[geeklog-devtalk] geeklog-devel digest, Vol 1 #329 - 4 msgs

geeklog-devel-request at lists.geeklog.net geeklog-devel-request at lists.geeklog.net
Wed Jun 9 13:00:03 EDT 2004

Previous message: [geeklog-devtalk] geeklog-devel digest, Vol 1 #328 - 3 msgs
Next message: [geeklog-devtalk] mode = XML for stories
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Send geeklog-devel mailing list submissions to
geeklog-devel at lists.geeklog.net

To subscribe or unsubscribe via the World Wide Web, visit
http://lists.geeklog.net/listinfo/geeklog-devel
or, via email, send a message with subject or body 'help' to
geeklog-devel-request at lists.geeklog.net

You can reach the person managing the list at
geeklog-devel-admin at lists.geeklog.net

When replying, please edit your Subject line so it is more specific
than "Re: Contents of geeklog-devel digest..."

Today's Topics:

1. Re: PDF feature.... (Dirk Haun)
2. Re: PDF feature.... (Tony Bibbs)
3. Re: PDF feature.... (Dirk Haun)
4. Re: PDF feature.... (Tony Bibbs)

--__--__--

Message: 1
From: "Dirk Haun" <dirk at haun-online.de>
To: <geeklog-devel at lists.geeklog.net>
Subject: Re: [geeklog-devel] PDF feature....
Date: Tue, 8 Jun 2004 21:24:19 +0200
Organization: Terra Software Systems
Reply-To: geeklog-devel at lists.geeklog.net

Tony,

got the PDF code working, but haven't really played much with it yet. A
couple of observations nonetheless:

>4) Optional support of HTML tidy. Again, this requires yet another

>third party tool to be installed so this is disabled by default

This seems to be _en_abled by default in the config.php in CVS:

$_CONF['use_html_tidy'] = 1;

>5) Font point size is configurable

9pt is a bit small for the default - I'd suggest making that 10pt.

>This needs testing, particularly on windows.

Speaking of Windows: is_executable() is not available on Windows. We had
the same problem with mysqldump in admin/database.php.

Workaround:

if (function_exists ('is_executable')) {
$is_exec = is_executable ('htmldoc');
} else {
$is_exec = file_exists ('htmldoc');
}

Also, according to its documentation, htmldoc only understands HTML 3.2
(and most of 4.0) - so why the XHTML?

The PDF option should also be listed in the Story Options block (article.php).

The "pdfs" directory is not in CVS. If you create it, put some dummy file
in it (a README or something), please, or it may not make it into the
release tarballs.

Can anyone confirm that we can freely use the PDF logo? I couldn't find
anything on Adobe's site, but then again I didn't try too hard ...

bye, Dirk

--
http://www.haun-online.de/
http://www.tinyweb.de/

--__--__--

Message: 2
Date: Tue, 08 Jun 2004 15:23:48 -0500
From: Tony Bibbs <tony at tonybibbs.com>
To: geeklog-devel at lists.geeklog.net
Subject: Re: [geeklog-devel] PDF feature....
Reply-To: geeklog-devel at lists.geeklog.net

Dirk Haun wrote:

>Tony,

>

>got the PDF code working, but haven't really played much with it yet. A

>couple of observations nonetheless:

>

>

>

<grin>Good</grin>

>This seems to be _en_abled by default in the config.php in CVS:

>

>$_CONF['use_html_tidy'] = 1;

>

>

>

K, I'll have to fix that. I'm sure my comments say otherwise

>9pt is a bit small for the default - I'd suggest making that 10pt.

>

>

>

Consider it changed

>Speaking of Windows: is_executable() is not available on Windows. We had

>the same problem with mysqldump in admin/database.php.

>

>Workaround:

>

> if (function_exists ('is_executable')) {

> $is_exec = is_executable ('htmldoc');

> } else {

> $is_exec = file_exists ('htmldoc');

> }

>

>

>

Duly noted. I'll updated accordingly. Obviously I've been out-of-touch
with CVS being I don't even recall is_executable being a problem

>Also, according to its documentation, htmldoc only understands HTML 3.2

>(and most of 4.0) - so why the XHTML?

>

>

Hrm, good point. I'll verify it again and change if that is right.

>The PDF option should also be listed in the Story Options block (article.php).

>

>

Good catch, forgot about it

>The "pdfs" directory is not in CVS. If you create it, put some dummy file

>in it (a README or something), please, or it may not make it into the

>release tarballs.

>

>

Yeah, I have the directory and a README already, just forgot to add it
it CVS

>Can anyone confirm that we can freely use the PDF logo? I couldn't find

>anything on Adobe's site, but then again I didn't try too hard ...

>

>

Dunno, I made that logo myself with GIMP. I see similar looking logos
(albeit prettier) on that icon site you sent me some time ago (the one
with GPL icons). I bet we are OK here but, of course, IANAL.

--__--__--

Message: 3
From: "Dirk Haun" <dirk at haun-online.de>
To: <geeklog-devel at lists.geeklog.net>
Subject: Re: [geeklog-devel] PDF feature....
Date: Wed, 9 Jun 2004 18:29:17 +0200
Organization: Terra Software Systems
Reply-To: geeklog-devel at lists.geeklog.net

Tony,

>This code also deserves a look from the security perspective.

function PDF_servePDF() should check the path before attempting the download.

I've managed to download a PDF from some place outside of the webserver's
webtree. For non-PDF files, it at least tells me if that file exists or
not. There may be ways to trick it into downloading non-PDF files, too.
And even if that is not possible, it at least enables me to snoop around
on the webserver.

bye, Dirk

--
http://www.haun-online.de/
http://geeklog.info/

--__--__--

Message: 4
Date: Wed, 09 Jun 2004 11:49:34 -0500
From: Tony Bibbs <tony at tonybibbs.com>
To: geeklog-devel at lists.geeklog.net
Subject: Re: [geeklog-devel] PDF feature....
Reply-To: geeklog-devel at lists.geeklog.net

Yeah, I guess I was blindly trusting the downloader class to be secure
enough. I will fix PDF_servePDF() but don't be surprised if I make a
minor change to the downloader class to do handle this more elegantly.
Guess I should check the getimage.php page too, huh?

--Tony

Dirk Haun wrote:

>Tony,

>

>

>

>>This code also deserves a look from the security perspective.

>>

>>

>

>function PDF_servePDF() should check the path before attempting the download.

>

>I've managed to download a PDF from some place outside of the webserver's

>webtree. For non-PDF files, it at least tells me if that file exists or

>not. There may be ways to trick it into downloading non-PDF files, too.

>And even if that is not possible, it at least enables me to snoop around

>on the webserver.

>

>bye, Dirk

>

>

>

>

--__--__--

_______________________________________________
geeklog-devel mailing list
geeklog-devel at lists.geeklog.net
http://lists.geeklog.net/listinfo/geeklog-devel

End of geeklog-devel Digest

Previous message: [geeklog-devtalk] geeklog-devel digest, Vol 1 #328 - 3 msgs
Next message: [geeklog-devtalk] mode = XML for stories
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the geeklog-devtalk mailing list