Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Messages - Arantor
6106
The Pub / Re: Is accumulating Editor in wedge like the one in wordpress a big deal
« on October 5th, 2011, 11:13 PM »
Hmm, good point. See, I did say I hadn't thought it all out...
6107
The Pub / Re: Is accumulating Editor in wedge like the one in wordpress a big deal
« on October 5th, 2011, 09:54 PM »
I don't know how to handle them yet.
Doing it how SMF does it, though, is a no-go, because their editor accepts the smiley but on conversion, converts it to a generic img tag. This has other consequences, not just the obvious one about taking more processor time to process, like users who have different smiley sets to the forum default.
Doing it how SMF does it, though, is a no-go, because their editor accepts the smiley but on conversion, converts it to a generic img tag. This has other consequences, not just the obvious one about taking more processor time to process, like users who have different smiley sets to the forum default.
6108
The Pub / Re: Is accumulating Editor in wedge like the one in wordpress a big deal
« on October 5th, 2011, 08:48 PM »
Footnotes are not simple BBC, not when you convert back from HTML. Quotes are a similar case. And quotes are not converted to/from WYSIWYG in any of the systems that have BBC and WYSIWYG.
I also don't think most people use quoting, so the bulk of posts in most forums will be fine. But a post in pure HTML, if we know it's pure HTML, we don't have to pass it through a parser... We don't have to do anything other than output it.
I also don't think most people use quoting, so the bulk of posts in most forums will be fine. But a post in pure HTML, if we know it's pure HTML, we don't have to pass it through a parser... We don't have to do anything other than output it.
6109
The Pub / Re: Is accumulating Editor in wedge like the one in wordpress a big deal
« on October 5th, 2011, 08:26 PM »
Because they're already HTML.
Posts with bbcode likely cannot translate back and forth cleanly. E.g. Footnotes cannot be converted to/from HTML in any meaningful fashion.
Posts with bbcode likely cannot translate back and forth cleanly. E.g. Footnotes cannot be converted to/from HTML in any meaningful fashion.
6110
The Pub / Re: Is accumulating Editor in wedge like the one in wordpress a big deal
« on October 5th, 2011, 07:42 PM »
I'm not suggesting we disable switching.
I'm saying we do switching but if the post was purely done in WYSIWYG, save it in WYSIWYG and bypass BBC parsing.
Oh, and make switching more reliable in the first place...
I'm saying we do switching but if the post was purely done in WYSIWYG, save it in WYSIWYG and bypass BBC parsing.
Oh, and make switching more reliable in the first place...
6111
Plugins / Re: File permissions
« on October 5th, 2011, 06:47 PM »
Well, I could have it remember the port and username (as SMF can do) and you just type in the password.
6112
Off-topic / Re: Support policy
« on October 5th, 2011, 06:46 PM »One thought popped into my mind about this: Will plugins who add functionality into the Admin Panel also be able to be found via the search? How will that work?
That said, a plugin can also without much effort (one line of code!) get a link to the admin panel area for their configuration, from the plugin manager page.
6113
Features / Re: New revs
« on October 5th, 2011, 05:34 PM »
Revision: 1059
Author: arantor
Date: 16:34:18, 05 October 2011
Message:
! Don't include 'desc' type entries in the admin search, they're often not that relevant. (Admin.php)
! Move 'do admins have to approve account deletions' to the Members > Options area. (ManageMemberOptions.php, ManageSettings.php)
! Move 'require users to revalidate email on change' to Registration and split the registration options into two panes. (ManageRegistration.php, ManageSettings.php, ManageSettings language file)
! Remove the now-empty Security and Moderation > General page (Admin.php, ManageSettings.php, Admin language file)
----
Modified : /trunk/Sources/Admin.php
Modified : /trunk/Sources/ManageMemberOptions.php
Modified : /trunk/Sources/ManageRegistration.php
Modified : /trunk/Sources/ManageSettings.php
Modified : /trunk/Themes/default/languages/Admin.english.php
Modified : /trunk/Themes/default/languages/Admin.french.php
Modified : /trunk/Themes/default/languages/ManageSettings.english.php
Author: arantor
Date: 16:34:18, 05 October 2011
Message:
! Don't include 'desc' type entries in the admin search, they're often not that relevant. (Admin.php)
! Move 'do admins have to approve account deletions' to the Members > Options area. (ManageMemberOptions.php, ManageSettings.php)
! Move 'require users to revalidate email on change' to Registration and split the registration options into two panes. (ManageRegistration.php, ManageSettings.php, ManageSettings language file)
! Remove the now-empty Security and Moderation > General page (Admin.php, ManageSettings.php, Admin language file)
----
Modified : /trunk/Sources/Admin.php
Modified : /trunk/Sources/ManageMemberOptions.php
Modified : /trunk/Sources/ManageRegistration.php
Modified : /trunk/Sources/ManageSettings.php
Modified : /trunk/Themes/default/languages/Admin.english.php
Modified : /trunk/Themes/default/languages/Admin.french.php
Modified : /trunk/Themes/default/languages/ManageSettings.english.php
6114
Off-topic / Re: Support policy
« on October 5th, 2011, 05:30 PM »
Heh!
