Page 2 of 3
Re: [1.7][2.0] 2k11 – standard, default or what else?
Posted: Wed Oct 12, 2011 3:30 am
by Don Chambers
yellowled wrote:I remember asking that we had the ability to choose separate templates for both the front and back ends... are you saying we now have that?
Just in the sense that one can copy and admin/ template to 2k11's template folder.
yellowled wrote:Are you also saying that your new front end template does not also have a matching backend/admin template?
That's right. Right now I'm using a backend template provided by a user (who I think isn't active in the forums), but it does not have a matching backend template.
YL
Re: [1.7][2.0] 2k11 – standard, default or what else?
Posted: Mon Oct 17, 2011 10:37 pm
by Timbalu
Hi
I just discovered something weird on my way to understand s9y/smarty security!
What I did
- set $serendipity['defaultTemplate'] = 2k11 in serendipity_config.inc
- have my own template = myTemplate choosen as the main template
- and disabled INCLUDE_ANY settings in plugins (which has nothing to do with the further... ). To check this, I disabled myTemplate/default_staticpage.tpl. Now the Fallback follows the concept and looks into the next, this is $serendipity['defaultTemplate'] == 2k11. This would not be a problem if 2k11 would not have this serendipity_smarty_html5time modifier.
Now I suddenly get this error:
Fatal error: Smarty error: [in file:/tests/blogs/serendipity/templates/2k11/plugin_staticpage.tpl line 37]: [plugin] (secure mode) modifier 'serendipity_smarty_html5time' is not allowed (core.load_plugins.php, line 118) in /tests/blogs/serendipity/bundled-libs/Smarty/libs/Smarty.class.php on line 1093
Investigating this behaviour, I found $serendipity['smarty']->template_dir array has no '2k11'
I added necessary:
Code: Select all
$serendipity['smarty']->template_dir = array($template_dir);
+ $serendipity['smarty']->template_dir[] = $serendipity['serendipityPath'] . $serendipity['templatePath'] . $serendipity['defaultTemplate'];
$p = explode(',', $serendipity['template_engine']);
foreach($p AS $te) {
$serendipity['smarty']->template_dir[] = $serendipity['serendipityPath'] . $serendipity['templatePath'] . $te;
}
$serendipity['smarty']->template_dir[] = $serendipity['serendipityPath'] . $serendipity['templatePath'] . 'default';
+ $serendipity['smarty']->template_dir = array_merge(array(), array_unique($serendipity['smarty']->template_dir));
$serendipity['smarty']->compile_dir = $serendipity['serendipityPath'] . PATH_SMARTY_COMPILE;
to init() function, which is needed even without having this problem (and YES also the array_merge and array_unique merge).
But the error remains. I also tried to add $serendipity['defaultTemplate'] to $serendipity['smarty']->config_dir, but still no success.
I still think with some more investigation this is a solvable issue, but my question as of now is:
Can anybody reproduce this behaviour?
Re: [1.7][2.0] 2k11 – standard, default or what else?
Posted: Tue Oct 18, 2011 1:03 pm
by Timbalu
I gave it some more tries this morning.
We cant do anything with register() in templates/2k11, while smarty security is very strict (which is good btw).
The only secure way to pass by the mentioned problem having 2k11 as defaultTemplate and using some other template as (main)template, with the case of (staticpage) tpl fallback to2k11, is to add it to cores functions_smarty.inc
Code: Select all
$serendipity['smarty']->register_modifier('html5time', 'serendipity_smarty_html5time');
and
Code: Select all
function serendipity_smarty_html5time($timestamp) {
return date("c", $timestamp);
}
and get rid of it in 2k11's config. (if it is a must have feature!)
EDIT:
OR enhance the smarty security allowed modifiers section, to allow this specific modifier in general, which should work also. (
Edit2: Well, only if adding the function to smarty modifiers dir, I assume. So the first said above will be the recommended, if this additional modifier is really that needed.)
(I shortened the modifier name used in the tpl, see above.)
Re: [1.7][2.0] 2k11 – standard, default or what else?
