From vfuria at gmail.com Sat Aug 1 00:47:39 2009 From: vfuria at gmail.com (Vincent Furia) Date: Fri, 31 Jul 2009 22:47:39 -0600 Subject: [geeklog-devel] Representing Geeklog's Comments in the Database Message-ID: <8319e2d60907312147vc1c7971q5bc3f6cbb06e1e71@mail.gmail.com> For those interested, I wrote an article on the Wiki that details how Geeklog's commenting system works. We use a modified pre-order traversal algorithm the "label" the comments for quick retrieval. If you interested, the article is here: http://wiki.geeklog.net/index.php/CommentAlgorithm. -Vinny -------------- next part -------------- An HTML attachment was scrubbed... URL: From matt.danger.west at gmail.com Sun Aug 2 16:21:49 2009 From: matt.danger.west at gmail.com (Matt West) Date: Sun, 2 Aug 2009 16:21:49 -0400 Subject: [geeklog-devel] Representing Geeklog's Comments in the Database In-Reply-To: <8319e2d60907312147vc1c7971q5bc3f6cbb06e1e71@mail.gmail.com> References: <8319e2d60907312147vc1c7971q5bc3f6cbb06e1e71@mail.gmail.com> Message-ID: Very nice. good work Vinny! On Aug 1, 2009, at 12:47 AM, Vincent Furia wrote: > For those interested, I wrote an article on the Wiki that details > how Geeklog's commenting system works. We use a modified pre-order > traversal algorithm the "label" the comments for quick retrieval. If > you interested, the article is here: http://wiki.geeklog.net/index.php/CommentAlgorithm > . > > -Vinny -------------- next part -------------- An HTML attachment was scrubbed... URL: From websitemaster at cogeco.net Sun Aug 23 11:51:22 2009 From: websitemaster at cogeco.net (Tom) Date: Sun, 23 Aug 2009 11:51:22 -0400 Subject: [geeklog-devel] Meta Tags in Geeklog and 3 Poll Autotags In-Reply-To: References: <8319e2d60907312147vc1c7971q5bc3f6cbb06e1e71@mail.gmail.com> Message-ID: <005c01ca2409$90438490$b0ca8db0$@net> Hi all, A few of my updates to Geeklog 1.6.1 have now been committed into Mercurial so I just wanted to inform everyone what they are about. I have added 3 autotags to the poll plugin: [poll: pid title] - Displays a link to a poll using the Poll Topic as the title if not specified. [poll-vote: pid class:poll-autotag showall:1] - Displays a poll within a story, etc.. that allows users to vote. Behaves exactly the same as the poll block (i.e. if user has voted then they see just the results). - If poll is closed then a message will be displayed along with poll results - Class specifies the css class to use. Defaults to poll-autotag if not specified. - Showall if set to 1, shows all poll questions. Defaults to 0 if not specified. [poll-result: pid class:poll-autotag] - - Similar to the above tag except it just displays the results (percentage). - Class specifies the css class to use. Defaults to poll-autotag if not specified. I do plan on updating this plugin in the future. I want to add the ability to allow the poll results to display bars instead of a percentage for autotags. I also added in the ability to add Meta Descriptions and Meta Keywords to Geeklog itself, stories and staticpages. In the Geeklog Configuration you now can enabled meta tags and include a default description and keyword list. These defaults can be used just for the homepage or on any page where there are no meta tags found. When creating a story or staticpage you will also now be allowed to specify a Meta Description and Meta Keywords. Plugin Developers can now safely include meta tags in the headercode variable of COM_siteHeader without the risk of duplication as the default geeklog metatags are only used when others are not present. To add meta tags Plugin Developers can call COM_createMetaTags and pass in a description and keyword list they want to use for the page. The function will return the proper html formatted code which then can be added to the headercode variable when COM_siteHeader is used by the plugin. I am currently in the midst of adding these meta tags to Geeklog topics. Thanks Tom -------------- next part -------------- An HTML attachment was scrubbed... URL: From dirk at haun-online.de Sun Aug 23 17:42:17 2009 From: dirk at haun-online.de (Dirk Haun) Date: Sun, 23 Aug 2009 23:42:17 +0200 Subject: [geeklog-devel] Meta Tags in Geeklog and 3 Poll Autotags In-Reply-To: <005c01ca2409$90438490$b0ca8db0$@net> References: <8319e2d60907312147vc1c7971q5bc3f6cbb06e1e71@mail.gmail.com> <005c01ca2409$90438490$b0ca8db0$@net> Message-ID: <20090823214217.1462315035@smtp.haun-online.de> Tom wrote: >[poll-vote: pid class:poll-autotag showall:1] >[poll-result: pid class:poll-autotag] - Minor correction: I renamed those to [poll_vote:] and [poll_result:] for consistency with e.g. [staticpage_content:], i.e. using underscores instead of dashes. bye, Dirk -- http://www.haun-online.de/ http://spam.tinyweb.net/ From dirk at haun-online.de Mon Aug 24 13:17:00 2009 From: dirk at haun-online.de (Dirk Haun) Date: Mon, 24 Aug 2009 19:17:00 +0200 Subject: [geeklog-devel] Meta Tags in Geeklog and 3 Poll Autotags In-Reply-To: <005c01ca2409$90438490$b0ca8db0$@net> References: <8319e2d60907312147vc1c7971q5bc3f6cbb06e1e71@mail.gmail.com> <005c01ca2409$90438490$b0ca8db0$@net> Message-ID: <20090824171700.543618473@smtp.haun-online.de> Tom wrote: >A few of my updates to Geeklog 1.6.1 have now been committed into Mercurial Btw, in case anyone was wondering: Tom does not have commit access - we were using the power of Mercurial's hg export and hg import commands to provide proper attribution for his contributions. Just one more advantage of having switched to Mercurial and one which we hope will make contributions easier (and maybe more