From komma at ivywe.co.jp Sat May 3 01:45:53 2014 From: komma at ivywe.co.jp (Komma Tetsuko) Date: Sat, 3 May 2014 14:45:53 +0900 Subject: [geeklog-devel] Next Geeklog Version - Feature Ideas In-Reply-To: References: <031d01cf4c2d$2dc75070$8955f150$@cogeco.net> Message-ID: Next version, I want these two feature. 1. Edit area system like Drupal. Edit area appear when mouse over. 2. When creating account, password strength support. (Easy password is dangerous.) -- Ivy From niemans at nlbox.com Sun May 4 17:27:51 2014 From: niemans at nlbox.com (Wim Niemans) Date: Sun, 4 May 2014 23:27:51 +0200 Subject: [geeklog-devel] Next Geeklog Version - Feature Ideas In-Reply-To: References: <031d01cf4c2d$2dc75070$8955f150$@cogeco.net>

Message-ID: <63AD723A-5930-4B98-A1CE-A388E4D6FA09@nlbox.com> When you amend login procedures it would be a good idea to sent a one-time token in the confirmation mail that must be retyped or pasted in a field of the verification routine, besides a new captcha, if enabled. In config one could set the expiration time for this one time token, i.e. 30 mins or 2 days. Wim On 03 May 2014, at 07:45, Komma Tetsuko wrote: > Next version, I want these two feature. > > 1. Edit area system like Drupal. > Edit area appear when mouse over. > > 2. When creating account, password strength support. > (Easy password is dangerous.) > > -- > Ivy > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://eight.pairlist.net/mailman/listinfo/geeklog-devel > From websitemaster at cogeco.net Sun May 11 19:49:37 2014 From: websitemaster at cogeco.net (Tom) Date: Sun, 11 May 2014 19:49:37 -0400 Subject: [geeklog-devel] SPAM-X Plugin and the SLV module Message-ID: <000001cf6d73$ab313870$0193a950$@cogeco.net> The SLV (Spam Link Verification) module is not working. The error.log reports: Sun May 11 17:18:29 2014 - 188.68.254.51 - Error communicating with SLV: Connection refused; Message was (@xml version="1.0" encoding="UTF-8"@) The website www.linksleeve.org is down so it looks like the whole service is offline. Did you want to reach out Dirk to see what is up? For right now I have disabled the module on Geeklog.net I also have run into a problem of replying to Ivy's forum post: https://www.geeklog.net/forum/createtopic.php?method=postreply&forum=17&id=9 5647 The error message is from mail.php in the pear library : E_WARNING(2) - mail() [function.mail]: Bad parameters to mail() function, mail not sent. .... Which is called from COM_mail which is called from createtopic.php I have a feeling it is a multi-language issue but I will have to check into it further. Tom -----Original Message----- From: geeklog-devel-bounces at lists.geeklog.net [mailto:geeklog-devel-bounces at lists.geeklog.net] On Behalf Of Wim Niemans Sent: May-04-14 5:28 PM To: Geeklog Development Subject: Re: [geeklog-devel] Next Geeklog Version - Feature Ideas When you amend login procedures it would be a good idea to sent a one-time token in the confirmation mail that must be retyped or pasted in a field of the verification routine, besides a new captcha, if enabled. In config one could set the expiration time for this one time token, i.e. 30 mins or 2 days. Wim On 03 May 2014, at 07:45, Komma Tetsuko wrote: > Next version, I want these two feature. > > 1. Edit area system like Drupal. > Edit area appear when mouse over. > > 2. When creating account, password strength support. > (Easy password is dangerous.) > > -- > Ivy > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://eight.pairlist.net/mailman/listinfo/geeklog-devel > _______________________________________________ geeklog-devel mailing list geeklog-devel at lists.geeklog.net http://eight.pairlist.net/mailman/listinfo/geeklog-devel From dirk at haun-online.de Mon May 12 01:59:25 2014 From: dirk at haun-online.de (Dirk Haun) Date: Mon, 12 May 2014 07:59:25 +0200 Subject: [geeklog-devel] SPAM-X Plugin and the SLV module In-Reply-To: <000001cf6d73$ab313870$0193a950$@cogeco.net> References: <000001cf6d73$ab313870$0193a950$@cogeco.net> Message-ID: <9337AC52-7030-4FFE-8117-E9527238034F@haun-online.de> Tom wrote: > The website www.linksleeve.org is down so it looks like the whole service is > offline. > > Did you want to reach out Dirk to see what is up? Will do. bye, Dirk -- http://www.themobilepresenter.com/ From komma at ivywe.co.jp Mon May 12 06:06:24 2014 From: komma at ivywe.co.jp (=?UTF-8?B?5LuK6aeS5ZOy5a2Q?=) Date: Mon, 12 May 2014 19:06:24 +0900 Subject: [geeklog-devel] Geeklog Pagnation In-Reply-To: <6CCDEA4B-3701-4F1B-8A8D-451114407C79@nlbox.com> References: <031b01cf4c29$2bf60fb0$83e22f10$@cogeco.net> <6CCDEA4B-3701-4F1B-8A8D-451114407C79@nlbox.com> Message-ID: HTML 5 theme. Geeklog 2.0 HTML5 CSS3 Responsive WEB design theme: http://www.winkey.jp/downloads/index.php/winkey12 Geeklog hack for HTML5 please see details the document. -- Ivy From websitemaster at cogeco.net Mon May 12 21:18:12 2014 From: websitemaster at cogeco.net (Tom) Date: Mon, 12 May 2014 21:18:12 -0400 Subject: [geeklog-devel] SPAM-X Plugin and the SLV module In-Reply-To: <000001cf6d73$ab313870$0193a950$@cogeco.net> References: <000001cf6d73$ab313870$0193a950$@cogeco.net> Message-ID: <008e01cf6e49$3588cee0$a09a6ca0$@cogeco.net> After some tests it looks like that the pear library doesn't like the Japanese subject for some reason when the email gets sent to her in her native language about a new forum post. The subject is encoded like so: ["subject"]=> string(116) "=?utf-8?Q?Geeklog=20-=20=E6=8E=B2=E7=A4=BA=E6=9D=BF?==?utf-8?Q?=E6=8A=95?= =?utf-8?Q?=E7=A8=BF=E9=80=9A=E7=9F=A5?=" If I blank out the subject in the code the email will go through if I don't it errors out like so: E_WARNING(2) - mail() [function.mail]: Bad parameters to mail() function, mail not sent. @ /usr/home/geeklog/geeklog/system/pear/Mail/mail.php line 153 Call Stack # Function File Line 1 mail /usr/home/geeklog/geeklog/system/pear/Mail/mail.php 153 2 send /usr/www/users/geeklog/lib-common.php 4246 3 COM_mail /usr/www/users/geeklog/forum/createtopic.php 1127 4 gf_chknotifications /usr/www/users/geeklog/forum/createtopic.php 364 -----Original Message----- From: geeklog-devel-bounces at lists.geeklog.net [mailto:geeklog-devel-bounces at lists.geeklog.net] On Behalf Of Tom Sent: May-11-14 7:50 PM To: 'Geeklog Development' Subject: [geeklog-devel] SPAM-X Plugin and the SLV module I also have run into a problem of replying to Ivy's forum post: https://www.geeklog.net/forum/createtopic.php?method=postreply&forum=17&id=9 5647 The error message is from mail.php in the pear library : E_WARNING(2) - mail() [function.mail]: Bad parameters to mail() function, mail not sent. .... Which is called from COM_mail which is called from createtopic.php I have a feeling it is a multi-language issue but I will have to check into it further. Tom From niemans at nlbox.com Fri May 16 19:08:53 2014 From: niemans at nlbox.com (Wim Niemans) Date: Sat, 17 May 2014 01:08:53 +0200 Subject: [geeklog-devel] security