From devel at portalparts.com Sat Dec 1 13:20:11 2007 From: devel at portalparts.com (Blaine Lang) Date: Sat, 01 Dec 2007 13:20:11 -0500 Subject: [geeklog-devel] WebServices Atom testing with Livewriter - object reference not set to an instance of an object - Error. In-Reply-To: <4749DD35.40105@portalparts.com> References: <20071118220303.1026980301@smtp.haun-online.de> <200711240747.44162@aiq.qnet> <4749A11A.30800@portalparts.com> <200711251416.23926@aiq.qnet> <4749DD35.40105@portalparts.com> Message-ID: <4751A5DB.3030208@portalparts.com> Been trying to get the WebServices in GL 1.5CVS to work on my hosted test site. It was working fine locally but everytime I tried to create the Livewriter account for the remote site, I would get the dreaded "object reference not set to an instance of an object". Un-installing and re-installing livewriter did not change the issue. I had posted one story to the site successfully but then it started with the client object error which was not very helpful. I installed livewriter on another computer this morning and had the same damm object error trying to connect to the remote site. Looking at the one story I had published to the site was nothing un-usual. Deleted it anyways and what do you know - both clients start working again! So hoping this helps others. Blaine From devel at portalparts.com Sat Dec 1 13:29:03 2007 From: devel at portalparts.com (Blaine Lang) Date: Sat, 01 Dec 2007 13:29:03 -0500 Subject: [geeklog-devel] Atom WebServices and Hosted Server Authentication In-Reply-To: <4737542C.4050505@portalparts.com> References: <20071107092906.q377balgkggkokcc@webmail.df.eu> <4733BF03.4000509@portalparts .com> <4733D005.7060309@portalparts.com> <20071109065858.416815719@smtp.haun-onlin e.de> <47347554.1010502@portalparts.com> <20071109184525.211276617@smtp.haun-online.de> <473524DC.8030601@portalparts.com> <20071110075400.681322822@smtp.haun-online.de> <4735CA46.3080500@portalparts.com> <47374B04.5040108@portalparts.com> <4737542C.4050505@portalparts.com> Message-ID: <4751A7EF.6040802@portalparts.com> On my hosted server, I was not seeing the variable $_SERVER['PHP_AUTH_USER'] set. Server Environment is PHP 5.2.4 on Linux. Server PHP API is reporting CGI/FastCGI Doing some googling, I found the following .htaccess fix to pass in the authentication credentials <<>> RewriteEngine on RewriteRule .* - [E=REMOTE_USER:%{HTTP:Authorization},L] RewriteCond %{HTTP:Authorization} username=\"([^\"]+)\" <<.>> I then had to modify system/lib-webservices WS_authenticate function to test for $_SERVER['REMOTE_USER'] if (isset($_SERVER['PHP_AUTH_USER'])) { $username = $_SERVER['PHP_AUTH_USER']; $password = $_SERVER['PHP_AUTH_PW']; $status = SEC_authenticate($username, $password, $uid); } elseif (!empty($_SERVER['REMOTE_USER'])) { /* PHP installed as CGI may not have access to authorization headers of * Apache. In that case, use .htaccess to store the auth header as a * request variable called gl_auth_digest */ list($auth_type, $auth_data) = explode(' ', $_SERVER['REMOTE_USER']); list($username, $password) = explode(':', base64_decode($auth_data)); $status = SEC_authenticate($username, $password, $uid); } else { return; } Ramnath, I noticed you were testing for $_REQUEST['gl_auth_header'] - how would this variable be set? You may have wanted to use a similar .htaccess mod but then be setting $_REQUEST['gl_auth_header'] instead of $_SERVER['REMOTE_USER'] Please advise. Regards, Blaine From casual.dodo at gmail.com Sat Dec 1 13:55:01 2007 From: casual.dodo at gmail.com (Ramnath R Iyer) Date: Sat, 1 Dec 2007 13:55:01 -0500 Subject: [geeklog-devel] Atom WebServices and Hosted Server Authentication In-Reply-To: <4751A7EF.6040802@portalparts.com> References: <20071107092906.q377balgkggkokcc@webmail.df.eu> <4737542C.4050505@portalparts.com> <4751A7EF.6040802@portalparts.com> Message-ID: <200712011355.12853@aiq.qnet> Hi, First - is the problem fixed? You're right; when I wrote this part of the code, I realized there would be a problem with PHP running as a CGI script, but since I was working with a PHP as an Apache module, I could not implement a solution then. What you have done is precisely what I had in mind, except that I assumed that the .htaccess file would set $_REQUEST['gl_auth_digest'] instead of $_SERVER['REMOTE_USER']. Thanks, -- Ramnath R Iyer On Saturday 01 December 2007 13:29:03 Blaine Lang wrote: > On my hosted server, I was not seeing the variable > $_SERVER['PHP_AUTH_USER'] set. > > Server Environment is PHP 5.2.4 on Linux. Server PHP API is reporting > CGI/FastCGI > > Doing some googling, I found the following .htaccess fix to pass in the > authentication credentials > <<>> > RewriteEngine on > RewriteRule .* - [E=REMOTE_USER:%{HTTP:Authorization},L] > RewriteCond %{HTTP:Authorization} username=\"([^\"]+)\" > <<.>> > > I then had to modify system/lib-webservices WS_authenticate function to > test for $_SERVER['REMOTE_USER'] > > if (isset($_SERVER['PHP_AUTH_USER'])) { > $username = $_SERVER['PHP_AUTH_USER']; > $password = $_SERVER['PHP_AUTH_PW']; > > $status = SEC_authenticate($username, $password, $uid); > } elseif (!empty($_SERVER['REMOTE_USER'])) { > /* PHP installed as CGI may not have access to authorization > headers of > * Apache. In that case, use .htaccess to store the auth header as > a * request variable called gl_auth_digest > */ > list($auth_type, $auth_data) = explode(' ', > $_SERVER['REMOTE_USER']); > list($username, $password) = explode(':', > base64_decode($auth_data)); > $status = SEC_authenticate($username, $password, $uid); > } else { > return; > } > > Ramnath, I noticed you were testing for $_REQUEST['gl_auth_header'] - > how would this variable be set? > You may have wanted to use a similar .htaccess mod but then be setting > $_REQUEST['gl_auth_header'] instead of $_SERVER['REMOTE_USER'] > > Please advise. > > Regards, > Blaine > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://eight.pairlist.net/mailman/listinfo/geeklog-devel -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part. URL: From casual.dodo at gmail.com Sat Dec 1 13:58:13 2007 From: casual.dodo at gmail.com (Ramnath R Iyer) Date: Sat, 1 Dec 2007 13:58:13 -0500 Subject: [geeklog-devel] Atom WebServices and Hosted Server Authentication In-Reply-To: <200712011355.12853@aiq.qnet> References: <20071107092906.q377balgkggkokcc@webmail.df.eu> <4751A7EF.6040802@portalparts.com> <200712011355.12853@aiq.qnet> Message-ID: <200712011358.16733@aiq.qnet> On Saturday 01 December 2007 13:55:01 you wrote: > I assumed that the .htaccess file would set $_REQUEST['gl_auth_digest'] > instead of $_SERVER['REMOTE_USER']. I meant gl_auth_header. Anyway, how do we tell a user facing this situation to modify .htaccess? -- Ramnath R Iyer -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part. URL: From casual.dodo at gmail.com Sat Dec 1 14:21:32 2007 From: casual.dodo at gmail.com (Ramnath R Iyer) Date: Sat, 1 Dec 2007 14:21:32 -0500 Subject: [geeklog-devel] Atom WebServices and Hosted Server Authentication In-Reply-To: <4751A7EF.6040802@portalparts.com> References: <20071107092906.q377balgkggkokcc@webmail.df.eu> <4737542C.4050505@portalparts.com> <4751A7EF.6040802@portalparts.com> Message-ID: <200712011421.35734@aiq.qnet> Hi, I have changed $_REQUEST['gl_auth_header'] to $_SERVER['REMOTE_USER'], and added the .htaccess fix to the Webservices documentation at - http://wiki.geeklog.net/wiki/index.php/Webservices_API#Authentication Blaine, could you confirm the CVS version now works? Thanks, -- Ramnath R Iyer On Saturday 01 December 2007 13:29:03 Blaine Lang wrote: > On my hosted server, I was not seeing the variable > $_SERVER['PHP_AUTH_USER'] set. > > Server Environment is PHP 5.2.4 on Linux. Server PHP API is reporting > CGI/FastCGI > > Doing some googling, I found the following .htaccess fix to pass in the > authentication credentials > <<>> > RewriteEngine on > RewriteRule .* - [E=REMOTE_USER:%{HTTP:Authorization},L] > RewriteCond %{HTTP:Authorization} username=\"([^\"]+)\" > <<.>> > > I then had to modify system/lib-webservices WS_authenticate function to > test for $_SERVER['REMOTE_USER'] > > if (isset($_SERVER['PHP_AUTH_USER'])) { > $username = $_SERVER['PHP_AUTH_USER']; > $password = $_SERVER['PHP_AUTH_PW']; > > $status = SEC_authenticate($username, $password, $uid); > } elseif (!empty($_SERVER['REMOTE_USER'])) { > /* PHP installed as CGI may not have access to authorization > headers of > * Apache. In that case, use .htaccess to store the auth header as > a * request variable called gl_auth_digest > */ > list($auth_type, $auth_data) = explode(' ', > $_SERVER['REMOTE_USER']); > list($username, $password) = explode(':', > base64_decode($auth_data)); > $status = SEC_authenticate($username, $password, $uid); > } else { > return; > } > > Ramnath, I noticed you were testing for $_REQUEST['gl_auth_header'] - > how would this variable be set? > You may have wanted to use a similar .htaccess mod but then be setting > $_REQUEST['gl_auth_header'] instead of $_SERVER['REMOTE_USER'] > > Please advise. > > Regards, > Blaine > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://eight.pairlist.net/mailman/listinfo/geeklog-devel -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part. URL: From devel at portalparts.com Sat Dec 1 14:41:31 2007 From: devel at portalparts.com (Blaine Lang) Date: Sat, 01 Dec 2007 14:41:31 -0500 Subject: [geeklog-devel] Atom WebServices and Hosted Server Authentication In-Reply-To: <200712011355.12853@aiq.qnet> References: <20071107092906.q377balgkggkokcc@webmail.df.eu> <4737542C.4050505@portalparts.com> <4751A7EF.6040802@portalparts.com> <200712011355.12853@aiq.qnet> Message-ID: <4751B8EB.40300@portalparts.com> Ramnath R Iyer wrote: > First - is the problem fixed? Yes, with the mods that I have put in place. How were you going to set $_REQUEST['gl_auth_digest']? What we need now is to finalize which variable to test for and document the .htaccess requirement. I did not want to commit the change to lib-webservices without your input. Blaine From casual.dodo at gmail.com Sat Dec 1 15:22:04 2007 From: casual.dodo at gmail.com (Ramnath R Iyer) Date: Sat, 1 Dec 2007 15:22:04 -0500 Subject: [geeklog-devel] =?iso-8859-1?q?Atom_WebServices_and_Hosted_Server?= =?iso-8859-1?q?=09Authentication?