[00:00] pre tarballs uploading... my first test worked, so it shouldn't be terrible [00:03] what is the I keep seeing? [00:04] kerrnel: a tie fighter ? [00:05] lol [00:05] :) [00:07] *** nkoth3 has quit IRC () [00:07] SEWilco2: no, is not handled by HTML Purifier, it's the var sanitizer and it's a necessary feature for security reasons [00:07] SEWilco2: it seems you try to save a page that contains things that could be seen as dangerous [00:08] nyloth: Aha. That sounds messy. I hope someone familiar with the code comes up with an elegant solution. Goodnight. [00:09] *** SEWilco2 has quit IRC ("ChatZilla 0.9.83 [Firefox 3.0.1/2008070208]") [00:11] no comment :) [00:12] night fols [00:12] folks [00:12] 'night [00:17] http://profiles.tikiwiki.org/tikirel/ [00:17] need testing ;) [00:17] Btw, there really is a problem with HTML Purifier :/ [00:29] lphuberdeau: everything seems fine for me, when trying a fresh install of your tar.bz2 [00:30] 2 more to go [00:31] ok, now I have to sleep, it's very early here :) See you later ! [00:31] *** nyloth has left "Kopete 0.12.7 : http://kopete.kde.org" [00:53] *** chibaguy has joined #tikiwiki [01:00] *** Caarrie|away is now known as Caarrie [01:01] *** bingo has joined #tikiwiki [01:05] *** harold has quit IRC (Read error: 110 (Connection timed out)) [01:05] After way too much effort and flailing, I'm somewhat proud to present the results of my research on my little "registration approval email link to the user_information page" issue. Here is my ./templates/mail/moderate_validation_mail.tpl: http://sh.nu/p/24746 , and here is the svn diff: http://sh.nu/p/24747 The punch-line being: http://{$mail_site}{$tikiroot}tiki-user_information.php?view_user={$mail_user} Commen [01:22] *** bingo has quit IRC (Read error: 110 (Connection timed out)) [01:22] *** Lucymoz has joined #tikiwiki [01:25] *** harold has joined #tikiwiki [01:41] *** srishti has left [01:41] *** srishti has joined #tikiwiki [01:52] *** harold has quit IRC (Read error: 110 (Connection timed out)) [01:57] *** Caarrie is now known as Caarrie|sleeping [02:29] *** NefariousC has quit IRC () [02:30] *** NefariousC has joined #tikiwiki [02:30] *** NefariousC has quit IRC (Client Quit) [02:42] *** franck has joined #tikiwiki [02:44] *** harold has joined #tikiwiki [02:49] *** neil-nms has joined #tikiwiki [02:51] *** neil-nms has left [02:52] *** neil-nms has joined #tikiwiki [03:02] *** Lucymoz has quit IRC (Read error: 110 (Connection timed out)) [03:11] *** mattbmc has quit IRC (Read error: 104 (Connection reset by peer)) [04:04] The commas between parameters in wikiplugins are being stripped out (2.0rc2). [04:17] Actually _all_ commas in wikitext are being stripped out. [04:19] Rrr, the commas are ok at one 2.0 site, sorry. I need to check what file versions are having trouble with commas. [04:42] *** Lucymoz has joined #tikiwiki [05:05] *** franck has left [05:12] Latest svn up, and commas are stripped out in wiki page edit and submit. [05:12] (branch 20) [05:19] (wysiwyg isn't turned on) [05:46] I wonder why I'm logged in as admin but still get a "permission denied" message in the theme switcher module. [05:47] Just for fun, I put {$user} in the module's permission denied message, so now I get "permission denied, admin". :-) [05:55] This is probably due to some problem in my local install -- WAMP setup on XP. If I delete "or $user 'eq'" from the module perm/pref check, it displays ok. [05:56] or $user eq '' [05:58] ... Was "request passcode to register" passcode always 32 characters long? [06:01] *** srishti has quit IRC ("Leaving.") [06:02] *** harold has quit IRC (Read error: 110 (Connection timed out)) [06:03] *** priti has joined #tikiwiki [06:09] *** chibaguy has quit IRC (Read error: 104 (Connection reset by peer)) [06:36] *** chibaguy has joined #tikiwiki [07:02] *** Wilkins has joined #tikiwiki [07:05] *** Lucymoz has quit IRC (Read error: 110 (Connection timed out)) [07:06] *** Wilkins has quit IRC (Remote closed the connection) [07:06] *** Wilkins has joined #tikiwiki [07:09] *** Wilkins has quit IRC (Remote closed the connection) [07:09] *** Wilkins has joined #tikiwiki [07:16] *** Wilkins has quit IRC (Remote closed the connection) [07:17] *** Wilkins has joined #tikiwiki [07:19] *** Amorphous has quit IRC (Read error: 104 (Connection reset by peer)) [07:20] *** Wilkins has quit IRC (Remote closed the connection) [07:20] *** Wilkins has joined #tikiwiki [07:23] *** hooch_ has joined #tikiwiki [07:25] *** hooch has quit IRC (Read error: 104 (Connection reset by peer)) [07:38] *** Jyhem has quit IRC (Read error: 104 (Connection reset by peer)) [07:38] *** Amorphous has joined #tikiwiki [07:51] *** hooch_ is now known as hooch [08:02] *** mattbmc has joined #tikiwiki [08:03] polom [08:08] I'm trying to give total permission to a branch of a structure (not the overall structure though) to one user-group. By setting all permssions to the groups "default" page in the structure (and all subpages) it's working by and large, but I can't seem to get the structure navigation to show up for members of the group. I'm a member of the root structure's group, so I can see it. Is there a way to make the group see the structur [08:08] e nav? [08:09] using 1.10 [08:09] sorry if that's confusing...hopfully not too bad [08:13] btw, the users access is set up for full structure editing and they can do so on other structures present on the site, just not their "private" branch of my root structure. [08:17] *** chibaguy has left [08:20] *** ElDios has joined #tikiwiki [08:28] got it....declared "and all subpages" for the structure root as well as the "branch root".....double-negative apparently. :-) I have to assign page specific perms to the pages above that private branch. [08:29] eh....or maybe I still didn't get it....I'll be back after more testing....let me know (if I'm making sense) if I'm on the right track pls. :-) [08:29] *** tomb has joined #tikiwiki [08:32] ya....change in perms mentioned above made no difference...user of that private group can still see/edit all other structures, even modify all perms assigned to his private branch (as well as all the pages assigned to it), but he can't see the structure. [08:33] not in the Structures page and not the nav within the structure. [08:40] Okay....seems like alternate strategy of managing them under a completely different structure is needed. [08:41] *** ElDios has quit IRC (".") [08:45] *** Paragtim has joined #tikiwiki [08:46] Good morning all [09:00] *** kerrnel has quit IRC (Read error: 104 (Connection reset by peer)) [09:19] *** tomb_ has joined #tikiwiki [09:20] *** tomb_ has quit IRC (Client Quit) [09:27] *** tomb has quit IRC (Remote closed the connection) [09:33] *** tomb has joined #tikiwiki [09:42] *** Jyhem has joined #tikiwiki [09:51] *** tomb_ has joined #tikiwiki [10:03] *** martinalex has joined #tikiwiki [10:18] *** caralluna_ has quit IRC (Client Quit) [10:37] *** nyloth has joined #tikiwiki [10:37] Hi all :) [10:41] *** NefariousC has joined #tikiwiki [10:43] lphuberdeau: around ? [10:45] *** caralluna has quit IRC (Read error: 110 (Connection timed out)) [10:46] *** Caarrie|sleeping is now known as Caarrie [10:52] *** ElDios has joined #tikiwiki [10:53] Guys - How do I stop groups inheiriting permissions? [11:03] *** martinalex has quit IRC (Read error: 110 (Connection timed out)) [11:14] Paragtim: : don't include them [11:19] *** chibaguy has joined #tikiwiki [11:25] Page comments seem a little flakey in latest branch20. If a "reply" link on a page comment is clicked, the comment zone goes away. Then click the "comments" link again and there's the reply-to form, with re: topic and quoted body, ready to use. [11:25] So it works, but in a strange way. ;-) [11:27] This could be a local problem, so others should test page comment functionality in 20rc . [11:31] Ah, on another domain (not laptop), page comments are ok. [11:31] ...so I guess it's a problem with my local files. [11:33] Sorry - Wrong Question - I'm trying to make menus specific to groups (one bog standard for users and 1 for a group to view stats etc. Now both menus are showing. One for Registered and the other for stats [11:34] In the permissions for the stats group it is showing inheirited permission from registered. [11:35] All users at the site are members of Registered by default. [11:36] Oh, I got ahead of myself. Maybe that's not what you're asking... [11:37] The registered user menu is working fine. and I have the mnu_application working for admins only. The problem is the stats group. [11:37] *** NefariousC has quit IRC () [11:38] When I login as a mmber of the stats group both the registered menu and the stats menu show in the left hand column [11:38] Members of stats group are also Registered. [11:40] yep - when I look in the perms for the stats group it is inheiriting the perms from registered. How can I stop stats inheiriting - if that is the problem [11:40] *** lphuberdeau has quit IRC (Remote closed the connection) [11:43] I'm not sure. By definition everyone registered at a site is in the Registered group. [11:45] I currently have 4 groups (registered, Moderators, stats and admin). The Admin group shows the original menu and is displaying as I want it. The registered is displaying fine and as I want it. The problem seem is that the 2 other groups, which by definition need different menu structures are showing 2 menus instead of 1 [11:46] Maybe you could put some code in the module to filter the menu displays -- if stats, show menu a; if not stats show menu b. [11:47] to avoid the problem of Registered being all-inclusive. [11:47] Or use the GROUP wikiplugin, or equivalent Smarty syntax. [11:50] *** martinalex has joined #tikiwiki [11:51] The mnU_application_menu can be set a admin only in the grouping and this works, dispite inheiriting perms from registered. [11:51] Any idea what I'm missing [11:56] *** neil-nms has quit IRC ("Leaving.") [11:58] Admin is a subset of Registered, and you can give view perms to a subset so users outside the set can't view. But Registered includes all non-anonymous groups. So if you assign a view perm to Registered, every subset (non-anon group) can view. [12:00] Admin inherits the perms of Registered, but also has its own, such as to view a particular menu. When an object perm is given to a group, it means _only_ the group gets the perm. [12:00] *** otabz has joined #tikiwiki [12:01] *** priti has left [12:02] (I'm not sure how clear this is -- I haven't thought about perms for a while. :-) ) [12:02] *** priti has joined #tikiwiki [12:05] I think I'm getting confused and confusing everyone else. Is there an easy way, In assigned modules to stop the registered group menu displaying when the user belongs to another group? [12:06] No, the perms are additive, not subtractive, so to speak. [12:06] You need to use logic in a new user module. [12:08] Right - that solves the first part. Can add perms and they carry up the tree from where they are added. [12:08] So where would I start to try and add some logic to get to where i need to go? [12:11] Make a new user module on admin modules page. Then maybe something like {if $group neq "stats"}{menu id=x{else}{menu id=y{/if} [12:12] But I'm not sure if the group variable can work like this. [12:14] *** lphuberdeau has joined #tikiwiki [12:14] You could also create a new group [12:14] ex: members [12:14] Or, use wikisyntax: {GROUP(notgroups=>stats)}{menu id=x}{GROUP} [12:15] nyloth, is everything ok for RC4? [12:15] Yeah, to avoid making another group, though, maybe the GROUP plugin would be the easiest. [12:15] registered, members, Moderators, stats and admin [12:16] And give no rights or views to Registered [12:16] Only to Stats and/or members, as needed [12:17] I've found it in doc.tikiwiki.org. I can't see any ref to the menu id [12:18] Marc - Are you suggested moving permissions up the tree to the other groups? [12:18] sorry suggesting [12:18] yes [12:19] I'll give that a try before first - Thanks guys I'll keep you posted [12:21] *** harold has joined #tikiwiki [12:24] *** marclaporte has quit IRC (Read error: 54 (Connection reset by peer)) [12:26] *** SEWilco has quit IRC (Read error: 110 (Connection timed out)) [12:27] *** Caarrie is now known as Caarrie|away [12:29] *** SEWilco has joined #tikiwiki [12:34] *** chibaguy has quit IRC (Read error: 110 (Connection timed out)) [12:38] lphuberdeau: well, if you can, maybe wait one or two hours to see if there is no new important bug detected. But if you prefer to do it right now, I think it's ok. [12:39] I can wait [12:40] ok :) [12:40] I should be there to help test, in 2 hours [12:45] I've removed all perms from registered and set a group called users with no inheirited perms. When I login as a member of user there is only the one menu. when I login as stats there are still 2 menus [12:47] Paragtim: you may have set stats as inherits the permissions of Registerd [12:48] There are no perms in registered. Removed as per Marcs suggestion. Still open to other suggestions tho [12:55] *** sept has joined #tikiwiki [12:55] nyloth ? [12:55] lphuberdeau ? [12:55] polom [12:56] should I put the new HTMLPurifier in 2.0 before RC4 ? [12:56] there are security fix according to changelog... [12:56] isn't that for 3.0? [12:57] well the question is should we ship tiki2.0 with know vulnerabilities in third party libraries ? [12:57] that's why I ask ! ;p [12:57] I don't even know where it's used [12:57] is it used? [12:57] I just submitted some clean up/optimizations to sanatization.php [12:57] yes... [12:58] well at least we have an option to use