Little things mean a lot! :: Zikula Community

Get Zikula 1.3.3!New core, modules & more

Quick Links

Donate Today!Support your Software

Documentationlearn, share & develop

Watch

GitHub Core

Show your support for Zikula! Sign up at Github account and watch the Core project!

GitHub Modules

Forum Activity

internetking created topic »password problem« 25. May
mesteele101 responded to »ERR (3): E_USER_ERROR: Smarty error: [in pagesvar:pagesitem2en line XXX]…« 25. May
mazdev responded to »Pages 2.5.0 and updating - Page not found« 25. May
ehdwma created topic »Hide "Register new account" and change template to 3 col« 25. May
mesteele101 responded to »Zikula 1.3.3 - Selecting a category in Pages not working« 25. May
mdee created topic »How to implement returnpage ?« 25. May
nestormateo responded to »Fillters in Clip« 24. May

» Visit forum | » View latest posts

Zikula Blog

Anatomy of Open Source Projects on Mar 07
Continuous Review on Mar 01
Not Invented Here on Feb 24
How to Contribute Your Code at Github on Jan 13
10 Steps to Coding-Nirvana: Tips for Successful Module Writing on Nov 12
Submitting Bug Report Tickets That Get Results on Aug 17
Cozi Tricks #1: Syntax Highlighting on Aug 07

Little things mean a lot!

Print topic

**unknown user**

Rank: Registered User

Registered: Mar 16, 2002

Last visit: Oct 21, 2009

Posts: 43
Posted: Aug 02, 2006 - 11:32 PM

I've used/abused PN for quite some time now and was delighted to discover a couple of "little things" that the team has vastly improved in the 0.8-MS1 that I grabbed from the Aug 2, 2006 nightly dumps.

These include, but I expect to discover others:
- admin listing of users/groups so you don't have to "know" what user you may wish to modify or manage.
- permissions check for a user against an existing rule. That is an awesome addition.

Since we should expect that future PN advocates will likely be a mix of us longtime command-line guys and the ever increasing bunch who can do things if cPanel allows, perhaps some consideration should be given (as early as the install?) for an option that asks if the installer wants "best practices" applied in a hosted environment. For example, if such an option were included, then it could/would do stuff like chmod on config/config*.php and perhaps write or append a line in the server's root .htaccess so the "register_globals" is set off, etc.

At a minimum, on behalf of rookie users who will use PN in a hosted environment, perhaps a short "how-to" link to a local HTML snippet would be more neighborly than the current referral to the PHP pages which don't really lead a rookie to the idea that if he/she cannot reset the server's php.ini file, they can get many alternatives via .htaccess.

I'm sure it will be a while after the final release on 0.8 before cPanel/Fantastico update to include it. But I also know from a substantial length of time dealing with technology rookies that the overall reputation and "buzz" (or anti-buzz) they can create is exceptionally valuable.

Thanks to the team and kudos for demonstrating that highly focused groups like the PN dev-guys can and do prove that synergy IS real!

Best to all.
Dave Nuttall
San Antonio, Texas
markwest

Rank: Team Member

Registered: Mar 18, 2002

Last visit: Oct 21, 2009

Posts: 6606
Posted: Aug 03, 2006 - 09:07 AM

Dave,

Thanks for the positive feedback - pleased you like what you see. Things are coming together and we're getting closer to achieving all the things required for milestone 2.

With regard to the register globals hints my preference is to have these link to entries in our documentation Wiki where we can cover the issues as they pertain to PostNuke rather than the generic manual entries.

-Mark

--
Visit My homepage and Zikula themes .
larsneo

Rank: Software Foundation

Registered: Dec 31, 1969

Last visit: Oct 21, 2009

Posts: 3814
Posted: Aug 03, 2006 - 07:27 PM

dave,
thx for your positive comments.

Quote
For example, if such an option were included, then it could/would do stuff like chmod on config/config*.php and perhaps write or append a line in the server's root .htaccess so the "register_globals" is set off, etc.

as mark already mentioned some Wiki documentation pages about this are the preferred way(*) - especially since there are various ways of configuring the webserver depending on the enviroment (use of .htaccess, php.ini etc). i've added a couple of 'tips' about best security settings within the SysInfo module (see http://www.pndevs.com/index.php?module=blogs&func=viewpub&tid=1&pid=31 ) and the "baseline security analyzer" displays the most important settings (e.g. globals=off) permanently within the administration area (see http://www.pndevs.com/index.php?module=blogs&func=viewpub&tid=1&pid=11 ).
due to the importance of especially register_globals=off we've also a 'soft-setting' to make sure there's no pollution of GPC within pnAPI.php

(*) i've already started the german version at http://support.pn-cms.de/modules/dokuwiki/postnuke/sicherheit

--
regards from germany
..::[Zikula Application Framework]::.. ..::[SEO-Blog]::.. ..::[CMS Sicherheit]::..
**unknown user**

Rank: Registered User

Registered: Mar 16, 2002

Last visit: Oct 21, 2009

Posts: 43
Posted: Aug 04, 2006 - 12:37 AM

Greetings Mark/Larsneo,

The wiki-way is soundly logical to me. You have my full support/endorsement and will try to contribute if my busy retirement can find time! It will also provide potential for creation of a new acronym: RTFWiki!

In addition to the basics of setup/installation, I'm sure there will be tons of stuff that needs to be revised for the Xanthia 3.0+...and just when I thought I had sorta begun to understand the Xanthia 2.0!!!

So its not that us "old dogs" can't learn new tricks, we just have to have things spelled out more slowly I guess!!

Don't let me hold you guys up from getting 0.8 ready for production! I have a site in 0.750 that I want to update, but have decided to do it in one step rather than go to 0.762 and then 0.8.

Best to all from the old geeks retirement center.

Dave
larsneo

Rank: Software Foundation

Registered: Dec 31, 1969

Last visit: Oct 21, 2009

Posts: 3814
Posted: Aug 04, 2006 - 03:24 AM

Quote
I have a site in 0.750 that I want to update, but have decided to do it in one step rather than go to 0.762 and then 0.8.

OT: i strongly recommend to update to .762 due to security reasons *and* easier update to .8 later on

--
regards from germany
..::[Zikula Application Framework]::.. ..::[SEO-Blog]::.. ..::[CMS Sicherheit]::..
**unknown user**

Rank: Registered User

Registered: Mar 16, 2002

Last visit: Oct 21, 2009

Posts: 43
Posted: Aug 06, 2006 - 03:34 AM

Is there something I may have missed along the way that would automatically make WebLinks include a "target=_blank" tag when a user attempts to execute the link that is displayed for a WebLink item?

I know it can be hacked and if such an option were added, I would think the appropriate default is "as is", meaning target to current window.

Thanks.
Dave

edited by: dnuttall, Aug 06, 2006 - 03:35 PM
Simon

Rank: Legend

Registered: Dec 11, 2002

Last visit: Oct 21, 2009

Posts: 11674
Posted: Aug 06, 2006 - 10:37 AM

With .8 you can simply do this by editing the template.

--
itbegins.co.uk - Zikula Consulting

birtwistle.me.uk - Personal Blog

Please read the Support Guide
**unknown user**

Rank: Registered User

Registered: Mar 16, 2002

Last visit: Oct 21, 2009

Posts: 43
Posted: Aug 06, 2006 - 10:02 PM

HammerHead
With .8 you can simply do this by editing the template.

Wouldn't that mean that you have a customized implementation which could get over-written in an upgrade?
Simon

Rank: Legend

Registered: Dec 11, 2002

Last visit: Oct 21, 2009

Posts: 11674
Posted: Aug 06, 2006 - 10:39 PM

No, because any modified templates you create should be stored in the theme, or the new config directory where they won't be overwritten when you upgrade.

--
itbegins.co.uk - Zikula Consulting

birtwistle.me.uk - Personal Blog

Please read the Support Guide
**unknown user**

Rank: Registered User

Registered: Mar 16, 2002

Last visit: Oct 21, 2009

Posts: 43
Posted: Aug 06, 2006 - 10:56 PM

HammerHead
No, because any modified templates you create should be stored in the theme, or the new config directory where they won't be overwritten when you upgrade.

OK, but IMHO, the fact that there is so much leeway with themes and possibility that a site may allow users to change their theme, the administrator has to maintain the target tag in more than one place which leads my thinking to the idea that target tags in general, and explicitly with regard to web-links, are a core rather than discretionary option.
markwest

Rank: Team Member

Registered: Mar 18, 2002

Last visit: Oct 21, 2009

Posts: 6606
Posted: Aug 06, 2006 - 11:09 PM

target tags won't be supported by the core code since they're not valid HTML outside of a transitional doctype. Further thier not recommend for accessibility reasons - you shouldn't open a link in a new window without properly informing the user that a new window will launch.

If you want links outside of your site opening in a new window then there are better ways of achieving adding the target attribute in your templates. e.g. use javascript to add the target to URLs outside of your domin (example). Using this method you can also add a visual indicator (using CSS) for links opening in new windows although IE won't support it...

-Mark

--
Visit My homepage and Zikula themes .