= In-Reply-To: <4751B8EB.40300@portalparts.com> References: <20071107092906.q377balgkggkokcc@webmail.df.eu> <200712011355.12853@aiq.qnet> <4751B8EB.40300@portalparts.com> Message-ID: <200712011522.07936@aiq.qnet> On Saturday 01 December 2007 14:41:31 Blaine Lang wrote: > How were you going to set $_REQUEST['gl_auth_digest']? The same way that you set $_SERVER['REMOTE_USER']; I did not go into the details of the htaccess configuration required. > What we need now is to finalize which variable to test for and document > the .htaccess requirement. Any variable that does not carry useful information already. There is no significance attached to this variable otherwise, because it will never be used by GL once the credentials have been passed to PHP. I recommend using $_SERVER[] rather than $_REQUEST[], because somebody might want to use as a GET or POST variable name. REMOTE_USER is not a reserved variable (according to http://us.php.net/reserved.variables) so this seems to be the right thing to use. -- Ramnath R Iyer -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part. URL: From devel at portalparts.com Sat Dec 1 16:30:54 2007 From: devel at portalparts.com (Blaine Lang) Date: Sat, 01 Dec 2007 16:30:54 -0500 Subject: [geeklog-devel] Atom WebServices and Hosted Server Authentication In-Reply-To: <200712011421.35734@aiq.qnet> References: <20071107092906.q377balgkggkokcc@webmail.df.eu> <4737542C.4050505@portalparts.com> <4751A7EF.6040802@portalparts.com> <200712011421.35734@aiq.qnet> Message-ID: <4751D28E.20900@portalparts.com> Ramnath R Iyer wrote: >Blaine, could you confirm the CVS version now works? I can confirm Latest CVS version worked fine and authenticated. I don't know if it's LiveWriter or something it's expecting from the W/S but if I try to get too fancy with the content, I get client errors again that like NULL Reference and more non-useable messages and only thing that can be done is to delete the story. Using basic text - have not seen an issue. Using tables or an image (Root login with skip filter on). It will upload the image and display it - same goes for a table. It's after that while editing that it will all of a sudden start having an issue and that's it your done. Blaine From dirk at haun-online.de Sun Dec 9 15:29:10 2007 From: dirk at haun-online.de (Dirk Haun) Date: Sun, 9 Dec 2007 21:29:10 +0100 Subject: [geeklog-devel] [geeklog-cvs] Geeklog-1.x/system/classes config.class.php, 1.6, 1.7 In-Reply-To: <20071201212022.3F94610FE14@qs1489.pair.com> References: <20071201212022.3F94610FE14@qs1489.pair.com> Message-ID: <20071209202910.851111461@smtp.haun-online.de> Blaine Lang wrote: >Log Message: >Change to now show the leftblocks and give UI full screen - did not see >anyway to easily reduce the number of subgroup tabs and it does not look >good when the navbar wraps. May need a way to get back to the main page >easily. I think we should at least have the standard "Admin Home" link on that page somewhere. bye, Dirk -- http://www.geeklog.net/ http://geeklog.info/ From geiss at midnightforce.com Thu Dec 13 16:14:01 2007 From: geiss at midnightforce.com (=MF=Geiss) Date: Thu, 13 Dec 2007 14:14:01 -0700 Subject: [geeklog-devel] Theme update In-Reply-To: <20071209222103.1177545314@smtp.haun-online.de> References: <475760BC.6020106@familycorner.us> <20071209222103.1177545314@smtp.haun-online.de> Message-ID: <4761A099.6030706@midnightforce.com> Hi all, Dirk wrote me a few days ago, and I though it would be valuable to post that conversation here. I've been working on the Nouveau theme (since Mark and I got the Chameleon plugin out the door), and have decided to update everyone on progress. I know this theme has bounced around a little bit (rounded corners, then no rounded corners - which became Chameleon - and now back to rounded corners. etc. :-) but I am happy with where it is now and want to know everyone's thoughts at this point. Please take a look at http://geiss.getmyip.com/gl15x/ (It should be working now Dirk, as I got my new router in place. :-) Thx! Eric Dirk Haun wrote: > Eric, > > >> Right now I have it running at http://geiss.getmyip.com/gl15x/ and have >> a couple of questions for you. >> > > This URL hasn't been working for me all weekend, so I can't really comment. > > > >> What do you have in mind for a time frame for releasing the first RC? >> > > Well, I had "end of November" in mind for a first beta (not RC) - and we > all know how that worked out. And we still have a few quite substantial > issues to resolve, so I'm not even trying to make a guesstimate ... > > > >> What else do you need done on my end to make things happen? >> > > The last time we discussed the new theme, I mentioned that I/we weren't > really willing to drop the Professional theme and aren't willing to ship > two themes either. This hasn't changed. > > However, I'd hate to waste all the time and effort you put into this. So > I'd say we make Nouveau the new default theme of geeklog.net once 1.5 > hits its first RC milestone (not for the beta, so that we can spot any > glaring issues in Professional). And since that will lead to a lot of > people asking for the theme, we could give it a prominent spot in the > download area, e.g. right next to the official Geeklog tarball. > > How does that sound? > > bye, Dirk > > > From dirk at haun-online.de Sat Dec 15 05:22:32 2007 From: dirk at haun-online.de (Dirk Haun) Date: Sat, 15 Dec 2007 11:22:32 +0100 Subject: [geeklog-devel] Blocking those inclusion attempts Message-ID: <20071215102232.911563677@smtp.haun-online.de> Does anyone see a problem with a .htaccess rule like this? RewriteEngine On RewriteCond %{THE_REQUEST} http: RewriteRule .* - [L,F] This would block all requests that contain "http:" in the URL. It's aimed at the script kiddies' standard inclusion attempts, e.g. 65.92.189.139 - - [15/Dec/2007:05:15:21 -0500] "GET /forum/viewtopic.php? showtopic=http://laudanskisucksss.chat.ru/placeholder/image? HTTP/1.1" 403 26 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)" Blocking the libwww-perl user agent used to help against most of these, but the majority are now coming with faked UA strings of popular browsers, so I had to come up with something else. It doesn't block the search for URLs, since the colon is escaped there: .../search.php?query=http%3A%2F%2Fproject.geeklog.net&type=... So that's fine. Are there any other legit requests that anyone can think of that contain "http:"? bye, Dirk -- http://www.haun-online.de/ http://geeklog.info/ From casual.dodo at gmail.com Sat Dec 15 07:52:36 2007 From: casual.dodo at gmail.com (Ramnath R Iyer) Date: Sat, 15 Dec 2007 07:52:36 -0500 Subject: [geeklog-devel] Blocking those inclusion attempts In-Reply-To: <20071215102232.911563677@smtp.haun-online.de> References: <20071215102232.911563677@smtp.haun-online.de> Message-ID: <200712150752.41666@aiq.qnet> On Saturday 15 December 2007 05:22:32 Dirk Haun wrote: > Does anyone see a problem with a .htaccess rule like this? > > RewriteEngine On > RewriteCond %{THE_REQUEST} http: > RewriteRule .* - [L,F] > > This would block all requests that contain "http:" in the URL. It's > aimed at the script kiddies' standard inclusion attempts, e.g. Wouldn't this also block something like - GET http://www.geeklog.net/forum/index.php HTTP/1.1 HTTP v1.1 allows complete URIs to be specified in the request line. -- Ramnath R Iyer -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part. URL: From dirk at haun-online.de Sat Dec 15 08:36:14 2007 From: dirk at haun-online.de (Dirk Haun) Date: Sat, 15 Dec 2007 14:36:14 +0100 Subject: [geeklog-devel] Blocking those inclusion attempts In-Reply-To: <200712150752.41666@aiq.qnet> References: <20071215102232.911563677@smtp.haun-online.de> <200712150752.41666@aiq.qnet> Message-ID: <20071215133614.1893935454@smtp.haun-online.de> Ramnath R Iyer wrote: >Wouldn't this also block something like - > >GET http://www.geeklog.net/forum/index.php HTTP/1.1 Yes, it would. >HTTP v1.1 allows complete URIs to be specified in the request line. It does? [checks RFC 2616] Oops ... I've seen those on occasion but always assumed they were from some broken UA and/or shady part of the net (and they usually were). Hence: --- snip --- # anything that can't event talk HTTP properly should be blocked right away ... RewriteCond %{THE_REQUEST} "^GET http" [OR] RewriteCond %{REQUEST_URI} ^http [OR] --- snip --- (from the geeklog.net .htaccess) First hit for such a request in today's access.log, for example: --- snip --- 87.118.118.209 - - [15/Dec/2007:00:04:32 -0500] "GET http:// www.geeklog.net/ HTTP/1.0" 403 14 "http://www.geeklog.net/forum/ createtopic.php?method=newtopic&forum=4%2B%255B0,35044,2570%255D%2B-%253E %2B%255BN%255D%2BPOST%2Bhttp://www.geeklog.net/forum/createtopic.php%2B %255B0,0,45880%255D" "Mozilla/2.0 compatible; Check&Get 1.14 (Windows NT)" --- snip --- I could write a lengthy blog post about that single request alone, starting with the IP address it's coming from[1] ... Anyway, back on topic: So even if they are rare, it looks like my suggested rewrite rule could potentially block legit requests. Can someone suggest an improvement? What's the regexp for "contains, but does not start with http:"? bye, Dirk [1] -- http://www.haun-online.de/ http://geeklog.info/ From dirk at haun-online.de Sat Dec 15 09:34:17 2007 From: dirk at haun-online.de (Dirk Haun) Date: Sat, 15 Dec 2007 15:34:17 +0100 Subject: [geeklog-devel] Blocking those inclusion attempts In-Reply-To: <200712150752.41666@aiq.qnet> References: <20071215102232.911563677@smtp.haun-online.de> <200712150752.41666@aiq.qnet> Message-ID: <20071215143417.1111832844@smtp.haun-online.de> Ramnath R Iyer wrote: >HTTP v1.1 allows complete URIs to be specified in the request line. Just to throw some numbers into the discussion: In the last 9:30 hours, geeklog.net served more than 28000 requests. 10000 of those were inclusion attempts. 5 requests used a GET with a complete URI ... bye, Dirk -- http://www.haun-online.de/ http://geeklog.info/ From cweiske at cweiske.de Sat Dec 15 09:43:38 2007 From: cweiske at cweiske.de (Christian Weiske) Date: Sat, 15 Dec 2007 15:43:38 +0100 Subject: [geeklog-devel] Blocking those inclusion attempts In-Reply-To: <20071215143417.1111832844@smtp.haun-online.de> References: <20071215102232.911563677@smtp.haun-online.de> <200712150752.41666@aiq.qnet> <20071215143417.1111832844@smtp.haun-online.de> Message-ID: <20071215154338.102b5417@bogo.home.cweiske.de> Dirk, > >HTTP v1.1 allows complete URIs to be specified in the request line. > Just to throw some numbers into the discussion: > In the last 9:30 hours, geeklog.net served more than 28000 requests. > 10000 of those were inclusion attempts. 5 requests used a GET with a > complete URI ... Violating the specs is never a good idea. Especially if there is an easy way to prevent this by using a "!http://geeklog.net" rewrite condition. -- Regards/Mit freundlichen Gr??en Christian Weiske -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From casual.dodo at gmail.com Sat Dec 15 10:27:05 2007 From: casual.dodo at gmail.com (Ramnath R Iyer) Date: Sat, 15 Dec 2007 10:27:05 -0500 Subject: [geeklog-devel] Blocking those inclusion attempts In-Reply-To: <20071215133614.1893935454@smtp.haun-online.de> References: <20071215102232.911563677@smtp.haun-online.de> <200712150752.41666@aiq.qnet> <20071215133614.1893935454@smtp.haun-online.de> Message-ID: <200712151027.08760@aiq.qnet> > Can someone suggest an improvement? What's the regexp for "contains, but > does not start with http:"? I think you would want something like: ^.