←Prev date Next date→ Show only urls(Click on time to select a line by its url)

WhoWhatWhen
lphuberdeaupre tarballs uploading... my first test worked, so it shouldn't be terrible [00:00]
kerrnelwhat is the <x> I keep seeing? [00:03]
nylothkerrnel: a tie fighter ? [00:04]
kerrnellol [00:05]
nyloth:) [00:05]
***nkoth3 has quit IRC () [00:07]
nylothSEWilco2: no, <x> is not handled by HTML Purifier, it's the var sanitizer and it's a necessary feature for security reasons
SEWilco2: it seems you try to save a page that contains things that could be seen as dangerous
[00:07]
SEWilco2nyloth: Aha. That sounds messy. I hope someone familiar with the code comes up with an elegant solution. Goodnight. [00:08]
***SEWilco2 has quit IRC ("ChatZilla 0.9.83 [Firefox 3.0.1/2008070208]") [00:09]
nylothno comment :) [00:11]
kerrnelnight fols
folks
[00:12]
nyloth'night [00:12]
lphuberdeauhttp://profiles.tikiwiki.org/tikirel/
need testing ;)
[00:17]
nylothBtw, there really is a problem with HTML Purifier :/ [00:17]
lphuberdeau: everything seems fine for me, when trying a fresh install of your tar.bz2 [00:29]
lphuberdeau2 more to go [00:30]
nylothok, now I have to sleep, it's very early here :) See you later ! [00:31]
***nyloth has left "Kopete 0.12.7 : http://kopete.kde.org" [00:31]
..... (idle for 22mn)
chibaguy has joined #tikiwiki [00:53]
Caarrie|away is now known as Caarrie
bingo has joined #tikiwiki
harold has quit IRC (Read error: 110 (Connection timed out))
[01:00]
Petjal2After way too much effort and flailing, I'm somewhat proud to present the results of my research on my little "registration approval email link to the user_information page" issue. Here is my ./templates/mail/moderate_validation_mail.tpl: http://sh.nu/p/24746 , and here is the svn diff: http://sh.nu/p/24747 The punch-line being: http://{$mail_site}{$tikiroot}tiki-user_information.php?view_user={$mail_user} Commen [01:05]
.... (idle for 17mn)
***bingo has quit IRC (Read error: 110 (Connection timed out))
Lucymoz has joined #tikiwiki
harold has joined #tikiwiki
[01:22]
.... (idle for 16mn)
srishti has left
srishti has joined #tikiwiki
[01:41]
harold has quit IRC (Read error: 110 (Connection timed out)) [01:52]
Caarrie is now known as Caarrie|sleeping [01:57]
....... (idle for 32mn)
NefariousC has quit IRC ()
NefariousC has joined #tikiwiki
NefariousC has quit IRC (Client Quit)
[02:29]
franck has joined #tikiwiki
harold has joined #tikiwiki
[02:42]
neil-nms has joined #tikiwiki
neil-nms has left
neil-nms has joined #tikiwiki
[02:49]
Lucymoz has quit IRC (Read error: 110 (Connection timed out)) [03:02]
mattbmc has quit IRC (Read error: 104 (Connection reset by peer)) [03:11]
........... (idle for 53mn)
chibaguyThe commas between parameters in wikiplugins are being stripped out (2.0rc2). [04:04]
Actually _all_ commas in wikitext are being stripped out.
Rrr, the commas are ok at one 2.0 site, sorry. I need to check what file versions are having trouble with commas.
[04:17]
..... (idle for 23mn)
***Lucymoz has joined #tikiwiki [04:42]
..... (idle for 23mn)
franck has left [05:05]
chibaguyLatest svn up, and commas are stripped out in wiki page edit and submit.
(branch 20)
[05:12]
(wysiwyg isn't turned on) [05:19]
...... (idle for 27mn)
I wonder why I'm logged in as admin but still get a "permission denied" message in the theme switcher module.
Just for fun, I put {$user} in the module's permission denied message, so now I get "permission denied, admin". :-)
[05:46]
This is probably due to some problem in my local install -- WAMP setup on XP. If I delete "or $user 'eq'" from the module perm/pref check, it displays ok.
or $user eq ''
... Was "request passcode to register" passcode always 32 characters long?
[05:55]
***srishti has quit IRC ("Leaving.")
harold has quit IRC (Read error: 110 (Connection timed out))
priti has joined #tikiwiki
[06:01]
chibaguy has quit IRC (Read error: 104 (Connection reset by peer)) [06:09]
...... (idle for 27mn)
chibaguy has joined #tikiwiki [06:36]
...... (idle for 26mn)
Wilkins has joined #tikiwiki
Lucymoz has quit IRC (Read error: 110 (Connection timed out))
Wilkins has quit IRC (Remote closed the connection)
Wilkins has joined #tikiwiki
Wilkins has quit IRC (Remote closed the connection)
Wilkins has joined #tikiwiki
[07:02]
Wilkins has quit IRC (Remote closed the connection)
Wilkins has joined #tikiwiki
Amorphous has quit IRC (Read error: 104 (Connection reset by peer))
Wilkins has quit IRC (Remote closed the connection)
Wilkins has joined #tikiwiki
hooch_ has joined #tikiwiki
hooch has quit IRC (Read error: 104 (Connection reset by peer))
[07:16]
Jyhem has quit IRC (Read error: 104 (Connection reset by peer))
Amorphous has joined #tikiwiki
[07:38]
hooch_ is now known as hooch [07:51]
mattbmc has joined #tikiwiki [08:02]
mattbmcpolom [08:03]
I'm trying to give total permission to a branch of a structure (not the overall structure though) to one user-group. By setting all permssions to the groups "default" page in the structure (and all subpages) it's working by and large, but I can't seem to get the structure navigation to show up for members of the group. I'm a member of the root structure's group, so I can see it. Is there a way to make the group see the structur
e nav?
using 1.10
sorry if that's confusing...hopfully not too bad
btw, the users access is set up for full structure editing and they can do so on other structures present on the site, just not their "private" branch of my root structure.
[08:08]
***chibaguy has left
ElDios has joined #tikiwiki
[08:17]
mattbmcgot it....declared "and all subpages" for the structure root as well as the "branch root".....double-negative apparently. :-) I have to assign page specific perms to the pages above that private branch.
eh....or maybe I still didn't get it....I'll be back after more testing....let me know (if I'm making sense) if I'm on the right track pls. :-)
[08:28]
***tomb has joined #tikiwiki [08:29]
mattbmcya....change in perms mentioned above made no difference...user of that private group can still see/edit all other structures, even modify all perms assigned to his private branch (as well as all the pages assigned to it), but he can't see the structure.
not in the Structures page and not the nav within the structure.
