GS Blog v1.4

[mikeh]

Security Update

Version 1.2.2 Added To Extend

• Fixed security vulnerability! - Fixed insecure image upload file. It is very important you update to version 1.2.2 for this fix.
  

[andyash]

Is it just me or is GS Blog breaking image paths for everyone? I can't insert images in my posts because it keeps breaking their paths.

[shawn_a]

Possibly, I don't think the javascript issues has been resolved yet, and might be including files that are overriding stuff on all pages.

[arnal]

Hi There!
I am new in the GS community and sorry if my question is stupid, but i have issue with GS BLOG.

Let's say we have a multilingual site with : English & German languages.

How we can make in the different language to show ONLY specific category.
When is English to show ONLY category :example: "English News"
When is German to show ONLY category:example: "German News"
And this method to use for archives and latest news.

I will appreciate any help from you

[saint]

I found a bug in the advertising control section.

If you enter in the html code for advertising, and click the save settings more than twice, the blog software will add forward slashes within the html code. ( At least it did this to me for google advertising. )

Keep up the great work with the blog plugin

[saint]

i updated some configurations in other sections of the blog settings - now the code in the advertisement section stays messed up. I can't delete and readd - without it messing up.

I tried linking to a js script

<script src="url.js" type="text/javascript"></script>

and this is the results after saving

<script src=\"url.js\" type=\"text/javascript\"></script>

Quotation marks cause a problem.

[jonnyjc273]

I seem to be having an issues with categories, any help would be great:

1. When I try to assign a post with a category it does not seem to actually saved it? When I go back to edit the post, the category is not currently selected? With that said it does seem to assign the category to that post when using the live site however, if I then assign another post to the same category that post is then linked to that category but not the previous one.

2. Is there a way to create my own custom list of categories in the side bar?

Thanks, Jonathan

[michaellindahl]

I just uploaded the plugin to my plugins folder, and now my site will not load at all. I get a "HTTP Error 500 (Internal Server Error): An unexpected condition was encountered while the server was attempting to fulfill the request." Deleting the files fixes the issue. [The blog.php file and blog folder are directly in the plugins folder.]

[Connie]

"HTTP Error 500 (Internal Server Error)" this message says that something is really wrong

it is not a specific error, but a catch all error (an errormessage for many reasons)

I think you did something wrong when uploading the plugin, as the plugin is working correctly on other sides

you can find exact info how to install plugins with GS here: http://get-simple.info/wiki/plugins:installation

and maybe the plugin has some readme-info as well

try again, I am sure it will work!

[shawn_a]

usually a fatal php error or syntax error.
Check your php error log.

What php version and gs version as provided by health check ?

[michaellindahl]

usually a fatal php error or syntax error.
Check your php error log.

What php version and gs version as provided by health check ?

My PHP version is "5.2.17 - OK". I just updated to 3.1.2 to see if that would fix the problem and it did. Yay.

[Box]

Hi,

How to enable "READ MORE" function and add 3 dots (...) at the end of excerpt as sign that blog/news is continued?
How to manage "READ MORE" and 3 dots (...) option to shows only for long news? (for short info is no need to show up because there is nothing to "read more")

I don't see any option in SETTINGS for it.

I have newest GS and GS Blog.

Thanks

[michaellindahl]

I totally would love to see a "read more..." option too. I have been working on something like that using the Custom Blog Layout option. Here is the code that I am using (last updated 08/21/12):

Code:

