Not logged in. · Lost password · Register
Page:  1  2  3  next 

All posts by terrorchid (31)

topic: Slashdot-style external links (place the host in plain text next to the anchor)  in the forum: General Help and Support Features and Functionality
Avatar
terrorchid #1
Member since Sep 2007 · 31 posts
Group memberships: Members
Show profile · Link to this post
Subject: Slashdot-style external links
Hi all,

I think this might increase the reliability of external links in dokuwiki. Those that visit slashdot.org on a regular base will know this.

The following mod in function externallink extracts the host from the url and prints it in plain text to the right of the anchor. It shows the visitor what host it links to. This should increase reliability:

function externallink($url, $name = NULL) {
        global $conf;

        $name = $this->_getLinkTitle($name, $url, $isImage);

        if ( !$isImage ) {
            $class='urlextern';
        } else {
            $class='media';
        }

        $ext_host = parse_url($url, PHP_URL_HOST);              //edit

        //prepare for formating
        $link['target'] = $conf['target']['extern'];
        $link['style']  = '';
        $link['pre']    = '';
        if($ext_host != $_SERVER['SERVER_NAME']){               //edit
        $link['suf']    = ' ['.htmlspecialchars($ext_host).']'; //edit
        }else{                                                  //edit
        $link['suf']    = '';
        }                                                       //edit
        $link['more']   = '';
        $link['class']  = $class;
        $link['url']    = $url;

        $link['name']   = $name;
        $link['title']  = $this->_xmlEntities($url);
        if($conf['relnofollow']) $link['more'] .= ' rel="nofollow"';

        //output formatted
        $this->doc .= $this->_formatLink($link);
    }
topic: gzip in Server results in XHR problems in Chrome browser (incorrect length in header)  in the forum: General Help and Support Server Setup
Avatar
terrorchid #2
Member since Sep 2007 · 31 posts
Group memberships: Members
Show profile · Link to this post
Subject: gzip in Server results in XHR problems in Chrome browser
Hi all,

I wanted to report this in bugtracker, but couldn't log in. The bugtracker acknowledged my account, but didn't allow me to submit a new bug.

The past few days I've been hunting down a bug that caused xmlhttprequests to go nuts in google Chrome, since my last browser update to be more precise (6.0.472.53). The error report in the console's always the same: "Failed to load resource". Works fine in FF and IE.

So I spent an evening tracing the client javascript for pitfalls. I did actually find a bug in my xhr library but halas, no reward.

Just a few moments ago I did find the cause: the function output($xml) in IXR_Library.php contains:
$length = strlen($xml);
...
header('Content-Length: '.$length);

The problem is that a lot of servers these days compress the output, but apparently don't modify the content-length:

Response Header with content-length in IXR_library
Cache-Control:no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection:close
Content-Encoding:gzip
Content-Length:3709
Content-Type:text/xml
Date:Tue, 07 Sep 2010 13:16:59 GMT
Expires:Thu, 19 Nov 1981 08:52:00 GMT
Pragma:no-cache
Server:Apache mod_fcgid/2.3.5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Vary:Accept-Encoding
X-Powered-By:PHP/5.2.14
Result: chrome doesn't return responseXML or responseText

Response Header without content-length in IXR_library
Cache-Control:no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection:close
Content-Encoding:gzip
Content-Length:513
Content-Type:text/xml
Date:Tue, 07 Sep 2010 13:09:10 GMT
Expires:Thu, 19 Nov 1981 08:52:00 GMT
Pragma:no-cache
Server:Apache mod_fcgid/2.3.5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Vary:Accept-Encoding
X-Powered-By:PHP/5.2.14
Result: all is well


I think this is the right place to post this: it's not a Chrome bug, not an IXR-bug, not a DW-bug, but something to think about when configuring the server.
topic: htmlspecialchars with ISO-8859-1 on UTF-8 charset ? (need info on this)  in the forum: General Help and Support General Stuff
Avatar
terrorchid #3
Member since Sep 2007 · 31 posts
Group memberships: Members
Show profile · Link to this post
In reply to post ID 14379
Ah, thanks for checking the hsc - I missed that.

The main reason I panicked was due to the htmlspecialchars in IXR_Library, one of the places where the escaping matters most (in my humble opinion).

cheers.
topic: What PHP IDE to use?  in the forum: Offtopic Chit Chat
Avatar
terrorchid #4
Member since Sep 2007 · 31 posts
Group memberships: Members
Show profile · Link to this post
Subject: IDE
There's a delay, my license for the PHP IDE has expired and the media_nstree_li()
relies on recursive search() which I can't really work out by hand.

So I'd like to use the occasion to ask what the best IDE is for developing/debugging in DW ?
Both freeware and paid license suggestions are welcome.
topic: htmlspecialchars with ISO-8859-1 on UTF-8 charset ? (need info on this)  in the forum: General Help and Support General Stuff
Avatar
terrorchid #5
Member since Sep 2007 · 31 posts
Group memberships: Members
Show profile · Link to this post
Subject: htmlspecialchars with ISO-8859-1 on UTF-8 charset ?
Didn't know where to post it, and bugs.splitbrain throws a login-alert at me.

I was testing XSS vulnerabilities and came across something that appears to have been overlooked:

DW uses a UTF-8 charset, and protects the output via htmlspecialchars where necessary.
The strings are encoded with htmlspecialchars(data) without the optional charset parameter,
this defaults to ISO-8859-1 in PHP.

So DW sets the charset of the HTML to UTF-8 but the output is protected through ISO-8859-1
encoding (and UTF-7 which uses the same quotes) ... is this safe or am I paranoid ?

Suggestion: replace all occurences of htmlspecialchars(data) with
htmlspecialchars(data, ENT_QUOTES, 'UTF-8')

PS: how do I retrieve my password in bugs.dokuwiki ?
topic: media manager (default "+" on media list)  in the forum: General Help and Support Features and Functionality
Avatar
terrorchid #6
Member since Sep 2007 · 31 posts
Group memberships: Members
Show profile · Link to this post
In reply to post ID 13821
You're correct, I'll clean up the code and post it here.
topic: media manager (default "+" on media list)  in the forum: General Help and Support Features and Functionality
Avatar
terrorchid #7
Member since Sep 2007 · 31 posts
Group memberships: Members
Show profile · Link to this post
Subject: media manager
Hi all,

I recently released & observed a novice on my DW installation and actually found something which can be improved.

At the left in the media manager, every namespace has a "+" sign suggesting it can be expanded. Clicking one which doesn't contain sub-namespaces introduces a small delay and a few extra pixels of padding/margin, but nothing else. Apparently this confused the hell out of my test monkey.

I started working on what appears to be simple: modify media_nstree_li() in inc/media.php to ommit the "+" if the NS lacks sub-NS but I bumped into a problem:
if the user decides to dynamically create a sub-namespace (prepend the "name:" in the file upload field) what would be the best approach to update the current namespace so that it now shows a "+" ? Is there something in the ajax/scripts which can be reused ?

regards,
Frd
topic: Symbolic links in /data/pages subdirs (spreading inode restriction)  in the forum: General Help and Support Features and Functionality
Avatar
terrorchid #8
Member since Sep 2007 · 31 posts
Group memberships: Members
Show profile · Link to this post
Subject: Symbolic links in /data/pages subdirs
Hi all,

I've read the info regarding farming, but wanted to check this idea with you ...

I'm moving to a new hosting plan (reseller) because the site is growing. I want to split up the dw installation into
sections by splitting up the /data/pages contents to distribute the resources (inodes, not cpu and bandwidth)
 * /data/pages -> inode hog, to be split with symbolic links

As a reseller I can create new accounts which will be located as subdirs in /home/user/
I can split the /data/pages subdirectories among these accounts and use symbolic links to connect them back together (right ?)
This spreads the inode restriction and gives me a lot of breathing room before moving on to a dedicated server in the future.

Some reasoning behind this:
 - dedicated server is too $-intensive for the time being
 - the farming documentation mentions that farming is best done on a new installation, which is not the case here. I'm really not looking forward to debugging issues on that front (mainly plugins ...).
 - the way I see it, /data/pages is ideal for this approach because all the content is used and referred internally. If I would have wanted to do the same (I'm not) with /data/media I would run into problems regarding the URL.
 - it doesn't violate my host's ToS, I consulted them for this
 - moving this approach to a dedicated server is pretty straight forward. With farming I would have to rollback the changes in the code.

I don't know if this is considered ludicrous or not, but I would really like feedback on this one - possible problems and alternatives.

Best wishes,
a happy dokuwiki user who's starting to experience growing pains
This post was edited on 2009-04-01, 17:00 by terrorchid.
topic: XMLRPC & bad behaviour (stopping abuse)  in the forum: General Help and Support Features and Functionality
Avatar
terrorchid #9
Member since Sep 2007 · 31 posts
Group memberships: Members
Show profile · Link to this post
In reply to post ID 10901
I see.

Just as a note, XMLRPC is a major step forward in using AJAX on a DW installation - it's very responsive, dead easy and the part I implemented uses a fraction of the bandwidth of the normal interface (no images & css loading).
I'll try to get the badbehaviour in there and see how it works out.
There are still a few quirks I need to fiddle around ... I'm currently using the classic javascript dirty "innerHTML" method to get layout done after an XMLRPC call. I don't see a solution on that front.
topic: XMLRPC & bad behaviour (stopping abuse)  in the forum: General Help and Support Features and Functionality
Avatar
terrorchid #10
Member since Sep 2007 · 31 posts
Group memberships: Members
Show profile · Link to this post
Subject: XMLRPC & bad behaviour
Hi all,

I'm currently toying with an implementation that solely uses XMLRPC & AJAX. It's a small private mail system.
The mails use DW syntax, so it blends in with the rest of the site. Once a registered member has written a
mail, he can hit "preview" which sends the raw text to the XMLRPC interface and the rendered text is sent
back & displayed next to the raw text.

From a hacker's point of view, it's pretty easy to do a DoS attack this way: just flood the XMLRPC interface
with render requests.

Are there plans to explicitly include the badbehaviour plugin in XMLRPC? I see no other way in resolving this.
topic: subdomains with htaccess (feedback on suggestion please)  in the forum: General Help and Support Installation and Configuration
Avatar
terrorchid #11
Member since Sep 2007 · 31 posts
Group memberships: Members
Show profile · Link to this post
In reply to post ID 8535
Hi Andy,

the url= parameter is something I forgot to remove, please ignore. And yes, I should redirect to the main host.

So with that correction, would it still be a bad idea ?

regards,
Fred
topic: embedded html: disable certain tags  in the forum: General Help and Support Features and Functionality
Avatar
terrorchid #12
Member since Sep 2007 · 31 posts
Group memberships: Members
Show profile · Link to this post
In reply to post ID 9424
solved it, I think

the htmlokay plugin does allow me to do this... after a subtle modification:

in syntax.php I remove the bits from function postConnect() which I don't need, i.e. css, div, ... and configure
the plugin to the most restrictive setting which disallows scripts and frames.

regards,
Fred
topic: Collaborite text editing (a suggestion for the next-gen dokuwiki ?)  in the forum: General Help and Support Features and Functionality
Avatar
terrorchid #13
Member since Sep 2007 · 31 posts
Group memberships: Members
Show profile · Link to this post
Subject: Collaborite text editing
Hi all,

just found these via slashdot:
http://www.codingmonkeys.de/subethaedit/
http://etherpad.com/

Just a thought,
Fred
topic: embedded html: disable certain tags  in the forum: General Help and Support Features and Functionality
Avatar
terrorchid #14
Member since Sep 2007 · 31 posts
Group memberships: Members
Show profile · Link to this post
Subject: embedded html: disable certain tags
Hi all,

using embedded html can be a security risk, so I decided to add a small modification on the code that handles it.
I would like to disable tags which can run out of control such as <object>, <script>, <iframe>, <ilayer>,<form> and the deprecated <applet>
simply by replacing the words by null.

My question is twofold:
- where exactly is this best implemented (filename or function)
- are there other tags I should be wary of ?

I checked out the htmlOKay plugin, but can't use it because its policy is not the one I wish to implement. For example, I want to
allow full access to <div> and CSS via <style> and completely disallow javascript ... and I'm not looking forward to modifying the 66kb
of code in that plugin.

kind regards,
Fred

EDIT: is it advisable to override the code that handles the html by a simple plugin and then setting embedhtml to 0 ?
topic: watermark on hotlink (some advertising)  in the forum: General Help and Support Features and Functionality
Avatar
terrorchid #15
Member since Sep 2007 · 31 posts
Group memberships: Members
Show profile · Link to this post
In reply to post ID 8208
Hi all,

I'm postponing the feature as I'm in the middle of implementing some other features. I'll release it in the month October.

@Steph (yes, you girl) ... I'm working on it.
Close Smaller – Larger + Reply to this post:
Special characters:
Page:  1  2  3  next 
Special queries
Go to forum
Imprint
This board is powered by the Unclassified NewsBoard software, 20150713-dev, © 2003-2015 by Yves Goergen
Current time: 2020-02-17, 07:09:06 (UTC +01:00)