HTMLPurifier in the admin panel ! ;p [12:58] what is it used for? [13:02] &search_index in refresh-function.php, to clean up data before indexing... for one [13:02] *** Caarrie|away is now known as Caarrie [13:02] tikilib use it to clean up page code [13:04] if it the user says that the page is HTML... [13:05] for tiki3.0 as it is supposed to be PHP5 only, we will udpate third party libraries to PHP5 versions... [13:05] if the plan is still ok... [13:05] can you check how much is impacted by upgrading the library? [13:07] if it's only replacing the library and no impact on our code, it's probably a good thing [13:08] hi sept [13:09] ok with lphuberdeau for html purifier [13:09] ok to update all libs to PHP5 only for tiki 3.0. [13:11] *** martinalex has quit IRC (Read error: 110 (Connection timed out)) [13:12] *** ricks99 has joined #tikiwiki [13:12] one thing... don't do both at once [13:13] do 2.0 first, let me merge to trunk, then replace in trunk [13:13] (just to save me some pain) [13:17] and I suggest to put it in third_party/htmlpurifier for trunk instead of trunk/lib/htmlpurifier [13:19] +1 [13:29] nyloth : it is not that simple as there are files in lib and lib/HTMLPurifier... [13:29] don't know... [13:30] sept: many files in lib/ ? [13:30] 3 to 4 [13:31] lib/HTMLPurifier.auto.php lib/HTMLPurifier.func.php lib/HTMLPurifier.php [13:31] 3 ... [13:31] lphuberdeau : only modification of lib/HTMLPurifier/* and the 3 files above... [13:32] sept: hmmm... I think it might not be a problem to keep them in lib/ ... have to check [13:32] no other changes required in tiki/no major impact? [13:35] I am testing know... [13:36] sept: IMO it should work fine if those 3 files are put into third_party/htmlpurifier too. we just have to change path of them in files that includes them. [13:38] ugh... update dev.tw.o... commas get kicked out [13:41] with latest version ? strange... [13:42] I just edited a page and all commas are gone [13:43] was it updated since the fix? [13:43] lphuberdeau: oops, yes, I will update it now [13:44] oh, and if you could rollback TikiCoreRFC-1 (which I can't do), it would be great ;) [13:44] dev.tw.o is up-to-date now :) thx [13:45] ok, rolledback [13:46] still no commas on the page [13:48] hmm... looks like the problem was there when I first wrote it [13:48] lphuberdeau : HTMLpurifier 2.1.5 seems to work ok [13:48] with my lasted commit on sanatization.php it should be ok... [13:48] +1 for commit in 2.0 [13:48] ok I do it now... [13:57] ok done [14:00] http://dev.tikiwiki.org/TikiCoreRFC-1 -- now with commas! [14:00] there are now two open positions, any takers? [14:01] In changelog, should we add that we fully support commas ? ;p [14:02] does sound like a 2.0 feature [14:03] :) [14:03] updating trunk in case that bug was in [14:04] are we good for RC4 now? [14:05] sourceforge is going to hate me for overloading their SVN server [14:05] lphuberdeau: about the open positions, for "Define the list of individuals" could be the TAG, not just one guy. There is already a way to take decisions for the TAG, so , should be ok. [14:06] that's OK, but I want a single person to be accountable [14:06] basically the person who will initiate the discussions and publish the results [14:07] lphuberdeau: then I propose that you submit this request to the TAG mailing list, so that will be discussed [14:07] (I'm not on that list) [14:07] (and I think that's just fine) [14:08] lphuberdeau: yes, but I thought you can post on it even if not a subscriber [14:08] but the point is, this is not my proposal, I want many people to be part of it [14:08] if it's only me, I will reject it myself [14:09] lphuberdeau: ok [14:11] lphuberdeau: for RC4, just wait a bit more ;p I have to test something right now [14:11] what ? :D [14:13] sept: well, I wanted to remove from strings that are already converted into html entities because they are not dangerous anymore. I wanted to make a test on the search tool, but I saw that the var used there ($words) is not escaped in template associated php... so I have to find where it is ;p [14:14] my goal is to hide whenever is possible, those to the end user. When we have some in a rendered content, no problem, they are treated as ignored HTML tags. But in inputs/textarea they are shown... It's probably better to remove them [14:15] (some users complained yesterday evening, this is why) [14:15] ok [14:16] yes it is annoying to have somestuff :( [14:16] *** mstef has joined #tikiwiki [14:16] hi all [14:16] hi [14:28] *** marclaporte has joined #tikiwiki [14:41] ok, commited for search and other places (in fact, the search is handled differently and converted in html entities inside tiki-setup_base...) [14:43] it should be ok, maybe just have a look and test if you can :) [14:53] *** ricks99 has quit IRC (Remote closed the connection) [14:58] *** tomb_ has quit IRC (Read error: 113 (No route to host)) [14:58] well, apart from that, I think we are ready for RC4. lph ? [14:59] I just need to fire up the script [14:59] 'k [15:02] *** Darkbee has joined #tikiwiki [15:02] Is there a limit to the number of dynamic variables you can have? [15:03] why would there be? [15:03] *** Lucymoz has joined #tikiwiki [15:04] well, perhaps my question was not phrased well [15:04] obviously there are limits [15:04] computers can only store so many numbers [15:04] I just wondered if for practical purposes there were any limits that humans might have a problem with [15:05] sept: around ? [15:05] or run into [15:06] I found a bug with sanitization and htmlpurifier... hmmm [15:08] strange, I can't reproduce it now... ok, nevermind ;p [15:11] nyloth : yes ? [15:12] i believe i have found a bug in 2.0rc3 regarding freetags and blog posts [15:13] mstef, likely not to be fixed - blogs are low priority at this stage [15:13] *** tomb_ has joined #tikiwiki [15:13] lphuberdeau: i am atm trying to fix it. [15:14] sept: could you please test wysiwyg with htmlpurifier with bad things ? I think it's not ok [15:17] nyloth : do you have exmaples of bad things ? [15:17] yes, many ;p [15:19] sept: look at your mail [15:20] well, in fact I know what is wrong... fckeditor make an unhtmlentities for the wysiwyg... and this reactivate bad things since are removed before htmlentities ... not sure what the best choice is [15:21] [15:21] doesn't work, [15:21] you have : [15:21] ript a=">'>" SRC="http://ha.ckers.org/xss.js">