[08:32]
Okay....seems like alternate strategy of managing them under a completely different structure is needed. [08:40]
***ElDios has quit IRC (".")
Paragtim has joined #tikiwiki
[08:41]
ParagtimGood morning all [08:46]
***kerrnel has quit IRC (Read error: 104 (Connection reset by peer)) [09:00]
.... (idle for 19mn)
tomb_ has joined #tikiwiki
tomb_ has quit IRC (Client Quit)
[09:19]
tomb has quit IRC (Remote closed the connection) [09:27]
tomb has joined #tikiwiki [09:33]
Jyhem has joined #tikiwiki [09:42]
tomb_ has joined #tikiwiki [09:51]
martinalex has joined #tikiwiki [10:03]
.... (idle for 15mn)
caralluna_ has quit IRC (Client Quit) [10:18]
.... (idle for 19mn)
nyloth has joined #tikiwiki [10:37]
nylothHi all :) [10:37]
***NefariousC has joined #tikiwiki [10:41]
nylothlphuberdeau: around ? [10:43]
***caralluna has quit IRC (Read error: 110 (Connection timed out))
Caarrie|sleeping is now known as Caarrie
[10:45]
ElDios has joined #tikiwiki [10:52]
ParagtimGuys - How do I stop groups inheiriting permissions? [10:53]
***martinalex has quit IRC (Read error: 110 (Connection timed out)) [11:03]
marclaporteParagtim: : don't include them [11:14]
***chibaguy has joined #tikiwiki [11:19]
chibaguyPage comments seem a little flakey in latest branch20. If a "reply" link on a page comment is clicked, the comment zone goes away. Then click the "comments" link again and there's the reply-to form, with re: topic and quoted body, ready to use.
So it works, but in a strange way. ;-)
This could be a local problem, so others should test page comment functionality in 20rc .
Ah, on another domain (not laptop), page comments are ok.
...so I guess it's a problem with my local files.
[11:25]
ParagtimSorry - Wrong Question - I'm trying to make menus specific to groups (one bog standard for users and 1 for a group to view stats etc. Now both menus are showing. One for Registered and the other for stats
In the permissions for the stats group it is showing inheirited permission from registered.
[11:33]
chibaguyAll users at the site are members of Registered by default.
Oh, I got ahead of myself. Maybe that's not what you're asking...
[11:35]
ParagtimThe registered user menu is working fine. and I have the mnu_application working for admins only. The problem is the stats group. [11:37]
***NefariousC has quit IRC () [11:37]
ParagtimWhen I login as a mmber of the stats group both the registered menu and the stats menu show in the left hand column [11:38]
chibaguyMembers of stats group are also Registered. [11:38]
Paragtimyep - when I look in the perms for the stats group it is inheiriting the perms from registered. How can I stop stats inheiriting - if that is the problem [11:40]
***lphuberdeau has quit IRC (Remote closed the connection) [11:40]
chibaguyI'm not sure. By definition everyone registered at a site is in the Registered group. [11:43]
ParagtimI currently have 4 groups (registered, Moderators, stats and admin). The Admin group shows the original menu and is displaying as I want it. The registered is displaying fine and as I want it. The problem seem is that the 2 other groups, which by definition need different menu structures are showing 2 menus instead of 1 [11:45]
chibaguyMaybe you could put some code in the module to filter the menu displays -- if stats, show menu a; if not stats show menu b.
to avoid the problem of Registered being all-inclusive.
Or use the GROUP wikiplugin, or equivalent Smarty syntax.
[11:46]
***martinalex has joined #tikiwiki [11:50]
ParagtimThe mnU_application_menu can be set a admin only in the grouping and this works, dispite inheiriting perms from registered.
Any idea what I'm missing
[11:51]
***neil-nms has quit IRC ("Leaving.") [11:56]
chibaguyAdmin is a subset of Registered, and you can give view perms to a subset so users outside the set can't view. But Registered includes all non-anonymous groups. So if you assign a view perm to Registered, every subset (non-anon group) can view.
Admin inherits the perms of Registered, but also has its own, such as to view a particular menu. When an object perm is given to a group, it means _only_ the group gets the perm.
[11:58]
***otabz has joined #tikiwiki
priti has left
[12:00]
chibaguy(I'm not sure how clear this is -- I haven't thought about perms for a while. :-) ) [12:02]
***priti has joined #tikiwiki [12:02]
ParagtimI think I'm getting confused and confusing everyone else. Is there an easy way, In assigned modules to stop the registered group menu displaying when the user belongs to another group? [12:05]
chibaguyNo, the perms are additive, not subtractive, so to speak.
You need to use logic in a new user module.
[12:06]
ParagtimRight - that solves the first part. Can add perms and they carry up the tree from where they are added.
So where would I start to try and add some logic to get to where i need to go?
[12:08]
chibaguyMake a new user module on admin modules page. Then maybe something like {if $group neq "stats"}{menu id=x{else}{menu id=y{/if}
But I'm not sure if the group variable can work like this.
[12:11]
***lphuberdeau has joined #tikiwiki [12:14]
marclaporteYou could also create a new group
ex: members
[12:14]
chibaguyOr, use wikisyntax: {GROUP(notgroups=>stats)}{menu id=x}{GROUP} [12:14]
lphuberdeaunyloth, is everything ok for RC4? [12:15]
chibaguyYeah, to avoid making another group, though, maybe the GROUP plugin would be the easiest. [12:15]
marclaporteregistered, members, Moderators, stats and admin
And give no rights or views to Registered
Only to Stats and/or members, as needed
[12:15]
ParagtimI've found it in doc.tikiwiki.org. I can't see any ref to the menu id
Marc - Are you suggested moving permissions up the tree to the other groups?
sorry suggesting
[12:17]
marclaporteyes [12:18]
ParagtimI'll give that a try before first - Thanks guys I'll keep you posted [12:19]
***harold has joined #tikiwiki
marclaporte has quit IRC (Read error: 54 (Connection reset by peer))
SEWilco has quit IRC (Read error: 110 (Connection timed out))
Caarrie is now known as Caarrie|away
SEWilco has joined #tikiwiki
[12:21]
chibaguy has quit IRC (Read error: 110 (Connection timed out)) [12:34]
nylothlphuberdeau: well, if you can, maybe wait one or two hours to see if there is no new important bug detected. But if you prefer to do it right now, I think it's ok. [12:38]
lphuberdeauI can wait [12:39]
nylothok :)
I should be there to help test, in 2 hours
[12:40]
ParagtimI've removed all perms from registered and set a group called users with no inheirited perms. When I login as a member of user there is only the one menu. when I login as stats there are still 2 menus [12:45]
JyhemParagtim: you may have set stats as inherits the permissions of Registerd [12:47]
ParagtimThere are no perms in registered. Removed as per Marcs suggestion. Still open to other suggestions tho [12:48]
***sept has joined #tikiwiki [12:55]
septnyloth ?
lphuberdeau ?
[12:55]
lphuberdeaupolom [12:55]
septshould I put the new HTMLPurifier in 2.0 before RC4 ?
there are security fix according to changelog...
[12:56]
lphuberdeauisn't that for 3.0? [12:56]
septwell the question is should we ship tiki2.0 with know vulnerabilities in third party libraries ?
that's why I ask ! ;p
[12:57]
lphuberdeauI don't even know where it's used
is it used?