attractive). bye, Dirk -- http://www.geeklog.net/ http://geeklog.info/ From dirk at haun-online.de Mon Aug 24 13:47:19 2009 From: dirk at haun-online.de (Dirk Haun) Date: Mon, 24 Aug 2009 19:47:19 +0200 Subject: [geeklog-devel] Getting the GSoC results into the main Geeklog repository Message-ID: <20090824174719.230585262@smtp.haun-online.de> So now that GSoC 2009 is over (everybody passed, btw - yay!) - obviously we're now looking into integrating our student's work into the main Geeklog repository (where applicable). How do we do that? My suggestion would be to do it incrementally. We should first try and get the student repositories in sync with the main Geeklog one again. Once that is done, we can work out the kinks in all the new features (again, on the separate repos). And then we'll look into merging things into the main repository. This could very well mean that we roll out features incrementally, i.e. over several Geeklog releases. Does that sound okay? The "all in one" post-GSoC releases of the past years have always been very late and some features were ready for public consumption earlier than others but had to wait for the latecomers. Having all the new features in separate repositories gives us a chance to work out the kinks there and only ship what's really working. And at the same time it should be easy to keep the repositories in sync with the main one so that a late addition doesn't cause any extra work. Comments? bye, Dirk -- http://www.haun-online.de/ http://geeklog.info/ From dirk at haun-online.de Mon Aug 24 17:07:36 2009 From: dirk at haun-online.de (Dirk Haun) Date: Mon, 24 Aug 2009 23:07:36 +0200 Subject: [geeklog-devel] FrOSCon 2009 Message-ID: <20090824210736.1610778729@smtp.haun-online.de> So in case you missed the announcement[1]: Geeklog had a booth again at FrOSCon last weekend. As usual, the conference was really well organized and the staff was helpful and quick to solve any smaller or bigger issues that came up. They even provided us with an LCD for our booth (a big thanks for that). (Btw, is anyone aware of something like a ruggedized LCD? When travelling by train, I can't really carry an LCD around, but may be able to put a 14 or 15 inch modell into my trolley) Back to the conference: Markus Wollschl?ger[2] helped out on Saturday (thanks!) so that I was able to leave the booth for a while and even attend a presentation (by Sebastian Bergmann, about PHP testing tools[5]). The Geeklog booth (more like a corner, actually) was located in a separate new room. We (and the other exhibitors there) did seem to get a little less traffic there than we had last year, when we were located in the main alley (to the lecture rooms). On the plus side, things were less cramped in that new space. Let's see what I can remember from our visitors: The (upcoming) Postgres support was well received. One person even went ahead and checked out Stan's repository (and came back the next day to report that it didn't work for him - we're still in contact trying to figure out what went wrong). "What is Geeklog?" was still the predominant first question. Trying to position it against the "competition" still wasn't easy (quick: What's the unique feature in Geeklog over other CMS?). I usually went with the security aspect and the permissions system. We got some insights into typical use cases[3], for which we could usually provide an answer (Markus' experience in helping less tech-savvy people run a website with Geeklog helped a lot here). I had a surprise guest on Sunday: A guy in a Drupal shirt who didn't introduce himself and wasn't wearing a name tag either. He mentioned that he had watched Geeklog years ago, then lost sight of it and was now happy to hear it was still around. Only when he started a sentence with "Back when I founded Drupal ..." did I realize who I was talking to ;-) Nice guy. He gave the keynote[4] on Sunday which I couldn't attend. I'll have to watch the video (once the server reappears - seems to be down right now). What else? Slightly offtopic, but I got my employer into sponsoring the conference bags and got a kick out of seeing all these people wandering around with the company logo all weekend. I also gave a presentation again this year - in the last slot on the last day. While many of the exhibitors were already packing up, something like 20-30 people still came to see it, which is pretty good I think. The presentation was about testing in open source projects and given that I only finished it at the last minute, it was probably okay. The announcement was a bit too broad though, as someone pointed out afterwards. I was looking at it too much from a developer's point of view and only glossed over some of the organisational issues. Room for improvement for a future incarnation. Someone pointed me to [6], which looks like a useful resource for finding open source testing tools. I'm pretty sure that I'll be at FrOSCon again in 2010. As a visitor at the very least - other roles (exhibitor, speaker) to be decided in time :) bye, Dirk [1] [2] [3] [4] [5] [6] -- http://www.geeklog.net/ http://geeklog.info/ From joe at ThrowingDice.com Tue Aug 25 00:59:47 2009 From: joe at ThrowingDice.com (Joe Mucchiello) Date: Tue, 25 Aug 2009 00:59:47 -0400 Subject: [geeklog-devel] FrOSCon 2009 In-Reply-To: <20090824210736.1610778729@smtp.haun-online.de> References: <20090824210736.1610778729@smtp.haun-online.de> Message-ID: <0KOX000111VX7XY0@mta1.srv.hcvlny.cv.net> I always think it's great that you can make it to at least one Con each year. At 05:07 PM 8/24/2009, Dirk Haun wrote: >Let's see what I can remember from our visitors: The (upcoming) Postgres >support was well received. One person even went ahead and checked out >Stan's repository (and came back the next day to report that it didn't >work for him - we're still in contact trying to figure out what went wrong). When this was first announced I gave the new code a quick review and I remember thinking some of the implementations were a bit off just from looking at them. I haven't had a chance to get another look at it since. (I want to add pgsql support to my version of the calendar before I release a new version.) You might want to look at the implementation of pgsql.class.php. For example, his implementation of dbSave() does not duplicate the functionality of mysql's REPLACE INTO whereas the mssql implementation goes to great pains to do so. Also there are some stray echo's and print_r calls in the file from the initial release. (I don't know if they've since been removed.) >"What is Geeklog?" was still the predominant first question. Trying to >position it against the "competition" still wasn't easy (quick: What's >the unique feature in Geeklog over other CMS?). I usually went with the >security aspect and the permissions system. The permission system is Geeklog's best claim to uniqueness. The security aspect, while true, sounds like hype. Microsoft also claims to be very security conscious so YMMV trying to call that a feature. ---- Joe Mucchiello Throwing Dice Games http://www.throwingdice.com No virus found in this outgoing message Checked by PC Tools AntiVirus (6.0.0.19 - 10.004.078). http://www.pctools.com/free-antivirus/ From joe at ThrowingDice.com Tue Aug 25 01:02:42 2009 From: joe at ThrowingDice.com (Joe Mucchiello) Date: Tue, 25 Aug 2009 01:02:42 -0400 Subject: [geeklog-devel] Getting the GSoC results into the main Geeklog repository In-Reply-To: <20090824174719.230585262@smtp.haun-online.de> References: <20090824174719.230585262@smtp.haun-online.de> Message-ID: <0KOX00JO920P8HX0@mta5.srv.hcvlny.cv.net> At 01:47 PM 8/24/2009, Dirk Haun wrote: >This could very well mean that we roll out features incrementally, i.e. >over several Geeklog releases. Anything that causes more frequent releases is good in my book. IIRC, the search project from GSoC08 was in glFusion for 6+ months before it made its way into Geeklog. ---- Joe Mucchiello Throwing Dice Games http://www.throwingdice.com No virus found in this outgoing message Checked by PC Tools AntiVirus (6.0.0.19 - 10.004.078). http://www.pctools.com/free-antivirus/ From vfuria at gmail.com Tue Aug 25 10:27:00 2009 From: vfuria at gmail.com (Vincent Furia) Date: Tue, 25 Aug 2009 08:27:00 -0600 Subject: [geeklog-devel] FrOSCon 2009 In-Reply-To: <0KOX000111VX7XY0@mta1.srv.hcvlny.cv.net> References: <20090824210736.1610778729@smtp.haun-online.de> <0KOX000111VX7XY0@mta1.srv.hcvlny.cv.net> Message-ID: <8319e2d60908250727y6989be77h7cbf120ffcf5deac@mail.gmail.com> Joe, at least the two problems you mention below I caught as well. Stan has fixed the DB_save and removed the print and echo debugging statements. I haven't thoroughly tested the (new) DB_save yet. -Vinny On Mon, Aug 24, 2009 at 10:59 PM, Joe Mucchiello wrote: > At 05:07 PM 8/24/2009, Dirk Haun wrote: > >> Let's see what I can remember from our visitors: The (upcoming) Postgres >> support was well received. One person even went ahead and checked out >> Stan's repository (and came back the next day to report that it didn't >> work for him - we're still in contact trying to figure out what went >> wrong). >> > > When this was first announced I gave the new code a quick review and I > remember thinking some of the implementations were a bit off just from > looking at them. I haven't had a chance to get another look at it since. (I > want to add pgsql support to my version of the calendar before I release a > new version.) You might want to look at the implementation of > pgsql.class.php. For example, his implementation of dbSave() does not > duplicate the functionality of mysql's REPLACE INTO whereas the mssql > implementation goes to great pains to do so. Also there are some stray > echo's and print_r calls in the file from the initial release. (I don't know > if they've since been removed.) -------------- next part -------------- An HTML attachment was scrubbed... URL: From joe at ThrowingDice.com Tue Aug 25 12:12:01 2009 From: joe at ThrowingDice.com (Joe Mucchiello) Date: Tue, 25 Aug 2009 12:12:01 -0400 Subject: [geeklog-devel] FrOSCon 2009 In-Reply-To: <8319e2d60908250727y6989be77h7cbf120ffcf5deac@mail.gmail.co m> References: <20090824210736.1610778729@smtp.haun-online.de> <0KOX000111VX7XY0@mta1.srv.hcvlny.cv.net> <8319e2d60908250727y6989be77h7cbf120ffcf5deac@mail.gmail.com> Message-ID: <0KOX00M1YX0CNTW0@mta3.srv.hcvlny.cv.net> Cool. Maybe I'll grab an archive again. (Or get around to installing Hg.) At 10:27 AM 8/25/2009, Vincent Furia wrote: >Content-Type: multipart/alternative; boundary=0016e64c0b6cd279db0471f82154 >Content-Transfer-Encoding: > >Joe, at least the two problems you mention below I caught as well. >Stan has fixed the DB_save and removed the print and echo debugging >statements. I haven't thoroughly tested the (new) DB_save yet. > >-Vinny > >On Mon, Aug 24, 2009 at 10:59 PM, Joe Mucchiello ><joe at throwingdice.com> wrote: >At 05:07 PM 8/24/2009, Dirk Haun wrote: >Let's see what I can remember from our visitors: The (upcoming) Postgres >support was well received. One person even went ahead and checked out >Stan's repository (and came back the next day to report that it didn't >work for him - we're still in contact trying to figure out what went wrong). > > >When this was first announced I gave the new code a quick review and >I remember thinking some of the implementations were a bit off just >from looking at them. I haven't had a chance to get another look at >it since. (I want to add pgsql support to my version of the calendar >before I release a new version.) You might want to look at the >implementation of pgsql.class.php. For example, his implementation >of dbSave() does not duplicate the functionality of mysql's REPLACE >INTO whereas the mssql implementation goes to great pains to do so. >Also there are some stray echo's and print_r calls in the file from >the initial release. (I don't know if they've since been removed.) > ---- Joe Mucchiello Throwing Dice Games http://www.throwingdice.com No virus found in this outgoing message Checked by PC Tools AntiVirus (6.0.0.19 - 10.004.078). http://www.pctools.com/free-antivirus/ From dirk at haun-online.de Tue Aug 25 15:09:16 2009 From: dirk at haun-online.de (Dirk Haun) Date: Tue, 25 Aug 2009 21:09:16 +0200 Subject: [geeklog-devel] FrOSCon 2009 In-Reply-To: <20090824210736.1610778729@smtp.haun-online.de> References: <20090824210736.1610778729@smtp.haun-online.de> Message-ID: <20090825190916.925455661@smtp.haun-online.de> Dirk Haun wrote: >Only when he started a sentence with >"Back when I founded Drupal ..." did I realize who I was talking to ;-) >Nice guy. He gave the keynote[4] on Sunday which I couldn't attend. I'll >have to watch the video This one made me laugh: I'm just skipping through the keynote recording and he has a slide up: "Screw roadmaps". Quote: "We've never really had roadmaps. We've always had a sense of direction but not a roadmap." And he talks about how roadmaps don't really work for a community - you need to let people work on what they're good at. "Let it flow, like water flows." I've always expressed that I don't think a roadmap (in the traditional sense) would work for us. We're not a commercial software business, so you can't bring people to commit to something by a certain date. This is our hobby - when real life happens, it'll always have precedence (and there goes your roadmap). I guess we could be better at expressing the direction in which we're going, though. As I said, I've only skipped through the keynote yet, but it does sound interesting. If anyone's interested, it's the "Keynode"[sic] file in this directory: Please note the URL - these are pretty raw recordings and not for redistribution. More polished ones will be provided later on. bye, Dirk -- http://www.geeklog.net/ http://geeklog.info/ From vfuria at gmail.com Tue Aug 25 15:43:02 2009 From: vfuria at gmail.com (Vincent Furia) Date: Tue, 25 Aug 2009 13:43:02 -0600 Subject: [geeklog-devel] Getting the GSoC results into the main Geeklog repository In-Reply-To: <20090824174719.230585262@smtp.haun-online.de> References: <20090824174719.230585262@smtp.haun-online.de> Message-ID: <8319e2d60908251243m19373678xaa0dd5e5c009ded8@mail.gmail.com> I think this is the best plan. We can integrate student projects when it makes sense to do so (after thorough testing). -Vinny On Mon, Aug 24, 2009 at 11:47 AM, Dirk Haun wrote: > So now that GSoC 2009 is over (everybody passed, btw - yay!) - obviously > we're now looking into integrating our student's work into the main > Geeklog repository (where applicable). How do we do that? > > My suggestion would be to do it incrementally. We should first try and > get the student repositories in sync with the main Geeklog one again. > Once that is done, we can work out the kinks in all the new features > (again, on the separate repos). And then we'll look into merging things > into the main repository. > > This could very well mean that we roll out features incrementally, i.e. > over several Geeklog releases. > > Does that sound okay? The "all in one" post-GSoC releases of the past > years have always been very late and some features were ready for public > consumption earlier than others but had to wait for the latecomers. > Having all the new features in separate repositories gives us a chance > to work out the kinks there and only ship what's really working. And at > the same time it should be easy to keep the repositories in sync with > the main one so that a late addition doesn't cause any extra work. > > Comments? > > bye, Dirk > > > -- > http://www.haun-online.de/ > http://geeklog.info/ > > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://eight.pairlist.net/mailman/listinfo/geeklog-devel > -------------- next part -------------- An HTML attachment was scrubbed... URL: From dirk at haun-online.de Sun Aug 30 16:49:36 2009 From: dirk at haun-online.de (Dirk Haun) Date: Sun, 30 Aug 2009 22:49:36 +0200 Subject: [geeklog-devel] FCKeditor integration Message-ID: <20090830204936.1904455768@smtp.haun-online.de> Okay, after that recent FCKeditor-related debacle (our fault, not theirs) it's about high time that we reconsider how we integrate FCKeditor and why. So users want to use images and other media (sound, video) in their posts and may need a way to upload those first. I can understand that. But why exactly did we allow to upload archive files (.zip, etc.)