Re: Adding a Remember Me on this very site

yes i think it maybe a good idea. it has my vote.

i think once we become community.impresscms.org tho, we should be using impresscms core imo. think gijoe hack should be included in impresscms core as default (but with an option in admin to disable it on a group basis)

for now i've set the session time here to 24hrs.

Live as if you were to die tomorrow, Learn as if you were to live forever

The beauty of a living thing is not the atoms that go into it, but the way those atoms are put together!
Topic | Forum


Re: Welcome Sudhaker !

Thanks everyone for this warm welcome! It is really my honor to become part of this great team

Topic | Forum




Our different mailing lists

Hi everyone,

Just to inform you that we have 4 mailing lists for you to subscribe if you want to stay informed of :

- SVN Commits
- Bug tracker items
- Feature tracker items
- Task items

Simply go here to subscribe or see the archived : Mailing Lists Summary

Cheers!



Adding a Remember Me on this very site

QUick thing,

When this site becomes community.impresscms.org, would it be possible to add Gijoe's remember me feature ? I think I have loged here about 30 times today !

Thoughts



Re: Welcome Sudhaker !

  • 2007/12/10 13:18:30
  • herko

Sudhaker, isn't your specialty federated sign in? I would love to see your views on what the best pluggable and expandable login system would be for a new CMS like this one...

Herko

p.s. this is a 'welcome to the team' post of course

Tomorrow never comes until it's too late


Re: Auditing Code (security wise)

Quote:

I don't think queryf bypasses the text sanitizer; it just allows non-SELECT queries, such as UPDATE and INSERT, to be done when processing a GET request. But I agree that queryf should only be used in special situations when it's really needed.


Correct. XOOPS database factory automatically prevent UPDATE and DELETE query to be used in a GET request. So if you absolutely need to use on of these queries in a GET request, then you would need to use queryF().

For example, updating the counter of an article when a user gets to the page would need a queryF as the user is not accessing the article via a POST request...

But indeed, queryF needs to be used with extra care. The concept behind is that all queries that changes the database need to be within a POST request.

Marc-André Lanciault
Founder and CEO INBOX International inc.
Co-Founder ImpressCMS


Re: usage of rel="external nofollow"

  • 2007/12/10 13:16:22
  • herko

I'll look into this, as this is a webstandards issue. Thanks for proviing the quick and easy solution at the start It makes it easier

Herko

Tomorrow never comes until it's too late


Re: Welcome Kurak !

welcome kurak :) hope you're ready to be impressed ;)

(excuse the pun) lol

Live as if you were to die tomorrow, Learn as if you were to live forever

The beauty of a living thing is not the atoms that go into it, but the way those atoms are put together!


Re: Welcome Sudhaker !

super, welcome sudhaker :)

Live as if you were to die tomorrow, Learn as if you were to live forever

The beauty of a living thing is not the atoms that go into it, but the way those atoms are put together!


usage of rel="external nofollow"

I added the js for allowing rel="external", rel="nofollow" & rel="external nofollow" in a href tags to the core earlier in reboot.

I think it would be ideal to replace all occurences of target="_blank" in the core.

but (yeah there's always a but) lol

does anyone have any suggestions or advice on exactly which rel value to use in certain places?

for example:

rel="external" will act exactly like target="_blank" and open the link in a new window, web crawlers and search engine bots will also then follow that link and score it.

rel="nofollow" will open the link in the same window, but tells the crawlers and bots to not follow the link and/or score the link either.

rel="external nofollow" will do a combination of the above, the link will open in a new window but crawlers & bots are told not to follow/score the link/destination etc.

so where should each be used properly? when should a bot be told not to score the link/destination & when is it acceptable for the bot to score it?



Re: Auditing Code (security wise)

ahh yes you are right Dave :) i knew it was to do with the GET requests but wasn't 100% sure if it bypassed the sanitizer or not.. thinking about it now tho, i can't understand why i thought it would do as that would be nightmare for abuse.

Live as if you were to die tomorrow, Learn as if you were to live forever

The beauty of a living thing is not the atoms that go into it, but the way those atoms are put together!


Re: Auditing Code (security wise)

I don't think queryf bypasses the text sanitizer; it just allows non-SELECT queries, such as UPDATE and INSERT, to be done when processing a GET request. But I agree that queryf should only be used in special situations when it's really needed.



Re: Welcome Kurak !

These are not empty words: it is an honour to join such good team.
1.Forgive me my english...
2.Ready to report bugs :P



Re: Auditing Code (security wise)

Quote:


Should we also review where queryf is used in key modules, as this is often misused by developers who want a quick way to access core tables.

Herko



yes, i think that should also be done aswell being as queryF bypasses the text sanitizer etc. good point :)



Re: A proposition for a true opened developement !

Marcan:

I guess it's worth a try as an experiment.



Modules

Hi,
I think that some modules should be in standard like : news, forums,links,polls etc. and delevoped by core team.



Re: Welcome Kurak !

Welcome!

JMorris (aka James Morris)
ImpressCMS Professional Services: INBOX International inc.
James Morris Online | Frolicking on the playground that is the Internet...


Re: Welcome Sudhaker !

Welcome!

JMorris (aka James Morris)
ImpressCMS Professional Services: INBOX International inc.
James Morris Online | Frolicking on the playground that is the Internet...


Re: Hello ...

Welcome! Another *NIX person definitely needed!

JMorris (aka James Morris)
ImpressCMS Professional Services: INBOX International inc.
James Morris Online | Frolicking on the playground that is the Internet...