You can subscribe to this list here.
2005 |
Jan
|
Feb
(16) |
Mar
(2) |
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
---|
From: Gisela F. <gif...@co...> - 2005-03-10 11:45:24
|
No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.308 / Virus Database: 266.7.1 - Release Date: 09-03-2005 |
From: Telmo M. <te...@co...> - 2005-03-01 10:01:53
|
http://www.webappsec.org/ Lots of web security articles... |
From: Telmo M. <te...@co...> - 2005-02-26 15:28:08
|
Hi, I belive I found out and solved the bug causing hundreds of table entries to be created with no data on installs. The use_init_file Module flag was being ignored. The init_parser had a bug that caused the creation of empty table entries when no module block was present on the init file. Regards, Telmo Menezes. |
From: Telmo M. <te...@co...> - 2005-02-26 11:35:58
|
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type"> </head> <body bgcolor="#ffffff" text="#000000"> Tiago Baptista wrote: <blockquote cite="midAWING715DxlF2lsJl5V0000007b@awing.utopia.local" type="cite"> <meta http-equiv="Content-Type" content="text/html; "> <meta content="MSHTML 6.00.2900.2604" name="GENERATOR"> <div><span class="181391403-26022005"><font face="Arial" size="2">Hi,</font></span></div> <div><span class="181391403-26022005"></span> </div> <div><span class="181391403-26022005"><font face="Arial" size="2">Does anyone know how to configure WinCVS to use the bloxx repository?</font></span></div> <div><span class="181391403-26022005"></span> </div> <div><span class="181391403-26022005"><font face="Arial" size="2">Tiago Baptista</font></span></div> </blockquote> You have to use a very recent WinCVS version to avoid ssh configuration hell...<br> I use 1.3.20.3 Beta 20 (I think there's a final release already)<br> <br> You get to configure your connection when you checkout a module. This configuration becomes then associated with that module.<br> <br> The CVSROOT I'm using is like this (your sourceforge login/password):<br> :ssh;username=<username>;password=<password>;hostname=cvs.sourceforge.net:/cvsroot/bloxx<br> <br> Moudle name and path on the server is:<br> /cvsroot/bloxx<br> <br> [ ]<br> TM<br> </body> </html> |
From: Tiago B. <ti...@ba...> - 2005-02-26 03:14:25
|
Hi, Does anyone know how to configure WinCVS to use the bloxx repository? Tiago Baptista |
From: Telmo M. <te...@co...> - 2005-02-25 15:37:49
|
From: Telmo M. <te...@co...> - 2005-02-25 14:46:45
|
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type"> <title></title> </head> <body bgcolor="#ffffff" text="#000000"> secret draft wrote: <blockquote cite="mid000a01c51afc$fc642730$0201a8c0@draftbox" type="cite"> <meta http-equiv="Content-Type" content="text/html; "> <meta content="MSHTML 6.00.2800.1491" name="GENERATOR"> <style></style> <div><font face="Arial" size="2">I'm getting a little fustrated because i made bloxx_logs a doRender but i can test it because i cant figure out how to use <bloxx_mod> thing...</font></div> <div><font face="Arial" size="2">already tried stuff like <bloxx_mod module="logs" view="logs" param="-1></bloxx_mod> and other things, but nothing.... :-/</font></div> </blockquote> It's easy, you're almost there. I took a look at your doRender and it's ok, just cleaned the unecessary stuff you took from Bloxx_Poll. The problem is that you have to define e moduletemplate entry for that view and also a getRenderTrusts() method to tell Bloxx what permissions to require for that view. So:<br> <br> getRenderTrusts()<br> <br> This function just returns an array with an item for each view mode. This view mode name is the index and the trust required is the value. In this case I added:<br> <br> function getRenderTrusts()<br> {<br> return array(<br> 'logs' => TRUST_GUEST<br> );<br> }<br> <br> If the trust for a certain view isn't defined, Bloxx refuses to show it. This is a security feature.<br> <br> Defining a ModuleTemplate<br> <br> Now you have to tell Bloxx how to convert that view into HTML. For this purpose you just go to the ModuleTemplate area in the Backend and create an entry like this:<br> <br> Module: Logs<br> View: logs<br> Optionl Name: <leave blank><br> Template: <bloxx_item name="logs"></bloxx_item><br> <br> Now you should be able to render the log list with a <bloxx_mod module="logs" view="logs" param="-1"></bloxx_mod><br> <br> There's a way you should improve this render but I'll talk abou that on another mail so it doesn't get confusing. For now this should work.<br> <br> <blockquote cite="mid000a01c51afc$fc642730$0201a8c0@draftbox" type="cite"> <div><font face="Arial" size="2">i even cant figure how doRender is called :-/</font></div> <div><font face="Arial" size="2">First is doRender, after is a render function that call doRender, then there are lots of render* functions so a search doesnt help :-/</font></div> </blockquote> The render system works like this:<br> <br> Everytime Bloxx finds a <bloxx_mod...> tag it calls render() on the specified module passing the view and id as parameters. render() checks if the user has sufficient trust to view that module. If the render is allowed, render() then calls doRender() passing the same parameters and a ModuleTemplate to render to. doRender() is an abstract method of Module to be implemented by derived classes. doRender() receives the parameters and the ModuleTemplate and feed the view data to the ModuleTemplate, and then return the rendered ModuleTemplate (HTML block).<br> <blockquote cite="mid000a01c51afc$fc642730$0201a8c0@draftbox" type="cite"> <div> </div> <div><font face="Arial" size="2">Anyway... after that i look at index.php and... i really dont know, but im getting the impression that anyone can call module and send commands with POST without any kind of restrictions?</font></div> <div> </div> <div><font face="Arial" size="2">if (isset($_POST['module']) && $_POST['module'] != '')<br> {<br> $modname = 'bloxx_'.$_POST['module'];<br> <br> include_module_once($_POST['module']);</font></div> <div> </div> <div><font face="Arial" size="2"> $mod = new $modname();<br> $mod->processForm($_POST['command']);<br> }</font></div> <div> </div> <div><font face="Arial" size="2">I can call admin for example, in a site where admin was never configured :-/</font></div> </blockquote> Don't worry, processForm() checks for permissions before calling doProcessForm(), in a similar mechanism used for render() / doRender(). Command permissions are specified in getFormTrusts() method, in the same way that it's done for getRenderTrusts(). You can check this out in the Bloxx_Admin class for example.<br> <blockquote cite="mid000a01c51afc$fc642730$0201a8c0@draftbox" type="cite"> <div> </div> <div><font face="Arial" size="2">And other things like...</font></div> <div><font face="Arial" size="2">if i have something like</font></div> <div> </div> <div><font face="Arial" size="2">class bloxx_something {</font></div> <div> </div> <div><font face="Arial" size="2"> function bloxx_something($blabla){</font></div> <div><font face="Arial" size="2"> $this->othervar = $blabla;</font></div> <div><font face="Arial" size="2"> }</font></div> <div><font face="Arial" size="2"> ...</font></div> <div><font face="Arial" size="2">}</font></div> <div> </div> <div><font face="Arial" size="2">and $this->othervar is a database var, it disapears :-/</font></div> <div><font face="Arial" size="2">I used a solution that was using another var that doenst is a db var, to handle $blabla value then copy it everytime i run a function :-/</font></div> </blockquote> Yes, currently the database abstraction layer (Bloxx_DBObject) synchronizes DB fields to class vars with the same name. This makes programming very simple but can also be a source of confusion. so I've pondered synchronizing fields into an array instead. In this case each module class would have a $FIELDS array with the fields indexed by it's name. I'd like to your everyone's opinion on this...<br> <blockquote cite="mid000a01c51afc$fc642730$0201a8c0@draftbox" type="cite"> <div> </div> <div><font face="Arial" size="2">Hasta ;-)</font></div> </blockquote> [ ]<br> </body> </html> |
From: Tiago B. <ti...@ba...> - 2005-02-25 12:32:50
|
Hi all, How about putting the coding standard source document (sxw) in the CVS? Tiago Baptista |
From: secret d. <dr...@do...> - 2005-02-25 05:45:37
|
I'm getting a little fustrated because i made bloxx_logs a doRender but = i can test it because i cant figure out how to use <bloxx_mod> thing... already tried stuff like <bloxx_mod module=3D"logs" view=3D"logs" = param=3D"-1></bloxx_mod> and other things, but nothing.... :-/ i even cant figure how doRender is called :-/ First is doRender, after is a render function that call doRender, then = there are lots of render* functions so a search doesnt help :-/ Anyway... after that i look at index.php and... i really dont know, but = im getting the impression that anyone can call module and send commands = with POST without any kind of restrictions? if (isset($_POST['module']) && $_POST['module'] !=3D '') { $modname =3D 'bloxx_'.$_POST['module']; =20 include_module_once($_POST['module']); $mod =3D new $modname(); $mod->processForm($_POST['command']); } I can call admin for example, in a site where admin was never configured = :-/ And other things like... if i have something like class bloxx_something { function bloxx_something($blabla){ $this->othervar =3D $blabla; } ... } and $this->othervar is a database var, it disapears :-/ I used a solution that was using another var that doenst is a db var, to = handle $blabla value then copy it everytime i run a function :-/ Hasta ;-) |
From: secret d. <dr...@do...> - 2005-02-24 16:20:36
