Cannot edit an email address in a comment

I got an email from someone who had commented on my blog and who had supplied an email address and not a home page, therefore his email address was shown as a link next to his post. he emailed me to ask if i could remove or change his email address as he didnt want it to be harvested. I went to the post and to edit the said comment. I changed the email address to blank@blank.com and i got the standard “we dont take kindly to that sort of thing here” message.

I haven’t looked at the code to see why it occured yet, no time, sorry, i will try and look later but i wanted to make sure its captured for fixing. I fixed the issue for now by editing the .cgi file and the .htm file with vi on the server.

The answer:

I can’t recreate this in my local development environment. I was wondering if you could post a link to the page with this comment? I was able to edit a comment with an email address (1.7.3) and with a comment with spaces.

it could be that the issue is not related to the @ symbol as i have just realised that the comment includes some code with single quotes. The blog entry in question is http://www.petefinnigan.com/weblog/archives/00001096.htm and its the comment by Niels. I edited his email address in vi so its no longer the same. He was obviously able to post the comment in the first place without error so it is related to the differences between comment posting and entry editing.

It was the quote marks. They were gettting turned into “& quot;” and then on editing turned into “|AMP|quot;”. The malicious code bell sounds on the pipe character.

This is another todo of mine, to determine why greymatter is so touchy about ampersands. I believe it is a legacy issue, but its something I have to investigate. Eventually we won’t need to modify those when saving.

Thanks very much for your reponse. I had the same issue again yesterday with a new blog entry but slightly different vector. I added blog entry http://www.petefinnigan.com/weblog/archives/00001103.htm yesterday and then realised that the yellow boxes with code in them caused the page to be destroyed as they tried to go right across the screen. I tried to edit the entry but the save failed and I had to resort to vi again.

I suspect this is the same issue as my code has quotes in it.

Also out of interest if you look at both yellow boxes in my blog post and see the emoticon added by GM – the actual text should be whats in the textpad screen dumps directly below the yellow boxes. Can you add this as an issue? – it would be nice to not have code changed into emoticons.

Not sure how this would be resolved. We would probably need some sort of < code > < /code > tag that was honored by Gm. Did you have any suggestions?

On the other side though, you could edit the entry to not use emoticons, and then it will not interpolate the smiley characters such as ‘: )’ into emoticons (but will leave the comment smileys there).

Thanks for your reply. Yes I thought of turning off emoticons but that would not satisfy the case where you want to include code that is not “emoticonised” and also use emoticons, so maybe a code such a <code> … </code> would work, although we should not simply use <code> as its valid tag already in xhtml.

True. I forgot about that. I was wondering if we should invent a gm specific one, or make a note that stuff inside < code > won’t be translated? I hate to create gm specific stuff, but on the other hand, now the < code > tag may not work as people expect (if they expect emoticons inside a code block that is).

Now that I think about it though, I would be frustrated if text inside < pre > or < code > tags was turned into emoticons or formatting (__, //, **). Seems like any c-code with a pointer might get mangled by GM.

 

1.7.1 Comment bug

I have just found a bug in the comments processing in version 1.7.1. If you post a comment as an author you are required to send {AUTHNAME}_{PASSWORD} for the comment to succeed. The { brackets are not necessary but the underscore is.

The problem is that the password is displayed in the comment preview and also in the posted comment. To fix this change the following lines (around 335 in gm-comment.cgi ]

Code:

my %newComment = ();
$newComment{‘name’} = $IN{‘newcommentauthor’};

to ]

Code:

my %newComment = ();
my @authname = split(/_/,$IN{‘newcommentauthor’});
$newComment{‘name’} = $authname[0];

and around line 414:

Code:

my %comment = ();
$comment{‘name’} = $IN{‘newcommentauthor’};

to

Code:

my %comment = ();
my @authname = split(/_/,$IN{‘newcommentauthor’});
$comment{‘name’} = $authname[0];

 

I tested for that specific issue prior to releasing 1.7.1. I was wondering if you have author protection enabled?

If you don’t, it won’t check your password and it will just post it. Author protection should not be required unless its enabled.

I will look into this. Do you have any other comment related features enabled? Perhaps there is a configuration I missed testing.

Author check is turned on. The rest of the relevant settings are as follows. I have allow karma or comment posting = comments only, order of comments = ascending, can post in archives = no, comment on by default = yes, html allowed = no, auto link = yes, passwd protect = yes, and the new comment links, pharse and force preview are all set.

