WYSIWYG Editor for BB-Code
from PEAK XOOPS Support&Experiment
(2006/8/11 5:53)
|
All WYSIWYG Editors for XOOPS is potentially vulnerable. Because such WYSIWYG Editors need the setting of "HTML Allow". Of course, you don't allow HTML for anonymous access. It cause Script Insertion (HTML Injection) easily. But it is not so safe that you allow HTML only for admin or incredible users. It cause some kind of XSS+CSRF combination attacks without well desgined protection. - disallow HTML - WYSIWYG environment Though it looks that two conditions conflict each other, I imagine a better solution. - pass the content to WYSIWYG editors with HTML converted - store the content into DB with BBCode converted This is the solution. To achive it, I have to implement two converters. (1) BBCode -> HTML (2) HTML -> BBCode Of course, (2) is the key. Perhaps, I also have to write some hacks to expand BBCode. This is just an idea now. But it will be the best solution for compatibility of usability with security, I believe.
|
Compatibility between D2 modules and Cube 2.1
from PEAK XOOPS Support&Experiment
(2006/8/10 5:57)
|
TinyD, xhld, piCal, myAlbum-P don't work fine with Cube 2.1 There are two reasons. - Wrong Overriding MyTextSanitizer TinyD and MyAlbum-P has just fixed and released as compatible version with Cube 2.1. - depending system module Install system module into Cube 2.1 till TinyD, xhld, piCal, myAlbum-P will be replaced D3 modules.
|
Compatibility between D3 modules and Cube 2.1 alpha4
from PEAK XOOPS Support&Experiment
(2006/8/9 7:10)
|
I've just fixed the compatibility between Dupilcatable V3 module and Cube 2.1 alpha4. It is quite regrettable that Cube 2.1 alpha4's call() does not pass the controller itself. I have to use ob_start() with cheap tricks. (This is just my misunderstanding.)
|
xhnewbb with good HTML
from PEAK XOOPS Support&Experiment
(2006/8/7 5:18)
|
jidaikobo who is a well-skilled HTML designer has rebuilt all templates of xhnewbb. This version is being released as xhnewbb-1.30beta http://www.peak.ne.jp/support/xoops/xhnewbb-1.3.tar.gz Good HTML raise accessibitities of the site. jidaikobo is a famous accessibility designer too. The forum of this site is updated into xhnewbb-1.30beta, you can look it here.
|
Presentation in XTC2006
from PEAK XOOPS Support&Experiment
(2006/8/6 5:19)
|
XTC: Xoopscube Tokai Conference A Conference about XOOPS Cube at Nagoya Japan held on 29th July 2006. This is a powerpoint file using in XTC2006. http://www.peak.ne.jp/support/XTC2006/gijoe_xtc2006.ppt.zip
|
The right way to customize templates
from PEAK XOOPS Support&Experiment
(2006/8/5 17:03)
|
for light customizing 1. intall altsys 2. altsys -> templates -> Create a new set -> Base: [(blank)] -> name: [custom] -> push [create] 3. system -> preferences -> general -> template sets -> set [custom] (1,2,3 is a step for preparation. repeat 4 and 5 as necessary.) 4. select the template you want to customize in the default col, and select [custom] as to: in the default col. Then push [COPY]. 5. edit the templates in custom col. for heavy customizing 0. set up XSAS, and prepare templates folder just under theme folder (eg XOOPS_ROOT_PATH/themes/mytheme/templates¡Ë 1,2,3 same as light version 4. Copy all of templates from DB-default to DB-custom 5. download templates via altsys -> Advanced Templates -> Download Templates -> [custom] 6. extract the archive and copy each html files into the templates/ folder built on step 0 7. edit mainfile.php under XSAS, and insert a line like this. if (!isset($xoopsOption['nocommon'])) {i ...
|
Compatibility between D3 and Cube2.1
from PEAK XOOPS Support&Experiment
(2006/7/19 5:05)
|
D3 module can't be installed into XOOPS Cube 2.1 alpha3. There are 3 problems in oninstall.php, onupdate.php, onuninstall.php (1) /class/database/sqlutility.php is far different from the one in XOOPS 2.0.x (2) class XoopsBlock is not defined (3) no messages are displayed solutions... (1) In XOOPS Cube 2.1, include oldsqlutility.php (2) add include_once /class/xoopsblock.php (3) add delegate - the new feature of Cube 2.1 - like this: $root =& XCube_Root::getSingleton();$root->mEventManager->add("Module.Legacy.ModuleInstall.Success", new XCube_Delegate( 'wraps_message_append_oninstall' ) ) ; function wraps_message_append_oninstall( &$controller , &$eventArgs ){if( is_array( @$GLOBALS['ret'] ) ) {foreach( $GLOBALS['ret'] as $message ) {$controller->mLog->add( $message ) ;}}} Therefore, wraps 1.03 looks compatible with Cube 2.1
|
MiniTips: Import from remote to local
from PEAK XOOPS Support&Experiment
(2006/7/18 3:44)
|
Do you want to make changes your running site? You should simulate the changes in your local environment (XSAS etc.), first. - copy all files other than mainfile.php of remote server into document root of your local XOOPS - export sql from remote server - import the sql into local environment And don't forget issuing the 3 queries into local environment (phpMyAdmin etc). update (prefix)_users set email='' where uid>1;delete from (prefix)_xoopsnotifications;update (prefix)_newblocks set bcachetime=0; query 1 and 2 protect you from un-preferable notifications. query 3 makes your development much efficient.
|
from news 1.1 to bulletin 2.0
from PEAK XOOPS Support&Experiment
(2006/7/17 6:43)
|
I've just replaced the main news module of this site from news 1.1 to bulletin 2.0 made by suin. bulletin 2.0 looks excellent code and has sufficient features. And don't forget that bulletin 2.0 is the first Duplicatable V3 module with rich features. I'm appreciated with your bug report of this site XOOPS_ROOT_PATH/backend.php <?phpdefine( 'BACKEND_DIRNAME' , 'news' ) ;$_GET['page'] = 'rss' ;require 'mainfile.php' ;if( ! defined( 'XOOPS_TRUST_PATH' ) ) die( 'set XOOPS_TRUST_PATH in mainfile.php' ) ;$module_handler =& xoops_gethandler( 'module' ) ;$xoopsModule =& $module_handler->getByDirname( BACKEND_DIRNAME ) ;$mydirname = BACKEND_DIRNAME ;$mydirpath = XOOPS_ROOT_PATH.'/modules/'.BACKEND_DIRNAME ;$mydirurl = XOOPS_URL.'/modules/'.$mydirname;require $mydirpath.'/mytrustdirname.php' ; // set $mytrustdirnameif( @$_GET['mode'] == ' ...
|
FULLTEXT KEY in XOOPS (correction)
from PEAK XOOPS Support&Experiment
(2006/7/16 17:52)
|
MySQL does not support "splitting words" for multibyte language. And I've just found MySQL does not support "specifying text for search" in multibyte language. This means that the feature of MySQL's fulltext search has non-sense for multi-byte users. Even for single byte users, this feature is not so useful than "LIKE", though FULLTEXT KEY makes updates of indexes slower. If you are a developer of XOOPS modules, you'd better remove FULLTEXT KEY from your sql/mysql.sql.
|