Recent Topics

How to disable REST API / Other features?

Started by on Oct 03, 2018 – Contents updated: Oct 11, 2018

Oct 03, 2018 17:46    

I would like to disable the b2evo rest api. How would I go about doing that since I am not aware an option to disable it exists. I believe the api will create a significant security issue for my website.

Exact b2evolution version number :6.10.2

Oct 03, 2018 23:38

b2evolution uses the API itself. The backoffice will not work correctly if the API was to be disabled.

What security risk are you worried about?

The API follows the same data access permissions are the regular site.

Oct 04, 2018 00:15

I am using the 6.10.2-stable version of b2evolution. I know that the API has the same permission settings as the back office. I am creating a true public blog where all registered users will be able to publish posts without moderation in designated collections. I am mostly concerned with the APIs regarding users.

I will disable the ?disp=users to be accessed even when someone is logged in and only the blog admin will be able to access ?disp=users when logged in.

In a nutshell, I don't want the user list to be exposed to the public in any way. If I disable access to ?disp=users will the user list be visible with the API if a user is logged in? Also, create and update user API looks rather problematic.

Could users list, create and update user APIs be disabled safely? If so, how? I am greatly concerned with security, having in mind that I am creating a public blog with many many registered users. So, I am trying to limit everything as much as possible just in case I run into some very "creative" user.

P.S.

I had to hack the core a lot in order to limit other options that can't be limited through the back office by mostly wrapping certain elements in an if $current_User->check_perm condition. I must say you guys were very detailed. That is great for me as the admin because it gives me unlimited control, but I believe regular folks who just need to publish a post quickly don't need to be exposed to certain options for security reasons and in order to make the publishing process as simple as possible for non technical people.

Oct 04, 2018 00:27

We will review which API calls are used internally and in what situation to see what locks we can add.

I had to hack the core a lot in order to limit other options that can't be limited through the back office by mostly wrapping certain elements in an if $current_User->check_perm condition. I must say you guys were very detailed. That is great for me as the admin because it gives me unlimited control, but I believe regular folks who just need to publish a post quickly don't need to be exposed to certain options for security reasons and in order to make the publishing process as simple as possible for non technical people.

I would be very interested in screenshots of what you have hidden from normal users. We may add there restrictions to future versions.

Oct 04, 2018 17:53

Thanks. If you come up with anything related to locking down some API options related to users, please let me know.

As for the features I have disabled for normal users, I will try to list them. These settings work for me and might not work for other users of b2evo. I am rather strict as to what normal users can be exposed to. I see b2evo as a community blogging platform where many different users can create their own blogs and post to other blogs freely. So, things need to be restricted to the maximum. I have been reading through the code practically everyday for the past two months and have gotten familiar with the platform. B2evo is fantastic and amazing, code is easy to understand (at least for me, when I got used to it) for more advanced users who want to create bogging communities, but there is a steep learning curve for non technical users who just want to blog. I was amazed that something like b2evo exists as open source. I haven't been able to find anything similar, at least in the PHP/MySQL world.

I am a fan of Wordpress as a single or limited multiple user blogging platform, but Wordpress couldn't handle a truly open blogging community. I would need 100 plugins (and some featured would still be missing) to accomplish what b2evo does out of the box.

What I was aiming for with b2evo is simple: allow users to register, give them access to certain collections, give them a text editor and let them publish posts with a couple of clicks, but give the admin absolute control and flexibility over every aspect.

For normal users I disabled (some things b2evo limited out of the box based on user permissions and some things I limited myself):

  1. All mass posting, mass editing, mass adding photos
  2. All duplicating and merging is disabled for normal users
  3. Editing and duplicating of collection pages, intros, blocks
  4. On disp=edit I disabled everything except the text editor, file upload and category selection (so, advanced options, the text render widget, goal tracking, notifications are gone) Also, normal users cannot choose to select their post to be featured. I presume every user would want their every post to be featured. Since featured posts are displayed on the front page, I needed to limit what posts are featured on the front page.
  5. Users can't edit the URL of the post (because SEO problems with missing links, redirect problems, etc...)
  6. Normal users can't manage their photos in posts, can't search files, can unlink photos, but not delete, can't mass upload, can't add existing photos to a post. Normal users can only manage profile photos and only add photos to posts.
  7. Post title character length limited
  8. Comment character length limited
  9. In user profile, I disabled my activity page, advanced options page and sessions page.
  10. In Collection > Collection Name > Posts I removed the posts list tab since the All tab already displays all of the posts
  11. Also, Collection > Collection Name > Comments I disabled the comment list tab
  12. The search side bar is also limited. Comments can be searched only by visibility and text and posts by visibility, text, category and archive. All searching by IP is disabled for security reasons.
  13. Collection > Collection Name > Posts > All - the full text display is disabled and only an excerpt is shown because I need visitors to read posts in the front office and not in the back office
  14. Disabled file upload for comments for all users except blog admin

