From dirk at haun-online.de Sun Feb 1 08:25:19 2004
From: dirk at haun-online.de (Dirk Haun)
Date: Sun, 1 Feb 2004 14:25:19 +0100
Subject: [geeklog-devel] Group Admin revisited
In-Reply-To: <001b01c3e45e$f5135710$640a10ac@XPBL2>
References: <001b01c3e45e$f5135710$640a10ac@XPBL2>
Message-ID: <20040201132519.6026@smtp.haun-online.de>
Just checking if I'm on the right track here ...
So say we're restricting Group Admin such that he can only assign users
to groups of which he himself is a member.
But he can still create new groups. Obviously, he needs to be assigned to
these new groups automatically or he won't be able to assign anyone else
to that group. Correct?
Also, the permissions that can be used for a new group need to be
restricted such that they only list permissions that the Group Admin
already has (through his membership in other groups). Correct?
As I said - just checking. I'm not going to implement this just yet (and
if anyone else wants to do it, feel free to do so ...).
bye, Dirk
--
http://www.haun-online.de/
http://www.haun.info/
From dirk at haun-online.de Sun Feb 1 12:26:11 2004
From: dirk at haun-online.de (Dirk Haun)
Date: Sun, 1 Feb 2004 18:26:11 +0100
Subject: [geeklog-devel] "Default entries are displayed in bold"
In-Reply-To: <20040126220802.9220@smtp.haun-online.de>
References: <20040126220802.9220@smtp.haun-online.de>
Message-ID: <20040201172611.30452@smtp.haun-online.de>
I wrote:
>And while reviewing the code, I keep finding little oddities and bugs
Like this one ...
In your preferences, you have the section entitled "News box
Configuration" where you can deselect blocks if you don't want to see
them. The comment above the list of blocks to select reads
Default entries are displayed in bold.
So why is the "Resources" block listed in bold on geeklog.net? Or the
"Need Help?" block?
Well, it's because in usersettings.php we have this:
$preferences->set_var ('boxes_checklist', COM_checkList ($_TABLES['blocks'],
'bid,title,blockorder', $whereblock, $selectedblocks));
And in COM_checkList, we have this:
if( $A[2] < 10 && $A[2] > 0 )
{
$retval .= '>' . stripslashes( $A[1] ) . ' ' . LB;
}
else
{
$retval .= '>' . stripslashes( $A[1] ) . ' ' . LB;
}
Translation: If the blockorder is lower than 10, then display the block
title in bold.
Ouch.
I've also noticed that COM_checkList does a
if( $table == 'topics'
which won't match on most sites, as the table will be called 'gl_topics'
almost everywhere else (exept on geeklog.net). I'm not even sure what
it's used for ...
Oh well. Just wanted to share my surprise of the day ...
bye, Dirk
--
http://www.haun-online.de/
http://mypod.de/
From geeklog at langfamily.ca Sun Feb 1 12:46:31 2004
From: geeklog at langfamily.ca (Blaine Lang)
Date: Sun, 1 Feb 2004 12:46:31 -0500
Subject: [geeklog-devel] Group Admin revisited
References: <001b01c3e45e$f5135710$640a10ac@XPBL2> <20040201132519.6026@smtp.haun-online.de>
Message-ID: <002501c3e8eb$53a5cfc0$650a10ac@XPBL2>
Dirk,
I think that makes sense.
I wonder if the changes to support this will be restricted to the group
admin script or cascade into other security replated functions. I hope not
but as you know - sometimes these kind of changes unveil existing bugs.
Blaine
----- Original Message -----
From: "Dirk Haun"
To:
Sent: Sunday, February 01, 2004 8:25 AM
Subject: Re: [geeklog-devel] Group Admin revisited
> Just checking if I'm on the right track here ...
>
> So say we're restricting Group Admin such that he can only assign users
> to groups of which he himself is a member.
>
> But he can still create new groups. Obviously, he needs to be assigned to
> these new groups automatically or he won't be able to assign anyone else
> to that group. Correct?
>
> Also, the permissions that can be used for a new group need to be
> restricted such that they only list permissions that the Group Admin
> already has (through his membership in other groups). Correct?
>
> As I said - just checking. I'm not going to implement this just yet (and
> if anyone else wants to do it, feel free to do so ...).
>
> bye, Dirk
>
>
> --
> http://www.haun-online.de/
> http://www.haun.info/
>
> _______________________________________________
> geeklog-devel mailing list
> geeklog-devel at lists.geeklog.net
> http://lists.geeklog.net/listinfo/geeklog-devel
>
From vmf at abtech.org Sun Feb 1 13:25:32 2004
From: vmf at abtech.org (Vincent Furia)
Date: Sun, 01 Feb 2004 13:25:32 -0500
Subject: [geeklog-devel] Group Admin revisited
In-Reply-To: <20040201132519.6026@smtp.haun-online.de>
References: <001b01c3e45e$f5135710$640a10ac@XPBL2> <20040201132519.6026@smtp.haun-online.de>
Message-ID: <401D449C.8060207@abtech.org>
Here is an off the wall idea. It will require quite a bit of rework,
but it may make group administration a bit more intuitive...
Why not add the idea of "ownership" to groups. So that a group has an
owner (user id), a group owner, membership access and anonymous access
(like what is used for story access). Root, the owner or a member of
the "group owner" group can all add or remove users from that group.
The membership access and anonymous access can probably be ignored,
unless someone can think of a good usage for them. (Perhaps only Root
can adjust these "owner" settings, and a check in membership access or
anonymous access can say whether membership group or the anonymous group
are allowed to be assigned to this group?)
Just an idea, seems this way would be more intuitive and easier to
control the power of any group admins.
-Vinny
Dirk Haun wrote:
>Just checking if I'm on the right track here ...
>
>So say we're restricting Group Admin such that he can only assign users
>to groups of which he himself is a member.
>
>But he can still create new groups. Obviously, he needs to be assigned to
>these new groups automatically or he won't be able to assign anyone else
>to that group. Correct?
>
>Also, the permissions that can be used for a new group need to be
>restricted such that they only list permissions that the Group Admin
>already has (through his membership in other groups). Correct?
>
>As I said - just checking. I'm not going to implement this just yet (and
>if anyone else wants to do it, feel free to do so ...).
>
>bye, Dirk
>
>
>
>
From geeklog at langfamily.ca Sun Feb 1 13:38:30 2004
From: geeklog at langfamily.ca (Blaine Lang)
Date: Sun, 1 Feb 2004 13:38:30 -0500
Subject: [geeklog-devel] SR4 Bug -- err so it would appear
Message-ID: <003a01c3e8f2$96914ba0$650a10ac@XPBL2>
The recent posts about Plugin (forum) extra settings not being saved or over-writting other users.
I was looking into it this today and noticed that the UID field in the Edit form -> Account Information is being set to a encrypted 16 char field. To be specific $reqid.
Line 156 of usersettings.php
$preferences->set_var ('uid_value', $reqid);
I believe this is a typo and not some secuity change.
This triggers all sorts of problems that are looking for the UID in the POST_VARS from this form.
Blaine
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From dirk at haun-online.de Sun Feb 1 18:14:17 2004
From: dirk at haun-online.de (Dirk Haun)
Date: Mon, 2 Feb 2004 00:14:17 +0100
Subject: [geeklog-devel] SR4 Bug -- err so it would appear
In-Reply-To: <003a01c3e8f2$96914ba0$650a10ac@XPBL2>
References: <003a01c3e8f2$96914ba0$650a10ac@XPBL2>
Message-ID: <20040201231417.11784@smtp.haun-online.de>
Blaine,
>Line 156 of usersettings.php
> $preferences->set_var ('uid_value', $reqid);
>
>I believe this is a typo and not some secuity change.
No, this was a deliberate change. To quote myself (from geeklog-security):
>I've re-used the hidden "uid" field in the form, so there's no need to
>update the templates. The field wasn't used anyway as the value can't be
>trusted.
You could simply use $_USER['uid'], which has the added advantage that it
can't be manipulated.
bye, Dirk
--
http://www.haun-online.de/
http://www.macosx-faq.de/
From tony at tonybibbs.com Mon Feb 2 10:05:58 2004
From: tony at tonybibbs.com (Tony Bibbs)
Date: Mon, 02 Feb 2004 09:05:58 -0600
Subject: [geeklog-devel] Server changes coming...
In-Reply-To: <20040130190756.19124@smtp.haun-online.de>
References: <40186BA6.4090503@tonybibbs.com> <20040130190756.19124@smtp.haun-online.de>
Message-ID: <401E6756.5090701@tonybibbs.com>
Don't worry about it. I am pretty sure the server geeklog.net runs on
isn't RAID5'd and not having RAID on the box with our CVS bothers me a
bit. I have the temporary server setup...it is a dual pentium pro 200
with 256MB of ram and two 9GB SCSI drives (no raid of any kind). All
the software is installed on it and I have already begun moving stuff
over (starting with my personal stuff). I will save the move of
project.geeklog.net and CVS until last but I'm hoping to have moved
everything by the end of this week. I won't move CVS until I have a
version of it working on the new server via ssh and anonymous pserver
(sigh).
After things are moved to the temporary server I'll then begin
rebuilding the current server to get it ready for the colo. That won't
happen for a couple of weeks and we'll have to repeat this process again.
It's a pain, I know but I'm sure we can do all this with little to no
downtime.
--Tony
Dirk Haun wrote:
> Tony,
>
>
>>In doing this I think
>>we should at least consider if we don't want to move CVS and the project
>>site to Pair. I only mention this because we have a dedicated server
>>for www.geeklog.net and it seems to make sense to have it all on one
>>server (until the MySQL instance dies). Any thoughts?
>
>
> Err, can we even do this? For one, we don't have root access on that
> server and the project site would need postgres installed to run. Similar
> issues with CVS.
>
>
>
>>Also, if we decide to leave things as they are I will have to move CVS
>>and the project site to a temporary server
>
>
> Any idea for how long?
>
> bye, Dirk
>
>
From dirk at haun-online.de Tue Feb 3 13:04:05 2004
From: dirk at haun-online.de (Dirk Haun)
Date: Tue, 3 Feb 2004 19:04:05 +0100
Subject: [geeklog-devel] Search Engine Friendly URLs for Stories
In-Reply-To: <401BD188.90707@abtech.org>
References: <401BD188.90707@abtech.org>
Message-ID: <20040203180405.23112@smtp.haun-online.de>
It works! :-)
64.68.82.38 - - [02/Feb/2004:04:37:51 +0100] "GET /article.php/
20040126211219933 HTTP/1.0" 200 16008 "-" "Googlebot/2.1 (+http://
www.googlebot.com/bot.html)"
64.68.82.7 - - [02/Feb/2004:04:37:52 +0100] "GET /article.php/
20031221195551350 HTTP/1.0" 200 14461 "-" "Googlebot/2.1 (+http://
www.googlebot.com/bot.html)"
These are from the geeklog.info logfiles. AFAICS, this is the first time
that GoogleBot actually touched article.php on that site.
I helped things a bit by making the story title a link to the article
page in the default theme (Simple Orange):
{story_title}
Where the CSS takes away the underlining for the link.
Excellent. Thanks again, Vinny.
bye, Dirk
--
http://www.haun-online.de/
http://geeklog.info/
From dirk at haun-online.de Thu Feb 5 14:44:43 2004
From: dirk at haun-online.de (Dirk Haun)
Date: Thu, 5 Feb 2004 20:44:43 +0100
Subject: [geeklog-devel] Script to update foreign language files
Message-ID: <20040205194443.13749@smtp.haun-online.de>
I've just posted a note over at geeklog-translations announcing the
availability of a script that can update (foreign) language files. It
merges any new strings that have been added to english.php into the other
language file.
http://www.geeklog.net/filemgmt/singlefile.php?lid=290
Just posting this here in case you come across someone looking for
something like this ...
bye, Dirk
--
http://www.haun-online.de/
http://www.tinyweb.de/
From tony at tonybibbs.com Thu Feb 5 20:01:33 2004
From: tony at tonybibbs.com (Tony Bibbs)
Date: Thu, 05 Feb 2004 19:01:33 -0600
Subject: [geeklog-devel] Notice, anonymous CVS, mailing lists and project.geeklog.net will
be unavailable for a short period
Message-ID: <4022E76D.2000207@tonybibbs.com>
I am busy moving our CVS repository, to do this the anonymous CVS access
will be down temporarily. The server is due to go down here anytime in
the next 24hrs and should be back up by Sunday evening sometime.
The reason for the move is our current server is being moved to a higher
speed ISP and before the move the current server will be rebuilt. To do
this CVS must be moved to another, lesser server for a little while.
For the same reasons, the mailing lists and the geeklog project site
will be down.
Thanks for understanding,
--Tony
+-------------------+--------------------------------------------------+
|Tony Bibbs |[R]egardless of what you may think of our penal |
|tony at tonybibbs.com |system, the fact is that every man in jail is one |
| |less potential fisherman to clutter up your |
| |favorite pool or pond. --Ed Zern |
+-------------------+--------------------------------------------------+
From dirk at haun-online.de Sun Feb 8 11:34:52 2004
From: dirk at haun-online.de (Dirk Haun)
Date: Sun, 8 Feb 2004 17:34:52 +0100
Subject: [geeklog-devel] 1.3.9rc1 is nearing ...
Message-ID: <20040208163453.27277@smtp.haun-online.de>
(hmm, I thought the mailing lists were down?)
Gentlemen,
I'm through with adding the parameter checking and I've changed the way
the Group Admin group works (as discussed earlier). Which means that all
the major points from my to-do list are done.
I will be going through the list of open bugs (as far as I have them in
my email database) and my notes to see what is left that should be fixed
/ implemented in this release.
But all in all, it looks like it would be possible to do an 1.3.9rc1
release after the next weekend. So if you have anything left that you
want to see in the next release, please bring it forward now (or wait for
1.3.10 ...).
bye, Dirk
--
http://www.haun-online.de/
http://www.haun.info/
From tony at tonybibbs.com Sun Feb 8 15:48:32 2004
From: tony at tonybibbs.com (Tony Bibbs)
Date: Sun, 08 Feb 2004 14:48:32 -0600
Subject: [geeklog-devel] 1.3.9rc1 is nearing ...