issue editor(s) Message-ID: <68BC76E6-12EA-42B1-843A-345A30BCBD18@nlbox.com> See http://project.geeklog.net/tracking/view.php?id=1763 Summary: editor files are wide open for abuse Description: If an anonymous attacker 'knows' the exact url, all files of FCKeditor are wide open for abuse. Some html display errors, like no valid xml response from server, and all php execute. Maybe this is also true for the CKeditor. Additional Information: Can this be solved by a htaccess entry? ---------------------------------------------------------------------- This needs special attention because attacks are detected on the file manager connector already. Wim -------------- next part -------------- An HTML attachment was scrubbed... URL: From websitemaster at cogeco.net Sat May 17 10:52:05 2014 From: websitemaster at cogeco.net (Tom) Date: Sat, 17 May 2014 10:52:05 -0400 Subject: [geeklog-devel] security issue editor(s) In-Reply-To: <68BC76E6-12EA-42B1-843A-345A30BCBD18@nlbox.com> References: <68BC76E6-12EA-42B1-843A-345A30BCBD18@nlbox.com> Message-ID: <008301cf71df$91f015f0$b5d041d0$@cogeco.net> I believe it was Dengen who integrated the CKEditor so hopefully he will provide a more in-depth answer. I have never really taken a good look at the editor code but pre Geeklog 2.0.0 the FCKEditor files were always accessible by anyone who knew the exact url (just like now). I assume that the authors of the editor software have taken this into account and provided the necessary security measures. For the file manager / editor php files that tie in with Geeklog, they either do not allow direct access or have Geeklog's security in place to make sure the user has access to the feature. This is the same type of security used to access our admin interface etc. The downside of using popular open source code for different features is you will get bots looking for security holes. I get tons of bots hitting my site looking for specific wordpress and joomla files. One feature request to maybe make things more secure is that we could allow only so many requests by an ip to a feature they don't have access to before it is blocked for a period of time. The problem with this is we could also end up blocking Googlebot etc.. by accident (when they try to access stuff they shouldn't) As far as htaccess that is not my expertise (I am a IIS guy) so maybe someone else can comment on it Tom From: geeklog-devel [mailto:geeklog-devel-bounces at lists.geeklog.net] On Behalf Of Wim Niemans Sent: May-16-14 7:09 PM To: Geeklog Development Subject: [geeklog-devel] security issue editor(s) See http://project.geeklog.net/tracking/view.php?id=1763 Summary: editor files are wide open for abuse Description: If an anonymous attacker 'knows' the exact url, all files of FCKeditor are wide open for abuse. Some html display errors, like no valid xml response from server, and all php execute. Maybe this is also true for the CKeditor. Additional Information: Can this be solved by a htaccess entry? ---------------------------------------------------------------------- This needs special attention because attacks are detected on the file manager connector already. Wim -------------- next part -------------- An HTML attachment was scrubbed... URL: From niemans at nlbox.com Sat May 17 11:28:35 2014 From: niemans at nlbox.com (Wim Niemans) Date: Sat, 17 May 2014 17:28:35 +0200 Subject: [geeklog-devel] security issue editor(s) In-Reply-To: <008301cf71df$91f015f0$b5d041d0$@cogeco.net> References: <68BC76E6-12EA-42B1-843A-345A30BCBD18@nlbox.com> <008301cf71df$91f015f0$b5d041d0$@cogeco.net> Message-ID: > The downside of using popular open source code for different features is you will get bots looking for security holes. I get tons of bots hitting my site looking for specific wordpress and joomla files. Quite interesting. I?m running GL now for more than 10 years, and my new site gains about 1Gb/month access without a clear clue why. I?m blocking any IP that tries to login more than 1 time in a second. My Apache log is now containing nearly exclusive the access denied apache message. And this makes me wonder. I run several sites, and this one is the only one with heavy hacker access. Since 10 years. It?s also the only one running GL 2. I have 2 thoughts on this: [1]: there must be something resident in GL that attracts hackers and thelike. Maybe it is just the published access log? [2]: this type of access would be useful to earn some money, f.i. with Ad words on these specific spots and registration pages. > One feature request to maybe make things more secure is that we could allow only so many requests by an ip to a feature they don?t have access to before it is blocked for a period of time. The problem with this is we could also end up blocking Googlebot etc.. by accident (when they try to access stuff they shouldn?t) Well, if GoogleBot tries to login, it should be blocked immediately, don?t you agree? And?.all these accesses to non-authorised places could be equipped with targeted ad?s. Isn?t that a great way to exploit hacking? I see a lot of login/registration spoofing with disposable email addresses (lives 30 mins). And I think the easy way to avoid these spammer logins/registrations would be setting a cookie with a one time token. That cookie exists as long as the new user needs to come again after receiving the confirmation email. Which means that next access is only granted when the site is visited again with the very same browser instance. Wim On 17 May 2014, at 16:52, Tom wrote: > I believe it was Dengen who integrated the CKEditor so hopefully he will provide a more in-depth answer. > > I have never really taken a good look at the editor code but pre Geeklog 2.0.0 the FCKEditor files were always accessible by anyone who knew the exact url (just like now). > > I assume that the authors of the editor software have taken this into account and provided the necessary security measures. > > For the file manager / editor php files that tie in with Geeklog, they either do not allow direct access or have Geeklog?s security in place to make sure the user has access to the feature. This is the same type of security used to access our admin interface etc? > > The downside of using popular open source code for different features is you will get bots looking for security holes. I get tons of bots hitting my site looking for specific wordpress and joomla files. > > One feature request to maybe make things more secure is that we could allow only so many requests by an ip to a feature they don?t have access to before it is blocked for a period of time. The problem with this is we could also end up blocking Googlebot etc.. by accident (when they try to access stuff they shouldn?t) > > As far as htaccess that is not my expertise (I am a IIS guy) so maybe someone else can comment on it > > Tom > > From: geeklog-devel [mailto:geeklog-devel-bounces at lists.geeklog.net] On Behalf Of Wim Niemans > Sent: May-16-14 7:09 PM > To: Geeklog Development > Subject: [geeklog-devel] security issue editor(s) > > > See http://project.geeklog.net/tracking/view.php?id=1763 > > Summary: editor files are wide open for abuse > Description: > If an anonymous attacker 'knows' the exact url, all files of FCKeditor are wide > open for abuse. > Some html display errors, like no valid xml response from server, and all php > execute. > Maybe this is also true for the CKeditor. > > Additional Information: > Can this be solved by a htaccess entry? > ---------------------------------------------------------------------- > This needs special attention because attacks are detected on the file manager > connector already. > > Wim > > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://eight.pairlist.net/mailman/listinfo/geeklog-devel -------------- next part -------------- An HTML attachment was scrubbed... URL: From websitemaster at cogeco.net Sat May 17 12:44:51 2014 From: websitemaster at cogeco.net (Tom) Date: Sat, 17 May 2014 12:44:51 -0400 Subject: [geeklog-devel] security issue editor(s) In-Reply-To: References: <68BC76E6-12EA-42B1-843A-345A30BCBD18@nlbox.com> <008301cf71df$91f015f0$b5d041d0$@cogeco.net> Message-ID: <00a201cf71ef$52d64410$f882cc30$@cogeco.net> >> Well, if GoogleBot tries to login, it should be blocked immediately, don't you agree? Actually I was referring to Googlebot for some reason trying to access my admin page for the Gus plugin. To fix this I should really block Googlebot from the directory using robots.txt. What I was trying to say is I don't really want an automated process to accidently block Googlebot from access to my entire site. From: geeklog-devel [mailto:geeklog-devel-bounces at lists.geeklog.net] On Behalf Of Wim Niemans Sent: May-17-14 11:29 AM To: Geeklog Development Subject: Re: [geeklog-devel] security issue editor(s) The downside of using popular open source code for different features is you will get bots looking for security holes. I get tons of bots hitting my site looking for specific wordpress and joomla files. Quite interesting. I'm running GL now for more than 10 years, and my new site gains about 1Gb/month access without a clear clue why. I'm blocking any IP that tries to login more than 1 time in a second. My Apache log is now containing nearly exclusive the access denied apache message. And this makes me wonder. I run several sites, and this one is the only one with heavy hacker access. Since 10 years. It's also the only one running GL 2. I have 2 thoughts on this: [1]: there must be something resident in GL that attracts hackers and thelike. Maybe it is just the published access log? [2]: this type of access would be useful to earn some money, f.i. with Ad words on these specific spots and registration pages. One feature request to maybe make things more secure is that we could allow only so many requests by an ip to a feature they don't have access to before it is blocked for a period of time. The problem with this is we could also end up blocking Googlebot etc.. by accident (when they try to access stuff they shouldn't) Well, if GoogleBot tries to login, it should be blocked immediately, don't you agree? And..all these accesses to non-authorised places could be equipped with targeted ad's. Isn't that a great way to exploit hacking? I see a lot of login/registration spoofing with disposable email addresses (lives 30 mins). And I think the easy way to avoid these spammer logins/registrations would be setting a cookie with a one time token. That cookie exists as long as the new user needs to come again after receiving the confirmation email. Which means that next access is only granted when the site is visited again with the very same browser instance. Wim On 17 May 2014, at 16:52, Tom wrote: I believe it was Dengen who integrated the CKEditor so hopefully he will provide a more in-depth answer. I have never really taken a good look at the editor code but pre Geeklog 2.0.0 the FCKEditor files were always accessible by anyone who knew the exact url (just like now). I assume that the authors of the editor software have taken this into account and provided the necessary security measures. For the file manager / editor php files that tie in with Geeklog, they either do not allow direct access or have Geeklog's security in place to make sure the user has access to the feature. This is the same type of security used to access our admin interface etc. The downside of using popular open source code for different features is you will get bots looking for security holes. I get tons of bots hitting my site looking for specific wordpress and joomla files. One feature request to maybe make things more secure is that we could allow only so many requests by an ip to a feature they don't have access to before it is blocked for a period of time. The problem with this is we could also end up blocking Googlebot etc.. by accident (when they try to access stuff they shouldn't) As far as htaccess that is not my expertise (I am a IIS guy) so maybe someone else can comment on it Tom From: geeklog-devel [mailto:geeklog-devel-bounces at lists.geeklog.net] On Behalf Of Wim Niemans Sent: May-16-14 7:09 PM To: Geeklog Development Subject: [geeklog-devel] security issue editor(s) See http://project.geeklog.net/tracking/view.php?id=1763 Summary: editor files are wide open for abuse Description: If an anonymous attacker 'knows' the exact url, all files of FCKeditor are wide open for abuse. Some html display errors, like no valid xml response from server, and all php execute. Maybe this is also true for the CKeditor. Additional Information: Can this be solved by a htaccess entry? ---------------------------------------------------------------------- This needs special attention because attacks are detected on the file manager connector already. Wim _______________________________________________ geeklog-devel mailing list geeklog-devel at lists.geeklog.net http://eight.pairlist.net/mailman/listinfo/geeklog-devel -------------- next part -------------- An HTML attachment was scrubbed... URL: From ironmax at spacequad.com Sat May 17 14:47:57 2014 From: ironmax at spacequad.com (Michael Brusletten) Date: Sat, 17 May 2014 14:47:57 -0400 Subject: [geeklog-devel] geeklog-devel Digest, Vol 93, Issue 6 In-Reply-To: References: Message-ID: Wim, I'm really surprised that your not using ZBBLOCK by now. It eliminates the overhead in so many ways, not to also the hits on the web server not having to process the extra traffic. The signature file(s) are customizable to what you want to allow to pass or not. The reason is simple on why hackers/spammers do what they do. Greed, for fun, don't care about anyone else. Plus, any other reason you could think of, that would be beneficial to themself. Michael Message: 2 Date: Sat, 17 May 2014 17:28:35 +0200 From: Wim Niemans To: Geeklog Development Subject: Re: [geeklog-devel] security issue editor(s) Message-ID: Content-Type: text/plain; charset="windows-1252" > The downside of using popular open source code for different features is > you will get bots looking for security holes. I get tons of bots hitting > my site looking for specific wordpress and joomla files. Quite interesting. I?m running GL now for more than 10 years, and my new site gains about 1Gb/month access without a clear clue why. I?m blocking any IP that tries to login more than 1 time in a second. My Apache log is now containing nearly exclusive the access denied apache message. And this makes me wonder. I run several sites, and this one is the only one with heavy hacker access. Since 10 years. It?s also the only one running GL 2. I have 2 thoughts on this: [1]: there must be something resident in GL that attracts hackers and thelike. Maybe it is just the published access log? [2]: this type of access would be useful to earn some money, f.i. with Ad words on these specific spots and registration pages. > One feature request to maybe make things more secure is that we could > allow only so many requests by an ip to a feature they don?t have access > to before it is blocked for a period of time. The problem with this is we > could also end up blocking Googlebot etc.. by accident (when they try to > access stuff they shouldn?t) Well, if GoogleBot tries to login, it should be blocked immediately, don?t you agree? And?.all these accesses to non-authorised places could be equipped with targeted ad?s. Isn?t that a great way to exploit hacking? I see a lot of login/registration spoofing with disposable email addresses (lives 30 mins). And I think the easy way to avoid these spammer logins/registrations would be setting a cookie with a one time token. That cookie exists as long as the new user needs to come again after receiving the confirmation email. Which means that next access is only granted when the site is visited again with the very same browser instance. Wim On 17 May 2014, at 16:52, Tom wrote: > I believe it was Dengen who integrated the CKEditor so hopefully he will > provide a more in-depth answer. From websitemaster at cogeco.net Mon May 19 10:26:39 2014 From: websitemaster at cogeco.net (Tom) Date: Mon, 19 May 2014 10:26:39 -0400 Subject: [geeklog-devel] SPAM-X Plugin and the SLV module In-Reply-To: <9337AC52-7030-4FFE-8117-E9527238034F@haun-online.de> References: <000001cf6d73$ab313870$0193a950$@cogeco.net> <9337AC52-7030-4FFE-8117-E9527238034F@haun-online.de> Message-ID: <014601cf736e$5949a870$0bdcf950$@cogeco.net> FYI everybody: Linksleeve.org is back up and the SLV module is working again. -----Original Message----- From: geeklog-devel-bounces at lists.geeklog.net [mailto:geeklog-devel-bounces at lists.geeklog.net] On Behalf Of Dirk Haun Sent: May-12-14 1:59 AM To: Geeklog Development Subject: Re: [geeklog-devel] SPAM-X Plugin and the SLV module Tom wrote: > The website www.linksleeve.org is down so it looks like the whole > service is offline. > > Did you want to reach out Dirk to see what is up? Will do. bye, Dirk -- http://www.themobilepresenter.com/ _______________________________________________ geeklog-devel mailing list geeklog-devel at lists.geeklog.net http://eight.pairlist.net/mailman/listinfo/geeklog-devel From niemans at nlbox.com Mon May 26 17:14:55 2014 From: niemans at nlbox.com (Wim Niemans) Date: Mon, 26 May 2014 23:14:55 +0200 Subject: [geeklog-devel] new auto tags in gl2.1 Message-ID: <0692FE5F-C454-48C5-90FA-25291BB3B3F0@nlbox.com> Two new auto tags are introduced: related_items and related_topics. The related_topics auto tag is processed by the story/topic, but the processing of related_items auto tag gives plugin a change to to add content. However it is not clear where this content is inserted, and it is also not very clear what the interface is. It seems that the glTypes, like article, link, etc, are not handed to the plugins at all. The syntax [related_items:id type:plugin max:max_items_listed trim:max_length include:plugin] is confusing. F.i. what is ?plugin? (2x) ? And what is ?id? referring to? Than the auto-tag must be inserted in the story text, but will not display there? Both auto tags could be very useful for plugins and need some clear documentation. Whenever these auto tags make it into a proper plugin call, it would be wise to include the (calling) id and title in the interface since these fields should be enough to generate related_links. Thoughts? Wim From websitemaster at cogeco.net Mon May 26 17:48:42 2014 From: websitemaster at cogeco.net (Tom) Date: Mon, 26 May 2014 17:48:42 -0400 Subject: [geeklog-devel] new auto tags in gl2.1 In-Reply-To: <0692FE5F-C454-48C5-90FA-25291BB3B3F0@nlbox.com> References: <0692FE5F-C454-48C5-90FA-25291BB3B3F0@nlbox.com> Message-ID: <008201cf792c$42d7e200$c887a600$@cogeco.net> >> Both auto tags could be very useful for plugins and need some clear documentation. True... This only works for items that are assigned topics. With the default Geeklog install this includes articles and staticpages [related_items:id type:plugin max:max_items_listed trim:max_length include:plugin] related_items: - Id of item you want to display related items for type: - the name of the plugin (article, staticpages, etc...) that the id is for (since ids may not be unique). This is what is stored in the type column of the topic_assignments table. max: - max number of items to display trim: - max character length of item titles include: - default of this is to include all related types of items found. You can specify only to return certain related items. Related_topics works in the same way and returns a list of all topics that the item belongs to. You can see this in action on the article display page by the "Filed Under" caption When listed the items I believe the autotags use the standard COM_makeList function found in lib-common. Tom -----Original Message----- From: geeklog-devel [mailto:geeklog-devel-bounces at lists.geeklog.net] On Behalf Of Wim Niemans Sent: May-26-14 5:15 PM To: Geeklog Development Subject: [geeklog-devel] new auto tags in gl2.1 Two new auto tags are introduced: related_items and related_topics. The related_topics auto tag is processed by the story/topic, but the processing of related_items auto tag gives plugin a change to to add content. However it is not clear where this content is inserted, and it is also not very clear what the interface is. It seems that the glTypes, like article, link, etc, are not handed to the plugins at all. The syntax [related_items:id type:plugin max:max_items_listed trim:max_length include:plugin] is confusing. F.i. what is 'plugin' (2x) ? And what is 'id' referring to? Than the auto-tag must be inserted in the story text, but will not display there? Both auto tags could be very useful for plugins and need some clear documentation. Whenever these auto tags make it into a proper plugin call, it would be wise to include the (calling) id and title in the interface since these fields should be enough to generate related_links. Thoughts? Wim _______________________________________________ geeklog-devel mailing list geeklog-devel at lists.geeklog.net http://eight.pairlist.net/mailman/listinfo/geeklog-devel From websitemaster at cogeco.net Mon May 26 17:56:28 2014 From: websitemaster at cogeco.net (Tom) Date: Mon, 26 May 2014 17:56:28 -0400 Subject: [geeklog-devel] Next Geeklog Version - Feature Ideas In-Reply-To: <04bf01cf4ed7$7c21aa70$7464ff50$@cogeco.net> References: <031d01cf4c2d$2dc75070$8955f150$@cogeco.net> <596EA234-28E5-4D30-A353-6726BFC535A9@nlbox.com> <04bf01cf4ed7$7c21aa70$7464ff50$@cogeco.net> Message-ID: <008701cf792d$58d384a0$0a7a8de0$@cogeco.net> For the next version of Geeklog another feature request I think we need to prioritize is the lock down of certain features so admins can create a demo site. http://project.geeklog.net/tracking/view.php?id=1059 Tom -----Original Message----- From: geeklog-devel-bounces at lists.geeklog.net [mailto:geeklog-devel-bounces at lists.geeklog.net] On Behalf Of Tom Sent: April-02-14 8:56 PM To: 'Geeklog Development' Subject: Re: [geeklog-devel] Next Geeklog Version - Feature Ideas Some good ideas 1. Yes some sort of comments admin list and editor would be helpful. 2. I agree. A lot of staticpages are not really static anymore. Maybe default the name to "page" with the ability to have 301 redirects from the old "staticpage" directory. I would still want the ability to keep the directory name staticpage for my older sites (or other names if someone desires). Would have to figure out the best way to do this though. The other idea here would be to introduce into Geeklog Core some sort of php routing framework like Klein (https://github.com/chriso/klein.php). The staticpage plugin could make use of it and we could eventually add topics, articles, etc... 3. Not sure exactly what you mean here. Are you looking just to update the modified files from a previous version? 4. The configuration has a data filter. I wonder if we can update it to make use of it somehow? It allows custom filters ( like number ranges, email, paths, etc). I am sure there are open source filter classes for sanitizing and validating maybe one of those would meet Geeklogs needs. There is even a PHP filter extension. We would have to look into this one further. Tom -----Original Message----- From: geeklog-devel-bounces at lists.geeklog.net [mailto:geeklog-devel-bounces at lists.geeklog.net] On Behalf Of cordiste Sent: March-31-14 9:22 AM To: Geeklog Development Subject: Re: [geeklog-devel] Next Geeklog Version - Feature Ideas Hi, Here are my top feature requests: 1. An admin page for comments, with comments list, delete and edition links will be helpfull. 2. Rename staticpages plugin to pages plugin or allow name customisation for the folder public_html/staticpages 3. A tool to check files from a geeklog install to get list of modified files, files that are not part of the distribution... 4. A function to filter submitted variable like /** * Filters submitted variables * * Uses geeklog functions to filter submitted variables for illegal content. Any editing is * done in place and no value is returned * * @param array $vars associative array of variable name => type (type in (number,alpha,text,html)) * @param array &$arr reference to associative array of variable name => value */ function paypal_filterVars($vars, &$arr) { // cycle through each variable applying the appropriate filter foreach ($vars as $var => $type) { switch ($type) { case 'number': $arr[$var] = COM_applyFilter($arr[$var], true); break; case 'html': $arr[$var] = COM_checkHTML($arr[$var], 'paypal.admin'); break; case 'text': $arr[$var] = htmlspecialchars(strip_tags(COM_stripslashes($arr[$var]))); break; case 'alpha': default: $arr[$var] = COM_applyFilter($arr[$var], false); break; } } } Maybe we could also publish a story on geeklog.net to ask ideas to the community and publish a poll with the 10 or 20 big ideas. Ben 2014-03-31 10:57 GMT+02:00 Wim Niemans : > > Needs that exist, not knowing if, or when yes, how they are implemented: > > - proper handling of ajax requests > - a generic template (like there is for a glPlugin) for REST api's > > - generic exception class > - proper exception handler > > - resource class for javaScript and stylesheets, integrated in a > extensionable page class > > - language class wrapper to access language array's in a multi > language environment. > > - better config class: add xPath capabilities > > - add invitations (to fight spammer registrations) > - add a system Glossary (may pick up the glossary plugin) > > - support microFormats: vcf, ics, foaf, .... > > So far, so good. The following feature is highest on my list, but a > huge workload: introduce accounts. > GL supports users, userGroups and accessRights. The feature has a > linux look and feel and allows for read/write access configuration per user, group, 'members' and anonymous. The state of the art is very, very good. > The proposal is to add accounts (as a security and privacy measure). > The idea is that a user (a human, not a bot), is just a user and that there is a different principal (the account) that is allowed to use the system. Though it resemble userGroups, it is not the same. > In order to use the system, there is a account created; this account > has a owner, and manages the access rights. > New users must 'subscribe' to a account and the account owner can > allow users to 'subscribe'. > Extrema are a installation with one account and a installation where > every user has a different account. Both display backward compatibility, but need extra code in core. > Having accounts allows for deleting a certain user without loosing content. User are offered private content to share with their own, private, community. Several admin features will go in account scope. > Having accounts wil eliminate spamming since spam will be encapsulated into a account. > If ever GL moves into document management or stories will become documents, account are a must-have. > > If there are more interested developers four this feature, I am > willing to set up a discussion to have the specs worked out. I've done this before (with a LDAP at it's heart), but it was java. > > Wim > > On 30 Mar 2014, at 17:31, Tom wrote: > >> >> What does everyone want to see in the next version of Geeklog? >> >> Ideas I have so far: >> >> - Create a page class (see pagination discussion) >> - Cleanup of Core >> - Drop support of COM_SiteHeader, COM_SiteFooter (means a >> number of popular plugins will have to get updated) >> - Drop support for LDAP and Live Journal authentication >> - Drop support for MSSQL / PGSQL ??? (One, both or none) >> - HTML 5 theme (if added drop old Professional theme) >> - Integrate GSOC Calendar project (Ben??) >> - Including the Menu Plugin with Geeklog distributions >> - Plugin Repository GSOC project >> >> These are just some of my ideas to open up a discussion on what we >> want and can accomplish. Anyone have any other ideas or comments on mine? >> >> Based on the outcome of this discussion I will update our poor >> unutilized Roadmap page :-) >> http://wiki.geeklog.net/index.php/Proposed_Roadmap >> >> Tom >> >> _______________________________________________ >> geeklog-devel mailing list >> geeklog-devel at lists.geeklog.net >> http://eight.pairlist.net/mailman/listinfo/geeklog-devel >> > > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://eight.pairlist.net/mailman/listinfo/geeklog-devel > _______________________________________________ geeklog-devel mailing list geeklog-devel at lists.geeklog.net http://eight.pairlist.net/mailman/listinfo/geeklog-devel _______________________________________________ geeklog-devel mailing list geeklog-devel at lists.geeklog.net http://eight.pairlist.net/mailman/listinfo/geeklog-devel From komma at ivywe.co.jp Mon May 26 20:20:03 2014 From: komma at ivywe.co.jp (=?UTF-8?B?5LuK6aeS5ZOy5a2Q?=) Date: Tue, 27 May 2014 09:20:03 +0900 Subject: [geeklog-devel] Next Geeklog Version - Feature Ideas In-Reply-To: <008701cf792d$58d384a0$0a7a8de0$@cogeco.net> References: <031d01cf4c2d$2dc75070$8955f150$@cogeco.net> <596EA234-28E5-4D30-A353-6726BFC535A9@nlbox.com> <04bf01cf4ed7$7c21aa70$7464ff50$@cogeco.net> <008701cf792d$58d384a0$0a7a8de0$@cogeco.net> Message-ID: Tom, > admins can create a demo site It's nice. Thanks. and, front-end framework UIkit is nice one. I want many themes with this UIkit and HTML5 CSS3 responsive web design. Ivy -- 2014-05-27 6:56 GMT+09:00 Tom : > For the next version of Geeklog another feature request I think we need to > prioritize is the lock down of certain features so admins can create a demo > site. > > http://project.geeklog.net/tracking/view.php?id=1059 > > Tom > > > -----Original Message----- > From: geeklog-devel-bounces at lists.geeklog.net > [mailto:geeklog-devel-bounces at lists.geeklog.net] On Behalf Of Tom > Sent: April-02-14 8:56 PM > To: 'Geeklog Development' > Subject: Re: [geeklog-devel] Next Geeklog Version - Feature Ideas > > Some good ideas > > 1. Yes some sort of comments admin list and editor would be helpful. > > 2. I agree. A lot of staticpages are not really static anymore. Maybe > default the name to "page" with the ability to have 301 redirects from the > old "staticpage" directory. I would still want the ability to keep the > directory name staticpage for my older sites (or other names if someone > desires). Would have to figure out the best way to do this though. The other > idea here would be to introduce into Geeklog Core some sort of php routing > framework like Klein (https://github.com/chriso/klein.php). The staticpage > plugin could make use of it and we could eventually add topics, articles, > etc... > > 3. Not sure exactly what you mean here. Are you looking just to update the > modified files from a previous version? > > 4. The configuration has a data filter. I wonder if we can update it to > make use of it somehow? It allows custom filters ( like number ranges, > email, paths, etc). > I am sure there are open source filter classes for sanitizing and validating > maybe one of those would meet Geeklogs needs. There is even a PHP filter > extension. We would have to look into this one further. > > Tom > -----Original Message----- > From: geeklog-devel-bounces at lists.geeklog.net > [mailto:geeklog-devel-bounces at lists.geeklog.net] On Behalf Of cordiste > Sent: March-31-14 9:22 AM > To: Geeklog Development > Subject: Re: [geeklog-devel] Next Geeklog Version - Feature Ideas > > Hi, > > Here are my top feature requests: > > 1. An admin page for comments, with comments list, delete and edition links > will be helpfull. > 2. Rename staticpages plugin to pages plugin or allow name customisation for > the folder public_html/staticpages 3. A tool to check files from a geeklog > install to get list of modified files, files that are not part of the > distribution... > 4. A function to filter submitted variable like > > /** > * Filters submitted variables > * > * Uses geeklog functions to filter submitted variables for illegal content. > Any editing is > * done in place and no value is returned > * > * @param array $vars associative array of variable name => type (type in > (number,alpha,text,html)) > * @param array &$arr reference to associative array of variable name => > value */ function paypal_filterVars($vars, &$arr) { > // cycle through each variable applying the appropriate filter > foreach ($vars as $var => $type) { > switch ($type) { > case 'number': > $arr[$var] = COM_applyFilter($arr[$var], true); > break; > > case 'html': > $arr[$var] = COM_checkHTML($arr[$var], 'paypal.admin'); > break; > > case 'text': > $arr[$var] = > htmlspecialchars(strip_tags(COM_stripslashes($arr[$var]))); > break; > > case 'alpha': > default: > $arr[$var] = COM_applyFilter($arr[$var], false); > break; > } > } > } > > > Maybe we could also publish a story on geeklog.net to ask ideas to the > community and publish a poll with the 10 or 20 big ideas. > > Ben > > 2014-03-31 10:57 GMT+02:00 Wim Niemans : >> >> Needs that exist, not knowing if, or when yes, how they are implemented: >> >> - proper handling of ajax requests >> - a generic template (like there is for a glPlugin) for REST api's >> >> - generic exception class >> - proper exception handler >> >> - resource class for javaScript and stylesheets, integrated in a >> extensionable page class >> >> - language class wrapper to access language array's in a multi >> language > environment. >> >> - better config class: add xPath capabilities >> >> - add invitations (to fight spammer registrations) >> - add a system Glossary (may pick up the glossary plugin) >> >> - support microFormats: vcf, ics, foaf, .... >> >> So far, so good. The following feature is highest on my list, but a >> huge > workload: introduce accounts. >> GL supports users, userGroups and accessRights. The feature has a >> linux > look and feel and allows for read/write access configuration per user, > group, 'members' and anonymous. The state of the art is very, very good. >> The proposal is to add accounts (as a security and privacy measure). >> The > idea is that a user (a human, not a bot), is just a user and that there is a > different principal (the account) that is allowed to use the system. Though > it resemble userGroups, it is not the same. >> In order to use the system, there is a account created; this account >> has a > owner, and manages the access rights. >> New users must 'subscribe' to a account and the account owner can >> allow > users to 'subscribe'. >> Extrema are a installation with one account and a installation where >> every > user has a different account. Both display backward compatibility, but need > extra code in core. >> Having accounts allows for deleting a certain user without loosing > content. User are offered private content to share with their