[12:57]
septI just submitted some clean up/optimizations to sanatization.php
yes...
well at least we have an option to use HTMLPurifier in the admin panel ! ;p
[12:57]
lphuberdeauwhat is it used for? [12:58]
sept&search_index in refresh-function.php, to clean up data before indexing... for one [13:02]
***Caarrie|away is now known as Caarrie [13:02]
septtikilib use it to clean up page code
if it the user says that the page is HTML...
for tiki3.0 as it is supposed to be PHP5 only, we will udpate third party libraries to PHP5 versions...
if the plan is still ok...
[13:02]
lphuberdeaucan you check how much is impacted by upgrading the library?
if it's only replacing the library and no impact on our code, it's probably a good thing
[13:05]
nylothhi sept
ok with lphuberdeau for html purifier
ok to update all libs to PHP5 only for tiki 3.0.
[13:08]
***martinalex has quit IRC (Read error: 110 (Connection timed out))
ricks99 has joined #tikiwiki
[13:11]
lphuberdeauone thing... don't do both at once
do 2.0 first, let me merge to trunk, then replace in trunk
(just to save me some pain)
[13:12]
nylothand I suggest to put it in third_party/htmlpurifier for trunk instead of trunk/lib/htmlpurifier [13:17]
lphuberdeau+1 [13:19]
septnyloth : it is not that simple as there are files in lib and lib/HTMLPurifier...
don't know...
[13:29]
nylothsept: many files in lib/ ? [13:30]
sept3 to 4
lib/HTMLPurifier.auto.php lib/HTMLPurifier.func.php lib/HTMLPurifier.php
3 ...
lphuberdeau : only modification of lib/HTMLPurifier/* and the 3 files above...
[13:30]
nylothsept: hmmm... I think it might not be a problem to keep them in lib/ ... have to check [13:32]
lphuberdeauno other changes required in tiki/no major impact? [13:32]
septI am testing know... [13:35]
nylothsept: IMO it should work fine if those 3 files are put into third_party/htmlpurifier too. we just have to change path of them in files that includes them. [13:36]
lphuberdeauugh... update dev.tw.o... commas get kicked out [13:38]
septwith latest version ? strange... [13:41]
lphuberdeauI just edited a page and all commas are gone
was it updated since the fix?
[13:42]
nylothlphuberdeau: oops, yes, I will update it now [13:43]
lphuberdeauoh, and if you could rollback TikiCoreRFC-1 (which I can't do), it would be great ;) [13:44]
nylothdev.tw.o is up-to-date now :) thx
ok, rolledback
[13:44]
lphuberdeaustill no commas on the page
hmm... looks like the problem was there when I first wrote it
[13:46]
septlphuberdeau : HTMLpurifier 2.1.5 seems to work ok
with my lasted commit on sanatization.php it should be ok...
[13:48]
lphuberdeau+1 for commit in 2.0 [13:48]
septok I do it now... [13:48]
ok done [13:57]
lphuberdeauhttp://dev.tikiwiki.org/TikiCoreRFC-1 -- now with commas!
there are now two open positions, any takers?
[14:00]
nylothIn changelog, should we add that we fully support commas ? ;p [14:01]
lphuberdeaudoes sound like a 2.0 feature [14:02]
nyloth:) [14:03]
lphuberdeauupdating trunk in case that bug was in
are we good for RC4 now?
sourceforge is going to hate me for overloading their SVN server
[14:03]
nylothlphuberdeau: about the open positions, for "Define the list of individuals" could be the TAG, not just one guy. There is already a way to take decisions for the TAG, so , should be ok. [14:05]
lphuberdeauthat's OK, but I want a single person to be accountable
basically the person who will initiate the discussions and publish the results
[14:06]
nylothlphuberdeau: then I propose that you submit this request to the TAG mailing list, so that will be discussed [14:07]
lphuberdeau(I'm not on that list)
(and I think that's just fine)
[14:07]
nylothlphuberdeau: yes, but I thought you can post on it even if not a subscriber [14:08]
lphuberdeaubut the point is, this is not my proposal, I want many people to be part of it
if it's only me, I will reject it myself
[14:08]
nylothlphuberdeau: ok
lphuberdeau: for RC4, just wait a bit more ;p I have to test something right now
[14:09]
septwhat ? :D [14:11]
nylothsept: well, I wanted to remove <x> from strings that are already converted into html entities because they are not dangerous anymore. I wanted to make a test on the search tool, but I saw that the var used there ($words) is not escaped in template associated php... so I have to find where it is ;p
my goal is to hide whenever is possible, those <x> to the end user. When we have some in a rendered content, no problem, they are treated as ignored HTML tags. But in inputs/textarea they are shown... It's probably better to remove them
(some users complained yesterday evening, this is why)
[14:13]
septok
yes it is annoying to have <x>somestuff</x> :(
[14:15]
***mstef has joined #tikiwiki [14:16]
mstefhi all [14:16]
nylothhi [14:16]
***marclaporte has joined #tikiwiki [14:28]
nylothok, commited for search and other places (in fact, the search is handled differently and converted in html entities inside tiki-setup_base...)
it should be ok, maybe just have a look and test if you can :)
[14:41]
***ricks99 has quit IRC (Remote closed the connection) [14:53]
tomb_ has quit IRC (Read error: 113 (No route to host)) [14:58]
nylothwell, apart from that, I think we are ready for RC4. lph ? [14:58]
lphuberdeauI just need to fire up the script [14:59]
nyloth'k [14:59]
***Darkbee has joined #tikiwiki [15:02]
DarkbeeIs there a limit to the number of dynamic variables you can have? [15:02]
lphuberdeauwhy would there be? [15:03]
***Lucymoz has joined #tikiwiki [15:03]
Darkbeewell, perhaps my question was not phrased well
obviously there are limits
computers can only store so many numbers
I just wondered if for practical purposes there were any limits that humans might have a problem with
[15:04]
nylothsept: around ? [15:05]
Darkbeeor run into [15:05]
nylothI found a bug with sanitization and htmlpurifier... hmmm
strange, I can't reproduce it now... ok, nevermind ;p
[15:06]
septnyloth : yes ? [15:11]
mstefi believe i have found a bug in 2.0rc3 regarding freetags and blog posts [15:12]
lphuberdeaumstef, likely not to be fixed - blogs are low priority at this stage [15:13]
***tomb_ has joined #tikiwiki [15:13]
msteflphuberdeau: i am atm trying to fix it. [15:13]
nylothsept: could you please test wysiwyg with htmlpurifier with bad things ? I think it's not ok [15:14]
septnyloth : do you have exmaples of bad things ? [15:17]
nylothyes, many ;p
sept: look at your mail
well, in fact I know what is wrong... fckeditor make an unhtmlentities for the wysiwyg... and this reactivate bad things since <x> are removed before htmlentities ... not sure what the best choice is
[15:17]
sept<SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
doesn't work,
you have :
ript a="&gt;'&gt;" SRC="http://ha.ckers.org/xss.js"&gt;</p>
[15:21]
nylothwhat do you mean by "does not work" ? [15:21]
septafter a save/edit
the exploit doesn't work...
[15:21]
nylothwell, sure, but in the iframe of the wysiwyg, it works
no, maybe not this one
but check your mail and save a page containing the mail body
[15:22]
septnope, no exploit... [15:23]
nylothdid you test my mail ?
in wysiwyg
under FF
you copy paste all in SOURCE mode of fck + you make a PREVIEW (not a save)
[15:23]
septyes, I am copy/pasting.... [15:24]
nylothyou will have a warning [15:24]
septyes... [15:25]
nylotheither we remove the <x> removal... either we find a solution for fckeditor... what a f***ing s*** :(
if you have an idea...