Suggestion 1: Files page - file filter is limited to the file name and extension. Maybe allow search by file name only, excluding the extention.
Suggestion 2: have the ability to hide the admin user account in every instance. I think the main admin user should not be treated like any other user in certain situations, like mine. The main admin user should function in the background and should be used exclusively for back office management.
Suggestion 3: have a contact form page that is not connected or related to a specific user, but to the website as a whole

I also disabled or removed various fields, buttons, text/info displays (like Item ID, item kind above the text editor, etc...), some redundant things that were not vital for normal users in order to reduce clutter.

Those were the main limitations that I implemented, some minor things I can't remember right now. I wanted users to simply get in, write and publish, limiting the users' ability to "break, delete and mess up" anything accidentally or purposefully. Since b2evo is very detailed, I needed more options to foolproof everything.

I hope this was helpful.

Oct 04, 2018 22:09

I was amazed that something like b2evo exists as open source. I haven't been able to find anything similar, at least in the PHP/MySQL world.
I am a fan of Wordpress as a single or limited multiple user blogging platform, but Wordpress couldn't handle a truly open blogging community. I would need 100 plugins (and some featured would still be missing) to accomplish what b2evo does out of the box.

I wish more people would know but I am not sure how to best get the word out. How did you discover b2evo yourself?

What I was aiming for with b2evo is simple: allow users to register, give them access to certain collections, give them a text editor and let them publish posts with a couple of clicks, but give the admin absolute control and flexibility over every aspect.

In order to correctly understand your use case, can you confirm whether:

  • each user posts into their own blog?
  • or users posts together in one (ore more) blog(s)?

For normal users I disabled (some things b2evo limited out of the box based on user permissions and some things I limited myself):

Thank you for the list. The restrictions you apply seem to make sense but let me ask you follow up questions to fully understand the use case and we'll add the necessary settings in the core for the next versions.

  • All mass posting, mass editing, mass adding photos
  • All duplicating and merging is disabled for normal users
  • Editing and duplicating of collection pages, intros, blocks
  • Users can't edit the URL of the post (because SEO problems with missing links, redirect problems, etc...)
  • Normal users can't manage their photos in posts, can't search files, can unlink photos, but not delete, can't mass upload, can't add existing photos to a post. Normal users can only manage profile photos and only add photos to posts.
  • In user profile, I disabled my activity page, advanced options page and sessions page.
  • In Collection > Collection Name > Posts I removed the posts list tab since the All tab already displays all of the posts
  • Also, Collection > Collection Name > Comments I disabled the comment list tab
  • Collection > Collection Name > Posts > All - the full text display is disabled and only an excerpt is shown because I need visitors to read posts in the front office and not in the back office
  • I also disabled or removed various fields, buttons, text/info displays (like Item ID, item kind above the text editor, etc...), some redundant things that were not vital for normal users in order to reduce clutter.

These are all backoffice functions. Do you need to give backoffice access to your users? (more on this right below)

On disp=edit I disabled everything except the text editor, file upload and category selection (so, advanced options, the text render widget, goal tracking, notifications are gone) Also, normal users cannot choose to select their post to be featured. I presume every user would want their every post to be featured. Since featured posts are displayed on the front page, I needed to limit what posts are featured on the front page.

On disp=edit, which is front office, we have already limited the number of settings, in an attempt to limit what normal users can tweak. But here you seem to refer to backoffice again. I'd really like to understand why you give users access to the backoffice because there are 2 ways to go about it:

  • either add 50 restrictions to be backoffice
  • or maybe just ad 2 or 3 things to the front office and not give backoffice access to normalusers.
  • Post title character length limited
  • Comment character length limited

ok, we'll add that. What are your limits? (we need to choose defaults that make sense ;)

  • The search side bar is also limited. Comments can be searched only by visibility and text and posts by visibility, text, category and archive. All searching by IP is disabled for security reasons.

Ah right, we need to limit search by IP.

  • Disabled file upload for comments for all users except blog admin

I think you did this with existing permissions.

  • Suggestion 1: Files page - file filter is limited to the file name and extension. Maybe allow search by file name only, excluding the extension.

I don't understand. For example if you filter by *valley* you don't need to specify an extension.

  • Suggestion 2: have the ability to hide the admin user account in every instance. I think the main admin user should not be treated like any other user in certain situations, like mine. The main admin user should function in the background and should be used exclusively for back office management.

What if the admin posts a post or comment?
Do you mean hiding it from the user list?

  • Suggestion 3: have a contact form page that is not connected or related to a specific user, but to the website as a whole

You can already hide the recipient here https://b2evolution.net/man/contact-form-features and set to use a unique contact form here https://b2evolution.net/man/default-collections . If this is not sufficient, please elaborate.

I hope this was helpful.

Very! I'm waiting for the followup answers in order to determine how to best address these. The main question is: do you really really need to give users a backoffice access and why.

Oct 05, 2018 02:37

Thanks for the response! I'll gladly elaborate.

Why allow back office access to normal users?

Maybe I am using b2evo in a very different way than most, so that might be the reason for confusion. My setup is as follows: I have about different 6 collections. Each collection is a separate topic. For example, collection about politics, collection about current events, collection about technology, collection about sports and so on.

Registration is absolutely free in terms of anyone can register freely. When they register, they get their profile and permission to post to all collections which I call topics. They can comment on other users' posts and post their own posts without prior moderation. That is why I allow back office access for normal users. I needed to give the users some freedom.

For users who misbehave, I just change their permission settings to a lower level to require moderation before their posts are made public, or for really bad users I block their account or just block their IP in the back office if they are spammers.

Users don't get their own collections, but can post to collection I have set up initially.

I am aiming to create a public community blog. Something similar to medium.com and b2evolution was the only PHP/MySQL CMS that was able to accommodate something similar, as far as I know, and believe me I have done my research and accidentally stumbled upon b2evolution. Every other PHP based CMS I came across had some feature missing or needed a lot of plugins to accomplish what I wanted to do. First and foremost, I was looking for security, then granular user permissions, total admin control, theme/skin design flexibility, some plugins and widgets repository that the community maintained, something that was modern and had a community. B2evo had a mailing system that is amazing! So, I decided to install it and try it out. At first I was frustrated with the lack of well designed responsive premade skins. I didn't have time to create my own, so I like to customize and expand existing themes. And, that is what I did.

I am aiming to create something between a social network and a news/blog website for people who don't want to create or managed their own blogs, but want to and like to write about different topics and interact with other people.

That is why I needed to give users access to the back office and limit their options in the back office to the maximum. Get in, write you post, publish it and that's it. If some users want to, they can see all of the collections they can post to, add them to their favorites, edit existing posts (I had to limit how much they can edit), they can have an overview of all posts published in a given collection, they can see and search all of the comments in a certain collection through the back office and reply, they can add their posts to different categories and so on. I want users to have some sense of control, but not a lot of control so they don't break, delete or mess up something accidentally or purposefully.

I also have a front page that I curate as to what posts are featured on the front page. That is why I don't allow users to select their posts as featured because everyone would check the featured box to appear on the front page.

As for the admin restriction question, in my particular situation, the blog admin should be the absolute god - super admin. Let's say, he is there, but not visible. As for editing and moderating posts and so on, you just create a user that will be visible as a moderator or admin of a lower level, for example, but the super admin should be allowed to do everything relating to moderation, if needed, without being visible. The super admin shouldn't post, comment or interact with users, but silently edit posts, comments, delete posts, comments and other moderation related things and, of course, all existing back office tasks. As for the interaction (posting, commenting) with other users and the public, there should be a separate admin/moderator user that is publicly visible. Basically, convert the current admin into a super admin that is not visible to the public in any way and allow moderators to interact with the public parts of the website, post, comment and so on. I understand that this kind of set up might not be suitable for most of the users of b2evolution.

That is why I asked about the API restrictions. I limited all of the disps regarding the admin account and the users list, but not through the API.

As for the character limit on titles and comments, I really think that could be a small feature that should be integrated and everyone could benefit from it. I have set 100 characters max for the title, mainly because of SEO and design. Google displays titles up to 60 or so characters, if I am not mistaking. I added 100 just to give people more freedom, as 60 was to low for me, but over 100 would mess up my design of the front page if I was to display an article with a title exceeding 100 characters on the front page. Also, it forces people to be concise and to the point with their titles.

I limited comments to 1500 characters because I want people to write posts and articles if they want to write longer texts and not clutter the comments section.

As for the file search and the use of the wildcard * symbol, I think that is too technical for non technical people. It is not intuitive. They just want to type in a word and get a result. Maybe I am missing something, but when I type just the exact name of the file without the extension I don't get any results. I haven't tried the wildcard symbol, but if that is the only way to search files by name only, I think it should be more intuitive. Maybe the matching process should be more flexible.

As for the contact form, I have disabled the recipient, but the success message displays the username of the owner of the collection. Maybe I am wrong. I just remember I had to remove the username from the success message. I believe that is what prompted me to write what I wrote. Everything else is OK regarding the contact form.

As for how I stumbled upon b2evolution and what could be done to promote the platform. For days I was searching for a CMS that allowed a multi user blog that could be controlled to the finest details. I think I typed multi user blog and b2evolution popped up in Google.

I'll be honest. If I was only judging by the default skin or available skins, I would have continued my search. But, I wanted to see what b2evolution could do and worry about custom skins later. I know that that is a major hurdle for CMS platforms such as b2evolution since Wordpress has raised the bar really high in regards to free and paid themes. I know that smaller communities don't have many members that are willing to spend time on creating themes for free. But, for b2evolution to become more widespread you need to focus more on creating modern, versatile, flexible and easily customizable skins for free.

Most of the people have visual type personalities. They fall in love with what they see and decide to use a platform based on visuals of available skins or themes. Having worked in marketing for a very long time, I know people are most often attracted by visuals.

That is why Wordpress is so popular. beating Joomla and Drupal by a mile times 10. It is visually appealing to most ordinary people when they see all of those free and paid themes. They don't care if their websites are slow or open to hacking attacks. They just want their website to look nice.

Simplicity is another factor. B2evolution could be intimidating for non technical users when you open the back office and see all of those options. It is easy to mess up or misconfigure something. By saying mess up I don't mean break. I think its easier to break Wordpress than b2evolution. But, you really need to spend some time getting familiar with all of the options.

You were extremely detailed! I was amazed when I saw all of the options and that won me over, but if I was to open b2evolution four or five years ago when I knew nothing about coding and when I was starting with Wordpress, I would have been very intimidated. The back office should be more intuitive for non technical people, less clutter, some redundant things should be removed. I think I saw in the code comments about an idea to allow multiple back office skins. I think that is not necessary. Just tweak the current skin, make it easier to navigate and more appealing and intuitive.

Also, maybe creating a second version of b2evolution that is simplified, without all of the advanced options in order to appeal more to non technical people. Wordpress is simple and you can make it advanced as you like. Maybe b2evolution could go the opposite way. Have a full featured version and a simplified version for simple users and simple blogs. Don't get me wrong with constant references to Wordpress. It is human nature to compare. Since Wordpress is so widespread, people will always compare it to other platforms. So, I think that should be seriously taken into account. I think b2evolution has the potential to attract more Wordpress users that just want to have a low maintenance, secure and SEO friendly blog out of the box. The transition from Wordpress to b2evolution should be flawless and that feature should be a must.

Some key selling points all starting with the letter "S":

  1. Simplicity
  2. Skins, more of them (maybe clean up the skins and plugins repository and delete very old, non responsive skins because they are not good for marketing)
  3. Security features out of the box
  4. SEO out of the box
  5. Switch easily to b2evolution from Wordpress (if it's technically possible to develop and integrate, (maybe a plugin) because the two platforms are similar in some things, but very different in other)

If you are targeting more advanced users: Security!, Stability, Customization, Flexibility, SEO - focus on all of the main features out of the box.

Hope I covered all of the topics :)

Oct 05, 2018 03:16

Thanks a lot. I agree on most remarks but I have to make this message short since it's 3am here:

Your use case is normal for b2evolution. "Community blogs" is one of the use cases we keep in mind during development. However, in our idea, your normal users (non moderators) should not have access to the back-office...

Please confirm you have tried the following and please tell me why it doesn't work for you: the same way you can post a topic in these forums without going to the backoffice, you could let your users post in your 6 blogs without going to the backoffice, simply by enabling front-office posting/editing here: https://b2evolution.net/man/in-skin-action-settings -- This will show a much simpler post / edit form to users and all the backoffice complexity is instantly gone.

In your posts you explain you need backoffice access for posting. Is it possible you missed this option? Very will hidden and badly named, I confess. (And I agree it's easy to get lost in the backoffice)

I'll answer on the other topics later.

Oct 05, 2018 10:26

Registration is absolutely free in terms of anyone can register freely. When they register, they get their profile and permission to post to all collections which I call topics. They can comment on other users' posts and post their own posts without prior moderation. That is why I allow back office access for normal users. I needed to give the users some freedom.

Hi All the above can be done without access to the back office

Oct 05, 2018 17:05

Honestly, I didn't even take that into consideration. At first I thought the in-skin actions option was somehow related to the skin functionality so I didn't pay attention to it because I had already set up everything to work properly. Before additionally restricting back office functionality for normal users, I had searched the manual to see if there was a front end publishing option for blogs. I glanced at the page you have sent me and read that there is some form of front end publishing, but that it was useful for forums. Since I was not creating a forum, I ignored that option completely.

Having in mind that only the default forum skin supported that option and none of the other skins by default, I concluded that in-skin options were only reserved to forum skins. I honestly didn't know that the front end publishing option could be integrated into blogs.

Now, my options are to leave everything the way it is right now or try to integrate the front end publishing option without messing up the current set up completely. Since most of my modification were related to the back office, I think there shouldn't be a problem if I just disable back office access for normal users and allow front end publishing. I will have to analyse the forum skin to see how the front end publishing option is integrated. It would be much simpler for end users to have a front end editor without the need to enter the back office.

So, I'll look into that. Any tips would be helpful. I used the business skin as a starting point, but I have customized it further.

Oct 05, 2018 18:19

Try to enable it. Chances are it will Work right out of the box. You’ll probably only need some Minor CSS weeks.

Oct 06, 2018 01:59

Looks like we have some fixing to do…

Oct 06, 2018 02:31

I have also disabled the evo toolbar for normal users

You can keep the evobar. If a user is logged in it will show but only with the options you have enabled. Post, Edit, Comment etc. Like the one on this forum is minimal.

As for an edit button on each post then a) it's decided by the skin you use. b) Do you want every post editable by the author? etc.

Oct 06, 2018 02:58

@fplanque Hopefully it won't take long since I am lunching my website in a couple of days and would appreciate it if everything worked seamlessly, like all the other things in b2evo. I really like the front end publishing option. It is extremely simple! Glad you pointed me in the right direction! :) I don't know why the User Tools is not displaying the Write a new post option when I enable in-skin editing...

@amoun I have tried turning the evobar on and off. When I turn it on, there is just the option to post or edit an existing post and some kind of question mark, which I don't see when I disable in-skin posting. For me personally, it looks a bit cleaner and simpler with out it. That is why I asked if there is is an option to add the edit option somewhere in the post. It looks likes like my skin does not have that functionality enabled by default. Could you point me in the right direction? What kind of code would I have to add?

Oct 06, 2018 09:14

Quick answer: we’re going to make a widget that can display an edit button at the top or bottom of a post.

Oct 06, 2018 09:15

Thanks for all the quality feedback. Well try to get as much as possible done next week.

Oct 06, 2018 11:01

Oh thought I'd just posted here ??
You have to enable inskin editing in Features > Posts too

My code with extras for exceptions and a print button (that uses another skin) and suitable css

	<div style="float:right">
	<?php
	    $pageURL='http://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
		
		$link = '?';
		if (stripos($pageURL, '?') )
		$link = '&amp;';

		if($Item->ID != 492 and $Item->ID != 627 and $Item->ID != 484 and $Item->ID != 679)
		echo'<a class="print" href="' . $pageURL . $link . 'tempskin=print&amp;disp='.$disp.'" target="_blank"><img class="print_icon" src="../../rsc/icons/print_icon.png"  alt="print" title="print" /> &nbsp; Printer Friendly Layout &nbsp;</a> &nbsp;&nbsp;';
 
		if(isset($current_User) and $Item->ID != 492 and $Item->ID != 627 and $Item->ID != 484)
		$Item->edit_link( array( // Link to backoffice for editing
						'before'       		=> '',
						'after'        		=> '',
						'text'         		=> '#',
						'title'        		=> '#',
						'class'        		=> 'edit',
						'save_context' 		=> true,
					) );
		?>
	</div>

Looks like http://calstock.org.uk/elf.php/2016/07/08/fig-and-tree, though inscreen isn't enabled on my site

Oct 06, 2018 15:12

Just looked at the [business skin] and there is a [single.main.phjp] where you can add a link. You could just put a link on the page something like [http://domain.here/blog1.php?disp=edit&p=???}

Oct 06, 2018 16:41

@fplanque Great! Looking forward to the changes. I'll be back on the forum if I have any more suggestions or encounter any other bugs. Keep up the great work!

@amoun Thanks! The code works great. I made a couple of tweaks (removed the print option and just left the $Item->edit_link and added some CSS) and placed the code in the single.main.php file near the title. This was simple enough. Don't know why I thought it needed more work.

Oct 09, 2018 22:56

Max lentgths

We'll address that in v7.0.

As for the file search and the use of the wildcard * symbol, I think that is too technical for non technical people. It is not intuitive.

Should work in next release (6.10.4 or 6.10.5)

As for the contact form, I have disabled the recipient, but the success message displays the username of the owner of the collection.

Gotcha. We'll have to work on this later because there are too many changes underway regarding the contact form.

I'll be honest. If I was only judging by the default skin or available skins, I would have continued my search. But, I wanted to see what b2evolution could do and worry about custom skins later. I know that that is a major hurdle for CMS platforms such as b2evolution since Wordpress has raised the bar really high in regards to free and paid themes. I know that smaller communities don't have many members that are willing to spend time on creating themes for free. But, for b2evolution to become more widespread you need to focus more on creating modern, versatile, flexible and easily customizable skins for free.

I know. We tried. It is very very hard, given the fact that b2evolution uses plenty of widgets that allow the completely re-configure the front office and most front-office CSS designers can't wrap their head around that when writing their CSS :/

Most of the people have visual type personalities. They fall in love with what they see and decide to use a platform based on visuals of available skins or themes. Having worked in marketing for a very long time, I know people are most often attracted by visuals.
That is why Wordpress is so popular. beating Joomla and Drupal by a mile times 10. It is visually appealing to most ordinary people when they see all of those free and paid themes. They don't care if their websites are slow or open to hacking attacks. They just want their website to look nice.

Agreed.

Simplicity is another factor. B2evolution could be intimidating for non technical users when you open the back office and see all of those options. It is easy to mess up or misconfigure something. By saying mess up I don't mean break. I think its easier to break Wordpress than b2evolution. But, you really need to spend some time getting familiar with all of the options.
You were extremely detailed! I was amazed when I saw all of the options and that won me over, but if I was to open b2evolution four or five years ago when I knew nothing about coding and when I was starting with Wordpress, I would have been very intimidated. The back office should be more intuitive for non technical people, less clutter, some redundant things should be removed.

The current plan to tackle this (partially) is to provide a set-up assistant.

Regarding less features: we have tried before: it's frustrating for the advanced users and people who want ultra simple are never going to find it simple enough anyways, just by the fats it supported multiple blogs/collections for example.

I think I saw in the code comments about an idea to allow multiple back office skins. I think that is not necessary. Just tweak the current skin, make it easier to navigate and more appealing and intuitive.

We had that for a while. We have removed it. I fear someday someone will want it back... for a "dark theme" or for a "simplified UI".

Also, maybe creating a second version of b2evolution that is simplified, without all of the advanced options in order to appeal more to non technical people.

We have though about that before. It's appealing when you think bout it, but unrealistic for maintenance. We would actually need multiple versions, optimized each for 1 use case only.

Don't get me wrong with constant references to Wordpress. It is human nature to compare. Since Wordpress is so widespread, people will always compare it to other platforms.

No problem.

So, I think that should be seriously taken into account. I think b2evolution has the potential to attract more Wordpress users that just want to have a low maintenance, secure and SEO friendly blog out of the box. The transition from Wordpress to b2evolution should be flawless and that feature should be a must.

Thank for reminding us we need to test the migration process from wordpress to b2evo on a regular basis.

We do have SEO friendly out of the box. Have you looked at the SEO settings tab already (per Collection). Anything missing in your opinion?

Oct 09, 2018 23:05

Is there an "edit post" option? I read in the manual that there should be an edit button within the post, but I don't see one.

There is a widget called "Item Info Line" which you probably have on top (or bottom) of your posts. It has a checkbox to enabled an edit link.

In the sidebar of every collection/blog front page (except the website front page) I have placed the "User Tools" widget. It was working fine before I activated front end publishing. The widget displays everything, except the "Write a new post link" option. Even as the admin the option is not visible. Also, I have created a new widget out of the User Tools widget by just removing all other options except the "Write a new post link" option. Then, I just styled that link into a big button "Write a new post" that is displayed in the sidebar on all posts and on front pages of collections as a shortcut for users. Both widgets were working fine until I changed some settings in order to accommodate front end publishing. Now, not even the admin has the "Write a new post" option, but all other options are displayed.

We'll fix that but the preferred way is to use the "Menu Link / Button" widget to create a "Write new post" button.

a) is there a way to remove the 'ui-resizable' class? I know that jquery is used to manipulate the
resizing. I don't want the scroll bar to display in such a small space and I don't need the resizing.

Please post a screenshot of your problem. Preferably in a separate topic.

b) When I upload an image through the front office uploader I get a console error that reads:
[Fine Uploader 5.11.9] Caught exception in 'onComplete' callback - init_colorbox is not defined

We're checking.

Oct 11, 2018 08:40

Hello @dexy23,

In the sidebar of every collection/blog front page (except the website front page) I have placed the "User Tools" widget. It was working fine before I activated front end publishing. The widget displays everything, except the "Write a new post link" option. Even as the admin the option is not visible. Also, I have created a new widget out of the User Tools widget by just removing all other options except the "Write a new post link" option. Then, I just styled that link into a big button "Write a new post" that is displayed in the sidebar on all posts and on front pages of collections as a shortcut for users. Both widgets were working fine until I changed some settings in order to accommodate front end publishing. Now, not even the admin has the "Write a new post" option, but all other options are displayed.

Do you still have such issue?
I have tested this on b2evolution-6.10.2-stable-2018-06-20.zip and I think it works as expected.
The option "Write a new post..." is visible only when current collection's setting "In-skin editing"(https://b2evolution.net/man/in-skin-action-settings) is enabled.
If the collection setting is disabled we don't display the link because it is impossible to post on front-office.
And of course current logged in user must be activated and has a permission to post in current collection.
Also widget setting "Write a new post link" must be enabled.
If it doesn't help please make a screenshot with those collection and widget settings.

b) When I upload an image through the front office uploader I get a console error that reads:
[Fine Uploader 5.11.9] Caught exception in 'onComplete' callback - init_colorbox is not defined
...

Sorry, I could not reproduce these js bugs even on 6.10.2 version too, but I got similar errors some days ago which were fixed in commit https://github.com/b2evolution/b2evolution/commit/2b849f674a42568c323da6f70857cbe8dc418ea6 but 6.10.2 has an old wrong code - https://github.com/b2evolution/b2evolution/blob/6.10.2/inc/skins/model/_skin.class.php#L1302-L1303, these lines will be fixed in next release 6.10.4 I think. If you can please try to update these lines manually to:

    require_js( '#jquery#', 'blog' );
    require_js( 'jquery/jquery.sortable.min.js', 'blog' );

I hope it will helps to fix the js errors.

Thanks.

This post has 2 feedbacks awaiting moderation...


Form is loading...

powered by b2evolution free blog software – This forum is powered by b2evolution CMS, a complete engine for your website.