Posts by: juergen

Posts: 1390
Post: 11052
Topic: Cookies

Ah, I see. Well, this info panel shows which cookies are and were set.

So, cookie_cmd was set but it's also already deleted (see it's content and invalidation date).

The Developer Tools are better suited to see which cookies actually exist.

1 year ago
Post: 11050
Topic: What does it mean to store data in flat files?

Hi Andreas and welcome to the forum.

I am not sure I understand what it means to store data into flat files.

Instead of writing (all sorts of) data to a database, Typesetter will use the file system, namely the /data directory and its subdirs.
In general, Typesetter will write php files containing arrays to store everything via some dedicated classes and methods.
But of course it's up to a plugin developer to use different file types or even a database, if it makes sense.
 

Does this mean that other people can access these data, …

Generally no. If you use php arrays stored via Typesetter's save methods, nobody will have direct (raw) access, not even a logged-in admin.
It's all up to the plugin/api code how your data will be used, rendered or exposed to others.
Basically, Typesetter is a single-entry-point appllication (with only one exception - but that doesn't matter here).
 

…and I don't have fully control of what data is public?

You have full control. Of course you can make arbitrary data public accessible, either by responding to certain requests or create raw files (json, xml, html, you name it)

But will the API secret keys that is stored in the PHP code then be able to access by other users, that don't have access to my webserver?

No they will not be able to access them.

A simple example, how Typesetter data files typically look like, e.g. a plugin config in

/data/_addondata/MyPlugin/config.php

<?php
defined('is_running') or die('Not an entry point...');

$mydata = array(
  'apikey_1' => 'cew4hjoifjhvg934u3rethgw4',
  […]
);

If I understood your plan correctly, your plugin would then read the config, use the key to fetch data from a 3rd-party API, process / format / output the results (or provide them in a different way)

1 year ago
Post: 11048
Topic: Cookies

But even when calling your site ("Typesetter Addons") the cookie appears …

Funnily, I do not. At least I cannot see it in the web storage of any browser. Maybe because it gets deletetd immediately.
How do you check it?

… (even without any login)

Well, I hope so :-)

1 year ago
Post: 11046
Topic: Cookies

The 'cookie_cmd' cookie is used to remember form post data in cases where a page needs a reload/redirect (via JS).
It actually shouldn't survive but get deleted immediately upon the page reload, but there may be cases where this doesn't work (see Josh's comment here)

AFAIK it will only be set in the admin part (for logged-in users) but I'm not completely certain about it.

Although it does not store any personal data, from the GDPR ( DSGVO) perspective, that's nothing a visitor would have to check.
Since the cookie contains 'cryptic stuff' such as the post nonce – which is quite a long random hash – the visitor cannot know what this value actually stands for, what it stores and if it can be used to track him.

Therefore, if the cookie persists I'd mention it in your data privacy statement, just to be on the safe side.

But you could also check if it's actually getting set without logging in or if there are any JavaScript errors that might prevent the deletion of the cookie.

1 year ago
Post: 11043
Topic: Cannot copy or delete sections, too many sections?

Should be fixed with this commit.

Seems to work well here.

Please test and report any issues. It's only an early hotfix.

FYI: In fact we did't use GET but POST to save the section data. So it wasn't an URL string length issue but we actually exceeded max_input_vars on the server side.

Edited: 1 year ago
Post: 11042
Topic: Refactored version 1.1 available on GitHub

I made a fork of the plugin that adresses the missing possibility to log in and adds a few features.

get version 1.1 from GitHub

 

Site, If you're still reading along: Please feel free to update the plugin here with my version.

1 year ago
Post: 11041
Topic: Javascript in templates

$page->head_js[] = rawurldecode($page->theme_path).'/script.js';

is the safest route to go because it will even cope with theme folder names containing spaces and/or special characters.

AFAIK, $addonRelativeCode will only be availabe inside plugin hooks, which may be part of themes, but most themes don't implement such.

Once a theme uses plugin hooks, such as the getHead hook, you can add custom js and css via this hook using $addonRelativeCode.
E.g. Theme Cajón uses advanced techniques in this regard and makes use of several plugin hooks.

1 year ago
Post: 11035
Topic: Ckeditor problem

What i was looking for is how the installation of ckeditor  alone without pressing update can gray out ckeditor.

Can't find anything either, sorry.

1 year ago
Post: 11034
Topic: Blogstrap - resonsive dropdwon

The dark templates are no longer  'in'

Maybe, Cajón has a live switch for that in the Theme Options in the Admin Top Bar (a few lines of css will also change it).
But of course it's a matter of taste.

Another idea is a material-light theme…

Have you seen Bootswatch4 Scss*/material? Its quite there.

Edited: 1 year ago
Post: 11031
Topic: Blogstrap - resonsive dropdwon

I think i will make instead a bootstrap sidebar at the left for handy users.

You have a lot of content. Bootstrap navbars aren't too well suited for 3+ menu levels.
Have you tried the Cajón theme? I made it for such cases and it handles deeply nested menu levels quite well.

edit: On the other hand, Cajón doesn't let one access heading menu pages, so it would need some hacks in your case.

 

Edited: 1 year ago

News

Typesetter 5.1
8/12/2017

Typesetter 5.0.1 is now available for download. 5.1 includes bug fixes, UI/UX improvements, ... Read More

Over 8 Times Faster Than Wordpress
5/3/2016

We've known for a long time that Typesetter is fast. It's something we take pride ... Read More

More News

creisi productions

Dienstleistungen von creisi productions, Luzern (Schweiz): * Konzeption, Planung und Erstellung Ihres Internet-Auftritts * Betreuung und Aktualisierung/Pflege Ihrer Website * ...

Find out more about our Provider Spotlight

Log In

  Register