[geeklog-devtalk] geeklog-devel digest, Vol 1 #485 - 4 msgs
geeklog-devel-request at lists.geeklog.net
geeklog-devel-request at lists.geeklog.net
Fri Jan 21 13:00:02 EST 2005
Send geeklog-devel mailing list submissions to
geeklog-devel at lists.geeklog.net
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.geeklog.net/listinfo/geeklog-devel
or, via email, send a message with subject or body 'help' to
geeklog-devel-request at lists.geeklog.net
You can reach the person managing the list at
geeklog-devel-admin at lists.geeklog.net
When replying, please edit your Subject line so it is more specific
than "Re: Contents of geeklog-devel digest..."
Today's Topics:
1. Re: About the forum spammer (Tom Willett)
2. Re: Deleting comments (Tony Bibbs)
3. Re: Deleting comments (Dirk Haun)
4. Minimum requirements: MySQL (Dirk Haun)
--__--__--
Message: 1
Date: Thu, 20 Jan 2005 13:10:38 -0500
From: Tom Willett <tomw at pigstye.net>
To: geeklog-devel at lists.geeklog.net
Subject: Re: [geeklog-devel] About the forum spammer
Reply-To: geeklog-devel at lists.geeklog.net
This is a multi-part message in MIME format.
--------------080404080301060507040009
Content-Type: multipart/alternative;
boundary="------------050903080401040702020201"
--------------050903080401040702020201
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
On 1/19/2005 5:09 PM, Blaine Lang wrote:
>Yeh - Thanks Tom :)
>Another nice addition.
>
>So ... are you up for another extension to query the IP's if there are
>multiple links in the post?
>
>Or maybe we just reject posts with more then a set number of links :)
>
>Blaine
>
>----- Original Message -----
>From: "Dirk Haun" <dirk at haun-online.de>
>To: <geeklog-devel at lists.geeklog.net>
>Sent: Wednesday, January 19, 2005 4:02 PM
>Subject: Re: [geeklog-devel] About the forum spammer
>
>
>
>
>>Here you go.
>>
>>
>
>Thanks, Tom :-)
>
>But I guess line 44 in IP.Examine.class.php:
>
> if ($val = $_SERVER['REMOTE_ADDR'])) {
>
>should really read
>
> if ($val == $_SERVER['REMOTE_ADDR']) {
>
>i.e. add one '=', remove one ')'.
>
>
>Also, this seems to block by IP address. What I meant was that all the
>domains in the spam post resolve to a certain IP address. The spam post
>itself is sent from one of the hijacked PCs under the spammer's control,
>so blocking by their IP address won't help much in this case.
>
>It's still useful for other cases, so I'll probably be adding it to CVS
>anyway.
>
>bye, Dirk
>
>
>
>
Ok here is one that will check the IP of the urls and reject based on
the IP I had brush up on regex for this one.
--
Tom Willett
tomw at pigstye.net
--------------050903080401040702020201
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
On 1/19/2005 5:09 PM, Blaine Lang wrote:
<blockquote cite="mid02c501c4fe73$951e6db0$650a10ac at XPBL2" type="cite">
<pre wrap="">Yeh - Thanks Tom :)
Another nice addition.
So ... are you up for another extension to query the IP's if there are
multiple links in the post?
Or maybe we just reject posts with more then a set number of links :)
Blaine
----- Original Message -----
From: "Dirk Haun" <a class="moz-txt-link-rfc2396E" href="mailto:dirk at haun-online.de"><dirk at haun-online.de></a>
To: <a class="moz-txt-link-rfc2396E" href="mailto:geeklog-devel at lists.geeklog.net"><geeklog-devel at lists.geeklog.net></a>
Sent: Wednesday, January 19, 2005 4:02 PM
Subject: Re: [geeklog-devel] About the forum spammer
</pre>
<blockquote type="cite">
<pre wrap="">Here you go.
</pre>
</blockquote>
<pre wrap=""><!---->
Thanks, Tom :-)
But I guess line 44 in IP.Examine.class.php:
if ($val = $_SERVER['REMOTE_ADDR'])) {
should really read
if ($val == $_SERVER['REMOTE_ADDR']) {
i.e. add one '=', remove one ')'.
Also, this seems to block by IP address. What I meant was that all the
domains in the spam post resolve to a certain IP address. The spam post
itself is sent from one of the hijacked PCs under the spammer's control,
so blocking by their IP address won't help much in this case.
