Also another nod towards a developer who I think deserves it (GiJoe)
Quote:
Vaughan wrote:
in admin we could do with a function that will instantly flush the session table and basicly destroy all current valid sessions without the need for going into the db manually, or changing the session name.
I think I understand what you are saying about the smarty logic and it makes sense. After looking at the lines for several hours, I went cross eyed because they all looked similar. I wouldn't be surprised if I missed a couple scenarios.
BTW... Thanks Dave for helping me with the empty() function in Smarty!
I hope, when we are done with this thing, that the logic could possibly be integrated into the core somehow. For instance, a drop-down box to select the column quantity.
If 3 Col -> div id = col1, col2, col2
#col1 {width:33%}
#col2 {width:33%}
#col3 {width:33%}
Then just write the setting to blocks.html and blocks.css.
By using the left float technique, we can do this rather easily without breaking things provided the block width is consistent.
Oh, sorry, back on track.... Damn ADHD!
I'll get back to work on this. Thanks!
Sounds like a reasonable compromise.
Steve, login to your Ohloh account and then go here :http://www.ohloh.net/projects/10042/contributors/50460
Click on the "I am this person" link on the oper right.
And everyone else, please do the same
Let me know if you have any issue !
I see that Ohloh is headquartered in Bellevue, WA. There's not some sinister connection with Microsoft, is there? (Microsoft is about five miles from Bellevue.)
I am this person - http://www.ohloh.net/accounts/12188
So can we agree on this: put Gijoe's remember me feature in the core, controlled by a preference, turned Off by default.
Ok Ohloh have updated our project (they update projects about once a week), so now, I am not the only developer, yƩ !!!
http://www.ohloh.net/projects/10042/analyses/latest/contributors
Can I ask the people who have committed in our SVN to go on the previous link, click on your name and then on "I am this person" link on the upper right so Ohloh can associate your SF username with your Ohloh account (of course, if you don't yet have an Ohloh account, please creat one first).
Also, in your profile, please edit your physical location so the map can show the physical location of all ImpressCMS developer.
I know all this may sound not usefull, but I believe this is important from a marketing's perspective. It is important to show the project does not rely on only 1 developer, and that contributors are spread all around the world.
Thanks for your collaboartion on that matter !
agreed with james & dave's points.
we just need to weigh up the convenience vs potential risks involved and agree to them either way.
which brings me to another feature request i think would be useful.
in admin we could do with a function that will instantly flush the session table and basicly destroy all current valid sessions without the need for going into the db manually, or changing the session name.
It is a potential security risk. One reason is using the feature on a shared computer, and neglecting to log out. Another reason is that it makes it easier for an attacker to gain access by hijacking an existing active session.
For these reasons, it should be disabled by default, and the setting in the admin page should have a note explaining the risk.
But it's also a very convenient feature. I think that the individual webmaster should have the choice of whether to use the feature for his site.
Yeah, it's still rough. My brain is mush right now. I'll have to take a look at it tomorrow. Thanks!
I agree and disagree on this one.
I think there should be some form of content management that is native to the core. Perhaps a "page" functionality with native WYSIWYG. Also a set of classes that enable you to output a ordered listed of recent pages in either templates or blocks.
If we are going more in the direction of Community Management Software, then I don't think modules should be bundled with the core. Core devs could still work on Mod dev teams, take Marcan for instance, but I don't think modules should be packaged with the core.
Now, if it is decided we move more towards true Content Management, then I would retract the above statement about bundling modules. Provided the modules bundled pertained to content management. (news, document management, blog, etc).
Any "feature" that introduces a potential security risk that only provides functionality that can easily be replicated with one mouse click in a browser is a "feature" that has too high of a risk to justify its usefulness IMHO. But then again, I am p@r@n0!d.
james, i understand some of the security ramifications of 'remember me', but i honestly don't think it's as big an issue as all the other exploits and vulnerabilities that crackers/hackers & script kiddies use to gain access.
I haven't seen or heard of any sites being hacked where the entry point was via the remember me hack.. most of what i have come across have been some kind of SQLi or input validation methods, or files placed on the server through various methods.
but of course it's open to discussion :)
rel="nofollow" will be interpreted by Google as a paid link. Also, rel=nofollow does not pass PR.
See: Use rel=nofollow Only When Needed for my views on rel=nofollow
rel=external is a different story. I know there is the relationship defined by the XFN and microformats, but we need to also look at the SEO implications.
-1 For security reasons.
Since it's a potential security risk, I think it should be "off" by default.
Yeah, webmaster should be able to turn it on-off using some config parameter. Let me evaluate the implementation part. I've a feeling that it may become a big change running across core and modules.
Thanks,