Components Extended [v0.9.3]

[Tyblitz]

Introduction
Extended functionality for GS Components: better UI with sort & search, CodeMirror support, doubleclick code snippet copy, individual component save without page reload. Components Extended saves your components as <slug>.xml files in data/components with AJAX, one component at a time (no page reload!). It replaces the components tab with a custom tab, and will automatically import existing components from components.xml on activation. Available in EN, FR, NL. Download it from Extend.

Components Extension adds one PHP function for components, get_ext_component($slug, $params = array()); where $params is an array of named keys (or an object).

Eg if you had the following:

PHP Code:

<?php get_ext_component($slug, array(
    'greet' => 'Hello',
    'name'  => 'world'
)); ?>

In your extended component you could do:

PHP Code:

<?php echo $params->greet . ' ' . $params->name . '!'; ?>

And it would output: 'Hello world!'.

Features

• Single-file components saved in data/components, modify 1 component at a time, smaller request payload.
  
• Cleaner UI
  
• Rename the component title independently from its slug.
  
• Keeps track of the created date, modified date, and last editor.
  
• Replaces the component tag cloud with an autofill search + sort (by [reverse] alphabetical)
  
• One extra PHP function: <?php get_ext_component($slug, $params = array()); ?>
  
• Bonus: doubleclick the get_component snippet for automatic copy to clipboard
  

Notes

Be sure to set the GSTIMEZONE constant to your timezone if you wish to have meaningful timestamps for created & modified dates.
NB: to other plugin developers; the standard GS hooks component-save and component-extras also work with this plugin.


Screenshot

[shawn_a]

Since you are doing 1 at a time maybe see if you can base64 or other encoding to bypass security fiteres

[datiswous]

Nice.

Just some some small things I encountered:

When I try to delete a component I get an alert dialog saying:

undefined: component-name

I was expecting something like:

Are you sure you want to delete component-name ?

Maybe the (yellow) status messages could just hover on the top instead of bumping the page (it also moves the page-view down to where the status message is), I think it's suboptimal if such status messages move the page when editing code. Also, the edit-cursur should stay active at it's location.

[Tyblitz]

V0.7 release  2016-06-18

- CSRF (cookie, header & nonce check) vulnerability patch
- Allow changing the directory where components are saved
- Make component title available in component as $params->title
- Bugfix slug<->title when creating new component, labels
- Added languages FR/NL
- CodeMirror support

[Oleg06]

http://prntscr.com/bhnyan

[Tyblitz]

v0.7.1 release - 2016-06-18

- Bugfix

[Tyblitz]

@oleg, you have a very unusual GSDATAPATH. Your GSROOTPATH is set to demo.getsimplethemes.ru/uikit.
I don't know how to fix it (@shawn_a any idea?), but you can do in gsconfig.php : define('GSDATACOMPONENTSPATH', str_replace('uikit/', '', GSDATAPATH  . 'components/'));

[Oleg06]

http://prntscr.com/bhpz63

[Oleg06]

if the site is at the root http://prntscr.com/bhq1p0

[Tyblitz]

I'll have a look into this when I get some time, but your display is very, very strange.
I get none of these issues on my local install. Could you have a conflict with another plugin?
The file formats at bottom right, what is that? Also, the search icon is not visible.. You're not using UTF-8?

[Oleg06]

the removal of all plugins
http://prntscr.com/bhufqc

[Tyblitz]

the removal of all plugins
http://prntscr.com/bhufqc

Can you give me temporary access (with GSDEBUG on)? I have no idea how this is possible.

[Oleg06]

I'm working on a local server.
After removing all of my components.
http://prntscr.com/bhvp2d
I could not disable any plugin.

[Oleg06]

attempt to save
http://prntscr.com/bhvr9c

[datiswous]

Maybe it's easier to see what's going on if you (also) test this on an English version of the admin.

[Oleg06]

http://prntscr.com/bims6w
http://prntscr.com/bimsdp
http://prntscr.com/bimsne

[Tyblitz]

http://prntscr.com/bims6w
http://prntscr.com/bimsdp
http://prntscr.com/bimsne

I know what it is (the security check failed), but not sure how to solve it.
It's the same nonce check as GS uses..