All joking and sarcasm aside, I do really want to encourage people to use the tools they have to hand, a lot more than they currently do.
If people use those tools, and tell me they can't find what they're looking for, I know then that I have a problem to fix. If the interface prompts questions because it's unclear and/or illogical, I need to know so I can fix them.
However, I'm aware the interface will prompt questions from people who can't be bothered to look, who can't be bothered to use the facilities put there in front of them. For those people, I have no time or patience; if they don't have the time or patience to try things out for themselves, or to use the resources to hand, I don't have the time or patience to help them. But I'm more than willing to help people who have genuinely tried to use it, and that it isn't because of laziness that the resources don't help them.
All joking and sarcasm aside, I do really want to encourage people to use the tools they have to hand, a lot more than they currently do.
If people use those tools, and tell me they can't find what they're looking for, I know then that I have a problem to fix. If the interface prompts questions because it's unclear and/or illogical, I need to know so I can fix them.
However, I'm aware the interface will prompt questions from people who can't be bothered to look, who can't be bothered to use the facilities put there in front of them. For those people, I have no time or patience; if they don't have the time or patience to try things out for themselves, or to use the resources to hand, I don't have the time or patience to help them. But I'm more than willing to help people who have genuinely tried to use it, and that it isn't because of laziness that the resources don't help them.
6115
Off-topic / Support policy
« on October 5th, 2011, 04:54 PM »
I just decided, when it comes to Wedge and support, I'm going to be mean. Hate me if you want!
Here's what I'm going to do. Whenever anyone asks me where a setting is, I'm going to tell them to:Quote Seriously, I'm going to do that - and make sure I have a bookmarklet or similar for it - simply because I want to emphasise that there is, in fact, a search facility for the admin panel...
:niark:
Here's what I'm going to do. Whenever anyone asks me where a setting is, I'm going to tell them to:
1. Click on Admin in the menu.
2. Enter your password if you need to.
3. See that little box on the right? Type in [name of setting] in there.
4. Press 'Go'.
:niark:
6116
Features / Re: New revs
« on October 5th, 2011, 04:34 PM »
Revision: 1058
Author: arantor
Date: 15:34:05, 05 October 2011
Message:
! Split the FTP connection class into its own file, as it's the only bit of Class-Package I actually *want*, as xmlArray is going to be phased out over time. (Class-FTP.php, Class-Package.php, Subs-Media.php, PackageGet.php, Packages.php, Subs-Package.php)
! Converted modSetting enableVBStyleLogin into a more sensibly named theme setting and did a little light housekeeping with it. (install.sql, Load.php, ManageSettings.php, Subs.php, Help + ManageSettings + Themes language files, Settings.template.php)
! Removed the contiguous pages setting regarding page index (index.template.php, ManageSettings.php, Help and ManageSettings language files)
! Removed the rest of the Layout page from Features and Options now that it doesn't have anything in it, after moving the Today/Yesterday setting. (Admin.php, ManageSettings.php, Admin + ManageSettings + Help language files)
! Pretty URLs admin page should at least return something to the admin search, even if it's only the section's name, and not foul the search up. (ManageSettings.php)
----
Modified : /trunk/Sources/Admin.php
Added : /trunk/Sources/Class-FTP.php
Modified : /trunk/Sources/Class-Package.php
Modified : /trunk/Sources/Load.php
Modified : /trunk/Sources/ManageSettings.php
Modified : /trunk/Sources/PackageGet.php
Modified : /trunk/Sources/Packages.php
Modified : /trunk/Sources/Subs-Package.php
Modified : /trunk/Sources/Subs.php
Modified : /trunk/Sources/media/Subs-Media.php
Modified : /trunk/Themes/default/Settings.template.php
Modified : /trunk/Themes/default/index.template.php
Modified : /trunk/Themes/default/languages/Admin.english.php
Modified : /trunk/Themes/default/languages/Admin.french.php
Modified : /trunk/Themes/default/languages/Help.english.php
Modified : /trunk/Themes/default/languages/Help.french.php
Modified : /trunk/Themes/default/languages/ManageSettings.english.php
Modified : /trunk/Themes/default/languages/ManageSettings.french.php
Modified : /trunk/Themes/default/languages/Themes.english.php
Modified : /trunk/Themes/default/languages/Themes.french.php
Modified : /trunk/other/install.sql
Author: arantor
Date: 15:34:05, 05 October 2011
Message:
! Split the FTP connection class into its own file, as it's the only bit of Class-Package I actually *want*, as xmlArray is going to be phased out over time. (Class-FTP.php, Class-Package.php, Subs-Media.php, PackageGet.php, Packages.php, Subs-Package.php)
! Converted modSetting enableVBStyleLogin into a more sensibly named theme setting and did a little light housekeeping with it. (install.sql, Load.php, ManageSettings.php, Subs.php, Help + ManageSettings + Themes language files, Settings.template.php)
! Removed the contiguous pages setting regarding page index (index.template.php, ManageSettings.php, Help and ManageSettings language files)
! Removed the rest of the Layout page from Features and Options now that it doesn't have anything in it, after moving the Today/Yesterday setting. (Admin.php, ManageSettings.php, Admin + ManageSettings + Help language files)
! Pretty URLs admin page should at least return something to the admin search, even if it's only the section's name, and not foul the search up. (ManageSettings.php)
----
Modified : /trunk/Sources/Admin.php
Added : /trunk/Sources/Class-FTP.php
Modified : /trunk/Sources/Class-Package.php
Modified : /trunk/Sources/Load.php
Modified : /trunk/Sources/ManageSettings.php
Modified : /trunk/Sources/PackageGet.php
Modified : /trunk/Sources/Packages.php
Modified : /trunk/Sources/Subs-Package.php
Modified : /trunk/Sources/Subs.php
Modified : /trunk/Sources/media/Subs-Media.php
Modified : /trunk/Themes/default/Settings.template.php
Modified : /trunk/Themes/default/index.template.php
Modified : /trunk/Themes/default/languages/Admin.english.php
Modified : /trunk/Themes/default/languages/Admin.french.php
Modified : /trunk/Themes/default/languages/Help.english.php
Modified : /trunk/Themes/default/languages/Help.french.php
Modified : /trunk/Themes/default/languages/ManageSettings.english.php
Modified : /trunk/Themes/default/languages/ManageSettings.french.php
Modified : /trunk/Themes/default/languages/Themes.english.php
Modified : /trunk/Themes/default/languages/Themes.french.php
Modified : /trunk/other/install.sql
6117
Plugins / File permissions
« on October 5th, 2011, 02:39 PM »
I'm curious to know what people think of this, because I have the feeling that I'm going to be seen as snobby for the approach I'm about to implement - if only because I value putting security and not-breaking-things above convenience.
We all know that file permissions on Unixish type systems can be problematic, and none more so than leaving things at 777, because on shared servers it's a pain, and on systems with suExec in place, it will actually cause system failure.
Now, because of my design structure, moving as much as possible outside of the standard tree, there's only a single place that requires permissions to be set in such a way as to allow for file changes (for the vast bulk of the time, and for the time file edits are actually needed, well, the same framework will be able to change them)
Here's the thing: I'm not planning on doing what SMF does, which is allow you to make all the folders and files writeable from Admin > Packages > File Permissions. I consider that quite dangerous, and have done for some time.
What I'm planning is that if the files are already writeable, for whatever reason, it'll just do what it has to do. (That means if you're crazy, or brave, or have suitable configuration, you can just get on with it. It also means that if you do change it, you're doing it manually, and all bets are off, we can't support you particularly effectively if you break it.)
When things aren't writeable, it'll prompt you for FTP (and hopefully, the option for SFTP details instead if possible) details, make the necessary changes, and here's the clever bit: it'll put them back again.
That means you're exposed to elevated permissions for a short period of time, rather than generically, and it should mean that even if files/folders are made 666/777 for writing purposes, that change is undone afterwards so things don't die in the suExec case.