In-Reply-To: <20040208163453.27277@smtp.haun-online.de>
References: <20040208163453.27277@smtp.haun-online.de>
Message-ID: <4026A0A0.7020705@tonybibbs.com>
Well, I was hoping to sneak in the spellchecking feature (disabled by
default). I had it implemented into /admin/story.php and was going to
do it with comments as well. As for other things links, etc. we will
have to figure out an interface for them as they don't have a handy
'preview' interface I can biggy back on. Anyway, your call if it should
be a .9 feature or wait until .10...just let me know.
--Tony
Dirk Haun wrote:
> (hmm, I thought the mailing lists were down?)
>
> Gentlemen,
>
> I'm through with adding the parameter checking and I've changed the way
> the Group Admin group works (as discussed earlier). Which means that all
> the major points from my to-do list are done.
>
> I will be going through the list of open bugs (as far as I have them in
> my email database) and my notes to see what is left that should be fixed
> / implemented in this release.
>
> But all in all, it looks like it would be possible to do an 1.3.9rc1
> release after the next weekend. So if you have anything left that you
> want to see in the next release, please bring it forward now (or wait for
> 1.3.10 ...).
>
> bye, Dirk
>
>
--
+-------------------+--------------------------------------------------+
|Tony Bibbs |[R]egardless of what you may think of our penal |
|tony at tonybibbs.com |system, the fact is that every man in jail is one |
| |less potential fisherman to clutter up your |
| |favorite pool or pond. --Ed Zern |
+-------------------+--------------------------------------------------+
From jens at peino.de Mon Feb 9 07:53:37 2004
From: jens at peino.de (Jens A. Tkotz)
Date: Mon, 9 Feb 2004 13:53:37 +0100
Subject: [geeklog-devel] (no subject)
Message-ID: <20040209135337.0hxpys8ssk00scww@horde.peino.de>
Hello Geeklog Developers,
my Name is Jens Tkotz (aka Tim_j) and a Member of Gallery Developer Team.
Today a user came in our irc Channel and reported something Gallery <-> Geeklog
integration.
So i visited your site and see that there is an existing Modification.
What about integrating your code for integration into official Gallery Code ?
I recently have done the phpBB2 integration and would be happy to do it for
geeklog too.
Please let me/us know if you are interested.
Regards,
Jens
--
_____________________________
Ich sag mal ... Charisma
From geeklog at langfamily.ca Mon Feb 9 14:53:51 2004
From: geeklog at langfamily.ca (Blaine Lang)
Date: Mon, 9 Feb 2004 14:53:51 -0500
Subject: [geeklog-devel] 1.3.9rc1 is nearing ...
References: <20040208163453.27277@smtp.haun-online.de>
Message-ID: <048b01c3ef46$710f6790$650a10ac@XPBL2>
I have a feature that I have been asked to add for a client and will be
working on this week. I'd like to see this added to Geeklog as well and
should have it ready in a few days.
The client wants to be able to auto-archive stories.
- Admin can set archive date
- stories moved to a "archive" topic that may be hidden or restricted
- option to auto delete or archive
- different template used when displaying archived stories.
Are there any concerns about adding this to CVS when comleted?
Do you see any problems or additional features that should be considered?
Blaine
----- Original Message -----
From: "Dirk Haun"
To: "Geeklog"
Sent: Sunday, February 08, 2004 11:34 AM
Subject: [geeklog-devel] 1.3.9rc1 is nearing ...
> (hmm, I thought the mailing lists were down?)
>
> Gentlemen,
>
> I'm through with adding the parameter checking and I've changed the way
> the Group Admin group works (as discussed earlier). Which means that all
> the major points from my to-do list are done.
>
> I will be going through the list of open bugs (as far as I have them in
> my email database) and my notes to see what is left that should be fixed
> / implemented in this release.
>
> But all in all, it looks like it would be possible to do an 1.3.9rc1
> release after the next weekend. So if you have anything left that you
> want to see in the next release, please bring it forward now (or wait for
> 1.3.10 ...).
>
> bye, Dirk
>
>
> --
> http://www.haun-online.de/
> http://www.haun.info/
>
> _______________________________________________
> geeklog-devel mailing list
> geeklog-devel at lists.geeklog.net
> http://lists.geeklog.net/listinfo/geeklog-devel
>
From vmf at abtech.org Mon Feb 9 14:57:24 2004
From: vmf at abtech.org (Vincent Furia)
Date: Mon, 09 Feb 2004 14:57:24 -0500
Subject: [geeklog-devel] 1.3.9rc1 is nearing ...
In-Reply-To: <048b01c3ef46$710f6790$650a10ac@XPBL2>
References: <20040208163453.27277@smtp.haun-online.de> <048b01c3ef46$710f6790$650a10ac@XPBL2>
Message-ID: <4027E624.6060106@abtech.org>
I'd suggest not allowing users to add comments to archived stories.
-Vinny
Blaine Lang wrote:
>I have a feature that I have been asked to add for a client and will be
>working on this week. I'd like to see this added to Geeklog as well and
>should have it ready in a few days.
>
>The client wants to be able to auto-archive stories.
> - Admin can set archive date
> - stories moved to a "archive" topic that may be hidden or restricted
> - option to auto delete or archive
> - different template used when displaying archived stories.
>
>Are there any concerns about adding this to CVS when comleted?
>Do you see any problems or additional features that should be considered?
>
>Blaine
>----- Original Message -----
>From: "Dirk Haun"
>To: "Geeklog"
>Sent: Sunday, February 08, 2004 11:34 AM
>Subject: [geeklog-devel] 1.3.9rc1 is nearing ...
>
>
>
>
>>(hmm, I thought the mailing lists were down?)
>>
>>Gentlemen,
>>
>>I'm through with adding the parameter checking and I've changed the way
>>the Group Admin group works (as discussed earlier). Which means that all
>>the major points from my to-do list are done.
>>
>>I will be going through the list of open bugs (as far as I have them in
>>my email database) and my notes to see what is left that should be fixed
>>/ implemented in this release.
>>
>>But all in all, it looks like it would be possible to do an 1.3.9rc1
>>release after the next weekend. So if you have anything left that you
>>want to see in the next release, please bring it forward now (or wait for
>>1.3.10 ...).
>>
>>bye, Dirk
>>
>>
>>--
>>http://www.haun-online.de/
>>http://www.haun.info/
>>
>>_______________________________________________
>>geeklog-devel mailing list
>>geeklog-devel at lists.geeklog.net
>>http://lists.geeklog.net/listinfo/geeklog-devel
>>
>>
>>
>
>_______________________________________________
>geeklog-devel mailing list
>geeklog-devel at lists.geeklog.net
>http://lists.geeklog.net/listinfo/geeklog-devel
>
>
>
From dirk at haun-online.de Mon Feb 9 15:26:01 2004
From: dirk at haun-online.de (Dirk Haun)
Date: Mon, 9 Feb 2004 21:26:01 +0100
Subject: [geeklog-devel] 1.3.9rc1 is nearing ...
In-Reply-To: <048b01c3ef46$710f6790$650a10ac@XPBL2>
References: <048b01c3ef46$710f6790$650a10ac@XPBL2>
Message-ID: <20040209202601.14347@smtp.haun-online.de>
Blaine,
>Are there any concerns about adding this to CVS when comleted?
Sounds like something that has been requested before, but it also sounds
like a lot of new code. Can we hold this off until 1.3.10?
Maybe we don't need another 7 months until the next release (yeah, 1.3.8
was released on July 17 2003 ...).
bye, Dirk
P.S. Vinny, did you see that Gallery post?
--
http://www.haun-online.de/
http://www.tinyweb.de/
From vmf at abtech.org Mon Feb 9 15:32:20 2004
From: vmf at abtech.org (Vincent Furia)
Date: Mon, 09 Feb 2004 15:32:20 -0500
Subject: [Fwd: Re: [geeklog-devel] (no subject)]
Message-ID: <4027EE54.2040203@abtech.org>
Ooops, somehow the geeklog-devel address got left off my reply post.
-Vinny
-------- Original Message --------
From: - Mon Feb 09 15:09:13 2004
Message-ID: <4027E8E9.2080100 at abtech.org>
Date: Mon, 09 Feb 2004 15:09:13 -0500
From: Vincent Furia
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040113
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: jens at peino.de
CC: gallery-devel at lists.sourceforge.net
Subject: Re: [geeklog-devel] (no subject)
References: <20040209135337.0hxpys8ssk00scww at horde.peino.de>
In-Reply-To: <20040209135337.0hxpys8ssk00scww at horde.peino.de>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Jens,
I am currently the primary maintainer of the Geeklog/Gallery
integration. You're more than welcome to incorporate it into the
official Gallery code (it would certainly save effort on my part). An
"unofficial" gallery release using Gallery 1.4.1-pl1 with alterations to
make it embeddable in Geeklog is avialable from:
http://sourceforge.net/project/showfiles.php?group_id=68255&package_id=69388&release_id=212674
The only problem I forsee with integrating it "officially" is that the
Geeklog version required a few hacks to the core Gallery files. Please
keep me up to date on any progress you make or if you require testers
(they should be pretty easy to recruit).
-Vinny
Jens A. Tkotz wrote:
>Hello Geeklog Developers,
>
>my Name is Jens Tkotz (aka Tim_j) and a Member of Gallery Developer Team.
>
>Today a user came in our irc Channel and reported something Gallery <-> Geeklog
>integration.
>So i visited your site and see that there is an existing Modification.
>
>What about integrating your code for integration into official Gallery Code ?
>I recently have done the phpBB2 integration and would be happy to do it for
>geeklog too.
>
>Please let me/us know if you are interested.
>
>Regards,
>
>Jens
>
>--
>_____________________________
>Ich sag mal ... Charisma
>_______________________________________________
>geeklog-devel mailing list
>geeklog-devel at lists.geeklog.net
>http://lists.geeklog.net/listinfo/geeklog-devel
>
>
>
From geeklog at langfamily.ca Mon Feb 9 15:51:25 2004
From: geeklog at langfamily.ca (Blaine Lang)
Date: Mon, 9 Feb 2004 15:51:25 -0500
Subject: [geeklog-devel] 1.3.9rc1 is nearing ...
References: <048b01c3ef46$710f6790$650a10ac@XPBL2> <20040209202601.14347@smtp.haun-online.de>
Message-ID: <04b701c3ef4e$7bd52680$650a10ac@XPBL2>
Vinny wrote:
> I'd suggest not allowing users to add comments to archived stories.
That makes sense - thanks :)
Dirk wrote:
> Sounds like something that has been requested before, but it also sounds
> like a lot of new code. Can we hold this off until 1.3.10?
I'm hoping it is not a lot of new code but agree it has to hook in a number
of places.
I'm hoping to start on this tonight and get a better sense of it.
My question is really a 2 part one
1) Any concerns about adding this to GL CVS
2) If I get it done this week (may not be possible) could it be added to
1.3.9
If not - are you ok with it being added to GL 1.3.10
Blaine
----- Original Message -----
From: "Dirk Haun"
To:
Sent: Monday, February 09, 2004 3:26 PM
Subject: Re: [geeklog-devel] 1.3.9rc1 is nearing ...
> Blaine,
>
> >Are there any concerns about adding this to CVS when comleted?
>
> Sounds like something that has been requested before, but it also sounds
> like a lot of new code. Can we hold this off until 1.3.10?
>
> Maybe we don't need another 7 months until the next release (yeah, 1.3.8
> was released on July 17 2003 ...).
>
> bye, Dirk
>
> P.S. Vinny, did you see that Gallery post?
>
>
> --
> http://www.haun-online.de/
> http://www.tinyweb.de/
>
> _______________________________________________
> geeklog-devel mailing list
> geeklog-devel at lists.geeklog.net
> http://lists.geeklog.net/listinfo/geeklog-devel
From dirk at haun-online.de Mon Feb 9 16:06:03 2004
From: dirk at haun-online.de (Dirk Haun)
Date: Mon, 9 Feb 2004 22:06:03 +0100
Subject: [geeklog-devel] 1.3.9rc1 is nearing ...
In-Reply-To: <04b701c3ef4e$7bd52680$650a10ac@XPBL2>
References: <04b701c3ef4e$7bd52680$650a10ac@XPBL2>
Message-ID: <20040209210603.342@smtp.haun-online.de>
Blaine,
>My question is really a 2 part one
>1) Any concerns about adding this to GL CVS
No. As I said, we've had requests for this before.
>2) If I get it done this week (may not be possible) could it be added to
>1.3.9
I'm just anxious to get 1.3.9 out of the door and am uncomfortable with
introducing entirely new code at this stage.
>If not - are you ok with it being added to GL 1.3.10
That would be fine with me.
bye, Dirk
--
http://www.haun-online.de/
http://mypod.de/
From slord at marelina.com Mon Feb 9 17:18:13 2004
From: slord at marelina.com (Simon Lord)
Date: Mon, 9 Feb 2004 17:18:13 -0500
Subject: [geeklog-devel] 1.3.9rc1 is nearing ...
In-Reply-To: <20040209210603.342@smtp.haun-online.de>
References: <04b701c3ef4e$7bd52680$650a10ac@XPBL2> <20040209210603.342@smtp.haun-online.de>
Message-ID:
So what the h.e.double hockey sticks are we going to do with the new
theme pages? Before they rot and get outdated? I'm not entirely sure
how we're going to apply them. :P
On Feb 9, 2004, at 4:06 PM, Dirk Haun wrote:
> Blaine,
>
>> My question is really a 2 part one
>> 1) Any concerns about adding this to GL CVS
>
> No. As I said, we've had requests for this before.
>
>
>> 2) If I get it done this week (may not be possible) could it be added
>> to
>> 1.3.9
>
> I'm just anxious to get 1.3.9 out of the door and am uncomfortable with
> introducing entirely new code at this stage.
>
>
>> If not - are you ok with it being added to GL 1.3.10
>
> That would be fine with me.
>
> bye, Dirk
>
>
> --
> http://www.haun-online.de/
> http://mypod.de/
>
> _______________________________________________
> geeklog-devel mailing list
> geeklog-devel at lists.geeklog.net
> http://lists.geeklog.net/listinfo/geeklog-devel
>
>
Sincerely,
Simon
From dirk at haun-online.de Sat Feb 14 14:58:09 2004
From: dirk at haun-online.de (Dirk Haun)
Date: Sat, 14 Feb 2004 20:58:09 +0100
Subject: [geeklog-devel] 1.3.9rc1 is nearing ...