<?php if (substr($_SERVER['REQUEST_URI'], 0, 11) == "/blog/post/") { echo "<div style=\"display:none;\">"; } ?>
<div class="blog_post_container">
    <h3 class="blog_post_title" style="display: inline"><a href="<?php echo $Blog->get_blog_url('post').$post->slug; ?>" class="blog_post_link"><?php echo $post->title; ?></a></h3><p class="blog_post_date" style="display: inline-block"> - <?php echo formatPostDate($post->date); ?></p><br>
    <?php echo $Blog->create_excerpt(html_entity_decode($post->content), 0, 250); ?><span style="display: inline;">…
    <h5 style="margin:0px;"><a href="<?php echo $Blog->get_blog_url('post').$post->slug; ?>" class="blog_post_link">Read more…</a></h5>
    <div style="border-bottom: solid 1px gray; border-top: solid 1px black; width: 100%; margin:10px; margin-left:0px; opacity:0.5;"></div>
</div>
<?php
if (substr($_SERVER['REQUEST_URI'], 0, 11) == "/blog/post/") { echo "</div>"; }    
if (substr($_SERVER['REQUEST_URI'], 0, 11) != "/blog/post/") { echo "<div style=\"display:none;\">"; }
if (isset($_COOKIE['GS_ADMIN_USERNAME'])) {
echo '<div style="float: right; display: block;" ><a href="/admin/load.php?id=blog&edit_post='.$post->slug.'">Edit Blog Post</a></div>';
} ?>    
<div class="blog_post_container">
    <a href="http://getsimplecmsproject00.dreamhosters.com/blog/post/My Room Is Now Complete/#disqus_thread" data-disqus-identifier="<?php echo $post->slug; ?>" style="float:right"></a><p style="margin: 0px; float:right; color: gray;"><?php echo return_hitcount_hits(return_page_slug()); ?> Views - </p>
    <h3 class="blog_post_title"><a href="<?php echo $Blog->get_blog_url('post').$post->slug; ?>" class="blog_post_link"><?php echo $post->title; ?></a></h3>
    <p class="blog_post_date"><?php echo formatPostDate($post->date); ?></p>
    <p class="blog_post_content"><?php echo $post->content; ?></p>
    <p class="blog_go_back"><a href="javascript:history.back()"> << Go back to the previous page</a></p>
    <?php disqusTool(); ?>
</div>
<?php if (substr($_SERVER['REQUEST_URI'], 0, 11) != "/blog/post/") { echo "</div>"; } ?>

The one issue that I am getting is related to a "read more..." option. If post is under the 250 characters then read more doesn't show any more content (but does add the ability to comment). Also if the post contains media – in my case, a posterous gallery of images – nothing will show up and the read more should be more like "view media". I have tried look for or thinking of a php solution to this and haven't thought of anything thus far. If I do I will update this post.

I do really think that the developer need to improve the Blog Page Layout and also separate it so that the end user can easily choose a blog page layout for the individual post and the list of posts.

Also I have added code to add an "edit page" text. This was added to the theme template. When on a non blog page it will bring the user to the normal edit page, when the user is on the blog page it will bring the user to the blog management page. Here it is:

Code:

<?php if (isset($_COOKIE['GS_ADMIN_USERNAME'])) {
    if (return_page_slug() != blog) {
        echo '<div style="float: right; display: block;" ><a href="/admin/edit.php?id='.return_page_slug().'">Edit Page</a></div>';
        echo '<p style="margin: 0px; float:right; color: gray;">'.return_hitcount_hits(return_page_slug()).' Views - </p>';
    } else if (substr($_SERVER['REQUEST_URI'], 0, 11) != "/blog/post/") {
        echo '<div style="float: right; display: block;" ><a href="/admin/load.php?id=blog">Edit Blog</a></div>';
        echo '<p style="margin: 0px; float:right; color: gray;">'.return_hitcount_hits(return_page_slug()).' Views - </p>';
    }

} ?>

I was unable to use the $post->slug code in the theme template so I had to include the "Edit Blog Post" link inside the custom blog template. The following was added to the custom blog template (seen above in context) to bring the user to edit the specific blog post:

Code:

<?php if (substr($_SERVER['REQUEST_URI'], 0, 11) != "/blog/post/") { echo '<div style="float: right; display: block;" ><a href="/admin/load.php?id=blog&edit_post='.$post->slug.'">Edit Blog Post</a></div>';
?>

Also, it is worth noting that GS Blog does not work with HitCount http://get-simple.info/extend/plugin/hitcount/91/. Currently HitCount treats the main blog page and the individual posts as one page - not what I or anyone else would want. I have posted this issue in their forum as well here: http://get-simple.info/forum/post/29500/#p29500 The developer has responded with the following:

The second – currently HitCount shows all hits on the blog page and hits on the individual blog posts as a single page. Can HitCount be upgraded so that it supports the posts using the GS Blog plugin?

