Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Messages - Arantor
2521
Features / Re: New revs
« on November 5th, 2012, 05:27 AM »
(4 files, 2KB)
Revision: 1770
Author: arantor
Date: 05 November 2012 04:26:34
Message:
! Use query_list_board rather than query_see_board for the board index, but if the board is not one of the ones we can get into, tell the user that. (Subs-BoardIndex.php, Boards.template.php, MessageIndex.template.php, index language file)
----
Modified : /trunk/Sources/Subs-BoardIndex.php
Modified : /trunk/Themes/default/Boards.template.php
Modified : /trunk/Themes/default/MessageIndex.template.php
Modified : /trunk/Themes/default/languages/index.english.php
Revision: 1770
Author: arantor
Date: 05 November 2012 04:26:34
Message:
! Use query_list_board rather than query_see_board for the board index, but if the board is not one of the ones we can get into, tell the user that. (Subs-BoardIndex.php, Boards.template.php, MessageIndex.template.php, index language file)
----
Modified : /trunk/Sources/Subs-BoardIndex.php
Modified : /trunk/Themes/default/Boards.template.php
Modified : /trunk/Themes/default/MessageIndex.template.php
Modified : /trunk/Themes/default/languages/index.english.php
2522
Archived fixes / Re: Modify group does not show correct UI for board access
« on November 5th, 2012, 04:53 AM »
This should work, if not be pretty, as of r1769. I gave up trying to have them side by side.
2523
Features / Re: New revs
« on November 5th, 2012, 04:51 AM »
(5 files, 20KB)
Revision: 1769
Author: arantor
Date: 05 November 2012 03:49:40
Message:
! Some additional security for the manage boards code. It's not strictly necessary but better safe than sorry. (ManageBoards.php)
! Board group access was not revoked when groups were previously removed. (Subs-Membergroups.php)
! Should be possible to configure groups' access to boards from the groups configuration page - now uses the proper tables and everything. (ManageMembergroups.php, ManageMembergroups.template.php, ManageMembergroups language file)
@ Note that the groups/board configuration as it stands is not very pretty and while I've extended the queries to get categories, I have not yet made it display them. That's for next time. (But it'll be more spiffy when I get there.)
----
Modified : /trunk/Sources/ManageBoards.php
Modified : /trunk/Sources/ManageMembergroups.php
Modified : /trunk/Sources/Subs-Membergroups.php
Modified : /trunk/Themes/default/ManageMembergroups.template.php
Modified : /trunk/Themes/default/languages/ManageMembers.english.php
Revision: 1769
Author: arantor
Date: 05 November 2012 03:49:40
Message:
! Some additional security for the manage boards code. It's not strictly necessary but better safe than sorry. (ManageBoards.php)
! Board group access was not revoked when groups were previously removed. (Subs-Membergroups.php)
! Should be possible to configure groups' access to boards from the groups configuration page - now uses the proper tables and everything. (ManageMembergroups.php, ManageMembergroups.template.php, ManageMembergroups language file)
@ Note that the groups/board configuration as it stands is not very pretty and while I've extended the queries to get categories, I have not yet made it display them. That's for next time. (But it'll be more spiffy when I get there.)
----
Modified : /trunk/Sources/ManageBoards.php
Modified : /trunk/Sources/ManageMembergroups.php
Modified : /trunk/Sources/Subs-Membergroups.php
Modified : /trunk/Themes/default/ManageMembergroups.template.php
Modified : /trunk/Themes/default/languages/ManageMembers.english.php
2524
Archived fixes / Re: Modify board: "All groups who can see a board can enter it as well"
« on November 5th, 2012, 04:28 AM »
There is such an option. It works just fine for me.
But I know I reset it in my profile. I have the awful feeling it's broken when I rewrote the member options code to have a more sane UI.
But I know I reset it in my profile. I have the awful feeling it's broken when I rewrote the member options code to have a more sane UI.
2525
Features / Re: Something really strange just occurred to me
« on November 5th, 2012, 04:27 AM »There should be an option added to "Main configuration" in admin interface that would ask which group should be treated as main member group
I am not going to get into that particular little dance because there is a LOT more logic at stake and a lot more to go wrong if it gets messed about with. However, making the Regular Members group be that group - and NEVER ANYTHING ELSE - will solve problems.
Then tools available such as "create/duplicate new Regular Members group optionally including all users/some/users from group(s)..."
"... But exclude users from certain group(s) or list of user(s)". Might be a performance issue somewhere, I hope not.
Let me explain. All users when created get stuffed into group 0, Regular Members. I'm just proposing that this group be a real group. That you be able to assign badges to it, or manage like it a regular group should you want to do so. But in all other respects it is no different to the current regular members group as it stands.
Or groups created/existing groups (Each group found in database) shall have a new column to signify whether or not it's "the Regular Member group"
If you have a group that you can manipulate where users go when registered, job done. You don't need to fuck about creating new groups that mimic it. If you can give me one meaningful case where this would be advantageous, where it can't be done better some other fashion, let me know. I'm willing to listen. But I'm pretty certain that any case you suggest, I can figure out a better way of doing it than this clusterfuck of confusion.
2526
Archived fixes / Re: Modify board: "All groups who can see a board can enter it as well"
« on November 5th, 2012, 04:22 AM »
That was my gut feeling, and the underlying logic needs to change to make that work. But that's no biggie, I'll fix that after my current project.
2527
Test board / Re: "hello world!"
« on November 5th, 2012, 03:54 AM »
Yup, SMF forcibly encoded everything, it's been relaxed but it might become less relaxed again.
2528
Features / Something really strange just occurred to me
« on November 5th, 2012, 03:44 AM »
We've all commented in the past about the inanity of 'Regular Members', about the various issues with it and so on.