In-Reply-To: <20040208163453.27277@smtp.haun-online.de>
References: <20040208163453.27277@smtp.haun-online.de>
Message-ID: <20040214195809.15146@smtp.haun-online.de>
Things are looking good for 1.3.9rc1.
I'm through with my to-do list (well, the important bits from it - had to
resist the temptation on a few items ;-)
Since the CVS notifications aren't working, I'd like to point out two
important / interesting changes I made:
There is now an option to not stay logged in after your session expires.
The "stay logged in for ..." option is a convenience function, but a
dangerous one these days (as our special friend Jelmer has already
pointed out). Should someone manage to steal your cookies, they could
easily log in to your account.
I hope I didn't break session handling when changing this. Further
testing appreciated ...
Also, I've made a last-minute extension of the plugin API so that plugins
can now add their own entries to the What's New block. I've been wanting
to add this for a long time, but it always seems to slip through the cracks.
I've attached an implementation of the two new functions for the File
Management plugin (pretty much the same code that's already behind the
"New Downloads" block on geeklog.net). Just paste it into your filemgmt/
functions.inc
So what's left to do? More testing, of course. Documentation updates.
Running the language files through my lm.php script. And synching the
German version with CVS.
I'm still aiming at a release on Monday and hope to have a tarball ready
for pre-release testing by tomorrow evening.
I'll keep you posted ...
bye, Dirk
--
http://www.haun-online.de/
http://www.haun.info/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: filmgmt_whatsnew.php.gz
Type: application/x-gzip
Size: 629 bytes
Desc: not available
URL:
From geeklog at langfamily.ca Sun Feb 15 01:33:37 2004
From: geeklog at langfamily.ca (Blaine Lang)
Date: Sun, 15 Feb 2004 01:33:37 -0500
Subject: [geeklog-devel] 1.3.9rc1 is nearing ...
References: <20040208163453.27277@smtp.haun-online.de> <20040214195809.15146@smtp.haun-online.de>
Message-ID: <002001c3f38d$a4914cf0$650a10ac@XPBL2>
Sounds good -- Any idea when CVS will be back online?
* Update on Story Archive Mgmt *
I have completed the modifications to support Archive Mgmt of stories and
have someone else testing it now. I only needed to add one field to the
story table. There already is a statuscode field that was not being used.
You have 2 options now to expire a story
1) Delete upon Expiry or
2) Archive upon Expiry
You need to create a topic that you will use to hold the expired topics and
set it up using a new $_CONF parm:
// Topic ID (tid) that Auto-Archived topics will be moved to at their
expire date
$_CONF['archivetopic'] = 'archive';
You would normally restrict permissions to only story.admin so these stories
and topic will not be accessible.
I also modified COM_article to use a new set of templates so that if you do
want these stories accessible to your members, the template would indicate
they are older stories.
I have not added the logic to disable new comments but that should not be
hard.
Effected files:
index.php
lib-common
admin/story
storyeditor.thtml
Cheers,
Blaine
----- Original Message -----
From: "Dirk Haun"
To:
Sent: Saturday, February 14, 2004 2:58 PM
Subject: Re: [geeklog-devel] 1.3.9rc1 is nearing ...
> Things are looking good for 1.3.9rc1.
>
> I'm through with my to-do list (well, the important bits from it - had to
> resist the temptation on a few items ;-)
>
> Since the CVS notifications aren't working, I'd like to point out two
> important / interesting changes I made:
>
> There is now an option to not stay logged in after your session expires.
> The "stay logged in for ..." option is a convenience function, but a
> dangerous one these days (as our special friend Jelmer has already
> pointed out). Should someone manage to steal your cookies, they could
> easily log in to your account.
>
> I hope I didn't break session handling when changing this. Further
> testing appreciated ...
>
>
> Also, I've made a last-minute extension of the plugin API so that plugins
> can now add their own entries to the What's New block. I've been wanting
> to add this for a long time, but it always seems to slip through the
cracks.
>
> I've attached an implementation of the two new functions for the File
> Management plugin (pretty much the same code that's already behind the
> "New Downloads" block on geeklog.net). Just paste it into your filemgmt/
> functions.inc
>
>
> So what's left to do? More testing, of course. Documentation updates.
> Running the language files through my lm.php script. And synching the
> German version with CVS.
>
> I'm still aiming at a release on Monday and hope to have a tarball ready
> for pre-release testing by tomorrow evening.
>
> I'll keep you posted ...
>
> bye, Dirk
>
>
> --
> http://www.haun-online.de/
> http://www.haun.info/
From dirk at haun-online.de Sun Feb 15 04:01:15 2004
From: dirk at haun-online.de (Dirk Haun)
Date: Sun, 15 Feb 2004 10:01:15 +0100
Subject: [geeklog-devel] 1.3.9rc1 is nearing ...
In-Reply-To: <002001c3f38d$a4914cf0$650a10ac@XPBL2>
References: <002001c3f38d$a4914cf0$650a10ac@XPBL2>
Message-ID: <20040215090115.16901@smtp.haun-online.de>
Blaine,
>Sounds good -- Any idea when CVS will be back online?
CVS _is_ online, including the web frontend. The only thing that's not
working are the notification emails.
bye, Dirk
--
http://www.haun-online.de/
http://www.haun.info/
From dirk at haun-online.de Sun Feb 15 16:16:36 2004
From: dirk at haun-online.de (Dirk Haun)
Date: Sun, 15 Feb 2004 22:16:36 +0100
Subject: [geeklog-devel] 1.3.9rc1 is nearing ...
In-Reply-To: <20040214195809.15146@smtp.haun-online.de>
References: <20040214195809.15146@smtp.haun-online.de>
Message-ID: <20040215211636.17716@smtp.haun-online.de>
Here it is then:
http://www.geeklog.net/nightly/geeklog-1.3.9rc1.tar.gz
If I don't hear any complaints, I'll install it on geeklog.net after work
tomorrow and release it.
bye, Dirk
--
http://www.haun-online.de/
http://www.haun.info/
From dirk at haun-online.de Mon Feb 16 15:17:31 2004
From: dirk at haun-online.de (Dirk Haun)
Date: Mon, 16 Feb 2004 21:17:31 +0100
Subject: [geeklog-devel] geeklog.net running on 1.3.9rc1
Message-ID: <20040216201731.31903@smtp.haun-online.de>
Okay, I messed up things a little while upgrading geeklog.net :-(
I accidentally deleted both the lib-custom.php and the forum themes.
I've recovered the Shoutbox and Who's New blocks from some posts on
geeklog.net and the Theme Tester block is now the one that I'm using on
geeklog.info (which one did we use before?).
I don't have the source for the Stats block (Blaine?). The New Downloads
block won't be missed, I guess, as I installed the extension for the File
Management plugin that I posted here a few days ago (using 1.3.9's
extended plugin API).
As for the forum themes: I downloaded the forum 2.3rc3 from
portalparts.com and used the theme files from that file. Blaine, are
there any differences?
Time to think about doing automatic updates of our customizations, I guess ...
bye, Dirk
--
http://www.haun-online.de/
http://mypod.de/
From geeklog at langfamily.ca Mon Feb 16 15:48:21 2004
From: geeklog at langfamily.ca (Blaine Lang)
Date: Mon, 16 Feb 2004 15:48:21 -0500
Subject: [geeklog-devel] geeklog.net running on 1.3.9rc1
References: <20040216201731.31903@smtp.haun-online.de>
Message-ID: <011701c3f4ce$36fb1210$650a10ac@XPBL2>
Dirk,
The Forum templates from RC3 should be fine. I just updated all the themes
style.css files on geeklog.net to add the forum css. I'll have to edit the
colors later.
I also added the code for the stats block and enabled it.
Blaine
----- Original Message -----
From: "Dirk Haun"
To:
Sent: Monday, February 16, 2004 3:17 PM
Subject: [geeklog-devel] geeklog.net running on 1.3.9rc1
> Okay, I messed up things a little while upgrading geeklog.net :-(
>
> I accidentally deleted both the lib-custom.php and the forum themes.
>
> I've recovered the Shoutbox and Who's New blocks from some posts on
> geeklog.net and the Theme Tester block is now the one that I'm using on
> geeklog.info (which one did we use before?).
>
> I don't have the source for the Stats block (Blaine?). The New Downloads
> block won't be missed, I guess, as I installed the extension for the File
> Management plugin that I posted here a few days ago (using 1.3.9's
> extended plugin API).
>
> As for the forum themes: I downloaded the forum 2.3rc3 from
> portalparts.com and used the theme files from that file. Blaine, are
> there any differences?
>
> Time to think about doing automatic updates of our customizations, I guess
...
>
> bye, Dirk
>
>
> --
> http://www.haun-online.de/
> http://mypod.de/
>
> _______________________________________________
> geeklog-devel mailing list
> geeklog-devel at lists.geeklog.net
> http://lists.geeklog.net/listinfo/geeklog-devel
>
From dirk at haun-online.de Mon Feb 16 17:04:23 2004
From: dirk at haun-online.de (Dirk Haun)
Date: Mon, 16 Feb 2004 23:04:23 +0100
Subject: [geeklog-devel] geeklog.net running on 1.3.9rc1
In-Reply-To: <011701c3f4ce$36fb1210$650a10ac@XPBL2>
References: <011701c3f4ce$36fb1210$650a10ac@XPBL2>
Message-ID: <20040216220423.21286@smtp.haun-online.de>
>The Forum templates from RC3 should be fine. I just updated all the themes
>style.css files on geeklog.net to add the forum css. I'll have to edit the
>colors later.
>
>I also added the code for the stats block and enabled it.
Thanks, Blaine. And sorry about that ...
bye, Dirk
--
http://www.haun-online.de/
http://geeklog.info/
From tony at tonybibbs.com Mon Feb 16 22:33:19 2004
From: tony at tonybibbs.com (Tony Bibbs)
Date: Mon, 16 Feb 2004 21:33:19 -0600
Subject: [geeklog-devel] geeklog.net running on 1.3.9rc1
In-Reply-To: <20040216220423.21286@smtp.haun-online.de>
References: <011701c3f4ce$36fb1210$650a10ac@XPBL2> <20040216220423.21286@smtp.haun-online.de>
Message-ID: <40318B7F.3080001@tonybibbs.com>
Any chance of turning on the URL rewriting on geeklog.net? It's a
feature I think that would help people find us better *and* it is one
that I personally have been waiting for.
Might as well show off that work.
--Tony
Dirk Haun wrote:
>>The Forum templates from RC3 should be fine. I just updated all the themes
>>style.css files on geeklog.net to add the forum css. I'll have to edit the
>>colors later.
>>
>>I also added the code for the stats block and enabled it.
>
>
> Thanks, Blaine. And sorry about that ...
>
> bye, Dirk
>
>
From dirk at haun-online.de Tue Feb 17 17:55:31 2004
From: dirk at haun-online.de (Dirk Haun)
Date: Tue, 17 Feb 2004 23:55:31 +0100
Subject: [geeklog-devel] The first 1.3.9rc1 bugs are in ...
Message-ID: <20040217225532.1493@smtp.haun-online.de>
1. PATH_SEPARATOR is only defined as of PHP 4.3.0 - any older versions
will have the actual text "PATH_SEPARATOR" in the path ...
Affects the ini_set call for the path to PEAR in lib-common.php. Needs a
workaround, something like
if( defined( PATH_SEPARATOR )) {
// use it
} else {
// try to guess it
}
2. function COM_getComment() needs a
$template->set_var( 'order', $order );
3. (reported by Turias over on the contact-us list):
>You probably already know this, but it appears as though threaded
>comments are broken. Clicking on a non-root level comment brings up a
>blank screen.
Actually, I think it only happens with the very last comment in each thread.
Vinny, is this (#3) something you could be looking into?
bye, Dirk
--
http://www.haun-online.de/
http://www.tinyweb.de/
From vmf at abtech.org Tue Feb 17 20:22:38 2004
From: vmf at abtech.org (Vincent Furia)
Date: Tue, 17 Feb 2004 20:22:38 -0500
Subject: [geeklog-devel] The first 1.3.9rc1 bugs are in ...
In-Reply-To: <20040217225532.1493@smtp.haun-online.de>
References: <20040217225532.1493@smtp.haun-online.de>
Message-ID: <4032BE5E.2080408@abtech.org>
Dirk Haun wrote:
>3. (reported by Turias over on the contact-us list):
>
>
>>You probably already know this, but it appears as though threaded
>>comments are broken. Clicking on a non-root level comment brings up a
>>blank screen.
>>
>>
>
>Actually, I think it only happens with the very last comment in each thread.
>
>Vinny, is this (#3) something you could be looking into?
>
>bye, Dirk
>
>
>
>
Ooops. Looks like a small mistake got thrown in. Change is in
lib-common.php around line 2678:
This line:
$template->set_var( 'pid', $A['cid'] );
Should be:
$template->set_var( 'pid', $A['pid'] );
-Vinny
From dirk at haun-online.de Wed Feb 18 02:10:41 2004
From: dirk at haun-online.de (Dirk Haun)
Date: Wed, 18 Feb 2004 08:10:41 +0100
Subject: [geeklog-devel] The first 1.3.9rc1 bugs are in ...
In-Reply-To: <4032BE5E.2080408@abtech.org>
References: <4032BE5E.2080408@abtech.org>
Message-ID: <20040218071041.17341@smtp.haun-online.de>
Vinny,
>Ooops. Looks like a small mistake got thrown in. Change is in
>lib-common.php around line 2678:
>This line:
> $template->set_var( 'pid', $A['cid'] );
>Should be:
> $template->set_var( 'pid', $A['pid'] );
Applied on geeklog.net, looking good. Thanks.
bye, Dirk
--
http://www.haun-online.de/
http://www.haun.info/
From vmf at abtech.org Wed Feb 18 10:21:50 2004
From: vmf at abtech.org (Vincent Furia)
Date: Wed, 18 Feb 2004 10:21:50 -0500
Subject: [geeklog-devel] The first 1.3.9rc1 bugs are in ...