I’ll look into that for sure. In the gm-comments.cgi, gm_authorcheck is called before either preview or post, and it modifies the authorname variable to basically what you posted.

I know this may seem silly, but I was wondering if you tried to post a without the password to see if it still enforces it? I think you mentioned changing the regex in gm_authorcheck, I wonder if that could have made a difference?

Yes i did check posting first as the author name and it was correctly blocked. Also i have the simple mod in place that I did for the previous author check issue you mention. I still believe that is valid as I wanted to post as “Pete” my username. Without my previuous fix I couldnt post as “Pete Finnigan” or “Pete Smith”. i.e. it blocked comments by people who were not users. I tried to post as Pete and it blocked me as I didnt supply the password, i then posted as PETE_PASSWORD and it worked but printed my password as well in the comment, hence the fix I posted above.

Ok, I believe I have this figured out. When this line was changed:

Code:

if ($IN{‘newcommentauthor’} =~ m/$a_name/i) {

to:

Code:

if ($IN{‘newcommentauthor’} =~ m/^$a_name$/i) {

I modified the logic to find an exact match, but an authorname_password, isn’t an exact match.

For example “Pete” is an exact match but “Pete_password” isn’t, so it doesn’t recognize it as a protect name, and it allows posting as usual.

You solution works, but I was banging my head against the wall trying to figure this out.

Thanks for your patience on this, as you have rightly pointed out my two fixes allow comments to be posted, they recognise only true usersnames but I have stopped the author password protect from working. Therefore the solution needs to be modified. The first fix that recognises only authr names needs to be changed to use the split on underscore first, i.e. check just the name part and then use the name_password to complete the author check. This would then mean that my fix posted in this thread is no longer necessary as the original author protect does not print the password. I will have a look at the code tomorrow and test it and feedback a solution here. And clarification!, sorry for the confusion.

The only issue I can think of is if there is an author with an underscore in their name, but this is easy to address by just splitting on ‘_’, then gettting last element (presumed password) and joining any remaining elements together with ‘_’.

I was delighted to find that you can do ‘split( ‘=’, $foo, 2) and it will split on the first = sign, but leave any others. I use it in the code to get name=value pairs from files. I just wish there was a way to tell it to work from back of string, short of reversing the string, splitting, then re-reversing both strings.

— Update —
Ok, after a quick trip to perlmonks.org, I found that the reverse thing would be easy:

Code:

my ($password, $authorname) = split( ‘_’, reverse( $lib ), 2);
$password = reverse( $password );
$authorname = reverse( $authorname );

— Update Again —
I have to stay away from perlmonks. But I did learn something new, I haven’t use ‘map’ much, but maybe I should:

Code:

my ($password, $authorname) = map {$_=reverse($_)} split( ‘_’, reverse( $lib ), 2);

Does it in one line, which would need at least one comment.

I finally got finished with the comment author check bug. I have included the original bug fix for the author name to ensure that the author check only picks up genuine author names. I have also removed the two small fixes described at the beginning of this thread as reported further up these are not necessary.

I have tested:-

user = genuine authname / no password – stops the post
user = genuine authname / wrong pwd – posts auth_wrongpwd – this is fine
user = genuine authname / correct password – posts fine – although i will discuss a slight issue at the end
user = authname not a gm user but is similar – i.e. my user is Pete and i tried Pete Finnigan – works fine

The case where we have a genuine author has a slight issue. If, like me you have not filled in the email, website etc then when posting as a genuine author there is no hyperlink created for the authorname even if one was entered in the commnet creation form. I think this is valid behaviour as its better to use the built in homepage for a real author rather than a supplied one. beware of this issue if you post as an author.

I have removed the two fixes at the beginning of this thread and also modified the function gm_authorcheck. The fix can be made by copying this complete function into gm-comments.cgi and deleting the old one. Here is the code:

Code:

## GM Author Check
# Args: ?
# Will check that the commenters name does not contain an author name. If it does
# will check that the comment author string is “AUTHOR_PASSWORD” and use the password
# to verify the identity of the author.
sub gm_authorcheck {

my ($authorname) = “NULL”;
my ($password) = “NULL”;
## so that preview works, using org var, since we need to keep the ‘Name_Pw’
# note that we are _always_ setting this so that if we preview, a valid value
# goest into the commentauthorname isn’t a gm author …
$IN{‘newcommentauthor_org’} = $IN{‘newcommentauthor’};

my $gmauthors = Gm_Storage::getAuthors( errHandler=>\&Gm_Web::displayUserErrorExit );

foreach my $author ( keys( %$gmauthors ) ) {
my $a_name = $gmauthors->{$author}{‘author’};
my $a_password = $gmauthors->{$author}{‘password’};
my $a_email = $gmauthors->{$author}{’email’};
my $a_homepage = $gmauthors->{$author}{‘homepage’};

# because the AUTHOR_PASSWORD comes in as a single string and is compared with the list of
# blog authors we need to extract the name first here to check with the GM names to ensure
# that the name passed with a _PASSWORD is a correct author name. We could split the name
# and password in one line using map as described by Coldstone on the forum but I will use
# the long hand version here as its easier to read. We need to reverse the string to ensure
# that we still extract the name and password even if the name includes an underscore.

if ( $IN{‘newcommentauthor’} =~ m/_/g )
{
($password, $authorname) = split( ‘_’, reverse( $IN{‘newcommentauthor’} ), 2);
$password = reverse( $password );
$authorname = reverse( $authorname );
}
else
{
$authorname = $IN{‘newcommentauthor’};
$password = “ImPossssssiblePassword”;
}
# we are doing a regex to get a match since we don’t want to be fooled by leading spaces (or case)
if ($authorname =~ m/^$a_name$/i) {
## We got an athor name match, lets check the pw
# the pw will be attached to the endof the author name, seperated by ‘_’
my $commentpassword = crypt($password, $password);

## hmm, we are checking if the password matches both the plain and the crypted, because of Alice …
if ( ($a_password eq $commentpassword) || ($a_password eq $password) ){
$IN{‘newcommentauthor’} = $a_name;
$IN{‘newcommenthomepage’} = $a_homepage;
$IN{‘newcommentemail’}= $a_email;
} else {
println( Gm_Web::createRequestHeader() );
println( Gm_Web::createUserError(‘You cannot use that name to ‘.
‘post a comment without the correct password. Please pick ‘.
‘another name or check your password.’ ));

## Good to let someone know that people are trying to impersonate
Gm_Core::writeToCplog( “<B><FONT COLOR=\”#dd0000\”>Invalid Password commenting on entry “.
“#$IN{‘newcommententrynumber’}:</font></B> $IN{‘newcommentauthor’} “,
\&Gm_Web::displayUserErrorExit );
exit;
}
}
}
}

Sorry for all the confusion with these comments issues.

 

GM 1.7.1 – gmshortcutkeys missing

I enjoy using the shortcut keys provided by a simple Javascript addition to gm when using IE to allow me to do CTRL-SHIFT-A to add links quickly and also the same commands can be used to quickly bold or italic text. This features was in 1.3.0 and was deleted from 1.3.1 by accident by the previous maintainers. I posted a blog entry http://web.petefinnigan.com/weblog/archives/00000008.htm at the time about it.

The same code is still missing in 1.7.1 but the text describing how to use it is still there. To add this back go to gm-library.cgi lines 244 to 260 :-[br]

Code:

date.setTime(date.getTime() – skew);
}
//–>
</SCRIPT>
#;

$gmheadtagtwo = $gmheadtag;

$gmheadtag .= qq#
</HEAD>

<body>#;

$gmheadtagtwo .= qq#
</HEAD>

<body>#;

change these lines to:

Code:

date.setTime(date.getTime() – skew);
}
#;

$gmheadtagtwo = $gmheadtag;

$gmheadtag .= qq#
//–>
</SCRIPT>

</HEAD>

<body>#;

$gmheadtagtwo .= qq#
function gmshortcutkeys() {
if ((parseInt(navigator.appVersion) >= 4) && (navigator.appName == “Microsoft Internet Explorer”)) {
if (event.ctrlKey != true) return;
gmselection = document.selection.createRange().text;
if (window.event.keyCode == 1) {
gminsertlink = prompt(“What do you want to link to?”, “http://”)
if (gminsertlink == null) return;
document.selection.createRange().text = ‘<a href=”‘ + gminsertlink + ‘”>’ + gmselection + ‘</a>’;
return;
}
if (window.event.keyCode == 2) {
document.selection.createRange().text = ‘<span style=”font-weight:bold;”>’ + gmselection + ‘</span>’;
return;
}
if (window.event.keyCode == 9) {
document.selection.createRange().text = ‘<span style=”font-style:italic;”>’ + gmselection + ‘</span>’;
return;
}
if (window.event.keyCode == 21) {
document.selection.createRange().text = ‘<span style=”text-decoration:underline;”>’ + gmselection + ‘</span>’;
return;
}
}
}