The caveat is that you'll have to enter your FTP(/SFTP) details every time you add a plugin (or anything else), but frankly that seems preferable to me than making it possible to 'brick' it on a very typical setup and have to fix it through FTP afterwards.
Is that an acceptable compromise for users, or would it be better to allow the current state of play? (Remember: if your configuration allows the PHP script to alter files naturally, e.g. on some Windows configurations, or everything's uploaded as the Apache user, or everything's at 666/777 anyway, you won't be prompted - but it's then on your own head anyway.)
We all know that file permissions on Unixish type systems can be problematic, and none more so than leaving things at 777, because on shared servers it's a pain, and on systems with suExec in place, it will actually cause system failure.
Now, because of my design structure, moving as much as possible outside of the standard tree, there's only a single place that requires permissions to be set in such a way as to allow for file changes (for the vast bulk of the time, and for the time file edits are actually needed, well, the same framework will be able to change them)
Here's the thing: I'm not planning on doing what SMF does, which is allow you to make all the folders and files writeable from Admin > Packages > File Permissions. I consider that quite dangerous, and have done for some time.
What I'm planning is that if the files are already writeable, for whatever reason, it'll just do what it has to do. (That means if you're crazy, or brave, or have suitable configuration, you can just get on with it. It also means that if you do change it, you're doing it manually, and all bets are off, we can't support you particularly effectively if you break it.)
When things aren't writeable, it'll prompt you for FTP (and hopefully, the option for SFTP details instead if possible) details, make the necessary changes, and here's the clever bit: it'll put them back again.
That means you're exposed to elevated permissions for a short period of time, rather than generically, and it should mean that even if files/folders are made 666/777 for writing purposes, that change is undone afterwards so things don't die in the suExec case.
The caveat is that you'll have to enter your FTP(/SFTP) details every time you add a plugin (or anything else), but frankly that seems preferable to me than making it possible to 'brick' it on a very typical setup and have to fix it through FTP afterwards.
Is that an acceptable compromise for users, or would it be better to allow the current state of play? (Remember: if your configuration allows the PHP script to alter files naturally, e.g. on some Windows configurations, or everything's uploaded as the Apache user, or everything's at 666/777 anyway, you won't be prompted - but it's then on your own head anyway.)
6118
The Pub / Re: Is accumulating Editor in wedge like the one in wordpress a big deal
« on October 5th, 2011, 11:00 AM »
It was more speculative. Remember the discussion we had not that long ago about ditching bbcode entirely? The principle argument against doing it was because bbcode offers a highly convenient way to add new complex markup that wouldn't necessarily have an equivalent in HTML. Footnotes and spoilers are the main examples, as is quoting.
Now, the easy route to implementing a good editor is to apply the same process that SMF does: have the editor toggleable, but when toggling, do a conversion from HTML to bbcode for most of the HTML, and when going the other way, do only simple bbcode that has a direct HTML equivalent. quote bbc, for example, does not get converted when switching.
What I'm suggesting here is a more complex route that allows keeping bbc whilst getting most of the benefits of actually using a HTML editor.
For posts constructed entirely in a WYSIWYG editor, sanitise them on incoming and then proceed to save it in raw HTML, with a flag in the messages table to indicate that this is a raw HTML item. For these posts, we can safely avoid calling parse_bbc, thus giving us a speed increase.
For posts constructed using bbcode, or created in an environment where we've switched back and forth, we treat that as bbcode and do some decent conversion (better than is there currently).
My question: is that feasible? It sounds like it in my head, and it sounds like a more thorough approach than I'd originally planned to use (which was to drop the original editor, replace it with CKEditor and rewrite the html-to-bbc conversion routine to suit)
Now, the easy route to implementing a good editor is to apply the same process that SMF does: have the editor toggleable, but when toggling, do a conversion from HTML to bbcode for most of the HTML, and when going the other way, do only simple bbcode that has a direct HTML equivalent. quote bbc, for example, does not get converted when switching.
What I'm suggesting here is a more complex route that allows keeping bbc whilst getting most of the benefits of actually using a HTML editor.
For posts constructed entirely in a WYSIWYG editor, sanitise them on incoming and then proceed to save it in raw HTML, with a flag in the messages table to indicate that this is a raw HTML item. For these posts, we can safely avoid calling parse_bbc, thus giving us a speed increase.