In components_ext.php, line 53 - 62 you can see this:

PHP Code:

<?php 
// protect against CSRF, basic check 
if (!isset($USR) || $USR != get_cookie('GS_ADMIN_USERNAME') || !isset($_COOKIE['PHPSESSID'])) 
  die();
        
// only continue if the request comes from the same domain & nonces match
if (empty($_SERVER['HTTP_ORIGIN']) || strpos($_SERVER['HTTP_ORIGIN'], $_SERVER['SERVER_NAME']) < 5 || empty($_GET['nonce']) || !check_nonce($_GET['nonce'], 'components_ext_action', 'components_ext.php'))
  die(); 


So either:

• the $USR global is not set or the $USR global does not match GS_ADMIN_USERNAME.
  
• the PHPSESSID is not set
  
• the $_SERVER['HTTP_ORIGIN'] is not set or $_SERVER['SERVER_NAME'] doesn't appear in [c]$_SERVER['HTTP_ORIGIN'].
  
• the $_GET['nonce'] is not set or isn't correct according to check_nonce.
  

To debug, can you please replace the above lines with the following:

PHP Code:

if (!isset($USR) || $USR != get_cookie('GS_ADMIN_USERNAME')) 
  $components_ext->response(200, '$USR global missing or GS_ADMIN_USERNAME cookie missing');
if (!isset($_COOKIE['PHPSESSID']))
  $components_ext->response(200, '$_COOKIE[\'PHPSESSID\'] is not set');    
if (empty($_SERVER['HTTP_ORIGIN']) || strpos($_SERVER['HTTP_ORIGIN'], $_SERVER['SERVER_NAME']) < 5)
  $components_ext->response(400, 'Server name mismatch');
if (empty($_GET['nonce']))
  $components_ext->response(400, 'No nonce given');
if (!check_nonce($_GET['nonce'], 'components_ext_action', 'components_ext.php'))
  $components_ext->response(400, 'Nonce mismatch'); 


Try to save again, and see what error message is displayed, thanks

[Oleg06]

I do not know where I have to replace these lines?

[shawn_a]

Gs doesnt use that...
We dont even use sessions.
Check_nonce()
Is_logged_in()

If i had to guess your origin check doesnt work on all enviroments or phpsessions were not started

[Tyblitz]

Gs doesnt use that...
We dont even use sessions.
Check_nonce()
Is_logged_in()

If i had to guess your origin check doesnt work on all enviroments or phpsessions were not started

Hey thanks for coming in shawn, I'm not a pro at PHP security and I assumed these were de facto requirements for the session to be valid. I'll check the Is_logged_in function, didn't know about that one yet.

Oleg, it's in the main plugin file components_ext.php (in your plugin folder), line 53-62.

[shawn_a]

Theres also login_cookie_check to auto handle includes w login redirect

[Oleg06]

http://prntscr.com/bj02fa
http://prntscr.com/bj02lg

[shawn_a]

tested with stable works for me

[shawn_a]

I would clean up that code, put the native gs checking stuff first, then your secondary local stuff second, too many or strings

Messages do not contain component id or title, no undo on delete

Add a setting or gsconfig to auto save to components.xml, so you can use native gs getters ?

Add sidebar tags back and jump to open component ?

[Tyblitz]

I would clean up that code, put the native gs checking stuff first, then your secondary local stuff second, too many or strings

Messages do not contain component id or title, no undo on delete

Add a setting or gsconfig to auto save to components.xml, so you can use native gs getters ?

Add sidebar tags back and jump to open component ?

Glad to hear it works on your install, concerning the suggestions:

1. Yes, should/will do.
   
2. Might consider, but I believe users who didn't intend to delete the component would'nt hit OK when prompted to confirm deletion. I don't see much added value in an undo feature as you can cancel everything client-side. Automatic backups will be part of a future release though.
   
3. One of the major reasons for creating this plugin is that it saves components in individual files instead of lumping them together in one. So native GS getters won't help here.
   
4. IMO Sort & search together are way more flexible/ powerful than a tag cloud (that's why I replaced it).