Posted: Tue Oct 18, 2011 4:14 pm
by yellowled
Timbalu wrote:The only secure way to pass by the mentioned problem having 2k11 as defaultTemplate and using some other template as (main)template, with the case of (staticpage) tpl fallback to2k11, is to add it to cores functions_smarty.inc [...] and get rid of it in 2k11's config. (if it is a must have feature!)
Yes, it
is a must-have feature.
It's the only way to include an HTML5-compliant timestamp for datetime, and no, we should
not wait and see if the w3c decides to change this again. Shipping an HTML5 template which does not emit valid code is embarrassing, period.
In any case, Garvin (dingdingding!) should check this out since I
really have no clue what you're talking about.
YL
Re: [1.7][2.0] 2k11 – standard, default or what else?
Posted: Mon Nov 28, 2011 8:00 am
by yellowled
Okay, so I pushed 2k11 to the GitHub repo this morning, including a backport for the upcoming 1.6.1 branch. From my point of view, that means – barring any major bugs or feature ideas – development of 2k11 should from now on focus on turning it into a proper default template.
That means:
* proper inclusion in the fallback chain, including the fix for the html5 date Timbalu mentioned (which I have to admit I still don't fully understand, but it sounds good
), by implementing a doctype-based "switch" as discussed earlier
* adding templates and files needed for it to be used as a default; I'm still not sure which templates/files we actually need (based on what default has compared to 2k11 as of now), but since this also depends on the backend template, I guess the best solution for the time being is to replicate any file included in default in 2k11, right?
YL
Re: [1.7][2.0] 2k11 – standard, default or what else?
Posted: Wed Nov 30, 2011 9:07 am
by Timbalu
Hi
I just remembered this (serendipity NEWS)
* Use $smarty.const. to access constants instead of $CONST within
Smarty templates; this is replaced using a Smarty prefilter, so
that within templates you can still use the $CONST shortcut
(garvinhicking)
Every tpl Content gets parsed through this prefilter function. But I almost never see anyone using it, as every example has these $CONST headers. For future and nowadays Templates it might be a good thing to stick to the smarty {$smarty.const.CONSTANT} syntax (see
http://www.smarty.net/docs/en/language. ... smarty.tpl) - so one day we can cut of this prefilter function for performance reasons.
As 2k11 is going to be the standard and standard copy template, we could start here to cut off some antiquated traditions!
Re: [1.7][2.0] 2k11 – standard, default or what else?
Posted: Wed Nov 30, 2011 12:44 pm
by yellowled
Timbalu wrote:As 2k11 is going to be the standard and standard copy template, we could start here to cut off some antiquated traditions!
Let's see if I get this: Instead of using
Code: Select all
{assign var="navtitle" value=$CONST.TWOK11_NAV_TITLE}
[...]
<h2 class="visuallyhidden">{$navtitle}</h2>
I can use
Code: Select all
<h2 class="visuallyhidden">{$smarty.const.TWOK11_NAV_TITLE}</h2>
..?
YL
Re: [1.7][2.0] 2k11 – standard, default or what else?
Posted: Wed Nov 30, 2011 1:29 pm
by Timbalu
yellowled wrote:Let's see if I get this: Instead of using
Code: Select all
{assign var="navtitle" value=$CONST.TWOK11_NAV_TITLE}
[...]
<h2 class="visuallyhidden">{$navtitle}</h2>
I can use
Code: Select all
<h2 class="visuallyhidden">{$smarty.const.TWOK11_NAV_TITLE}</h2>
..?
Yes. Why not? (Have a try) This looks more like a unnecessary doublette for me.
My talkings were about the difference of {$CONST.QUICKSEARCH} vs. {$smarty.const.QUICKSEARCH}, or {$CONST.GO} vs {$smarty.const.GO} and so on.
We have a serendipity prefilter function which just replaces $CONST.CONSTANT with $smarty.const.CONSTANT notation in context before it gets compiled. I am just trying to convince Garvin ...(see Smarty3 thread)
Re: [1.7][2.0] 2k11 – standard, default or what else?
Posted: Wed Nov 30, 2011 10:15 pm
by garvinhicking
Hi!
Why would you use this assign syntax in first place? You could have already used:
Code: Select all
<h2 class="visuallyhidden">{$CONST.TWOK11_NAV_TITLE}</h2>
all of the time...?!