While working on the member groups configuration page, it just occurred to me - what if, for the sake of argument, Regular Members were to be an actual physical group?
It's not, in any real sense of the word, a physical group. You can't rename it. It doesn't show up on the left anywhere (which is, mostly, the reason for it being a phantom group). Users often want to put users into a specific group on registration - why not make it so they actually DO go into a physical group at registration rather than this phantom group?
Other than having to tweak some of the display code, not to mention some of the management logic (like preventing users deleting it, and to prevent it being changed to another kind of group), I see no reason not to do this.
On the flip side, it would allow you to do things you currently can't - you can't currently set the list of boards accessible to Regular Members as a whole group. You have to do that one board by board, even in SMF, because the edit-membergroup page only works on cases where the group id is 2 or 4+ (global moderator and any group that isn't guests, regular members, admin and board moderators)
I'd love to hear more opinions on this, especially from people who know the code base. I don't see that it should affect things that significantly anywhere.
While working on the member groups configuration page, it just occurred to me - what if, for the sake of argument, Regular Members were to be an actual physical group?
It's not, in any real sense of the word, a physical group. You can't rename it. It doesn't show up on the left anywhere (which is, mostly, the reason for it being a phantom group). Users often want to put users into a specific group on registration - why not make it so they actually DO go into a physical group at registration rather than this phantom group?
Other than having to tweak some of the display code, not to mention some of the management logic (like preventing users deleting it, and to prevent it being changed to another kind of group), I see no reason not to do this.
On the flip side, it would allow you to do things you currently can't - you can't currently set the list of boards accessible to Regular Members as a whole group. You have to do that one board by board, even in SMF, because the edit-membergroup page only works on cases where the group id is 2 or 4+ (global moderator and any group that isn't guests, regular members, admin and board moderators)
I'd love to hear more opinions on this, especially from people who know the code base. I don't see that it should affect things that significantly anywhere.
2529
Features / Re: You will have to revalidate in...
« on November 5th, 2012, 01:38 AM »
Oh, in case anyone was wondering, I did already implement this, and if you look in the screenshots in http://wedge.org/pub/feats/7662/permissions-ui/ you will even see it ;) No it is not updated in JavaScript, and I'm still not convinced I would like it to be.
2530
Archived fixes / Re: Minor Quick Edit Bug
« on November 5th, 2012, 01:36 AM »
Oh yay. I know exactly why this happened >_< Thanks for reporting, we'll get on it shortly.
It is exactly as per http://wedge.org/pub/test/7658/hello-world/
Posted: November 4th, 2012, 09:18 PM
It is exactly as per http://wedge.org/pub/test/7658/hello-world/
2531
Test board / Re: "hello world!"
« on November 5th, 2012, 01:34 AM »
The choice: saving a few bytes per quote which means you absolutely know the content is safe to be thrown around in inputs, or other form items or indeed via JS.
Or, fixing every time this comes up. I already had to put a work around into the display code so that the subject would be cleaned so quick reply would actually get this right.
I stand by what I said: I was fine with this all the time security's not an issue. Except we're half a step away from security issues with this. I'm *still* not entirely convinced there isn't an XSS bug lurking because of this, I never have been convinced of its being as secure as using htmlspecialchars with ENT_QUOTES everywhere and just being done with it.
Or, fixing every time this comes up. I already had to put a work around into the display code so that the subject would be cleaned so quick reply would actually get this right.
I stand by what I said: I was fine with this all the time security's not an issue. Except we're half a step away from security issues with this. I'm *still* not entirely convinced there isn't an XSS bug lurking because of this, I never have been convinced of its being as secure as using htmlspecialchars with ENT_QUOTES everywhere and just being done with it.
2532
Archived fixes / Re: open_basedir and Cache Errors
« on November 5th, 2012, 01:29 AM »
Committed in r1768.
2533
Archived fixes / Re: Delete member does not delete PM rules
« on November 5th, 2012, 01:28 AM »
Fixed original issue in r1768. Not marking solved since I think the above two posts should be in another topic but will leave for now.
2534
Archived fixes / Re: Install Errors
« on November 5th, 2012, 01:27 AM »
Ah, I know why this is. I'll fix it in the installer going forward.
It is interesting to note how many people have mbstring installed ;)
Fixed in r1768.
Posted: November 5th, 2012, 01:16 AM
It is interesting to note how many people have mbstring installed ;)
Posted: November 5th, 2012, 01:20 AM
Fixed in r1768.
2535
Features / Re: New revs
« on November 5th, 2012, 01:27 AM »
(3 files, 1KB)
Revision: 1768
Author: arantor
Date: 05 November 2012 00:25:33
Message:
! The installer should initialise westr if it's going to load it - just in case. Most of the time, not a big deal. (install.php)
! glob() can return false instead of empty arrays sometimes. Check where this is important and skip the loops if it's empty. (Subs-Cache.php)
! Delete member PM rules when their account is deleted. (Subs-Members.php)
----
Modified : /trunk/Sources/Subs-Cache.php
Modified : /trunk/Sources/Subs-Members.php
Modified : /trunk/root/install.php
Revision: 1768
Author: arantor
Date: 05 November 2012 00:25:33
Message:
! The installer should initialise westr if it's going to load it - just in case. Most of the time, not a big deal. (install.php)
! glob() can return false instead of empty arrays sometimes. Check where this is important and skip the loops if it's empty. (Subs-Cache.php)
! Delete member PM rules when their account is deleted. (Subs-Members.php)
----
Modified : /trunk/Sources/Subs-Cache.php
Modified : /trunk/Sources/Subs-Members.php
Modified : /trunk/root/install.php