//–>
</SCRIPT>

</HEAD>

<body onKeyPress=”gmshortcutkeys();”>#;

My apologies on this Pete. I know you had mentioned this before 1.6.1 came out, and it fell off my plate. I will make sure this is in 1.7.2.

Btw, I was thinking of using ‘thumbs up’ icon for fixed issues, and ‘thumbs down’ for open, I just wanted an easy way to see if an issue was fixed or not.

Plus, I wonder if this could be made to work for all platforms, I’ll have to experiment a little.

I’ve modified the gm-library.cgi with the new lines on GM v1.3.1 but no success nothing happen when I try the shortkeys… I also put the cookies fonction ON in the config.
Any idea why isn’t work?

have a look at http://web.petefinnigan.com/greymatter_mods.htm – this page includes my gm-library.cgi saved as dot txt, download this file and replace your gm-library.cgi with it. Save your own file first.

I finally checked in your changes to CVS, thanks for your patience.

I did some research and it looks like javascript keystroke compatibility between browsers and OS is a thorny issue. I am hoping to play with the code and get a universal feature going, but for now, the old functionality has been restored for all you IE users.

While I was porting this to be generic for both Windows/Mac/All Browsers, I ran across discussions about changing the key mappings like this. Some people really don’t like it. I am wondering if this should be an option that is enabled, or if buttons (such as on this forum) would work?

I can see the appeal of just using key shortcuts, but if they interfere with someone’s existing key mappings, I am concerned. I wonder if that is why it was removed initially?

On a side note, I found that with accesskey attribute, you can do key assignments almost universally. However, IE is being difficult.

 

1.7.1 – comment force check issue

I have been testing comments in 1.7.1 this evening and found an issue with the changes to gm-comments.cgi where you can specify that comments are forced through a preview and then a random string is generated to ask the user to enter it before the post is made to avoid some of the comment spam. This code is shown between lines 155 and 172:

Code:

if ( ($IN{‘gmpostpreview’} ne “”) || ($IN{‘gmpostpreview.x’} ne “”) ) {
&gm_previewcomment;
} else {

if( $commentforcepreview eq Gm_Constants::YES && !exists( $IN{‘postit’} ) ){
## if force preview, check if var ‘postit’ only found on preview page
&gm_previewcomment;
}

if( $commentverify eq ‘static’ || $commentverify eq ‘random’ ){
## if force preview, check if var ‘postit’ only found on preview page
&gm_forceverify;
}

&gm_addcomment;
&gm_freshenaftercomment;
}

The logic is that a user can press preview or submit, either way now if force preview is set the user previews the comment. The forceverify function is supposed to then display a random number for the user to enter and if this is successful then the comment is posted.

The issue is that the hidden value “postit” is never set. To fix this add the following line:

Code:

<INPUT TYPE=HIDDEN NAME=”postit” VALUE=”postit” />

to the “Confirmation Form Template” at the end just above the:

Code:

</form>

line. My tests showed this to work.

That is weird, because if you look at the function that prints the page with the random string, I use a hidden field in the form for postit, at around line 768 of gm-comments:

Code:

$userMessage .= ‘<INPUT TYPE=HIDDEN NAME=”postit” VALUE=”postit”>’.”\n”;

I thought I had tested this case, but will investigate when I get a chance.

Sorry I missed out a vital bit of information in my last post.

The issue before I made the fix was that I posted a comment, pressed preview and it displayed the comment nicely. I was presented with the post it button on the preview page and I pressed it. This simply dispayed the preview page again with the same button and i never got the string to enter screen generated by gm_forceverify.

The code line you mention is in the gm_forceverify function. This function is never called though as if you see the code section i pasted in this thread, you get to the gm_previewcomment function and it displays the preview and then asks you to post the comment. This function (gm_previewcomment) doesnt set the hidden name “postit” with the value “postit” so you end up back in gm_previewcomment again – in a loop..

