On Mon, Sep 7, 2009 at 11:47 AM, Kevin<[email protected]> wrote: > > On Sep 7, 6:48 am, The Editor <[email protected]> wrote: >> Are you having plugins editing the page? Using the section edit links? >> or uploading changes to the script? > > The problem was clicking on Edit. It would just take me back to the > page.
Are you talking about the edit link at the top of the page, or the littles one inside the main page? The latter ones are generated dynamically by a special plugin called section edit. I think that's probably what you are talking about. If it is the edit link at the very top of the page, it must be a permission problem. Try using that in the mean time till I can get the other fixed. >> If the first, let me know, and I'll make sure you have edit status. >> Looks like you created the page however. >> >> If the second, I think the plugin is broken. Haven't had a chance to >> look into that yet. On my to do list. >> >> For the latter, add &reload=true to the url > > Didn't seem to work. Click here and tell me if you don't see the little red ^ beside the script name. Click that to upload a newer version. http://www.boltwire.com/index.php?p=solutions.community.wxbasic&reload=true >> As for the plugin itself: Kudos! Very cool... >> >> 1) Is it possible to get support of php4? Or is it the xml parsing >> that is the issue... > > The simplexml_load_file function was added in PHP5. Really don't want > to parse XML myself like I used to. Got it. I think the rss plugin I pulled together probably also requires PHP5. :) > Note about PHP versions though... PHP 5.3 is now stable (spent some > time fixing older scripts that used strip() because of it). > The last release of PHP 4 was Aug 2008. It is no longer on the > download page at PHP.net which makes it very old now. > > PHP 5.3.0 Stable was released Jun 2009. I use PHP5 for myself, and on our site. But we do have PHP4 users. So far we've been able to keep BoltWire working on both. I do wish I had the try/catch capability for things like math functions and the like... At some point we will need to make the jump, but I'm putting it off as long as possible. Nothing wrong with plugins that take advantage of (require) PHP5. >> 2) I think returning the phpinfo() line pose a mild security risk, as >> it could expose your system configuration settings. You might wrap it >> in something like this (with the proper globals of course): >> >> if (strpos(",$BOLTadmin,", ",$BOLTid,") === false) >> >> This way only admins get the info. On the other hand, I think just the >> warning message is sufficient. > > Nice to know that so that I can use that in the future. I was only > using phpversion() though, not phpinfo(). Could have just said it was > an older version though without giving out the version. Oh, you are right. Didn't notice that. Sorry. I'm kind of a bit paranoid about security stuff because 1) it is very hard 2) I'm not and expert at it, and 3) it's a bad experience when someone can break your site. I wrote a plugin for another wiki system, and the developer publically exploited a feature in his software I didn't know about to demonstrate a vulnerability in my code--but wouldn't tell me how he did it. I was able to figure it out and patch it in an hour or so, but it was a gut-wrenching and frankly a rather embarrassing experience. So far, security has held up at BoltWire, but just so you know--it's always on the back of my mind. Esp given the flexibility and power of BoltWire. You have to keep the design really tight or someone will figure out some way to hobble together some obscure markup... > However, Most web servers expose which version of PHP you are using > in their headers when they serve pages Even if they are using > ServerTokens Prod which I recommend. So it's not a big secret from > those that would use that information. > > For example: X-Powered-By: PHP/5.2.9 I'm not much of an expert on anything to do with servers. I'm glad you have some background here. Feel free to offer suggestions for making BoltWire better if you notice anything. >> 3) I made a few line spacing changes to get it to look how I wanted. >> Other than that, very coolll... >> 4) Oh also, why not rename the page and plugin to something more >> simple, like "weather. > > I was going to call it just weather, but I plan on a number of other > weather plugins, some that work with specific Weather reporting > packages like Weather-Display and Cumulus. So I figured this was a > basic one for those who don't have their own weather station. That's great. You can also change the titles of the plugin perhaps to something like: Weather: Basic, Weather: Dispaly, etc. So they are a bit more findable in the solutions page. >> 5) And too, your document is excellent. If only all my plugins were so >> nicely done! >> >> One nifty use of this might be to ask a person's city/state when they >> register and store them on their profile. Then when they go to the >> weather page, it could automatically supply that info to the function >> >> [(wxbasic city="{~city}" state="{~state}")] > > Learning something every day.... that would work for everything except > the weather radar image. I don't have anyway to really look that up > to know which one fits for which city. {~field} is just a shortcut for {login.{id}:field}. But you are right. It wouldn't help with the image, unless you also somehow collected that info at registration. Or when they turned on the weather plugin, or whatever. Just thinking out loud. >> >> This is a GREAT first contribution. I am going to put it on my >> personal site I think! Thanks... > > Thanks! Was a good learning experience... Looking forward to what comes next... Cheers, Dan --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "BoltWire" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/boltwire?hl=en -~----------~----~----~----~------~----~------~--~---