? I can't really think of a use case for those inside an _editor_. If at all, those should be uploaded through a separate plugin, e.g. File Management. Same with the various text documents (including Word, Excel, PowerPoint and others) that are still allowed now (in 1.6.0sr2). In other words: I can't really see a good reason to continue to support uploads to FCKeditor's generic "File" directory. I'd suggest to drop that and only keep the other three (Image, Media, Flash) and only allow the file types that go into those. Next: Permissions. Anonymous users should never have been allowed to upload something without approval. That was a big mistake there. A common request is to allow image uploads in story submissions. Should we offer this through FCKeditor? I'd say no, at least not to "normal" registered users. A story will go through moderation, but an image (or video) would be available immediately. That is asking for trouble. So I guess the way around this is to introduce separate .upload permissions (story.upload, staticpage.upload, etc.) and a plugin API function that checks if the current user does have that permission. Actually - it doesn't work that way. We would need a callback or FCKeditor would need to be made aware of where it is currently (in a story editor, static pages editor, etc.) so that it can check that. Anyone more familiar with the internals of FCKeditor's PHP connector who would like to make a better suggestion? What I mean is: The part of Geeklog that's integrating FCKeditor needs to decide whether to show the upload option to the current user, but then the actual upload function has to be able to check if it's really okay to perform the upload. In any case, the goal should be to only allow uploads for users who have specifically been given the permission. Not security-related: I'd also like to see an option to enable/disable FCKeditor on a per-user basis. Obviously, if it's disabled in the Configuration, you shouldn't be able to enable it. But if enabled, I'd like to have the option to disable it for me. Anything else? bye, Dirk -- http://www.haun-online.de/ http://geeklog.info/ From joe at ThrowingDice.com Sun Aug 30 17:09:02 2009 From: joe at ThrowingDice.com (Joe Mucchiello) Date: Sun, 30 Aug 2009 17:09:02 -0400 Subject: [geeklog-devel] FCKeditor integration In-Reply-To: <20090830204936.1904455768@smtp.haun-online.de> References: <20090830204936.1904455768@smtp.haun-online.de> Message-ID: <0KP70001MK3IUB00@mta5.srv.hcvlny.cv.net> At 04:49 PM 8/30/2009, Dirk Haun wrote: >But why exactly did we allow to upload archive files (.zip, etc.)? I >can't really think of a use case for those inside an _editor_. If at >all, those should be uploaded through a separate plugin, e.g. File Management. > >Same with the various text documents (including Word, Excel, PowerPoint >and others) that are still allowed now (in 1.6.0sr2). Suppose someone uses Geeklog strictly as a blog. No forums, no filemgr. How does he post a file to his blog? He can only upload it separately and post a link. With a full featured editor, it's all handled for him. A better solution would be to provide a better bridge between Geeklog configuration and FCKEditor's configuration. The obvious difficulty to this is finding a way to do it that doesn't require a lot of work with each FCKEditor release. ---- Joe Mucchiello Throwing Dice Games http://www.throwingdice.com From websitemaster at cogeco.net Sun Aug 30 19:01:41 2009 From: websitemaster at cogeco.net (Tom) Date: Sun, 30 Aug 2009 19:01:41 -0400 Subject: [geeklog-devel] FCKeditor integration In-Reply-To: <20090830204936.1904455768@smtp.haun-online.de> References: <20090830204936.1904455768@smtp.haun-online.de> Message-ID: <002501ca29c5$d6596780$830c3680$@net> >> Not security-related: I'd also like to see an option to enable/disable FCKeditor on a per-user basis I like this idea. As an admin I prefer the simple text boxes for editing but always wanted the rest of the users to be able to use the Editor. >> But why exactly did we allow to upload archive files I agree. These type of files should be handled by the File Management plugin. In some ways I also think images should be handled by a similar management tool. I tend to use the same image multiple times in blog posts and/or staticpages, some of my clients do as well. -----Original Message----- From: geeklog-devel-bounces at lists.geeklog.net [mailto:geeklog-devel-bounces at lists.geeklog.net] On Behalf Of Dirk Haun Sent: August-30-09 4:50 PM To: geeklog-devel Subject: [geeklog-devel] FCKeditor integration Okay, after that recent FCKeditor-related debacle (our fault, not theirs) it's about high time that we reconsider how we integrate FCKeditor and why. So users want to use images and other media (sound, video) in their posts and may need a way to upload those first. I can understand that. But why exactly did we allow to upload archive files (.zip, etc.)? I can't really think of a use case for those inside an _editor_. If at all, those should be uploaded through a separate plugin, e.g. File Management. Same with the various text documents (including Word, Excel, PowerPoint and others) that are still allowed now (in 1.6.0sr2). In other words: I can't really see a good reason to continue to support uploads to FCKeditor's generic "File" directory. I'd suggest to drop that and only keep the other three (Image, Media, Flash) and only allow the file types that go into those. Next: Permissions. Anonymous users should never have been allowed to upload something without approval. That was a big mistake there. A common request is to allow image uploads in story submissions. Should we offer this through FCKeditor? I'd say no, at least not to "normal" registered users. A story will go through moderation, but an image (or video) would be available immediately. That is asking for trouble. So I guess the way around this is to introduce separate .upload permissions (story.upload, staticpage.upload, etc.) and a plugin API function that checks if the current user does have that permission. Actually - it doesn't work that way. We would need a callback or FCKeditor would need to be made aware of where it is currently (in a story editor, static pages editor, etc.) so that it can check that. Anyone more familiar with the internals of FCKeditor's PHP connector who would like to make a better suggestion? What I mean is: The part of Geeklog that's integrating FCKeditor needs to decide whether to show the upload option to the current user, but then the actual upload function has to be able to check if it's really okay to perform the upload. In any case, the goal should be to only allow uploads for users who have specifically been given the permission. Not security-related: I'd also like to see an option to enable/disable FCKeditor on a per-user basis. Obviously, if it's disabled in the Configuration, you shouldn't be able to enable it. But if enabled, I'd like to have the option to disable it for me. Anything else? bye, Dirk -- http://www.haun-online.de/ http://geeklog.info/ _______________________________________________ geeklog-devel mailing list geeklog-devel at lists.geeklog.net http://eight.pairlist.net/mailman/listinfo/geeklog-devel __________ Information from ESET NOD32 Antivirus, version of virus signature database 4382 (20090830) __________ The message was checked by ESET NOD32 Antivirus. http://www.eset.com From devel at portalparts.com Sun Aug 30 19:34:55 2009 From: devel at portalparts.com (Blaine Lang) Date: Sun, 30 Aug 2009 19:34:55 -0400 Subject: [geeklog-devel] FCKeditor integration In-Reply-To: <20090830204936.1904455768@smtp.haun-online.de> References: <20090830204936.1904455768@smtp.haun-online.de> Message-ID: Dirk Haun wrote: > But why exactly did we allow to upload archive files (.zip, etc.)? I > can't really think of a use case for those inside an _editor_. If at > all, those should be uploaded through a separate plugin, e.g. File Management. > FCKeditor allows you to upload files of all types so that you can create a link and reference it to the uploaded file. I created such an example story when I completed the initial integration for the GL 1.4 release - see the bottom of this story http://www.geeklog.net/article.php/advanced-editor?query=fckeditor Is it used much - maybe not, but it would be nice to not remove the ability for the site admin to enable these other file types. Blaine From info at heatherengineering.com Sun Aug 30 20:35:12 2009 From: info at heatherengineering.com (Euan McKay) Date: Mon, 31 Aug 2009 09:35:12 +0900 Subject: [geeklog-devel] FCKeditor integration In-Reply-To: References: <20090830204936.1904455768@smtp.haun-online.de> Message-ID: >> But why exactly did we allow to upload archive files (.zip, etc.)? I >> can't really think of a use case for those inside an _editor_. If at >> all, those should be uploaded through a separate plugin, e.g. File >> Management. >> > > FCKeditor allows you to upload files of all types so that you can create a > link and reference it to the uploaded file. I created such an example story > when I completed the initial integration for the GL 1.4 release - see the > bottom of this story > http://www.geeklog.net/article.php/advanced-editor?query=fckeditor > > Is it used much - maybe not, but it would be nice to not remove the ability > for the site admin to enable these other file types. For me, the point is that the built-in upload for fckeditor allows users to upload any type of file they want to the server, and link it easily - perhaps more easily than if they had to go to the filemanagement plugin, upload, then work out how to link that from a story. If filemanagement plugin files were that easy to integrate into stories, then there would be no need to enable archives etc. in fckeditor. They aren't at the moment, so please don't disable that feature totally. Euan. From joe at ThrowingDice.com Sun Aug 30 21:00:01 2009 From: joe at ThrowingDice.com (Joe Mucchiello) Date: Sun, 30 Aug 2009 21:00:01 -0400 Subject: [geeklog-devel] FCKeditor integration In-Reply-To: References: <20090830204936.1904455768@smtp.haun-online.de> Message-ID: <0KP700NYDUS21070@mta1.srv.hcvlny.cv.net> At 08:35 PM 8/30/2009, Euan McKay wrote: >If filemanagement plugin files were that easy to integrate into >stories, then there would be no need to enable archives etc. in >fckeditor. They aren't at the moment, so please don't disable that >feature totally. There is the file: autotag for filemgnt. I assume you mean there's no integration from the user side. If filemgnt had an API that allowed you to embed controls on any form and associate those uploads with another object, it would go a long way toward simplifying the process. I doubt this can be done without meaningful session management in Geeklog. ---- Joe Mucchiello Throwing Dice Games http://www.throwingdice.com From vfuria at gmail.com Mon Aug 31 01:24:43 2009 From: vfuria at gmail.com (Vincent Furia) Date: Sun, 30 Aug 2009 23:24:43 -0600 Subject: [geeklog-devel] FCKeditor integration In-Reply-To: <20090830204936.1904455768@smtp.haun-online.de> References: <20090830204936.1904455768@smtp.haun-online.de> Message-ID: <8319e2d60908302224g6f99a7c8n76d8919ee52812a2@mail.gmail.com> I think the ideal solution would be for all uploads to wind up outside the web root or in a "closed" directory (i.e. not allowing downloads). Then we can have some php pass through scripts that control access to uploads. Then we can us our autotags (or something similar) to include links/pics/etc in articles and other content. This has a couple advantages. Users can submit uploads as part of articles (or other submissions). They would not be accessible directly from the web, making "attacks" like the recent malware uploads worthwhile (sure you can upload a file, but then it just disappears into a black hole). The pass through scripts could would only allow access to files that were approved, and only to users who have the correct permissions to view/download the content. The downside is doing this would not be a small project (though I don't think it would be huge either)... -Vinny On Sun, Aug 30, 2009 at 2:49 PM, Dirk Haun wrote: > Okay, after that recent FCKeditor-related debacle (our fault, not > theirs) it's about high time that we reconsider how we integrate > FCKeditor and why. > > So users want to use images and other media (sound, video) in their > posts and may need a way to upload those first. I can understand that. > > But why exactly did we allow to upload archive files (.zip, etc.)? I > can't really think of a use case for those inside an _editor_. If at > all, those should be uploaded through a separate plugin, e.g. File > Management. > > Same with the various text documents (including Word, Excel, PowerPoint > and others) that are still allowed now (in 1.6.0sr2). > > In other words: I can't really see a good reason to continue to support > uploads to FCKeditor's generic "File" directory. I'd suggest to drop > that and only keep the other three (Image, Media, Flash) and only allow > the file types that go into those. > > > Next: Permissions. Anonymous users should never have been allowed to > upload something without approval. That was a big mistake there. > > A common request is to allow image uploads in story submissions. Should > we offer this through FCKeditor? I'd say no, at least not to "normal" > registered users. A story will go through moderation, but an image (or > video) would be available immediately. That is asking for trouble. > > So I guess the way around this is to introduce separate .upload > permissions (story.upload, staticpage.upload, etc.) and a plugin API > function that checks if the current user does have that permission. > Actually - it doesn't work that way. We would need a callback or > FCKeditor would need to be made aware of where it is currently (in a > story editor, static pages editor, etc.) so that it can check that. > Anyone more familiar with the internals of FCKeditor's PHP connector who > would like to make a better suggestion? > > What I mean is: The part of Geeklog that's integrating FCKeditor needs > to decide whether to show the upload option to the current user, but > then the actual upload function has to be able to check if it's really > okay to perform the upload. > > In any case, the goal should be to only allow uploads for users who have > specifically been given the permission. > > > Not security-related: I'd also like to see an option to enable/disable > FCKeditor on a per-user basis. Obviously, if it's disabled in the > Configuration, you shouldn't be able to enable it. But if enabled, I'd > like to have the option to disable it for me. > > Anything else? > > bye, Dirk > > > -- > http://www.haun-online.de/ > http://geeklog.info/ > > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://eight.pairlist.net/mailman/listinfo/geeklog-devel > -------------- next part -------------- An HTML attachment was scrubbed... URL: From info at heatherengineering.com Mon Aug 31 01:43:10 2009 From: info at heatherengineering.com (Euan McKay) Date: Mon, 31 Aug 2009 14:43:10 +0900 Subject: [geeklog-devel] FCKeditor integration In-Reply-To: <0KP700NYDUS21070@mta1.srv.hcvlny.cv.net> References: <20090830204936.1904455768@smtp.haun-online.de> <0KP700NYDUS21070@mta1.srv.hcvlny.cv.net> Message-ID: Blaine, In fckeditor/editor/filemanager/connectors/php/config.php There are four lines, one for each file type $Config['FileTypesAbsolutePath']['File']= ($Config['UserFilesAbsolutePath'] == '') ? '' : $Config['UserFilesAbsolutePath'].'file/' ; $Config['FileTypesAbsolutePath']['Image']= ($Config['UserFilesAbsolutePath'] == '') ? '' : $Config['UserFilesAbsolutePath'].'image/' ; $Config['FileTypesAbsolutePath']['Flash']= ($Config['UserFilesAbsolutePath'] == '') ? '' : $Config['UserFilesAbsolutePath'].'flash/' ; $Config['FileTypesAbsolutePath']['Media']= ($Config['UserFilesAbsolutePath'] == '') ? '' : $Config['UserFilesAbsolutePath'].'media/' ; The folder name in each case is in lower case, while the folders in the public_html/images/library/ folder start with upper case letters. This causes problems on case-sensitive file systems - the folders end up being duplicated with lowercase names, and linked images do not show up in stories. The above lines need to be edited to the following: $Config['FileTypesAbsolutePath']['File']= ($Config['UserFilesAbsolutePath'] == '') ? '' : $Config['UserFilesAbsolutePath'].'File/' ; $Config['FileTypesAbsolutePath']['Image']= ($Config['UserFilesAbsolutePath'] == '') ? '' : $Config['UserFilesAbsolutePath'].'Image/' ; $Config['FileTypesAbsolutePath']['Flash']= ($Config['UserFilesAbsolutePath'] == '') ? '' : $Config['UserFilesAbsolutePath'].'Flash/' ; $Config['FileTypesAbsolutePath']['Media']= ($Config['UserFilesAbsolutePath'] == '') ? '' : $Config['UserFilesAbsolutePath'].'Media/' ; But then users will also need to be warned that if they cannot find images suddenly, they will need to move anything in "public_html/images/library/image/" to "public_html/images/library/Image/" and so on for the other folders, then