In-Reply-To: <20040218071041.17341@smtp.haun-online.de>
References: <4032BE5E.2080408@abtech.org> <20040218071041.17341@smtp.haun-online.de>
Message-ID: <4033830E.6010106@abtech.org>
OKay,
Found a slightly deeper problem that is all tied up in this. With the
below change the reply-to-link is now broken (it responds to the
comment/story an extra level up).
The easy way to change this is to add a line:
$template->set_var( 'cid', $A['cid'] );
to the comment function and then change the themes (comment.thtml) so
that the reply-to-link has "pid={cid}".
The better fix is to add a reply_to_link theme variable (along with
theme variables for the other links that the comments have) and
eliminate the 'extra' theme variables.
If you give me some guidance on how you want to handle this I can code
up the changes. Write cvs access would be convenient at this point. ;)
Another minor issue is that the "parent" link is missing when browsing
non-top-level comments in threaded mode. This should be easy to add.
-Vinny
Dirk Haun wrote:
> Vinny,
>
>
>>Ooops. Looks like a small mistake got thrown in. Change is in
>>lib-common.php around line 2678:
>>This line:
>> $template->set_var( 'pid', $A['cid'] );
>>Should be:
>> $template->set_var( 'pid', $A['pid'] );
>
>
> Applied on geeklog.net, looking good. Thanks.
>
> bye, Dirk
>
>
From dirk at haun-online.de Wed Feb 18 13:37:26 2004
From: dirk at haun-online.de (Dirk Haun)
Date: Wed, 18 Feb 2004 19:37:26 +0100
Subject: [geeklog-devel] The first 1.3.9rc1 bugs are in ...
In-Reply-To: <4033830E.6010106@abtech.org>
References: <4033830E.6010106@abtech.org>
Message-ID: <20040218183727.26977@smtp.haun-online.de>
Vinny,
>Found a slightly deeper problem that is all tied up in this. With the
>below change the reply-to-link is now broken (it responds to the
>comment/story an extra level up).
Yep, noticed this as well.
>If you give me some guidance on how you want to handle this I can code
>up the changes.
I would have preferred a solution that didn't require theme changes, but
if that's not possible, I leave it up to you to decide.
>Write cvs access would be convenient at this point. ;)
Agreed. Tony?
bye, Dirk
--
http://www.haun-online.de/
http://www.tinyweb.de/
From dirk at haun-online.de Wed Feb 18 13:43:16 2004
From: dirk at haun-online.de (Dirk Haun)
Date: Wed, 18 Feb 2004 19:43:16 +0100
Subject: [geeklog-devel] The first 1.3.9rc1 bugs are in ...
In-Reply-To: <20040217225532.1493@smtp.haun-online.de>
References: <20040217225532.1493@smtp.haun-online.de>
Message-ID: <20040218184316.22411@smtp.haun-online.de>
I'm a bit short on time this week, so I try to delegate as much as
possible ;-)
Next person on my list: Blaine.
I've received a report from someone who has a lot of blocks on his site.
Apparantly, since the new block list code will number them in steps of
10, it will eventually come up with block order numbers in the 300s. But
Geeklog only allows order numbers up to 255.
I'd prefer a solution that doesn't require theme and database changes,
but if that's not possible or would require too much work, then so be it ...
bye, Dirk
--
http://www.haun-online.de/
http://mypod.de/
From dirk at haun-online.de Wed Feb 18 14:29:54 2004
From: dirk at haun-online.de (Dirk Haun)
Date: Wed, 18 Feb 2004 20:29:54 +0100
Subject: [geeklog-devel] MySQL issue / table lockups
Message-ID: <20040218192954.613@smtp.haun-online.de>
Here's some other issue altogether, slighlty edited from IRC:
I have noticed that the hit couter can lock the whole stories table
when viewing the story
what happens when you have large number of stories and someone
performs a search
is that update gets locked
then everything behind the update gets locked
so, basically a long search on an active site can lock the
whole site
it can be solved in 2 ways
changing the stories table type to innodb
or, what I have been doing, splitting the table
a stories and a stories_stat
the stories table is myisam so I an use fulltext indexing and
the stat table is innodb to prevent locks
I see - innodb is supported in MySQL since when?
late 3
I ubderstand the problem of supporting install on ISP's with
old setups
mysql.com isn't very clear on the version number for innodb
support. it mentions 3.23.34a but the wording indicates it may not have
been availabe in default installs right away ...
we have user with versions down to 3.22.something :-/
that may be, I seem to remember having to dl the max install to
get it originally
or something like that
yeah, that is unfortunate
maybe an install option for those that know they have innodb
installed
to set table types on appropriate tables
but maybe putting all the stats into a separate table would be
a way around it - those that run into the problem could then change the
type of the table
exactly
shouldn't affect anything
coul dbe posted as a note for performance on large systems
k, stuff to think about for 1.3.10 :P
so far that is the only scalability issue I have come across
Comments?
bye, Dirk
--
http://www.haun-online.de/
http://geeklog.info/
From tony at tonybibbs.com Wed Feb 18 16:36:27 2004
From: tony at tonybibbs.com (Tony Bibbs)
Date: Wed, 18 Feb 2004 15:36:27 -0600
Subject: [geeklog-devel] MySQL issue / table lockups
In-Reply-To: <20040218192954.613@smtp.haun-online.de>
References: <20040218192954.613@smtp.haun-online.de>
Message-ID: <4033DADB.9010601@tonybibbs.com>
Any reason why we don't ship new GL installs with option of Innodb or
MyISAM with a default of Innodb? Or to be even slicker, once we know
what version of MySQL supported Innodb we can query it before creating
any new tables and figure it out on the fly.
--Tony
Dirk Haun wrote:
> Here's some other issue altogether, slighlty edited from IRC:
>
> I have noticed that the hit couter can lock the whole stories table
> when viewing the story
> what happens when you have large number of stories and someone
> performs a search
> is that update gets locked
> then everything behind the update gets locked
> so, basically a long search on an active site can lock the
> whole site
> it can be solved in 2 ways
> changing the stories table type to innodb
> or, what I have been doing, splitting the table
> a stories and a stories_stat
> the stories table is myisam so I an use fulltext indexing and
> the stat table is innodb to prevent locks
> I see - innodb is supported in MySQL since when?
> late 3
> I ubderstand the problem of supporting install on ISP's with
> old setups
> mysql.com isn't very clear on the version number for innodb
> support. it mentions 3.23.34a but the wording indicates it may not have
> been availabe in default installs right away ...
> we have user with versions down to 3.22.something :-/
> that may be, I seem to remember having to dl the max install to
> get it originally
> or something like that
> yeah, that is unfortunate
> maybe an install option for those that know they have innodb
> installed
> to set table types on appropriate tables
> but maybe putting all the stats into a separate table would be
> a way around it - those that run into the problem could then change the
> type of the table
> exactly
> shouldn't affect anything
> coul dbe posted as a note for performance on large systems
> k, stuff to think about for 1.3.10 :P
> so far that is the only scalability issue I have come across
>
> Comments?
>
> bye, Dirk
>
>
From geeklog at langfamily.ca Wed Feb 18 20:06:18 2004
From: geeklog at langfamily.ca (Blaine Lang)
Date: Wed, 18 Feb 2004 20:06:18 -0500
Subject: [geeklog-devel] The first 1.3.9rc1 bugs are in ...
References: <20040217225532.1493@smtp.haun-online.de> <20040218184316.22411@smtp.haun-online.de>
Message-ID: <007d01c3f684$94cfd3f0$650a10ac@XPBL2>
Well we could change the interval but I like 10 :)
Only 2 options - change the interval or change the field type that I see.
It could be changed to use 2 as the interval and that still allows someone
to manually enter a number to fit between 2 blocks.
Blaine
----- Original Message -----
From: "Dirk Haun"
To:
Sent: Wednesday, February 18, 2004 1:43 PM
Subject: Re: [geeklog-devel] The first 1.3.9rc1 bugs are in ...
> I'm a bit short on time this week, so I try to delegate as much as
> possible ;-)
>
> Next person on my list: Blaine.
>
> I've received a report from someone who has a lot of blocks on his site.
> Apparantly, since the new block list code will number them in steps of
> 10, it will eventually come up with block order numbers in the 300s. But
> Geeklog only allows order numbers up to 255.
>
> I'd prefer a solution that doesn't require theme and database changes,
> but if that's not possible or would require too much work, then so be it
...
>
> bye, Dirk
>
>
> --
> http://www.haun-online.de/
> http://mypod.de/
>
> _______________________________________________
> geeklog-devel mailing list
> geeklog-devel at lists.geeklog.net
> http://lists.geeklog.net/listinfo/geeklog-devel
From tony at tonybibbs.com Thu Feb 19 07:56:01 2004
From: tony at tonybibbs.com (Tony Bibbs)
Date: Thu, 19 Feb 2004 06:56:01 -0600
Subject: [geeklog-devel] The first 1.3.9rc1 bugs are in ...
In-Reply-To: <20040218183727.26977@smtp.haun-online.de>
References: <4033830E.6010106@abtech.org> <20040218183727.26977@smtp.haun-online.de>
Message-ID: <4034B261.8040803@tonybibbs.com>
Vinny, you have an email with your CVS account info.
--Tony
Dirk Haun wrote:
> Vinny,
>
>
>>Found a slightly deeper problem that is all tied up in this. With the
>>below change the reply-to-link is now broken (it responds to the
>>comment/story an extra level up).
>
>
> Yep, noticed this as well.
>
>
>
>>If you give me some guidance on how you want to handle this I can code
>>up the changes.
>
>
> I would have preferred a solution that didn't require theme changes, but
> if that's not possible, I leave it up to you to decide.
>
>
>
>>Write cvs access would be convenient at this point. ;)
>
>
> Agreed. Tony?
>
> bye, Dirk
>
>
From tony at tonybibbs.com Thu Feb 19 07:58:08 2004
From: tony at tonybibbs.com (Tony Bibbs)
Date: Thu, 19 Feb 2004 06:58:08 -0600
Subject: [geeklog-devel] The first 1.3.9rc1 bugs are in ...
In-Reply-To: <007d01c3f684$94cfd3f0$650a10ac@XPBL2>
References: <20040217225532.1493@smtp.haun-online.de> <20040218184316.22411@smtp.haun-online.de> <007d01c3f684$94cfd3f0$650a10ac@XPBL2>
Message-ID: <4034B2E0.9080205@tonybibbs.com>
I tend to order my blocks in increments of ten as well. Just a
preference so I'd vote for the db change since that seem like the
'right' way though I do appreciate the hassle that creates.
Blaine Lang wrote:
> Well we could change the interval but I like 10 :)
> Only 2 options - change the interval or change the field type that I see.
>
> It could be changed to use 2 as the interval and that still allows someone
> to manually enter a number to fit between 2 blocks.
>
> Blaine
> ----- Original Message -----
> From: "Dirk Haun"
> To:
> Sent: Wednesday, February 18, 2004 1:43 PM
> Subject: Re: [geeklog-devel] The first 1.3.9rc1 bugs are in ...
>
>
>
>>I'm a bit short on time this week, so I try to delegate as much as
>>possible ;-)
>>
>>Next person on my list: Blaine.
>>
>>I've received a report from someone who has a lot of blocks on his site.
>>Apparantly, since the new block list code will number them in steps of
>>10, it will eventually come up with block order numbers in the 300s. But
>>Geeklog only allows order numbers up to 255.
>>
>>I'd prefer a solution that doesn't require theme and database changes,
>>but if that's not possible or would require too much work, then so be it
>
> ...
>
>>bye, Dirk
>>
>>
>>--
>>http://www.haun-online.de/
>>http://mypod.de/
>>
>>_______________________________________________
>>geeklog-devel mailing list
>>geeklog-devel at lists.geeklog.net
>>http://lists.geeklog.net/listinfo/geeklog-devel
>
>
> _______________________________________________
> geeklog-devel mailing list
> geeklog-devel at lists.geeklog.net
> http://lists.geeklog.net/listinfo/geeklog-devel
From tony at tonybibbs.com Fri Feb 20 09:15:03 2004
From: tony at tonybibbs.com (Tony Bibbs)
Date: Fri, 20 Feb 2004 08:15:03 -0600
Subject: [geeklog-devel] Spam to members of lists
Message-ID: <40361667.4000503@tonybibbs.com>
I got this complaint today:
Tony,
I joined geeklog-users a little more than a week ago using newly created
email
addresses and posted only twice, and already I received two spam emails
today
to the new addresses (one of the addresses appears only in the Received
header
).
Either the spammer is a member of the list and receives emails with the full
headers, or a list member's computer is infected and collects addresses.
I know how seriously you and the development team of Geeklog think about
security. I would like to ask your help to consider what could be done
to stop
spammers from collecting email addresses from geeklog lists. Right now I'm
having second thoughts about publicly contributing to the development
(at least
not without stripping some mail headers).
FYI below are transcripts of the blocked SPAM going to these two email
addresses. They were received 1 second apart from two different IP
addresses.
sincerely,
Drago Goricanec
I then reviewed the privacy options and the only thing I see that we can
do to fix this is set the very last option, "Hide the sender of a
message, replacing it with the list address (Removes From, Sender and
Reply-To fields)" to 'yes'.
I think spam is enough of a problem where we should simply turn this off
but I wanted to make sure I wasn't forgetting something because all this
rings a bell with a situation way back when we were addressing this last.
...which reminds me I should probably upgrade mailman to see if we don't
get some new anti-spam features (i.e. baysian filters, etc)
Thoughts?
--Tony
From vmf at abtech.org Fri Feb 20 10:31:04 2004
From: vmf at abtech.org (Vincent Furia)
Date: Fri, 20 Feb 2004 10:31:04 -0500
Subject: [geeklog-devel] Spam to members of lists
In-Reply-To: <40361667.4000503@tonybibbs.com>
References: <40361667.4000503@tonybibbs.com>
Message-ID: <40362838.7030706@abtech.org>
Tony,
We have gone through this before. Last time we switched many people
(including myself) complained that not having the email addresses of the
people sending emails to the list was a major PITA when it came to
keeping track of who said what. This is especially true since many
people don't sign their email.