Regards,
Garvin
Re: [1.7][2.0] 2k11 – standard, default or what else?
Posted: Thu Dec 01, 2011 9:53 am
by yellowled
garvinhicking wrote:Why would you use this assign syntax in first place?
As dumb as that may sound – that's the way I learned it, probably from one of Carl's templates. I never really bothered to check if it was really necessary, I just assumed it was. Erm.
YL
Re: [1.7][2.0] 2k11 – standard, default or what else?
Posted: Tue Oct 30, 2012 11:11 am
by Timbalu
Timbalu wrote:The only secure way to pass by the mentioned problem having 2k11 as defaultTemplate and using some other template as (main)template, with the case of (staticpage) tpl fallback to2k11, is to add it to cores functions_smarty.inc
Code: Select all
$serendipity['smarty']->register_modifier('html5time', 'serendipity_smarty_html5time');
and
Code: Select all
function serendipity_smarty_html5time($timestamp) {
return date("c", $timestamp);
}
and get rid of it in 2k11's config.
In the meantime I know what is happening, and why I get a
new "Cannot redeclare ..." fatal error, apart from using 2k11 as defaultTemplate and the upper mentioned "not allowed..." error. (This "not allowed" error has to get investigated still, though we changed the security by Garvin some time ago, which I think came into after I ran those tests.)
If you have 2k11 as your personal (not! default) template and copy/rename it to i.e. "my2k11" and then change to that template in the styles section, you get this error stopping the system to halt, while still having 2k11/config alive and switching to new my2k11/config. You need to reload that page to avoid parsing both configs. This could be a problem to John Doe going that way. This will happen for every copied template using own functions (and register them to smarty).
So here is my solution. We could either say:
Do not include functions and register things in configs directly. Use
Code: Select all
require_once or include_once('addCode.php');
or check if the function_exists first and use it that way i.e.:
Code: Select all
if (!function_exists('serendipity_smarty_html5time')) {
function serendipity_smarty_html5time($timestamp) { return date("c", $timestamp); }
if( defined('Smarty::SMARTY_VERSION') ) {
$serendipity['smarty']->registerPlugin('modifier', 'serendipity_html5time', 'serendipity_smarty_html5time');
} else {
// old Smarty 2 syntax
$serendipity['smarty']->register_modifier('serendipity_html5time', 'serendipity_smarty_html5time');
}
}
What do you think?
Re: [1.7][2.0] 2k11 – standard, default or what else?
Posted: Tue Oct 30, 2012 12:03 pm
by garvinhicking
Hi!
Good digging.
I think only your second idea with "function_exists" will work. Include/Require once would not work with multiple config.inc.php files, since each would be their own "once" file, as they are contained in multiple directories and would be distinct files, not the same file.
Regards,
Garvin
Re: [1.7][2.0] 2k11 – standard, default or what else?
Posted: Tue Oct 30, 2012 2:04 pm
by Timbalu
Oh yes, thats true.
Fixed a typo in example, now it can be used as is.
Re: [1.7][2.0] 2k11 – standard, default or what else?
Posted: Wed Dec 19, 2012 2:41 pm
by yellowled
Garvin, about 1.7: should we think about making 2k11 the new standard (active in new installations) template for that?
I don't think it needs much more testing. Development is pretty much “done” apart from (rare) updates to the 3rd-party JS components. It probably isn't ready to be the default (as in fallback) template, but it should be stable enough to serve as a standard template.
I also would like to move development of 2k11 – if there actually is any – to the s9y repos, i.e. get rid of my external 2k11 repository over the next couple of months. (It probably needs some time for every user to notice that it's being developed in master/2.0.)
Hm?
YL
Re: [1.7][2.0] 2k11 – standard, default or what else?
Posted: Wed Dec 26, 2012 11:24 am
by garvinhicking
Hi!
I'm up for discussion on this, but personally I would prefer to make 2k11 the new template in 2.0 only, mostly to have a 1.7 version that runs as stable as possible while we introduce possible errors in 2.0; since 2.0 might be in a whacky state for some time, I wouldn't like to have another Baustelle in 1.7 as well. Even though I fully trust that 2k11 is ready for primetime I think it might raise support issues and other trivial problems that could divert our attention...
Regards,
Garvin