|
er... Bloxx_Log was my first attempt, but if the database table is = called log doesnt apear :-/ problems with install() maybe :-/ and log() is logarithm function ;-) |
From: Telmo M. <te...@co...> - 2005-02-24 13:46:29
|
From: secret d. <dr...@do...> - 2005-02-24 02:07:28
|
Bem... como toda a gente daqui por enquanto fala portugues, vou falar = portugues, nao tou com paxorra :-D Adicionei um genero de Log system, tipo syslog. Tem um comando chamado = modLog(priority, message) que quando utilizado escreve a message na base = de dados com um timestamp. Serve principalmente pra tretas onde ja = implementei, tipo o utilizador entrar e sair deixando registo, se houver = tentativa de ataque =E0 session fica registado, e coisas assim.... pode = servir tb pra quando =E9 adicionado 1 novo utilizador, uma nova noticia = etc... Nao sei se sera a melhor maneira de logar, digam o que pensam :-/ Telmo ha 1 pequeno problema, outra vez a cena do costume, aquilo faz 1 = tabela cheia de entradas vazias :-/ que cena =E9 essa? :-/ Acho que nao mudei mais nada de especial... queria ainda avisar que nao = =E9 so o insertWhereCondition que precisa de filtro, outras coisas como = InsertRow, etc tb convem ter filtro... ou seja, tudo o que tenha a ver = com utilizador meter dados, tem que ter um filtro algures... Telmo nao percebi bem o filtro do insertWhereCondition, depois tens que = me explicar. (ja agora, tem aten=E7ao que se meteres " por exemplo, o = utilizador pode sempre meter outra a fechar, espero que isso esteja bem = feito :-/) Pensando bem talvez nao seja boa ideia meter os filtros em fun=E7oes de = baixo nivel como o insertRow, so se apenas receberem informa=E7ao do = utilizador (o que talvez seja o que acontece) :-/ Hastax ;-) |
From: secret d. <dr...@do...> - 2005-02-23 16:48:59
|
INSTALL.txt is deprecated, now you can use wizard.php to install bloxx. = (dont need to create database manually anymore) |
From: Telmo M. <te...@co...> - 2005-02-23 10:18:45
|
Are available for download... |
From: Tiago B. <ti...@ba...> - 2005-02-23 03:02:21
|
Hi, My thoughts on the coding standards: - (Section 4) I would rather have the opening curly brace below the line instead of after it. I believe this to improve the readability of the code. - (Section 4) I think we should avoid the use of break altogether. If a flag is required to do what we want, then it probably makes sense to have a flag. - (Section 6) I actually don't know the implode() function, so I can't say if it is better than . for performance, but I believe the . to be more intuitive and readable, and according to the rule on the section two (Optimize code only if you know that you have a performance problem.), performance should not be the main issue. - (Section 17) If using Windows to do the programming, how do I make sure the files follow the standard? Tiago Baptista |
From: secret d. <dr...@do...> - 2005-02-23 03:01:39
|
Well... My email isnt dog.kicks-ass.com, is dog.kicks-ass.net :-/ |
From: Telmo M. <te...@co...> - 2005-02-22 23:01:54
|
The Bloxx coding standards document is available for download at the sourceforge project page. Any feedback is welcome... |
From: Telmo M. <te...@co...> - 2005-02-21 13:28:19
|
Since the Bloxx development team is growing I created this mailing list so we can all comunicate in a more productive way. Since this mailing list is archived at sourceforge.net, I propose we use english. This way we are building a reference source for future developers around the world. The team so for (ordered by date of affiliation): Telmo Menezes - Project Manager, developer, Jedi Master Gisela Francisco - Graphics Designer Silas "secretdraft" Francisco - Developer Tiago Baptista - Developer Ricardo Peres - Developer Silas has done some work to improve the security model of the session/user management and is now working on an user friendly install script wizard. Gisela is redesigning the backend (almost done) and working on the web site layout. I'm almost finished redesigning the templating system for modules (goodbye StyeLink, long live ModuleTemplate). I finished creating a coding standards documents that I'll make available soon and am now working on a first version of the manual. Tiago Baptista is interested in the business side of things, newsletter management and the like. Ricardo Peres is our JavaScript guru and has a nice general-purpose JavaScript library he will port to Bloxx. He seems interested to work in other aspects of the platform also. Right? Everybody's free to work in any aspect of the platfrom they fancy, as long as we keep things coordinated in here. This is just to give an idea of what's happening now. Hopefully the first draft of the manual will be available soon, so that everyone gets familiar with the work done so far. Telmo Menezes. |