[15:27]
septwell, what is exactly the pb ? let's me summurize :
1) sanatisation clean the exploit and introduce <x> tags
[15:30]
***caralluna has joined #tikiwiki [15:30]
sept2) fckeditor finds <x> tags and removes it ? [15:30]
nylothno [15:30]
septis that right ? [15:30]
nyloth2) I modified ./lib/smarty_tiki/modifier.escape.php to remove <x> for strings that will be htmlentitized, since the exploit is no more dangerous in this state
3) fckeditor convert back (unhtmlentities) and reactivate exploir
s/r$/t/
for the purpose of wysiwyg, in it's iframe
[15:31]
septwell : if I copy/paste your mail in fckeditor I got a problem [15:32]
nylothalready when copy-pasting ? [15:32]
septwhen I click on source I've got the warning...
so we need to do the clean up in fck
[15:33]
nylothwell, this case is not so important since we can't do nothing and it affects only the bad guy [15:33]
septwhen we switch from/to source [15:33]
nylothyes [15:33]
***marclaporte has quit IRC (Read error: 104 (Connection reset by peer)) [15:34]
septbut if I do not click on source after pasting, and I click on preview I've got the warning....
well I am still the bad guy...
[15:34]
nylothyes but this case worries me a bit more [15:35]
septif I click on save, then no warning...
so a bad guy, can annoy himself... and only himself...
[15:35]
nyloththis can be acceptable, yes... mhhh [15:37]
***caralluna__ has joined #tikiwiki [15:37]
septwell we need to see if it is the only effect...
but the exploit is not recorded in the database... which is good ! ;p
[15:38]
nylothsept: no, we are wrong
sept: try the same without html purifier feature
sept: copy/paste in source, save, edit, preview
html purifier does its job, but man can disable the feature (I even think it's disabled by default)
[15:38]
if there is no more idea, I will convert back &lt;x&gt; into <x> in ./lib/smarty_tiki/modifier.escape.php, instead of removing the tag completely. This should be ok. [15:47]
septwell: we should enable HTMLPurifier for html page and fckeditor
well it is only used in this case...
[15:49]
nylothsept: yes, but maybe not for 2.0. It will break other non XHTML strict content...
sept: we are not ready for this right now, IMO
sept: I'll commit my proposition in a few seconds, let me know if it's ok for you too
[15:50]
septwell HTMLPurifier is called only for page with HTML, in tikilib::create_page
and update_page
[15:53]
nylothI've just commited something... could you have a look please ?
yes, I know, but the same problem may exist with other parts of the code (not only fckeditor)
and I think we should support XHTML transitional in HTMLPurifier before enabling it all the time
[15:59]
***Caarrie is now known as Caarrie|away
MatWho has joined #tikiwiki
[16:01]
septnyloth : I don't understand what you are saying... did you read what I told you ? [16:04]
nylothlol [16:05]
***MatWho_ has joined #tikiwiki [16:05]
nylothmaybe I misunderstood you, what do you suggest exactly then ? [16:06]
***MatWho_ has left [16:06]
septwe have problem with page that include HTML right ? [16:06]
nylothyes, and probably in other places too, as I said (but not sure) [16:07]
septthe sanatization.php takes care to remove exploits, right ? [16:07]
nylothyes
or not remove, but disable
[16:07]
septwe only have pb with page parsed by HTMLpurifier ? [16:07]
nylothno [16:08]
septok [16:08]
nylothIt's worse if not parsed by html purifier [16:08]
septwe have pb with page we they do to fck ? [16:08]
nylothwe they do ? [16:09]
septwell if parsed by HTMLpurifier, <x> could be removed, reactivating the exploit no ? [16:09]
nylothno [16:09]
septwell I'am puzzled at the problem you are looking at [16:09]
nylothHTMLPurifier leaves them and add </x> to close them [16:09]
septsept stupid [16:09]
nylothlol [16:09]
septwell I still don't understand what your are trying to achive :( [16:10]
nylothok, let me explain :) [16:10]
septplease... [16:10]
nylothI wanted to hide <x> in textarea, inputs, etc. So, to achieve this, I changed lib/smarty_tiki/modifier.escape.php to remove them before doing an htmlentities
But I was supposing that the encoded string won't be reverted into dangerous data back
It was wrong since it's done by fckeditor
In fact, nothing to do with purifier
So, I just changed my commit to convert &lt;x&gt; into <x> AFTER htmlentities
[16:11]
septthen I got lost by : <nyloth> sept: try the same without html purifier featur [16:13]
nyloththis way, dangerous things are still disabled [16:13]
***marclaporte has joined #tikiwiki [16:13]
nylothsept: I said "without html purifier" because you thought it was not dangerous when saving... and it was wrong if disabling HTMLPurifier. HTMLPurifier removes bad things.
sept: so, it was to show you that we could not leave the code as it was.
sept: and forcing HTMLPurifier is not a good option because it only applies to wiki page
[16:14]
septonly for page with html, so if you use the normal editor and do not click on is html, you don't go through Purifier... [16:15]
nylothSo, the way it's made now will hide <x> in many places without risks... but sadly, they are shown in textarea... well, no better solution yet [16:16]
septok, should we try to have less false positive ? [16:17]
nylothyes, so forcing it is not a solution [16:17]
septno... [16:18]
nylothsept: so, we probably agree on this point since the beginning ;pp [16:18]
septwell yes I got confused by one of your remarks... [16:18]
nylothwell, I'm not sure there is still really annoying false positive (except that all inline stylesheets won't work in wiki pages, but it's more careful)
ok :)
[16:19]
septok so the pb is that you have <x> tags all over the place right ? [16:19]
nylothwell, with my modification of lib/smarty_tiki/modifier.escape.php , it's not in so much places... but still in wiki textarea for example [16:20]
septwell I don't see that as a pb... don't try to influence the style in user input HTML... seems reasonnable to me ! ;p [16:20]
nylothfor textareas, I don't have any clue to hide them without removing them... which may be dangerous
sept: for css, I agree, yes
well ... I think we could accept <x> in textareas for 2.0
[16:20]
septmaybe we could discuss this tomorrow when we will be in the same room : ;p [16:22]
lphuberdeauonly affects wysiwyg? [16:22]
nylothsept: sure :) [16:22]
septfor wysiwig the exploit is run only on the browser the bad guy is... [16:23]
nylothyes, not a real problem [16:23]
lphuberdeauthat's OK with me [16:23]
septnyloth I feel unconfortable to hide/delete what ever the <x> tags... [16:23]
lphuberdeaunot really an XSS... and anyone can hack their own computer [16:23]
septright... [16:24]
nylothsept: well, do you have something against the current solution (in SVN) ? [16:24]
***Wilkins has quit IRC (Remote closed the connection) [16:24]
septI need to test this
so I put style or javascript in my page right ?
