General question about development and contributions #35
Comments
|
Further solutions found so far: 4.3 supports dragging and dropping images into the editor, if allowed in init: This is at least helpful for small images, as they get included into the HTML with base64. Solutions for uplpoading as files to the server found here: https://www.tinymce.com/docs/get-started/upload-images/ I could not get to work yet. But it can be done, I am sure... :) |
|
Found more of my questions answered and further solutions :)
At this point I am pretty sure I will use this cms for production... :) |
|
How did you go about updating Bootstrap? |
|
In /cms/config/definitions.conf.php just update the version number in the definitions of bootstrap.js and bootstrap.css like that: define('BOOTSTRAP', '//maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/bootstrap.min.js'); |
|
Hi. Maintainer has long time been not active. Looking on network activity graph can be assumed that the @TKr still try support the project by collecting not merged PRs. May be in his fork you can find partners to fix your problems. |
|
Thanks for pointing that out. I am just installing that branch next to my "playground version" as I need more visual environment to understand what has been changed and done. At least for more difficult coding questions I will head there. BTW sim2Github your implementation of Ace has really improved this for me :)) |
|
At first look what has been done over there I have either already patched together or discarded, while some of the changes I did to the script are missing, so there is for now no advantage in using the TKr-Code for me. Anyway I am happy the cms is not dead altogether. :) |
|
I have tried many CMS during the last few weeks and I always come back to this because of the easy o f use and extendability; I can easily upgrade components and need not wait for someone to release and upgrade etc. What you say now about core vulnerabilities does worry me though so I will have a look at RiteCMS. As for composer etc. any project that depended on composer I could not get to work with my hosting even though they claim to be compatible. I'd - for my line of work - rather be sure that a project I create on server X will work on comepletely different server Y, hence flatfile e.G.. |
|
Looking at RiteCMS I don't like the changes they have made to the Admin GUI etx. I would rather implement the core security changes to the basecode - do you think that would be very hard to do? |
|
They dont change admin GUI - they support phpsqlitecms v2. Phpsqlitecms v3 migrate on github from googlecode and technicacly changer frontend and backend interface with bootstrap usage. RiteCMS is only use 5 years old interface but fixing new core sequrity issue. U can use diff tool to see what difference in core of this projects. |
|
Thank you, I begin to understand. ;) But there are so many differences between the two branches that I have no clue what would need to be done to implement the security-patch to the v3-master. I have already mailed the riteCMS-People for help to learn about that. At the moment I am trying to restrict the filemanager to allow only secure filetypes and have the upload-folder not execute scripts at all; as that is something RiteCMS has not changed as far as I can see... With my half-knowledge of programming it is more of finding scraps of code on the net and then trial and error about how to get it to work... |
|
If you use apache - add to folder .htaccess with: RemoveHandler .php .phtml .php3
RemoveType .php .phtml .php3
php_flag engine off |
|
Thanks :) Ray from RiteCMS has answered and I think I have made the relevant changes to close the exploit. (I compared the two versions of Rite before and after they closed the exploit and applied those changes to the files in v3 accordingly) He also stated that the filemanager is secure enough if the login is secured by the patch. Still I would rather like to put some more restrictions into the fm like excluding filetypes or limiting filesize but that is sth. I can manage myself. I also tried including another filemanager-script with more features (Encode Explorer) let's say it worked but was not as pretty as I would prefer it to be... ;) I might tackle that later once more... |
|
Say, would you be interested to issue a fork with all your additions (Ace etc.) and the security-fixes from RiteCMS and some other stuff I have more or less nicely included by now? Also I would like to know if the security fixes work. (There is only one file where I had to improvise because the code had changed significantly because of bootstrap) On top of that I would like to integrate Encode Explorer more seamlessly, maybe even instead of the internal filemanager. It has much more robust security features, but still comes in one php-file. To integrate all that would have to be done would be to pass on the status as admin to the explorer that has it's own login for uploads and deletions. Plus of course some visual stuff (I could do that) and adding the PSC-Admin-Menu when logged in. Another interesting "project" that goes over my head for now would be a better standard-menu for the default-template. For now I have included a fixed nav-bar into the template, thus I cannot fill it via the menu-GUI, also active menues and submenus need to be declared by some php I included in the default.tpl |