+http: Starts with one or more characters, and is followed by http: I haven't tested this though. -- Ramnath R Iyer -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part. URL: From dirk at haun-online.de Sat Dec 15 12:17:31 2007 From: dirk at haun-online.de (Dirk Haun) Date: Sat, 15 Dec 2007 18:17:31 +0100 Subject: [geeklog-devel] Blocking those inclusion attempts In-Reply-To: <200712151027.08760@aiq.qnet> References: <20071215102232.911563677@smtp.haun-online.de> <200712150752.41666@aiq.qnet> <20071215133614.1893935454@smtp.haun-online.de> <200712151027.08760@aiq.qnet> Message-ID: <20071215171731.250409493@smtp.haun-online.de> Ramnath R Iyer wrote: >I think you would want something like: > >^.+http: > >Starts with one or more characters, and is followed by http: Looks good, thanks. You only need to use QUERY_STRING then, since THE_REQUEST contains the entire request, including the GET. So: RewriteEngine On RewriteCond %{QUERY_STRING} ^.+http: RewriteRule .* - [L,F] That seems to work as expected and shouldn't block requests with complete URIs any more (I've removed those .htaccess rules). It's up on geeklog.net now. Let me know if anyone is running into problems with unexpected "Access denied" messages. bye, Dirk -- http://www.haun-online.de/ http://geeklog.info/ From dirk at haun-online.de Sat Dec 15 12:20:36 2007 From: dirk at haun-online.de (Dirk Haun) Date: Sat, 15 Dec 2007 18:20:36 +0100 Subject: [geeklog-devel] Blocking those inclusion attempts In-Reply-To: <20071215154338.102b5417@bogo.home.cweiske.de> References: <20071215102232.911563677@smtp.haun-online.de> <200712150752.41666@aiq.qnet> <20071215143417.1111832844@smtp.haun-online.de> <20071215154338.102b5417@bogo.home.cweiske.de> Message-ID: <20071215172036.437118456@smtp.haun-online.de> Christian Weiske wrote: >Violating the specs is never a good idea. Well, yeah. I can't remember how long those .htaccess rules have been there now. I haven't heard any complaints, but that doesn't mean anything of course. >Especially if there is an >easy way to prevent this by using a "!http://geeklog.net" rewrite >condition. I was looking for a simple "copy&paste" solution that we can recommend to our users. If it needs two rules it's already too complicated. bye, Dirk -- http://www.haun-online.de/ http://spam.tinyweb.net/ From geiss at midnightforce.com Tue Dec 18 22:01:29 2007 From: geiss at midnightforce.com (=MF=Geiss) Date: Tue, 18 Dec 2007 20:01:29 -0700 Subject: [geeklog-devel] Config page validation errors Message-ID: <47688989.8040800@midnightforce.com> Hi all, While validating my theme I came across the following issue (among others)... In system/classes/config.class.php on line 437 the onClick needs to be changed to all lowercase like this: "(X)"); Can someone with CVS commit rights please make that change? Thanks in advance! :-) Also, there are a handful of errors due to using an "id" more than once. This should be switched to "class" since the selector is used repeatedly in the markup. Of course the corresponding style.css "#" will need to be changed to ".", or at least duplicated as such, if it is used elsewhere appropriately as an "id". There are also some changes that needed to be made in the configuration.thtml and config_element.thtml files to be compliant. Col end tags, etc. I haven't received any feedback on the nouveau theme from anyone. I'm not sure if it is because everyone is busy, or because people have stopped caring. At any rate, it is available in an SVN repository at http://geiss.getmyip.com:81/svn/nouveau/trunk. Read only login/password is everyone/everyone. Thx! Eric From WebSiteMaster at cogeco.net Tue Dec 18 22:20:46 2007 From: WebSiteMaster at cogeco.net (Web Site Master) Date: Tue, 18 Dec 2007 22:20:46 -0500 Subject: [geeklog-devel] Config page validation errors In-Reply-To: <47688989.8040800@midnightforce.com> References: <47688989.8040800@midnightforce.com> Message-ID: <49D5440E454A41D6B853B7E29697EC5C@PC1> I think everyone is busy ;-) I really like the new theme, the only thing I am not sure on is the color choice for the background of the titles on pages like Site Statistics. It seems a little off when comparing it to the blue of the logo (to much grey in it??) I think it will be a good choice for the default theme for geeklog.net (this was mentioned in a previous post). It feels more modern to me than the professional theme. The only issues I see there is that the Forum css would have to be updated to match a bit better and a new icon set for the topics and maybe the forum as well would help. Tom -----Original Message----- From: geeklog-devel-bounces at lists.geeklog.net [mailto:geeklog-devel-bounces at lists.geeklog.net] On Behalf Of =MF=Geiss Sent: December-18-07 10:01 PM To: Geeklog Development Subject: [geeklog-devel] Config page validation errors Hi all, While validating my theme I came across the following issue (among others)... In system/classes/config.class.php on line 437 the onClick needs to be changed to all lowercase like this: "(X)"); Can someone with CVS commit rights please make that change? Thanks in advance! :-) Also, there are a handful of errors due to using an "id" more than once. This should be switched to "class" since the selector is used repeatedly in the markup. Of course the corresponding style.css "#" will need to be changed to ".", or at least duplicated as such, if it is used elsewhere appropriately as an "id". There are also some changes that needed to be made in the configuration.thtml and config_element.thtml files to be compliant. Col end tags, etc. I haven't received any feedback on the nouveau theme from anyone. I'm not sure if it is because everyone is busy, or because people have stopped caring. At any rate, it is available in an SVN repository at http://geiss.getmyip.com:81/svn/nouveau/trunk. Read only login/password is everyone/everyone. Thx! Eric _______________________________________________ geeklog-devel mailing list geeklog-devel at lists.geeklog.net http://eight.pairlist.net/mailman/listinfo/geeklog-devel __________ NOD32 2732 (20071219) Information __________ This message was checked by NOD32 antivirus system. http://www.eset.com From geiss at midnightforce.com Tue Dec 18 23:18:51 2007 From: geiss at midnightforce.com (=MF=Geiss) Date: Tue, 18 Dec 2007 21:18:51 -0700 Subject: [geeklog-devel] Config page validation errors In-Reply-To: <49D5440E454A41D6B853B7E29697EC5C@PC1> References: <47688989.8040800@midnightforce.com> <49D5440E454A41D6B853B7E29697EC5C@PC1> Message-ID: <47689BAB.3070606@midnightforce.com> Tom, Thanks for the feedback. I appreciate you taking the time to respond. :-) I will look at trying to bring out the color in the th and even rows. I want to try to keep it somewhat neutral (so it doesn't overpower the content), but I agree, it can blend in a little more. I've already created a new topic_gl icon, and can do the same in the future for other icons. At the moment though, as they reside outside the layout/nouveau folder structure, I'm taking a hands off approach. :-) As far as the forum css and stuff goes, it shouldn't be too hard to re-skin. Everything is pretty neutral to begin with, and those blue colors that need adjusting are pretty easy to identify. If Blaine wants to include it, I'm sure I can do it fairly quickly. Thx! Eric Web Site Master wrote: > I think everyone is busy ;-) > > I really like the new theme, the only thing I am not sure on is the color > choice for the background of the titles on pages like Site Statistics. It > seems a little off when comparing it to the blue of the logo (to much grey > in it??) > > I think it will be a good choice for the default theme for geeklog.net (this > was mentioned in a previous post). It feels more modern to me than the > professional theme. The only issues I see there is that the Forum css would > have to be updated to match a bit better and a new icon set for the topics > and maybe the forum as well would help. > > Tom > > > > > -----Original Message----- > From: geeklog-devel-bounces at lists.geeklog.net > [mailto:geeklog-devel-bounces at lists.geeklog.net] On Behalf Of =MF=Geiss > Sent: December-18-07 10:01 PM > To: Geeklog Development > Subject: [geeklog-devel] Config page validation errors > > Hi all, > > While validating my theme I came across the following issue (among > others)... > > In system/classes/config.class.php on line 437 the onClick needs to be > changed to all lowercase like this: > "(X)"); > > Can someone with CVS commit rights please make that change? Thanks in > advance! :-) > > Also, there are a handful of errors due to using an "id" more than once. > This should be switched to "class" since the selector is used repeatedly > in the markup. Of course the corresponding style.css "#" will need to be > changed to ".", or at least duplicated as such, if it is used elsewhere > appropriately as an "id". > > There are also some changes that needed to be made in the > configuration.thtml and config_element.thtml files to be compliant. Col > end tags, etc. > > I haven't received any feedback on the nouveau theme from anyone. I'm > not sure if it is because everyone is busy, or because people have > stopped caring. At any rate, it is available in an SVN repository at > http://geiss.getmyip.com:81/svn/nouveau/trunk. Read only login/password > is everyone/everyone. > > Thx! > > Eric > > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://eight.pairlist.net/mailman/listinfo/geeklog-devel > > __________ NOD32 2732 (20071219) Information __________ > > This message was checked by NOD32 antivirus system. > http://www.eset.com > > > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://eight.pairlist.net/mailman/listinfo/geeklog-devel > > > From mevans at ecsnet.com Thu Dec 20 23:54:26 2007 From: mevans at ecsnet.com (Mark R. Evans) Date: Thu, 20 Dec 2007 22:54:26 -0600 Subject: [geeklog-devel] Calendar bug Message-ID: <001b01c8438d$9064bd30$b12e3790$@com> While doing some testing of the CSS theme code, I ran across a bug in the Calendar plugin for both Geeklog 1.4.1 and 1.5.0. If you add a personal event, the COM_siteFooter() call is not made. Looking at the code (public_html/calendar/index.php) at the bottom you'll see: $display .= COM_siteFooter(); break; } // end switch echo $display; I believe that $display .= COM_siteFooter(); needs to go after the end of the switch. Where $display .= COM_siteFooter(); currently resides is inside the default: option. In the addentry: option you have: case 'addentry': $display .= plugin_submit_calendar($mode); break; so the COM_siteFooter() call is never made for adding entries (personal calendar only). Thanks! Mark From dirk at haun-online.de Fri Dec 21 08:00:56 2007 From: dirk at haun-online.de (Dirk Haun) Date: Fri, 21 Dec 2007 14:00:56 +0100 Subject: [geeklog-devel] Calendar bug In-Reply-To: <001b01c8438d$9064bd30$b12e3790$@com> References: <001b01c8438d$9064bd30$b12e3790$@com> Message-ID: <20071221130056.84251401@smtp.haun-online.de> Mark R. Evans wrote: >I believe that $display .= COM_siteFooter(); needs to go after the end of >the switch. Nope. Several of the other cases already have a COM_siteFooter() call (and would have two then) and some of the others are returning redirects where the COM_siteFooter() is not needed. So I think it should only be added for the 'addentry' case: case 'addentry': $display .= plugin_submit_calendar($mode); $display .