[geeklog-devtalk] geeklog-devel digest, Vol 1 #491 - 13 msgs
geeklog-devel-request at lists.geeklog.net
geeklog-devel-request at lists.geeklog.net
Thu Jan 27 12:09:00 EST 2005
Send geeklog-devel mailing list submissions to
geeklog-devel at lists.geeklog.net
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.geeklog.net/listinfo/geeklog-devel
or, via email, send a message with subject or body 'help' to
geeklog-devel-request at lists.geeklog.net
You can reach the person managing the list at
geeklog-devel-admin at lists.geeklog.net
When replying, please edit your Subject line so it is more specific
than "Re: Contents of geeklog-devel digest..."
Today's Topics:
1. Re: Allowable HTML and 'style' (Dirk Haun)
2. SpamX documentation (Dirk Haun)
3. Re: SpamX documentation (Vincent Furia)
4. Re: SpamX documentation (Dirk Haun)
5. Re: SpamX documentation (Tom Willett)
6. Re: SpamX documentation (Dirk Haun)
7. HTTP_Session2 (Tony Bibbs)
8. KSES and PHP5 (Tony Bibbs)
9. PLG_commentPreSave (Vincent Furia)
10. Re: PLG_commentPreSave (Tony Bibbs)
11. Re: PLG_commentPreSave (Blaine Lang)
12. Re: HTTP_Session2 (Blaine Lang)
13. Re: HTTP_Session2 (Tony Bibbs)
--__--__--
Message: 1
From: "Dirk Haun" <dirk at haun-online.de>
To: <geeklog-devel at lists.geeklog.net>
Subject: Re: [geeklog-devel] Allowable HTML and 'style'
Date: Wed, 26 Jan 2005 19:58:26 +0100
Organization: Terra Software Systems
Reply-To: geeklog-devel at lists.geeklog.net
Rob,
>Why is it erasing 'border:', but leaving everything else?
That's a known bug /misbehaving feature in the kses filter: It thinks
it's a protocol and since it's not one of those that are allowed, it
removes it. You can, apparently, play tricks with javascript: in CSS and
it's trying to protect you from that ...
Workaround: Put your definitions in a class and use that.
bye, Dirk
--
http://www.haun-online.de/
http://www.tinyweb.de/
--__--__--
Message: 2
From: "Dirk Haun" <dirk at haun-online.de>
To: <geeklog-devel at lists.geeklog.net>
Date: Wed, 26 Jan 2005 20:23:02 +0100
Organization: Terra Software Systems
Subject: [geeklog-devel] SpamX documentation
Reply-To: geeklog-devel at lists.geeklog.net
I did some house cleaning on the SpamX documentation. There was a second
spamx.html in the plugin's directory, in addition to the one in docs. I
somehow synced the two and then only kept the one in docs. I've also
updated the Developer.txt file in the plugin's directory.
Tom, could you have a look at those two files (in CVS), please, to see if
they're up to date now?
And, to answer that question from lib-comment.php:
// FIXME: is 'plugin=spamx' needed here?
echo COM_refresh($_CONF['site_url'] . '/index.php?
msg='.$result.'&plugin=spamx');
Yes, Vinny, that parameter is needed ;-) That's something Blaine
introduced in 1.3.10 (I think) so that plugins can display their own messages.
Btw, I've also added Tom's two IP-based filtering modules to CVS.
bye, Dirk
--
http://www.haun-online.de/
http://www.handful-of-sparks.de/
--__--__--
Message: 3
Date: Wed, 26 Jan 2005 14:37:15 -0500
From: Vincent Furia <vfuria at gmail.com>
To: geeklog-devel at lists.geeklog.net
Subject: Re: [geeklog-devel] SpamX documentation
Reply-To: geeklog-devel at lists.geeklog.net
On Wed, 26 Jan 2005 20:23:02 +0100, Dirk Haun <dirk at haun-online.de> wrote:
>
> And, to answer that question from lib-comment.php:
>
> // FIXME: is 'plugin=spamx' needed here?