I'd rather put up with a bit of SPAM (which SPAM filters can catch) then
have to figure out from context who was sending a message to the mailing
list. Also I like to be able to email people directly (especially for
some of the questions that pop-up on geeklog-users).
Note that the SPAMers could have gotten his email by scouring the
archive. Some people do a reply-to that includes something like:
joe at some.email.com said:
Which doesn't get filtered and an email address winds up on the lists
archive web pages to be grabbed by SPAM bots. Maybe there is a way to
filter email addresses out of the body of messages before they posted to
the archive?
-Vinny
Tony Bibbs wrote:
> I got this complaint today:
>
>
> Tony,
>
> I joined geeklog-users a little more than a week ago using newly created
> email
> addresses and posted only twice, and already I received two spam emails
> today
> to the new addresses (one of the addresses appears only in the Received
> header
> ).
>
> Either the spammer is a member of the list and receives emails with the
> full
> headers, or a list member's computer is infected and collects addresses.
>
> I know how seriously you and the development team of Geeklog think about
> security. I would like to ask your help to consider what could be done
> to stop
> spammers from collecting email addresses from geeklog lists. Right now I'm
> having second thoughts about publicly contributing to the development
> (at least
> not without stripping some mail headers).
>
> FYI below are transcripts of the blocked SPAM going to these two email
> addresses. They were received 1 second apart from two different IP
> addresses.
>
> sincerely,
> Drago Goricanec
>
>
> I then reviewed the privacy options and the only thing I see that we can
> do to fix this is set the very last option, "Hide the sender of a
> message, replacing it with the list address (Removes From, Sender and
> Reply-To fields)" to 'yes'.
>
> I think spam is enough of a problem where we should simply turn this off
> but I wanted to make sure I wasn't forgetting something because all this
> rings a bell with a situation way back when we were addressing this last.
>
> ...which reminds me I should probably upgrade mailman to see if we don't
> get some new anti-spam features (i.e. baysian filters, etc)
>
> Thoughts?
>
> --Tony
> _______________________________________________
> geeklog-devel mailing list
> geeklog-devel at lists.geeklog.net
> http://lists.geeklog.net/listinfo/geeklog-devel
>
From dirk at haun-online.de Fri Feb 20 13:45:53 2004
From: dirk at haun-online.de (Dirk Haun)
Date: Fri, 20 Feb 2004 19:45:53 +0100
Subject: [geeklog-devel] Spam to members of lists
In-Reply-To: <40362838.7030706@abtech.org>
References: <40362838.7030706@abtech.org>
Message-ID: <20040220184553.8017@smtp.haun-online.de>
Vinny wrote:
>Note that the SPAMers could have gotten his email by scouring the
>archive. Some people do a reply-to that includes something like:
>
> joe at some.email.com said:
I found the two posts by Drago. Tony responded to both of them, but
without quoting his email address. There were no other replies. A search
for Drago's email address (in my local mail database) only returns his
own posts. So that's not the way the address got out.
Of course, everyone else on the list has his email address on their PC as
well and if they caught a virus, for example, it's possible that the
address got out that way (e.g. used as a fake return address).
>Maybe there is a way to
>filter email addresses out of the body of messages before they posted to
>the archive?
That would still be a good idea.
bye, Dirk
--
http://www.haun-online.de/
http://geeklog.info/
From vmf at abtech.org Fri Feb 20 20:29:18 2004
From: vmf at abtech.org (Vincent Furia)
Date: Fri, 20 Feb 2004 20:29:18 -0500
Subject: [geeklog-devel] COM_extractlinks
Message-ID: <4036B46E.6040808@abtech.org>
I noticed this post in the Forum:
http://www.geeklog.net/forum/viewtopic.php?forum=10&showtopic=30857
You probably don't want to go with (quite) what the suggestion there is
(due to problems the author states). But the function getting confused
by the image tags is Not A Good Thing. (-rc2 perhaps?)
I'll fix this if no one else wants to. I'll just need to brush up on my
regexs a bit first.
-Vinny
From vmf at abtech.org Fri Feb 20 21:59:10 2004
From: vmf at abtech.org (Vincent Furia)
Date: Fri, 20 Feb 2004 21:59:10 -0500
Subject: [geeklog-devel] comment.php
Message-ID: <4036C97E.7000603@abtech.org>
In 1.3.8, when displaying comments using comment.php (?mode=display) GL
would assume threaded mode. This made sense since the other comment
modes (nested, flat) can display all the comments on a single page
without needing a click through to see more comments.
In 1.3.9's comment.php we are setting the comment mode (threaded,
nested, etc) to the user's choice or the default value. Unfortunately
if a user has his prefs set to 'nested' but then uses the title bar to
select 'threaded' and then clicks on a threaded comment it causes the
comment to display as his preferenced value.
So I guess I'm asking is what is the desired behavior here? Should
comment.php only be used to display threaded comments (notice the code
to display in comment.php takes a 'pid' rather than a 'cid' to display
all the children of a parent - but not the parent, rather than a
particular comment and its children). Or should it use whatever the
user's preferences indicate (overriding a previous commentbar choice).
Or should it 1st go by choice, then preference? Or something else...
After that question is answered here is an related enhancement for
comment.php that we may consider looking at: we can add a bit of logic
to display a comment based on 'cid' (along with its children) in
addition to the current display by parent ('pid'). This would allow
users to link to a particular comment in a story/poll/plugin/etc.
Have enough time to think about all that? Once you have my opinion
(vote?) is below.
/////////////////////
My opinion: I think the comment.php display as it is ('pid') should
only be available in threaded comments. It doesn't make much sense to
have it for nested or flat comments. I like the idea of being able to
link to a particular comment, so I'd vote yes for that feature
(available in any comment mode).
I'll code it all up once the votes are in. Also if you vote yes the
display by 'cid' should it be in 1.3.9 or should it wait for 1.3.10.
-Vinny
From geeklog at langfamily.ca Fri Feb 20 23:44:49 2004
From: geeklog at langfamily.ca (Blaine Lang)
Date: Fri, 20 Feb 2004 23:44:49 -0500
Subject: [geeklog-devel] comment.php
References: <4036C97E.7000603@abtech.org>
Message-ID: <001401c3f835$7036a390$650a10ac@XPBL2>
What I see is that nested looks like flat mode now.
I've tried setting my preference to nested and threaded and really did not
see a difference when viewing comments in nested mode. They always appeared
as flat. Nested used to have the threaded look but would expand out all the
comments.
Example story with 50 comments:
http://www.geeklog.net/article.php?story=20021208122743130
Blaine
----- Original Message -----
From: "Vincent Furia"
To:
Sent: Friday, February 20, 2004 9:59 PM
Subject: [geeklog-devel] comment.php
> In 1.3.8, when displaying comments using comment.php (?mode=display) GL
> would assume threaded mode. This made sense since the other comment
> modes (nested, flat) can display all the comments on a single page
> without needing a click through to see more comments.
>
> In 1.3.9's comment.php we are setting the comment mode (threaded,
> nested, etc) to the user's choice or the default value. Unfortunately
> if a user has his prefs set to 'nested' but then uses the title bar to
> select 'threaded' and then clicks on a threaded comment it causes the
> comment to display as his preferenced value.
>
> So I guess I'm asking is what is the desired behavior here? Should
> comment.php only be used to display threaded comments (notice the code
> to display in comment.php takes a 'pid' rather than a 'cid' to display
> all the children of a parent - but not the parent, rather than a
> particular comment and its children). Or should it use whatever the
> user's preferences indicate (overriding a previous commentbar choice).
> Or should it 1st go by choice, then preference? Or something else...
>
> After that question is answered here is an related enhancement for
> comment.php that we may consider looking at: we can add a bit of logic
> to display a comment based on 'cid' (along with its children) in
> addition to the current display by parent ('pid'). This would allow
> users to link to a particular comment in a story/poll/plugin/etc.
>
> Have enough time to think about all that? Once you have my opinion
> (vote?) is below.
>
> /////////////////////
>
> My opinion: I think the comment.php display as it is ('pid') should
> only be available in threaded comments. It doesn't make much sense to
> have it for nested or flat comments. I like the idea of being able to
> link to a particular comment, so I'd vote yes for that feature
> (available in any comment mode).
>
> I'll code it all up once the votes are in. Also if you vote yes the
> display by 'cid' should it be in 1.3.9 or should it wait for 1.3.10.
>
> -Vinny
> _______________________________________________
> geeklog-devel mailing list
> geeklog-devel at lists.geeklog.net
> http://lists.geeklog.net/listinfo/geeklog-devel
From vmf at abtech.org Sat Feb 21 08:17:52 2004
From: vmf at abtech.org (Vincent Furia)
Date: Sat, 21 Feb 2004 08:17:52 -0500
Subject: [geeklog-devel] comment.php
In-Reply-To: <001401c3f835$7036a390$650a10ac@XPBL2>
References: <4036C97E.7000603@abtech.org> <001401c3f835$7036a390$650a10ac@XPBL2>
Message-ID: <40375A80.90107@abtech.org>
There was a bug in -rc1 that was contributing to that. I don't see a
problem with the article you pointed to (I'm seeing it nested just
fine). What browser/OS (brand and version) are you using?
Are you seeing threaded sub-comments indented in? If possible a
screenshot or two of what you're seeing would be helpful in trouble
shooting.
Thanks,
Vinny
Blaine Lang wrote:
> What I see is that nested looks like flat mode now.
> I've tried setting my preference to nested and threaded and really did not
> see a difference when viewing comments in nested mode. They always appeared
> as flat. Nested used to have the threaded look but would expand out all the
> comments.
>
> Example story with 50 comments:
> http://www.geeklog.net/article.php?story=20021208122743130
>
> Blaine
> ----- Original Message -----
> From: "Vincent Furia"
> To:
> Sent: Friday, February 20, 2004 9:59 PM
> Subject: [geeklog-devel] comment.php
>
>
>
>>In 1.3.8, when displaying comments using comment.php (?mode=display) GL
>>would assume threaded mode. This made sense since the other comment
>>modes (nested, flat) can display all the comments on a single page
>>without needing a click through to see more comments.
>>
>>In 1.3.9's comment.php we are setting the comment mode (threaded,
>>nested, etc) to the user's choice or the default value. Unfortunately
>>if a user has his prefs set to 'nested' but then uses the title bar to
>>select 'threaded' and then clicks on a threaded comment it causes the
>>comment to display as his preferenced value.
>>
>>So I guess I'm asking is what is the desired behavior here? Should
>>comment.php only be used to display threaded comments (notice the code
>>to display in comment.php takes a 'pid' rather than a 'cid' to display
>>all the children of a parent - but not the parent, rather than a
>>particular comment and its children). Or should it use whatever the
>>user's preferences indicate (overriding a previous commentbar choice).
>>Or should it 1st go by choice, then preference? Or something else...
>>
>>After that question is answered here is an related enhancement for
>>comment.php that we may consider looking at: we can add a bit of logic
>>to display a comment based on 'cid' (along with its children) in
>>addition to the current display by parent ('pid'). This would allow
>>users to link to a particular comment in a story/poll/plugin/etc.
>>
>>Have enough time to think about all that? Once you have my opinion
>>(vote?) is below.
>>
>>/////////////////////
>>
>>My opinion: I think the comment.php display as it is ('pid') should
>>only be available in threaded comments. It doesn't make much sense to
>>have it for nested or flat comments. I like the idea of being able to
>>link to a particular comment, so I'd vote yes for that feature
>>(available in any comment mode).
>>
>>I'll code it all up once the votes are in. Also if you vote yes the
>>display by 'cid' should it be in 1.3.9 or should it wait for 1.3.10.
>>
>>-Vinny
>>_______________________________________________
>>geeklog-devel mailing list
>>geeklog-devel at lists.geeklog.net
>>http://lists.geeklog.net/listinfo/geeklog-devel
>
>
> _______________________________________________
> geeklog-devel mailing list
> geeklog-devel at lists.geeklog.net
> http://lists.geeklog.net/listinfo/geeklog-devel
>
From geeklog at langfamily.ca Sat Feb 21 11:24:09 2004
From: geeklog at langfamily.ca (Blaine Lang)
Date: Sat, 21 Feb 2004 11:24:09 -0500
Subject: [geeklog-devel] comment.php
References: <4036C97E.7000603@abtech.org> <001401c3f835$7036a390$650a10ac@XPBL2> <40375A80.90107@abtech.org>
Message-ID: <002101c3f897$22253600$650a10ac@XPBL2>
Vinny,
I am using IE 6 and have uploaded two images for you to see.
http://www.langfamily.ca/temp/threaded.jpg
http://www.langfamily.ca/temp/nested.jpg
Blaine
----- Original Message -----
From: "Vincent Furia"
To:
Sent: Saturday, February 21, 2004 8:17 AM
Subject: Re: [geeklog-devel] comment.php
> There was a bug in -rc1 that was contributing to that. I don't see a
> problem with the article you pointed to (I'm seeing it nested just
> fine). What browser/OS (brand and version) are you using?
>
> Are you seeing threaded sub-comments indented in? If possible a
> screenshot or two of what you're seeing would be helpful in trouble
> shooting.
>
> Thanks,
> Vinny
>
> Blaine Lang wrote:
> > What I see is that nested looks like flat mode now.
> > I've tried setting my preference to nested and threaded and really did
not
> > see a difference when viewing comments in nested mode. They always
appeared
> > as flat. Nested used to have the threaded look but would expand out all
the
> > comments.
> >
> > Example story with 50 comments:
> > http://www.geeklog.net/article.php?story=20021208122743130
> >
> > Blaine
> > ----- Original Message -----
> > From: "Vincent Furia"
> > To:
> > Sent: Friday, February 20, 2004 9:59 PM
> > Subject: [geeklog-devel] comment.php
> >
> >
> >
> >>In 1.3.8, when displaying comments using comment.php (?mode=display) GL
> >>would assume threaded mode. This made sense since the other comment
> >>modes (nested, flat) can display all the comments on a single page
> >>without needing a click through to see more comments.
> >>
> >>In 1.3.9's comment.php we are setting the comment mode (threaded,
> >>nested, etc) to the user's choice or the default value. Unfortunately
> >>if a user has his prefs set to 'nested' but then uses the title bar to
> >>select 'threaded' and then clicks on a threaded comment it causes the
> >>comment to display as his preferenced value.
