-online.de  Tue May 14 13:59:38 2013
From: dirk at haun-online.de (Dirk Haun)
Date: Tue, 14 May 2013 19:59:38 +0200
Subject: [geeklog-devel] A few observations and ideas from our local
	Webmontag
Message-ID: <31A379F0-4858-4BED-B4FB-F6BC7A789D33@haun-online.de>

A few things I picked up at a local event yesterday that may be worth considering:

1) Inline editing

One presenter claimed that pretty much all of the CMS are going to move to inline editing in the near future, i.e. the ability to edit content right where it is on the page. The main reasons he mentioned are having a "real" preview of what you're typing (complete with a nice demo of editing a tilted text, right there on the page). Plus it's supposed to be easier for non-technical users.

Of course, when you start thinking about this, it's not as easy as it may sound at first. You could integrate, say, Aloha Editor into Geeklog in a few hours, but proper inline editing requires a whole new approach in a few places. Most notably: How do you add new content, e.g. an article, in the first place?


2) The big F (no, not that one ;-)

A little theory/research, that I wasn't aware of: Apparently, most people scan a website in the shape of an uppercase F: They scan the top from left to right, then go down on the left side with occasional scanning into the middle of the page - but not as far as at the top. So this pattern vaguely looks like an F.

The point is: If you have important stuff on the right, like a menu, people may not notice it. Something to consider, especially when going for a two-column layout with the navigation on the right side.


3) The role of usernames in website security

One presenter suggested that people hide their username on their website, since it's part of the login. I.e. to log in, you need both the username and the password - but we usually give the username away. Now if you had a non-obvious, non-visible login name, that would increase security somewhat.

Related: In the recent attacks againstWordPress blogs, it was pointed out that the attacks were targeting a default admin username (simply "admin", I think), but that WordPress has long had an option to choose a different username at install time. This obviously goes in the same direction.

I see some potential here to improve our security. What do you think?

bye, Dirk


-- 
http://www.themobilepresenter.com/



From websitemaster at cogeco.net  Tue May 14 20:25:57 2013
From: websitemaster at cogeco.net (Tom)
Date: Tue, 14 May 2013 20:25:57 -0400
Subject: [geeklog-devel] A few observations and ideas from our
	local	Webmontag
In-Reply-To: <31A379F0-4858-4BED-B4FB-F6BC7A789D33@haun-online.de>
References: <31A379F0-4858-4BED-B4FB-F6BC7A789D33@haun-online.de>
Message-ID: <019f01ce5102$c504be90$4f0e3bb0$@cogeco.net>

1) Maybe it is the Geek in me but I would probably only use it for making
quick corrections. Maybe it is time though to think  more on this since we
are planning to drop the FCK Editor and move to CK Editor. A quick search
shows that the CKEditor does have inline Editing (HTML 5).

2) Makes sense since that is how I scan most things. I still think the right
column can work on sites that use them for the less important blocks
(especially for returning users who know where to look for certain
information)

3) Definitely a chance to improve security that isn't difficult to code.
Having the option to choose a new root user name is a good idea. We should
also probably recommend that Admins should have an alternate user name with
less security clearance to use when posting new articles, etc... Another way
to do this would be to have a display name (for display purposes) and a
separate username for logging in (or for normal Geeklog accounts have them
use the email address to login)

Tom

-----Original Message-----
From: geeklog-devel-bounces at lists.geeklog.net
[mailto:geeklog-devel-bounces at lists.geeklog.net] On Behalf Of Dirk Haun
Sent: May-14-13 2:00 PM
To: Geeklog Development
Subject: [geeklog-devel] A few observations and ideas from our local
Webmontag

A few things I picked up at a local event yesterday that may be worth
considering:

1) Inline editing

One presenter claimed that pretty much all of the CMS are going to move to
inline editing in the near future, i.e. the ability to edit content right
where it is on the page. The main reasons he mentioned are having a "real"
preview of what you're typing (complete with a nice demo of editing a tilted
text, right there on the page). Plus it's supposed to be easier for
non-technical users.

Of course, when you start thinking about this, it's not as easy as it may
sound at first. You could integrate, say, Aloha Editor into Geeklog in a few
hours, but proper inline editing requires a whole new approach in a few
places. Most notably: How do you add new content, e.g. an article, in the
first place?