My fix was to set the hidden name “postit” in the preview template so that it gets set the first time you preview so that next time through the code you end up in gm_forceverify.

I think I got whats causing this confusion.

I started with the 1.3.1 templates, and for the “Confirmation Form Template” they use this code for the submit button:

Code:

<input type=”submit” name=”postit” value=”Post It” />

I am guessing your button did not? Your solution works as well as making sure the ‘name’ attribute from above is “postit”.

Thanks for tour feedback on this one. I started with 1.3.0 and my template didnt have the name=”postit” set for the button. I guess we ought to update the documentation to advise people to update this template or do it automatically but that could be problematic!

Yeah, I wasn’t sure how to do it automatically, I was just hopeing that everyone had postit in the template (oh silly me).

I was thinking that I could make a note in the config blurb to tell people about this, otherwise, not sure where the documentation for this would go?

 

Comment author check issue in 1.7.1

I have just updated one of my blogs to 1.7.1 to test the comment changes made in 1.7.1 so that I can work on the comment queue mod. I made a test to post a comment and found an issue with the author check. The code at line 696 in gm-comments.cgi is:

Code:
if ($IN{‘newcommentauthor’} =~ m/$a_name/i) {

This code checks is the comment author is one of the registered authors. This is to stop others from posting comments as a real author. If a real author wishes to post then he needs to use AUTHUSER_AUTHPASSWORD. I tested a comment as a comment author “Pete” which is the same GM author that posted the entry. This works fine and the post is blocked. BUT when I tried to post another comment as “Pete Finnigan” – it was also blocked. I then tried “Pete Smith” this was blocked also. The line of code above simply tests if the author name is anywhere in the comment author string. To fix the issue change line 696 to:

Code:
if ($IN{‘newcommentauthor’} =~ m/^$a_name$/i) {

This then checks for an exact match of the author against the comment author.

Good catch pete, can you see the egg on my face from across the pond? 🙂

Updated:

I remember why I did this now. Its to avoid people using whitespace to pad names, for example ‘ pete’ shouldn’t match ‘pete’. Still it seems that it is too strict. Perhaps there is a way to tighten it down slightly.

I also wanted to catch stuff like ‘coldstone sucks’ which would not be caught with the exact match.

I can see your logic and its valid but I also I think mine is as well. If I have a username “Pete” and I want to stop anyone posting as me, i cannot let loose matches stop all posts beginning with “Pete”, i.e “Pete Smith” for instance. This would stop a genuine person who might be called “Pete Smith” from commenting and using their own name.

That said I don’t know what the solution is yet, somewhere between both our points of view i guess.

The problem would be, how do you block “Pete sucks” and allow “Pete Smith” through? – I think I would still advocate exact matches on author names as the whole purpose of the check is to prevent impersonation. Maybe the solution is to use the censor list on commentor names as well? or maybe the issue would be better solved once we get the comment moderation queue running?

The moderation queue will definitely help, however, I was able to fool my friends on a WordPress site they run when I tested if WordPress had this feature. They let my comment through because they didn’t know if the other person running the site had actually made the post, but then again, with the mod queue, they could see the email address used.

I could make the author check be something like ‘off’, ‘on – strict’, and ‘on – loose’. The commenter’s name does get run through the censor list. Even for strict though, I imagine that whitespace would be ignored so that ‘ pete’ will trigger a block.

I think the regex would be:

Code:

if ($IN{‘newcommentauthor’} =~ m/^\w*?$a_name\w*?$/i) {

That way people would have a choice about how strict the name is.

 

GM 1.7.1 – RSS feed generation broken

I have just found that the gm-rss feed generator is broken if you upgrade to 1.7.1. I will fix it tomorrow evening as its 11:45 pm here and I need to go to work tomorrow. The issue is that gm-rss.cgi reads the config file entries by ordinal number and they have changed.

I will release a fix tomorrow but i am also working on a new built in feed generator that will be a core part of gm.

In 1.6.1 they changed to be name value pairs, is that whats causing the problem? Otherwise there shouldn’t have been any config file changes between 1.6.1 and 1.7.1.

Versions Affected: GreyMatter 1.7.1, 1.6.1, 1.3.1, and ? (presumably it affects all versions with the archive feature).
Severity: High (hard to fix)

Issue Description: GreyMatter will not update the archive page for a given month, so that if a comment is posted to an entry, viewing the archive page with that entry will show the incorrect number of comments (it will be the number of comments at the time of last rebuild).