own, private, > community. Several admin features will go in account scope. >> Having accounts wil eliminate spamming since spam will be encapsulated > into a account. >> If ever GL moves into document management or stories will become > documents, account are a must-have. >> >> If there are more interested developers four this feature, I am >> willing to > set up a discussion to have the specs worked out. I've done this before > (with a LDAP at it's heart), but it was java. >> >> Wim >> >> On 30 Mar 2014, at 17:31, Tom wrote: >> >>> >>> What does everyone want to see in the next version of Geeklog? >>> >>> Ideas I have so far: >>> >>> - Create a page class (see pagination discussion) >>> - Cleanup of Core >>> - Drop support of COM_SiteHeader, COM_SiteFooter (means a >>> number of popular plugins will have to get updated) >>> - Drop support for LDAP and Live Journal authentication >>> - Drop support for MSSQL / PGSQL ??? (One, both or none) >>> - HTML 5 theme (if added drop old Professional theme) >>> - Integrate GSOC Calendar project (Ben??) >>> - Including the Menu Plugin with Geeklog distributions >>> - Plugin Repository GSOC project >>> >>> These are just some of my ideas to open up a discussion on what we >>> want and can accomplish. Anyone have any other ideas or comments on mine? >>> >>> Based on the outcome of this discussion I will update our poor >>> unutilized Roadmap page :-) >>> http://wiki.geeklog.net/index.php/Proposed_Roadmap >>> >>> Tom From niemans at nlbox.com Tue May 27 04:55:57 2014 From: niemans at nlbox.com (Wim Niemans) Date: Tue, 27 May 2014 10:55:57 +0200 Subject: [geeklog-devel] new auto tags in gl2.1 In-Reply-To: <008201cf792c$42d7e200$c887a600$@cogeco.net> References: <0692FE5F-C454-48C5-90FA-25291BB3B3F0@nlbox.com> <008201cf792c$42d7e200$c887a600$@cogeco.net> Message-ID: <5FFBC436-595D-4E3D-8AC6-6EF8750DF579@nlbox.com> Thanks, Tom, for clarification. Let me rephrase my problems with understanding: ?type? is either the name of the plugin, either what is listed in the type-column of the topic assignments table. Examples: article, staticpage, link, block, gallery, captcha, menu Please do correct me here. ?id? is the id known by and interpreted by the plugin. The plugin can interpret the ?id? in it?s own way ? There must be a doc explaining what plugin expects what ?id? ? It seems clear that current core plugins expect in ?id? a value that is known on forehand when the auto tag is input. In which case this auto tag is nothing more that the story link, unless it analyses the article text to get related_items from it (and becomes vulnerable for recursion). ?include? is very obscure. It says: include all related types of items found. Is that magic? Testing reveals that this auto-tag, when used with type:article, either (include: is empty) displays one link to the story with the specified ?id?, either (include:plugin) lists ?no related items found', either (include:article) lists all the stories found in the topic of the story with the specified id (in other words: it?s siblings in the topic tree). And the latter is just one level deep: it does not list the topics found, neither the stories within the found topic-depth. Anyway, what I was looking for, is a PLG_call to trigger all the plugins to spit out related information (links, xref?s, comments) based on the actual content of the type that contains the auto tag. Of course, I could implement a auto tag myplugin:related doing this, but must lack the title, id and meta information. Wim On 26 May 2014, at 23:48, Tom wrote: >>> Both auto tags could be very useful for plugins and need some clear > documentation. > > True... This only works for items that are assigned topics. With the default > Geeklog install this includes articles and staticpages > > [related_items:id type:plugin max:max_items_listed trim:max_length > include:plugin] > > related_items: - Id of item you want to display related items for > type: - the name of the plugin (article, staticpages, etc...) that the id is > for (since ids may not be unique). This is what is stored in the type column > of the topic_assignments table. > max: - max number of items to display > trim: - max character length of item titles > include: - default of this is to include all related types of items found. > You can specify only to return certain related items. > > Related_topics works in the same way and returns a list of all topics that > the item belongs to. You can see this in action on the article display page > by the "Filed Under" caption > > When listed the items I believe the autotags use the standard COM_makeList > function found in lib-common. > > Tom > > > > -----Original Message----- > From: geeklog-devel [mailto:geeklog-devel-bounces at lists.geeklog.net] On > Behalf Of Wim Niemans > Sent: May-26-14 5:15 PM > To: Geeklog Development > Subject: [geeklog-devel] new auto tags in gl2.1 > > > Two new auto tags are introduced: related_items and related_topics. > > The related_topics auto tag is processed by the story/topic, but the > processing of related_items auto tag gives plugin a change to to add > content. > However it is not clear where this content is inserted, and it is also not > very clear what the interface is. > It seems that the glTypes, like article, link, etc, are not handed to the > plugins at all. > The syntax [related_items:id type:plugin max:max_items_listed > trim:max_length include:plugin] is confusing. F.i. what is 'plugin' (2x) ? > And what is 'id' referring to? > Than the auto-tag must be inserted in the story text, but will not display > there? > > Both auto tags could be very useful for plugins and need some clear > documentation. > Whenever these auto tags make it into a proper plugin call, it would be wise > to include the (calling) id and title in the interface since these fields > should be enough to generate related_links. > > Thoughts? > > Wim > > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://eight.pairlist.net/mailman/listinfo/geeklog-devel > > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://eight.pairlist.net/mailman/listinfo/geeklog-devel > From websitemaster at cogeco.net Tue May 27 06:56:30 2014 From: websitemaster at cogeco.net (Tom) Date: Tue, 27 May 2014 06:56:30 -0400 Subject: [geeklog-devel] new auto tags in gl2.1 In-Reply-To: <5FFBC436-595D-4E3D-8AC6-6EF8750DF579@nlbox.com> References: <0692FE5F-C454-48C5-90FA-25291BB3B3F0@nlbox.com> <008201cf792c$42d7e200$c887a600$@cogeco.net> <5FFBC436-595D-4E3D-8AC6-6EF8750DF579@nlbox.com> Message-ID: <009f01cf799a$5097e4d0$f1c7ae70$@cogeco.net> Sorry I haven`t gone more in-depth on this. (Side note: I have been really busy at work and at home hence the delay of me getting a few things done. I have been itching to put more time into Geeklog but that realistically probably will not happen till the end of summer.) As you found out the related items autotag is nothing fancy. It just lists any items that belong to the same topics as the item id it is given. If nothing else belongs to the topics then nothing is returned. It doesn`t take child topics into account but this could easily be added with a flag in the autotag and a few code tweaks. To do anything more fancy would require a new plugin api as you stated... probably something similar to the search api. Tom -----Original Message----- From: geeklog-devel [mailto:geeklog-devel-bounces at lists.geeklog.net] On Behalf Of Wim Niemans Sent: May-27-14 4:56 AM To: Geeklog Development Subject: Re: [geeklog-devel] new auto tags in gl2.1 Thanks, Tom, for clarification. Let me rephrase my problems with understanding: 'type' is either the name of the plugin, either what is listed in the type-column of the topic assignments table. Examples: article, staticpage, link, block, gallery, captcha, menu Please do correct me here. 