2) The big F (no, not that one ;-)

A little theory/research, that I wasn't aware of: Apparently, most people
scan a website in the shape of an uppercase F: They scan the top from left
to right, then go down on the left side with occasional scanning into the
middle of the page - but not as far as at the top. So this pattern vaguely
looks like an F.

The point is: If you have important stuff on the right, like a menu, people
may not notice it. Something to consider, especially when going for a
two-column layout with the navigation on the right side.


3) The role of usernames in website security

One presenter suggested that people hide their username on their website,
since it's part of the login. I.e. to log in, you need both the username and
the password - but we usually give the username away. Now if you had a
non-obvious, non-visible login name, that would increase security somewhat.

Related: In the recent attacks againstWordPress blogs, it was pointed out
that the attacks were targeting a default admin username (simply "admin", I
think), but that WordPress has long had an option to choose a different
username at install time. This obviously goes in the same direction.

I see some potential here to improve our security. What do you think?

bye, Dirk


-- 
http://www.themobilepresenter.com/

_______________________________________________
geeklog-devel mailing list
geeklog-devel at lists.geeklog.net
http://eight.pairlist.net/mailman/listinfo/geeklog-devel



From rishabhr123 at gmail.com  Sun May 19 08:44:33 2013
From: rishabhr123 at gmail.com (Rishabh Raj)
Date: Sun, 19 May 2013 18:14:33 +0530
Subject: [geeklog-devel] Help regarding Feature Request #1606,
	identifying a page refresh
Message-ID: <CAOC-s3RGeccZCjmSXtDKoX8Euwwg9zfcaSwpa6NpkVUYQF+C4w@mail.gmail.com>

Hello,
     This is regarding discussion about a feature request #1606.
     http://project.geeklog.net/tracking/view.php?id=1606

The issue:
Currently the hit counter for an article or a story also increases if we
keep on refreshing the page.
This may result in unwanted spam increases of the view.

The solution boils down to "how to identify that a page has been loaded by
a refresh (simple F5 /  Ctrl + F5 (cache clear too) ).

I had an idea in mind that the _SERVER(HTTP_REFERER) variable should change
value upon refreshing the page, but after trying it out, it does not seem
to work, the value remains constant.

Interestingly upon "refreshing the page" two other server variables are
introduced in the _SERVER array, namely "HTTP_CACHE_CONTROL" with the value
as "max-age=0" and "HTTP_PRAGMA" with the value as "no-cache". These
basically indicate that the content is not to be served from the cache.

Is a solution involving checking the set state of these two variables
viable ?
Any other ideas as to how to identify a page-refresh ?

-Best,
-Rishabh Raj
International Institute of Information Technology
Gachibowli, Hyderabad 500032
Ph: +917842797467
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist8.pair.net/pipermail/geeklog-devel/attachments/20130519/772eb618/attachment.html>

From mkaurkhalsa at gmail.com  Sun May 19 09:47:46 2013
From: mkaurkhalsa at gmail.com (Sandeep kaur)
Date: Sun, 19 May 2013 19:17:46 +0530
Subject: [geeklog-devel] Help regarding Feature Request #1606,
 identifying a page refresh
In-Reply-To: <CAOC-s3RGeccZCjmSXtDKoX8Euwwg9zfcaSwpa6NpkVUYQF+C4w@mail.gmail.com>
References: <CAOC-s3RGeccZCjmSXtDKoX8Euwwg9zfcaSwpa6NpkVUYQF+C4w@mail.gmail.com>
Message-ID: <CAF66xG2F3u-Vg_ZkdVsmXz_ka0HRxgDW11xUe0P9Su_HwYFOoQ@mail.gmail.com>

On Sun, May 19, 2013 at 6:14 PM, Rishabh Raj <rishabhr123 at gmail.com> wrote:
> Hello,
>      This is regarding discussion about a feature request #1606.
>      http://project.geeklog.net/tracking/view.php?id=1606
>
<snip>
> Any other ideas as to how to identify a page-refresh ?
>
I think there is no solution other than setting a cookie so that you
can check whether the user have visited the site or not.