[15:21] what do you mean by "does not work" ? [15:21] after a save/edit [15:22] the exploit doesn't work... [15:22] well, sure, but in the iframe of the wysiwyg, it works [15:22] no, maybe not this one [15:22] but check your mail and save a page containing the mail body [15:23] nope, no exploit... [15:23] did you test my mail ? [15:23] in wysiwyg [15:23] under FF [15:24] you copy paste all in SOURCE mode of fck + you make a PREVIEW (not a save) [15:24] yes, I am copy/pasting.... [15:24] you will have a warning [15:25] yes... [15:27] either we remove the removal... either we find a solution for fckeditor... what a f***ing s*** :( [15:28] if you have an idea... [15:30] well, what is exactly the pb ? let's me summurize : [15:30] 1) sanatisation clean the exploit and introduce tags [15:30] *** caralluna has joined #tikiwiki [15:30] 2) fckeditor finds tags and removes it ? [15:30] no [15:30] is that right ? [15:31] 2) I modified ./lib/smarty_tiki/modifier.escape.php to remove for strings that will be htmlentitized, since the exploit is no more dangerous in this state [15:31] 3) fckeditor convert back (unhtmlentities) and reactivate exploir [15:32] s/r$/t/ [15:32] for the purpose of wysiwyg, in it's iframe [15:32] well : if I copy/paste your mail in fckeditor I got a problem [15:32] already when copy-pasting ? [15:33] when I click on source I've got the warning... [15:33] so we need to do the clean up in fck [15:33] well, this case is not so important since we can't do nothing and it affects only the bad guy [15:33] when we switch from/to source [15:33] yes [15:34] *** marclaporte has quit IRC (Read error: 104 (Connection reset by peer)) [15:34] but if I do not click on source after pasting, and I click on preview I've got the warning.... [15:34] well I am still the bad guy... [15:35] yes but this case worries me a bit more [15:35] if I click on save, then no warning... [15:36] so a bad guy, can annoy himself... and only himself... [15:37] this can be acceptable, yes... mhhh [15:37] *** caralluna__ has joined #tikiwiki [15:38] well we need to see if it is the only effect... [15:38] but the exploit is not recorded in the database... which is good ! ;p [15:38] sept: no, we are wrong [15:39] sept: try the same without html purifier feature [15:39] sept: copy/paste in source, save, edit, preview [15:40] html purifier does its job, but man can disable the feature (I even think it's disabled by default) [15:47] if there is no more idea, I will convert back <x> into in ./lib/smarty_tiki/modifier.escape.php, instead of removing the tag completely. This should be ok. [15:49] well: we should enable HTMLPurifier for html page and fckeditor [15:50] well it is only used in this case... [15:50] sept: yes, but maybe not for 2.0. It will break other non XHTML strict content... [15:50] sept: we are not ready for this right now, IMO [15:51] sept: I'll commit my proposition in a few seconds, let me know if it's ok for you too [15:53] well HTMLPurifier is called only for page with HTML, in tikilib::create_page [15:53] and update_page [15:59] I've just commited something... could you have a look please ? [16:00] yes, I know, but the same problem may exist with other parts of the code (not only fckeditor) [16:00] and I think we should support XHTML transitional in HTMLPurifier before enabling it all the time [16:01] *** Caarrie is now known as Caarrie|away [16:03] *** MatWho has joined #tikiwiki [16:04] nyloth : I don't understand what you are saying... did you read what I told you ? [16:05] lol [16:05] *** MatWho_ has joined #tikiwiki [16:06] maybe I misunderstood you, what do you suggest exactly then ? [16:06] *** MatWho_ has left [16:06] we have problem with page that include HTML right ? [16:07] yes, and probably in other places too, as I said (but not sure) [16:07] the sanatization.php takes care to remove exploits, right ? [16:07] yes [16:07] or not remove, but disable [16:07] we only have pb with page parsed by HTMLpurifier ? [16:08] no [16:08] ok [16:08] It's worse if not parsed by html purifier [16:08] we have pb with page we they do to fck ? [16:09] we they do ? [16:09] well if parsed by HTMLpurifier, could be removed, reactivating the exploit no ? [16:09] no [16:09] well I'am puzzled at the problem you are looking at [16:09] HTMLPurifier leaves them and add to close them [16:09] * sept stupid [16:09] lol [16:10] well I still don't understand what your are trying to achive :( [16:10] ok, let me explain :) [16:10] please... [16:11] I wanted to hide in textarea, inputs, etc. So, to achieve this, I changed lib/smarty_tiki/modifier.escape.php to remove them before doing an htmlentities [16:12] But I was supposing that the encoded string won't be reverted into dangerous data back [16:12] It was wrong since it's done by fckeditor [16:12] In fact, nothing to do with purifier [16:12] So, I just changed my commit to convert <x> into AFTER htmlentities [16:13] then I got lost by : sept: try the same without html purifier featur [16:13] this way, dangerous things are still disabled [16:13] *** marclaporte has joined #tikiwiki [16:14] sept: I said "without html purifier" because you thought it was not dangerous when saving... and it was wrong if disabling HTMLPurifier. HTMLPurifier removes bad things. [16:14] sept: so, it was to show you that we could not leave the code as it was. [16:15] sept: and forcing HTMLPurifier is not a good option because it only applies to wiki page [16:15] only for page with html, so if you use the normal editor and do not click on is html, you don't go through Purifier... [16:16] So, the way it's made now will hide in many places without risks... but sadly, they are shown in textarea... well, no better solution yet [16:17] ok, should we try to have less false positive ? [16:17] yes, so forcing it is not a solution [16:18] no... [16:18] sept: so, we probably agree on this point since the beginning ;pp [16:18] well yes I got confused by one of your remarks... [16:19] well, I'm not sure there is still really annoying false positive (except that all inline stylesheets won't work in wiki pages, but it's more careful) [16:19] ok :) [16:19] ok so the pb is that you have tags all over the place right ? [16:20] well, with my modification of lib/smarty_tiki/modifier.escape.php , it's not in so much places... but still in wiki textarea for example [16:20] well I don't see that as a pb... don't try to influence the style in user input HTML... seems reasonnable to me ! ;p [16:20] for textareas, I don't have any clue to hide them without removing them... which may be dangerous [16:20] sept: for css, I agree, yes [16:21] well ... I think we could accept in textareas for 2.0 [16:22] maybe we could discuss this tomorrow when we will be in the same room : ;p [16:22] only affects wysiwyg? [16:22] sept: sure :) [16:23] for wysiwig the exploit is run only on the browser the bad guy is... [16:23] yes, not a real problem [16:23] that's OK with me [16:23] nyloth I feel unconfortable to hide/delete what ever the tags... [16:23] not really an XSS... and anyone can hack their own computer [16:24] right... [16:24] sept: well, do you have something against the current solution (in SVN) ? [16:24] *** Wilkins has quit IRC (Remote closed the connection) [16:25] I need to test this [16:25] so I put style or javascript in my page right ? [16:25] sept: not so simple, at least javascript: [16:25] or style= [16:25] and then I have javascript: ? [16:26] yes, but only in the textarea [16:26] and in source code of what is rendered [16:26] but this is not seen in the browser [16:27] hum... no, not in the source code too (I'm tired :) ) [16:27] well in fckeditor to... [16:28] yes, forgot my last remark ;p [16:28] so, this seems ok for me [16:29] well the pb is that you search for exploit in flat files without the DOM context so you have lots of false positive [16:29] there is no good solution, I my opinion [16:30] well no perfect solution [16:30] sept: stop :) we agree on this and you know my position about this for 3.0 .... but for 2.0, we have no better way yet [16:30] exactly [16:30] yes [16:30] for 2.0 it can be ok [16:30] ok ;) [16:31] I think... [16:31] lphuberdeau: so, finally, RC4 :) [16:31] sept: me too, we've done our best for now I think [16:32] the problem is with the combination of user input, like in trackers... where the exploit is splitted ... [16:32] ... phone... bbl [16:32] we will have to check the output of smarty [16:32] to be on the safe side... [16:35] sept: I agree. could you commit something with HTMLPurifier on 3.0 (for smarty output) ? :-) [16:35] sept: It would be nice ;p [16:36] so, it's a go for RC4? [16:38] well if there is no more things on the showstopper list ! ;p [16:39] nyloth : I will try... but not today ! ;p [16:41] fired up [16:44] sept: ok :) [16:45] sept: not a so huge work, you know ? ;-p [16:46] *** ElDios has quit IRC (".") [16:46] well I am on something annoying right now... [16:47] sept: for Tiki ? [16:50] *** Redhatter has quit IRC (Read error: 110 (Connection timed out)) [16:56] nyloth : yes... [16:56] templates/tiki-admin_trackers.tpl is not nice ! ;p [16:56] well it is better now : ;p [16:56] :) [16:57] *** rodrigo_sampaio has joined #tikiwiki [16:58] uploading... [17:08] *** lphuberdeau has quit IRC (Read error: 104 (Connection reset by peer)) [17:10] *** lphuberdeau has joined #tikiwiki [17:12] *** SEWilco2 has joined #tikiwiki [17:21] *** nkoth3 has joined #tikiwiki [17:21] *** MatWho_ has joined #tikiwiki [17:21] hi all [17:34] *** tomb_ has quit IRC ("Ex-Chat") [17:42] http://profiles.tikiwiki.org/tikirel/ -- gz and bz2 ready for testing [17:44] *** Caarrie|away is now known as Caarrie [17:46] * Darkbee can't wait: {COUNTDOWN (enddate=Second Week in August)} days til v2.0 release{COUNTDOWN} [17:47] *** SEWilco2 has quit IRC ("ChatZilla 0.9.83 [Firefox 3.0.1/2008070208]") [17:49] *** SEWilco2 has joined #tikiwiki [17:50] *** sept has quit IRC (Read error: 113 (No route to host)) [17:52] second week? [17:53] isn't that when it's due for release? [17:54] I thought that was what I read somewhere [17:56] lphuberdeau: the tar.bz2 works fine for me for an update of existing 2.0 and for a fresh 2.0 install. Also tested stuff that seems acceptable. [17:56] sounds good, two more to go [17:57] SEWilco2: hi, did you test 2.0 RC4 to see if it's better for you ? [17:57] zip now ready [17:58] Hi all. In IE7, my tw trunk/head 13972 geo-light.css site is too wide (zoom and text are set at 100% and medium). In firefox, it looks fine. The relevant links from view-source seem to be: [17:58]
[17:58]
[17:58] Any ideas? Should the midtbl be 100% or something more like 70 or 80%? Thanks. [17:59] nyloth: RC4 exists? Will try it. Been busy setting up for big file upload with Search indexing. [17:59] s/links/lines/ [17:59] http://profiles.tikiwiki.org/tikirel/ (prereleases) [17:59] SEWilco2: the tarballs are in test and if ok they will be uploaded to sourceforge [18:01] lphuberdeau: I think you can also launch a merge to trunk [18:01] nyloth: 'svn update' under way. Thanks. [18:01] will do after RC4 is fully packaged [18:01] SEWilco2: of branches/2.0 or trunk ? [18:01] lphuberdeau: ok :) [18:01] sewilico2, we need people to test tarballs ;) [18:02] nyloth: SVN 2.0 Stable. Interesting bunch of file updates. [18:02] ok [18:03] so hard to get 3 tests [18:04] lphuberdeau: probably not the best hour of the day... [18:04] I'm trying to figure out how the 2.0 SEFURL code works (I think I have to learn about Smarty modifiers); should I create SEFURL fixes for 2.0 Stable or trunk? [18:04] tomb: around ? [18:05] *** otabz has left [18:05] SEWilco2: for trunk only, now [18:05] SEWilco2: In stable, only bugfixes, major critical bugs, and translations [18:05] s/bugfixes/secutiry fixes/ [18:05] I could argue SEFURL performs translations. :-) [18:06] SEWilco2: http://dev.tikiwiki.org/tiki-index.php?page=Where+to+commit [18:06] SEWilco2: lol yes, but ... no :) [18:07] nyloth: there is no good time of the day [18:08] lphuberdeau: maybe, but it seems there is quite nobody here right now :) [18:08] next time I hear discussions, I'll announce tarball tests, then you will hear the silence ;) [18:08] *** priti has left [18:09] lol :) [18:09] *** Deepak has joined #tikiwiki [18:09] I've got a new clean default install of 13973 if you need me to test anything on it. I can svn switch it to something else if you like. [18:09] Deepak: So, are your tests of TikiWiki 2.0 RC4 tarballs ok ? [18:09] :) [18:10] Petjal2: well, in fact we just need to test tarballs, right now, to send them to sourceforge if ok. [18:10] *** srishti has joined #tikiwiki [18:11] OK. Let me know how this noob can help. [18:12] http://profiles.tikiwiki.org/tikirel/ (preRC4 tarballs to test) [18:14] *** Deepak has left [18:14] *** Deepak has joined #tikiwiki [18:25] I want to stress test my TW server...and maybe some scripts would help test TW versions. Any suggestions for HTTP scripted load tools? [18:32] ok.. so I tested the tarball, nyloth did as well, and we had tests of svn at same version [18:33] and no files are corrupt [18:33] will have to call this a go [18:34] can't wait forever [18:40] *** martinalex has joined #tikiwiki [18:46] fwiw, sha1 and ripemd160 of the 2.0.preRC4 tarballs here: http://sh.nu/p/24748 [18:57] ...and a signed listing here http://sh.nu/p/24749 [19:16] *** uSlacker has quit IRC (Remote closed the connection) [19:22] polom [19:22] *** RK has quit IRC ("using sirc version 2.211+KSIRC/1.3.12") [19:38] Hi - is there any way to assign view / edit permissions for a group to an entire category? I am really stumped trying to find out how [19:38] Have already looked here - http://doc.tikiwiki.org/tiki-index.php?page=Category+Admin&bl=y [19:39] harold: I think that is described in a 2.0 document... hold on. [19:41] harold: part is in here... the "edit content in categories" refers to being able to edit articles which are in a group-permitted category. http://tikiwiki.org/ReleaseNotes20&bl=n [19:41] I've got another tab someplace with the details... [19:43] Thanks