From vfuria at gmail.com Fri Jul 1 16:31:32 2011 From: vfuria at gmail.com (Vincent Furia) Date: Fri, 1 Jul 2011 14:31:32 -0600 Subject: [geeklog-devel] Wiki Minimum Requirements Updated Message-ID: http://wiki.geeklog.net/index.php/Installing_Geeklog:System_Requirements I bumped PHP and added Postgresql. I think we need to bump the MySQL version as well, but I wasn't sure to what version. -VInny -------------- next part -------------- An HTML attachment was scrubbed... URL: From vfuria at gmail.com Fri Jul 1 16:22:49 2011 From: vfuria at gmail.com (Vincent Furia) Date: Fri, 1 Jul 2011 14:22:49 -0600 Subject: [geeklog-devel] CWE/SANS Top 25 Most Dangerous Software Errors Message-ID: An interesting list of 2011's top software security issues (at least according to CWE/SANS). Not a bad start to security checklist. http://cwe.mitre.org/top25/ -Vinny -------------- next part -------------- An HTML attachment was scrubbed... URL: From dirk at haun-online.de Fri Jul 1 17:10:16 2011 From: dirk at haun-online.de (Dirk Haun) Date: Fri, 1 Jul 2011 23:10:16 +0200 Subject: [geeklog-devel] Wiki Minimum Requirements Updated In-Reply-To: References: Message-ID: Vincent Furia wrote: > http://wiki.geeklog.net/index.php/Installing_Geeklog:System_Requirements > > I bumped PHP and added Postgresql. I think we need to bump the MySQL version as well, but I wasn't sure to what version. MySQL 4.0.18 for Geeklog 1.8.0, MySQL 4.1.3 as of Geeklog 1.8.1 (due to the MySQLi support) Thanks, Vinny. I've updated that wiki article. There's probably an FAQ article with the same outdated information somewhere ... bye, Dirk From dirk at haun-online.de Tue Jul 19 15:15:49 2011 From: dirk at haun-online.de (Dirk Haun) Date: Tue, 19 Jul 2011 21:15:49 +0200 Subject: [geeklog-devel] 1.8.1 In-Reply-To: <20110624164720.9052387slu8vhl0k@webmail.df.eu> References: <20110624133138.9164384jmqc7tuas@webmail.df.eu> <1308916307.1804.8.camel@roccivic-pc> <025901cc3267$570753a0$0515fae0$@cogeco.net> <20110624164720.9052387slu8vhl0k@webmail.df.eu> Message-ID: >> Dirk did you get to that bug? I see that you have been busy checking stuff >> in. > > I haven't tried to understand the original issue yet. Maybe over the weekend ... Okay, only 4 weekends later ... This is about bug #1368 again, see http://project.geeklog.net/tracking/view.php?id=1368 In the current state, not only is the [code] tag broken, but we're also leaving a couple of special characters unescaped, e.g. curly braces (which could lead to things being interpreted as template variables) and ampersands. I think what we should be doing is to revert things to how they were in 1.7.2. This will then break JavaScript embeded in stories again, but I think the alternative of accidentally executing JavaScript that you thought was safe inside a [code] tag is far worse. Tom's idea of treating things inside and outside of [code] differently doesn't seem to cover all use cases (see curly braces). I guess we'll probably have to introduce another tag that says "leave this alone, I know what I'm doing" eventually. For example, a [script] tag. My plan would be to revert to the pre-1.8.0 state in 1.8.1 (effectively, remove the 2 calls to COM_undoSpecialChars), and address the JavaScript issue later. Comments? bye, Dirk From ironmax at spacequad.com Wed Jul 20 10:25:52 2011 From: ironmax at spacequad.com (Michael Brusletten) Date: Wed, 20 Jul 2011 10:25:52 -0400 Subject: [geeklog-devel] Social login change for the demo site References: Message-ID: <000f01cc46e8$edce0280$fe00a8c0@node1> I would like to be able to offer the social login prompts for the demo site but have not installed them yet because of security issues. Can one of the devs look into a way for this to happen? What I need is to be able to put the same variables that are in the online configuration, into the siteconfig.php file and not allow online users be able to see or change the information in the online configuration. Hopefully this makes sense when reading this. I've chatted with Dirk and he thinks it can be done but is not sure. So he asked me to send this message to the dev community for answers. Michael From websitemaster at cogeco.net Thu Jul 21 10:08:53 2011 From: websitemaster at cogeco.net (websitemaster at cogeco.net) Date: Thu, 21 Jul 2011 10:08:53 -0400 Subject: [geeklog-devel] Social login change for the demo site Message-ID: <4e2832f5.3de.2552.9506@cogeco.ca> I can take a look at this in August though you may have to send me a reminder email. I remember seeing a feature request about a demo site mode for Geeklog in the bug tracker ... I will have to look that up as well. Tom > I would like to be able to offer the social login prompts for the demo site > but have not installed them yet because of security issues. Can one of the > devs look into a way for this to happen? What I need is to be able to put > the same variables that are in the online configuration, into the > siteconfig.php file and not allow online users be able to see or change the > information in the online configuration. Hopefully this makes sense when > reading this. > > I've chatted with Dirk and he thinks it can be done but is not sure. So he > asked me to send this message to the dev community for answers. > > Michael > > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://eight.pairlist.net/mailman/listinfo/geeklog-devel From ironmax at spacequad.com Sat Jul 23 06:50:00 2011 From: ironmax at spacequad.com (Michael Brusletten) Date: Sat, 23 Jul 2011 06:50:00 -0400 Subject: [geeklog-devel] Social login change for the demo