= COM_siteFooter(); break; bye, Dirk -- http://www.haun-online.de/ http://spam.tinyweb.net/ From mevans at ecsnet.com Fri Dec 21 08:30:10 2007 From: mevans at ecsnet.com (Mark R. Evans) Date: Fri, 21 Dec 2007 07:30:10 -0600 (CST) Subject: [geeklog-devel] Calendar bug In-Reply-To: <20071221130056.84251401@smtp.haun-online.de> References: <001b01c8438d$9064bd30$b12e3790$@com> <20071221130056.84251401@smtp.haun-online.de> Message-ID: <20071221072751.M59623@kimber.ecsnet.org> Dirk, Yep, you are correct. After looking at the code a little closer, maybe a better overall fix would be to remove the COM_siteFooter() calls from all the case options and simply have one prior to the echo $display. This would be a bit more consistent with how the COM_siteHeader() call is made (only once before the case statement). Looks like either approach will solve the issue which is the important thing. Thanks! Mark On Fri, 21 Dec 2007, Dirk Haun wrote: > Mark R. Evans wrote: > >> I believe that $display .= COM_siteFooter(); needs to go after the end of >> the switch. > > Nope. Several of the other cases already have a COM_siteFooter() call > (and would have two then) and some of the others are returning redirects > where the COM_siteFooter() is not needed. > > So I think it should only be added for the 'addentry' case: > > case 'addentry': > $display .= plugin_submit_calendar($mode); > $display .= COM_siteFooter(); > break; > > bye, Dirk > > > -- > http://www.haun-online.de/ > http://spam.tinyweb.net/ > > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://eight.pairlist.net/mailman/listinfo/geeklog-devel > > From dirk at haun-online.de Fri Dec 21 08:54:03 2007 From: dirk at haun-online.de (Dirk Haun) Date: Fri, 21 Dec 2007 14:54:03 +0100 Subject: [geeklog-devel] Calendar bug In-Reply-To: <20071221072751.M59623@kimber.ecsnet.org> References: <001b01c8438d$9064bd30$b12e3790$@com> <20071221130056.84251401@smtp.haun-online.de> <20071221072751.M59623@kimber.ecsnet.org> Message-ID: <20071221135403.1150366996@smtp.haun-online.de> Mark R. Evans wrote: >After looking at the code a little closer, maybe a >better overall fix would be to remove the COM_siteFooter() calls from all >the case options and simply have one prior to the echo $display. As I said, it's not needed in some cases, e.g. case 'savepersonal': $display = plugin_savesubmission_calendar($_POST); break; This returns HTML for a redirect, so calling COM_siteFooter() isn't necessary. >This >would be a bit more consistent with how the COM_siteHeader() call is made >(only once before the case statement). The code is a bit ... inconsistent there. Well overall, the calendar isn't exactly the most beautiful piece of code I could think of ;-) Thanks for spotting this. Fixed in CVS now. bye, Dirk -- http://www.haun-online.de/ http://spam.tinyweb.net/ From joe at ThrowingDice.com Fri Dec 21 09:31:29 2007 From: joe at ThrowingDice.com (Joe Mucchiello) Date: Fri, 21 Dec 2007 09:31:29 -0500 Subject: [geeklog-devel] Calendar bug In-Reply-To: <20071221135403.1150366996@smtp.haun-online.de> References: <001b01c8438d$9064bd30$b12e3790$@com> <20071221130056.84251401@smtp.haun-online.de> <20071221072751.M59623@kimber.ecsnet.org> <20071221135403.1150366996@smtp.haun-online.de> Message-ID: <0JTE00C3WLOIHBL0@mta1.srv.hcvlny.cv.net> At 08:54 AM 12/21/2007, Dirk Haun wrote: >Mark R. Evans wrote: > >This > >would be a bit more consistent with how the COM_siteHeader() call is made > >(only once before the case statement). > >The code is a bit ... inconsistent there. Well overall, the calendar >isn't exactly the most beautiful piece of code I could think of ;-) Actually index.php is probably the worst file in calendar. It's easy to forget when you are in the "default" case that there's a switch statement at the top. ---- Joe Mucchiello Throwing Dice Games http://www.throwingdice.com From joe at ThrowingDice.com Sun Dec 23 02:20:23 2007 From: joe at ThrowingDice.com (Joe Mucchiello) Date: Sun, 23 Dec 2007 02:20:23 -0500 Subject: [geeklog-devel] Web Services minutia (and some story stuff) In-Reply-To: <0JTE00C3WLOIHBL0@mta1.srv.hcvlny.cv.net> References: <001b01c8438d$9064bd30$b12e3790$@com> <20071221130056.84251401@smtp.haun-online.de> <20071221072751.M59623@kimber.ecsnet.org> <20071221135403.1150366996@smtp.haun-online.de> <0JTE00C3WLOIHBL0@mta1.srv.hcvlny.cv.net> Message-ID: <0JTH00DRJUFHOUG0@mta1.srv.hcvlny.cv.net> Should the Webservices API call COM_hits? Currently COM_hits (or its equivalent) is called in COM_siteFooter but the WS stuff doesn't use the siteHeader/siteFooter calls. Shouldn't service_get_story update the number of hits on the story? Looking at hits of class Story, shouldn't there be a "hit()" function that article.php would call rather than having article.php update the database directly. The benefit of having it in class story is that it could ensure only one hit is registered per system hit: class Story { function hit() { if (!empty($this->_sid) && !$this->_alreadyHit && !$this->_draftFlag) { $this->_alreadyHit = true; // need to default this to false DB_change($_TABLES['stories'], 'hits', 'hits + 1', 'sid', $this->getSid(true), true); $this->_hits = DB_getItem($_TABLES['stories'], 'hits', 'sid = '\'' . $this->getSid(true) .'\''); // in case of simultaneous hits } } } And while I was kicking around in lib-story, shouldn't STORY_extractLinks use the MBYTE_substr here: if ( ( $maxlength > 0 ) && ( MBYTE_strlen( $matches[2][$i] ) > $maxlength ) ) { $matches[2][$i] = substr( $matches[2][$i], 0, $maxlength - 3 ) . '...'; } ---- Joe Mucchiello Throwing Dice Games http://www.throwingdice.com From joe at ThrowingDice.com Sun Dec 23 03:37:31 2007 From: joe at ThrowingDice.com (Joe Mucchiello) Date: Sun, 23 Dec 2007 03:37:31 -0500 Subject: [geeklog-devel] links plugin in CVS In-Reply-To: <7.1.0.9.0.20071223015958.03e08058@ThrowingDice.com> References: <001b01c8438d$9064bd30$b12e3790$@com> <20071221130056.84251401@smtp.haun-online.de> <20071221072751.M59623@kimber.ecsnet.org> <20071221135403.1150366996@smtp.haun-online.de> <0JTE00C3WLOIHBL0@mta1.srv.hcvlny.cv.net> <7.1.0.9.0.20071223015958.03e08058@ThrowingDice.com> Message-ID: <0JTH00BCKUMI5PN0@mta4.srv.hcvlny.cv.net> This is in CVS. The links plugin's functions.inc. It has 3 bugs: function links_get_tid () { global $_TABLES; if (isset($_REQUEST['topic'])) { return $_REQUEST['topic']; } elseif (isset($_REQUEST['topic'])) { // unreachable code return DB_getItem($_TABLES['topics'], 'tid', "topic='{$_REQUEST['topic']}'"); } elseif (isset($_REQUEST['story'])) { return DB_getItem($_TABLES['stories'], 'tid', "sid='{$_REQUEST['story']}'"); // sql injection? } else { return; // inconsistent return type based on usage above. } } ---- Joe Mucchiello Throwing Dice Games http://www.throwingdice.com From dirk at haun-online.de Mon Dec 24 03:45:03 2007 From: dirk at haun-online.de (Dirk Haun) Date: Mon, 24 Dec 2007 09:45:03 +0100 Subject: [geeklog-devel] Web Services minutia (and some story stuff) In-Reply-To: <0JTH00DRJUFHOUG0@mta1.srv.hcvlny.cv.net> References: <001b01c8438d$9064bd30$b12e3790$@com> <20071221130056.84251401@smtp.haun-online.de> <20071221072751.M59623@kimber.ecsnet.org> <20071221135403.1150366996@smtp.haun-online.de> <0JTE00C3WLOIHBL0@mta1.srv.hcvlny.cv.net> <0JTH00DRJUFHOUG0@mta1.srv.hcvlny.cv.net> Message-ID: <20071224084503.1386008689@smtp.haun-online.de> Joe Mucchiello wrote: >Should the Webservices API call COM_hits? Currently COM_hits (or its >equivalent) is called in COM_siteFooter but the WS stuff doesn't use >the siteHeader/siteFooter calls. > >Shouldn't service_get_story update the number of hits on the story? >Looking at hits of class Story, shouldn't there be a "hit()" function I don't think the WS calls should counts as hits. There may be a lot of automated requests for stories during normal usage of the WS. The hits however are meant as a simple view counter (with the usual flaws of such a counter, of course), i.e. how many times a (preferrably human) visitor has seen the article or the site. Having a hits() function in the story class does make sense, though, I think. If only to hide the SQL (like COM_hit does for the "total hits" counter). bye, Dirk -- http://www.haun-online.de/ http://geeklog.info/ From dirk at haun-online.de Mon Dec 24 04:37:05 2007 From: dirk at haun-online.de (Dirk Haun) Date: Mon, 24 Dec 2007 10:37:05 +0100 Subject: [geeklog-devel] links plugin in CVS In-Reply-To: <0JTH00BCKUMI5PN0@mta4.srv.hcvlny.cv.net> References: <001b01c8438d$9064bd30$b12e3790$@com> <20071221130056.84251401@smtp.haun-online.de> <20071221072751.M59623@kimber.ecsnet.org> <20071221135403.1150366996@smtp.haun-online.de> <0JTE00C3WLOIHBL0@mta1.srv.hcvlny.cv.net> <7.1.0.9.0.20071223015958.03e08058@ThrowingDice.com> <0JTH00BCKUMI5PN0@mta4.srv.hcvlny.cv.net> Message-ID: <20071224093705.1366072751@smtp.haun-online.de> Joe Mucchiello wrote: >This is in CVS. The links plugin's functions.inc. It has 3 bugs: I can see another 3, actually. $_REQUEST['topic'] and $_REQUEST['story'] are being used unfiltered in SQL requests. And $_REQUEST['story'] may not be set when 'url_rewrite' is on so the idea of getting the topic ID for the current story won't work. > if (isset($_REQUEST['topic'])) { > return $_REQUEST['topic']; > } elseif (isset($_REQUEST['topic'])) { // unreachable code > return DB_getItem($_TABLES['topics'], >'tid', "topic='{$_REQUEST['topic']}'"); lib-common.php already establishes a global variable $topic (by similar means), so this piece of code may not be necessary at all. COM_siteHeader () also handles the case of the topic ID of the current story and updates the global $topic properly. So if you can make sure you're after a call to COM_siteHeader() you don't even need the entire function. Good catch. That function is well below our usual code quality :-/ bye, Dirk -- http://www.haun-online.de/ http://geeklog.info/ From joe at ThrowingDice.com Tue Dec 25 09:34:23 2007 From: joe at ThrowingDice.com (Joe Mucchiello) Date: Tue, 25 Dec 2007 09:34:23 -0500 Subject: [geeklog-devel] Web Services minutia (and some story stuff) In-Reply-To: <20071224084503.1386008689@smtp.haun-online.de> References: <001b01c8438d$9064bd30$b12e3790$@com> <20071221130056.84251401@smtp.haun-online.de> <20071221072751.M59623@kimber.ecsnet.org> <20071221135403.1150366996@smtp.haun-online.de> <0JTE00C3WLOIHBL0@mta1.srv.hcvlny.cv.net> <0JTH00DRJUFHOUG0@mta1.srv.hcvlny.cv.net> <20071224084503.1386008689@smtp.haun-online.de> Message-ID: <0JTM005PF0HIB8V0@mta2.srv.hcvlny.cv.net> At 03:45 AM 12/24/2007, Dirk Haun wrote: >Having a hits() function in the story class does make sense, though, I >think. If only to hide the SQL (like COM_hit does for the "total hits" >counter). Except that COM_hit is not called by COM_siteFooter. It does the SQL directly. So anyone writing a theme override of siteFooter probably doesn't call it either. I couldn't find any calls to COM_hit. ---- Joe Mucchiello Throwing Dice Games http://www.throwingdice.com From dirk at haun-online.de Fri Dec 28 11:09:35 2007 From: dirk at haun-online.de (Dirk Haun) Date: Fri, 28 Dec 2007 17:09:35 +0100 Subject: [geeklog-devel] Web Services minutia (and some story stuff) In-Reply-To: <0JTM005PF0HIB8V0@mta2.srv.hcvlny.cv.net> References: <001b01c8438d$9064bd30$b12e3790$@com> <20071221130056.84251401@smtp.haun-online.de> <20071221072751.M59623@kimber.ecsnet.org> <20071221135403.1150366996@smtp.haun-online.de> <0JTE00C3WLOIHBL0@mta1.srv.hcvlny.cv.net> <0JTH00DRJUFHOUG0@mta1.srv.hcvlny.cv.net> <20071224084503.1386008689@smtp.haun-online.de> <0JTM005PF0HIB8V0@mta2.srv.hcvlny.cv.net> Message-ID: <20071228160935.996410667@smtp.haun-online.de> Joe Mucchiello wrote: >So anyone writing a theme override of siteFooter probably >doesn't call it either. Hmm. So how many themes even use the COM_siteFooter override? And how many of those do count the hits? Anyone want to venture a guess? Sounds like it would be safe to call COM_hit (now that we're really using it ...) before calling a theme-provided siteFooter function. bye, Dirk -- http://www.geeklog.net/ http://geeklog.info/ From joe at ThrowingDice.com Sat Dec 29 03:35:59 2007 From: joe at ThrowingDice.com (Joe Mucchiello) Date: Sat, 29 Dec 2007 03:35:59 -0500 Subject: [geeklog-devel] COM_isAnonUser In-Reply-To: <20071228160935.996410667@smtp.haun-online.de> References: <001b01c8438d$9064bd30$b12e3790$@com> <20071221130056.84251401@smtp.haun-online.de> <20071221072751.M59623@kimber.ecsnet.org> <20071221135403.1150366996@smtp.haun-online.de> <0JTE00C3WLOIHBL0@mta1.srv.hcvlny.cv.net> <0JTH00DRJUFHOUG0@mta1.srv.hcvlny.cv.net> <20071224084503.1386008689@smtp.haun-online.de> <0JTM005PF0HIB8V0@mta2.srv.hcvlny.cv.net> <20071228160935.996410667@smtp.haun-online.de> Message-ID: <0JTS00LXIYKCOIP0@mta2.srv.hcvlny.cv.net> The 'if' at the end of this function is insufficient. It should also make sure the $uid is positive. Likewise, the if !empty redundant if the comparison is made $uid <= 1. I've also updated the rest of the function to follow the coding guidelines. /** * Checks to see if a specified user, or the current user if non-specified * is the anonymous user. * * @param int $uid ID of the user to check, or none for the current user. * @return boolean true if the user is the anonymous user. */ function COM_isAnonUser($uid = '') { global $_USER; /* If no user was specified, fail over to the current user if there is one */ if (empty($uid) && isset( $_USER['uid'])) { $uid = $_USER['uid']; } return $uid <= 1; } ---- Joe Mucchiello Throwing Dice Games http://www.throwingdice.com From dirk at haun-online.de Sat Dec 29 09:50:06 2007 From: dirk at haun-online.de (Dirk Haun) Date: Sat, 29 Dec 2007 15:50:06 +0100 Subject: [geeklog-devel] COM_isAnonUser In-Reply-To: <0JTS00LXIYKCOIP0@mta2.srv.hcvlny.cv.net> References: <001b01c8438d$9064bd30$b12e3790$@com> <20071221130056.84251401@smtp.haun-online.de> <20071221072751.M59623@kimber.ecsnet.org> <20071221135403.1150366996@smtp.haun-online.de> <0JTE00C3WLOIHBL0@mta1.srv.hcvlny.cv.net> <0JTH00DRJUFHOUG0@mta1.srv.hcvlny.cv.net> <20071224084503.1386008689@smtp.haun-online.de> <0JTM005PF0HIB8V0@mta2.srv.hcvlny.cv.net> <20071228160935.996410667@smtp.haun-online.de> <0JTS00LXIYKCOIP0@mta2.srv.hcvlny.cv.net> Message-ID: <20071229145006.1431156500@smtp.haun-online.de> Joe Mucchiello wrote: > return $uid <= 1; Calling COM_isAnonUser() when $_USER['uid'] is not set would result in this comparing '' <= 1 which is a little odd. There is some redundant code in that function, but some of it is necessary. bye, Dirk -- http://www.geeklog.net/ http://geeklog.info/ From joe at ThrowingDice.com Sat Dec 29 10:20:53 2007 From: joe at ThrowingDice.com (Joe Mucchiello) Date: Sat, 29 Dec 2007 10:20:53 -0500 Subject: [geeklog-devel] COM_isAnonUser In-Reply-To: <20071229145006.1431156500@smtp.haun-online.de> References: <001b01c8438d$9064bd30$b12e3790$@com> <20071221130056.84251401@smtp.haun-online.de> <20071221072751.M59623@kimber.ecsnet.org> <20071221135403.1150366996@smtp.haun-online.de> <0JTE00C3WLOIHBL0@mta1.srv.hcvlny.cv.net> <0JTH00DRJUFHOUG0@mta1.srv.hcvlny.cv.net> <20071224084503.1386008689@smtp.haun-online.de> <0JTM005PF0HIB8V0@mta2.srv.hcvlny.cv.net> <20071228160935.996410667@smtp.haun-online.de> <0JTS00LXIYKCOIP0@mta2.srv.hcvlny.cv.net> <20071229145006.1431156500@smtp.haun-online.de> Message-ID: <0JTT000E8HB777R0@mta2.srv.hcvlny.cv.net> At 09:50 AM 12/29/2007, you wrote: >Joe Mucchiello wrote: > > > return $uid <= 1; > >Calling COM_isAnonUser() when $_USER['uid'] is not set would result in >this comparing > > '' <= 1 > >which is a little odd. > >There is some redundant code in that function, but some of it is necessary. Arguably it is the default parameter at fault here. $uid is a number and its default should be 0, not ''. PHP is a typeless, interpretted language. string('') <= number(1) is a perfectly valid expression that will always return true because the string will be converted to number before the comparison. Again, it is probably faster to let the Runtime do this conversion than to add interpreter code that says "if (!empty)" in order to avoid "odd", though perfectly valid behavior. ---- Joe Mucchiello Throwing Dice Games http://www.throwingdice.com From joe at ThrowingDice.com Sat Dec 29 12:36:04 2007 From: joe at ThrowingDice.com (Joe Mucchiello) Date: Sat, 29 Dec 2007 12:36:04 -0500 Subject: [geeklog-devel] Not specifically related to 1.5 but.... Message-ID: <0JTT007HTNKJK720@mta5.srv.hcvlny.cv.net> Why isn't $log_manipulation a $_CONF setting? function COM_applyBasicFilter( $parameter, $isnumeric = false ) { $log_manipulation = false; // set to true to log when the filter applied ---- Joe Mucchiello Throwing Dice Games http://www.throwingdice.com From dirk at haun-online.de Sat Dec 29 12:50:19 2007 From: dirk at haun-online.de (Dirk Haun) Date: Sat, 29 Dec 2007 18:50:19 +0100 Subject: [geeklog-devel] Not specifically related to 1.5 but.... In-Reply-To: <0JTT007HTNKJK720@mta5.srv.hcvlny.cv.net> References: <0JTT007HTNKJK720@mta5.srv.hcvlny.cv.net> Message-ID: <20071229175019.1597632462@smtp.haun-online.de> Joe Mucchiello wrote: >Why isn't $log_manipulation a $_CONF setting? It started its life as a debug option during development of that function and never made it into $_CONF. Would it make sense to have it there? bye, Dirk -- http://www.geeklog.net/ http://geeklog.info/ From joe at ThrowingDice.com Sun Dec 30 02:20:54 2007 From: joe at ThrowingDice.com (Joe Mucchiello) Date: Sun, 30 Dec 2007 02:20:54 -0500 Subject: [geeklog-devel] [geeklog-cvs] Geeklog-1.x/system/classes config.class.php, 1.9, 1.10 In-Reply-To: <20071230001142.AA99110FE1E@qs1489.pair.com> References: <20071230001142.AA99110FE1E@qs1489.pair.com> Message-ID: <0JTU006WYPRAUZK0@mta1.srv.hcvlny.cv.net> At 07:11 PM 12/29/2007, Aaron Blankstein wrote: >Update of /cvsroot/geeklog/Geeklog-1.x/system/classes >In directory qs1489.pair.com:/tmp/cvs-serv59652/Geeklog-1.x/system/classes > >Modified Files: > config.class.php >Log Message: >Updated config class to run more smoothly with PHP4. >Changed config class's plugin support. >Added barebones handling of static page's config options in the config class. Oh, man, Aaron, I had just started coding this into the calendar plugin when you checked this in. Thankfully I hadn't gotten too far. A couple questions about the new method plus I think there's a whole in the upgrade stuff. First, is this basically all I need to be compatible with 1.4.1 and 1.5? // if class exists, load config from DB if (class_exists('config')) { $_CA_CONF = config->get_instance()->get_config('calendar'); } // still no config? load the file. if (empty($_CA_CONF)) { require_once ($_CONF['path'] . 'plugins/calendar/config.php'); } I'm not sure I like the idea that the entire config data is loaded at once. Makes me think it might be faster to serialize the whole thing to a file and just load it back from the file. But then I'm into caches. More to follow.... ---- Joe Mucchiello Throwing Dice Games http://www.throwingdice.com From joe at ThrowingDice.com Sun Dec 30 02:46:44 2007 From: joe at ThrowingDice.com (Joe Mucchiello) Date: Sun, 30 Dec 2007 02:46:44 -0500 Subject: [geeklog-devel] Upgrading from 1.4.1 to 1.5 Message-ID: <0JTU00IJDQYEGRS0@mta3.srv.hcvlny.cv.net> Has anyone upgraded an existing site? Not only are there still 1.4.2 references in the code but this happens since Aaron's last changes: Fatal error: Call to undefined method config::create() in D:\webroot\strip\sql\updates\mysql_1.4.1_to_1.4.2.php on line 41 Additionally, the staticpage config settings get lost. The admin/index.php install/upgrade has a loop that calls config->set to move existing data into the config class but that wasn't added to staticpages. In fact, the old staticpages config.php is blown away by untarring the tarball. I suggest a change to the $config->add function to make bootstrapping the config database easier. Currently there's no way to set both a default value and current value. By overloading the $set variable, this can easily be accomplished without littering the code with isset() or array_key_exists calls. + if (is_array($set)) && array_key_exists($param_name, $set)) { + $value = serialize($set[$param_name]); + } else if ($set) { + $value = serialize($default_value); + } else { + $value = 'unset'; + } $Qargs = array($_TABLES['conf_values'], $param_name, - $set ? serialize($default_value) : 'unset', + $value, Then you can use the existing config.php to load the data: // currently this is in the staticpages/config.php so it would have to be moved. probably to plugin_upgrade_staticpages in functions.php if (!