SEWilco2 - so, if I understand you correctly, I cannot assign groupwide edit permissions to a category in 1.9.1 (which I am currently running) [19:44] harold: Part of the missing piece is here: http://doc.tikiwiki.org/tiki-index.php?page=groups [19:44] harold: Mostly correct. One of the 2.0 documents mentions 1.9.11 has the 2.0 capability partially implemented under a different permission name. [19:45] harold: There is no 1.9.11 tool for activating the new permission; I have not tested it, only looked at its code. [19:46] harold: Thus, because I also need the new permission, I'm switching to 2.0 if possible. [19:46] ok - so outside of upgrading to 2.0 there's no easy way to assign the edit content in a category to a group within 1.9,1? [19:47] Can someone tell me the trick for getting comments on to the page for groups other than admin. I'm pretty sure I 've ticked all the boxes. Its works for admin but nothing else !! [19:47] harold: without the new permission, anyone with edit permission is able to edit anything which they can view. The new permission allows only editing of things which are in a category which has the edit permission attached to it. [19:48] Paragtim: Maybe there is a permission related to comments? Look under Admin>Groups at the permission for the group which can't use Comments. Try the "find" tool for "comment". [19:49] harold: Before 2.0 there was only a global edit permission. The new 2.0 permission allows edit permission to be controlled through categorization. If I understand it correctly. [19:55] Found 7 and they are all selected - still nothing in the registered group but working fine in the admin group [19:58] Paragtim: Clear your cache in Admin>Sys Admin? [19:59] *** nkoth3 has quit IRC () [19:59] Sys Admin? [20:00] *** Lucymoz has quit IRC (Read error: 104 (Connection reset by peer)) [20:00] *** Lucymoz has joined #tikiwiki [20:01] Found it [20:01] https://sourceforge.net/project/showfiles.php?group_id=64258&package_id=266122&release_id=616722 [20:04] Not worked - Rebooted as well - still the same as before [20:05] Paragtim: I'm puzzled then. Which TW version? 1.9.11? [20:05] 1.10 [20:05] 1.10 does not exist anymore [20:06] 1.10.0b1 [20:07] upgrade to 2.0RC4 [20:07] re-labeled the version [20:08] what damage will it do to my system - permissions, features etc? [20:10] Paragtim: 1. It can't hurt to do a database backup just in case. 2. You can put 2.0RC4 in a directory of its own and point it at the same database (or a copy). [20:10] Just did a release check and it came back as 1.10.0b1 - !!! [20:11] but 2.0 is really 1.10 with more fixes [20:11] download is available from sourceforge [20:11] where can I get it? [20:13] Paragtim: https://sourceforge.net/project/showfiles.php?group_id=64258&package_id=266122&release_id=616722 [20:13] *** lphuberdeau has quit IRC (Remote closed the connection) [20:21] *** Darkbee has quit IRC ("Miranda IM! Smaller, Faster, Easier. http://miranda-im.org") [20:25] *** kerrnel22 has joined #tikiwiki [20:40] *** Caarrie is now known as Caarrie|away [20:43] *** lphuberdeau has joined #tikiwiki [20:44] Is a MIME type converter needed for plain text files which are uploaded to a File Directory, in order to enable text search of plain text files? "cat %1"? [20:48] *** martinalex has quit IRC (Read error: 110 (Connection timed out)) [20:49] *** rodrigo_sampaio has quit IRC ("Leaving.") [20:51] *** lepei has joined #tikiwiki [20:51] *** MacLeod has joined #tikiwiki [20:52] i! [20:52] hi! [20:52] *** lepei has quit IRC (Client Quit) [20:55] I'm confusing about the 2.0 release status. [20:56] The release notes page (http://tikiwiki.org/ReleaseNotes20) sez that it "was released in July 2008" [20:57] RC was [20:57] That doesn't seem to jive with the Topic msg in this channel, or the news on the home page. [20:57] RC4 was released earlier today [20:58] is that considered stable? [20:58] MacLeod: hi, this probably means "technical release" or "creation of 2.0" ... but as lphuberdeau says, we are in RC stage and the stable release will probably be out in something like one or two weeks [20:58] MacLeod: quite stable, yes, you can test it :) [20:58] I aim for next week, but that's all right [20:58] ah, OK [20:58] thanks for the clarification [20:58] lphuberdeau: ok [20:59] *** ElDios has joined #tikiwiki [20:59] unless we get something critical, I don't expect much more movement on that branch, except maybe translations [21:00] how's WYSIWYG working? [21:00] incidentally, we're planning to do our corporate-wide launch of our 1.9.11 Tiki by the end of this week [21:01] might be good to consider 2.0 then [21:01] it's been in a sort of beta mode for months now, and the last few prereqs are being wrapped up [21:01] i don't think our contractors could do the upgrade by the end of the week [21:01] do you have custom code? [21:02] no, just template mods [21:02] we'll announce with 1.9.11, and have them upgrade as they can get to it [21:05] *** marclaporte has quit IRC (Read error: 110 (Connection timed out)) [21:05] *** mstef has left "Leaving." [21:20] MacLeod: I'm in the middle of planning for our upgrade from 1.9.11 to 2.0. It's actually not bad. [21:21] A couple of minor items with the template we've been running, and some tracker issues, but nothing major [21:22] The upgrade itself was pretty simple. I started Monday this week and am now working on tweaking our existing tracker database to be compatible with 2.0 (we made some changes in 1.9.11 that exist differnetly in 2.0) [21:23] I'd recommend upgrading. Especially so close to the 2.0 launch. [21:24] Answering my own question: Looks like uploaded text files are not indexed unless text/plain has a handler such as "cat %1", based upon filegallib.php [21:27] * MacLeod waves [21:27] *** MacLeod has quit IRC ("CGI:IRC 0.5.9 (2006/06/06)") [21:27] * SEWilco2 holds on tightly to the gunwales, and waits for the waves to pass. [21:28] Hi, I have a category permission bug to report - who is the brave soul to whom I can assign it :) ? [21:29] hi all having a problem getting the user name to be added to a tracker during registration. I have followed the instructions on doc.tw.o. All my additional fields get stored just missing the vital user name. Tanks [21:30] @test [21:32] *** Caarrie|away is now known as Caarrie [21:34] *** rlpowell has joined #tikiwiki [21:34] "remember me" hates me. :( [21:35] I remember you - long time not seen, rlpowell - nice to have you here! :) [21:35] Hi. [21:35] heya ho :) [21:35] I only come here when I'm having problems, I'm afraid. :) [21:35] Mostly Tiki is nice to me and Just Works (tm). [21:35] hmm, ok, that makes you a little bit awkward... ;P [21:36] well, that's good to hear - so that makes up for it! :D [21:36] I do contribute back any fixes I write though, so I'm not a