Wiki source code of IRC Archive for channel #xwiki
Last modified by Vincent Massol on 2012/10/18 19:12
Show last authors
author | version | line-number | content |
---|---|---|---|
1 | florinciu joined #xwiki at 00:04 | ||
2 | florinciu left at 00:35 (Read error: Connection reset by peer | ||
3 | abusenius left at 00:51 (Quit: Konversation terminated! | ||
4 | lucaa left at 01:29 (Ping timeout: 258 seconds | ||
5 | sdumitriu left at 03:17 (Ping timeout: 240 seconds | ||
6 | mflorea joined #xwiki at 06:25 | ||
7 | nuvolari left at 07:21 (Excess Flood | ||
8 | nuvolari joined #xwiki at 07:22 | ||
9 | nuvolari left at 07:24 (Changing host | ||
10 | nuvolari joined #xwiki at 07:24 | ||
11 | kibahop joined #xwiki at 08:00 | ||
12 | vmassol joined #xwiki at 08:16 | ||
13 | sburjan joined #xwiki at 08:26 | ||
14 | plunden joined #xwiki at 08:30 | ||
15 | vmassol left at 08:50 (Quit: Leaving. | ||
16 | vmassol joined #xwiki at 08:53 | ||
17 | vmassol1 joined #xwiki at 08:53 | ||
18 | vmassol left at 08:58 (Ping timeout: 265 seconds | ||
19 | vmassol joined #xwiki at 09:14 | ||
20 | vmassol1 left at 09:14 (Read error: Connection reset by peer | ||
21 | SvenDowideit left at 09:15 (Ping timeout: 264 seconds | ||
22 | SvenDowideit joined #xwiki at 09:18 | ||
23 | SvenDowideit_ joined #xwiki at 09:22 | ||
24 | SvenDowideit left at 09:23 (Ping timeout: 258 seconds | ||
25 | SvenDowideit_ is now known as SvenDowideit ([email protected] | ||
26 | Enygma` joined #xwiki at 09:26 | ||
27 | silviar joined #xwiki at 09:27 | ||
28 | lucaa joined #xwiki at 09:28 | ||
29 | mflorea left at 09:33 (Quit: Leaving. | ||
30 | arkub joined #xwiki at 09:33 | ||
31 | evalica joined #xwiki at 09:43 | ||
32 | florinciu joined #xwiki at 09:52 | ||
33 | sburjan - (09:52): hello guys. Question. | ||
34 | sburjan - (09:53): when I try to import an Office Document, I get an error saying "This feature requires an active openoffice server which we could not locate, please contact your administrator to resolve this issue. " | ||
35 | sburjan - (09:54): Is this normal ? | ||
36 | vmassol - (09:54): hi sburjan | ||
37 | vmassol - (09:54): yes it's normal | ||
38 | sburjan - (09:54): okay | ||
39 | tmortagne joined #xwiki at 10:04 | ||
40 | evalica1 joined #xwiki at 10:11 | ||
41 | sdumitriu joined #xwiki at 10:12 | ||
42 | Denis joined #xwiki at 10:13 | ||
43 | evalica left at 10:13 (Ping timeout: 272 seconds | ||
44 | KermitTheFragger joined #xwiki at 10:18 | ||
45 | abusenius joined #xwiki at 10:23 | ||
46 | jvdrean joined #xwiki at 10:30 | ||
47 | CalebJamesDeLisl - (10:36): Good morning. It's too bad we can't flip the order of the 1.0 renderers because IMO 5272 is a blocker. | ||
48 | evalica1 is now known as evalica ([email protected] | ||
49 | mflorea joined #xwiki at 10:40 | ||
50 | abusenius - (10:42): CalebJamesDeLisl: why do you think it is worse than 5223? | ||
51 | abusenius - (10:42): the result is the same :) | ||
52 | CalebJamesDeLisl - (10:42): In 5223 you are restricted, (no <>"&) | ||
53 | CalebJamesDeLisl - (10:43): Not a good excuse though. They are related, I'd like to fix them both at the same time. | ||
54 | abusenius - (10:44): well, unless you want to do arithmetic its fine | ||
55 | abusenius - (10:44): " is not a problem | ||
56 | CalebJamesDeLisl - (10:44): These are both runious which is why I think it's worth it to break backward compatibility. | ||
57 | CalebJamesDeLisl - (10:44): *ruinous | ||
58 | abusenius - (10:45): I agree, those things should have never been allowed | ||
59 | CalebJamesDeLisl - (10:46): vmassol: What say you to adding a config param for breaking 1.0 renderer compatibility? | ||
60 | vmassol - (10:46): I don't understand why you want to touch the 1.0 rendernig engine, it shouldn't be touched | ||
61 | vmassol - (10:46): it's read only basically | ||
62 | vmassol - (10:46): and only there for backward compat | ||
63 | vmassol - (10:46): so we shoudn't touch it as much as possible | ||
64 | vmassol - (10:47): it's deprecated if you prefer | ||
65 | CalebJamesDeLisl - (10:47): To plug a _big_ hole. | ||
66 | vmassol - (10:47): the rendering 1.0 *IS* a big hole by itself | ||
67 | vmassol - (10:47): this is why we wrote the 2.0 one | ||
68 | CalebJamesDeLisl - (10:47): Well, XSS is not good but this hole is really bad. | ||
69 | abusenius - (10:47): there is no difference whether some insecure code is deprecated or not, as long as its is accessible, it can be exploitet | ||
70 | CalebJamesDeLisl - (10:48): see: 5272 and the list of documents. | ||
71 | vmassol - (10:48): well we do allow not making the 1.0 syntax avail | ||
72 | vmassol - (10:48): it's a config option | ||
73 | CalebJamesDeLisl - (10:49): Not sure that each of those has the hole but I can see that some do. | ||
74 | vmassol - (10:49): if you define a new config param you'll need to hav eit off by default so it won't help | ||
75 | abusenius - (10:49): this one should be on | ||
76 | CalebJamesDeLisl - (10:49): Why off by default? New installations won't need this. | ||
77 | vmassol - (10:49): then you break backward compat and you're going to hurt a lot of people | ||
78 | abusenius - (10:50): IMO there is no point in trying to make new code secure if there are still tons of old security holes kept for backward compatibility with old exploits | ||
79 | CalebJamesDeLisl - (10:50): Meaning upgrades? | ||
80 | vmassol - (10:50): hmm you're right, if people are caeful | ||
81 | vmassol - (10:50): they won't merge it | ||
82 | vmassol - (10:50): *careful | ||
83 | vmassol - (10:50): so it means off by default | ||
84 | CalebJamesDeLisl - (10:50): IMO people should merge it and only revert if there is a problem. | ||
85 | vmassol - (10:50): ie when it doesn't exist it's off | ||
86 | vmassol - (10:51): CalebJamesDeLisl: people won't know about it | ||
87 | CalebJamesDeLisl - (10:51): Also we are going to have to put out a bulletin for this IMO. | ||
88 | vmassol - (10:51): anywya needs to be discussed on the security list not here | ||
89 | abusenius - (10:51): true | ||
90 | CalebJamesDeLisl - (10:52): Well I'll send a proposal there. | ||
91 | sburjan left at 10:59 (Read error: Connection reset by peer | ||
92 | sburjan_ joined #xwiki at 10:59 | ||
93 | jvelo joined #xwiki at 11:20 | ||
94 | CalebJamesDeLisl - (11:28): Anyone (vmassol?) have a problem with me applying Alex's "no nested scripts" patch? http://jira.xwiki.org/jira/browse/XWIKI-5223 | ||
95 | vmassol - (11:29): I can have a quick look to see if I spot anything wrong | ||
96 | vmassol - (11:30): tmortagne will want to review it too I'm sure | ||
97 | vmassol - (11:30): I can already see some things that need to be fixed before applying it | ||
98 | vmassol - (11:30): like:` | ||
99 | vmassol - (11:30): -.expect|event/1.0 | ||
100 | vmassol - (11:30): +.# Skipped, since nested scripts are not allowed any more, but it is hard to match the error trace here | ||
101 | vmassol - (11:31): I don't like it FTM | ||
102 | vmassol - (11:31): wait I mis-read something | ||
103 | vmassol - (11:31): so I remove that last statement | ||
104 | vmassol - (11:31): ;) | ||
105 | vmassol - (11:31): stillr eading | ||
106 | vmassol - (11:32): thought alex had introduced the notion of script in abstractblock…. ;) | ||
107 | CalebJamesDeLisl - (11:32): But you have no problem with the basic idea that scripts shouldn't be nested? | ||
108 | vmassol - (11:32): ah yes he has | ||
109 | vmassol - (11:32): currentBlock.setIsScript(true); | ||