> >>
> >>So I guess I'm asking is what is the desired behavior here? Should
> >>comment.php only be used to display threaded comments (notice the code
> >>to display in comment.php takes a 'pid' rather than a 'cid' to display
> >>all the children of a parent - but not the parent, rather than a
> >>particular comment and its children). Or should it use whatever the
> >>user's preferences indicate (overriding a previous commentbar choice).
> >>Or should it 1st go by choice, then preference? Or something else...
> >>
> >>After that question is answered here is an related enhancement for
> >>comment.php that we may consider looking at: we can add a bit of logic
> >>to display a comment based on 'cid' (along with its children) in
> >>addition to the current display by parent ('pid'). This would allow
> >>users to link to a particular comment in a story/poll/plugin/etc.
> >>
> >>Have enough time to think about all that? Once you have my opinion
> >>(vote?) is below.
> >>
> >>/////////////////////
> >>
> >>My opinion: I think the comment.php display as it is ('pid') should
> >>only be available in threaded comments. It doesn't make much sense to
> >>have it for nested or flat comments. I like the idea of being able to
> >>link to a particular comment, so I'd vote yes for that feature
> >>(available in any comment mode).
> >>
> >>I'll code it all up once the votes are in. Also if you vote yes the
> >>display by 'cid' should it be in 1.3.9 or should it wait for 1.3.10.
> >>
> >>-Vinny
> >>_______________________________________________
> >>geeklog-devel mailing list
> >>geeklog-devel at lists.geeklog.net
> >>http://lists.geeklog.net/listinfo/geeklog-devel
> >
> >
> > _______________________________________________
> > geeklog-devel mailing list
> > geeklog-devel at lists.geeklog.net
> > http://lists.geeklog.net/listinfo/geeklog-devel
> >
> _______________________________________________
> geeklog-devel mailing list
> geeklog-devel at lists.geeklog.net
> http://lists.geeklog.net/listinfo/geeklog-devel
From dirk at haun-online.de Sat Feb 21 11:45:54 2004
From: dirk at haun-online.de (Dirk Haun)
Date: Sat, 21 Feb 2004 17:45:54 +0100
Subject: [geeklog-devel] comment.php
In-Reply-To: <002101c3f897$22253600$650a10ac@XPBL2>
References: <002101c3f897$22253600$650a10ac@XPBL2>
Message-ID: <20040221164554.23116@smtp.haun-online.de>
Blaine,
>http://www.langfamily.ca/temp/threaded.jpg
That's how it should look like (at least I think so ...).
>http://www.langfamily.ca/temp/nested.jpg
That's not okay, though. But it looks fine (i.e. nested) in Mozilla.
Blame Microsoft ...
bye, Dirk
P.S. geeklog.net is running on the latest CVS version of lib-common.php
(1.289), not the one from the rc1 tarball.
--
http://www.haun-online.de/
http://geeklog.info/
From geeklog at langfamily.ca Sat Feb 21 12:13:28 2004
From: geeklog at langfamily.ca (Blaine Lang)
Date: Sat, 21 Feb 2004 12:13:28 -0500
Subject: [geeklog-devel] comment.php
References: <002101c3f897$22253600$650a10ac@XPBL2> <20040221164554.23116@smtp.haun-online.de>
Message-ID: <023101c3f89e$0603cf20$650a10ac@XPBL2>
> >http://www.langfamily.ca/temp/threaded.jpg
>
> That's how it should look like (at least I think so ...).
Agree that what I had noted in my previous email , it's nested that is not
showing correct
I had not tried Mozilla but yeh, it does appear to be IE related.
The issue is with the CSS for padding being defined at the TABLE level and
not the TD level
style="padding-left: 50px"Have a look at this
testhttp://www.langfamily.ca/temp/tablestyletest.htmlBlaine
----- Original Message -----
From: "Dirk Haun"
To:
Sent: Saturday, February 21, 2004 11:45 AM
Subject: Re: [geeklog-devel] comment.php
> Blaine,
>
> >http://www.langfamily.ca/temp/threaded.jpg
>
> That's how it should look like (at least I think so ...).
>
>
> >http://www.langfamily.ca/temp/nested.jpg
>
> That's not okay, though. But it looks fine (i.e. nested) in Mozilla.
> Blame Microsoft ...
>
> bye, Dirk
>
> P.S. geeklog.net is running on the latest CVS version of lib-common.php
> (1.289), not the one from the rc1 tarball.
>
>
> --
> http://www.haun-online.de/
> http://geeklog.info/
>
> _______________________________________________
> geeklog-devel mailing list
> geeklog-devel at lists.geeklog.net
> http://lists.geeklog.net/listinfo/geeklog-devel
From dirk at haun-online.de Sun Feb 22 15:12:11 2004
From: dirk at haun-online.de (Dirk Haun)
Date: Sun, 22 Feb 2004 21:12:11 +0100
Subject: [geeklog-devel] The first 1.3.9rc1 bugs are in ...
In-Reply-To: <007d01c3f684$94cfd3f0$650a10ac@XPBL2>
References: <007d01c3f684$94cfd3f0$650a10ac@XPBL2>
Message-ID: <20040222201211.5769@smtp.haun-online.de>
Blaine,
>Well we could change the interval but I like 10 :)
>Only 2 options - change the interval or change the field type that I see.
Looks like the least painful method would be to simply change the field
type for "blockorder" from a TINYINT to a SMALLINT.
Vinny, what's the status on the problem with the nested comments?
A few people seem to have problems with PEAR::Mail when safe_mode is on.
At least when selecting 'mail' as the backend, PHP complains about the
fifth parameter for mail() not being allowed in safe_mode. Switching to
'sendmail' or 'smtp' fixes that (in my local tests), but obviously not
for all people.
I have just added a hook that lets you override COM_mail() with a
CUSTOM_mail() function (i.e. if such a function exists, COM_mail() calls
it instead of handling emails itself).
If the safe_mode problems persist, we might even have to add a 'geeklog'
backend option that re-implements Geeklog's old way of sending emails.
Have to do some digging on documented problems with PEAR::Mail first -
maybe there's a better solution.
So these are the showstoppers for rc2 at the moment, AFAICS. Anything else?
bye, Dirk
--
http://www.haun-online.de/
http://mypod.de/
From dirk at haun-online.de Sun Feb 22 15:55:08 2004
From: dirk at haun-online.de (Dirk Haun)
Date: Sun, 22 Feb 2004 21:55:08 +0100
Subject: [geeklog-devel] Desktop pictures
Message-ID: <20040222205508.26492@smtp.haun-online.de>
I came across this site the other day. It has screenshots of desktops of
a few "famous geeks":
http://unix.se/gallery/folk
So I thought - how does YOUR desktop look like when you're working on
Geeklog? Here's mine:
http://geeklog.info/images/desktop-dirk.jpg
bye, Dirk
--
http://www.haun-online.de/
http://www.haun.info/
From geeklog at langfamily.ca Sun Feb 22 18:00:10 2004
From: geeklog at langfamily.ca (Blaine Lang)
Date: Sun, 22 Feb 2004 18:00:10 -0500
Subject: [geeklog-devel] Desktop pictures
References: <20040222205508.26492@smtp.haun-online.de>
Message-ID: <00e801c3f997$9fa0cf80$650a10ac@XPBL2>
Neat site Dirk,
Here is my desktop - which is 2560 x 1280 dual screen. Image is 666kb.
http://www.langfamily.ca/temp/myscreen.jpg
----- Original Message -----
From: "Dirk Haun"
To:
Sent: Sunday, February 22, 2004 3:55 PM
Subject: [geeklog-devel] Desktop pictures
>
>
> I came across this site the other day. It has screenshots of desktops of
> a few "famous geeks":
>
> http://unix.se/gallery/folk
>
> So I thought - how does YOUR desktop look like when you're working on
> Geeklog? Here's mine:
>
> http://geeklog.info/images/desktop-dirk.jpg
>
> bye, Dirk
>
>
> --
> http://www.haun-online.de/
> http://www.haun.info/
>
> _______________________________________________
> geeklog-devel mailing list
> geeklog-devel at lists.geeklog.net
> http://lists.geeklog.net/listinfo/geeklog-devel
From geeklog at langfamily.ca Sun Feb 22 18:01:29 2004
From: geeklog at langfamily.ca (Blaine Lang)
Date: Sun, 22 Feb 2004 18:01:29 -0500
Subject: [geeklog-devel] The first 1.3.9rc1 bugs are in ...
References: <007d01c3f684$94cfd3f0$650a10ac@XPBL2> <20040222201211.5769@smtp.haun-online.de>
Message-ID: <00ee01c3f997$ce89ef70$650a10ac@XPBL2>
Not that I can think of Dirk - do you need my help on anything?
Blaine
----- Original Message -----
From: "Dirk Haun"
To:
Sent: Sunday, February 22, 2004 3:12 PM
Subject: Re: [geeklog-devel] The first 1.3.9rc1 bugs are in ...
> Blaine,
>
> >Well we could change the interval but I like 10 :)
> >Only 2 options - change the interval or change the field type that I see.
>
> Looks like the least painful method would be to simply change the field
> type for "blockorder" from a TINYINT to a SMALLINT.
>
> Vinny, what's the status on the problem with the nested comments?
>
> A few people seem to have problems with PEAR::Mail when safe_mode is on.
> At least when selecting 'mail' as the backend, PHP complains about the
> fifth parameter for mail() not being allowed in safe_mode. Switching to
> 'sendmail' or 'smtp' fixes that (in my local tests), but obviously not
> for all people.
>
> I have just added a hook that lets you override COM_mail() with a
> CUSTOM_mail() function (i.e. if such a function exists, COM_mail() calls
> it instead of handling emails itself).
>
> If the safe_mode problems persist, we might even have to add a 'geeklog'
> backend option that re-implements Geeklog's old way of sending emails.
> Have to do some digging on documented problems with PEAR::Mail first -
> maybe there's a better solution.
>
> So these are the showstoppers for rc2 at the moment, AFAICS. Anything
else?
>
> bye, Dirk
>
>
> --
> http://www.haun-online.de/
> http://mypod.de/
>
> _______________________________________________
> geeklog-devel mailing list
> geeklog-devel at lists.geeklog.net
> http://lists.geeklog.net/listinfo/geeklog-devel
From vmf at abtech.org Sun Feb 22 22:05:55 2004
From: vmf at abtech.org (Vincent Furia)
Date: Sun, 22 Feb 2004 22:05:55 -0500
Subject: [geeklog-devel] The first 1.3.9rc1 bugs are in ...
In-Reply-To: <20040222201211.5769@smtp.haun-online.de>
References: <007d01c3f684$94cfd3f0$650a10ac@XPBL2> <20040222201211.5769@smtp.haun-online.de>
Message-ID: <40396E13.80108@abtech.org>
Dirk Haun wrote:
>Blaine,
>
>
>
>>Well we could change the interval but I like 10 :)
>>Only 2 options - change the interval or change the field type that I see.
>>
>>
>
>Looks like the least painful method would be to simply change the field
>type for "blockorder" from a TINYINT to a SMALLINT.
>
>Vinny, what's the status on the problem with the nested comments?
>
>A few people seem to have problems with PEAR::Mail when safe_mode is on.
>At least when selecting 'mail' as the backend, PHP complains about the
>fifth parameter for mail() not being allowed in safe_mode. Switching to
>'sendmail' or 'smtp' fixes that (in my local tests), but obviously not
>for all people.
>
>I have just added a hook that lets you override COM_mail() with a
>CUSTOM_mail() function (i.e. if such a function exists, COM_mail() calls
>it instead of handling emails itself).
>
>If the safe_mode problems persist, we might even have to add a 'geeklog'
>backend option that re-implements Geeklog's old way of sending emails.
>Have to do some digging on documented problems with PEAR::Mail first -
>maybe there's a better solution.
>
>So these are the showstoppers for rc2 at the moment, AFAICS. Anything else?
>
>bye, Dirk
>
>
>
>
Well...
I'm going to try a few things out. I think I'm going to make some demo
pages (tomorrow night maybe?) and then ask people in the forums to take
a look with their browser and see what works and what doesn't. I'll end
up implementing whatever works in the most number of browsers. If
nothing seems to work widely, I can reimplement (in the templates) the
nested tables that are how comments are done in 1.3.8 and prior.
As for the issues I brought up in my email titled "comment.php" unless I
hear any contrary opinions I'm going to implement as I suggested in my
"opinion" at the end of the email, pushing off displaying by 'cid' until
1.3.10.
-Vinny
P.S. I'm "on the road" this week so I'll only really be available in
the evenings (EST). I should be able to put in enough time to get these
comment issues worked out though.
From dirk at haun-online.de Mon Feb 23 14:48:51 2004
From: dirk at haun-online.de (Dirk Haun)
Date: Mon, 23 Feb 2004 20:48:51 +0100
Subject: [geeklog-devel] comment.php
In-Reply-To: <4036C97E.7000603@abtech.org>
References: <4036C97E.7000603@abtech.org>
Message-ID: <20040223194851.14233@smtp.haun-online.de>
Vinny,
>In 1.3.9's comment.php we are setting the comment mode (threaded,
>nested, etc) to the user's choice or the default value. Unfortunately
>if a user has his prefs set to 'nested' but then uses the title bar to
>select 'threaded' and then clicks on a threaded comment it causes the
>comment to display as his preferenced value.
I made that change (using the user's preferences) since I noticed that
comments on plugins (e.g. file management) were always displayed in
threaded mode, even so I have set my preferences to nested.
This and the above seems to indicate that the "current" mode gets lost
somewhere. So ideally, we want both - it should start with the user's
preferred mode, but when they change it (temporarily, in the comment
bar), it should of course use whatever has been selected from the comment bar.
>This would allow
>users to link to a particular comment in a story/poll/plugin/etc.
That's certainly a nice thing to have (btw, I'd also like to have this in
the forums, so that I can link to one specific post).
>Also if you vote yes the
>display by 'cid' should it be in 1.3.9 or should it wait for 1.3.10.