$sp_config->group_exists('staticpages')) { $_SP_CONF = array(); @include $_CONF['path'].'plugins/staticpages/config.php'; // if there is no config.php, the default values are still added. $sp_config->add('version', '1.5', 'text', 0, 0, null, 0, $_SP_CONF, 'staticpages'); $sp_config->add('allow_php', 1, 'text', 0, 0, null, 0, $_SP_CONF, 'staticpages'); ... unset($_SP_CONF); } $_SP_CONF &= $sp_config->get_config('staticpages'); For this to work though, the existing config.php files must removed from the distribution. ---- Joe Mucchiello Throwing Dice Games http://www.throwingdice.com From dirk at haun-online.de Sun Dec 30 04:48:33 2007 From: dirk at haun-online.de (Dirk Haun) Date: Sun, 30 Dec 2007 10:48:33 +0100 Subject: [geeklog-devel] Upgrading from 1.4.1 to 1.5 In-Reply-To: <0JTU00IJDQYEGRS0@mta3.srv.hcvlny.cv.net> References: <0JTU00IJDQYEGRS0@mta3.srv.hcvlny.cv.net> Message-ID: <20071230094833.923682479@smtp.haun-online.de> Joe Mucchiello wrote: >In fact, the old staticpages config.php is blown away by >untarring the tarball. Yeah, that's not nice. Btw, this line in the new config.php throws an "undefined variable" warning: $_SP_CONF &= $sp_config->get_config('staticpages'); Removing the '&' seems to fix that. bye, Dirk -- http://www.haun-online.de/ http://spam.tinyweb.net/ From dirk at haun-online.de Sun Dec 30 06:59:26 2007 From: dirk at haun-online.de (Dirk Haun) Date: Sun, 30 Dec 2007 12:59:26 +0100 Subject: [geeklog-devel] [geeklog-cvs] Geeklog-1.x/system/classes config.class.php, 1.9, 1.10 In-Reply-To: <0JTU006WYPRAUZK0@mta1.srv.hcvlny.cv.net> References: <20071230001142.AA99110FE1E@qs1489.pair.com> <0JTU006WYPRAUZK0@mta1.srv.hcvlny.cv.net> Message-ID: <20071230115926.252903765@smtp.haun-online.de> Currently, the config GUI doesn't seem to work at all. Or rather, only the first page of options (Paths, Site, Mail, etc.) works but I can't get to any other page. Nor can I get to the Static Pages config. This is a fresh install, using CVS as it is right now. Btw, I also recommend cranking up the error_reporting in lib-common.php (replace the line there with error_reporting(E_ALL)) and have a look at the rather odd messages that come up then ... bye, Dirk -- http://www.haun-online.de/ http://spam.tinyweb.net/ From devel at portalparts.com Sun Dec 30 10:23:34 2007 From: devel at portalparts.com (Blaine Lang) Date: Sun, 30 Dec 2007 10:23:34 -0500 Subject: [geeklog-devel] [geeklog-cvs] Geeklog-1.x/system/classes config.class.php, 1.9, 1.10 In-Reply-To: <20071230115926.252903765@smtp.haun-online.de> References: <20071230001142.AA99110FE1E@qs1489.pair.com> <0JTU006WYPRAUZK0@mta1.srv.hcvlny.cv.net> <20071230115926.252903765@smtp.haun-online.de> Message-ID: <4777B7F6.5020103@portalparts.com> Dirk, Just verify that you updated the public/javascript folder. Blaine From devel at portalparts.com Sun Dec 30 10:27:58 2007 From: devel at portalparts.com (Blaine Lang) Date: Sun, 30 Dec 2007 10:27:58 -0500 Subject: [geeklog-devel] [geeklog-cvs] Geeklog-1.x/system/classes config.class.php, 1.9, 1.10 In-Reply-To: <0JTU006WYPRAUZK0@mta1.srv.hcvlny.cv.net> References: <20071230001142.AA99110FE1E@qs1489.pair.com> <0JTU006WYPRAUZK0@mta1.srv.hcvlny.cv.net> Message-ID: <4777B8FE.8060005@portalparts.com> Joe Mucchiello wrote: > I'm not sure I like the idea that the entire config data is loaded at once. Joe, we have always loaded all the config data at once, if a config file is used and many plugins if they use a DB Table, initialize a config variable to cache the values as part of the lib-common execution. I agree, using SESSIONS at some point (tried to get that in a few years ago) would be nice. From devel at portalparts.com Sun Dec 30 10:32:06 2007 From: devel at portalparts.com (Blaine Lang) Date: Sun, 30 Dec 2007 10:32:06 -0500 Subject: [geeklog-devel] Upgrading from 1.4.1 to 1.5 In-Reply-To: <0JTU00IJDQYEGRS0@mta3.srv.hcvlny.cv.net> References: <0JTU00IJDQYEGRS0@mta3.srv.hcvlny.cv.net> Message-ID: <4777B9F6.80609@portalparts.com> Joe Mucchiello wrote: > Additionally, the staticpage config settings get lost. The > admin/index.php install/upgrade has a loop that calls config->set to > move existing data into the config class but that wasn't added to > staticpages. In fact, the old staticpages config.php is blown away by > untarring the tarball. Agree and I don't think we had completed the work last night. Aaron and I were working on the config manager and committing CVS updates last night but thanks for checking it out. I agree, the loading of the config data for the staticpages plugin should be in the upgrade function so that it preserves the site settings and in the install to set defaults. Blaine From dirk at haun-online.de Sun Dec 30 10:35:34 2007 From: dirk at haun-online.de (Dirk Haun) Date: Sun, 30 Dec 2007 16:35:34 +0100 Subject: [geeklog-devel] [geeklog-cvs] Geeklog-1.x/system/classes config.class.php, 1.9, 1.10 In-Reply-To: <4777B7F6.5020103@portalparts.com> References: <20071230001142.AA99110FE1E@qs1489.pair.com> <0JTU006WYPRAUZK0@mta1.srv.hcvln y.cv.net> <20071230115926.252903765@smtp.haun-online.de> <4777B7F6.5020103@portalparts.com> Message-ID: <20071230153534.444755461@smtp.haun-online.de> Blaine Lang wrote: >Just verify that you updated the public/javascript folder. It is up to date. This test site is running directly from a CVS checkout. I removed the javascript directory and checked it out again - no change. bye, Dirk -- http://www.haun-online.de/ http://spam.tinyweb.net/ From devel at portalparts.com Sun Dec 30 10:51:18 2007 From: devel at portalparts.com (Blaine Lang) Date: Sun, 30 Dec 2007 10:51:18 -0500 Subject: [geeklog-devel] [geeklog-cvs] Geeklog-1.x/system/classes config.class.php, 1.9, 1.10 In-Reply-To: <20071230153534.444755461@smtp.haun-online.de> References: <20071230001142.AA99110FE1E@qs1489.pair.com> <0JTU006WYPRAUZK0@mta1.srv.hcvln y.cv.net> <20071230115926.252903765@smtp.haun-online.de> <4777B7F6.5020103@portalparts.com> <20071230153534.444755461@smtp.haun-online.de> Message-ID: <4777BE76.7020007@portalparts.com> Hum, just checked as well with Safari on my PC and still don't see the issue. Are you seeing a Javascript error? Should be able to click on Staticpages (or the dropline menuitem) to bring up the staticpages config page. Blaine Dirk Haun wrote: > Blaine Lang wrote: > > >> Just verify that you updated the public/javascript folder. >> > > It is up to date. This test site is running directly from a CVS checkout. > > I removed the javascript directory and checked it out again - no change. > > bye, Dirk > > > From devel at portalparts.com Sun Dec 30 10:18:26 2007 From: devel at portalparts.com (Blaine Lang) Date: Sun, 30 Dec 2007 10:18:26 -0500 Subject: [geeklog-devel] [geeklog-cvs] Geeklog-1.x/system/classes config.class.php, 1.9, 1.10 In-Reply-To: <20071230115926.252903765@smtp.haun-online.de> References: <20071230001142.AA99110FE1E@qs1489.pair.com> <0JTU006WYPRAUZK0@mta1.srv.hcvlny.cv.net> <20071230115926.252903765@smtp.haun-online.de> Message-ID: <4777B6C2.1070203@portalparts.com> Dirk Haun wrote: > Currently, the config GUI doesn't seem to work at all. Or rather, only > the first page of options (Paths, Site, Mail, etc.) works but I can't > get to any other page. Nor can I get to the Static Pages config. > > This is a fresh install, using CVS as it is right now. Dirk, I just wiped out my remote test site and did a fresh cvs install and had no issues. I was thinking I probably left out a cvs update but now I am not sure. Blaine From dirk at haun-online.de Sun Dec 30 10:56:55 2007 From: dirk at haun-online.de (Dirk Haun) Date: Sun, 30 Dec 2007 16:56:55 +0100 Subject: [geeklog-devel] [geeklog-cvs] Geeklog-1.x/system/classes config.class.php, 1.9, 1.10 In-Reply-To: <4777BE76.7020007@portalparts.com> References: <20071230001142.AA99110FE1E@qs1489.pair.com> <0JTU006WYPRAUZK0@mta1.srv.hcvln y.cv.net> <20071230115926.252903765@smtp.haun-online.de> <4777B7F6.5020103@portalparts .com> <20071230153534.444755461@smtp.haun-online.de> <4777BE76.7020007@portalparts.com> Message-ID: <20071230155655.1737280989@smtp.haun-online.de> Blaine Lang wrote: >Hum, just checked as well with Safari on my PC and still don't see the >issue. Are you seeing a Javascript error? This is with Firefox (and it did work prior to last night's changes). You're right, it does work with Safari. >Should be able to click on Staticpages (or the dropline menuitem) to >bring up the staticpages config page. Ah, clicking on "Staticpages" works. I was trying to click on "Main Settings", but that only reloads the current page. Trying to click on any of the dropline menu items just reloads the current page - no matter which one I click. bye, Dirk -- http://www.haun-online.de/ http://spam.tinyweb.net/ From dirk at haun-online.de Sun Dec 30 11:24:35 2007 From: dirk at haun-online.de (Dirk Haun) Date: Sun, 30 Dec 2007 17:24:35 +0100 Subject: [geeklog-devel] [geeklog-cvs] Geeklog-1.x/system/classes config.class.php, 1.9, 1.10 In-Reply-To: <6bplrs$5jb8po@toip5.srvr.bell.ca> References: <6bplrs$5jb8po@toip5.srvr.bell.ca> Message-ID: <20071230162435.1263371174@smtp.haun-online.de> Blaine Lang wrote: >Your site works for me in IE and FF. I think FF has cached your older JS copy. Bingo, that was it. Sorry, didn't occur to me :-( bye, Dirk (off to get another coffee ...) -- http://www.haun-online.de/ http://spam.tinyweb.net/ From blanks at mit.edu Sun Dec 30 11:45:11 2007 From: blanks at mit.edu (Aaron Blankstein) Date: Sun, 30 Dec 2007 11:45:11 -0500 Subject: [geeklog-devel] [geeklog-cvs] Geeklog-1.x/system/classes config.class.php, 1.9, 1.10 In-Reply-To: <0JTU006WYPRAUZK0@mta1.srv.hcvlny.cv.net> References: <20071230001142.AA99110FE1E@qs1489.pair.com> <0JTU006WYPRAUZK0@mta1.srv.hcvlny.cv.net> Message-ID: <2a1a3bb50712300845n214a7c54yd3a15eeb028e901d@mail.gmail.com> That's close - you need to be adding your config options to the database somehow - if you take a look at the staticpages config.php file, you'll see how to do this. I'm going to be updating the wikidocs pretty soon, as well. -- Aaron On Dec 30, 2007 2:20 AM, Joe Mucchiello wrote: > At 07:11 PM 12/29/2007, Aaron Blankstein wrote: > > First, is this basically all I need to be compatible with 1.4.1 and 1.5? > > // if class exists, load config from DB > if (class_exists('config')) { > $_CA_CONF = config->get_instance()->get_config('calendar'); > } > // still no config? load the file. > if (empty($_CA_CONF)) { > require_once ($_CONF['path'] . 'plugins/calendar/config.php'); > } > > I'm not sure I like the idea that the entire config data is loaded at > once. Makes me think it might be faster to serialize the whole thing > to a file and just load it back from the file. But then I'm into > caches. More to follow.... > > > ---- > Joe Mucchiello > Throwing Dice Games > http://www.throwingdice.com > > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://eight.pairlist.net/mailman/listinfo/geeklog-devel > -------------- next part -------------- An HTML attachment was scrubbed... URL: From dirk at haun-online.de Sun Dec 30 12:50:06 2007 From: dirk at haun-online.de (Dirk Haun) Date: Sun, 30 Dec 2007 18:50:06 +0100 Subject: [geeklog-devel] Upgrading from 1.4.1 to 1.5 In-Reply-To: <0JTU00IJDQYEGRS0@mta3.srv.hcvlny.cv.net> References: <0JTU00IJDQYEGRS0@mta3.srv.hcvlny.cv.net> Message-ID: <20071230175006.2142825391@smtp.haun-online.de> Joe Mucchiello wrote: >Not only are there still 1.4.2 references in the code I have just made the necessary changes in CVS (in the install script and the 2 SQL update files). Btw, I have strong suspicion that the MS SQL update won't work. From what I learned recently, MS SQL doesn't have a DESCRIBE statement, so all that code trying to figure out the current version of the database won't work there. I guess we better address MS SQL once everything else has settled down a bit. Just wanted to remind everybody about it ... bye, Dirk -- http://www.geeklog.net/ http://geeklog.info/ From joe at ThrowingDice.com Sun Dec 30 14:21:05 2007 From: joe at ThrowingDice.com (Joe Mucchiello) Date: Sun, 30 Dec 2007 14:21:05 -0500 Subject: [geeklog-devel] Upgrading from 1.4.1 to 1.5 In-Reply-To: <20071230175006.2142825391@smtp.haun-online.de> References: <0JTU00IJDQYEGRS0@mta3.srv.hcvlny.cv.net> <20071230175006.2142825391@smtp.haun-online.de> Message-ID: <0JTV00M9MN3NPA20@mta1.srv.hcvlny.cv.net> At 12:50 PM 12/30/2007, Dirk Haun wrote: >Joe Mucchiello wrote: > > >Not only are there still 1.4.2 references in the code > >I have just made the necessary changes in CVS (in the install script and >the 2 SQL update files). > >Btw, I have strong suspicion that the MS SQL update won't work. From >what I learned recently, MS SQL doesn't have a DESCRIBE statement, so >all that code trying to figure out the current version