[16:25]
nylothsept: not so simple, at least javascript:
or style=
[16:25]
septand then I have ja<x>vascript: ? [16:25]
nylothyes, but only in the textarea
and in source code of what is rendered
but this is not seen in the browser
hum... no, not in the source code too (I'm tired :) )
[16:26]
septwell in fckeditor to... [16:27]
nylothyes, forgot my last remark ;p
so, this seems ok for me
[16:28]
septwell the pb is that you search for exploit in flat files without the DOM context so you have lots of false positive
there is no good solution, I my opinion
well no perfect solution
[16:29]
nylothsept: stop :) we agree on this and you know my position about this for 3.0 .... but for 2.0, we have no better way yet
exactly
[16:30]
septyes
for 2.0 it can be ok
[16:30]
nylothok ;) [16:30]
septI think... [16:31]
nylothlphuberdeau: so, finally, RC4 :)
sept: me too, we've done our best for now I think
[16:31]
septthe problem is with the combination of user input, like in trackers... where the exploit is splitted ... [16:32]
nyloth... phone... bbl [16:32]
septwe will have to check the output of smarty
to be on the safe side...
[16:32]
nylothsept: I agree. could you commit something with HTMLPurifier on 3.0 (for smarty output) ? :-)
sept: It would be nice ;p
[16:35]
lphuberdeauso, it's a go for RC4? [16:36]
septwell if there is no more things on the showstopper list ! ;p
nyloth : I will try... but not today ! ;p
[16:38]
lphuberdeaufired up [16:41]
nylothsept: ok :)
sept: not a so huge work, you know ? ;-p
[16:44]
***ElDios has quit IRC (".") [16:46]
septwell I am on something annoying right now... [16:46]
nylothsept: for Tiki ? [16:47]
***Redhatter has quit IRC (Read error: 110 (Connection timed out)) [16:50]
septnyloth : yes...
templates/tiki-admin_trackers.tpl is not nice ! ;p
well it is better now : ;p
[16:56]
nyloth:) [16:56]
***rodrigo_sampaio has joined #tikiwiki [16:57]
lphuberdeauuploading... [16:58]
***lphuberdeau has quit IRC (Read error: 104 (Connection reset by peer))
lphuberdeau has joined #tikiwiki
SEWilco2 has joined #tikiwiki
[17:08]
nkoth3 has joined #tikiwiki
MatWho_ has joined #tikiwiki
[17:21]
MatWho_hi all [17:21]
***tomb_ has quit IRC ("Ex-Chat") [17:34]
lphuberdeauhttp://profiles.tikiwiki.org/tikirel/ -- gz and bz2 ready for testing [17:42]
***Caarrie|away is now known as Caarrie [17:44]
DarkbeeDarkbee can't wait: {COUNTDOWN (enddate=Second Week in August)} days til v2.0 release{COUNTDOWN} [17:46]
***SEWilco2 has quit IRC ("ChatZilla 0.9.83 [Firefox 3.0.1/2008070208]")
SEWilco2 has joined #tikiwiki
sept has quit IRC (Read error: 113 (No route to host))
[17:47]
lphuberdeausecond week? [17:52]
Darkbeeisn't that when it's due for release?
I thought that was what I read somewhere
[17:53]
nylothlphuberdeau: the tar.bz2 works fine for me for an update of existing 2.0 and for a fresh 2.0 install. Also tested <x> stuff that seems acceptable. [17:56]
lphuberdeausounds good, two more to go [17:56]
nylothSEWilco2: hi, did you test 2.0 RC4 to see if it's better for you ? [17:57]
lphuberdeauzip now ready [17:57]
Petjal2Hi all. In IE7, my tw trunk/head 13972 geo-light.css site is too wide (zoom and text are set at 100% and medium). In firefox, it looks fine. The relevant links from view-source seem to be:
<div id="tiki-main"><div id="tiki-mid"><table id="tiki-midtbl" border="0" cellpadding="0" cellspacing="0" width="100%">
<tr><td id="leftcolumn" valign="top">
Any ideas? Should the midtbl be 100% or something more like 70 or 80%? Thanks.
[17:58]
SEWilco2nyloth: RC4 exists? Will try it. Been busy setting up for big file upload with Search indexing. [17:59]
Petjal2s/links/lines/ [17:59]
lphuberdeauhttp://profiles.tikiwiki.org/tikirel/ (prereleases) [17:59]
nylothSEWilco2: the tarballs are in test and if ok they will be uploaded to sourceforge
lphuberdeau: I think you can also launch a merge to trunk
[17:59]
SEWilco2nyloth: 'svn update' under way. Thanks. [18:01]
lphuberdeauwill do after RC4 is fully packaged [18:01]
nylothSEWilco2: of branches/2.0 or trunk ?
lphuberdeau: ok :)
[18:01]
lphuberdeausewilico2, we need people to test tarballs ;) [18:01]
SEWilco2nyloth: SVN 2.0 Stable. Interesting bunch of file updates. [18:02]
nylothok [18:02]
lphuberdeauso hard to get 3 tests [18:03]
nylothlphuberdeau: probably not the best hour of the day... [18:04]
SEWilco2I'm trying to figure out how the 2.0 SEFURL code works (I think I have to learn about Smarty modifiers); should I create SEFURL fixes for 2.0 Stable or trunk? [18:04]
nylothtomb: around ? [18:04]
***otabz has left [18:05]
nylothSEWilco2: for trunk only, now
SEWilco2: In stable, only bugfixes, major critical bugs, and translations
s/bugfixes/secutiry fixes/
[18:05]
SEWilco2I could argue SEFURL performs translations. :-) [18:05]
nylothSEWilco2: http://dev.tikiwiki.org/tiki-index.php?page=Where+to+commit
SEWilco2: lol yes, but ... no :)
[18:06]
lphuberdeaunyloth: there is no good time of the day [18:07]
nylothlphuberdeau: maybe, but it seems there is quite nobody here right now :) [18:08]
lphuberdeaunext time I hear discussions, I'll announce tarball tests, then you will hear the silence ;) [18:08]
***priti has left [18:08]
nylothlol :) [18:09]
***Deepak has joined #tikiwiki [18:09]
Petjal2I've got a new clean default install of 13973 if you need me to test anything on it. I can svn switch it to something else if you like. [18:09]
nylothDeepak: So, are your tests of TikiWiki 2.0 RC4 tarballs ok ?
:)
Petjal2: well, in fact we just need to test tarballs, right now, to send them to sourceforge if ok.