I could probably add some functionality to Hitcount to allow other plugins to change the slug, but it probably would not be used by the plugin authors - so far even the hooks in I18N Search are not used by any plugin, as far as I know :-(

But I think, you could add a call to hitcount_init($slug) to your page template for the blog, where the parameter is e.g. the blog page slug concatenated with the blog entries slug/name, like (I didn't test it):

Code:

<?php
  $entryslug = ...; // I don't use the blog plugin, so you need to find out how to get the entries name/slug
  @hitcount_init(return_page_slug().'-'.$entryslug);
?>

Of course this would mean that hits to your blog page are counted twice, the normal page hit and the additional hit, so the total site hits in the admin part would be wrong.

Here are the edits needed for HitCounter to work with GS Blog. With these edits hits will not be counted twice for the blog page when users view blog posts.

hitcount.php, function hitcount_init_page (not tested):

Code:

function hitcount_init_page() {
  global $url;
  $post = @$_GET['post'];
  if ($url == 'blog' && $post) {
    hitcount_init($url.'-'.$post);
  } else {
    hitcount_init($url);
  }
}

Code:

function return_hitcount_hits($slugOrFile) {
  $post = @$_GET['post'];
    if ($slugOrFile == 'blog' && $post) {
        $hits = @file(GSDATAOTHERPATH . HITCOUNT_DIR . 'hits_' . preg_replace('/[^A-Za-z0-9\.-]+/','_',$slugOrFile).'-'.preg_replace('/[^A-Za-z0-9\.-]+/','_',$post)  . '.txt');
    } else {
        $hits = @file(GSDATAOTHERPATH . HITCOUNT_DIR . 'hits_' . preg_replace('/[^A-Za-z0-9\.-]+/','_',$slugOrFile) . '.txt');  
    }
    return $hits ? $hits[0] : 0;
}

[User3]

Thank you for this plugin, I would like to ask you how to use custom fields ? I added few custom fields from the administration panel but are not displayed, do I have to use a code? place it somewhere?

Also I miss few things:

the edit post link
import thumbnail from url (external)
set thumbnail size from admin panel or tell em how to easily modify the thumbnail size, I tried in plugins/blog/class/Blog.php but didn't worked. the images are still resized to 200px

[michaellindahl]

Dear GS Blog developer:

Are you sure that the posts are html entity encoded? And are you sure you really want to decode them? Most of the times you can just get away with htmlspecialchars(). And decoding before displaying is often a bad idea and may introduce XSS vulnerabilities. Not sure in you specific case though. Just a reminder to watch what you are doing :-) E.g. are you sure you want to decode it and not encode it to prevent XSS?

[stania]

How to add a title news to the breadcrumb?

I am using the theme innovation.

[shawn_a]

Dear GS Blog developer:

Are you sure that the posts are html entity encoded? And are you sure you really want to decode them? Most of the times you can just get away with htmlspecialchars(). And decoding before displaying is often a bad idea and may introduce XSS vulnerabilities. Not sure in you specific case though. Just a reminder to watch what you are doing :-) E.g. are you sure you want to decode it and not encode it to prevent XSS?

That's not really the proper way to filter user input anyway. I most certainly would not use entity encoding decoding as a xss filter mechanism. Shouldn't all authors be trusted anyway or are you referring to rss feeds ?

[michaellindahl]

Dear GS Blog developer:

Are you sure that the posts are html entity encoded? And are you sure you really want to decode them? Most of the times you can just get away with htmlspecialchars(). And decoding before displaying is often a bad idea and may introduce XSS vulnerabilities. Not sure in you specific case though. Just a reminder to watch what you are doing :-) E.g. are you sure you want to decode it and not encode it to prevent XSS?

That's not really the proper way to filter user input anyway. I most certainly would not use entity encoding decoding as a xss filter mechanism. Shouldn't all authors be trusted anyway or are you referring to rss feeds ?

I'm not quite sure on the security front, but the GS Blog developer does tell users to use it:

Create Excerpt: <?php echo $Blog->create_excerpt(html_entity_decode($post->content), 0, $excerpt_length); ?>
This will create an excerpt of specified length. The $excerpt_length variable would need to be an integer and is the length of the excerpt.

[magik]

I would like to have categories and archives with the number of posts displayed. This could probably be optional as I think not everyone would want it.