-- 
Sandeep Kaur
E-Mail: mkaurkhalsa at gmail.com
Blog: sandymadaan.wordpress.com


From websitemaster at cogeco.net  Sun May 19 09:53:59 2013
From: websitemaster at cogeco.net (Tom)
Date: Sun, 19 May 2013 09:53:59 -0400
Subject: [geeklog-devel] GSOC
Message-ID: <00b601ce5498$52259540$f670bfc0$@cogeco.net>

So what is the status of our GSOC participation?

Tom



From rishabhr123 at gmail.com  Sun May 19 10:09:03 2013
From: rishabhr123 at gmail.com (Rishabh Raj)
Date: Sun, 19 May 2013 19:39:03 +0530
Subject: [geeklog-devel] Help regarding Feature Request #1606,
 identifying a page refresh
In-Reply-To: <CAF66xG2F3u-Vg_ZkdVsmXz_ka0HRxgDW11xUe0P9Su_HwYFOoQ@mail.gmail.com>
References: <CAOC-s3RGeccZCjmSXtDKoX8Euwwg9zfcaSwpa6NpkVUYQF+C4w@mail.gmail.com>
	<CAF66xG2F3u-Vg_ZkdVsmXz_ka0HRxgDW11xUe0P9Su_HwYFOoQ@mail.gmail.com>
Message-ID: <CAOC-s3S0FcvT9SrTiHsKUUj7Ng2jg5r=Qa71qog1Hg3xJvBR_A@mail.gmail.com>

IMHO, the view counter does not refer to the number of unique people who
have seen an article but instead help in measuring the popularity of the
article.

Setting a cookie would not allow me to gauge that.

My point being this feature of checking out the popularity of an article
can be misused by just going on refreshing the page, we may need to figure
out something ingenious for countering that.
HTTP_CACHE_CONTROL and HTTP_PRAGMA may help us out, i am not a 100% sure
though.


On Sun, May 19, 2013 at 7:17 PM, Sandeep kaur <mkaurkhalsa at gmail.com> wrote:

> On Sun, May 19, 2013 at 6:14 PM, Rishabh Raj <rishabhr123 at gmail.com>
> wrote:
> > Hello,
> >      This is regarding discussion about a feature request #1606.
> >      http://project.geeklog.net/tracking/view.php?id=1606
> >
> <snip>
> > Any other ideas as to how to identify a page-refresh ?
> >
> I think there is no solution other than setting a cookie so that you
> can check whether the user have visited the site or not.
>
> --
> Sandeep Kaur
> E-Mail: mkaurkhalsa at gmail.com
> Blog: sandymadaan.wordpress.com
> _______________________________________________
> geeklog-devel mailing list
> geeklog-devel at lists.geeklog.net
> http://eight.pairlist.net/mailman/listinfo/geeklog-devel
>



-- 
-Rishabh Raj
International Institute of Information Technology
Gachibowli, Hyderabad 500032
Ph: +917842797467
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist8.pair.net/pipermail/geeklog-devel/attachments/20130519/9e1f9479/attachment.html>

From websitemaster at cogeco.net  Sun May 19 12:07:23 2013
From: websitemaster at cogeco.net (Tom)
Date: Sun, 19 May 2013 12:07:23 -0400
Subject: [geeklog-devel] Help regarding Feature Request #1606,
	identifying a page refresh
In-Reply-To: <CAF66xG2F3u-Vg_ZkdVsmXz_ka0HRxgDW11xUe0P9Su_HwYFOoQ@mail.gmail.com>
References: <CAOC-s3RGeccZCjmSXtDKoX8Euwwg9zfcaSwpa6NpkVUYQF+C4w@mail.gmail.com>
	<CAF66xG2F3u-Vg_ZkdVsmXz_ka0HRxgDW11xUe0P9Su_HwYFOoQ@mail.gmail.com>
Message-ID: <000001ce54aa$f2b9f610$d82de230$@cogeco.net>

I see an article view (as determined by Geeklog) as generic check on how
popular the article is.

I am not too worried about unique views or my own views for the matter which
this report brings up 

http://project.geeklog.net/tracking/view.php?id=1572

since it is only a few views in the total number of views for an article
over time.