[18:09]
***srishti has joined #tikiwiki [18:10]
Petjal2OK. Let me know how this noob can help. [18:11]
lphuberdeauhttp://profiles.tikiwiki.org/tikirel/ (preRC4 tarballs to test) [18:12]
***Deepak has left
Deepak has joined #tikiwiki
[18:14]
SEWilco2I want to stress test my TW server...and maybe some scripts would help test TW versions. Any suggestions for HTTP scripted load tools? [18:25]
lphuberdeauok.. so I tested the tarball, nyloth did as well, and we had tests of svn at same version
and no files are corrupt
will have to call this a go
can't wait forever
[18:32]
***martinalex has joined #tikiwiki [18:40]
Petjal2fwiw, sha1 and ripemd160 of the 2.0.preRC4 tarballs here: http://sh.nu/p/24748 [18:46]
...and a signed listing here http://sh.nu/p/24749 [18:57]
.... (idle for 19mn)
***uSlacker has quit IRC (Remote closed the connection) [19:16]
amettepolom [19:22]
***RK has quit IRC ("using sirc version 2.211+KSIRC/1.3.12") [19:22]
.... (idle for 16mn)
haroldHi - is there any way to assign view / edit permissions for a group to an entire category? I am really stumped trying to find out how
Have already looked here - http://doc.tikiwiki.org/tiki-index.php?page=Category+Admin&bl=y
[19:38]
SEWilco2harold: I think that is described in a 2.0 document... hold on.
harold: part is in here... the "edit content in categories" refers to being able to edit articles which are in a group-permitted category. http://tikiwiki.org/ReleaseNotes20&bl=n
I've got another tab someplace with the details...
[19:39]
haroldThanks SEWilco2 - so, if I understand you correctly, I cannot assign groupwide edit permissions to a category in 1.9.1 (which I am currently running) [19:43]
SEWilco2harold: Part of the missing piece is here: http://doc.tikiwiki.org/tiki-index.php?page=groups
harold: Mostly correct. One of the 2.0 documents mentions 1.9.11 has the 2.0 capability partially implemented under a different permission name.
harold: There is no 1.9.11 tool for activating the new permission; I have not tested it, only looked at its code.
harold: Thus, because I also need the new permission, I'm switching to 2.0 if possible.
[19:44]
haroldok - so outside of upgrading to 2.0 there's no easy way to assign the edit content in a category to a group within 1.9,1? [19:46]
ParagtimCan someone tell me the trick for getting comments on to the page for groups other than admin. I'm pretty sure I 've ticked all the boxes. Its works for admin but nothing else !! [19:47]
SEWilco2harold: without the new permission, anyone with edit permission is able to edit anything which they can view. The new permission allows only editing of things which are in a category which has the edit permission attached to it.
Paragtim: Maybe there is a permission related to comments? Look under Admin>Groups at the permission for the group which can't use Comments. Try the "find" tool for "comment".
harold: Before 2.0 there was only a global edit permission. The new 2.0 permission allows edit permission to be controlled through categorization. If I understand it correctly.
[19:47]
ParagtimFound 7 and they are all selected - still nothing in the registered group but working fine in the admin group [19:55]
SEWilco2Paragtim: Clear your cache in Admin>Sys Admin? [19:58]
***nkoth3 has quit IRC () [19:59]
ParagtimSys Admin? [19:59]
***Lucymoz has quit IRC (Read error: 104 (Connection reset by peer))
Lucymoz has joined #tikiwiki
[20:00]
ParagtimFound it [20:01]
lphuberdeauhttps://sourceforge.net/project/showfiles.php?group_id=64258&package_id=266122&release_id=616722 [20:01]
ParagtimNot worked - Rebooted as well - still the same as before [20:04]
SEWilco2Paragtim: I'm puzzled then. Which TW version? 1.9.11? [20:05]
Paragtim1.10 [20:05]
lphuberdeau1.10 does not exist anymore [20:05]
Paragtim1.10.0b1 [20:06]
lphuberdeauupgrade to 2.0RC4
re-labeled the version
[20:07]
Paragtimwhat damage will it do to my system - permissions, features etc? [20:08]
SEWilco2Paragtim: 1. It can't hurt to do a database backup just in case. 2. You can put 2.0RC4 in a directory of its own and point it at the same database (or a copy). [20:10]
ParagtimJust did a release check and it came back as 1.10.0b1 - !!! [20:10]
lphuberdeaubut 2.0 is really 1.10 with more fixes
download is available from sourceforge
[20:11]
Paragtimwhere can I get it? [20:11]
nylothParagtim: https://sourceforge.net/project/showfiles.php?group_id=64258&package_id=266122&release_id=616722 [20:13]
***lphuberdeau has quit IRC (Remote closed the connection) [20:13]
Darkbee has quit IRC ("Miranda IM! Smaller, Faster, Easier. http://miranda-im.org")
kerrnel22 has joined #tikiwiki
[20:21]
.... (idle for 15mn)
Caarrie is now known as Caarrie|away
lphuberdeau has joined #tikiwiki
[20:40]
SEWilco2Is a MIME type converter needed for plain text files which are uploaded to a File Directory, in order to enable text search of plain text files? "cat %1"? [20:44]
***martinalex has quit IRC (Read error: 110 (Connection timed out))
rodrigo_sampaio has quit IRC ("Leaving.")
lepei has joined #tikiwiki
MacLeod has joined #tikiwiki
[20:48]
MacLeodi!
hi!
[20:52]
***lepei has quit IRC (Client Quit) [20:52]
MacLeodI'm confusing about the 2.0 release status.
The release notes page (http://tikiwiki.org/ReleaseNotes20) sez that it "was released in July 2008"
[20:55]
lphuberdeauRC was [20:57]
MacLeodThat doesn't seem to jive with the Topic msg in this channel, or the news on the home page. [20:57]
lphuberdeauRC4 was released earlier today [20:57]
MacLeodis that considered stable? [20:58]
nylothMacLeod: hi, this probably means "technical release" or "creation of 2.0" ... but as lphuberdeau says, we are in RC stage and the stable release will probably be out in something like one or two weeks
MacLeod: quite stable, yes, you can test it :)
[20:58]
lphuberdeauI aim for next week, but that's all right [20:58]
MacLeodah, OK
thanks for the clarification
[20:58]
nylothlphuberdeau: ok [20:58]
***ElDios has joined #tikiwiki [20:59]
lphuberdeauunless we get something critical, I don't expect much more movement on that branch, except maybe translations [20:59]
MacLeodhow's WYSIWYG working?
incidentally, we're planning to do our corporate-wide launch of our 1.9.11 Tiki by the end of this week
[21:00]
lphuberdeaumight be good to consider 2.0 then [21:01]
MacLeodit's been in a sort of beta mode for months now, and the last few prereqs are being wrapped up
i don't think our contractors could do the upgrade by the end of the week
[21:01]
lphuberdeaudo you have custom code? [21:01]
MacLeodno, just template mods
we'll announce with 1.9.11, and have them upgrade as they can get to it
[21:02]
***marclaporte has quit IRC (Read error: 110 (Connection timed out))
mstef has left "Leaving."
[21:05]
.... (idle for 15mn)
kerrnel22MacLeod: I'm in the middle of planning for our upgrade from 1.9.11 to 2.0. It's actually not bad.
A couple of minor items with the template we've been running, and some tracker issues, but nothing major
The upgrade itself was pretty simple. I started Monday this week and am now working on tweaking our existing tracker database to be compatible with 2.0 (we made some changes in 1.9.11 that exist differnetly in 2.0)
I'd recommend upgrading. Especially so close to the 2.0 launch.
