PEAK XOOPS - News in englishin japanese

Archive | RSS |
  
XOOPS : Duplicatable V3
Poster : GIJOE on 2006-05-13 06:13:40 (24679 reads)

in englishin japanese
Duplicatable V2.1 has two weak point.

1. it is necessary to append a number into dirname
2. it is hard to update the module

I know a site installing TinyD more than 10.
In the site, the site's admin have to update EVERY TinyD at once.

I also know some module based on V2.1 rewrite templates/* and sql/*.
Though the problem of 1 can be solved in such modules, it will be much harder to update the module

They are the spec of Duplicatable V3 (D3).

(1) use XOOPS_TRUST_PATH out of DocumentRoot
(2) it puts just wrappers under XOOPS_ROOT_PATH/modules/(dirname)
(3) D3 creates templates and tables in the function for onInstall.
(4) D3 updates templates in function for onUpdate.
(5) D3 drops tables in function for onUninstall.
(6) adopt front controller system. (eg index.php?mode=admin)


(dirname) will be free completely.
And you have to update just once about XOOPS_TRUST_PATH/modules/(trustdirname) even if you install 10 or 100 instances of the module.

I've just made a sample module of D3 as wraps.
Try it if you are interested with it.
wraps

I declare I'll modify all of my works D3 and XOOPS_TRUST_PATH

2 comments

XOOPS : redundant id in XOOPS
Poster : GIJOE on 2006-05-11 11:27:31 (10377 reads)

in englishin japanese
Redundant IDs are well used in XOOPS.

for example, newbb makes such URL.
viewtopic.php?topic_id=3656&forum=18&post_id=48548#forumpost48548

But, both forum(forum number=18) and topic_id(topic number=3656) are useless informations.
The only valid ID is post_id(post number=48548).

There are no topic number=3656 nor post number=48548 in forum number=18.
There are no post number=48548 in topic number=3656.

Such redundant ID makes bad effects like this:

- lost unique nature of the URL
Appending redundant (nonsense) query variables makes URL increase like arithmatic series.
This is serious problem against SEO.

- cause mistakes around privileges etc.
This is the true reason of newbb's bug.
http://www.peak.ne.jp/xoops/md/news/article.php?storyid=98


However, there are many modules create such redundant URLs.
Why?

I think the reason is for XOOPS core feature like notifications etc.

for examle, I light the module of mydownloads.
mydownloads also has redundant ID of cid in singlefile.php, though only lid is valid ID.

But, please let's see the notifications area in these links after loggin in.

lid=65
cid=4&lid=65

Both URL points the same file.
But options for notifications are different each other.

And the notification options for category are also displayed such URL.

cid=1&lid=65
The cid is obviously invalid.
But if someone register the category's notifications, he gets notifications about cid=1 instead of cid=4.

Though this can be said mistakes of planning of XOOPS, it is easy to solve it if you are one of the module developer.

Set proper redundant(category etc.) ID generated from the right ID into $_GET.
You can get the best result if cid is included or not in URL.


And you also have to remove redundant IDs from URLs.
This looks very important things.

Good luck!

4 comments

XOOPS : newbb origined bugs
Poster : GIJOE on 2006-05-10 13:09:04 (36974 reads)

in englishin japanese
I've just found many bugs around access controlling in *newbb*.

-- a moderator can moderate any forums
-- anyone can post into any locked topics
-- anyone can read any posts in the private forums

Though this is not "vulnerabilities", it might be a problem if you rely *newbb*'s access controlling system.

I've just fixed in xhnewbb.
But there are many modules other than xhnewbb based on newbb.

If you are a developer of such a module, check it please.

Read more... | 657 bytes more |2 comments

XOOPS : Free Layout of center parts (Modified)
Poster : GIJOE on 2006-05-09 10:43:38 (23455 reads)

in englishin japanese
Reference:
http://www.peak.ne.jp/xoops/md/news/article.php?storyid=63

With Smarty 2.6.12 (XOOPS 2.0.14JP etc), the theme will be notified some Warnings.
The codes are should be modified like this.

Read more... | 2863 bytes more |0 comments

XOOPS : gticket2 released
Poster : GIJOE on 2006-05-06 04:50:43 (14033 reads)

in englishin japanese
A ticket/token class named XoopsGTicket is updated.
In the version named gticket2, repost form will be opened if ticket error occurrs.
This feature must reduce user's stresses.

The usage of gticket2 is almost the same as gticket.

- include_once include/gtickets.php
- add hidden into your form
- add check() into your transaction


form side with XoopsForm:


	$form = new XoopsThemeForm( ... );
	$GLOBALS['xoopsGTicket']->addTicketXoopsFormElement( $form , __LINE__ , 1800 , '(your area name)' ) ;


form side with plain HTML:

	$xoopsGTicket->getTicketHtml( __LINE__ , 1800 , '(your area name)' )



transaction side:

	if ( ! $xoopsGTicket->check( true , '(your area name)' ) ) {
		redirect_header(XOOPS_URL.'/',3,$xoopsGTicket->getErrors());
	}

If an error occurs in cheking the ticket, "repost form" is displayed automatically.

If you don't want to display "repost form", call check() like this.

	if ( ! $xoopsGTicket->check( true , '(your area name)' , false ) ) {
		redirect_header(XOOPS_URL.'/',3,$xoopsGTicket->getErrors());
	}


You can check the behaviors and usages of gticket2 by downloading the latest blocksadmin module.

note: Don't check doublly by XoopsSecurity::check() even if you use XoopsForm.
If you call core's check() also, the system of repost can't work.

----------
2006/5/6 fixed typo (thx gusagi!)

4 comments

« 1 ... 27 28 29 (30) 31 32 33 ... 37 »
Login
Username or e-mail:

Password:

Remember Me

Lost Password?

Register now!