110 | vmassol - (11:32): I don't like that part FTM (I'd need to understand it better) | ||
111 | vmassol - (11:33): CalebJamesDeLisl: I have no idea, haven't thought about it | ||
112 | vmassol - (11:33): I don't like that the checks are done internally as a general rule | ||
113 | vmassol - (11:33): I would have thought about some external rules | ||
114 | vmassol - (11:33): applied to an xdom | ||
115 | tmortagne - (11:33): i'm still not 100% sure about and and having script noting at AbstractBlock level is bad for sure | ||
116 | vmassol - (11:33): if someone wants nested scripts he won't be able not to run the filter | ||
117 | vmassol - (11:34): I'm ?1 to apply it as is | ||
118 | vmassol - (11:34): (after a quick review) | ||
119 | vmassol - (11:34): it adds the notion of scripts in several places | ||
120 | vmassol - (11:34): which shouldn't be aware of that | ||
121 | CalebJamesDeLisl - (11:35): -1 to the concept of blocking script in script? | ||
122 | vmassol - (11:35): (MAcroMaarkerBlock for ex) | ||
123 | tmortagne - (11:35): i don't even understand why he needs that | ||
124 | vmassol - (11:36): CalebJamesDeLisl: no, ?1 to hard code stuff and especially in places that shouldn't know about it | ||
125 | tmortagne - (11:36): also the patch contains lot's of code unrelated to the nested script blocking thing | ||
126 | vmassol - (11:36): (we need to keep an extensible implementation) | ||
127 | abusenius - (11:37): the reason why I added isScript is that I didn't wanted to hardcode "groovy" "velocity" etc | ||
128 | tmortagne - (11:37): abusenius: you don't need that | ||
129 | abusenius - (11:37): how do I distinguish between script and not script? | ||
130 | tmortagne - (11:37): just get the macro component and check if it's a ScriptMacro | ||
131 | abusenius - (11:38): but it ist the script macro, its a macro block that was added after macro execution | ||
132 | abusenius - (11:38): s/ist/isnt/ | ||
133 | vmassol - (11:39): could it be that you want generic markers? | ||
134 | tmortagne - (11:39): and ? you know the macro id and all macros have corresponding components | ||
135 | tmortagne - (11:39): just get the component based on it | ||
136 | vmassol - (11:39): (haven't really thought about your algo though) | ||
137 | abusenius - (11:40): vmassol, well I wanted to distinguish differen macro types | ||
138 | abusenius - (11:40): but I need to look at the way tmortagne is suggesting | ||
139 | vmassol - (11:40): ok | ||
140 | tmortagne - (11:40): for now there is only an abstract for script macro i think but we can introduce a interface to be cleaner | ||
141 | tmortagne - (11:41): i need to open Eclipse but that's the second time it crashes... | ||
142 | abusenius - (11:42): vmassol: re skipped tests, I could find an easy way to match arbitrary error trace in unit test, I wrote functional tests instead | ||
143 | abusenius - (11:42): (for those 2) | ||
144 | vmassol - (11:43): abusenius: what I meant is that skipping tests is not a solution | ||
145 | vmassol - (11:43): either the tests are removed for some reason or they are executed | ||
146 | vmassol - (11:43): skipping is like commenting out code | ||
147 | abusenius - (11:44): well, it was meant as a temporary measure | ||
148 | vmassol - (11:44): sure | ||
149 | vmassol - (11:44): but I was responding to caleb | ||
150 | vmassol - (11:45): that it needs to be fixed before applying the patch | ||
151 | tmortagne - (11:45): abusenius: checked, there is only AbstractScriptMacro but you can introduce a ScriptMacro interface (it was not needed before and check the type based on an abstract is not nice) in the same package (it's a public package) | ||
152 | CalebJamesDeLisl - (11:45): Hmm how about ScriptMacroMarkerBlock extends MacroMarkerBlock then just check what type of class it is? | ||
153 | tmortagne - (11:46): CalebJamesDeLisl: the MacroBlock is generated by the generic macro transformation | ||
154 | tmortagne - (11:46): it doe snot know anything about scripts | ||
155 | tmortagne - (11:46): s/MacroBlock/MacroMarkerBlock/ | ||
156 | CalebJamesDeLisl - (11:46): Ok. I'm not very well versed in the renderer. | ||
157 | abusenius - (11:50): tmortagne: ok, I'll update the patch accordingly | ||
158 | Enygma`1 joined #xwiki at 11:53 | ||
159 | mflorea1 joined #xwiki at 11:53 | ||
160 | tmortagne - (11:54): abusenius, CalebJamesDeLisl: btw after some tough i'm ok with this blocking nested script things in theses use case since if you really need that for a valid use case you can use other ways like special macro or programatically which are less easy but it's maybe better to let only users that knows what they do support this | ||
161 | evalica1 joined #xwiki at 11:54 | ||
162 | florinciu1 joined #xwiki at 11:54 | ||
163 | lucaa1 joined #xwiki at 11:55 | ||
164 | silviar1 joined #xwiki at 11:55 | ||
165 | silviar1 left #xwiki at 11:55 | ||
166 | lucaa left at 11:56 (Ping timeout: 240 seconds | ||
167 | silviar left at 11:56 (Ping timeout: 240 seconds | ||
168 | Enygma` left at 11:56 (Ping timeout: 240 seconds | ||
169 | mflorea left at 11:56 (Ping timeout: 264 seconds | ||
170 | florinciu left at 11:56 (Ping timeout: 252 seconds | ||
171 | evalica left at 11:56 (Ping timeout: 265 seconds | ||
172 | vmassol - (11:57): tmortagne: you mean putting the check by default in AbstractScript instead of doing it in a filter (in a Tx for ex)? | ||
173 | sburjan_ left at 11:57 (Ping timeout: 240 seconds | ||
174 | vmassol - (11:57): why couldn't it be done in a Tx btw? | ||
175 | mflorea joined #xwiki at 11:57 | ||
176 | vmassol - (11:57): (it was meant for this kind of use cases) | ||
177 | CalebJamesDeLisl - (11:58): Tx? Transformation? | ||
178 | evalica joined #xwiki at 11:58 | ||
179 | vmassol - (11:58): yes | ||
180 | CalebJamesDeLisl - (11:58): I asked the same, it's because you can hide a macro inside of an html macro. | ||
181 | Enygma`1 left at 11:58 (Ping timeout: 276 seconds | ||
182 | CalebJamesDeLisl - (11:59): {{velocity}} {{html wiki=true}} {{velocity}} .... | ||
183 | lucaa1 left at 11:59 (Ping timeout: 240 seconds | ||
184 | CalebJamesDeLisl - (11:59): {{html}} is a black box as I understand it. | ||
185 | florinciu1 left at 11:59 (Ping timeout: 276 seconds | ||
186 | vmassol - (11:59): yes macro content is a black box right now | ||
187 | vmassol - (11:59): but | ||
188 | evalica1 left at 12:00 (Ping timeout: 264 seconds | ||
189 | vmassol - (12:00): hmm thinking... | ||
190 | mflorea1 left at 12:00 (Ping timeout: 252 seconds | ||
191 | CalebJamesDeLisl - (12:00): Maybe evaluate all inner content recursively and blow up if it finds another script macro? | ||
192 | CalebJamesDeLisl - (12:00): Sure would be easier. | ||
193 | vmassol - (12:01): I need to understand what you're doing first. When you say froboding scripts inside scripts , wdym? | ||
194 | vmassol - (12:01): {{velocity}}{{groovy}}…{{/groovy}}{{/velocity}} is valid for ex | ||
195 | vmassol - (12:01): or do you mean <script> as in HTML? | ||
196 | CalebJamesDeLisl - (12:01): No I mean {{velocity}}{{groovy}} ... | ||
197 | vmassol - (12:02): hmm that solves use cases. What is wrong with it? | ||
198 | CalebJamesDeLisl - (12:02): http://jira.xwiki.org/jira/browse/XWIKI-5223 | ||
199 | abusenius - (12:03): the problem is that the content of {{groovy}} is generated using velocity | ||
200 | vmassol - (12:03): yesthat's the point :) | ||