Resolution: None currently.

 

Tags and Categories

I didn’t want to move the old topic since it started out as a trouble shooting issue.
This is picking up the thread of original post:
http://greymatterforum.proboards82.com/index.cgi?board=gmtroubleshooting&action;=display&thread;=1173294298

I was thinking of doing the information rfp soon, once we hashed out some ideas.

I misled you with the search ting, I was thinking it would be static too. I think it fits in better with rest of gm. I was just thinking that the search templates addressed similar issues as Tags and Categories templates.

I guess I had tags and categories jumbled together. Thinking about it, does this definition work for everyone? Feel free to give input:

Categories: An entry can only have one category, categories can have 1 sub category. Categories are assigned only by the Author (or other admin that has editentry privileges).

Tags: An entry can have multiple tags, no sub tags. Tags added by users or authors (or both)? Tags factor into searching? Tags created by users or authors (or both)?

It seems like there are some commonalities though (again, everyone feel free to correct any assumptions I am making).

Both will need a screen to edit/add new. Both will need templates to display a list of all, templates to define what the static page with all marked entries should look like.

Let’s see if we, at this forum can accept some common blogging terms so I would like to refer everyone to the best page I have found on this.
http://www.quickonlinetips.com/archives/2006/06/the-giant-blogging-terms-glossary/

In the past when referring to tags, I think most of us where talking about Greymatter template tags so I think we should say “template tags” for these tags and tags or labels for the others should be ok.

What do you think?

Yeah, I always think of those as tokens. I just realized though that the gm_manual.html file refers to those as Template Variables. Should we keep this terminology to avoid confusion? Maybe we just have to be better about using the term.

Once we get to interactive help files maybe it will not matter, but until then we should be clear. We do not want to drive away or confuse anyone.

Also, the most commons questions in the forums should become part of a FAQ.

 

GreyMatter 1.7.2.3

Due to a performance issue reported by Pete Finnigan in the bug forums, an updated version of the 1.7.2 release has been made available.

Versions Affected: 1.7.2, those with many entries, will be affected the most.

Issue: A fix for the issue of the ‘{{previous’ and ‘{{next’ links caused a performance delay of 45 seconds for each page rebuild. This delay would cause timeouts when rebuilding files.

Version fixed in: 1.7.2.3 (third release to fix the issue). A fixed version can be identified by the version number in the upper left corner of the admin screens.

Upgrading: To upgrade to this version, replace the existing gm-library.cgi (for version 1.7.2) with the gm-library.cgi in the 1.7.2.3 package.

Originally reported in thread:
http://greymatterforum.proboards82.com/index.cgi?board=gmbugreport&action;=display&thread;=1173823322

Active Development

How many people are actively developing greymatter?

What area of development are they focusing on?

That is a good question. Right now, as far as I know, its myself and Pete Finnigan.

I am focusing on refactoring the code to be more modular and easier to add enhancements. I have documented this in the gm_dev_guide.html that comes with GreyMatter. I also look for defects mentioned on the forums and attempt to fix them, depending on time and how extensive the fix will be.

I have setup two copies of Greymatter 1.7.1 on one of my web servers. The first one is my base line and the only changes I made to it is edit the templates so that they produce valid xhtml.

The second copy I am going thru the gm-library from line 1 on. My goal is have all web pages produced by Greymatter to be valid xhtml/css. I am using it to keep a log of all changes made.

Thats cool. Gm should be able to do valid xhtml/css. The Admin screens are very table heavy and I think it would be cool to move to styled divs. I am not anti-table, but they are using a trick I used to use, in which you create a nesting table with a 1% pad to create a border, so two tables instead of one div with border attribute.

Yes i would agree, I have not heard of anyone else (so far) apart from myself and Coldstone. I am working in feeds, comment moedreation queue and will also work on draft posts after that.

Looks interesting. I noticed you separated some of the stuff out. I only half finished moving the Admin css and js to the lib/Gm_Web.pm.

My only concern is: moving the css into seperate files is usually a good thing, but I was a fan of Gm keeping it all together. I thought it was nice to keep it togther since there is less files and its easier for a new person to edit, they don’t have to do server side file access to change the css, they can just use Gm’s template editor. A more advanced user can then use the templates to link to external css/js files and avoid name collisions on the users file system.

