Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Messages - Arantor
4696
Bug reports / SMF bug 2706 (no preview on newsletter)
« on February 29th, 2012, 01:50 PM »
I really think this should be implemented, especially as the hilarious comment from Nao from about 3 years ago hints.
4697
Bug reports / SMF bug 4839 (hooks not cleared after an upgrade)
« on February 29th, 2012, 01:44 PM »
This is potentially a tricky one to contend with, and I'm wary of how exactly automated this should be - even with all the safeguards normally put in place in the plugin manager.
What I would probably have the upgrader do is disable all plugins (going through the same steps as DisablePlugin() does), and then let the admin re-enable them afterwards - especially since a plugin may no longer function if it depends on a hook that is subsequently altered (e.g. we change its signature, so we should rename it to enforce authors version check properly)
What I would probably have the upgrader do is disable all plugins (going through the same steps as DisablePlugin() does), and then let the admin re-enable them afterwards - especially since a plugin may no longer function if it depends on a hook that is subsequently altered (e.g. we change its signature, so we should rename it to enforce authors version check properly)
4698
Bug reports / SMF bug 4873 (agreement not shown, no error, if agreement.txt is not available)
« on February 29th, 2012, 01:35 PM »
Interesting one this, I'd always assumed there would be an error, but guess not.
In any case, I'd love to see if we can't do something better than using agreement.txt by default, simply because if you're going to modify it, you have to get into the realms of modifying the file itself rather than using the DB or similar.
Whatever we do with this, we should bear this in mind.
In any case, I'd love to see if we can't do something better than using agreement.txt by default, simply because if you're going to modify it, you have to get into the realms of modifying the file itself rather than using the DB or similar.
Whatever we do with this, we should bear this in mind.
4699
Bug reports / SMF bug 479 (attachments potentially attached to the wrong post)
« on February 29th, 2012, 01:29 PM »
The issue in this bug is that if a page errors for any reason, any attachments made are saved after the initial submission and the details stored in session, but it's not specific - they're just generically in session, because browsers with multiple tabs just weren't around at the time, and as such it was never really so much of a problem.
Whatever fix SMF has, they've separated it out by board, which is workable but still susceptible to two topics in the same board exhibiting the same behaviour.
Possible solutions:
* only accept attachments AJAXively (e.g. to Media and return a media bbcode for it)
* when submitting, create a token for those attachments, and return that token with the form, such that the token has to be returned to get the attachments submitted. (All the other protections about orphaned attachments in session would need to be adapted but this is not a huge task)
Whatever fix SMF has, they've separated it out by board, which is workable but still susceptible to two topics in the same board exhibiting the same behaviour.
Possible solutions:
* only accept attachments AJAXively (e.g. to Media and return a media bbcode for it)
* when submitting, create a token for those attachments, and return that token with the form, such that the token has to be returned to get the attachments submitted. (All the other protections about orphaned attachments in session would need to be adapted but this is not a huge task)
4700
Bug reports / SMF bug 4938 (attachment maintenance can fall foul of the security timeout)
« on February 29th, 2012, 01:22 PM »
There's not really a good solution for this one, as indicated, because the password's going to be needed every hour, and I don't think for something like that, that it is reasonable to expect them to type the password in every hour.
I'm thinking a CLI script might be a better way to deal with that, but would encourage discussion on the matter.
I'm thinking a CLI script might be a better way to deal with that, but would encourage discussion on the matter.
4701
Bug reports / SMF bug 4770 (top level menu items should be clickable)
« on February 29th, 2012, 01:19 PM »
In the profile and in the admin areas, the top level menu items are explicitly not clickable, and many, many times I've clicked them by accident and got nowhere >_<
Not sure yet how best to deal with it, though, especially since admin and profile use them in such different ways, but I'm sure we can do something with them.
Not sure yet how best to deal with it, though, especially since admin and profile use them in such different ways, but I'm sure we can do something with them.
4702
Archived fixes / SMF bug 4859 (Text limit not necessarily enforced properly)
« on February 29th, 2012, 01:08 PM »
I can see what's being said here - if you have a post that, when converted to get its br tags etc, will overflow 64K but the post itself was otherwise below 64K, it can be truncated at the end of the text boundary.
There was talk at one point that we were going to make it mediumtext, but the SQL says we didn't >_> Hmm, need to look this one up.
There was talk at one point that we were going to make it mediumtext, but the SQL says we didn't >_> Hmm, need to look this one up.
4703
Bug reports / Re: Possible incorrect behaviour in fatal error handling?
« on February 29th, 2012, 12:12 PM »
Why does the matryoshka scenario occur, out of interest? What causes it to implant the skeleton inside default?
4704
Features / Re: New revs
« on February 29th, 2012, 12:11 PM »
(4 files, 2KB)
Revision: 1406
Author: arantor
Date: 29 February 2012 11:10:33
Message:
! Cleaning up a language string in the admin. (ManagePlugins.template.php, Admin language file)
! SMF bug 4000/4730: Reattributing posts should also clean up the topics too. The query doesn't need to blindly reset every topic that the member owns, however, only the ones currently with a member id of 0. (Any that are actually otherwise wrong will be fixed by find/repair) (Subs-Members.php)
----
Modified : /trunk/Sources/Subs-Members.php
Modified : /trunk/Themes/default/ManagePlugins.template.php
Modified : /trunk/Themes/default/languages/Admin.english.php
Modified : /trunk/Themes/default/languages/Admin.french.php
Revision: 1406
Author: arantor
Date: 29 February 2012 11:10:33
Message:
! Cleaning up a language string in the admin. (ManagePlugins.template.php, Admin language file)
! SMF bug 4000/4730: Reattributing posts should also clean up the topics too. The query doesn't need to blindly reset every topic that the member owns, however, only the ones currently with a member id of 0. (Any that are actually otherwise wrong will be fixed by find/repair) (Subs-Members.php)
----
Modified : /trunk/Sources/Subs-Members.php
Modified : /trunk/Themes/default/ManagePlugins.template.php
Modified : /trunk/Themes/default/languages/Admin.english.php
Modified : /trunk/Themes/default/languages/Admin.french.php
4705
Bug reports / Re: Possible incorrect behaviour in fatal error handling?
« on February 29th, 2012, 12:06 PM »
Well, not the entire skeleton (though that would certainly work), just replacing the entirety of <default> with that.
4706
Features / Re: Privacy options
« on February 29th, 2012, 11:52 AM »
I haven't digested everything here, but wanted to catch up on the most important points (to me at least)Quote Yup, it certainly is. It needs to have query_see_topic somewhere, ideally the earlier the better.Quote Ah, but it can. This is one of the many foibles of the system. If you have a topic that is unapproved, the owner and moderators/approvers can see it. Should a moderator/approver reply to it (e.g. in response to the opening post, as per SMF Showcase board), that post will be approved, but the topic as a whole and its opening post will both be marked unapproved.Quote That's the thing, when you have two instances of the messages table aliased, it's normally because both the first and last message in the topic are being referenced, (e.g. message index pulls both the first post for the subject and topic starter, and the last post for the last poster's name and post time) and both of those could be separately approved or not.Quote The point is, while I can't bring any examples immediately to mind, it's possible that someone can find a combination of ' and " that would allow them to escape out of the usual protective layers, so that malicious links or onclicks could be added.
Look at the only query with a m.approved test. It doesn't test for topic privacy. Then, the subsequent query does a topic join but doesn't have query_see_topic, either. In the end -- it's broken.
a m.approved test is very close to a t.approved test because in SMF, an unapproved topic can't hold approved posts. I think
Would be fixable I think -- if anything, by renaming these custom aliases to 'm', and renaming the other 'm' to something else...
To me, single quotes and double quotes can always be used in a field. It's just when *communicating* with that field that one has to be careful... i.e. you have to escape quotes at the last moment when inserting data. But that's really the ONLY moment I can think of where we absolutely NEED to escape stuff... Unlike a 039 that has no particular purpose in a table row.
4707
Features / Re: New revs
« on February 29th, 2012, 11:19 AM »
(4 files, 2KB)
Revision: 1405
Author: arantor
Date: 29 February 2012 10:17:29
Message:
! Fix for SMF bug 4743 (updating post count membergroups uses old cache data) (ManageMembergroups.php)
! More remnants of mod settings page vanished. (ManageServer.php, Help language file)
----
Modified : /trunk/Sources/ManageMembergroups.php
Modified : /trunk/Sources/ManageServer.php
Modified : /trunk/Themes/default/languages/Help.english.php
Modified : /trunk/Themes/default/languages/Help.french.php
@ I'm certain my fix is different to SMF's for the same bug as mentioned here. If they're modifying Subs.php, either they're no longer using cached data, or they've overloaded updateStats() in some fashion to indicate that the cache shouldn't be used. Either way, that's tampering with something that's applied every post as it's made, as opposed to just flushing the cache when updating the relevant data in the admin panel as I'm doing.
Revision: 1405
Author: arantor
Date: 29 February 2012 10:17:29
Message:
! Fix for SMF bug 4743 (updating post count membergroups uses old cache data) (ManageMembergroups.php)
! More remnants of mod settings page vanished. (ManageServer.php, Help language file)
----
Modified : /trunk/Sources/ManageMembergroups.php
Modified : /trunk/Sources/ManageServer.php
Modified : /trunk/Themes/default/languages/Help.english.php
Modified : /trunk/Themes/default/languages/Help.french.php
@ I'm certain my fix is different to SMF's for the same bug as mentioned here. If they're modifying Subs.php, either they're no longer using cached data, or they've overloaded updateStats() in some fashion to indicate that the cache shouldn't be used. Either way, that's tampering with something that's applied every post as it's made, as opposed to just flushing the cache when updating the relevant data in the admin panel as I'm doing.
4708
Bug reports / Re: Possible incorrect behaviour in fatal error handling?
« on February 29th, 2012, 10:12 AM »For instance a template error (index?) will sometimes regenerate the full page inside of itself. I always smile when it happens. No biggie though
The main fix, primarily, though would be to simply have the fatal error handler dropping everything inside default and only using its own template. Would likely fix the other mentioned issue too.
4709
Bug reports / Re: Possible incorrect behaviour in fatal error handling?
« on February 29th, 2012, 08:57 AM »
If stuff is written properly, no, because it's just a template being executed and other execution is appropriately suspended. However, if that template relies on content being set up that it would otherwise expect and now isn't, then it'll dump other errors into the log.
Now, of course, in an ideal world we wouldn't normally call wetem::load before having validated everything so that we wouldn't need to worry about it but there are times it's going to happen, with the above as a consequence.
Now, of course, in an ideal world we wouldn't normally call wetem::load before having validated everything so that we wouldn't need to worry about it but there are times it's going to happen, with the above as a consequence.
4710
Bug reports / Possible incorrect behaviour in fatal error handling?
« on February 29th, 2012, 02:57 AM »
OK, so I'm fixing up the calendar at last, and there's the grisly assortment of mismatches of variables and things out of scope where they were before in the original code and I forgot to preserve it.
But, interestingly, I got this to happen.
The top template, as you might recognise, is the fatal error template. The theory is that it should normally override everything and anything. But it's called with a simple wetem::load, and as it happens in this case, another wetem::load has already been issued before we get to the actual fatal_lang_error call.
I'm inclined to think that the fatal error should override and remove anything in the default layer rather than the current prepending behaviour.
Thoughts (Nao especially)?
But, interestingly, I got this to happen.
The top template, as you might recognise, is the fatal error template. The theory is that it should normally override everything and anything. But it's called with a simple wetem::load, and as it happens in this case, another wetem::load has already been issued before we get to the actual fatal_lang_error call.
I'm inclined to think that the fatal error should override and remove anything in the default layer rather than the current prepending behaviour.
Thoughts (Nao especially)?