The first issue is a bug and should be fixed in 1.3.9. The second one is
an improvement and should wait for 1.3.10. Especially since it will no
doubt require changes in other places, too (e.g. search should use it,
may require changes in template files, ...).
bye, Dirk
--
http://www.haun-online.de/
http://geeklog.info/
From dirk at haun-online.de Mon Feb 23 14:51:38 2004
From: dirk at haun-online.de (Dirk Haun)
Date: Mon, 23 Feb 2004 20:51:38 +0100
Subject: [geeklog-devel] COM_extractlinks
In-Reply-To: <4036B46E.6040808@abtech.org>
References: <4036B46E.6040808@abtech.org>
Message-ID: <20040223195138.16173@smtp.haun-online.de>
Vinny,
>But the function getting confused
>by the image tags is Not A Good Thing. (-rc2 perhaps?)
>
>I'll fix this if no one else wants to.
Yes, please. Thanks.
bye, Dirk
--
http://www.haun-online.de/
http://www.macosx-faq.de/
From tony at tonybibbs.com Wed Feb 25 12:51:32 2004
From: tony at tonybibbs.com (Tony Bibbs)
Date: Wed, 25 Feb 2004 11:51:32 -0600
Subject: [geeklog-devel] Desktop pictures
In-Reply-To: <20040222205508.26492@smtp.haun-online.de>
References: <20040222205508.26492@smtp.haun-online.de>
Message-ID: <403CE0A4.8050606@tonybibbs.com>
Great topic. Here's mine:
http://209.234.80.119/~tony/Screenshot.png
--Tony
Dirk Haun wrote:
>
>
> I came across this site the other day. It has screenshots of desktops of
> a few "famous geeks":
>
> http://unix.se/gallery/folk
>
> So I thought - how does YOUR desktop look like when you're working on
> Geeklog? Here's mine:
>
> http://geeklog.info/images/desktop-dirk.jpg
>
> bye, Dirk
>
>
From dirk at haun-online.de Thu Feb 26 13:11:51 2004
From: dirk at haun-online.de (Dirk Haun)
Date: Thu, 26 Feb 2004 19:11:51 +0100
Subject: [geeklog-devel] How to use COM_applyFilter
Message-ID: <20040226181151.27701@smtp.haun-online.de>
I wrote this little piece to explain the use of COM_applyFilter. It's
mainly aimed at authors of plugins and other add-ons, but most of it
applies to new code that's supposed to go into Geeklog as well. Comments
welcome (as well as suggestions on where to post it so that it can easily
be found ...).
bye, Dirk
--- snip ---
Abstract: Geeklog 1.3.9 introduced a new function, COM_applyFilter, that
is used to filter parameters passed in HTTP GET and POST requests. It is
strongly suggested that plugins and other add-ons make use of this function.
This post explains how to use COM_applyFilter and also provides additional
information on how to make your scripts more secure.
Whenever parameters are passed in an HTTP GET request (usually in a URL
of the form script.php?parameter=value) or an HTTP POST request (usually
from an input field in a form, e.g. )
there is a potential risk that these parameters are manipulated. With GET
requests, it is easy to edit the URL and manipulated POST requests can be
sent through manipulated forms or by using tools like netcat.
It is therefore important not to trust these parameters too much!
The COM_applyFilter function was designed to clear parameters from the
most commonly used injection attempts (both SQL and JavaScript injections).
So, to strip any potentially malicious content from parameters, use
COM_applyFilter as follows:
$myvalue = COM_applyFilter ($HTTP_POST_VARS['myparameter']);
Or, in case, of a parameter that is supposed to be numeric:
$myvalue = COM_applyFilter ($HTTP_POST_VARS['myparameter'], true);
Your script should be prepared to handle the case that $myparameter is empty
(or 0, for numerical parameters) after the call to COM_applyFilter. This will
usually be the case when content was stripped from the parameter (unless it
was empty / zero to begin with). Whether your script aborts in those cases
or continues with default values instead of the empty / zeroed parameter,
is up to you. Both may make sense, depending on the circumstances.
As can be seen in the examples above, it is recommended NOT to rely on
register_globals being "on" (although Geeklog still requires this) but
to use the global $HTTP_GET_VARS and $HTTP_POST_VARS arrays instead (don't
forget to declare them as "global" when you're using them inside a function).
The $_GET, $_POST, and $_REQUEST arrays could be used instead of
$HTTP_GET_VARS
and $HTTP_POST_VARS, but since they were only introduced in PHP 4.2.0,
you may
restrict the audience for your plugin / add-on somewhat, as quite a few
Geeklog installs out there are still running on older versions of PHP.
If possible, you should NOT follow Geeklog's example of testing whether a
parameter is set in the $HTTP_GET_VARS or $HTTP_POST_VARS array. Instead,
write your code such that at any moment you know exactly where your parameters
would be in case of proper execution of the script. So if you know that at
a specific point in your script, parameters can only be in the $HTTP_GET_VARS
array (because you are expecting to be called through an HTTP GET request),
don't bother checking the $HTTP_POST_VARS array (instead, simply ignore it).
Geeklog's core code contains a few bad examples where at specific points in
a script it is not clear whether we came there through a GET or a POST
request and thus have to test both for the proper parameters. Depending on
the situation, it may make things easier for an attacker and the code is in
general much harder to maintain. Don't repeat that mistake.
Please note that you can NOT use COM_applyFilter on any sort of "free-
form" content, such as the text of a story or things like a user's full
name, since the function would strip out many special characters (such as
quotes) and make the content illegible and / or useless. Instead, you
should do something like this:
$mytext = COM_stripslashes ($HTTP_POST_VARS['mytext']);
// do something with it
$mytext = addslashes ($mytext);
DB_save ($_TABLES['mytable'], "mytext", '$mytext');
The COM_stripslashes function will strip any slashes that may have been added
during the POST operation, if the PHP option magic_quotes_qpc is "on" (and
leaves the text untouched, if it is off), thus ensuring that you get the text
back exactly as it was entered by the user. You can then process the text
as needed by your plugin / add-on.
Before you store the text in the database, you should call addslashes on it
to ensure that any special characters are properly escaped. This will NOT
add slashes to the content in the database, it will only ensure that the
text is properly stored (and in case it contains any SQL injection attempts,
those would be stored as text, too, instead of being executed as part of
the save operation).
Actually, it may be a good idea to apply addslashes on ALL parameters that
go into the database, even if they have been passed through COM_applyFilter
before, just in case.
On a side note, if you need to identify the current user, you should NEVER
rely on the user's id passed through GET or POST requests (e.g. by embedding
it in a form and reading it back when the form was submitted). Instead,
ALWAYS use the global variable $_USER['uid']. This variable may be empty
or contain 1, which indicates an anonymous user, i.e. a user that is not
logged in. So you should use something like
if (!empty ($_USER['uid']) && ($_USER['uid'] > 1)) {
// this is a logged-in user
} else {
// this is an anonymous user
}
To summarize:
- use COM_applyFilter on any parameters passed through an HTTP GET or POST
request
- add "true" to the call when the parameter is supposed to be numeric
- be prepared for the parameter to be empty or zero afterwards
- don't rely on register_globals - use $HTTP_POST_VARS and $HTTP_GETS_VARS
instead
- write your script such that you know whether your parameters are in
$HTTP_POST_VARS or $HTTP_GETS_VARS
- for "free-form" content, don't use COM_applyFilter but be careful to filter
it otherwise and apply addslashes before storing it in the database
- always rely on $_USER['uid'] to identify a user
--
http://www.geeklog.net/
http://geeklog.info/
From geeklog at langfamily.ca Thu Feb 26 14:01:53 2004
From: geeklog at langfamily.ca (Blaine Lang)
Date: Thu, 26 Feb 2004 14:01:53 -0500
Subject: [geeklog-devel] How to use COM_applyFilter
References: <20040226181151.27701@smtp.haun-online.de>
Message-ID: <006e01c3fc9a$ff9abd00$650a10ac@XPBL2>
Dirk,
This is a good discussion and one we spent a lot of time in our code
addressing. I have been using your function and variations of it now for a
couple months. I think it's a great addition to the common functions.
I had a reason (can't recall the details now) where I added the option to
"not return 0" - it would return '' instead. The default was return for a
numeric test and the parameter being tested turned out to not be numeric.
COM_ApplyFilter( $parameter, $isnumeric = false ,$returnzero=true)
The other purpose I had was a stronger version that only allowed "letters
and numbers"
$p = preg_replace('/^[^(0-9a-zA-Z)]+/','', $parameter );
Plugin developer either not support versions prior to 1.3.9 or need to add
their own plugin version.
I often use the same variable name for GET and POST for something like "what
operation" is being performed. Sometimes you have links which trigger an
operation but in the same application there may be a form. I have been using
$op to indicate the operation (add/delete/edit etc ...) and use code like
this:
if (isset($HTTP_POST_VARS['op']) ) {
$op = clubApplyFilter($HTTP_POST_VARS['op']);
} elseif (isset($HTTP_GET_VARS['op']) ) {
$op = clubApplyFilter($HTTP_GET_VARS['op']);
} else {
$op = '';
}
I first check the POST for a request and then the GET string. This is a
repeatitive piece of code as I may have other common used variables like
recid, mode, page, sortoption etc. Example: Page navigation needs to pass
page# and Sort options in the URL string but I also need to pass these
variable in forms if I want to return the user to same view.
I have been thinking, it would be nice to be have a common function that
would filter all the POST and GET vars. It is possible to walk the arrays
and maybe send it a list of variables to clean - using array_walk().
Cheers,
Blaine
From dirk at haun-online.de Thu Feb 26 17:16:38 2004
From: dirk at haun-online.de (Dirk Haun)
Date: Thu, 26 Feb 2004 23:16:38 +0100
Subject: [geeklog-devel] How to use COM_applyFilter
In-Reply-To: <006e01c3fc9a$ff9abd00$650a10ac@XPBL2>
References: <006e01c3fc9a$ff9abd00$650a10ac@XPBL2>
Message-ID: <20040226221638.4367@smtp.haun-online.de>
Blaine,
>The other purpose I had was a stronger version that only allowed "letters
>and numbers"
> $p = preg_replace('/^[^(0-9a-zA-Z)]+/','', $parameter );
That may make sense. We should review some of the "freedoms" that Geeklog
is giving users for 1.3.10 anyway. E.g. user names (we've discussed this
one before, I remember) or topic IDs.
>if (isset($HTTP_POST_VARS['op']) ) {
> $op = clubApplyFilter($HTTP_POST_VARS['op']);
>} elseif (isset($HTTP_GET_VARS['op']) ) {
> $op = clubApplyFilter($HTTP_GET_VARS['op']);
>} else {
> $op = '';
>}
I was actually discouraging the use of this in my writings. Although it
probably makes sense to do this for one parameter (the mode of operation,
as in your example) and then, depending on that mode parameter, get the
other parameters ONLY from the array they are supposed to be in. I.e.
something like
if ($op == 'submit') {
// 'submit' will always indicate a POST request
$something = COM_applyFilter ($HTTP_POST_VARS['something']);
} else if ($op == 'new') {
$whatever = COM_applyFilter ($HTTP_GET_VARS['whatever']);
}
>I have been thinking, it would be nice to be have a common function that
>would filter all the POST and GET vars. It is possible to walk the arrays
>and maybe send it a list of variables to clean - using array_walk().
array_walk sounds useful, but I'm not sure how you would derive a common
function from it. How would it know which parameters are supposed to be
numeric?
bye, Dirk
--
http://www.haun-online.de/
http://geeklog.info/
From geeklog at langfamily.ca Thu Feb 26 17:46:18 2004
From: geeklog at langfamily.ca (Blaine Lang)
Date: Thu, 26 Feb 2004 17:46:18 -0500
Subject: [geeklog-devel] How to use COM_applyFilter
References: <006e01c3fc9a$ff9abd00$650a10ac@XPBL2> <20040226221638.4367@smtp.haun-online.de>
Message-ID: <001b01c3fcba$58e030b0$650a10ac@XPBL2>
Dirk wrote:
> array_walk sounds useful, but I'm not sure how you would derive a common
> function from it. How would it know which parameters are supposed to be
> numeric?
I was thinking we would have to pass it an array of variables and type and
options. Maybe pass the array of variables by reference. Not sure - just
thinking out loud. Maybe this would be better as a class.
Blaine
----- Original Message -----
From: "Dirk Haun"
To:
Sent: Thursday, February 26, 2004 5:16 PM
Subject: Re: [geeklog-devel] How to use COM_applyFilter
> Blaine,
>
> >The other purpose I had was a stronger version that only allowed "letters
> >and numbers"
> > $p = preg_replace('/^[^(0-9a-zA-Z)]+/','', $parameter );
>
> That may make sense. We should review some of the "freedoms" that Geeklog
> is giving users for 1.3.10 anyway. E.g. user names (we've discussed this
> one before, I remember) or topic IDs.
>
>
> >if (isset($HTTP_POST_VARS['op']) ) {
> > $op = clubApplyFilter($HTTP_POST_VARS['op']);
> >} elseif (isset($HTTP_GET_VARS['op']) ) {
> > $op = clubApplyFilter($HTTP_GET_VARS['op']);
> >} else {
> > $op = '';
> >}
>
> I was actually discouraging the use of this in my writings. Although it
> probably makes sense to do this for one parameter (the mode of operation,
> as in your example) and then, depending on that mode parameter, get the
> other parameters ONLY from the array they are supposed to be in. I.e.
> something like
>
> if ($op == 'submit') {
> // 'submit' will always indicate a POST request
> $something = COM_applyFilter ($HTTP_POST_VARS['something']);
> } else if ($op == 'new') {
> $whatever = COM_applyFilter ($HTTP_GET_VARS['whatever']);
> }
>
>
> >I have been thinking, it would be nice to be have a common function that
> >would filter all the POST and GET vars. It is possible to walk the arrays
> >and maybe send it a list of variables to clean - using array_walk().
>
> array_walk sounds useful, but I'm not sure how you would derive a common
> function from it. How would it know which parameters are supposed to be
> numeric?