[21:20]
SEWilco2Answering my own question: Looks like uploaded text files are not indexed unless text/plain has a handler such as "cat %1", based upon filegallib.php [21:24]
MacLeodMacLeod waves [21:27]
***MacLeod has quit IRC ("CGI:IRC 0.5.9 (2006/06/06)") [21:27]
SEWilco2SEWilco2 holds on tightly to the gunwales, and waits for the waves to pass. [21:27]
haroldHi, I have a category permission bug to report - who is the brave soul to whom I can assign it :) ? [21:28]
MatWho_hi all having a problem getting the user name to be added to a tracker during registration. I have followed the instructions on doc.tw.o. All my additional fields get stored just missing the vital user name. Tanks [21:29]
harold@test [21:30]
***Caarrie|away is now known as Caarrie
rlpowell has joined #tikiwiki
[21:32]
rlpowell"remember me" hates me. :( [21:34]
ametteI remember you - long time not seen, rlpowell - nice to have you here! :) [21:35]
rlpowellHi. [21:35]
ametteheya ho :) [21:35]
rlpowellI only come here when I'm having problems, I'm afraid. :)
Mostly Tiki is nice to me and Just Works (tm).
[21:35]
amettehmm, ok, that makes you a little bit awkward... ;P
well, that's good to hear - so that makes up for it! :D
[21:35]
rlpowellI do contribute back any fixes I write though, so I'm not a completely bad person. :D [21:36]
ametteok, then you're really totally and completely excused! ;) [21:36]
rlpowellRight now I've got a multitiki where the "remember me" feature isn't working at all. If I wait for an hour or so and hit reload, I'm logged out.
Unfortunately, I don't understand web logins at all, so it's not something I can easily debug myself.
[21:36]
amettehmmm... I never really worked with remember me (at least not to a level that I would know after which time it logs me out)....
.... I just know that it somehow works for me (even over the browser closing/opening session break)...
... but how it really is done - no idea either, I'm afraid!
[21:37]
***NefariousC has joined #tikiwiki [21:38]
ametteBut I think that playing with remember me/cookie path and so on is the only way to go...
... imho, basically it works nicely!
But apart from that you gotta wait for others who have more knowledge.
[21:38]
rlpowellYeah, see, I don't even know what "cookie path" means really.
I've never understood cookies.
[21:39]
ametteoh, ok :)
http://en.wikipedia.org/wiki/HTTP_cookie ;)
basically Tiki saves the login in a cookie - you can clearly see that, when you clear your browser cookies, you are logged out
so the cookie path is something to distinguish different cookies afaik
making sure that the cookie-paths are different makes sure that you distinguish your MultiTiki-instances...
... but why you are logged out that quickly... hmmm...!??!!
[21:39]
MatWho_can anyone help a desperate man fix his user registration tracker? [21:40]
haroldMatWho_: I can't, but I'll let you know that you are not alone - I am having very similar tracker problems [21:41]
MatWho_harold: what are the symptoms? [21:42]
ametteMatWho_ and harold : I used it once, but lots changed - lately there was somewhere posted a link to a tw.o site where it was described - did you search those sites?
and apart from that - yeah, you two guys found each other - probably your exchange will help both of you :)
( and then let others know please )
[21:42]
haroldamette: yes - I have created trackers and assigned them to the "Registered" group, used the user selector - No dice (ie, the fields do not show up as part of the registration process) [21:43]
SEWilco2harold: there is a "none" option for assigning bugs. [21:43]
ametteharold: I remember it as being shown in your "User Preferences" as something like "View personal tracker information"....
... but yes - I heard something about there being a possibility to show those fields at registration time, true! But I think that was after my usage of it.
Search devel-list on sourceforge.net for that, I think...!?!?
[21:44]
haroldamette: so in the end were you able to add those fields to the registration form? [21:45]
ametteno
I found the thing from devel-list: http://doc.tikiwiki.org/tiki-index.php?page=User+tracker
[21:45]
***Caarrie is now known as Caarrie|away [21:46]
haroldamette - Yep, that is what I went through as well [21:47]
ametteok, the post on devel-list said: "Kind-of-found-the-way through irc yesterday, and already briefly
described on doc.tw.o."
so the rest must be experimenting as long as someone finally posts the solution to that doc.tw.o page
( or reading the code )
[21:47]
kerrnel22Any Smarty people on? [21:49]
amettehere's a list of stuff done to tw.o in that regard (there it works partially) and a list of known bugs in that regard, too: http://tikiwiki.org/TikiFestStrasbourg#Distant_participation_agenda [21:49]
kerrnel22kerrnel22 tried eating some Smarties, but they didn't help with his Smarty problem. [21:50]
amettekerrnel22: basic or specific smarty question?
and btw just "ask, don't ask to ask" ;)
[21:50]
***Lucymoz has quit IRC (Read error: 110 (Connection timed out))
ChanServ sets mode: +o amette
[21:50]
MatWho_amette: I have been through the stuff on doc.tw.o but it still does not work. [21:52]
***amette changes topic to: Welcome to TikiWiki IRC channel! Have a question? Just ask, don't ask to ask! TikiWiki 2.0rc4 is out: https://sourceforge.net/project/showfiles.php?group_id=64258 - Please test and report back! see www.tikiwiki.org (tw.o) for more info. Don't paste code/errors here, use http://sh.nu/p instead. Thanks and enjoy! :)
amette changes topic to: Welcome to TikiWiki! - Have a question? Just ask, don't ask to ask! - TikiWiki 2.0rc4 is out: https://sourceforge.net/project/showfiles.php?group_id=64258 Please test and report back! - Don't paste code/errors here, use http://sh.nu/p instead. - Thanks and enjoy! :)
[21:54]
kerrnel22no point asking if there's no Smarty smarties around. :) There are a number of string manipulator functions, but was wondering if they had an equivalent to substr() ? [21:55]
amettewell, it has a point if they are in lib/smarty_tiki - otherwise there is more use of asking in #smarty - and overall it is always more use in asking, than asking to ask ;)
even a smarty smartician can't know if he can answer your question as long as he doesn't know the question - but if you ask the question, it could be that some not so smart smartician reads it and knows the answer by accident - you know? ;)
and also btw - we are trying to establish again a culture of reading back IRC-logs as we are going to establish a new nicely searchable web-IRC-logging...
... yes, that will take some time for people to learn to and get used to it - but it will be essential to be brave enough to throw ones questions just in and on the other hand be disciplined enough to keep discussions on focus...
... focus being "the problem" not "asking for the problem".
( yeah, I know that I'm verbose on IRC, if I'm on IRC - but well, fun has to be - but as topic says "asking to ask" is more unnecessary than fun ;)) )
amette puts his teacher's hat off now :P
[21:57]
SEWilco2SEWilco2 looks at his "Grammar Police" certificate, goes back to sleep. [22:04]
amettesleep well, SEWilco2 :) [22:04]
***ChanServ sets mode: -o amette [22:06]
kerrnel22Normally I just ask, but I've been told in the past with smarty questions to go to #smarty. Unfortunately I am limited to using the Linux-Quebec web portal to #tiki which doesnt' allow access to #smarty or anything.
I'd gladly search the IRC logs if I knew of a place where the log was working.
rc4 is out? I thought rc2 was just released a week or two ago? I haven't seen r3 yet
[22:07]
amettehmm, ok, yeah, that's unfortunate... so four options here: 1. ask and don't ask to ask, 2. ask here with a clean conscience, if it is in lib/smarty_tiki, 3. ask here, if it is smarty in general (not so bad actually), 4. ask in #smarty (no option for you)
first option being highly preferred ;)
yup, it was just today released - no big announcement yet, I just noticed and put it here
"Release early, release often" ;)
[22:09]
kerrnel22what happened to r3? [22:10]
ametteI think it was pretty short-lived... ;) [22:10]
kerrnel22apparently lol [22:10]
amette*g* [22:10]
***Amorphous has quit IRC (verne.freenode.net irc.freenode.net)
Sug4r has quit IRC (verne.freenode.net irc.freenode.net)
ChanServ sets mode: +o amette
[22:11]
MatWho_amette: Hi I have tried many things to get the user registration tracker working. It must be a bug, whats the best way to get it reported? [22:12]
***amette changes topic to: Welcome to TikiWiki! - Have a question? Just ask, don't ask to ask! - TikiWiki 2.0rc4 is out: https://sourceforge.net/project/showfiles.php?group_id=64258 Please test and report back! - Don't paste code/errors here, use http://sh.nu/p instead. - Temporary IRC-logging-solution: http://irc.amette.eu/ - Thanks and enjoy! :)
ChanServ sets mode: -o amette
[22:12]
ametteMatWho_: basically the best solution is to report it on http://dev.tikiwiki.org .... [22:13]
***Amorphous has joined #tikiwiki
Sug4r has joined #tikiwiki
[22:13]
amette... in this special case though - I'd recommend getting in touch with developers interested in it (as this is a moving target right now, so you might very well throw in own ideas for example, too )
MatWho_: as you could see on the WikiPage I posted above: xavi is interested in this (and he actually even posted the devel-list post with the link to the doc.tw.o page - he wrote it) - so I think that asking him and getting involved in the process would be a good thing to do! :)
[22:13]
MatWho_amette: so that answers my first question, what is the best way to contact xavi? [22:15]
ametteisn't his mail-adress public on tw.o? [22:16]
kerrnel22I can't find a similar function to substr...I guess I'll write one
could try edu.tikiwiki.org
Generally I find if you send him a PM on tw.o he'll respond within a day or two
[22:16]
amettekerrnel22: uhm... why? I mean: what is so special about kerrnel22_substr() in difference to substr() ? [22:17]
MatWho_amette: its not there [22:17]
kerrnel22I need it in smartycode not php [22:17]
Petjal2MatWho_, harold: I had the same user tracker username problem earlier in the week (or was it last week...), and sylvieg fixed something, then I did a svn up, and it works now. [22:17]
ametteMatWho_: then do as kerrnel22 said and contact him by tw.o PM or wait for him in here.
kerrnel22: aaah, ok!
[22:17]
MatWho_Petjal2: when did you do the svn and from where? [22:18]
amettekerrnel22: ok, no idea at all then! Ask smarty-people please about how much sense it makes - they will know for sure about any diffuse implications it brings with it - otherwise: welcome to commit it (to smarty even)! :) [22:19]
Petjal2I do a lot of svn up's cuz sylvieg is fixing lots of things all the time, so, sorry I can't recall, but it was within the past week, maybe Monday? svn up https://tikiwiki.svn.sourceforge.net/svnroot/tikiwiki/trunk . [22:19]
MatWho_ok so I will do the same. Thanks. [22:20]
Petjal2Good luck. Let us know... [22:20]
kerrnel22I'll probably have it committed in a few mins. Though I'm getting gunshy lately with commits, even to the trunk. [22:23]
Petjal2Looking through my old IM log with sylvieg, it looks like it was fixed the afternoon of 7//23 US Eastern time. (Wow, time flies...) [22:23]
MatWho_Petjal2: Great thanks [22:25]
amettekerrnel22: yeah, it's good to be gunshy nowadays - though in trunk it is much easier to be promiscuous - it is still wanted and greatly encouraged to be brave, but in trunk you'll have to stand for it for half a year!!
you can do it in an experimental branch (which is encouraged also) for completely and totally free, if you like! But for something like a smarty filter that most absolutely probably is overkill....
... on the other hand I wouldn't promise anything for a smarty filter surviving in trunk without any devel-list discussion proving its relevance beforehand!
So: Do what you gotta do! ;)
I'm off to fetch something to drink now - but be back soon! ;)
[22:31]
kerrnel22It's a very minor addition to the smarty libs. [22:39]
***franck has joined #tikiwiki [22:39]
amettekerrnel22: it might be a minor addition, but it still is an addition and moves us further away from standard smarty - so for example: if it makes us something really special in the smarty community, it is really bad, if we don't commit it back to the smarty community - that's why I asked you to ask in #smarty first, if and how this makes sense
ok - just packed my backpack - now I'm really gone and back in about some couple of dozen of minutes... ;)
[22:41]
kerrnel22Well, if it gets rejected, then I give up. Keep trying to add value and features to tiki and keep hitting roadblocks or complaints. No 'hey that's a decent addition' or 'hey thanks for adding that'. Usually I get "that's got security problems" or "we already have that" and am asked to roll back, even though I've asked in various ways if XX was already in the software. Frustrating.
Nobody cared much when I was working on stuff in 1.9. I don't want to develop just for our site. I think our needs match what the tiki communities needs are, whether they are known or not. I like to think I don't code like a 6th grader and I've got some solid ideas, but I sure don't get that in feedback.
Anyway, been in the office too long today. night, and thanks for the help
[22:47]
***kerrnel22 has quit IRC ("CGI:IRC")
Lucymoz has joined #tikiwiki
SEWilco2 has quit IRC ("ChatZilla 0.9.83 [Firefox 3.0.1/2008070208]")
[22:49]
..... (idle for 20mn)
ParagtimStrange thing happening. I've just uploaded rc4 to a virgin site and have looked at the problem of comments. So 1 x admin a/c and 1 x reg + plus the standard admin log in. 3 Pc's - 1 for each a/c. One is showing a totally different tikiwiki logo than the other 2 and 1 is showing 2 menu tress on the left column. Any ideas whats going on? [23:12]
Petjal2Paragtim: I don't know, but it sounds like tiki and/or browser caching problems (which I have hit several times). [23:25]
ParagtimA rational explanation - thanks - and with that I think it is time to call it a day. Hope for a better day tomorrow [23:27]
***Paragtim has quit IRC ("It's a dud! It's a dud! It's a du...") [23:27]
Petjal2:) [23:27]
francknyloth: got your e-mail, will send an e-mail, may be an announce of RC4 on info.tikwiki.org would be nice
so I can point to it
put in the announce that security issues were fixed after report from Joshua..
anyone can post to info.tw.o ? I don't think I have access to this site
[23:29]
***Lucymoz has quit IRC (Read error: 104 (Connection reset by peer))
Lucymoz has joined #tikiwiki
[23:33]
Caarrie|away is now known as Caarrie [23:43]
NefariousC has quit IRC ()
NefariousC has joined #tikiwiki
NefariousC has quit IRC (Client Quit)
Lucymoz has quit IRC (Read error: 110 (Connection timed out))
[23:48]

←Prev date Next date→ Show only urls(Click on time to select a line by its url)