For posts constructed using bbcode, or created in an environment where we've switched back and forth, we treat that as bbcode and do some decent conversion (better than is there currently).
My question: is that feasible? It sounds like it in my head, and it sounds like a more thorough approach than I'd originally planned to use (which was to drop the original editor, replace it with CKEditor and rewrite the html-to-bbc conversion routine to suit)
6119
The Pub / Re: Is accumulating Editor in wedge like the one in wordpress a big deal
« on October 5th, 2011, 01:24 AM »
OK, back over this topic.
WYSIWYG has a place. Me personally, I'd never use it, I find the entire idea so imprecise it's unreal (and please don't tell me time's an issue, I make quite literally hundreds of forum posts some days.)
And SMF does have a WYSIWYG editor. Now, if SMF's editor were replaced with another editor, that'd be a different story entirely, because it would have the security issues as mentioned but also the improved functionality of a WYSIWYG editor that wasn't retarded.
Here's an interesting point: we actually discussed a bit back about ditching bbcode and using purely WYSIWYG instead. That's almost more practical than you'd imagine in a lot of ways, it would save a great deal of trouble in terms of processing for a lot of posts, the only real objection I raised wasn't even the implementation of security, or the increased bandwidth use - no, the only objection I raised was in fact concerning usability.
One of the perks of bbcode is that you can introduce quick codes for all kinds of things. Representing a spoiler, or a footnote, in HTML is frustrating if done in a WYSIWYG fashion. However, most users that use WYSIWYG will not use these features.
So, perhaps, there's room for an alternative. For posts made with the WYSIWYG editor, save them with a flag to indicate they came from WYSIWYG. For all other posts, flag them as using bbcode, and render appropriately from the database.[1]
You'd have to be careful about switching between the two, since you would want to do that from time to time, but no more so than is currently being used.
WYSIWYG has a place. Me personally, I'd never use it, I find the entire idea so imprecise it's unreal (and please don't tell me time's an issue, I make quite literally hundreds of forum posts some days.)
And SMF does have a WYSIWYG editor. Now, if SMF's editor were replaced with another editor, that'd be a different story entirely, because it would have the security issues as mentioned but also the improved functionality of a WYSIWYG editor that wasn't retarded.
Here's an interesting point: we actually discussed a bit back about ditching bbcode and using purely WYSIWYG instead. That's almost more practical than you'd imagine in a lot of ways, it would save a great deal of trouble in terms of processing for a lot of posts, the only real objection I raised wasn't even the implementation of security, or the increased bandwidth use - no, the only objection I raised was in fact concerning usability.
One of the perks of bbcode is that you can introduce quick codes for all kinds of things. Representing a spoiler, or a footnote, in HTML is frustrating if done in a WYSIWYG fashion. However, most users that use WYSIWYG will not use these features.
So, perhaps, there's room for an alternative. For posts made with the WYSIWYG editor, save them with a flag to indicate they came from WYSIWYG. For all other posts, flag them as using bbcode, and render appropriately from the database.[1]
You'd have to be careful about switching between the two, since you would want to do that from time to time, but no more so than is currently being used.
| 1. | Security's not a concern in any practical fashion. If access is granted to be able to manually override this parameter, it's also going to be able to manipulate the raw data anyway so that raw HTML could be injected, negating the pre-parser sanitisation rules that are currently in place. |
6120
Features / Re: The calendar
« on October 5th, 2011, 12:52 AM »
Getting back on topic, I'm definitely getting the feeling about it being plugin, but the more I think about the other stuff, the more I think I wouldn't make them plugins of a plugin, but just enhance the plugin itself if that makes sense.
Doing a search for 'calendar' on the core reveals a lot of hits but they're pretty much all the ones I can actually think of that are relevant to the calendar itself anyway; it's pretty heavily integrated in some bits, but not so heavily integrated that it can't be unbundled that quickly.
I may have to investigate this tomorrow if I get time, I have other things to do like working some more on handling file permissions in the plugin manager as well...
Doing a search for 'calendar' on the core reveals a lot of hits but they're pretty much all the ones I can actually think of that are relevant to the calendar itself anyway; it's pretty heavily integrated in some bits, but not so heavily integrated that it can't be unbundled that quickly.
I may have to investigate this tomorrow if I get time, I have other things to do like working some more on handling file permissions in the plugin manager as well...
* Arantor also magically makes the topic public to gather any more feedback, but it's pretty clear where the direction lies.