Feedback :: Zikula Community :: Support at your fingertips

Get Zikula 1.3.3!New core, modules & more

Quick Links

Donate Today!Support your Software

Documentationlearn, share & develop

Watch

GitHub Core

Show your support for Zikula! Sign up at Github account and watch the Core project!

GitHub Modules

Forum Activity

internetking created topic »password problem« 25. May
mesteele101 responded to »ERR (3): E_USER_ERROR: Smarty error: [in pagesvar:pagesitem2en line XXX]…« 25. May
mazdev responded to »Pages 2.5.0 and updating - Page not found« 25. May
ehdwma created topic »Hide "Register new account" and change template to 3 col« 25. May
mesteele101 responded to »Zikula 1.3.3 - Selecting a category in Pages not working« 25. May
mdee created topic »How to implement returnpage ?« 25. May
nestormateo responded to »Fillters in Clip« 24. May

» Visit forum | » View latest posts

Zikula Blog

Anatomy of Open Source Projects on Mar 07
Continuous Review on Mar 01
Not Invented Here on Feb 24
How to Contribute Your Code at Github on Jan 13
10 Steps to Coding-Nirvana: Tips for Successful Module Writing on Nov 12
Submitting Bug Report Tickets That Get Results on Aug 17
Cozi Tricks #1: Syntax Highlighting on Aug 07

Feedback

Print topic

Go to page 1 - 2 [+1]:

**unknown user**

Rank: Senior

Registered: Mar 16, 2002

Last visit: Oct 21, 2009

Posts: 2204
Posted: Oct 01, 2006 - 08:04 AM

Overall, I think you guys have done a fantastically brilliant job. Just thought I'd list some likes and the not-so-much-liked.

Likes:
the Auth modules and SSL support is a great addition, will better support commerce and secure logins
Theme manager.. yum.
Thumbnail module .. cool :)
Security goodness .. glad to se the ability to log these to DB.. very cool. all we need now is a tripwire type module to monitor for changed files :)
Pending content: nice :)
Search module with new API "plugins" is awesome.
Blocks module: much better, but are they still loading on pages where they're not displayed?
Permissions: nice re-vamp .. friendly and intuitive
Error logging: I like it a lot, but it's filling my logs up and reminding me how much I have to do. so it's a love/hate thing :)
Most of all, I like that everything I use and develop still works.. I appreciate that.

Not-so-much-liked:
-.DS_Store files need to be excluded from the module list
-Categories module: It's user unfriendly and an abstraction from convention. metaphor: it's like going to an office supply store being able to get your desk, chairs, lamps, computers etc.. only to find out you need to go elsewhere for pens. Ask yourselves why you made articles editable from the front end. I don't like it, my "clients" will hate it, it's overly complicated, user unfriendly and unintuitive. The disconnect between developer and user is horribly apparent in this. The contact fields being pre-populated with someone else's business email is shameless by the way.
-has the input filtering been improved?

that's all.. thanks for the hard work. you should all be extremely proud of the result.
**unknown user**

Rank: Senior

Registered: Mar 16, 2002

Last visit: Oct 21, 2009

Posts: 2204
Posted: Oct 01, 2006 - 08:07 AM

oh yeah.. the session timeout thing is driving me crazy. logs me out after 5 min of inactivity with medium security enabled.
**unknown user**

Rank: Registered User

Registered: Mar 16, 2002

Last visit: Oct 21, 2009

Posts: 21
Posted: Oct 01, 2006 - 09:22 AM

i absolutely agrre with your points.
same for me about those session timeouts.
i also noted above the administration panel, there is a note 'postnuke security analizer' informing about upgrade.php and chmod config.php. but when i corrected the mentioned issues, this note stays above the administration panel, just the warnings disappeared. it says only 'postnuke security anlyzer', nothing else.

didnt look at the category module yet. it seems so comlex ;)
markwest

Rank: Team Member

Registered: Mar 18, 2002

Last visit: Oct 21, 2009

Posts: 6606
Posted: Oct 01, 2006 - 10:34 AM

Some feedback on the feedback

1) For the session timeouts make sure to click remember me when logging in... The number of days referred to in medium security is how long a 'remembered' session is retained for. Without remember me the session in-activity period of 20 minutes (the current default) applies
2) What are .DS_Store files?
3) What specifically don't you like about the categories module? How would you improve it?
4) What needs improving with input filtering?
5) The Ajax inline editing of articles will be made customisable from the admin interface - and you re-design any of the templates if you really don't want any of the Ajax functionality.
6) The security analyzer check displaying empty has now been fixed.

p.s. please use the bug tracker for bug reports.

-Mark

--
Visit My homepage and Zikula themes .
AmmoDump

Rank: Team Member

Registered: Dec 07, 2003

Last visit: May 09, 2010

Posts: 2703
Posted: Oct 01, 2006 - 10:46 AM

IR,

It is awesome to see that you gave your positives before the negatives, one thing I hate seeing is whinning about things people dislike. It is wonderful, that you give your praise before criticism. I have had not the time to try out the MS releases, but I understand that you appriciate the work that the authors put in.

I too appricaiate the effort. The developors are generally way under-appriciated.

Hooray, devs!!!!!

Dave
AmmoDump

--
David Pahl
Zikula Support Team
AmmoDump

Rank: Team Member

Registered: Dec 07, 2003

Last visit: May 09, 2010

Posts: 2703
Posted: Oct 01, 2006 - 10:47 AM

Horray, Mark!

Thanks, Mark for all your efforts!

--
David Pahl
Zikula Support Team
markwest

Rank: Team Member

Registered: Mar 18, 2002

Last visit: Oct 21, 2009

Posts: 6606
Posted: Oct 01, 2006 - 10:49 AM

Oh I should have added thanks for the positive feedback too!

-Mark

--
Visit My homepage and Zikula themes .
AmmoDump

Rank: Team Member

Registered: Dec 07, 2003

Last visit: May 09, 2010

Posts: 2703
Posted: Oct 01, 2006 - 11:00 AM

Sorry for my poor spelling ;)
Had a few beers this Sunday!

--
David Pahl
Zikula Support Team
Unregistered

Registered: Mar 16, 2002

Last visit: Oct 21, 2009

Posts: 4294967287
Posted: Oct 01, 2006 - 12:13 PM

markwest
1) For the session timeouts make sure to click remember me when logging in... The number of days referred to in medium security is how long a 'remembered' session is retained for. Without remember me the session in-activity period of 20 minutes (the current default) applies

i'm sure you're right on this.. i've imbeded it in my login forms so long i pay no mind to it.

markwest

2) What are .DS_Store files?

..not a big deal..they're apple system files. it's likely due to my system displaying hidden files.. if they were hidden, i don't think they'd show up.

markwest

3) What specifically don't you like about the categories module? How would you improve it?

I'm sure you know me well enough to know that I was baiting that question . I've looked at it some, i'm no winded pro, but, this: __SYSTEM__ is what I call "geek lit", to an average end user it's likely to be seen as techno-babble and appears to be an error, or that somethign is wrong. Click into a category and you get a list of things like: ActiveStatus, Gender, GenMod .. a general description (summary) of what these things mean might help. personally, I think __SYSTEM__ should be removed or make it friendly (ie: Main), displaying the "top" categories as links to a page that lists their contents, possibly displaying their contents in full as a paginated list. When you click on edit you get things like: value, sort value, data field, domain, I-Path. you can't expect the common user to have any idea what these things mean. I don't know what they mean :) ..I suggest some kind of inline documentation system (what's his name did a cool little help script, you could base it off the same principle), maybe a little question mark on the right that when clicked displays an over-all help for the system, click it again and it disappears throughtout (Ajax and rss from the docs?), step-by-step definitions and explainations.. Now, what I asked is to "ask yourselves why you made articles editable from the front end" the answer is simplicity, correct me if i'm wrong. To keep everything unified, together, to not have to go to the back end to edit an article. Now, you have this categories module which you plan to use to compartmentalize the categories of a bunch of modules outside of their own "space". Technically it can make all of the sense in the world, but it doesn't make it sensible. Again, I'm no seasoned pro with this thing, these are just my observations. I would prefer to add my topic to the topics module, my faq categories in the FAQ module where i happen to be working, not leave my workspace. is this still possible? if it is, great. I'm sure your UI guys/gals will have a lot more to say about it as well :)

markwest

4) What needs improving with input filtering?

Do I need to be concerned enough about XSS that I should enable the output filter? Is it presumed that the output filter will catch what the input filter does not? I would prefer that the input is as strictly sanitized, even more so, that the output. I'm more concerned about it entering the database than how well it it's cleansed after the fact. can't the same filter be applied to $_POST's, so the system doesn't need to load the 1600 or so lines of code every time a page loads?

markwest

5) The Ajax inline editing of articles will be made customisable from the admin interface - and you re-design any of the templates if you really don't want any of the Ajax functionality.

I think you misunderstood. I don't want to remove it, I want to be able to admin my entire site from the front end. if I see a typo in one of my htmlpages (now you owe me a plug haha!), I don't want to go to the backend to edit it. less clicky-poos ya' know.

"markwest"

Oh I should have added thanks for the positive feedback too!

hahaha I wouldn't have held you to any social graces.. but of course, you're welcome.. you guys are doing a bang up job.. I truly appreciate your time and efforts.. yes, even the categories module in all its glory :)

Via con nacho,
Devin (aka: The **unknown user** from Guatamala)
**unknown user**

Rank: Softmore

Registered: Mar 16, 2002

Last visit: Oct 21, 2009

Posts: 223
Posted: Oct 01, 2006 - 02:37 PM

I only want give a good point to categories module,

I understand that, when you look at firts time, it seem difficult of work, but whith a little of time it's more "readable" (I was with Openstar for a while, maybe this help)

For me it funcionatily is very usefull, & the best way to have a share component & unificated system, without have to hooked each module with all others & managing a lot of permission for that.

I think that this module is for developers & under this perspective I don't think that have to be more user friendly, maybe give to it two views, one "user-end" with only variables & values, & other more as it is for define relations & domain of action.

Reality is that for understand it & use it well, we must change the way to see the modules and as they are related, and see the system like "module interrelated" not only like a "module semi-independent" system.

I think that it going to made module developing easier, faster & also give the capacibility to develop more complex systems within PN.
**unknown user**

Rank: Senior

Registered: Mar 16, 2002

Last visit: Oct 21, 2009

Posts: 2204
Posted: Oct 01, 2006 - 03:25 PM

Hi Gerkynet,
I understand its utility.. I understand that under General there can be a category that lists Titles: Dr (Doctor), Mag (Magician?), and Prof (Professional?) and that multiple modules might be linked into (using) this list and when an addition is made it affects all modules that use the categories. this may or may not be desired. So, you can add them on a module level, maybe even on initialization and then to edit them, where do I go? To the module that uses them or the one that supplies them? Seeing as how it uses an authid, I doubt the former is possible. Make a gui function that I can call from my module that will enable users to add/edit/delete categories without leaving my module's interface, and I'll begin to accept it as useful. I put a lot of thought into making things easy to use, I can't, in good conscience, force them away from that environment into a far less friendly one.. no matter how many minutes it saves me.

This is just one list item in the post, we can talk about the other ones :) ..honestly, I see utility in it for things such as titles, yes/no, maybe address information (city,state,blah) and maybe I'll use it for those types of form input, I'm just not into splitting functionality across different modules... if they can't add/edit/delete categories from within my module's inerface, I'll spend the extra time coding it in.

thanks for your input :)

edit: grammer

edited by: InvalidResponse, Oct 01, 2006 - 10:31 PM
**unknown user**

Rank: Softmore

Registered: Mar 16, 2002

Last visit: Oct 21, 2009

Posts: 223
Posted: Oct 01, 2006 - 03:45 PM

InvalidResponse, don't take it as personally, criticism to your opinion, profesionality or similar,

I write this on general, only giving me point of view about categories module,

Of course, you can define domains of action, & thought this way you can define how your modules categories can be changed, or externally possible, or only throught your module interface,
It's a way to share the information that you want to share, & for read information that is possible to read, but in a unificated structure.
(at least is how I see it)

Saludos,
**unknown user**

Rank: Senior

Registered: Mar 16, 2002

Last visit: Oct 21, 2009

Posts: 2204
Posted: Oct 01, 2006 - 04:14 PM

gerkynet
InvalidResponse, don't take it as personally, criticism to your opinion, profesionality or similar,

I write this on general, only giving me point of view about categories module,

..no, i don't. I would like to be convinced that it's a "better" thing than what I observe it to be. I'm not easily "inflated"

gerkynet

Of course, you can define domains of action, & thought this way you can define how your modules categories can be changed, or externally possible, or only throught your module interface,
It's a way to share the information that you want to share, & for read information that is possible to read, but in a unificated structure.
(at least is how I see it)

I don't want to pass a lot of judgement on it.. these are just initial impressions. I have no doubt that everyone who first viewed this module, scratched their head, even for a second, and thought "wtf?", when that happens, it's important to stop and start asking how to make it easier to understand. Like: "domains of action" or "Security domain", I don't have any idea what that means..and when I look at the screen, I still don't have any better idea of what that means. I know the docs will shed some light on the term, but I don't necessarily want to go digging through docs to find it, so, at least "some" explaination of these terms should be available in the interface... or even better, an option to display the RSS feed directly from the docs into the interface.

whether or not it's acknowledged or implied, I'm just trying to help
**unknown user**

Rank: Softmore

Registered: Mar 16, 2002

Last visit: Oct 21, 2009

Posts: 171
Posted: Oct 04, 2006 - 02:29 AM

markwest

6) The security analyzer check displaying empty has now been fixed.

Few questions/remarks about the security analyzer:

"Ignore installer check" is checked by default, i assume this will change before the final?

Why is the existance upgrade.php always checked? Wouldn't it make more sense to bundle this with the check for install.php and the install directory?

Personally i would expect this setting under Security instead of in the Admin panel module.

edited by: tycho, Oct 04, 2006 - 03:29 PM
markwest

Rank: Team Member

Registered: Mar 18, 2002

Last visit: Oct 21, 2009

Posts: 6606
Posted: Oct 04, 2006 - 03:02 AM

tycho,

1) Yes - that'll change. For non production developer milestones we've kept the default the other way around.
2) Since upgrade.php is indepedent of the installer it's checked seperately
3) It's shown in the main admin panel as we want these warnings to be 'in your face'. These checks are there to ensure a base level of security and, as such, it's vital that all are adhered too.

-Mark

--
Visit My homepage and Zikula themes .