> echo COM_refresh($_CONF['site_url'] . '/index.php?
> msg='.$result.'&plugin=spamx');
>
> Yes, Vinny, that parameter is needed ;-) That's something Blaine
> introduced in 1.3.10 (I think) so that plugins can display their own messages.
But what happens if another plugin uses the PLG_checkforSpam API to
remove a post? With spamx hardcoded in the refresh link, the error
message may be problematic... Perhaps having the plugin API return a
HTML string (i.e. a redirect) instead of having Geeklog decide where
to refresh to would be a better solution?
Actually there is another problem with the entire block of code:
// Let plugins have a chance to check for SPAM
$result = PLG_checkforSpam($comment, $_CONF['spamx']); // <-- SPAMX
// Now check the result and redirect to index.php if spam action was taken
if ($result > 0) {
// notice no return value here to prevent spam based denail of
service attack
// FIXME: is 'plugin=spamx' needed here?
echo COM_refresh($_CONF['site_url'] .
'/index.php?msg='.$result.'&plugin=spamx'); // <-- SPAMX
exit;
}
Notice the two references to spamx (the refresh and $_CONF['spamx']),
another plugin would have a lot of trouble using this. I think we
should generalize this so other plugin could (conceivably) use it.
-Vinny
--__--__--
Message: 4
From: "Dirk Haun" <dirk at haun-online.de>
To: <geeklog-devel at lists.geeklog.net>
Subject: Re: [geeklog-devel] SpamX documentation
Date: Wed, 26 Jan 2005 20:55:48 +0100
Organization: Terra Software Systems
Reply-To: geeklog-devel at lists.geeklog.net
Vinny,
>Notice the two references to spamx (the refresh and $_CONF['spamx']),
>another plugin would have a lot of trouble using this.
You mean another plugin that would like to filter spam?
>I think we
>should generalize this so other plugin could (conceivably) use it.
The problem here is that you may have one plugin calling another. I know
Blaine and Tom struggled with this for a while and this is what they came
up with.
If you have a better solution, let's hear it ...
bye, Dirk
--
http://www.haun-online.de/
http://geeklog.info/
--__--__--
Message: 5
Date: Wed, 26 Jan 2005 15:25:23 -0500
From: Tom Willett <tomw at pigstye.net>
To: geeklog-devel at lists.geeklog.net
Subject: Re: [geeklog-devel] SpamX documentation
Reply-To: geeklog-devel at lists.geeklog.net
This is a multi-part message in MIME format.
--------------060201070504080003040708
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
On 1/26/2005 2:23 PM, Dirk Haun wrote:
>I did some house cleaning on the SpamX documentation. There was a second
>spamx.html in the plugin's directory, in addition to the one in docs. I
>somehow synced the two and then only kept the one in docs. I've also
>updated the Developer.txt file in the plugin's directory.
>
>Tom, could you have a look at those two files (in CVS), please, to see if
>they're up to date now?
>
>And, to answer that question from lib-comment.php:
>
> // FIXME: is 'plugin=spamx' needed here?
> echo COM_refresh($_CONF['site_url'] . '/index.php?
>msg='.$result.'&plugin=spamx');
>
>Yes, Vinny, that parameter is needed ;-) That's something Blaine
>introduced in 1.3.10 (I think) so that plugins can display their own messages.
>
>Btw, I've also added Tom's two IP-based filtering modules to CVS.
>
>bye, Dirk
>
>
>
>
You caught me at a good time.
Here is an updated spamx.html.