of the database >won't work there. mssql.class.php handles that: //swaps out the propriatary DESC function in mysql and replaces it with our UDF version function changeDESCRIBE($sql){ But I'm sure there are far subtler incompatibilities in other places. ---- Joe Mucchiello Throwing Dice Games http://www.throwingdice.com From joe at ThrowingDice.com Sun Dec 30 14:26:00 2007 From: joe at ThrowingDice.com (Joe Mucchiello) Date: Sun, 30 Dec 2007 14:26:00 -0500 Subject: [geeklog-devel] [geeklog-cvs] Geeklog-1.x/system/classes config.class.php, 1.9, 1.10 In-Reply-To: <2a1a3bb50712300845n214a7c54yd3a15eeb028e901d@mail.gmail.co m> References: <20071230001142.AA99110FE1E@qs1489.pair.com> <0JTU006WYPRAUZK0@mta1.srv.hcvlny.cv.net> <2a1a3bb50712300845n214a7c54yd3a15eeb028e901d@mail.gmail.com> Message-ID: <0JTV00K4MNBUFC50@mta1.srv.hcvlny.cv.net> At 11:45 AM 12/30/2007, Aaron Blankstein wrote: >That's close - you need to be adding your config options to the >database somehow - >if you take a look at the staticpages config.php file, you'll see >how to do this. The code I listed was the stuff you'd replace "include $_CONF['path']."plugin/$plugin/config.php" at the top of its functions.php with. The add calls should be in plugin_upgrade_$plugin(). The staticpages example is actually very bad as it blows away the old user's old staticpages options. That code should be in functions.php. Did you think my alteration of add() would help with this bootstrapping issue? The calls to set() in the main install could be eliminated with it. ---- Joe Mucchiello Throwing Dice Games http://www.throwingdice.com From dirk at haun-online.de Sun Dec 30 15:03:25 2007 From: dirk at haun-online.de (Dirk Haun) Date: Sun, 30 Dec 2007 21:03:25 +0100 Subject: [geeklog-devel] Upgrading from 1.4.1 to 1.5 In-Reply-To: <0JTU00IJDQYEGRS0@mta3.srv.hcvlny.cv.net> References: <0JTU00IJDQYEGRS0@mta3.srv.hcvlny.cv.net> Message-ID: <20071230200325.1619528102@smtp.haun-online.de> Joe Mucchiello wrote: >Fatal error: Call to undefined method config::create() in >D:\webroot\strip\sql\updates\mysql_1.4.1_to_1.4.2.php on line 41 Yeah, I'm running into the same problem. Not sure how to fix that. Btw, I just made a couple of other changes in the install script. Anyone working on it should do an upgrade before making any further changes - I had to move some code around. bye, Dirk -- http://www.geeklog.net/ http://geeklog.info/ From blanks at mit.edu Sun Dec 30 15:38:26 2007 From: blanks at mit.edu (Aaron Blankstein) Date: Sun, 30 Dec 2007 15:38:26 -0500 Subject: [geeklog-devel] [geeklog-cvs] Geeklog-1.x/system/classes config.class.php, 1.9, 1.10 In-Reply-To: <0JTV00K4MNBUFC50@mta1.srv.hcvlny.cv.net> References: <20071230001142.AA99110FE1E@qs1489.pair.com> <0JTU006WYPRAUZK0@mta1.srv.hcvlny.cv.net> <2a1a3bb50712300845n214a7c54yd3a15eeb028e901d@mail.gmail.com> <0JTV00K4MNBUFC50@mta1.srv.hcvlny.cv.net> Message-ID: <2a1a3bb50712301238m3b88c032pe7161a2814c03d13@mail.gmail.com> The change to the add() function would just remove set() calls from an upgrade process - it won't really change the complexity of the process. -- Aaron On Dec 30, 2007 2:26 PM, Joe Mucchiello wrote: > At 11:45 AM 12/30/2007, Aaron Blankstein wrote: > >That's close - you need to be adding your config options to the > >database somehow - > >if you take a look at the staticpages config.php file, you'll see > >how to do this. > > The code I listed was the stuff you'd replace "include > $_CONF['path']."plugin/$plugin/config.php" at the top of its > functions.php with. The add calls should be in > plugin_upgrade_$plugin(). The staticpages example is actually very > bad as it blows away the old user's old staticpages options. That > code should be in functions.php. > > Did you think my alteration of add() would help with this > bootstrapping issue? The calls to set() in the main install could be > eliminated with it. > > > ---- > Joe Mucchiello > Throwing Dice Games > http://www.throwingdice.com > > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://eight.pairlist.net/mailman/listinfo/geeklog-devel > -------------- next part -------------- An HTML attachment was scrubbed... URL: From blanks at mit.edu Sun Dec 30 16:03:15 2007 From: blanks at mit.edu (Aaron Blankstein) Date: Sun, 30 Dec 2007 16:03:15 -0500 Subject: [geeklog-devel] Upgrading from 1.4.1 to 1.5 In-Reply-To: <20071230200325.1619528102@smtp.haun-online.de> References: <0JTU00IJDQYEGRS0@mta3.srv.hcvlny.cv.net> <20071230200325.1619528102@smtp.haun-online.de> Message-ID: <2a1a3bb50712301303s6e0a767fnce5c8b006a2097c2@mail.gmail.com> Yep, sorry about that - the changes in the config class changed the way you instantiate and I forgot about that piece of code. That should be config::get_instance(); I'm changing that as we speak. Aaron On Dec 30, 2007 3:03 PM, Dirk Haun wrote: > Joe Mucchiello wrote: > > >Fatal error: Call to undefined method config::create() in > >D:\webroot\strip\sql\updates\mysql_1.4.1_to_1.4.2.php on line 41 > > Yeah, I'm running into the same problem. Not sure how to fix that. > > Btw, I just made a couple of other changes in the install script. Anyone > working on it should do an upgrade before making any further changes - I > had to move some code around. > > bye, Dirk > > > -- > http://www.geeklog.net/ > http://geeklog.info/ > > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://eight.pairlist.net/mailman/listinfo/geeklog-devel > -------------- next part -------------- An HTML attachment was scrubbed... URL: From dirk at haun-online.de Sun Dec 30 16:11:26 2007 From: dirk at haun-online.de (Dirk Haun) Date: Sun, 30 Dec 2007 22:11:26 +0100 Subject: [geeklog-devel] Upgrading from 1.4.1 to 1.5 In-Reply-To: <20071230200325.1619528102@smtp.haun-online.de> References: <0JTU00IJDQYEGRS0@mta3.srv.hcvlny.cv.net> <20071230200325.1619528102@smtp.haun-online.de> Message-ID: <20071230211126.1439771565@smtp.haun-online.de> Dirk Haun wrote: >Btw, I just made a couple of other changes in the install script. Anyone >working on it should do an upgrade before making any further changes (several updates later ...) Okay, I'm done with the install script now. Really. (I think ;-) bye, Dirk -- http://www.geeklog.net/ http://geeklog.info/ From dirk at haun-online.de Sun Dec 30 16:47:09 2007 From: dirk at haun-online.de (Dirk Haun) Date: Sun, 30 Dec 2007 22:47:09 +0100 Subject: [geeklog-devel] Upgrading from 1.4.1 to 1.5 In-Reply-To: <2a1a3bb50712301303s6e0a767fnce5c8b006a2097c2@mail.gmail.com> References: <0JTU00IJDQYEGRS0@mta3.srv.hcvlny.cv.net> <20071230200325.1619528102@smtp.haun-online.de> <2a1a3bb50712301303s6e0a767fnce5c8b006a2097c2@mail.gmail.com> Message-ID: <20071230214709.1453432820@smtp.haun-online.de> Aaron Blankstein wrote: >Yep, sorry about that - the changes in the config class changed the way you >instantiate and I forgot about that piece of code. That should be >config::get_instance(); I'm changing that as we speak. Thanks Aaron, that did it. Looks like the update for the Links plugin isn't working properly - all my links lost their category and weren't listed any more (but they're still there on the Admin screen). I'll look into it tomorrow, unless someone beats me to it ... bye, Dirk -- http://www.haun-online.de/ http://spam.tinyweb.net/ From garymoncrieff at googlemail.com Sun Dec 30 18:46:24 2007 From: garymoncrieff at googlemail.com (Gary Moncrieff) Date: Sun, 30 Dec 2007 23:46:24 +0000 Subject: [geeklog-devel] Upgrading from 1.4.1 to 1.5 In-Reply-To: <20071230214709.1453432820@smtp.haun-online.de> References: <0JTU00IJDQYEGRS0@mta3.srv.hcvlny.cv.net> <20071230200325.1619528102@smtp.haun-online.de> <2a1a3bb50712301303s6e0a767fnce5c8b006a2097c2@mail.gmail.com> <20071230214709.1453432820@smtp.haun-online.de> Message-ID: Hey Just grabbed the latest nightly tarbell and the two latest install files and have ran the installer a few times with the same result, it sets my path as /home/jinlun/ where it should be /home/~jinlun/ Any Ideas guys? Regards Dazzy On 30/12/2007, Dirk Haun wrote: > > Aaron Blankstein wrote: > > >Yep, sorry about that - the changes in the config class changed the way > you > >instantiate and I forgot about that piece of code. That should be > >config::get_instance(); I'm changing that as we speak. > > Thanks Aaron, that did it. > > Looks like the update for the Links plugin isn't working properly - all > my links lost their category and weren't listed any more (but they're > still there on the Admin screen). I'll look into it tomorrow, unless > someone beats me to it ... > > bye, Dirk > > > -- > http://www.haun-online.de/ > http://spam.tinyweb.net/ > > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://eight.pairlist.net/mailman/listinfo/geeklog-devel > -------------- next part -------------- An HTML attachment was scrubbed... URL: From dirk at haun-online.de Mon Dec 31 05:56:03 2007 From: dirk at haun-online.de (Dirk Haun) Date: Mon, 31 Dec 2007 11:56:03 +0100 Subject: [geeklog-devel] Links categories (was: Upgrading from 1.4.1 to 1.5) In-Reply-To: <20071230214709.1453432820@smtp.haun-online.de> References: <0JTU00IJDQYEGRS0@mta3.srv.hcvlny.cv.net> <20071230200325.1619528102@smtp.haun-online.de> <2a1a3bb50712301303s6e0a767fnce5c8b006a2097c2@mail.gmail.com> <20071230214709.1453432820@smtp.haun-online.de> Message-ID: <20071231105603.33871269@smtp.haun-online.de> Dirk Haun wrote: >Looks like the update for the Links plugin isn't working properly - all >my links lost their category While attempting to fix that, I ran across a few oddities and issues with backward compatibility. I fixed those but would like to hear some comments to see what others think, please. Before 1.5, the link categories served as both an ID and a (descriptive) label. The new Links plugin separates that, so now we have a link ID (cid), a category name and even a category description. When upgrading from earlier versions, the code in CVS tried to assign new IDs to the categories. Also, the URLs for the categories on the public list of links were changed to use that new cid. That, however, broke existing links pointing to categories. For example, on geeklog.net we have a category "Tech. Sites". The link to that category is .../links/index.php?category=Tech.+Sites After the upgrade, that would have become .../index.php? cid=20071231114832121 and the old URL would have stopped working. So I decided to rewrite that part and keep the old URLs intact - and therefore allow a cid to include spaces (and other special characters), just like before. So the cid is not really an ID in the sense we use that elsewhere (e.g. in stories). Anyone see a problem with that? Also, the Links plugin now has a [category:] autotag (new in 1.5). However, that won't work with these sorts of IDs, e.g. [category:Tech. Sites] The way autotags work, the blank would be seen as the end of the ID, so it wouldn't work. Instead of trying to come up with fancy workarounds (e.g. use Tech.