201 | CalebJamesDeLisl - (12:03): Are there use cases where that's the only answer? | ||
202 | abusenius - (12:03): well, you can actually generate the {{groovy}} tags | ||
203 | tmortagne - (12:04): vmassol: (11:37:57 AM) <moi>: just get the macro component and check if it's a ScriptMacro | ||
204 | abusenius - (12:04): so as soon as you have any kind of injection | ||
205 | abusenius - (12:04): youre dead | ||
206 | abusenius - (12:05): a better solution IMO is to first parse xwiki completely and then evaluate scripts | ||
207 | CalebJamesDeLisl - (12:05): It's a particular pain because our current best practices don't address this vector. | ||
208 | vmassol - (12:05): I don't like it | ||
209 | vmassol - (12:05): as a general rule | ||
210 | abusenius - (12:05): so that we know which macros were there and which were injected | ||
211 | vmassol - (12:05): maybe for nested scripts inside velocity but generally I'm not sure | ||
212 | vmassol - (12:05): (even for velocity I'm not sure) | ||
213 | abusenius - (12:06): I don't see any reason why people should be able to generate scripts with other scripts | ||
214 | abusenius - (12:06): if there are strange use cases - too bad | ||
215 | vmassol - (12:06): that's called scripting languages | ||
216 | vmassol - (12:06): :) | ||
217 | vmassol - (12:06): there are lots of uises cases for that | ||
218 | CalebJamesDeLisl - (12:06): Such as? | ||
219 | vmassol - (12:07): any use case where you want o generate anotehr script | ||
220 | CalebJamesDeLisl - (12:07): :D Example? | ||
221 | abusenius - (12:07): you shouldnt want it :) | ||
222 | vmassol - (12:07): for example in the class wizard | ||
223 | tmortagne - (12:07): vmassol: actually that's not really scripting thing, in script you generally call some eval method to do that, you don't print the script to execute later | ||
224 | abusenius - (12:08): you can workaround it, make a script that take parameters | ||
225 | vmassol - (12:08): I need to read the jira issue to understand the need. So far I've only been commenting from the POV of the use cases | ||
226 | vmassol - (12:09): it's a lot to read | ||
227 | CalebJamesDeLisl - (12:09): 5223 is what started it. | ||
228 | tmortagne - (12:09): i think the main point is that abusenius and CalebJamesDeLisl think it's too difficult to properly protect a script when it's manipulating user datas | ||
229 | vmassol - (12:09): since you're several to understand the problem it seems I'll let you handle it (I need to finish coding something first). I just want to make sure we hardcode the minimum in the rendering | ||
230 | sburjan_ joined #xwiki at 12:10 | ||
231 | CalebJamesDeLisl - (12:10): Hmm, I have some stuff which will break. I will need to fix it but I think that for the best. | ||
232 | vmassol - (12:10): (harcoding logic that is) | ||
233 | tmortagne - (12:10): (which would make user able to inject a new script in its datas) | ||
234 | vmassol - (12:10): tmortagne: yes I gathered that | ||
235 | tmortagne - (12:10): i don't think there is much more | ||
236 | vmassol - (12:10): but it shouldnb't be done at the detriment of valid use cases so we need to be sure there are no valid use cases | ||
237 | vmassol - (12:10): because if you listen to security guys | ||
238 | vmassol - (12:11): they'll tell you you shouldn't put any script in pages | ||
239 | vmassol - (12:11): becuase it's a security hole | ||
240 | vmassol - (12:11): :) | ||
241 | vmassol - (12:11): so you end up with a tool that is worthless | ||
242 | vmassol - (12:11): ;) | ||
243 | abusenius - (12:11): well, they are right :) | ||
244 | tmortagne - (12:11): vmassol: i already say it was kinf of ok for me because there is ways to support it | ||
245 | tmortagne - (12:11): but when you use theses ways you know what you do basically | ||
246 | tmortagne - (12:12): so you don't permit user to inject script by mistake | ||
247 | vmassol - (12:12): I remember I used that strategy in 1.0 | ||
248 | vmassol - (12:12): when I had to dynamically generate the XML for a mindmap | ||
249 | vmassol - (12:12): it was very handy | ||
250 | vmassol - (12:12): if I had to do it programmatically I wouldn't have done it | ||
251 | CalebJamesDeLisl - (12:13): vmassol: I believe in principled security systems where there are lots features and functions while some are blocked (such as pointers in java) | ||
252 | CalebJamesDeLisl - (12:13): No features == no security because nobody uses it. | ||
253 | vmassol - (12:13): note to all: I'm not against it | ||
254 | vmassol - (12:13): just saying we have to be careful and not hardcode it if we can | ||
255 | vmassol - (12:13): not hardcode = follow generic rendernig architecture | ||
256 | CalebJamesDeLisl - (12:14): Maybe another "safe or dead" config param? | ||
257 | vmassol - (12:14): right now that's: parser, tx, renderer. If we need something more we need to add it | ||
258 | vmassol - (12:14): no param please :) | ||
259 | vmassol - (12:14): I'm talking java api here anyway | ||
260 | tmortagne - (12:14): vmassol: with the solution I gave to abusenius the only code added is in AbstractScriptMacro | ||
261 | abusenius - (12:15): why are you agains parsing xwiki macros first? | ||
262 | vmassol - (12:15): me? | ||
263 | tmortagne - (12:15): abusenius: WDYM ? | ||
264 | abusenius - (12:15): well, everyone, nobody seems to like the idea | ||
265 | abusenius - (12:15): parse xwiki - parse scripts - execute scripts | ||
266 | CalebJamesDeLisl - (12:16): Scripts which generate xwiki2 content? | ||
267 | abusenius - (12:16): so we first build a tree of xwiki macros (I know the generic parser now does it differently) | ||
268 | tmortagne - (12:16): abusenius: what is the difference with now ? | ||
269 | vmassol - (12:16): maybe some notion of ProxyBlock | ||
270 | vmassol - (12:16): that a TX would add around MacroBlock when they are scripts | ||
271 | vmassol - (12:16): so that ProxyBlock would do some checks | ||
272 | tmortagne - (12:16): abusenius: finding nested macros is impossible | ||
273 | abusenius - (12:17): tmortagne, now each macro is first evaluated, then parsed again | ||
274 | abusenius - (12:17): why? | ||
275 | vmassol - (12:17): (at exeuction) | ||
276 | tmortagne - (12:17): abusenius: what ? | ||
277 | vmassol - (12:17): I like that actually | ||
278 | vmassol - (12:17): wdyt? | ||
279 | tmortagne - (12:17): only scrip macrio sare parsed | ||
280 | abusenius - (12:17): tmortagne: why impossible? | ||
281 | tmortagne - (12:17): because the produce wiki syntax | ||
282 | tmortagne - (12:17): so this is perfecty normal | ||
283 | tmortagne - (12:18): you can't parse something that doe snot already exists... | ||
284 | abusenius - (12:18): well, if the parser cant find it, it should not be alowed | ||
285 | CalebJamesDeLisl - (12:18): I think what abusenius is suggesting is see a macro, parse and render recursively until there are no macros left. | ||
286 | tmortagne - (12:18): abusenius: it's impossible because you can't support every posible syntaxes in the parser | ||
287 | abusenius - (12:18): normal use cases like nested groovy in velocity will be easy | ||
288 | abusenius - (12:18): and you shouldnt | ||
289 | tmortagne - (12:18): {{velocity}} | ||
290 | tmortagne - (12:18): {{include/}} | ||
291 | tmortagne - (12:18): {{/velocity}} | ||
292 | tmortagne - (12:18): is not some velocity with a macro inside | ||
293 | vmassol - (12:18): (the idea would be similar to the secure uberspector done in velocity but with a TX for script macros) | ||