'id' is the id known by and interpreted by the plugin. The plugin can interpret the 'id' in it's own way ? There must be a doc explaining what plugin expects what 'id' ? It seems clear that current core plugins expect in 'id' a value that is known on forehand when the auto tag is input. In which case this auto tag is nothing more that the story link, unless it analyses the article text to get related_items from it (and becomes vulnerable for recursion). 'include' is very obscure. It says: include all related types of items found. Is that magic? Testing reveals that this auto-tag, when used with type:article, either (include: is empty) displays one link to the story with the specified 'id', either (include:plugin) lists 'no related items found', either (include:article) lists all the stories found in the topic of the story with the specified id (in other words: it's siblings in the topic tree). And the latter is just one level deep: it does not list the topics found, neither the stories within the found topic-depth. Anyway, what I was looking for, is a PLG_call to trigger all the plugins to spit out related information (links, xref's, comments) based on the actual content of the type that contains the auto tag. Of course, I could implement a auto tag myplugin:related doing this, but must lack the title, id and meta information. Wim On 26 May 2014, at 23:48, Tom wrote: >>> Both auto tags could be very useful for plugins and need some clear > documentation. > > True... This only works for items that are assigned topics. With the > default Geeklog install this includes articles and staticpages > > [related_items:id type:plugin max:max_items_listed trim:max_length > include:plugin] > > related_items: - Id of item you want to display related items for > type: - the name of the plugin (article, staticpages, etc...) that the > id is for (since ids may not be unique). This is what is stored in the > type column of the topic_assignments table. > max: - max number of items to display > trim: - max character length of item titles > include: - default of this is to include all related types of items found. > You can specify only to return certain related items. > > Related_topics works in the same way and returns a list of all topics > that the item belongs to. You can see this in action on the article > display page by the "Filed Under" caption > > When listed the items I believe the autotags use the standard > COM_makeList function found in lib-common. > > Tom > > > > -----Original Message----- > From: geeklog-devel [mailto:geeklog-devel-bounces at lists.geeklog.net] > On Behalf Of Wim Niemans > Sent: May-26-14 5:15 PM > To: Geeklog Development > Subject: [geeklog-devel] new auto tags in gl2.1 > > > Two new auto tags are introduced: related_items and related_topics. > > The related_topics auto tag is processed by the story/topic, but the > processing of related_items auto tag gives plugin a change to to add > content. > However it is not clear where this content is inserted, and it is also > not very clear what the interface is. > It seems that the glTypes, like article, link, etc, are not handed to > the plugins at all. > The syntax [related_items:id type:plugin max:max_items_listed > trim:max_length include:plugin] is confusing. F.i. what is 'plugin' (2x) ? > And what is 'id' referring to? > Than the auto-tag must be inserted in the story text, but will not > display there? > > Both auto tags could be very useful for plugins and need some clear > documentation. > Whenever these auto tags make it into a proper plugin call, it would > be wise to include the (calling) id and title in the interface since > these fields should be enough to generate related_links. > > Thoughts? > > Wim > > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://eight.pairlist.net/mailman/listinfo/geeklog-devel > > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://eight.pairlist.net/mailman/listinfo/geeklog-devel > _______________________________________________ geeklog-devel mailing list geeklog-devel at lists.geeklog.net http://eight.pairlist.net/mailman/listinfo/geeklog-devel From cordiste at free.fr Tue May 27 15:19:43 2014 From: cordiste at free.fr (cordiste) Date: Tue, 27 May 2014 21:19:43 +0200 Subject: [geeklog-devel] geeklog 2.1.0b1 Local File Include Vulnerability Message-ID: Did someone read this? ----------[exploit Debut] [Local File Include Vulnerability] ----------[Author Info] Name : JIKO ----------[Script Info] Site : https://www.geeklog.net/ Download : https://www.geeklog.net/filemgmt/upload_dir/geeklog-2.1.0b1.tar.gz Name : geeklog-2.1.0b1 Version : 2.1.0b1 ----------[exploit Info] ~[LFI] http://path/public_html/layout/modern_curve/style.css.php?theme=../robots.txt ----------[exploit Fin] //The information contained within this publication is //supplied "as-is"with no warranties or guarantees of fitness //of use or otherwise.Bot24, Inc nor Bradley Sean Susser accepts //responsibility for any damage caused by the use or misuse of //this information Source http://bot24.blogspot.fr/2014/05/geeklog-210b1-local-file-include.html From websitemaster at cogeco.net Sat May 31 09:13:10 2014 From: websitemaster at cogeco.net (Tom) Date: Sat, 31 May 2014 09:13:10 -0400 Subject: [geeklog-devel] Geeklog.net Beta 1 and Forum Message-ID: <000601cf7cd2$1261cf10$37256d30$@cogeco.net> Hi All, Sorry I have been extremely busy these last few months and for the next month or so it doesn't look like it will change. In the next week or so I want to try and get the forum bug fixed where you can't reply to a forum post that includes a message from someone who has set their language to Japanese. Question: I would like to get the final release of Geeklog 2.1.0 out the door. Should we release it now with the knowledge that there are a few minor bugs yet to be squashed? Or, should we wait until they get fixed? (some I am having a hard time reproducing). I am leaning towards a release just because I know I probably will not have enough time to work on them. Once the bugs get fixed we can then release Geeklog 2.1.1 or something. Thoughts? Tom