It's still useful for other cases, so I'll probably be adding it to CVS
anyway.
bye, Dirk
</pre>
</blockquote>
Ok here is one that will check the IP of the urls and reject based on
the IP I had brush up on regex for this one.<br>
<br>
<pre class="moz-signature" cols="72">--
Tom Willett
<a class="moz-txt-link-abbreviated" href="mailto:tomw at pigstye.net">tomw at pigstye.net</a>
</pre>
</body>
</html>
--------------050903080401040702020201--
--------------080404080301060507040009
Content-Type: application/x-gzip;
name="Spamx.IPofURL.tar.gz"
Content-Transfer-Encoding: base64
Content-Disposition: inline;
filename="Spamx.IPofURL.tar.gz"
H4sIAFnz70EAA+1Xe2/aSBDP33yKqRvVJs3FEOhFaoCWEJpGykuBtJVoDhl7gW2M7a7XTbhe
vvvN7hq6YGhatfeo5FGCwTszO6+dnV/bo/z4IhxeXZ7sNL0JDXZc34njnWgcbfwsKpVLpb1q
daOkaPn5rFwqb+D/XuX33Wfl6h7yV6vPKhtQ+mkWfIWSmDsMYIOFIf8a30PrvyjVXmCmC/bW
VmELXlGfPIe2rIjlYsDl7pjGgH98TCQTHF8c+I5749OYw2noJT6BYcjk+hEhN344gk7kTN7B
hZ+MfqPBo4LYpRVGU0ZHYw5Wqwi7pVIVBlMpNAx9P7ylwQichI9DFj9H9qb8Cil1wwm8pb5P
OJ+94uHk9mVERzGfkp2AcLnJCXVJEBMPksAjDI7OrtCkgDDHh4tk4FN3xlHYsgup+xeExWGA
HNIrZEC3hJ8hk0yMfEwoI/0wcIm12W+dn73qmZHDx+Y17IAZoY80iO0YPb6zD5yYLEXQLO4X
CvJXGmI8dMwHcsdJ4MUwl4DPBeGWsEn6JyIWxJwlrrBEvbLlc5gELqdhAB6NI9+ZWkX5WskL
GvnhAP1Rxm7j86jdFY+L8458dpsHJ+0Ofjtpnh31O+9KJTRxJqz7Cw/5y9BHGrjST03HpqMM
rEPr/LTvRJE/xSLjhFnSlp6p1s1rjM1Mhg7BIpOIT61UuljUXHpIq3BNmJnVe6+ZRQLOpuut
ksvrjJKLWZvWq0xNyirVLBL6527VwfQIljgxM7swEic+x20OD/ofE8KmlnnYPml32/Dq8vwU
TMzMLK09U6ZGZQtux4QRCJwJqRtp6RnQPDuET46f4DspqXxAdsPUzQTix2TJwi8lg0n0vJlz
S/ZKIaX1UR0MY3l9nU/HZ532ZReOz7rnX/HpTfPkqt0Ba+7Q9rIbRd0PFfLv8Qo7RNYnbHHE
ccfzFiDaSMhEE0SznDjd/v/kqVb4aadAE8zamDVqUaM2aJj7WYadxWBEA9ETzevVnGbNHjRq
NipL/AVtKxzuYLm2utjVHijYt6/bl+2lgtV93AxYeBsr1UEyucQfVrqfxoXJsjYpcpX38VGr
p2L44+nTzOFqKm1Dwt1xkzFsqFmFkpEg42azZ8qzowclGxifNmoOjBkZpmcsrZqYctJ3RL/v
J8xXPtuLPZXi1XUnOuoLN5xMnMCra/fGE1W0ddUonshCqIsNUBsJ3NDDO4oUZWk0VKmI7zXb
wTyhTabehdakFHOJ9SGFtUogZWWsSPeawjFXie1+gxhmawITghe+VzeiMOYGpG7+1NgZ6y2g
QZRw4NMIq47j1WxATP/EdBuVkpEWo2rkRuNJMIijff3zm7R2ksGE8rky5Z+x0IZXttY0lWsP
oIidvswIT1gw51ILaSuYDw4+DW4yU0MqaaQzHoRDEIPKfNYzZrpQ24vGfz3A5vRDlB6Jnfad
g+eJ/APo70H8V6mUdxX+29srVyu7Av9VStUc//0blMV/8pwL8JOtiSUQuAiYFF5SIqBwzq+M
Bo8D1088As0BYi/s0nPXWsI1wfhdgFA0dlNgvJa6j5Zwodoz3SIGwYR9H28/N2SeiAEPtXCf
pJ1YOvdShWchGCIK0OxCGgg4PO+CDIY9g6Cr4GdqWhaAnoU6BoWrmCzwu2vwqabhtUAftwS8
UOb2NmQ3q6EsuSNuwjGergrBg5B2jmH7VzhJ61h2ezZ/aoB0bpIyqzUmiPRFmap7DscJQAQ+
mF11Gq+t6Sh80cDIiNyJ7Axx5BDyCAB2cTwcfvQKK2TRotGdmL6tIY/+GnP8GOKpKz63bav3
h/3+fXz9tKhf8jjaInuEYv2Jg3Np3/F9y3j8WSq6f2xszwK1vSk2L+rgOzt9G4vT9+fM6H2v
z91mWiSmsQ3lbx69NfAfCKbS0jT+QU3jH/Rp/MOPTOM4On1tHhfZRQxQL+HQXxPxXDn8ox4a
oZqRmD5jPpiKCFgypr3d694mvV7aNgW3cvO6EF6J+FQIyvtg24DdggOW+JAy7JQ43lJOPxGQ
ac1Idi6ap+/62DQtfRwchtjBRKpki9GtW5ob54xq7FaHo2cm1DPXslZSVuR8I5gv26fn3Xa/
eXh4aWa9BxggDr5Zfn1fWP9LgW0REQxJNlwr9OkgdvZtNtiionwQzSmnnHLKKaeccsopp5xy
yimnnHJ6kP4GZCdV8wAoAAA=
--------------080404080301060507040009--
--__--__--
Message: 2
Date: Thu, 20 Jan 2005 13:03:06 -0600
From: Tony Bibbs <tony at tonybibbs.com>
To: geeklog-devel at lists.geeklog.net
Subject: Re: [geeklog-devel] Deleting comments
Reply-To: geeklog-devel at lists.geeklog.net
Dirk, actually, in the stubbed out functions I would put the require_once:
function COM_deleteComment()
{
require_once '/path/to/lib-comment.php';
CMT_deleteComment();
}
Gets around the issue of including code that probably won't be used and
it provides the backwards compatibility. Note that making this elegant
isn't a big deal as that the whole notion of deprecating the
COM_*Comment functions is that those functions will eventually go bye-bye.