--
Tom Willett
tomw at pigstye.net
--------------060201070504080003040708
Content-Type: text/html;
name="spamx.html"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="spamx.html"
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Geeklog Documentation - SpamX Plugin</title>
<link rel="stylesheet" type="text/css" href="docstyle.css" title="Dev Stylesheet">
</head>
<body>
<table cellpadding="2" cellspacing="2" border="0" width="100%">
<tr>
<td valign="top"><img src="images/newlogo.gif" alt="Geeklog Documentation" width="243" height="90" border="0"></td>
</tr>
<tr>
<td valign="top" class="menu"><a href="index.html">Geeklog Documentation</a> - SpamX Plugin</td>
</tr>
</table>
<h1>SpamX Plugin</h1>
<h2>Introduction</h2>
<p>The Geeklog SpamX plugin was created to fight the problem of comment spam
for Geeklog systems. If you are unfamiliar with comment spam you might see the
<a href="http://kalsey.com/2003/11/comment_spam_manifesto/">Comment Spam
Manifesto</a>.</p>
<h2>MT-Blacklist</h2>
<p>The main mechanism SpamX uses to fight comment spam is to use the blacklist
created by Jay Allen and Movable Type users - MT-Blacklist. You can find out
info about this project at <a href="http://www.jayallen.org/comment_spam/">http://www.jayallen.org/comment_spam/</a>. Jay has taken
it upon himself not only to write and support the plugin for Movable Type but
also to maintain the blacklist. This requires human effort to review all the
submissions and determine which are really spam and which are just noise. If
you have a few extra bucks drop by Jay's website above and drop a few dollars
in his PayPal account to show your appreciation.</p>
<p>The MT-Blacklist theory is that comment spammers do it to increase their
Google rankings and therefore the link is all important. The MT-Blacklist
therefore only filters on urls.</p>
<h2>Other options</h2>
<p>The MT-Blacklist is only one part of the Geeklog SpamX plugin however. The
SpamX plugin has its own personal blacklist that you can add to. You can
use it to filter anything from comments. One option is to import the Geeklog
<a href="config.html#desc_censorlist">censor list</a> and ban all comments
which contain one of those words. This or an expanded list might be usefull
for a website that caters to children. Then no comments with offensive
language could be posted.</p>
<h2>Module types</h2>
<p>The SpamX plugin was built to be expandable to easily adapt to changes the
comment spammers might make. There are three types of modules: <b>admin</b>,
<b>examine</b> and <b>action</b>. A new module is contained in a file and can
simply be dropped in and it will be added to the plugin. The modules with
which the plugin ships are:</p>
<ul>
<li>Admin
<ul>
<li>View SpamX log</li>
<li>Update MT-Blacklist</li>
<li>Edit Personal Blacklist</li>
<li>Edit IP Of Spammer Blacklist</li>
<li>Edit IP Of Link Blacklist</li>
<li>Mass Delete Comments</li>
</ul></li>
<li>Examine
<ul>
<li>MT-Blacklist</li>
<li>Personal Blacklist</li>
<li>IP of Spammer</li>
<li>IP of Link</li>
</ul></li>
<li>Action
<ul>
<li>Delete Comment if on Blacklist</li>
<li>Mail Admin if Comment Rejected</li>
</ul></li>
</ul>
<p>Other modules can be just dropped into place and they will become
available to the plugin. To remove a module just
delete it from the spamx directory or rename it. Planned modules include:</p>
<ul>
<li>Admin
<ul>
<li>Comparing MT-Blacklist and personal blacklist to eliminate
duplications</li>
<li>Parsing comments and automatic adding spam links</li>
</ul></li>
<li>Examine
<ul>
<li>Specialized blacklists. (These are in planning stages)</li>
</ul></li>
<li>Action
<ul>
<li>Save comment for review</li>
</ul></li>
</ul>
<p>Action modules are each assigned a number and the actions taken when a
spam comment is found can be designated by a configuration variable. Note:
the spamx interface has been generalized and can be called by other modules
and plugins. See the developer docs for details.</p>
<h2>Plugin Homepage</h2>
<p>Further information as well as a support forum for the SpamX plugin can be
found on the <a href="http://www.pigstye.net/gplugs/staticpages/index.php/spamx">SpamX Plugin's Homepage</a>.</p>
<table border="0" width="100%" class="footer">
<tr valign="top">
<td colspan="2"><a href="http://www.geeklog.net">The Geeklog Documentation Project</a><br>
All trademarks and copyrights on this page are owned by their respective owners. GeekLog is copyleft.</td>
</tr>
</table>
</body>
</html>
--------------060201070504080003040708--
--__--__--
Message: 6
From: "Dirk Haun" <dirk at haun-online.de>
To: <geeklog-devel at lists.geeklog.net>
Subject: Re: [geeklog-devel] SpamX documentation
Date: Wed, 26 Jan 2005 22:15:56 +0100
Organization: Terra Software Systems
Reply-To: geeklog-devel at lists.geeklog.net
Tom Willett wrote:
>Here is an updated spamx.html.