+Sites as the ID, i.e. urlencoded) I'd suggest we simply drop that autotag. Objections? bye, Dirk -- http://www.haun-online.de/ http://spam.tinyweb.net/ From WebSiteMaster at cogeco.net Mon Dec 31 08:41:04 2007 From: WebSiteMaster at cogeco.net (Web Site Master) Date: Mon, 31 Dec 2007 08:41:04 -0500 Subject: [geeklog-devel] Links categories (was: Upgrading from 1.4.1 to 1.5) In-Reply-To: <20071231105603.33871269@smtp.haun-online.de> References: <0JTU00IJDQYEGRS0@mta3.srv.hcvlny.cv.net><20071230200325.1619528102@smtp.haun-online.de><2a1a3bb50712301303s6e0a767fnce5c8b006a2097c2@mail.gmail.com><20071230214709.1453432820@smtp.haun-online.de> <20071231105603.33871269@smtp.haun-online.de> Message-ID: I had mentioned this before but can we change the name of the links category autotag to something else? Something like [link_category:] is a bit more descriptive. Links isn't the only plugin to have categories and it probably will get confusing for some people. This would probably be a good idea for all plugins to do in the future, have the name of the plugin at the start of the tag so 2 plugins with the same autotag name will never be a problem. Tom -----Original Message----- From: geeklog-devel-bounces at lists.geeklog.net [mailto:geeklog-devel-bounces at lists.geeklog.net] On Behalf Of Dirk Haun Sent: December-31-07 5:56 AM To: geeklog-devel Subject: [geeklog-devel] Links categories (was: Upgrading from 1.4.1 to 1.5) Dirk Haun wrote: >Looks like the update for the Links plugin isn't working properly - all >my links lost their category While attempting to fix that, I ran across a few oddities and issues with backward compatibility. I fixed those but would like to hear some comments to see what others think, please. Before 1.5, the link categories served as both an ID and a (descriptive) label. The new Links plugin separates that, so now we have a link ID (cid), a category name and even a category description. When upgrading from earlier versions, the code in CVS tried to assign new IDs to the categories. Also, the URLs for the categories on the public list of links were changed to use that new cid. That, however, broke existing links pointing to categories. For example, on geeklog.net we have a category "Tech. Sites". The link to that category is .../links/index.php?category=Tech.+Sites After the upgrade, that would have become .../index.php? cid=20071231114832121 and the old URL would have stopped working. So I decided to rewrite that part and keep the old URLs intact - and therefore allow a cid to include spaces (and other special characters), just like before. So the cid is not really an ID in the sense we use that elsewhere (e.g. in stories). Anyone see a problem with that? Also, the Links plugin now has a [category:] autotag (new in 1.5). However, that won't work with these sorts of IDs, e.g. [category:Tech. Sites] The way autotags work, the blank would be seen as the end of the ID, so it wouldn't work. Instead of trying to come up with fancy workarounds (e.g. use Tech.+Sites as the ID, i.e. urlencoded) I'd suggest we simply drop that autotag. Objections? bye, Dirk -- http://www.haun-online.de/ http://spam.tinyweb.net/ _______________________________________________ geeklog-devel mailing list geeklog-devel at lists.geeklog.net http://eight.pairlist.net/mailman/listinfo/geeklog-devel __________ NOD32 2758 (20071231) Information __________ This message was checked by NOD32 antivirus system. http://www.eset.com From joe at ThrowingDice.com Mon Dec 31 11:45:54 2007 From: joe at ThrowingDice.com (Joe Mucchiello) Date: Mon, 31 Dec 2007 11:45:54 -0500 Subject: [geeklog-devel] Links categories (was: Upgrading from 1.4.1 to 1.5) In-Reply-To: References: <0JTU00IJDQYEGRS0@mta3.srv.hcvlny.cv.net> <20071230200325.1619528102@smtp.haun-online.de> <2a1a3bb50712301303s6e0a767fnce5c8b006a2097c2@mail.gmail.com> <20071230214709.1453432820@smtp.haun-online.de> <20071231105603.33871269@smtp.haun-online.de> Message-ID: <0JTX00L88AL266Z0@mta1.srv.hcvlny.cv.net> At 08:41 AM 12/31/2007, Web Site Master wrote: >I had mentioned this before but can we change the name of the links category >autotag to something else? Something like [link_category:] is a bit more >descriptive. Links isn't the only plugin to have categories and it probably >will get confusing for some people. Part of the calendar plugin bounty is calendar categories. At least I wasn't planning to make an autotag for it. ---- Joe Mucchiello Throwing Dice Games http://www.throwingdice.com From joe at ThrowingDice.com Mon Dec 31 11:57:04 2007 From: joe at ThrowingDice.com (Joe Mucchiello) Date: Mon, 31 Dec 2007 11:57:04 -0500 Subject: [geeklog-devel] [geeklog-cvs] Geeklog-1.x/public_html/links index.php In-Reply-To: <20071231104149.5751110FE17@qs1489.pair.com> References: <20071231104149.5751110FE17@qs1489.pair.com> Message-ID: <0JTX00AP2B3O4VU0@mta2.srv.hcvlny.cv.net> At 05:41 AM 12/31/2007, Dirk Haun wrote: > $cid = $_LI_CONF['root']; > $display = ''; >! if (isset($_GET['category'])) { >! $cid = strip_tags (COM_stripslashes ($_GET['category'])); >! } elseif (isset($_POST['category'])) { >! $cid = strip_tags (COM_stripslashes ($_POST['category'])); > >--- 261,266 ---- > } else { > // Get current category name >! $currentcategory = DB_getItem($_TABLES['linkcategories'], >'category', >! "cid='{$cid}'"); You probably need an addslashes here. If you're calling strip_tags, that means "Jim's Links" is a valid $cid. ---- Joe Mucchiello Throwing Dice Games http://www.throwingdice.com From joe at ThrowingDice.com Mon Dec 31 12:22:55 2007 From: joe at ThrowingDice.com (Joe Mucchiello) Date: Mon, 31 Dec 2007 12:22:55 -0500 Subject: [geeklog-devel] [geeklog-cvs] Geeklog-1.x/plugins/links functions.inc, 1.93, 1.94 In-Reply-To: <20071231104149.4AE3210FE15@qs1489.pair.com> References: <20071231104149.4AE3210FE15@qs1489.pair.com> Message-ID: <0JTX00DVLCASC040@mta5.srv.hcvlny.cv.net> At 05:41 AM 12/31/2007, you wrote: > $content = stripslashes($A['category']); >! $url = $_CONF['site_url'] . >'/links/portal.php?what=category&item=' . urlencode($A['cid']); >! $breadcrumb = COM_createLink($content, $url) . >$separator . $breadcrumb; Similarly, the stripslashes is probably not needed. All it does is prevent you from making a category like "/// Cool Stuff \\\". There should only be one call to stripslashes anywhere in Geeklog and that's in COM_stripslashes. ---- Joe Mucchiello Throwing Dice Games http://www.throwingdice.com From joe at ThrowingDice.com Mon Dec 31 12:33:23 2007 From: joe at ThrowingDice.com (Joe Mucchiello) Date: Mon, 31 Dec 2007 12:33:23 -0500 Subject: [geeklog-devel] [geeklog-cvs] Geeklog-1.x/sql mysql_tableanddata.php In-Reply-To: <20071231124848.0BF5C10FE12@qs1489.pair.com> References: <20071231124848.0BF5C10FE12@qs1489.pair.com> Message-ID: <0JTX00JJLCS85H80@mta2.srv.hcvlny.cv.net> Is any effort going to be made to remove the plugin installation data from the main install and make the plugins install take place after the normal install? It would still be automatic, but it would make the plugins more independent. In fact, with the GUI installer, there should be options to not install some of the plugins. Not everyone wants the calendar or polls plugins. Why clutter their admin area with them if they won't be used? If they want them later, they'll be waiting for them in the plugins control panel. At 07:48 AM 12/31/2007, Dirk Haun wrote: >--- 896,904 ---- > $_DATA[] = "INSERT INTO {$_TABLES['pingservice']} (pid, name, > site_url, ping_url, method, is_enabled) VALUES (1, 'Ping-O-Matic', > 'http://pingomatic.com/', 'http://rpc.pingomatic.com/', > 'weblogUpdates.ping', 1)"; > >! $_DATA[] = "INSERT INTO {$_TABLES['plugins']} (pi_name, >pi_version, pi_gl_version, pi_enabled, pi_homepage) VALUES >('staticpages', '1.5.0','1.5.0',1,'http://www.geeklog.net/') "; >! $_DATA[] = "INSERT INTO {$_TABLES['plugins']} (pi_name, >pi_version, pi_gl_version, pi_enabled, pi_homepage) VALUES ('spamx', >'1.1.1','1.5.0',1,'http://www.pigstye.net/gplugs/staticpages/index.php/spamx') >"; >! $_DATA[] = "INSERT INTO {$_TABLES['plugins']} (pi_name, >pi_version, pi_gl_version, pi_enabled, pi_homepage) VALUES ('links', >'2.0.0', '1.5.0', 1, 'http://www.geeklog.net/')"; >! $_DATA[] = "INSERT INTO {$_TABLES['plugins']} (pi_name, >pi_version, pi_gl_version, pi_enabled, pi_homepage) VALUES ('polls', >'2.0.1', '1.5.0', '1', 'http://www.geeklog.net/')"; >! $_DATA[] = "INSERT INTO {$_TABLES['plugins']} (pi_name, >pi_version, pi_gl_version, pi_enabled, pi_homepage) VALUES >('calendar', '1.0.2', '1.5.0', '1', 'http://www.geeklog.net/')"; > > $_DATA[] = "INSERT INTO `{$_TABLES['pollanswers']}` (`pid`, > `qid`, `aid`, `answer`, `votes`, `remark`) VALUES > ('geeklogfeaturepoll', 0, 1, 'MS SQL support', 0, '');"; ---- Joe Mucchiello Throwing Dice Games http://www.throwingdice.com From dirk at haun-online.de Mon Dec 31 13:01:34 2007 From: dirk at haun-online.de (Dirk Haun) Date: Mon, 31 Dec 2007 19:01:34 +0100 Subject: [geeklog-devel] [geeklog-cvs] Geeklog-1.x/plugins/links functions.inc, 1.93, 1.94 In-Reply-To: <0JTX00DVLCASC040@mta5.srv.hcvlny.cv.net> References: <20071231104149.4AE3210FE15@qs1489.pair.com> <0JTX00DVLCASC040@mta5.srv.hcvlny.cv.net> Message-ID: <20071231180134.9904069@smtp.haun-online.de> Joe Mucchiello wrote: >There >should only be one call to stripslashes anywhere in Geeklog and >that's in COM_stripslashes. There are also a bunch of legacy situations where content in the database actually does contain extra slashes that have to be stripped. Not sure if that's one of them - I'll check these tomorrow. I just submitted another batch of fixes for lots of missing addslashes all over the place. There may still be places where they're missing - I'll check those tomorrow, too. Enough for today. Happy New Year, etc. bye, Dirk -- http://www.geeklog.net/ http://geeklog.info/ From joe at ThrowingDice.com Mon Dec 31 13:24:05 2007 From: joe at ThrowingDice.com (Joe Mucchiello) Date: Mon, 31 Dec 2007 13:24:05 -0500 Subject: [geeklog-devel] [geeklog-cvs] Geeklog-1.x/plugins/links functions.inc, 1.93, 1.94 In-Reply-To: <20071231180134.9904069@smtp.haun-online.de> References: <20071231104149.4AE3210FE15@qs1489.pair.com> <0JTX00DVLCASC040@mta5.srv.hcvlny.cv.net> <20071231180134.9904069@smtp.haun-online.de> Message-ID: <0JTX00BMLF4QUK80@mta5.srv.hcvlny.cv.net> At 01:01 PM 12/31/2007, Dirk Haun wrote: >Joe Mucchiello wrote: > > >There > >should only be one call to stripslashes anywhere in Geeklog and > >that's in COM_stripslashes. > >There are also a bunch of legacy situations where content in the >database actually does contain extra slashes that have to be stripped. I know. It would be nice to identify them and run the database through some cleanup during a version upgrade and then remove the code as well. Perhaps you should schedule a code cleanup release (1.5.1) with absolutely no new features. Just bug fixes and database cleansing. >Not sure if that's one of them - I'll check these tomorrow. I just >submitted another batch of fixes for lots of missing addslashes all over >the place. There may still be places where they're missing - I'll check >those tomorrow, too. Yeah, in less than an hour after I posted about it. Take a break and have a happy new year. ---- Joe Mucchiello Throwing Dice Games http://www.throwingdice.com