I was thinking that this is the first step toward themes or skins.

  • Remove css and link
  • Remove js and link
  • Remove all deprecated tags
  • Bring remaining HTML up to XHTML
  • Reduce tables use for layout
  • Add interface to save or select themes

What do to think?

Its interesting, but do you mean themes for the admin side, or themes for the web log side?

Its actually not too bad to switch themes, you just upload a new gm-templates file, but I think it should be handled by the ui so you cold have more than one. I have put some thought into this as well and the issue I always stumbled on was that if you seperate out the css/js from the template file, then thats another folder to maintain and update when installing new themes. Now if the theme uses emoticons or images, then this is unavoidable.

But basically I was thinking you would have a gm/cgi-bin/themes/new_theme.cgi, which would be a template file with the name of the theme. But for emoticons and images (and external js/css files) you would also need a directory under the web readable dir, such as gm/themes/new_theme.

However, since the {{logwebpath}} is defined, template authors could use that to specify the location of external files. Basically multi-theme stuff would need a admin screen to switch/install themes, and a new template variable for the theme name.
I think alot of people customize the template file, so we can clean it up, but I think most people do that during the course of customizing it.

The themes would be for the web log side.
I was thinking we would have something like gm/cgi-bin/themes/new_theme/gm-template.cgi

Have the ui check to see if there are any folders in the theme folder

  • if none are there then use the default gm-template.cgi
  • if one or more was there then offer a choice

When starting a new theme the ui would have you name it then the ui would create a folder with this name in the the theme folder. A copy of the gm-template.cgi would be copied to that folder which you could change without effecting the default theme.

Any external files related to a theme would be kept in the related theme folder.

I was thinking of something similar, except that the other files can’t be in the cgi-bin folder (not on all hosts I should say), for instance on my web host, I can’t access html files in my cgi-bin directory. Thats one of the issues with putting all the files in one place.

Release GM 1.7.1 on 12/31/2006

Well its done and I did get more testing in so hopefully its not so buggy this time. Since the changes are not as drastic I hope to have avoided introducing more bugs.

Updated: Here are the changes for this release:

NEW FEATURE: Link Limit will block and/or ban commenters based on number of links in comment
NEW FEATURE: Force Preview will require that a commenter preview their post before submitting
NEW FEATURE: Require commenter to type pass-phrase, either a phrase provided or random letters
Fixed defect where installations with more than 1 connected files would not rebuild/repair the connected files:
http://greymatterforum.proboards82.com/index.cgi?board=gmbugreport&action;=display&thread;=1163736661&page;=1#1163736661
Fixed defect where two templates were cleared out in 1.6.1 upgrade, but should only be cleared out for versions prior to 1.3.1. http://greymatterforum.proboards82.com/index.cgi?board=gmbugreport&action;=display&thread;=1163569859&page;=1#1163569859
Fixed defect where military hour not showed as 00 for 12 am:
http://greymatterforum.proboards82.com/index.cgi?board=gmbugreport&action;=display&thread;=1165810428&page;=1#1165810428
Fixed defect where censored word list was no longer honored. Due to 1.6.1 refactoring:
http://greymatterforum.proboards82.com/index.cgi?board=gmbugreport&action;=display&thread;=1165811797&page;=1#1165811797
Fixed defect where multiple files where not being processed:
http://greymatterforum.proboards82.com/index.cgi?board=gmbugreport&action;=display&thread;=1163736661&page;=1#1163736661
Fixed defect where {{commentauthorsmartlink}} was not being censored:
http://greymatterforum.proboards82.com/index.cgi?board=gmbugreport&action;=display&thread;=1164257159&page;=1#1164257159
Fixed defect where preview/post wouldn’t work unless “Protect Author Name” was enabled.
http://greymatterforum.proboards82.com/index.cgi?board=gmbugreport&action;=display&thread;=1165981473&page;=1#1165981473
refactored gm_collatecomments into Gm_Core, in order to gain OO benefits.
refactored gm_getentryvariables into Gm_Core, in order to gain OO benefits.
Tighted up regex to look for hacks, specifically malformed iframe and script tags

I have added the zip and tar.gz download files to the primary download site http://web.petefinnigan.com/greymatter.htm for download.

1 2