... and it's in CVS now. Thanks, Tom :-)
bye, Dirk
--
http://www.haun-online.de/
http://www.haun.info/
--__--__--
Message: 7
Date: Wed, 26 Jan 2005 21:24:59 -0600
From: Tony Bibbs <tony at tonybibbs.com>
To: geeklog-devel at lists.geeklog.net
Subject: [geeklog-devel] HTTP_Session2
Reply-To: geeklog-devel at lists.geeklog.net
Thanks to help from Justin, I have some alpha code done of
HTTP_Session2. Right now it only supports Creole and, to be nice, I
have to get the other containers working (PEAR::DB, PEAR::MDB, etc).
Anyway, as soon as that is done, I'll be making code changes to
Geeklog-2 to start using it.
I wouldn't suppose anybody would have the hardware and ability to run
load balance Geeklog-2 on two or more web servers, would they?
--Tony
--__--__--
Message: 8
Date: Thu, 27 Jan 2005 10:04:38 -0600
From: Tony Bibbs <tony at tonybibbs.com>
To: geeklog-devel at lists.geeklog.net
Subject: [geeklog-devel] KSES and PHP5
Reply-To: geeklog-devel at lists.geeklog.net
This is a multi-part message in MIME format.
--------------040604000504050800050602
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
This is just an FYI. I'll be ripping out the current class and
replacing it with this. The current one is CVS was my attempt to port
it but I'm sure they are doing a better job of maintaining and testing
it so no need in assuming that responsibilty.
--Tony
-------- Original Message --------
Subject: {Filename?} Re: Kses for PHP5?
Date: Thu, 27 Jan 2005 10:04:16 -0600 (CST)
From: Chaos.org Webmaster <webfella at chaos.org>
Reply-To: webfella at chaos.org
To: Tony Bibbs <tony at tonybibbs.com>
Warning: This message has had one or more attachments removed
Warning: (php5.class.kses.php).
Warning: Please read the "yoursite-Attachment-Warning.txt" attachment(s) for more information.
| Sorry for the delay. Work keeps getting in myway ;-)
No problem. BTDT.
| I'll be giving your PHP5 version a whirl here pretty quick.
| I'll fire any bugs/feedback, etc to you soon.
Ulf and I are still working on a few things in the process of backcoding
some of the E_STRICT changes I made, along with me waiting for his 0.3
improvements/modifications. So there's no official package to download.
However, I'm sending the PHP5 class version as an attachment. Nothing's
been broken in terms of funtionality, but a couple of methods have been
deprecated. Also, the name of the class has changed from kses to kses5
since I'll be maintaining the PHP4 version (kses4) as well for the
forseeable future. If you're familiar with PhpDocumentor
(http://www.phpdoc.org/), you can create the docs, and see for yourself,
or you can read the comments in the source code.
Hopefully, the next release will have a stronger set of documentation.
Any feedback appreciated,
Richard
--------------040604000504050800050602
Content-Type: text/plain;
name="yoursite-Attachment-Warning.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="yoursite-Attachment-Warning.txt"
This is a message from the MailScanner E-Mail Virus Protection Service
----------------------------------------------------------------------
The original e-mail attachment "php5.class.kses.php"
is on the list of unacceptable attachments for this site and has been
replaced by this warning message.
If you wish to receive a copy of the original attachment, please
e-mail Gray and include the whole of this message in your request.