site References: Message-ID: <000801cc4926$4575e180$fe00a8c0@node1> Thanks Tom. I think you can find the request here when your ready to tackle it http://project.geeklog.net/tracking/view.php?id=1059 and dig into all the requested items on this list. Get in touch with me personally if you need access to get into the demo site via FTP, MyPHPAdmin for testing purposes or updates. Michael support at spacequad.net ----- Original Message ----- > Message: 1 > Date: Thu, 21 Jul 2011 10:08:53 -0400 > From: websitemaster at cogeco.net > Subject: Re: [geeklog-devel] Social login change for the demo site > To: Geeklog Development > Message-ID: <4e2832f5.3de.2552.9506 at cogeco.ca> > > I can take a look at this in August though you may have to send me a reminder email. > > I remember seeing a feature request about a demo site mode for Geeklog in the bug tracker ... I will have to look that > up as well. > > Tom > > > I would like to be able to offer the social login prompts for the demo site > > but have not installed them yet because of security issues. Can one of the > > devs look into a way for this to happen? What I need is to be able to put > > the same variables that are in the online configuration, into the > > siteconfig.php file and not allow online users be able to see or change the > > information in the online configuration. Hopefully this makes sense when > > reading this. > > > > I've chatted with Dirk and he thinks it can be done but is not sure. So he > > asked me to send this message to the dev community for answers. > > > > Michael > > From dirk at haun-online.de Thu Jul 28 06:09:32 2011 From: dirk at haun-online.de (Dirk Haun) Date: Thu, 28 Jul 2011 12:09:32 +0200 Subject: [geeklog-devel] Profile of the "anonymous" user Message-ID: <20110728120932.Horde.o9jvGFNNcXdOMTVcWbpDNkA@webmail.df.eu> I've noticed that Googlebot is indexing the profile of the Anonymous user (uid 1) on one of my sites. That brings up a couple of questions: - do we want that? -- if not, what do we do? add a NOINDEX meta tag? - does it even make sense to have a profile page for that user? -- if not, what do we display instead? And of course: Where did it get that link from in the first place? I.e. are we accidentally linking to that profile somewhere? Thoughts? bye, Dirk From websitemaster at cogeco.net Fri Jul 29 10:02:41 2011 From: websitemaster at cogeco.net (websitemaster at cogeco.net) Date: Fri, 29 Jul 2011 10:02:41 -0400 Subject: [geeklog-devel] Profile of the "anonymous" user Message-ID: <4e32bd81.25e.ccd.5150@cogeco.ca> It does not make sense to have a profile page for the Anonymous user (since in reality it is many users). I think it should just redirect to the homepage if someone attempts to view the Anonymous profile (just like it does for a profile that does not exist). Tom > I've noticed that Googlebot is indexing the profile of the Anonymous > user (uid 1) on one of my sites. That brings up a couple of questions: > > - do we want that? > -- if not, what do we do? add a NOINDEX meta tag? > - does it even make sense to have a profile page for that user? > -- if not, what do we display instead? > > And of course: Where did it get that link from in the first place? > I.e. are we accidentally linking to that profile somewhere? > > Thoughts? > > bye, Dirk > > > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://eight.pairlist.net/mailman/listinfo/geeklog-devel From cordiste at free.fr Fri Jul 29 15:00:15 2011 From: cordiste at free.fr (cordiste) Date: Fri, 29 Jul 2011 21:00:15 +0200 Subject: [geeklog-devel] Profile of the "anonymous" user In-Reply-To: <4e32bd81.25e.ccd.5150@cogeco.ca> References: <4e32bd81.25e.ccd.5150@cogeco.ca> Message-ID: +1 Ben 2011/7/29 : > It does not make sense to have a profile page for the Anonymous user (since in reality it is many users). > > I think it should just redirect to the homepage if someone attempts to view the Anonymous profile (just like it does for > a profile that does not exist). > > Tom > > >> I've noticed that Googlebot is indexing the profile of the Anonymous >> user (uid 1) on one of my sites. That brings up a couple of questions: >> >> - do we want that? >> -- if not, what do we do? add a NOINDEX meta tag? >> - does it even make sense to have a profile page for that user? >> -- if not, what do we display instead? >> >> And of course: Where did it get that link from in the first place? >> I.e. are we accidentally linking to that profile somewhere? >> >> Thoughts? >> >> bye, Dirk >> >> >> _______________________________________________ >> geeklog-devel mailing list >> geeklog-devel at lists.geeklog.net >> http://eight.pairlist.net/mailman/listinfo/geeklog-devel > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://eight.pairlist.net/mailman/listinfo/geeklog-devel > > From dirk at haun-online.de Sun Jul 31 03:46:28 2011 From: dirk at haun-online.de (Dirk Haun) Date: Sun, 31 Jul 2011 09:46:28 +0200 Subject: [geeklog-devel] Bugtracker updated; Changelog Message-ID: <1DC48FB3-672D-4068-A267-AE66A5CAB625@haun-online.de> FYI: I've updated Mantis, our bugtracker, to the latest stable version. Let me know if something's not working as expected. Also, here's an attempt to create the list of changes via the Mantis SOAP API: http://project.geeklog.net/cgi-bin/hgwebdir.cgi/geeklog/rev/42227eaf0400 Known problem: Doesn't give credit for patches (since that information is not available via SOAP). So I guess for the time being, it still needs some manual editing. But at least we can create the list of resolved issues automatically now. bye, Dirk