completely bad person. :D [21:36] ok, then you're really totally and completely excused! ;) [21:36] Right now I've got a multitiki where the "remember me" feature isn't working at all. If I wait for an hour or so and hit reload, I'm logged out. [21:37] Unfortunately, I don't understand web logins at all, so it's not something I can easily debug myself. [21:37] hmmm... I never really worked with remember me (at least not to a level that I would know after which time it logs me out).... [21:37] .... I just know that it somehow works for me (even over the browser closing/opening session break)... [21:37] ... but how it really is done - no idea either, I'm afraid! [21:38] *** NefariousC has joined #tikiwiki [21:38] But I think that playing with remember me/cookie path and so on is the only way to go... [21:38] ... imho, basically it works nicely! [21:38] But apart from that you gotta wait for others who have more knowledge. [21:39] Yeah, see, I don't even know what "cookie path" means really. [21:39] I've never understood cookies. [21:39] oh, ok :) [21:39] http://en.wikipedia.org/wiki/HTTP_cookie ;) [21:39] basically Tiki saves the login in a cookie - you can clearly see that, when you clear your browser cookies, you are logged out [21:40] so the cookie path is something to distinguish different cookies afaik [21:40] making sure that the cookie-paths are different makes sure that you distinguish your MultiTiki-instances... [21:40] ... but why you are logged out that quickly... hmmm...!??!! [21:40] can anyone help a desperate man fix his user registration tracker? [21:41] MatWho_: I can't, but I'll let you know that you are not alone - I am having very similar tracker problems [21:42] harold: what are the symptoms? [21:42] MatWho_ and harold : I used it once, but lots changed - lately there was somewhere posted a link to a tw.o site where it was described - did you search those sites? [21:42] and apart from that - yeah, you two guys found each other - probably your exchange will help both of you :) [21:42] ( and then let others know please ) [21:43] amette: yes - I have created trackers and assigned them to the "Registered" group, used the user selector - No dice (ie, the fields do not show up as part of the registration process) [21:43] harold: there is a "none" option for assigning bugs. [21:44] harold: I remember it as being shown in your "User Preferences" as something like "View personal tracker information".... [21:44] ... but yes - I heard something about there being a possibility to show those fields at registration time, true! But I think that was after my usage of it. [21:44] Search devel-list on sourceforge.net for that, I think...!?!? [21:45] amette: so in the end were you able to add those fields to the registration form? [21:45] no [21:46] I found the thing from devel-list: http://doc.tikiwiki.org/tiki-index.php?page=User+tracker [21:46] *** Caarrie is now known as Caarrie|away [21:47] amette - Yep, that is what I went through as well [21:47] ok, the post on devel-list said: "Kind-of-found-the-way through irc yesterday, and already briefly [21:47] described on doc.tw.o." [21:48] so the rest must be experimenting as long as someone finally posts the solution to that doc.tw.o page [21:48] ( or reading the code ) [21:49] Any Smarty people on? [21:49] here's a list of stuff done to tw.o in that regard (there it works partially) and a list of known bugs in that regard, too: http://tikiwiki.org/TikiFestStrasbourg#Distant_participation_agenda [21:50] * kerrnel22 tried eating some Smarties, but they didn't help with his Smarty problem. [21:50] kerrnel22: basic or specific smarty question? [21:50] and btw just "ask, don't ask to ask" ;) [21:50] *** Lucymoz has quit IRC (Read error: 110 (Connection timed out)) [21:51] *** ChanServ sets mode: +o amette [21:52] amette: I have been through the stuff on doc.tw.o but it still does not work. [21:54] *** amette changes topic to: Welcome to TikiWiki IRC channel! Have a question? Just ask, don't ask to ask! TikiWiki 2.0rc4 is out: https://sourceforge.net/project/showfiles.php?group_id=64258 - Please test and report back! see www.tikiwiki.org (tw.o) for more info. Don't paste code/errors here, use http://sh.nu/p instead. Thanks and enjoy! :) [21:55] *** amette changes topic to: Welcome to TikiWiki! - Have a question? Just ask, don't ask to ask! - TikiWiki 2.0rc4 is out: https://sourceforge.net/project/showfiles.php?group_id=64258 Please test and report back! - Don't paste code/errors here, use http://sh.nu/p instead. - Thanks and enjoy! :) [21:55] no point asking if there's no Smarty smarties around. :) There are a number of string manipulator functions, but was wondering if they had an equivalent to substr() ? [21:57] well, it has a point if they are in lib/smarty_tiki - otherwise there is more use of asking in #smarty - and overall it is always more use in asking, than asking to ask ;) [21:59] even a smarty smartician can't know if he can answer your question as long as he doesn't know the question - but if you ask the question, it could be that some not so smart smartician reads it and knows the answer by accident - you know? ;) [22:01] and also btw - we are trying to establish again a culture of reading back IRC-logs as we are going to establish a new nicely searchable web-IRC-logging... [22:02] ... yes, that will take some time for people to learn to and get used to it - but it will be essential to be brave enough to throw ones questions just in and on the other hand be disciplined enough to keep discussions on focus... [22:02] ... focus being "the problem" not "asking for the problem". [22:03] ( yeah, I know that I'm verbose on IRC, if I'm on IRC - but well, fun has to be - but as topic says "asking to ask" is more unnecessary than fun ;)) ) [22:03] * amette puts his teacher's hat off now :P [22:04] * SEWilco2 looks at his "Grammar Police" certificate, goes back to sleep. [22:04] sleep well, SEWilco2 :) [22:06] *** ChanServ sets mode: -o amette [22:07] Normally I just ask, but I've been told in the past with smarty questions to go to #smarty. Unfortunately I am limited to using the Linux-Quebec web portal to #tiki which doesnt' allow access to #smarty or anything. [22:08] I'd gladly search the IRC logs if I knew of a place where the log was working. [22:09] rc4 is out? I thought rc2 was just released a week or two ago? I haven't seen r3 yet [22:09] hmm, ok, yeah, that's unfortunate... so four options here: 1. ask and don't ask to ask, 2. ask here with a clean conscience, if it is in lib/smarty_tiki, 3. ask here, if it is smarty in general (not so bad actually), 4. ask in #smarty (no option for you) [22:09] first option being highly preferred ;) [22:10] yup, it was just today released - no big announcement yet, I just noticed and put it here [22:10] "Release