Date: Thu Jan 27 10:04:18 2005
ID: j0RG4GEe008638
MailScanner: Attempt to hide real filename extension (php5.class.kses.php)
--
Postmaster
--------------040604000504050800050602--
--__--__--
Message: 9
Date: Thu, 27 Jan 2005 11:18:31 -0500
From: Vincent Furia <vfuria at gmail.com>
To: Geeklog Devel <geeklog-devel at lists.geeklog.net>
Subject: [geeklog-devel] PLG_commentPreSave
Reply-To: geeklog-devel at lists.geeklog.net
Trying to understand the entire comment system a bit better as I
refactor all this code...
What is the difference between PLG_commentPreSave and
PLG_checkForSpam? Are both really needed? Is PLG_commentPreSave even
used (or planned to be used) in any plugins. Can people see a need
for it not filled by PLG_checkForSpam?
Thanks,
Vinny
P.S. I'm almost done, just need to take care of this issue and then
work on plugin documentation.
--__--__--
Message: 10
Date: Thu, 27 Jan 2005 10:22:50 -0600
From: Tony Bibbs <tony at tonybibbs.com>
To: geeklog-devel at lists.geeklog.net
Subject: Re: [geeklog-devel] PLG_commentPreSave
Reply-To: geeklog-devel at lists.geeklog.net
Only point I have is on semantics. I know it's only wording so take
this feedback for what it is worth.
Seems PLG_commentPreSave make more sense in how it might be used in a
broader sense. PLG_checkForSpam, IMHO, is too specific. I can see how
people might dream up a need to do some processing before a comment is
saved that may be completely unrelated to spam.
--Tony
Vincent Furia wrote:
>Trying to understand the entire comment system a bit better as I
>refactor all this code...
>
>What is the difference between PLG_commentPreSave and
>PLG_checkForSpam? Are both really needed? Is PLG_commentPreSave even
>used (or planned to be used) in any plugins. Can people see a need
>for it not filled by PLG_checkForSpam?
>
>Thanks,
>Vinny
>
>P.S. I'm almost done, just need to take care of this issue and then
>work on plugin documentation.
>_______________________________________________
>geeklog-devel mailing list
>geeklog-devel at lists.geeklog.net
>http://lists.geeklog.net/listinfo/geeklog-devel
>
>
--__--__--
Message: 11
From: "Blaine Lang" <geeklog at langfamily.ca>
To: <geeklog-devel at lists.geeklog.net>
Subject: Re: [geeklog-devel] PLG_commentPreSave
Date: Thu, 27 Jan 2005 12:00:27 -0500
Reply-To: geeklog-devel at lists.geeklog.net
Vincent Furia wrote:
>What is the difference between PLG_commentPreSave and
>PLG_checkForSpam? Are both really needed?
Dirk, Tom and I talked about this when implementing the new SPAMX API's and
decided that it was best to still have a Non-Spamx API to allow other
plugins to add any other comment related filtering or handling that may be
required.
Blaine
----- Original Message -----
From: "Tony Bibbs" <tony at tonybibbs.com>
To: <geeklog-devel at lists.geeklog.net>
Sent: Thursday, January 27, 2005 11:22 AM
Subject: Re: [geeklog-devel] PLG_commentPreSave
Only point I have is on semantics. I know it's only wording so take
this feedback for what it is worth.
Seems PLG_commentPreSave make more sense in how it might be used in a
broader sense. PLG_checkForSpam, IMHO, is too specific. I can see how
people might dream up a need to do some processing before a comment is
saved that may be completely unrelated to spam.
--Tony
Vincent Furia wrote:
>Trying to understand the entire comment system a bit better as I
>refactor all this code...
>
>What is the difference between PLG_commentPreSave and
>PLG_checkForSpam? Are both really needed? Is PLG_commentPreSave even
>used (or planned to be used) in any plugins. Can people see a need
>for it not filled by PLG_checkForSpam?
>
>Thanks,
>Vinny
>
>P.S. I'm almost done, just need to take care of this issue and then
>work on plugin documentation.
>_______________________________________________
>geeklog-devel mailing list
>geeklog-devel at lists.geeklog.net
>http://lists.geeklog.net/listinfo/geeklog-devel
>
>
_______________________________________________
geeklog-devel mailing list
geeklog-devel at lists.geeklog.net
http://lists.geeklog.net/listinfo/geeklog-devel
--__--__--
Message: 12
From: "Blaine Lang" <geeklog at langfamily.ca>
To: <geeklog-devel at lists.geeklog.net>
Subject: Re: [geeklog-devel] HTTP_Session2
Date: Thu, 27 Jan 2005 12:03:39 -0500
Reply-To: geeklog-devel at lists.geeklog.net
Tony,
We had added SESSION support for GL 1.3.10 and then had to pull it out due
to issues that were appearing from testers.
I wonder if your new version once you have support for non-creole containers
will allow us to revisit the 1.3.X use of SESSIONS again.
Blaine
----- Original Message -----
From: "Tony Bibbs" <tony at tonybibbs.com>
To: <geeklog-devel at lists.geeklog.net>
Sent: Wednesday, January 26, 2005 10:24 PM
Subject: [geeklog-devel] HTTP_Session2
Thanks to help from Justin, I have some alpha code done of
HTTP_Session2. Right now it only supports Creole and, to be nice, I
have to get the other containers working (PEAR::DB, PEAR::MDB, etc).
Anyway, as soon as that is done, I'll be making code changes to
Geeklog-2 to start using it.
I wouldn't suppose anybody would have the hardware and ability to run
load balance Geeklog-2 on two or more web servers, would they?
--Tony
_______________________________________________
geeklog-devel mailing list
geeklog-devel at lists.geeklog.net
http://lists.geeklog.net/listinfo/geeklog-devel
--__--__--
Message: 13
Date: Thu, 27 Jan 2005 11:07:25 -0600
From: Tony Bibbs <tony at tonybibbs.com>
To: geeklog-devel at lists.geeklog.net
Subject: Re: [geeklog-devel] HTTP_Session2
Reply-To: geeklog-devel at lists.geeklog.net
Being I'm the 'main' maintainer of HTTP_Session2 we have the ability to
tweak, fix, improve anything.
Do you remember the specific issues? This would be the time to revisit
that.
--Tony
Blaine Lang wrote:
>Tony,
>
>We had added SESSION support for GL 1.3.10 and then had to pull it out due
>to issues that were appearing from testers.
>I wonder if your new version once you have support for non-creole containers
>will allow us to revisit the 1.3.X use of SESSIONS again.
>
>Blaine
>----- Original Message -----
>From: "Tony Bibbs" <tony at tonybibbs.com>
>To: <geeklog-devel at lists.geeklog.net>
>Sent: Wednesday, January 26, 2005 10:24 PM
>Subject: [geeklog-devel] HTTP_Session2
>
>
>Thanks to help from Justin, I have some alpha code done of
>HTTP_Session2. Right now it only supports Creole and, to be nice, I
>have to get the other containers working (PEAR::DB, PEAR::MDB, etc).
>
>Anyway, as soon as that is done, I'll be making code changes to
>Geeklog-2 to start using it.
>
>I wouldn't suppose anybody would have the hardware and ability to run
>load balance Geeklog-2 on two or more web servers, would they?
>
>--Tony
>_______________________________________________
>geeklog-devel mailing list
>geeklog-devel at lists.geeklog.net
>http://lists.geeklog.net/listinfo/geeklog-devel
>
>_______________________________________________
>geeklog-devel mailing list
>geeklog-devel at lists.geeklog.net
>http://lists.geeklog.net/listinfo/geeklog-devel
>
>
--__--__--
_______________________________________________
geeklog-devel mailing list
geeklog-devel at lists.geeklog.net
http://lists.geeklog.net/listinfo/geeklog-devel
End of geeklog-devel Digest
More information about the geeklog-devtalk
mailing list