294 | tmortagne - (12:19): it's a vlocity content | ||
295 | tmortagne - (12:19): and only that | ||
296 | abusenius - (12:19): it is not as nice as it is done now, where macros are completely independent extensions, but is much safer | ||
297 | tmortagne - (12:19): it just happen that in the end this script macro produce a xwiuki/2.0 content containing some macro in it | ||
298 | abusenius - (12:20): IMO exactly this "feature" is very very bad | ||
299 | CalebJamesDeLisl - (12:20): {{velocity}}{{include/}} Ut oh. The current patch will break these. | ||
300 | abusenius - (12:20): CalebJamesDeLisl: no | ||
301 | CalebJamesDeLisl - (12:20): Include resets it? | ||
302 | abusenius - (12:21): yes, but it doesnt fix the problem with includes | ||
303 | tmortagne - (12:21): CalebJamesDeLisl: indeed that will not work | ||
304 | CalebJamesDeLisl - (12:21): problem with includes? | ||
305 | tmortagne - (12:21): so this is one use case | ||
306 | abusenius - (12:21): include vs. pr | ||
307 | tmortagne - (12:22): unless you specifically test for include in AbstractScriptMAcro | ||
308 | vmassol - (12:22): TX: macroblock("velocity") —> macroblock("proxyscript", param: language="velocity") | ||
309 | tmortagne - (12:22): which make include macro pretty hardcoded | ||
310 | abusenius - (12:22): thats another reason why I wanted to distinguish macro types... | ||
311 | abusenius - (12:23): smth like: nestable - not nestable - reset nesting | ||
312 | tmortagne left at 12:23 (Quit: Leaving. | ||
313 | CalebJamesDeLisl - (12:24): he didn't like that idea ^^ | ||
314 | vmassol - (12:24): :) | ||
315 | CalebJamesDeLisl - (12:25): Ok, an alternative for the moment would be to make escapetool.xml escape { | ||
316 | CalebJamesDeLisl - (12:26): Since it looks like we're going to have to add the concept of "can nest", "cannot nest" and "reset nesting". | ||
317 | abusenius - (12:28): btw the problem with {{include }} will remain in both cases | ||
318 | vmassol - (12:29): lunch time | ||
319 | arkub left at 12:34 (Ping timeout: 258 seconds | ||
320 | CalebJamesDeLisl - (12:56): "// included documents intercept the chain of nested script macros with XWiki syntax" K. | ||
321 | CalebJamesDeLisl - (12:57): Really ought to be more generic though. | ||
322 | tmortagne joined #xwiki at 13:01 | ||
323 | xwikibot joined #xwiki at 13:52 | ||
324 | mariusbutuc joined #xwiki at 13:59 | ||
325 | mariusbutuc left #xwiki at 13:59 | ||
326 | silviar joined #xwiki at 14:06 | ||
327 | CalebJamesDeLisl - (14:07): abusenius: Are you working on the nested macro patch? | ||
328 | abusenius - (14:10): yes | ||
329 | abusenius - (14:11): (was away for a lunch tough) | ||
330 | CalebJamesDeLisl - (14:11): Ok. Ping me when you have some changes. I'll look at having a patch for the 1.0 renderer. | ||
331 | abusenius - (14:12): ok | ||
332 | vmassol - (14:23): hehe | ||
333 | vmassol - (14:23): at last we're identified as a rendering engine: | ||
334 | vmassol - (14:23): http://kvoges.wordpress.com/2010/06/14/which-java-wiki-engine-should-one-use-within-an-opensource-application-xwiki-vs-wikitext-mylyn/ | ||
335 | vmassol - (14:23): :) | ||
336 | lucaa joined #xwiki at 14:38 | ||
337 | jvelo - (14:38): cool | ||
338 | CalebJamesDeLisl - (14:42): :) That's really our strong point. | ||
339 | CalebJamesDeLisl - (14:43): One day (when I'm old and gray) I'll write a BBcode parser. That would be cool. | ||
340 | lucaa left at 14:43 (Quit: Leaving. | ||
341 | lucaa joined #xwiki at 14:43 | ||
342 | jvelo left at 14:59 (Read error: Connection reset by peer | ||
343 | sburjan_ left at 15:00 (Ping timeout: 240 seconds | ||
344 | jvelo joined #xwiki at 15:03 | ||
345 | abusenius - (15:07): now it exeeds max fan-out complexity -_- | ||
346 | lucaa - (15:08): hi guys | ||
347 | lucaa - (15:08): where is xwiki initializing the plugins? | ||
348 | lucaa - (15:09): the ones configured int xwiki.cfg | ||
349 | vmassol - (15:09): XWiki.java | ||
350 | vmassol - (15:09): (I think) | ||
351 | vmassol - (15:09): checking | ||
352 | lucaa - (15:10): xwiki.java has 5000 lines of code :) | ||
353 | vmassol - (15:10): preparePlugins | ||
354 | vmassol - (15:10): in XWiki.java | ||
355 | vmassol - (15:10): line 1127 | ||
356 | lucaa - (15:11): ok. thanks | ||
357 | florinciu joined #xwiki at 15:13 | ||
358 | vmassol - (15:21): tmortagne and all: wdy about removing all our remote repo definitions in our pom.xml and instead configuring our nexus instance to proxy them? It would have several benefits but one of them is speed and caching | ||
359 | vmassol - (15:22): (for ex rtight now the jboss remote repo isn't answering so it's a pain to wait for the timeout) | ||
360 | jvelo - (15:22): +1 | ||
361 | vmassol - (15:23): the definition of remote repos shouldn't be in the pom.xml as a best practice | ||
362 | vmassol - (15:23): ok I'll try to configure this | ||
363 | tmortagne - (15:23): sounds good (when you don't have nexus you don't have much choice ;)) | ||
364 | vmassol - (15:23): I've noticed the pb while in Algeria where the internet connection wasn't good | ||
365 | vmassol - (15:23): tmortagne: you edit your settigns.xml | ||
366 | tmortagne - (15:24): then it's a pain for users | ||
367 | tmortagne - (15:24): to build | ||
368 | vmassol - (15:24): well they need to do that nayway | ||
369 | vmassol - (15:24): anyway | ||
370 | vmassol - (15:24): to add the xwiki remote repo | ||
371 | vmassol - (15:24): and it's the maven way | ||
372 | tmortagne - (15:24): yep but these repo are used by every single maven module of Xwiki | ||
373 | vmassol - (15:24): did you know that projects that have repos defined in pom.xml are not allowed to be put in the central repo | ||
374 | vmassol - (15:24): ? | ||
375 | tmortagne - (15:25): vmassol: makes sense since they are supposed to have all there dependencies in the central repo | ||
376 | tmortagne - (15:25): but when we depends on something that is not on central repo anyway event if we don't put the repo in the pom it's not valid eiother | ||
377 | abusenius - (15:32): hmm, I need to split AbstractScriptMacro because max class fan-out check fails, is it ok to extract a AbstractNotNestableMacro superclass? | ||
378 | abusenius - (15:32): tmortagne? | ||
379 | tmortagne - (15:33): abusenius: you mean extends a AbstractNotNestableMacro in AbstractScriptMacro ? | ||
380 | abusenius - (15:33): yes | ||
381 | abusenius - (15:34): and AbstractNotNestableMacro extends AbstractMacro | ||
382 | tmortagne - (15:34): how AbstractNotNestableMacro knows what parent macro it's supposed to filter ? | ||
383 | tmortagne - (15:34): could be usefiull to have AbstractNotNestableMacro for other use case if it's clean and not not contains anything about script | ||
384 | tmortagne - (15:34): so yes that would make sense | ||
385 | abusenius - (15:35): it would just have the method to check for nested macros | ||
386 | abusenius - (15:35): use MAcroManager to get the macro by id | ||
387 | tmortagne - (15:35): now maybe you need a component instead of an abstract | ||
388 | tmortagne - (15:36): if it's only tool methods in it | ||
389 | abusenius - (15:36): hm | ||
390 | abusenius - (15:36): well, this would also work I guess | ||
391 | mariusbutuc joined #xwiki at 15:46 | ||
392 | sburjan joined #xwiki at 16:14 | ||
393 | plunden left #xwiki at 16:39 | ||
394 | florinciu left at 16:45 (Quit: Leaving. | ||