delete the lowercase folders ("image", "file", "flash", "media") and update img src URLs in stories and staticpages etc. Or is it just me? Cheers, Euan. From dirk at haun-online.de Mon Aug 31 01:54:26 2009 From: dirk at haun-online.de (Dirk Haun) Date: Mon, 31 Aug 2009 07:54:26 +0200 Subject: [geeklog-devel] FCKeditor integration In-Reply-To: <8319e2d60908302224g6f99a7c8n76d8919ee52812a2@mail.gmail.com> References: <20090830204936.1904455768@smtp.haun-online.de> <8319e2d60908302224g6f99a7c8n76d8919ee52812a2@mail.gmail.com> Message-ID: <20090831055426.336908791@smtp.haun-online.de> Vincent Furia wrote: >I think the ideal solution would be for all uploads to wind up outside the >web root or in a "closed" directory (i.e. not allowing downloads). Then we >can have some php pass through scripts that control access to uploads. Our download class can already serve files from outside the webroot. If you move the images directory, getimage.php will automatically be used to serve images for articles, userphotos, and topics. So apart from the access control, we can already do that. >The pass through scripts could would only allow access to files that were >approved, and only to users who have the correct permissions to >view/download the content. The problem with this is that FCKeditor would need to know about it. When you upload an image, for example, it uses tags to embed it. So we would either need to modify FCKeditor (not likely to happen) or disable its upload feature entirely and do it all outselves ... bye, Dirk -- http://www.haun-online.de/accu/ From dirk at haun-online.de Mon Aug 31 01:57:04 2009 From: dirk at haun-online.de (Dirk Haun) Date: Mon, 31 Aug 2009 07:57:04 +0200 Subject: [geeklog-devel] FCKeditor integration In-Reply-To: References: <20090830204936.1904455768@smtp.haun-online.de> <0KP700NYDUS21070@mta1.srv.hcvlny.cv.net> Message-ID: <20090831055704.495264345@smtp.haun-online.de> Euan McKay wrote: >The folder name in each case is in lower case, while the folders in >the public_html/images/library/ folder start with upper case letters. We had a few bug reports for this and I think this has been resolved. At least for a fresh install, it now starts with an uppercase letter in both cases. bye, Dirk -- http://www.haun-online.de/ http://geeklog.info/ From dirk at haun-online.de Mon Aug 31 14:07:40 2009 From: dirk at haun-online.de (Dirk Haun) Date: Mon, 31 Aug 2009 20:07:40 +0200 Subject: [geeklog-devel] FCKeditor integration In-Reply-To: <20090830204936.1904455768@smtp.haun-online.de> References: <20090830204936.1904455768@smtp.haun-online.de> Message-ID: <20090831180740.1558270018@smtp.haun-online.de> Btw, CKEditor, the successor of FCKeditor, is now out in a stable version: http://ckeditor.com/ No, I'm not suggesting to switch to it immediately. But we should keep an eye on its development. Anyone willing to take a closer look? E.g. how easy (or not) it can be integrated into Geeklog? bye, Dirk -- http://www.haun-online.de/ http://spam.tinyweb.net/ From cordiste at free.fr Mon Aug 31 17:28:07 2009 From: cordiste at free.fr (cordiste) Date: Mon, 31 Aug 2009 23:28:07 +0200 Subject: [geeklog-devel] FCKeditor integration In-Reply-To: <20090831180740.1558270018@smtp.haun-online.de> References: <20090830204936.1904455768@smtp.haun-online.de> <20090831180740.1558270018@smtp.haun-online.de> Message-ID: <364575ed0908311428w768c1c80y981a36d72a5c5c61@mail.gmail.com> Strange :) http://ckeditor.com/who-is-using-ckeditor?page=1 claim geeklog is already using ckeditor Ben 2009/8/31 Dirk Haun : > Btw, CKEditor, the successor of FCKeditor, is now out in a stable version: > > ? ?http://ckeditor.com/ > > No, I'm not suggesting to switch to it immediately. But we should keep > an eye on its development. Anyone willing to take a closer look? E.g. > how easy (or not) it can be integrated into Geeklog? > > bye, Dirk > > > -- > http://www.haun-online.de/ > http://spam.tinyweb.net/ > > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://eight.pairlist.net/mailman/listinfo/geeklog-devel > > From trinity93 at gmail.com Mon Aug 31 22:05:01 2009 From: trinity93 at gmail.com (Trinity) Date: Mon, 31 Aug 2009 21:05:01 -0500 Subject: [geeklog-devel] FCKeditor integration In-Reply-To: <364575ed0908311428w768c1c80y981a36d72a5c5c61@mail.gmail.com> References: <20090830204936.1904455768@smtp.haun-online.de> <20090831180740.1558270018@smtp.haun-online.de> <364575ed0908311428w768c1c80y981a36d72a5c5c61@mail.gmail.com> Message-ID: from what i can see CKEditor is FCKeditor and yes much improved but done by the same people and replaceing the old one On Mon, Aug 31, 2009 at 4:28 PM, cordiste wrote: > Strange :) > http://ckeditor.com/who-is-using-ckeditor?page=1 > claim geeklog is already using ckeditor > > Ben > > 2009/8/31 Dirk Haun : > > Btw, CKEditor, the successor of FCKeditor, is now out in a stable > version: > > > > http://ckeditor.com/ > > > > No, I'm not suggesting to switch to it immediately. But we should keep > > an eye on its development. Anyone willing to take a closer look? E.g. > > how easy (or not) it can be integrated into Geeklog? > > > > bye, Dirk > > > > > > -- > > http://www.haun-online.de/ > > http://spam.tinyweb.net/ > > > > _______________________________________________ > > geeklog-devel mailing list > > geeklog-devel at lists.geeklog.net > > http://eight.pairlist.net/mailman/listinfo/geeklog-devel > > > > > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://eight.pairlist.net/mailman/listinfo/geeklog-devel > -------------- next part -------------- An HTML attachment was scrubbed... URL: