Recent Topics

1 Jul 11, 2006 20:46    

Will make a plugin where users can add PHP or Javscript code to their posts to display or to execute.

Although we need to wait for the post html validator feature that is built into b2evolution to become a plugin first. Reason here;
http://forums.b2evolution.net//viewtopic.php?t=8354&highlight=code+post

2 Jul 11, 2006 22:35

So you can put in pieces of code in a post for people to copy paste..

cool!

3 Jul 12, 2006 09:15

Just to save duplication of effort we've already got a plugin that allows you to add custom <title>, keywords, meta tags, css and javscript to your posts and have them execute (haven't coded in the ability for custom php though).

We've also got a code plugin that allows you to enter code into your posts and have it displayed without any problems with the html checker :D

Both of these were put on hold as they required 1.7+ as a minimum, but now that 1.8 is out we can tart them up and release them ;)

Topanga : If you'd like to play with the pre-release version of the code plugin just let me know.

¥

4 Jul 12, 2006 12:03

[off topic]
¥åßßå wrote:

Topanga : If you'd like to play with the pre-release version of the code plugin just let me know.

¥åßßå : I'm going to concentrate myself to locales and packages on the CVS server to download from the wiki...
When I've realized that, version 2.2 will be out I suppose, since I have no clue what I'm doing ;)
But I want those packages of locales and it has to be in CVS..

For my personal website I want to try out everything that is concerning rating of a post
rating of a restaurant
rating of a movie
rating of a picture
gallery-stuff
images-stuff

My personal website is completely non-tech.
[/offtopic]

5 Jul 12, 2006 14:20

¥åßßå, i'll be interested to take a look...

I talked with blueyed about the having code in posts, and we both agreed that html checker would need to become a plugin.... So i'm interested how you got code to work.

And i only develop plugins for the 1.8 series.

But yeh, i wouldn't mind helping out with what you've already done, like adding execute php support etc.

6 Jul 12, 2006 16:19

balupton wrote:

¥åßßå, i'll be interested to take a look...

Doesn't it suck to have to say "ooh can I play too?" Cuz, you know, some OTHER people might want to play. Some OTHER people who, you know, PMd someone else a damn-near-ready version of a plugin that everyone wants. Some OTHER people might want to play but might feel a tad sidelined and, yes - injured - by being forced to say "gosh gee willy if I had a plugin like that I'd be super happy" so instead they slink off quietly and don't ask for nothing that wasn't offered to them. That's what some OTHER people might be thinking and end up doing.

Not that I know anyone like that. I'm just sayin' !

7 Jul 12, 2006 16:23

I'm totally not follwing.

8 Jul 12, 2006 18:05

ohhhh can I play to wrote:

So i'm interested how you got code to work.

Simple, I cheated ;)

Balupton wrote:

But yeh, i wouldn't mind helping out with what you've already done, like adding execute php support etc.

I didn't add php support on purpose, it'd be a huge security hole on any system that involved multiple bloggers. For the same reason javascript is also disabled by default and has to be enabled by manually editing the file.

They still haven't been tarted up to use the (final) 1.8 version of the code but I'll send you a copy when they're close enough.

*hands EdB a :cookie:* lol ;)

¥

9 Jul 12, 2006 18:08

I didn't add php support on purpose, it'd be a huge security hole on any system that involved multiple bloggers. For the same reason javascript is also disabled by default and has to be enabled by manually editing the file.

Of course, the scripts should only be aloud for the admin of the b2evo setup... Or users that the admin specifies, via the plugin settings.

10 Jul 12, 2006 18:10

I'd rather remove any risk altogether ;)

¥

11 Jul 12, 2006 18:13

But it is a popular requested feature, to execute javascript and php code.

Are you even adding support to do that in your plugin?
Or will the user need to manually add that?

Edit: And how is letting the admin execute code in a post a risk, their the admin!

12 Jul 12, 2006 18:21

I haven't (and won't) add php support to the plugin, if you wish to make one that allows that then cool, but I'll never install (or advise anybody else to install) it on a blog.

Can you guarantee that a plugin that should be "admin only" will ALWAYS only be available to admins? I can't, hence why I won't code in the ability.

¥

13 Jul 12, 2006 18:24

If current user's id is 1, then they are the admin.

Well thats what the functionality i was going to add, as it has been requested many times.

Although i will need to wait for the html checker to become a plugin or ...

14 Jul 12, 2006 18:29

No, if the current user id == 1 then they are one of the admins, usually $current_User->Group->ID == admin group, but we've seen how stuff changes from day to day in cvs right?

Personally I'll never open a blog to that risk, if you choose to do so then that's fine by me.

You don't need to wait for the html checker to be converted to a plugin, you just need to be a tad "imaginative" ;)

¥

15 Jul 12, 2006 18:36

My imagination goes to "other" things. Instead of finding an "alternative" way to do something, when i just need to wait a while for the inevitable "proper" way to be done.

In other words, i'm happy waiting for the html checker to become a plugin.

16 Jul 12, 2006 18:46

That was a tad of a long wait in 1.7 ;)

¥

17 Jul 12, 2006 18:54

Yeh, well i'm patient ;)

Why didn't you just make the html checker plugin and make everyone happy :D - think of it as a challege :>

Aye i'll even buy you a round :)

18 Jul 12, 2006 19:11

lol, I didn't need to ;)

¥

19 Jul 12, 2006 19:14

Yeh.... But you should do it, so then everyone else is happy, as the html checker 'should' be turned into a plugin, it's on the todo list...

20 Jul 12, 2006 19:17

Cool, in that case it'll probably be turned into one and I can stop having to battle it as well :D

¥

22 Jul 12, 2006 19:37

Lol, I know where the dev blog is ;)

I tried prioritising mine by beers, but it's a tad expensive here, so I eventually settled for drugs and sexual favours ..... you fall into the "promise me drugs" category :|

¥

23 Jul 12, 2006 19:41

Lol, I know where the dev blog is

Yeh yeh, i know :oops:

I tried prioritising mine by beers, but it's a tad expensive here, so I eventually settled for drugs and sexual favours ..... you fall into the "promise me drugs" category

Glad to know your priorities are in order 8|

Although, I think i'll be sticking with the cheap lager shouts ;)

24 Jul 13, 2006 00:36

I'm with Y on this detail. POSTING is not the place to execute code, no matter how many people say they want it. On a different detail things are different: Group ID #1 means a member of the admin group, but User ID #1 is always THE admin. Having said that, you can't tell if a blogger won't say "log in with username and password to post as admin so it looks official", thus the whole idea of knowing who ID #1 is goes out the window. So why open up a potential security hole?

Hey a long time ago stk came up with a hack that gave posters and commenters a specific explanation of why their post or comment was rejected by the antispam blacklist instead of the generic "bad stuff here" text. Francois responded to that thread with "you are opening up a security hole" without explanation of what the hole was. I immediately undid that hack because, well, because Francois is 'the man' and I'll take his word for what we shouldn't do for security reasons.

-----------

Did this thread go way off topic?

25 Jul 13, 2006 08:27

Well euh.. no

They all want to display code in the posts, so readers can copy paste the code.

They want it to put in without having to scramble the whole thing trough a processor, so you can just copy paste and use the code in your pages.

There is a plugin written for WP, why not port that over ?

26 Jul 13, 2006 10:37

Displaying code is not a problem, or at least it won't be once I finish tarting up our plugin so it can be released (it was written for 1.7 so needs a few changes as the core code has changed in the 7 months since it was first written).

The problem is allowing users to execute php code directly from their posts.

I should hopefully finish tidying up the code within the next couple of days ;)

¥

27 Jul 13, 2006 13:05

Topanga wrote:

... They all want to display code in the posts, so readers can copy paste the code. ...

Understood, but I was refering to the people who want to execute code. Of those I think it's mostly for 'stock' stuff. I like the idea of copy/paste with ease - but not execute any old code that comes along.


Form is loading...