395 | abusenius - (16:53): tmortagne, why a component and not just an internal util class? its not very useful elsewhere | ||
396 | evalica left at 16:54 (Quit: Leaving. | ||
397 | tmortagne - (16:55): abusenius: you choose :) | ||
398 | abusenius - (16:59): I choose to keep it simple :) | ||
399 | abusenius - (17:01): added updated patch to XWIKI-5223 | ||
400 | abusenius - (17:02): CalebJamesDeLisl: ping | ||
401 | CalebJamesDeLisl - (17:02): Ok, looking... | ||
402 | CalebJamesDeLisl - (17:06): Maybe we should have a "public" issue for this a comment containing 5223 won't help lay code readers. | ||
403 | CalebJamesDeLisl - (17:07): Is this code tested? | ||
404 | abusenius - (17:08): probably, afair Sergiu was talking about adding a public version of issues some time ago | ||
405 | abusenius - (17:08): yes | ||
406 | abusenius - (17:08): there are even tests :) | ||
407 | CalebJamesDeLisl - (17:09): AFAIK @Requirement doesn't work when the class is instantiated with "new" | ||
408 | abusenius - (17:10): where does this happen? | ||
409 | CalebJamesDeLisl - (17:11): MacroUtils | ||
410 | CalebJamesDeLisl - (17:11): private ScriptMacroUtils scriptUtils = new ScriptMacroUtils(); | ||
411 | abusenius - (17:11): (rerunning tests) | ||
412 | tmortagne - (17:11): yep no way @Requirement would work if not initialized by component manager | ||
413 | abusenius - (17:12): strange, it worked somehow last time I checked | ||
414 | abusenius - (17:12): maybe I again forgot to build something | ||
415 | CalebJamesDeLisl - (17:15): XWIKI-5275 | ||
416 | CalebJamesDeLisl - (17:17): I like that design much better. | ||
417 | CalebJamesDeLisl - (17:18): :D | ||
418 | CalebJamesDeLisl - (17:19): Do you have an old computer kicking around? | ||
419 | abusenius - (17:19): and huge RAM disk please | ||
420 | abusenius - (17:19): no, its a core 2 duo actually | ||
421 | CalebJamesDeLisl - (17:20): Was going to say if you have an old computer which isn't doing anything you can set up a network, ssh in to it and compile there. | ||
422 | abusenius - (17:21): well, this wouldnt be much faster | ||
423 | abusenius - (17:21): actually even slower | ||
424 | CalebJamesDeLisl - (17:21): Did you do the test trick? | ||
425 | abusenius - (17:22): still recompiling | ||
426 | CalebJamesDeLisl - (17:23): In xwiki-core/pom.xml: | ||
427 | CalebJamesDeLisl - (17:23): - <forkMode>pertest</forkMode> | ||
428 | CalebJamesDeLisl - (17:23): + <argLine>-Xmx1024m</argLine> | ||
429 | CalebJamesDeLisl - (17:23): That speeds it up a couple of minutes. | ||
430 | abusenius - (17:25): my slow disk might be the cause (laptop) | ||
431 | CalebJamesDeLisl - (17:25): Disk shouldn't be any slower than others, is it solid state? | ||
432 | abusenius - (17:26): no | ||
433 | abusenius - (17:26): hm, ok NP exception | ||
434 | abusenius - (17:26): well its 5400 | ||
435 | CalebJamesDeLisl - (17:27): All my disks are 5400 but their big. | ||
436 | mariusbutuc left #xwiki at 17:27 | ||
437 | CalebJamesDeLisl - (17:28): You could instantiate ScriptMacroUtils with the dependency. | ||
438 | tmortagne - (17:28): or make it an internal component | ||
439 | tmortagne - (17:28): (O:-)) | ||
440 | CalebJamesDeLisl - (17:29): There's a concept of internal components without public api? | ||
441 | tmortagne - (17:29): yep, just put the api in internal :) | ||
442 | tmortagne - (17:29): or you can alos have no api i think | ||
443 | tmortagne - (17:30): have the ^componenet and ^componenetRole in teh same place | ||
444 | tmortagne - (17:30): that should work | ||
445 | CalebJamesDeLisl - (17:30): That sounds like the best solution for this. | ||
446 | tmortagne - (17:30): i don't think @componentRole has to be an interface | ||
447 | abusenius - (17:34): trying... | ||
448 | silviar left at 17:35 (Read error: Connection reset by peer | ||
449 | vmassol - (17:36): tmortagne: hmm I can't find org.jboss.cache:jbosscache-core:jar:3.2.4.GA in remote repos. It's supposed to be in the jboss one I guess but I can't find it there. Any idea? http://repository.jboss.org/maven2/org/jboss/ | ||
450 | tmortagne - (17:36): vmassol: yep it's supposed to be in jboss repository i think | ||
451 | tmortagne - (17:36): checking | ||
452 | vmassol - (17:36): http://repository.jboss.org/maven2/org/jboss/cache/jbosscache-core/ | ||
453 | vmassol - (17:37): there are other versions but not this one | ||
454 | tmortagne - (17:41): vmassol: https://repository.jboss.org/nexus/content/groups/public/org/jboss/cache/jbosscache-core/3.2.4.GA/ | ||
455 | tmortagne - (17:41): looks like that's not the sames repos after all | ||
456 | jvelo - (17:41): tmortagne, can you check your m2 repos size ? | ||
457 | vmassol - (17:41): tmortagne: indeed | ||
458 | jvelo - (17:41): (so we get an idea what we would need for nexus) | ||
459 | tmortagne - (17:42): https://repository.jboss.org/nexus/content/groups/public/ is the one documented on jbosscache website | ||
460 | tmortagne - (17:42): make me found theree is a 3.2.5 :) | ||
461 | vmassol - (17:42): I switched nexus to this one but it's still not working maybe it needs some time | ||
462 | vmassol - (17:42): yes saw that too | ||
463 | vmassol - (17:42): :) | ||
464 | tmortagne - (17:43): it's working well for me | ||
465 | tmortagne - (17:43): or i don't understand what you mean by it's not working | ||
466 | vmassol - (17:43): you're using the nexus as youre remote repo? | ||
467 | vmassol - (17:43): xwiki nexus | ||
468 | vmassol - (17:43): arf | ||
469 | tmortagne - (17:43): in the xwiki cache pom.xml yes | ||
470 | vmassol - (17:43): my bad, I put a wrong url | ||
471 | tmortagne - (17:44): i'm using what JBoss cache tell me to use actually | ||
472 | vmassol - (17:44): ok we're not talking about thr same thing | ||
473 | vmassol - (17:44): son't worry | ||
474 | vmassol - (17:44): s/son't/don't/ | ||
475 | abusenius - (17:55): mixing Component and ComponentRole doesnt seem to work | ||
476 | abusenius - (18:05): ok, should work now ^^ | ||
477 | CalebJamesDeLisl - (18:12): Looks good from here. Lunch time though. | ||
478 | vmassol - (18:13): sburjan: for copy you need to add a warning explaining that it currently requires PR | ||
479 | vmassol - (18:13): and link to the jira issue | ||
480 | sburjan - (18:13): PR ? | ||
481 | sburjan - (18:14): rights ? | ||
482 | vmassol - (18:14): http://jira.xwiki.org/jira/browse/XSCOLIBRI-209 and http://jira.xwiki.org/jira/browse/XWIKI-5081 | ||
483 | vmassol - (18:14): PR = programming rights | ||
484 | sburjan - (18:14): okay.. I'll mention that | ||
485 | vmassol - (18:15): re Print it's in the Action menu for colibri | ||
486 | sburjan - (18:15): I don;t know exactly how or what PR is | ||
487 | sburjan - (18:15): just give me 5 minute | ||
488 | sburjan - (18:15): i hase still more 5 images to upload | ||
489 | vmassol - (18:15): IMO you should split Print section into 2: Print + Exports | ||
490 | vmassol - (18:15): ok | ||
491 | vmassol - (18:15): np | ||
492 | sburjan - (18:15): and the .. i'll tell when to take a looke | ||
493 | vmassol - (18:15): I'll read later | ||
494 | vmassol - (18:15): :) | ||
495 | vmassol - (18:16): thanks | ||
496 | sburjan - (18:16): okay.. so Print for Toucan and Explort for Colibri ? | ||
497 | vmassol - (18:16): for export yes | ||
498 | sburjan - (18:16): okay | ||
499 | vmassol - (18:16): for print no | ||
500 | sburjan - (18:16): stored | ||
501 | jvelo - (18:16): Hi CalebJamesDeLisl | ||