>
> bye, Dirk
>
>
> --
> http://www.haun-online.de/
> http://geeklog.info/
>
> _______________________________________________
> geeklog-devel mailing list
> geeklog-devel at lists.geeklog.net
> http://lists.geeklog.net/listinfo/geeklog-devel
From tony at tonybibbs.com Fri Feb 27 09:48:40 2004
From: tony at tonybibbs.com (Tony Bibbs)
Date: Fri, 27 Feb 2004 08:48:40 -0600
Subject: [geeklog-devel] Re: [geeklog-users] An SQL error has occured
In-Reply-To: <403F5195.6090601@linsoftlabs.com>
References: <403E0B8D.40608@sympatico.ca> <403E3BAF.3090306@tonybibbs.com> <1077842668.403e92ece792b@webmail.lecielbleu.net> <403EB616.1040504@linsoftlabs.com> <403F4F39.8060609@tonybibbs.com> <403F5195.6090601@linsoftlabs.com>
Message-ID: <403F58C8.5070002@tonybibbs.com>
Ah, good catch. I read through too quick. Anyway, the thing that
annoys me most about Geeklog right now is the fact that topic ID's are
text-based instead of numeric values and, unlike most other primary keys
in Geeklog, these you can key in yourself. This is simply bad legacy
code from Geeklog's days of infancy. Report this as a bug to
http://project.geeklog.net/ and we'll need to finally make this a
priority and get it working right.
I'm cc'ing this to the geeklog-devel list to be sure it gets seen by the
entire crew. Again, if you decide to look into this yourself, any help
is appreciated. The fix would need to occur in admin/topic.php most likely.
--Tony
Chris Besignano wrote:
> I am not using the Journal Plugin. Just staight-up geeklog. The topic I
> was creating just happened to include the word Journal.
>
> Tony Bibbs wrote:
>
>> Again, note that the *fix* will happen in the journal plugin's code.
>> If you find it and fix it please send the fix to
>> geeklog-devtalk at lists.geeklog.net. Thanks for looking into this...
>>
>> --Tony
>>
>> Chris Besignano wrote:
>>
>>> I realized why the error occured but was unable to resolve the issue.
>>> Geeklog simply locked up and kept returning the SQL error no matter
>>> which page I accessed. I agree that this is something that should be
>>> validated. It shouldn't be much work to make it happen, maybe I'll
>>> poke at it this weekend and add some validation code. Who do I send
>>> my changes to?
>>>
>>> Chris Besignano
>>>
>>> Drago Goricanec wrote:
>>>
>>>> This is something geeklog should protect against. Either escape the
>>>> data, or
>>>> validate it prior to injecting it into SQL. If there are plans to do
>>>> this in a
>>>> future version that's fine, but I don't think it's reasonable for
>>>> geeklog to
>>>> expect users to provide it with valid data.
>>>>
>>>> The other thing I would suggest is that either we always use POST
>>>> methods, or
>>>> encrypt and sign the arguments generated in a GET method to avoid
>>>> either
>>>> replaying or injecting bad data to geeklog. Nevertheless, all data
>>>> should be
>>>> validated/sanitized prior to use.
>>>>
>>>> regards,
>>>> Drago
>>>>
>>>> Quoting Tony Bibbs :
>>>>
>>>>
>>>>
>>>>> the problem is the journal name has a single quote (') in it.
>>>>> Change "Chris' Journal" to "Chris Journal" and all would be well.
>>>>>
>>>>> --Tony
>>>>>
>>>>> Chris Besignano wrote:
>>>>>
>>>>>
>>>>>> Hello,
>>>>>>
>>>>>> I am runnning geeklog 1.3.8-lsr4 on linux. I attempted to add a
>>>>>> new topic, but left a space in the topic id. Now I get this SQL
>>>>>> error and cannot access any part of the site. What can I do to
>>>>>> recover from this? Below is a section of my error log.
>>>>>>
>>>>>>
>>>>>> Thu Feb 26 09:51:31 2004 - 1064: You have an error in your SQL
>>>>>> syntax near 'Journal')' at line 1. SQL in question: SELECT
>>>>>> count(*) AS count FROM gl_stories WHERE (draft_flag = 0) AND (date
>>>>>> <= NOW()) AND (tid = 'Chris'Journal')
>>>>>> Thu Feb 26 09:51:46 2004 - 1064: You have an error in your SQL
>>>>>> syntax near 'Journal')' at line 1. SQL in question: SELECT
>>>>>> count(*) AS count FROM gl_stories WHERE (draft_flag = 0) AND (date
>>>>>> <= NOW()) AND (tid = 'Chris'Journal')
>>>>>> Thu Feb 26 09:51:52 2004 - 1064: You have an error in your SQL
>>>>>> syntax near 'Journal')' at line 1. SQL in question: SELECT
>>>>>> count(*) AS count FROM gl_stories WHERE (draft_flag = 0) AND (date
>>>>>> <= NOW()) AND (tid = 'Chris'Journal')
>>>>>> Thu Feb 26 09:51:56 2004 - 1064: You have an error in your SQL
>>>>>> syntax near 'Journal')' at line 1. SQL in question: SELECT
>>>>>> count(*) AS count FROM gl_stories WHERE (draft_flag = 0) AND (date
>>>>>> <= NOW()) AND (tid = 'Chris'Journal')
>>>>>>
>>>>>> _______________________________________________
>>>>>> geeklog-users mailing list
>>>>>> geeklog-users at lists.geeklog.net
>>>>>> http://lists.geeklog.net/listinfo/geeklog-users
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> geeklog-users mailing list
>>>>> geeklog-users at lists.geeklog.net
>>>>> http://lists.geeklog.net/listinfo/geeklog-users
>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> geeklog-users mailing list
>>>> geeklog-users at lists.geeklog.net
>>>> http://lists.geeklog.net/listinfo/geeklog-users
>>>>
>>>>
>>>>
>>>
>>> _______________________________________________
>>> geeklog-users mailing list
>>> geeklog-users at lists.geeklog.net
>>> http://lists.geeklog.net/listinfo/geeklog-users
>>
>>
>> _______________________________________________
>> geeklog-users mailing list
>> geeklog-users at lists.geeklog.net
>> http://lists.geeklog.net/listinfo/geeklog-users
>>
>
> _______________________________________________
> geeklog-users mailing list
> geeklog-users at lists.geeklog.net
> http://lists.geeklog.net/listinfo/geeklog-users
From tony at tonybibbs.com Fri Feb 27 16:58:45 2004
From: tony at tonybibbs.com (Tony Bibbs)
Date: Fri, 27 Feb 2004 15:58:45 -0600
Subject: [geeklog-devel] How to use COM_applyFilter
In-Reply-To: <001b01c3fcba$58e030b0$650a10ac@XPBL2>
References: <006e01c3fc9a$ff9abd00$650a10ac@XPBL2> <20040226221638.4367@smtp.haun-online.de> <001b01c3fcba$58e030b0$650a10ac@XPBL2>
Message-ID: <403FBD95.4090201@tonybibbs.com>
FWIW, I think that we should not necessarily insist that plugin authors
require the minimum level of the PHP version that Geeklog does.
Specifically, I mean the use of $_REQUEST should be encouraged. Also, I
think that if we aren't encouraging the coding style required to
eliminate the requiring of register_globals = ON then we should be
slapped. Specifically plugins/developer.README and docs/plugin.html
should point to Geeklog coding standards as well as how to prevent
injection attempts. To that end, Dirk, I assume you will like both of
those documents to your proposed COM_applyFilter documentation (which si
great by the way).
My main point is that my hopes is that after a year of being complete
vaporware, my hopes are to have GL2 to a point where a semi-working
alpha release can be made in the first half of '04 to encourage that
plugin authors try their hand at making their work GL2 compatible (no
small feat) and to that end we should encourage the coding practices we
would want in this new world. Done rambling...
--Tony
Blaine Lang wrote:
> Dirk wrote:
>
>>array_walk sounds useful, but I'm not sure how you would derive a common
>>function from it. How would it know which parameters are supposed to be
>>numeric?
>
>
> I was thinking we would have to pass it an array of variables and type and
> options. Maybe pass the array of variables by reference. Not sure - just
> thinking out loud. Maybe this would be better as a class.
>
> Blaine
>
> ----- Original Message -----
> From: "Dirk Haun"
> To:
> Sent: Thursday, February 26, 2004 5:16 PM
> Subject: Re: [geeklog-devel] How to use COM_applyFilter
>
>
>
>>Blaine,
>>
>>
>>>The other purpose I had was a stronger version that only allowed "letters
>>>and numbers"
>>> $p = preg_replace('/^[^(0-9a-zA-Z)]+/','', $parameter );
>>
>>That may make sense. We should review some of the "freedoms" that Geeklog
>>is giving users for 1.3.10 anyway. E.g. user names (we've discussed this
>>one before, I remember) or topic IDs.
>>
>>
>>
>>>if (isset($HTTP_POST_VARS['op']) ) {
>>> $op = clubApplyFilter($HTTP_POST_VARS['op']);
>>>} elseif (isset($HTTP_GET_VARS['op']) ) {
>>> $op = clubApplyFilter($HTTP_GET_VARS['op']);
>>>} else {
>>> $op = '';
>>>}
>>
>>I was actually discouraging the use of this in my writings. Although it
>>probably makes sense to do this for one parameter (the mode of operation,
>>as in your example) and then, depending on that mode parameter, get the
>>other parameters ONLY from the array they are supposed to be in. I.e.
>>something like
>>
>> if ($op == 'submit') {
>> // 'submit' will always indicate a POST request
>> $something = COM_applyFilter ($HTTP_POST_VARS['something']);
>> } else if ($op == 'new') {
>> $whatever = COM_applyFilter ($HTTP_GET_VARS['whatever']);
>> }
>>
>>
>>
>>>I have been thinking, it would be nice to be have a common function that
>>>would filter all the POST and GET vars. It is possible to walk the arrays
>>>and maybe send it a list of variables to clean - using array_walk().
>>
>>array_walk sounds useful, but I'm not sure how you would derive a common
>>function from it. How would it know which parameters are supposed to be
>>numeric?
>>
>>bye, Dirk
>>
>>
>>--
>>http://www.haun-online.de/
>>http://geeklog.info/
>>
>>_______________________________________________
>>geeklog-devel mailing list
>>geeklog-devel at lists.geeklog.net
>>http://lists.geeklog.net/listinfo/geeklog-devel
>
>
> _______________________________________________
> geeklog-devel mailing list
> geeklog-devel at lists.geeklog.net
> http://lists.geeklog.net/listinfo/geeklog-devel
From dirk at haun-online.de Sat Feb 28 09:28:34 2004
From: dirk at haun-online.de (Dirk Haun)
Date: Sat, 28 Feb 2004 15:28:34 +0100
Subject: [geeklog-devel] geeklog.net updated
Message-ID: <20040228142835.1082@smtp.haun-online.de>
geeklog.net is now running on the latest CVS version, including Vinny's
recent comment changes. Please report any problems you may come across.
I'm only waiting for Vinny's attempts at fixing a problem with the What's
Related block now and expect 1.3.9rc2 to be ready by tomorrow or Monday.
bye, Dirk
--
http://www.haun-online.de/
http://www.macosx-faq.de/
From dirk at haun-online.de Sat Feb 28 13:12:46 2004
From: dirk at haun-online.de (Dirk Haun)
Date: Sat, 28 Feb 2004 19:12:46 +0100
Subject: [geeklog-devel] How to use COM_applyFilter
In-Reply-To: <403FBD95.4090201@tonybibbs.com>
References: <403FBD95.4090201@tonybibbs.com>
Message-ID: <20040228181246.17381@smtp.haun-online.de>
Tony,
>Specifically plugins/developer.README and docs/plugin.html
>should point to Geeklog coding standards as well as how to prevent
>injection attempts. To that end, Dirk, I assume you will like both of
>those documents to your proposed COM_applyFilter documentation
Those two documents are more or less the same, though. With the
difference that docs/plugin.html is up to date while plugins/
developer.README is not ...
But plugin.html is much too short and basically only lists the API
functions. Ideally, it should be replaced with the Plugin Developer Guide
by Tom and Blaine (which, unfortunately, only describes the API up until
1.3.7). We had a volunteer (Wim Niemans) over in geeklog-devtalk to bring
it up to date, though. We'll see ...
bye, Dirk
--
http://www.haun-online.de/
http://www.macosx-faq.de/
From geeklog at langfamily.ca Sat Feb 28 13:49:10 2004
From: geeklog at langfamily.ca (Blaine Lang)
Date: Sat, 28 Feb 2004 13:49:10 -0500
Subject: [geeklog-devel] geeklog.net updated
References: <20040228142835.1082@smtp.haun-online.de>
Message-ID: <001001c3fe2b$8d4b0a60$650a10ac@XPBL2>
The nested view is working on IE 6 now ok.
I noticed a problem with trying to change the commend view mode for polls.
It won't accept any changes - logged in or anonymous.
Comments in Stories and for the filemgmt Plugin worked ok.
Blaine
----- Original Message -----
From: "Dirk Haun"
To:
Sent: Saturday, February 28, 2004 9:28 AM
Subject: [geeklog-devel] geeklog.net updated
> geeklog.net is now running on the latest CVS version, including Vinny's
> recent comment changes. Please report any problems you may come across.
>
> I'm only waiting for Vinny's attempts at fixing a problem with the What's
> Related block now and expect 1.3.9rc2 to be ready by tomorrow or Monday.
>
> bye, Dirk
>
>
> --
> http://www.haun-online.de/
> http://www.macosx-faq.de/
>
> _______________________________________________
> geeklog-devel mailing list
> geeklog-devel at lists.geeklog.net
> http://lists.geeklog.net/listinfo/geeklog-devel
From dirk at haun-online.de Sat Feb 28 16:45:20 2004
From: dirk at haun-online.de (Dirk Haun)
Date: Sat, 28 Feb 2004 22:45:20 +0100
Subject: [geeklog-devel] geeklog.net updated
In-Reply-To: <001001c3fe2b$8d4b0a60$650a10ac@XPBL2>
References: <001001c3fe2b$8d4b0a60$650a10ac@XPBL2>
Message-ID: <20040228214520.32335@smtp.haun-online.de>
Blaine,
>I noticed a problem with trying to change the commend view mode for polls.
>It won't accept any changes - logged in or anonymous.
Vinny and myself did a little "live" debugging on geeklog.net :-) It
should work now. Any other comment problems, anyone?
bye, Dirk
--
http://www.haun-online.de/
http://www.haun.info/