Is this feature available or would you consider adding it?

Something like:
Archive
July 2012 (1)
June 2012 (6)
May 2012 (2)

Categories
category_A (5)
category_B (3)

[shawn_a]

I'm not quite sure on the security front, but the GS Blog developer does tell users to use it:

Create Excerpt: <?php echo $Blog->create_excerpt(html_entity_decode($post->content), 0, $excerpt_length); ?>
This will create an excerpt of specified length. The $excerpt_length variable would need to be an integer and is the length of the excerpt.

Well yeah because its encoded when saved to xml, so you have to decode it.

[magik]

I think I found two problems in the latest version.

1) The following string in languages seems wrong: 'ALL_CATEOGIRES' => "View All Categories",


2) The feature "View All Categories" doesn't work as expected. Currently it displays "Uncategorized" posts and not all posts.

I believe the following function could be modified like this (change in bold):

/**
* Shows posts from a requested category
*
* @param $category the category to show posts from
* @return void
*/
function show_blog_category($category)
{

if ($category == "")
{
show_all_blog_posts();
return;
}

$Blog = new Blog;
$all_posts = $Blog->listPosts(true, true);
$count = 0;
foreach($all_posts as $file)
{
$data = getXML($file['filename']);
if($data->category == $category)
{
$count++;
show_blog_post($file['filename'], true);
}
}
if($count < 1)
{
echo '<p class="blog_category_noposts">'.i18n_r(BLOGFILE.'/NO_POSTS').'</p>';
}
}


I would prefer two features:
"View All posts"
"Uncategorized"


What are your thoughts on this?

[magik]

Another minor suggestion: Several strings in en_US.php seems obsolete. (MANAGECAT, ADD_NCAT, DEL_CAT1, DEL_CAT2, ...) I would suggest checking them all and eliminating those that are unused.

I would like to completely disable RSS feeds. Is it possible to do so? Could it be considered as a new feature?

[michaellindahl]

I think I found a new error. Searching on posts via tags (.com/blog/tag/blogtaghere) is throwing an error page.

[magik]

I would suggest changing these if-elseif:

foreach($post_data as $key => $value)
{
if($key == 'current_slug' || $key == 'time')
{

}
elseif($key == 'slug')
{
$node = $xml->addChild($key);
$node->addCData($slug);
}
elseif($key == 'title')
{
$title = safe_slash_html($value);
$node = $xml->addChild($key);
$node->addCData($title);
}
elseif($key == 'date')
{
$node = $xml->addChild($key);
$node->addCData($date);
}
elseif($key == 'content')
{
$content = safe_slash_html($value);
$node = $xml->addChild($key);
$node->addCData($content);
}
elseif($key == 'tags')
{
$node = $xml->addChild($key);
$node->addCData($tags);
}
else
{
$node = $xml->addChild($key);
$node->addCData($value);
}
}

To a switch statement for readability (it might help performance slightly http://www.phpbench.com/)



Also, the following function:
/**
* Lists All Blog Posts
*
* @param $array bool if true an array containing each posts filename and publish date will be returned instead of only the filename
* @param $sort_dates bool if true the posts array will be sorted by post date -- THIS REQUIRES $array param TO BE TRUE
* @return array the filenames & paths of all posts
*/
public function listPosts($array=false, $sort_dates=false)

Doesn't seem to take into account the pagination. I believe it'll easily become a performance issue for bigger blog. I would adjust it or create another function which includes the page index in its routine.

Like calls from:
function show_blog_category($category)
public function get_blog_archives()
function show_posts_page($index=0)


The following function should use another parameter (probably the number of post in the recent post list):
function show_blog_recent_posts($excerpt=false, $excerpt_length=null, $thumbnail=null, $read_more=null)


I'm unsure about how these changes could be implemented, but my guess is that the file blog_cache.xml might be useful to optimize the function listPosts.



Tell me if you find it useful. I could probably help on this.



I'm suggesting and reporting these issues and those in my earlier posts as I find your plugin really useful and a great way to learn GetSimple. Thanks a lot for making it.

[magik]

I think I found a new error. Searching on posts via tags (.com/blog/tag/blogtaghere) is throwing an error page.

What error are you getting? Do you get a text message or a display problem?