502 | mflorea left at 18:17 (Quit: Leaving. | ||
503 | jvelo - (18:18): ping me when you are back, I'd like to discuss couple of things re the invitation app | ||
504 | tmortagne - (18:18): vmassol: you have a non passing test, see http://hudson.xwiki.org/job/xwiki-platform-core/org.xwiki.platform$xwiki-core-velocity/6115/testReport/org.xwiki.velocity.internal.jmx/JMXVelocityEngineTest/testGetTemplates/ | ||
505 | vmassol - (18:18): checking thanks | ||
506 | vmassol - (18:19): initially I thoguht it was because the mgmt module wasn't built | ||
507 | vmassol - (18:19): but it seems it's not for that reason | ||
508 | tmortagne left at 18:25 (Quit: Leaving. | ||
509 | sburjan - (18:33): vmassol : done with images | ||
510 | sburjan - (18:33): now moving to content | ||
511 | vmassol - (18:34): sburjan: "Simply click on the link to resolve the error.". It's not really an error. It's a wanted link | ||
512 | sburjan - (18:35): "Simply click on the link to add one: | ||
513 | sburjan - (18:35): "Simply click on the link to add one" | ||
514 | vmassol - (18:35): to create the page | ||
515 | sburjan - (18:35): "Simply click on the link to create the non-existing page" | ||
516 | vmassol - (18:36): "Simply click on the link to create the page." | ||
517 | vmassol - (18:36): I'll let you do the text | ||
518 | vmassol - (18:36): and I can review after | ||
519 | vmassol - (18:36): thanks | ||
520 | sburjan - (18:39): I didn't understand pretty well | ||
521 | sburjan - (18:39): when you said about spliting PRINT and EXPORT | ||
522 | vmassol - (18:39): they are 2 differnet features | ||
523 | vmassol - (18:39): right? | ||
524 | sburjan - (18:39): in Colibri it's called Export, in Toucan it's callen Print | ||
525 | sburjan - (18:39): nop | ||
526 | sburjan - (18:39): same action | ||
527 | vmassol - (18:39): no | ||
528 | vmassol - (18:40): think from a user point of view | ||
529 | vmassol - (18:40): printing is different from exporting | ||
530 | sburjan - (18:40): well they both export | ||
531 | sburjan - (18:40): even if in toucan it's written Print | ||
532 | vmassol - (18:40): grrrr | ||
533 | vmassol - (18:40): toucan was wrong | ||
534 | vmassol - (18:40): that's why it was fixed in colibri | ||
535 | vmassol - (18:40): :) | ||
536 | sburjan - (18:40): so what can I do :) | ||
537 | sburjan - (18:41): do you want the change the text from Toucan tfrom Print to Export ? | ||
538 | vmassol - (18:41): for printing: | ||
539 | vmassol - (18:41): let me start again | ||
540 | vmassol - (18:41): we need 2 sections | ||
541 | vmassol - (18:41): one for printing | ||
542 | vmassol - (18:41): one for exporting | ||
543 | vmassol - (18:41): same as we have sections for editing, renaming, etc | ||
544 | vmassol - (18:41): in the printing section you explain how to print using both skins | ||
545 | vmassol - (18:42): in the exporting section you explain how to export using both skins | ||
546 | sburjan - (18:42): you're refering more exactly to the Prin Preview Feature from both skins ? | ||
547 | sburjan - (18:42): *Print | ||
548 | vmassol - (18:42): I'm referrring to printing and exporting | ||
549 | vmassol - (18:43): for the printing part, yes I'm referring to print preview | ||
550 | sburjan - (18:43): okay, I see | ||
551 | sburjan - (18:43): in Toucan Export and Print are under the same menu, under Colibri they are not. and I will make 2 categories, describing for both skins | ||
552 | vmassol - (18:43): in toucan for the print feature, there are 2 actions: | ||
553 | vmassol - (18:43): - print | ||
554 | vmassol - (18:43): - print preview | ||
555 | vmassol - (18:43): in colibri for the print feautre, there's one action | ||
556 | vmassol - (18:43): - print preview | ||
557 | vmassol - (18:44): I'm not sure why we removed the print action in colibr, you'd need to ask sdumitriu | ||
558 | sburjan - (18:45): I will | ||
559 | sdumitriu - (18:45): Print as in print to a real printer? | ||
560 | vmassol - (18:45): yes, as in opens the print dialog box of the browser | ||
561 | sburjan - (18:45): I can't find normal print in toucan | ||
562 | sburjan - (18:45): only Print Preview | ||
563 | sburjan - (18:45): same as in Colibri | ||
564 | vmassol - (18:46): sburjan: http://platform.xwiki.org/xwiki/bin/download/Features/DocumentLifecycle/PrintToucan.PNG | ||
565 | vmassol - (18:46): ? Print: Calls you're browser's Print feature to print the current page | ||
566 | vmassol - (18:46): ? Print Preview: Generates a page which is formatted so that it can be easily printed using your browser's Print feature. | ||
567 | sburjan - (18:46): that's Print Preview | ||
568 | vmassol - (18:46): there are 2 links | ||
569 | vmassol - (18:46): check the image | ||
570 | sburjan - (18:46): but NOT user friendly to have to click on the parent button to print and on the child (Print Preview) button to preview | ||
571 | jvdrean left at 18:47 (Quit: Leaving. | ||
572 | sburjan - (18:47): it's not intuitive | ||
573 | sburjan - (18:47): IMO | ||
574 | vmassol - (18:47): you've lost me | ||
575 | sburjan - (18:47): on the link you gave me | ||
576 | sburjan - (18:48): you have next options: Print Preview, Exportas PDF, Export as RTF, Export as HTML, Export as XAR | ||
577 | sburjan - (18:48): true ? | ||
578 | sburjan - (18:49): and in order to actually PRINT the page, you have to click the PRINT button (the category button), aka the Father button of the menu | ||
579 | vmassol - (18:49): no | ||
580 | vmassol - (18:49): I see "Print", "Print preview", etc | ||
581 | sburjan - (18:49): I don't see Print | ||
582 | KermitTheFragger left at 18:50 (Quit: Leaving | ||
583 | CalebJamesDeLisl - (18:50): jvelo: Back | ||
584 | sburjan - (18:50): I see Prind .. and that is a drop-down menu. If I click on that, the Print Windows appears | ||
585 | sburjan - (18:51): it's not too suggestive to have them separated (one being parent, and previwes as child) | ||
586 | vmassol - (18:51): wait | ||
587 | sburjan - (18:51): do you understand what am I saying ? | ||
588 | vmassol - (18:51): I'm talking about sub menu items | ||
589 | sburjan - (18:51): i don;t have a mic.. if I had I would had skyped you | ||
590 | vmassol - (18:51): not the top level menu itself | ||
591 | sburjan - (18:51): yes.. i have NO Print submenu, ONLY Print Preview | ||
592 | vmassol - (18:52): there are 6 sub menu items | ||
593 | vmassol - (18:52): http://platform.xwiki.org/xwiki/bin/download/Features/DocumentLifecycle/PrintToucan.PNG | ||
594 | sburjan - (18:52): I have only 5 | ||
595 | sburjan - (18:52): Yes .. only 5 | ||
596 | vmassol - (18:52): we need someone else to look at that image :) | ||
597 | sburjan - (18:52): wail | ||
598 | sburjan - (18:53): I'll create a JPEG screenshot of what I see | ||
599 | jvelo - (18:53): CalebJamesDeLisl, cool. I've downloaded latest snapshot of XE to test the invitation app | ||
600 | jvelo - (18:54): my first remark is that the i18n resources appear missing | ||
601 | vmassol - (18:54): sburjan: I've tested in real and the latest toucan doesn't have the print menu item as shown on the image | ||
602 | CalebJamesDeLisl - (18:54): jvelo: They are in a document bundle. | ||
603 | jvelo - (18:55): ok. it means we need to add them automatically in XWiki.Preferences, or move them to xwiki-core resources.properties | ||
604 | CalebJamesDeLisl - (18:55): But now that you mention it, development seems to have slowed down enough that I can put them into the hard coded .properties file | ||
605 | jvelo - (18:55): yep | ||
606 | vmassol - (18:55): sburjan: so the toucan image is not up to date anyway | ||
607 | vmassol - (18:56): but in any case in toucan there are print actions: printing for real and print preview | ||
608 | vmassol - (18:56): while in colibri there's only one | ||
609 | jvelo - (18:56): besides that, I find it odd that nowhere in the Invitation.WebHome UI you explain what the application is about | ||
610 | CalebJamesDeLisl - (18:56): You can get them by putting Invitation.InvitationDocumentBundle into XWikiPreferences | ||
611 | sburjan - (18:57): vmassol : the picture you are seeing, It's created using LATEST snapshot from today ... 20 minutes ago | ||
612 | jvelo - (18:57): like a 1-line on top of the form that says "Use this to invite your friends or coworkers to use this wiki, etc etc." | ||
613 | abusenius left at 18:57 (Ping timeout: 252 seconds | ||
614 | sburjan - (18:57): XWiki Enterprise 2.4-SNAPSHOT.29458 | ||
615 | vmassol - (18:57): sburjan: then it's a cache issue | ||
616 | CalebJamesDeLisl - (18:57): Ok, that makes sense. Maybe we should put it to a UI specialist. | ||
617 | vmassol - (18:57): yes it is | ||
618 | vmassol - (18:58): seems like you replaced the old image with a new one | ||
619 | sburjan - (18:58): yeas.. the new one is taken usingthe latest version | ||
620 | jvelo - (18:58): BTW how does it work when guest is not allow to register ? | ||
621 | sburjan - (18:58): i cleared the cache of my browser, and It looks the same as before | ||
622 | jvelo - (18:58): you can still invite people ? | ||
623 | jvelo - (18:59): can you "deactivate" the UI? | ||
624 | CalebJamesDeLisl - (18:59): jvelo: Yup, there's a test to prove it :) | ||
625 | CalebJamesDeLisl - (18:59): deactivate? | ||
626 | jvelo - (18:59): who can send invitations? | ||
627 | jvelo - (18:59): all users or only admins? | ||
628 | CalebJamesDeLisl - (19:00): Anyone who had view access on Invitation.WebHome (registered users) | ||
629 | jvelo - (19:00): ok | ||
630 | jvelo - (19:00): maybe it could be an Admin feature as a default setting (I don't know - just asking) | ||
631 | jvelo - (19:01): why is the SMTP settings duplicated from the general one BTW? | ||
632 | sburjan - (19:01): vmassol : i'll talk to sdumitriu when he will be around | ||
633 | CalebJamesDeLisl - (19:02): jvelo: Because 1. you might want to send through a different server, different username, etc. 2. xpmail7 | ||
634 | jvelo - (19:03): ok. maybe we could provide a link from one to another, so that pple know there's more | ||
635 | vmassol - (19:03): CalebJamesDeLisl: so if the settings is not set it uses the default ones? | ||
636 | CalebJamesDeLisl - (19:03): Correct. I need to document this better. | ||
637 | jvelo - (19:04): CalebJamesDeLisl, I have a display issue on FF / ubuntu in the Invitation section of the Administration section | ||
638 | jvelo - (19:05): I'm uploading a screenshot | ||
639 | CalebJamesDeLisl - (19:05): What is it? | ||
640 | jvelo - (19:05): labels are not aligned with their inputs, at some point in the form | ||
641 | sburjan - (19:05): I'm going out .. see ya tomorrow. vmassol .. don't be angry, we'll clarify the situation tomorrow | ||
642 | vmassol - (19:06): np | ||
643 | CalebJamesDeLisl - (19:06): Ok, I have been working on the alignment issue. It's an administration app issue. | ||
644 | jvelo - (19:06): CalebJamesDeLisl, last thing for now:) It could be nice to intercept the clicks on links on the preview email | ||
645 | jvelo - (19:07): (in JS) | ||
646 | jvelo - (19:07): right now when you click the accept link, you land on an error page | ||
647 | jvelo - (19:07): ok, cool | ||
648 | jvelo - (19:07): no need for my screenshot then | ||
649 | CalebJamesDeLisl - (19:07): Ahh, I will pretty up a lot of things when I start js. | ||
650 | CalebJamesDeLisl - (19:07): For now it works in IE! (because it has no js) ;) | ||
651 | CalebJamesDeLisl - (19:08): jvelo: Feel free to report issues on the XAINVITATION project. | ||
652 | jvelo - (19:08): hehe | ||
653 | jvelo - (19:09): OK. | ||
654 | CalebJamesDeLisl - (19:11): Anyone have any comments on this: http://jira.xwiki.org/jira/secure/attachment/17394/XWIKI-5223-forbid-nested-scripts-fix-updated-working.patch | ||
655 | jvelo - (19:17): got to go for now. bbl | ||
656 | CalebJamesDeLisl - (19:17): see ya. | ||
657 | vmassol1 joined #xwiki at 19:18 | ||
658 | lucaa left at 19:19 (Ping timeout: 265 seconds | ||
659 | vmassol left at 19:20 (Ping timeout: 240 seconds | ||
660 | abusenius joined #xwiki at 19:21 | ||
661 | sburjan left at 19:24 (Ping timeout: 248 seconds | ||
662 | CalebJamesDeLisl - (19:27): I have a piece which allows us to set the order of the 1.0 renderers. | ||
663 | CalebJamesDeLisl - (19:27): xwiki.render.renderingorder=macromapping, groovy, velocity, plugin, wiki, wikiwiki | ||
664 | CalebJamesDeLisl - (19:27): Like that in the .cfg file. | ||
665 | jvelo left at 19:29 (Ping timeout: 276 seconds | ||
666 | arkub left at 19:48 (Ping timeout: 258 seconds | ||
667 | abusenius - (20:54): CalebJamesDeLisl: have tried to look whether this patch breaks something in the default installation of XE? | ||
668 | CalebJamesDeLisl - (20:54): Have I? | ||
669 | abusenius - (20:55): yes :) | ||
670 | CalebJamesDeLisl - (20:55): The syntax 1 patch? | ||
671 | abusenius - (20:55): yes | ||
672 | CalebJamesDeLisl - (20:55): I haven't but I don't think it will. | ||
673 | CalebJamesDeLisl - (20:55): The list of docs in syntax1 is pretty small and that's a very odd use case. | ||
674 | CalebJamesDeLisl - (20:58): There is a code snippet which it will break but whoever wrote that was an idiot http://code.xwiki.org/xwiki/bin/view/Snippets/ReplaceWordsWithLinksSnippet | ||
675 | abusenius - (21:00): only applications/workstream/src/main/resources/Workstream/Service.xml seems to contain <% | ||
676 | CalebJamesDeLisl - (21:00): hey good thinking. | ||
677 | abusenius - (21:00): grep rules :) | ||
678 | CalebJamesDeLisl - (21:02): find -exec grep. | ||
679 | abusenius - (21:02): is there any other way to use groovy in syntax 1? | ||
680 | CalebJamesDeLisl - (21:02): Nope. that was a good idea making the groovy char an xml entity. | ||
681 | CalebJamesDeLisl - (21:02): find ./wiki/ -name '*.xml' -exec grep '<%' {} \; -print | ||
682 | abusenius - (21:02): nope, fgrep '<%' ((*~target)/)#* | ||
683 | abusenius - (21:02): zsh rules too | ||
684 | CalebJamesDeLisl - (21:03): in enterprise, the only thing that shows up is XWikiSyntax which is snytax2 | ||
685 | CalebJamesDeLisl - (21:04): Hah, same for manager. Looks like where good. | ||
686 | CalebJamesDeLisl - (21:04): *we're | ||
687 | CalebJamesDeLisl - (21:05): What's better about zsh than bash? | ||
688 | abusenius - (21:07): everything :) | ||
689 | abusenius - (21:07): it has e.g. interactive mode | ||
690 | abusenius - (21:07): for completion | ||
691 | CalebJamesDeLisl - (21:08): like hitting tab? | ||
692 | abusenius - (21:08): so if you type say /<TAB> you dont just see what directories are there, you can go throudh them with arrows or tab | ||
693 | abusenius - (21:08): yes | ||
694 | abusenius - (21:09): same for command line arguments etc. | ||
695 | abusenius - (21:09): kill -9 firefo<TAB> | ||
696 | abusenius - (21:09): transforms firefox into its pid | ||
697 | CalebJamesDeLisl - (21:09): ok that's nice. | ||
698 | abusenius - (21:10): also extended globbing, like **/*(#q.) for all files in all subdirectories | ||
699 | abusenius - (21:10): (just files) | ||
700 | abusenius - (21:10): #q/ are directores, #q@ symlinks | ||
701 | abusenius - (21:10): and it doesnt look into hidded dirs like .svn | ||
702 | abusenius - (21:11): *hidden | ||
703 | abusenius - (21:11): and everything is configurable | ||
704 | CalebJamesDeLisl - (21:11): I've been just discovering the ridiculous things you can do with ` | ||
705 | abusenius - (21:11): I have current git branch displayed in prompt :) | ||
706 | CalebJamesDeLisl - (21:12): I have to get back to playing with git soon. | ||
707 | abusenius - (21:12): and part of the path that is in repository highlighted in the right prompt | ||
708 | CalebJamesDeLisl - (21:12): Sounds like emacs. | ||
709 | abusenius - (21:12): yea, or vim | ||
710 | abusenius - (21:13): I have vim mode in command line, you press escape and can use vim shortcuts | ||
711 | abusenius - (21:13): something like this is also possible in bash, but more limited | ||
712 | abusenius - (21:13): (and emacs mode works too) | ||
713 | CalebJamesDeLisl - (21:14): Well emacs has a shell of it's own. | ||
714 | abusenius - (21:14): its an operating system :) | ||
715 | CalebJamesDeLisl - (21:14): http://24.media.tumblr.com/3REj7E7az6jdx5ssrgpEzH8L_500.jpg | ||
716 | CalebJamesDeLisl - (21:15): I always thought that described emacs well. | ||
717 | abusenius - (21:15): :D | ||
718 | abusenius - (21:15): do you know this: http://xkcd.com/378/ ? | ||
719 | abusenius - (21:16): the've implemented this feature in emacs :) | ||
720 | CalebJamesDeLisl - (21:16): yup. I like this one http://xkcd.com/404/ | ||
721 | abusenius - (21:17): xkcd is cool :) | ||
722 | CalebJamesDeLisl - (21:17): meh, it's ok. | ||
723 | abusenius left at 21:18 (Quit: Konversation terminated! | ||
724 | abusenius joined #xwiki at 21:18 | ||
725 | CalebJamesDeLisl - (21:19): Nice reboot time. | ||
726 | abusenius - (21:21): no, my connection lives its own life | ||
727 | CalebJamesDeLisl - (21:22): Hmm that didn't look like a connection drop. Wifi? | ||
728 | abusenius - (21:22): yes | ||
729 | abusenius - (21:22): reconnects from time to time for no particular reson | ||
730 | CalebJamesDeLisl - (21:23): Did you hear about the latest wifi hack? You set up a router with internet access, people connect to it, sniff their data, MITM etc. | ||
731 | CalebJamesDeLisl - (21:24): It works great because windows, mac, ubuntu will connect to any wifi they find. | ||
732 | CalebJamesDeLisl - (21:25): Supposedly it works with security because nobody was thinking about authenticating the router. | ||
733 | abusenius - (21:25): hm, sounds more like social ingenering | ||
734 | abusenius - (21:26): if you find a free open wifi it doesnt mean you should do online banking over it :) | ||
735 | CalebJamesDeLisl - (21:28): Actually MITM is (sort of) blocked by the CA's sort of... | ||
736 | CalebJamesDeLisl - (21:29): The other attack though is if it's a windows box, check the infamous port 443. | ||
737 | CalebJamesDeLisl - (21:29): and attach PDF ruin to every webpage they load. | ||
738 | abusenius - (21:29): have you heard of a "cookie monster" attack? | ||
739 | CalebJamesDeLisl - (21:29): hah, nope. | ||
740 | abusenius - (21:30): its cool, if somebody is browsing over https and cookies doesnt have secure flag set | ||
741 | abusenius - (21:31): you can inject a fake image on http://bank.com/ and the browser will send cookies in plaintext | ||
742 | abusenius - (21:31): (into some other http responce) | ||
743 | abusenius - (21:32): then sniff cookies, impersonate | ||
744 | CalebJamesDeLisl - (21:32): I thought cookies would fail for domain if it was https instead of http. | ||
745 | CalebJamesDeLisl - (21:33): "inject a fake image" messing with dns? | ||
746 | abusenius - (21:33): seems to work for some reason | ||
747 | abusenius - (21:34): no, if youre in the same network, just answer faster than the server | ||
748 | CalebJamesDeLisl - (21:36): So you're answering a call to http://bank.com? | ||
749 | CalebJamesDeLisl - (21:36): The browser must then make a call to http:// and not https:// | ||
750 | abusenius - (21:37): e.g. https://bank.com/ in one tab and google in another | ||
751 | CalebJamesDeLisl - (21:38): do you read rsnake's blog? | ||
752 | abusenius - (21:38): you inject http://bank into google responce, browser will try to load it - boom | ||
753 | abusenius - (21:39): no | ||
754 | abusenius - (21:39): hm, looks interesting | ||
755 | CalebJamesDeLisl - (21:45): Ok, got it, you're adding <img> tags to the http site which pull (nonexistant) images from the bank in http mode. | ||
756 | abusenius - (21:48): exactly | ||
757 | CalebJamesDeLisl - (21:48): Still you need to be in their network. | ||
758 | CalebJamesDeLisl - (21:49): The Kaminsky attack doesn't really work because everyone's looking for it and everyone pretty much knows that .org is not hosted on somebody's dsl line. | ||
759 | CalebJamesDeLisl - (21:50): And the cool kids use opendns. | ||
760 | abusenius - (21:51): yes, but many people do online banking over free unencrypted wifi | ||
761 | CalebJamesDeLisl - (21:54): Well, you can also attack their software and get their info that way. | ||
762 | CalebJamesDeLisl - (21:55): the ancient pdf buffer overflow comes to mind but there must be other stuff you can do to a browser. | ||
763 | CalebJamesDeLisl - (21:57): Something I've never figured out is what do people do with stolen bank information? | ||
764 | abusenius - (21:58): I guess fraud | ||
765 | abusenius - (21:58): buying something on the wrong name | ||
766 | abusenius - (21:59): or send a fake bill, with correct data it will look very convincing | ||
767 | CalebJamesDeLisl - (22:00): You never hear about anybody losing money and not getting it back though. | ||
768 | CalebJamesDeLisl - (22:00): I'm convinced they hold it for ransom in exchange for fat checks from the bank which had an unencrypted database ;) | ||
769 | abusenius - (22:01): probably :) | ||
770 | abusenius - (22:01): there was a nice talk about stuff like that on FOSDEM | ||
771 | CalebJamesDeLisl - (22:01): So look for banks which hired do-nothing security managers with high pay and low hours. | ||
772 | abusenius - (22:03): http://fosdem.org/2010/schedule/events/eviloninternet | ||
773 | CalebJamesDeLisl - (22:13): Hmm, interesting. We have to worry about the site getting hit and turned into phishing pages. | ||
774 | lucaa joined #xwiki at 22:35 | ||
775 | vmassol1 left at 22:50 (Quit: Leaving. | ||
776 | mflorea joined #xwiki at 22:53 | ||
777 | florinciu joined #xwiki at 22:53 | ||
778 | mflorea left at 23:25 (Quit: Leaving. | ||
779 | Freud_ joined #xwiki at 23:41 | ||
780 | Freud_ - (23:44): is $doc.getSpace and $doc.GetName variables from Xwiki core or a plugin? And if it's from core, is there a similar variable go $doc.GetUrl or someplace I can find these variables? | ||
781 | Freud_ - (23:45): I found them within the SendPageByEmail application, but i'd like to modify it to send only the link... | ||
782 | florinciu left at 23:50 (Read error: Connection reset by peer | ||
783 | CalebJamesDeLisl - (23:51): Freud_: Have a look at: http://platform.xwiki.org/xwiki/bin/view/DevGuide/Scripting | ||
784 | CalebJamesDeLisl - (23:51): $doc is a binding to the current document. | ||
785 | CalebJamesDeLisl - (23:52): Document is part of the core. | ||
786 | Freud_ - (23:58): cool |