IMO this is starting to get too complicated. If we start worrying about
stuff like this then how about non users like search engines, twitter, and
other bots that visit articles for a variety of reasons...

Just my 2 cents :-)

Tom

PS If an admin is wondering the true popularity of his article then maybe
this is where Facebook like, Twitter and Google plus buttons are needed for
articles... like what Ben has done at Geeklog France (http://geeklog.fr/)


-----Original Message-----
From: geeklog-devel-bounces at lists.geeklog.net
[mailto:geeklog-devel-bounces at lists.geeklog.net] On Behalf Of Sandeep kaur
Sent: May-19-13 9:48 AM
To: Geeklog Development
Subject: Re: [geeklog-devel] Help regarding Feature Request #1606,
identifying a page refresh

On Sun, May 19, 2013 at 6:14 PM, Rishabh Raj <rishabhr123 at gmail.com> wrote:
> Hello,
>      This is regarding discussion about a feature request #1606.
>      http://project.geeklog.net/tracking/view.php?id=1606
>
<snip>
> Any other ideas as to how to identify a page-refresh ?
>
I think there is no solution other than setting a cookie so that you can
check whether the user have visited the site or not.

--
Sandeep Kaur
E-Mail: mkaurkhalsa at gmail.com
Blog: sandymadaan.wordpress.com
_______________________________________________
geeklog-devel mailing list
geeklog-devel at lists.geeklog.net
http://eight.pairlist.net/mailman/listinfo/geeklog-devel



From dirk at haun-online.de  Sun May 19 12:50:37 2013
From: dirk at haun-online.de (Dirk Haun)
Date: Sun, 19 May 2013 18:50:37 +0200
Subject: [geeklog-devel] Help regarding Feature Request #1606,
	identifying a page refresh
In-Reply-To: <000001ce54aa$f2b9f610$d82de230$@cogeco.net>
References: <CAOC-s3RGeccZCjmSXtDKoX8Euwwg9zfcaSwpa6NpkVUYQF+C4w@mail.gmail.com>
	<CAF66xG2F3u-Vg_ZkdVsmXz_ka0HRxgDW11xUe0P9Su_HwYFOoQ@mail.gmail.com>
	<000001ce54aa$f2b9f610$d82de230$@cogeco.net>
Message-ID: <C01CC9BA-6AEE-4C1B-839C-463243DA9F7C@haun-online.de>

Tom wrote:

> IMO this is starting to get too complicated.

Regarding #1606, I agree. I naively thought this would be easy to implement, but it seems it isn't.

However, #1572 is really only a trivial one-line change. I would have done it myself but thought I'd leave it open for potential GSoC students.


> since it is only a few views in the total number of views for an article
> over time.

I've been doing some experiments on a low-traffic site of mine to see how the popularity of posts develops with certain measures and would prefer not to count my own views in such a case. As I said, it's a simple change that shouldn't really make the code more complicated.

bye, Dirk


-- 
http://www.themobilepresenter.com/



From dirk at haun-online.de  Sun May 19 12:57:32 2013
From: dirk at haun-online.de (Dirk Haun)
Date: Sun, 19 May 2013 18:57:32 +0200
Subject: [geeklog-devel] GSOC
In-Reply-To: <00b601ce5498$52259540$f670bfc0$@cogeco.net>
References: <00b601ce5498$52259540$f670bfc0$@cogeco.net>
Message-ID: <DC18E3EB-B48C-40AC-A347-6353DA017546@haun-online.de>

Tom wrote:

> So what is the status of our GSOC participation?


We will have a student. However, we are not allowed to say anything until the official announcement by Google on May 27.

bye, Dirk


-- 
http://www.themobilepresenter.com/



From danstoner at gmail.com  Sun May 19 13:53:08 2013
From: danstoner at gmail.com (Dan Stoner)
Date: Sun, 19 May 2013 13:53:08 -0400
Subject: [geeklog-devel] A few observations and ideas from our local
	Webmontag
In-Reply-To: <31A379F0-4858-4BED-B4FB-F6BC7A789D33@haun-online.de>
References: <31A379F0-4858-4BED-B4FB-F6BC7A789D33@haun-online.de>
Message-ID: <CADKwgJe5Uh+8H0id2WmDHchBouuYFz+jGEO_fRW8X=a=HxGwig@mail.gmail.com>

I have been involved with a Web Content Management project for $EMPLOYER
and one of the differentiating features of the various commercial products
was inline editing.  It's apparently the cool new thing.

- Dan Stoner


On Tue, May 14, 2013 at 1:59 PM, Dirk Haun <dirk at haun-online.de> wrote:

> A few things I picked up at a local event yesterday that may be worth
> considering:
>
> 1) Inline editing
>
> One presenter claimed that pretty much all of the CMS are going to move to
> inline editing in the near future, i.e. the ability to edit content right
> where it is on the page. The main reasons he mentioned are having a "real"
> preview of what you're typing (complete with a nice demo of editing a
> tilted text, right there on the page). Plus it's supposed to be easier for
> non-technical users.
>
> Of course, when you start thinking about this, it's not as easy as it may
> sound at first. You could integrate, say, Aloha Editor into Geeklog in a
> few hours, but proper inline editing requires a whole new approach in a few
> places. Most notably: How do you add new content, e.g. an article, in the
> first place?
>
>
> 2) The big F (no, not that one ;-)
>
> A little theory/research, that I wasn't aware of: Apparently, most people
> scan a website in the shape of an uppercase F: They scan the top from left
> to right, then go down on the left side with occasional scanning into the
> middle of the page - but not as far as at the top. So this pattern vaguely
> looks like an F.
>
> The point is: If you have important stuff on the right, like a menu,
> people may not notice it. Something to consider, especially when going for
> a two-column layout with the navigation on the right side.
>
>
> 3) The role of usernames in website security
>
> One presenter suggested that people hide their username on their website,
> since it's part of the login. I.e. to log in, you need both the username
> and the password - but we usually give the username away. Now if you had a
> non-obvious, non-visible login name, that would increase security somewhat.
>
> Related: In the recent attacks againstWordPress blogs, it was pointed out
> that the attacks were targeting a default admin username (simply "admin", I
> think), but that WordPress has long had an option to choose a different
> username at install time. This obviously goes in the same direction.
>
> I see some potential here to improve our security. What do you think?
>
> bye, Dirk
>
>
> --
> http://www.themobilepresenter.com/
>
> _______________________________________________
> geeklog-devel mailing list
> geeklog-devel at lists.geeklog.net
> http://eight.pairlist.net/mailman/listinfo/geeklog-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist8.pair.net/pipermail/geeklog-devel/attachments/20130519/9309a953/attachment.html>

From b.ttalic at gmail.com  Mon May 27 16:10:05 2013
From: b.ttalic at gmail.com (Benjamin Talic)
Date: Mon, 27 May 2013 22:10:05 +0200
Subject: [geeklog-devel] GSoC
Message-ID: <CA+xs9fok5JkwASt6vQt560-foXSQrT-6mWW55RtSww6WHxvqyg@mail.gmail.com>

Hello,

My name is Benjamin Talic (Ben),
I got selected for the Geeklog Google Summer of Code project- Crowd
Translation plugin.
You can see my proposal here:
https://google-melange.appspot.com/gsoc/proposal/review/google/gsoc2013/beno/9001
.
I hope you like what you see there.

Any suggestions for the project are more than welcome, and I want to
apologize in advance for the questions I will ask here during the summer.

Best,
Ben
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist8.pair.net/pipermail/geeklog-devel/attachments/20130527/ee033b71/attachment.html>

From websitemaster at cogeco.net  Mon May 27 20:08:31 2013
From: websitemaster at cogeco.net (Tom)
Date: Mon, 27 May 2013 20:08:31 -0400
Subject: [geeklog-devel] GSoC
In-Reply-To: <CA+xs9fok5JkwASt6vQt560-foXSQrT-6mWW55RtSww6WHxvqyg@mail.gmail.com>
References: <CA+xs9fok5JkwASt6vQt560-foXSQrT-6mWW55RtSww6WHxvqyg@mail.gmail.com>
Message-ID: <01d101ce5b37$7d7399e0$785acda0$@cogeco.net>

Welcome to Geeklog Ben!

 

Thanks for being part of our GSOC project.

 

 

Tom

 

From: geeklog-devel-bounces at lists.geeklog.net
[mailto:geeklog-devel-bounces at lists.geeklog.net] On Behalf Of Benjamin Talic
Sent: May-27-13 4:10 PM
To: geeklog-devel at lists.geeklog.net
Subject: [geeklog-devel] GSoC

 

Hello,

My name is Benjamin Talic (Ben),
I got selected for the Geeklog Google Summer of Code project- Crowd
Translation plugin.
You can see my proposal here:
https://google-melange.appspot.com/gsoc/proposal/review/google/gsoc2013/beno
/9001.
I hope you like what you see there.

 

Any suggestions for the project are more than welcome, and I want to
apologize in advance for the questions I will ask here during the summer.

Best,
Ben

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist8.pair.net/pipermail/geeklog-devel/attachments/20130527/3c77481d/attachment.html>

From websitemaster at cogeco.net  Wed May 29 17:52:08 2013
From: websitemaster at cogeco.net (Tom)
Date: Wed, 29 May 2013 17:52:08 -0400
Subject: [geeklog-devel] Geeklog Comments spanning multiple pages for
	Article and Staticpages
Message-ID: <029401ce5cb6$c4ab0a70$4e011f50$@cogeco.net>

When articles and staticpages have a lot of comments Geeklog will produce
multiple pages for these comments (the default is after 100 comments).

 

For these pages a canonical link is created which points to the original
(first) page. This gets around the issue of duplicate content being
triggered for the content of the staticpage or article  but it doesn't
really address the fact that the comments on these pages are unique.

 

I was wondering if we should have a config option which would specify if you
want the article or staticpage being duplicate on these extra comment pages?
If you set this to false then they would not and the comments would be
listed (and we wouldn't need to use a canonical link here).

 

Thoughts?

 

Tom

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist8.pair.net/pipermail/geeklog-devel/attachments/20130529/299c4896/attachment.html>

From websitemaster at cogeco.net  Fri May 31 20:28:57 2013
From: websitemaster at cogeco.net (Tom)
Date: Fri, 31 May 2013 20:28:57 -0400
Subject: [geeklog-devel] Geeklog.net - File Management Plugin
Message-ID: <035001ce5e5f$04171a10$0c454e30$@cogeco.net>

Hey Dirk,

 

What are your plans with the file management plugin on Geeklog.net?

 

Tom

 

 

=========================================

Quote from previous email from Dirk:

 

>From what I can see, all 3 versions of the plugin behave in the same way:

 

orderby=titleD/*q*/ simply behaves like orderby=titleD. The reason for this
is that all 3 versions already run the parameter through COM_applyFilter()
which removes the comment.

 

orderby=titleD/q**/ throws an SQL error. However, that is not valid SQL
syntax. You can provoke the same error by simply writing orderby=blah

 

So this is simply a way to provoke an SQL error. This shouldn't happen, but
from what I can see, it's not a security issue since all the "dangerous"
characters you would need to make this a proper SQL injection are already
filtered.

 

The patch by hiroron (Thanks!) should take care of this problem.

 

bye, Dirk

 

=========================================

Quote from previous email by Laugh:

 

I was just about to mention the other plugin

 

http://www.geeklog.jp/downloads/index.php/downloads_1.1.0

 

A new version of the Downloads plugin (1.1.0) was released by Yoshinori
Tahara - dengen early in April (it is based on the original file management
plugin). The last time I talked to him about it was in February which he
said he was working on a version for Geeklog 2.0.0 to support the new theme
engine and a few other issues (see the included readme in the downloads
plugin archive).

 

It does include an import function from the original file management to
downloads plugin (fm2dm.php).

 

I also like some of the new features of the plugin like the grouping of a
project into a single download page.

 

I think it is probably worth switching over (it is also what Geeklog.jp and
Geeklog.fr are using) since someone is actively developing it.

 

If you are going to spend some time on the other file management plugin it
may be worthwhile just upgrading to this version instead.

 

I would do it now but it looks like I will be swamped with work this summer.

 

Tom

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist8.pair.net/pipermail/geeklog-devel/attachments/20130531/22e60532/attachment.html>