early, release often" ;) [22:10] what happened to r3? [22:10] I think it was pretty short-lived... ;) [22:10] apparently lol [22:10] *g* [22:11] *** Amorphous has quit IRC (verne.freenode.net irc.freenode.net) [22:11] *** Sug4r has quit IRC (verne.freenode.net irc.freenode.net) [22:11] *** ChanServ sets mode: +o amette [22:12] amette: Hi I have tried many things to get the user registration tracker working. It must be a bug, whats the best way to get it reported? [22:12] *** amette changes topic to: Welcome to TikiWiki! - Have a question? Just ask, don't ask to ask! - TikiWiki 2.0rc4 is out: https://sourceforge.net/project/showfiles.php?group_id=64258 Please test and report back! - Don't paste code/errors here, use http://sh.nu/p instead. - Temporary IRC-logging-solution: http://irc.amette.eu/ - Thanks and enjoy! :) [22:12] *** ChanServ sets mode: -o amette [22:13] MatWho_: basically the best solution is to report it on http://dev.tikiwiki.org .... [22:13] *** Amorphous has joined #tikiwiki [22:13] *** Sug4r has joined #tikiwiki [22:13] ... in this special case though - I'd recommend getting in touch with developers interested in it (as this is a moving target right now, so you might very well throw in own ideas for example, too ) [22:14] MatWho_: as you could see on the WikiPage I posted above: xavi is interested in this (and he actually even posted the devel-list post with the link to the doc.tw.o page - he wrote it) - so I think that asking him and getting involved in the process would be a good thing to do! :) [22:15] amette: so that answers my first question, what is the best way to contact xavi? [22:16] isn't his mail-adress public on tw.o? [22:16] I can't find a similar function to substr...I guess I'll write one [22:16] could try edu.tikiwiki.org [22:17] Generally I find if you send him a PM on tw.o he'll respond within a day or two [22:17] kerrnel22: uhm... why? I mean: what is so special about kerrnel22_substr() in difference to substr() ? [22:17] amette: its not there [22:17] I need it in smartycode not php [22:17] MatWho_, harold: I had the same user tracker username problem earlier in the week (or was it last week...), and sylvieg fixed something, then I did a svn up, and it works now. [22:17] MatWho_: then do as kerrnel22 said and contact him by tw.o PM or wait for him in here. [22:18] kerrnel22: aaah, ok! [22:18] Petjal2: when did you do the svn and from where? [22:19] kerrnel22: ok, no idea at all then! Ask smarty-people please about how much sense it makes - they will know for sure about any diffuse implications it brings with it - otherwise: welcome to commit it (to smarty even)! :) [22:19] I do a lot of svn up's cuz sylvieg is fixing lots of things all the time, so, sorry I can't recall, but it was within the past week, maybe Monday? svn up https://tikiwiki.svn.sourceforge.net/svnroot/tikiwiki/trunk . [22:20] ok so I will do the same. Thanks. [22:20] Good luck. Let us know... [22:23] I'll probably have it committed in a few mins. Though I'm getting gunshy lately with commits, even to the trunk. [22:23] Looking through my old IM log with sylvieg, it looks like it was fixed the afternoon of 7//23 US Eastern time. (Wow, time flies...) [22:25] Petjal2: Great thanks [22:31] kerrnel22: yeah, it's good to be gunshy nowadays - though in trunk it is much easier to be promiscuous - it is still wanted and greatly encouraged to be brave, but in trunk you'll have to stand for it for half a year!! [22:32] you can do it in an experimental branch (which is encouraged also) for completely and totally free, if you like! But for something like a smarty filter that most absolutely probably is overkill.... [22:32] ... on the other hand I wouldn't promise anything for a smarty filter surviving in trunk without any devel-list discussion proving its relevance beforehand! [22:33] So: Do what you gotta do! ;) [22:33] I'm off to fetch something to drink now - but be back soon! ;) [22:39] It's a very minor addition to the smarty libs. [22:39] *** franck has joined #tikiwiki [22:41] kerrnel22: it might be a minor addition, but it still is an addition and moves us further away from standard smarty - so for example: if it makes us something really special in the smarty community, it is really bad, if we don't commit it back to the smarty community - that's why I asked you to ask in #smarty first, if and how this makes sense [22:41] ok - just packed my backpack - now I'm really gone and back in about some couple of dozen of minutes... ;) [22:47] Well, if it gets rejected, then I give up. Keep trying to add value and features to tiki and keep hitting roadblocks or complaints. No 'hey that's a decent addition' or 'hey thanks for adding that'. Usually I get "that's got security problems" or "we already have that" and am asked to roll back, even though I've asked in various ways if XX was already in the software. Frustrating. [22:49] Nobody cared much when I was working on stuff in 1.9. I don't want to develop just for our site. I think our needs match what the tiki communities needs are, whether they are known or not. I like to think I don't code like a 6th grader and I've got some solid ideas, but I sure don't get that in feedback. [22:49] Anyway, been in the office too long today. night, and thanks for the help [22:49] *** kerrnel22 has quit IRC ("CGI:IRC") [22:51] *** Lucymoz has joined #tikiwiki [22:52] *** SEWilco2 has quit IRC ("ChatZilla 0.9.83 [Firefox 3.0.1/2008070208]") [23:12] Strange thing happening. I've just uploaded rc4 to a virgin site and have looked at the problem of comments. So 1 x admin a/c and 1 x reg + plus the standard admin log in. 3 Pc's - 1 for each a/c. One is showing a totally different tikiwiki logo than the other 2 and 1 is showing 2 menu tress on the left column. Any ideas whats going on? [23:25] Paragtim: I don't know, but it sounds like tiki and/or browser caching problems (which I have hit several times). [23:27] A rational explanation - thanks - and with that I think it is time to call it a day. Hope for a better day tomorrow [23:27] *** Paragtim has quit IRC ("It's a dud! It's a dud! It's a du...") [23:27] :) [23:29] nyloth: got your e-mail, will send an e-mail, may be an announce of RC4 on info.tikwiki.org would be nice [23:29] so I can point to it [23:30] put in the announce that security issues were fixed after report from Joshua.. [23:32] anyone can post to info.tw.o ? I don't think I have access to this site [23:33] *** Lucymoz has quit IRC (Read error: 104 (Connection reset by peer)) [23:33] *** Lucymoz has joined #tikiwiki [23:43] *** Caarrie|away is now known as Caarrie [23:48] *** NefariousC has quit IRC () [23:49] *** NefariousC has joined #tikiwiki [23:49] *** NefariousC has quit IRC (Client Quit) [23:52] *** Lucymoz has quit IRC (Read error: 110 (Connection timed out))