Also, worth noting is that you shouldn't call require_once after you do
a function_exists. The overhead to check for the function is made up
automatically by simply calling require_once.
--Tony
Dirk Haun wrote:
>Tony,
>
>
>
>>Only issue with this sort of stuff is it will clearly break
>>compatiblity. I say you would leave the stubbed out functions in
>>lib-common.php, call the new library equivalent (i.e. COM_deleteComment
>>would call CMT_deleteComment) and then log a warning to error.log that
>>the function is deprecated and will be removed in a future version.
>>
>>
>
>That would still require lib-common.php to include the lib-comment.php
>then. Since comments are only used by a few components (and plugins) I
>was actually thinking about getting rid of that code entirely so that
>those components that actually need it would have to include this.
>
>if (!function_exists ('COM_comment')) {
> require_once ($_CONF['path_system'] . 'lib-comment.php');
>}
>
>Yeah, it would break compatibility. But then again, there are more flaws
>in the plugin API regarding comments (I'll post something about them
>later) and this would be a good opportunity to fix them all at once.
>
>Vinny, I'm not opposed to having a comment.class.php instead of the lib-
>comment.php if you think that makes sense.
>
>bye, Dirk
>
>
>
>
--__--__--
Message: 3
From: "Dirk Haun" <dirk at haun-online.de>
To: <geeklog-devel at lists.geeklog.net>
Subject: Re: [geeklog-devel] Deleting comments
Date: Fri, 21 Jan 2005 08:00:45 +0100
Organization: Terra Software Systems
Reply-To: geeklog-devel at lists.geeklog.net
Tony,
>Dirk, actually, in the stubbed out functions I would put the require_once:
>
>function COM_deleteComment()
>{
> require_once '/path/to/lib-comment.php';
> CMT_deleteComment();
>}
>
>Gets around the issue of including code that probably won't be used and
>it provides the backwards compatibility.
Makes perfect sense, thanks.
bye, Dirk
--
http://www.haun-online.de/
http://www.haun.info/
--__--__--
Message: 4
From: "Dirk Haun" <dirk at haun-online.de>
To: <geeklog-devel at lists.geeklog.net>
Date: Fri, 21 Jan 2005 18:51:52 +0100
Organization: Terra Software Systems
Subject: [geeklog-devel] Minimum requirements: MySQL
Reply-To: geeklog-devel at lists.geeklog.net
For the next Geeklog release, I'm going to raise the minimum requirements
_slightly_ again.
This time, it's the MySQL version: The new minimum requirement will be
3.23.2. Currently, we don't specifiy a minimum version and have even
incorporated changes to support 3.22 in the past.
As of MySQL 3.23.2 it's possible to have an index on a field that's
DEFAULT NULL. We take that into account in the inital install, but not in
upgrades and it's a real hassle to handle that in upgrades.
I think this is reasonable. MySQL AB have stopped supporting 3.22 long
ago, and anyone running on something older than 3.23.45 (or thereabouts)
is vulnerable to various security issues anyway. Not to mention that the
current version recommended for production use is 4.1.9.
I'm also going to change the install script such that it aborts the
install when it encounters PHP versions older than 4.1.0 or MySQL
versions older than 3.23.2.
Parallel to that, my goal for Geeklog 1.3.12 is to get rid of the old
"long" PHP HTTP arrays ($HTTP_GET_VARS, etc.) and only use the "short"
ones ($_GET). This will help people running PHP 5, where the old-style
arrays are disabled by default.
Since some plugins and add-ons may require the "long" arrays, I'm going
to add a warning to the install script for that case (as suggested by bug
report #360).
Does anyone see a problem with any of this?
bye, Dirk
--
http://www.geeklog.net/
http://geeklog.info/
--__--__--
_______________________________________________
geeklog-devel mailing list
geeklog-devel at lists.geeklog.net
http://lists.geeklog.net/listinfo/geeklog-devel
End of geeklog-devel Digest
More information about the geeklog-devtalk
mailing list