|
Im not interest in this project anymore. It hard to extend and support. |
|
I see, thank you for your honesty. Is there a CMS-Project you would recommend at the moment? |
|
I think WordPress is holding a leadership position. This is a best choice for beginners. Huge amount of documentation, examples, plug-ins (commercial and free), themes, etc. |
|
I know all the "big ones". I used Wordpress a lot; I am looking for sth. very lightweight, just a basic backend for bootstrap-powered websites, preferably without database-server needed. Using SQLite with the option to install on MySQL seems like the perfect scalable solution. So what I am looking for is: Bootstrap-based, solid but lightweight, "portable". Big frameworks in the background tend to scare me off, especially when it is about really small and lightweight to be sites. |
|
I was with the same problem, phpsqlitecms current version has security problems that have not been addressed, and I don't have that know-how to solve them, this CMS seems abandoned, and theme editing is not something for me. |
|
Hi thanks for the recommendation! :) Will have a look at it. I did find a way to fix the security flaws of phpsqllite and tweaked it to my liking with Bootstrap-Updates, a cool editor etc. - but then never got around to use it in a production environment. An application that is actually still supported and developed is of course a better choice. In this context I have no need for user management... So... :) |
|
The same here, for uses where is only one person using it is probably more than enough, specially if is just some presentation web site. Unfortunately the developers of this phpSqlLiteCMS seem to not care about it now, and the security vulnerabilities stay there for people like me that don't understand how to code php and other languages. I still have one web site using phpsqlitecms but has not been hacked until now... I did protect the admin folder with user name and password and IP restriction for several years), and the whole web site with Content Security Policy on the .htaccess to reduce the surface for attacks. But I will eventually migrate. |
Would it be possible for you to share your fixes / improvements? Like to use phpsqlitecms in little classroom project and having your fix / improvements to compare with official release, be a great study for the students. Thanks in advance. |
|
What I could do is give you the files, if I still finde them; I have not used it since and can't recall any more even what the security flaw was about. ;) |
|
Thanks @VOOM108 Understand it has been a while, if you find them that would be great. |
I will assume that the files are long lost:( Thanks anyway for at least trying. |
|
I have forked this repository and fixed all fatal errors. phpSQLiteCMS now works on PHP 8+. There are still issues, but I would like to restart work and contributions are more than welcome. |
Hi @ilosuna and all,
first of all I would like to say that this CMS is the lightweight solution I have been looking for for use on all kinds of future procects, especially due to the Bootstrap-integration that adds responsive options en masse... :)
Is the project still active?
I have started to like the CMS and while testing I have fixed issues and extended functions to my liking.
For now the CMS runs nicely, has current Bootstrap and runs with PHP 5.7. Anyhow if I start making production sites with this I would like to have some hope that (what I consider) low level things will get fixed and updated, like new Bootstrap etc.
If there is some activity and common interest I would also like to contribute fixes and functions; I have no prior experience with Github workflow though.
What may be of interest:
Maybe things like that could be perfected by community-effort.
What I miss most concerning basic options is a better variety of menu-styles and levels. I tried the Dropdown-patch by @sim2github but I would like to have options within the Admin-Interface.
Then, this has been mentioned somewhere here, would be some better workflow for images. I can choose an image from uploaded files with the normal editor and they will be inserted with some markup that does not render in the WYSIWYG, on the other hand I can insert an image by URL in TinyMCE that will show up nicely, but I would have to know the URL first. The Markup does not even show the full path so switching back and forth is no fun when working with images.
In my imagination it should not be so hard to include file upload and selection from the library within TinyMCE. Even simpler the filepicker in the codeeditor could probably be made to produce complete HTML in order to make it show up in the WYSIWYG... (?)
Liebe Grüsse!
Andreas
The text was updated successfully, but these errors were encountered: