YACS 6.9: safety, community wiki, contextual menu, nicetitle, behaviors, internationalization
Safety is often linked to security, but it is more than that. Safety relates to the overall experience you will have, as a webmaster, of your web management system. Our community has learnt in past months how diverse and tough the Internet universe could be. This new version is a revisited masterpiece of PHP code, streamlined for ease of use, that supports versions 4 and 5 of PHP/MySQL run times, and that has been hardened against hackers.
YACS already supported public and private web spaces. In the first case anyone, including anonymous surfers, can contribute. In the second case only explicit editors can contribute. With version 6.9 we are introducing the concept of community web space, by which a section becomes a wiki open only to community members.
One other important addition is the introduction of contextual menus to pages built dynamically by YACS. While browsing an article or a section, surfers will have a nice side menu to reflect the hierarchical structure of site content. The objective is to enable transverse navigation, and easy shortcut to top content levels. Of course, this is fully skinnable both at CSS and PHP levels.
The famous nicetitle library has been integrated to all reference skins, and many links generated by YACS now feature a nice hovering pop-up. Hovering is a smart way to provide more info to surfers before they click on a link.
A new API is offered to PHP developers to extend YACS. They already had hooks (to include customized scripts on event), and overlays (to store data along articles). Now they have behaviors, to turn YACS into a lightweight application server. A sample behavior is provided, that ensures license approval before file download.
We are also moving forward a full internationalization with the creation of a new i18n module. Our hope, in future versions, is to support external language files.
YACS already supported public and private web spaces. In the first case anyone, including anonymous surfers, can contribute. In the second case only explicit editors can contribute. With version 6.9 we are introducing the concept of community web space, by which a section becomes a wiki open only to community members.
One other important addition is the introduction of contextual menus to pages built dynamically by YACS. While browsing an article or a section, surfers will have a nice side menu to reflect the hierarchical structure of site content. The objective is to enable transverse navigation, and easy shortcut to top content levels. Of course, this is fully skinnable both at CSS and PHP levels.
The famous nicetitle library has been integrated to all reference skins, and many links generated by YACS now feature a nice hovering pop-up. Hovering is a smart way to provide more info to surfers before they click on a link.
A new API is offered to PHP developers to extend YACS. They already had hooks (to include customized scripts on event), and overlays (to store data along articles). Now they have behaviors, to turn YACS into a lightweight application server. A sample behavior is provided, that ensures license approval before file download.
We are also moving forward a full internationalization with the creation of a new i18n module. Our hope, in future versions, is to support external language files.
504 files that is, almost all reference scripts have been modified or created since the previous release.
The new release is available for immediate download. If you are already running a YACS server we highly recommend you to smoothly upgrade your server.
Here is a list of new or updated features coming with this release:
Anonymous usage of YACS servers has been made safer, with the addition to anti-robot protections in web forms for articles (articles/edit.php) and comments (comments/edit.php). The letter o and the number 0 have been removed from random strings generated dynamically. They have proven to be just too confusing to most human beings.
The list of recent articles in user profiles do not feature draft pages anymore, except to associates and original authors. See users/view.php.
The dependance to gravatar.com has been reduced, to avoid too long response times when their server is not reachable. See users/edit.php and users/select_avatar.php.
YACS now saves on automated mail messages, by suppressing surfer own e-mail address from the notification list. See agents/logger.php. Also, comments from associates are not notified anymore (comments/edit.php).
YACS is currently 100% dependant of the MySQL engine, but this will evolve in the future. As a first step in this direction a new script
A new script, shared/safe.php, has been introduced between YACS and the actual run-time to better handle discrepancies between run-times. Do not let a sysop kill your server because of some forbidden function!
One major design goal has been to better use the power of PHP, and in some cases we have added a couple of functions to shared/safe.php for this purpose. For example, instead of
The tables '
Output buffering is also a hot PHP topic, and a nice function
The configuration panel for users, at users/configure.php, has a new parameter to allow for fast login. When this parameter is activated, surfers are redirected swiftly on successful authentication instead of obtaining a welcome page. See users/login.php and users/configure.php.
The new global parameter '
An additional global parameter ('
The global parameter '
Two parameters have been added to the configuration panel for rendering, to limit the maximum size of avatar images. See images/configure.php and images/edit.php.
The configuration panel for files allows now the input of additional file extensions. A straightforward approach to support some file types without waiting for a new release of YACS. See files/configure.php and files/files.php.
Subscribers can now comment pages they are reading. See comments/edit.php. Previously subscribers were not able to interact with server at all.
Because safety requires precision, all calls to
The release of a new version of YACS is a process with several steps. At one step all scripts are included to ensure they are free of syntax errors. Unfortunately some scripts are not eligible to this check. With version 6.9 some of these non-eligible scripts have been changed to be included into generic syntax check.
Non-standard network port numbers are now fully tested, and you can setup a web server on whatever socket you want. See shared/global.php.
Some code has been added to a couple of scripts to block attacks from hackers, based on lessons learnt during Summer time. This is based on the patch made available in August.
Access to check scripts has been restricted to associates. See for example articles/index.php.
Performance also contributes to overall safety, and 'returns by reference' construction have been generalized to avoid data copy within server memory and, ultimately, to save on CPU cycles. YACS is powerful, but this does not mean you will wait for ages to get pages.
For the sake of the phpDoc documentation, scripts/phpdoc.php has been enhanced to support functions that return references.
The Control Panel features a better handling of software versions, and is more explicit on memory usage and demonstration mode. Thelink to the CSV import now works properly. See control/index.php. Information related to YACS execution is provided in the information panel, at control/info.php.
The Content Assistant has been extended to simplify the creation of a wiki, whether it be public or restricted. See control/populate.php.
A new keyword '
The layout for comments in wikis and manuals relies now on definition lists, and new styles have been introduced to enable full control through CSS. Open style sheets of reference skins and look for '
In previous versions comments of a wiki were considered as 'page extensions'. Now they are labelled as 'page annotations', which is less confusing. See sections/section.php for more information.
Hierarchical focus to some article or section has been added to articles/view.php and sections/view.php. A side menu lists neighboring sections to enable transverse navigation. The data structure created in articles/article.php and sections/section.php is provided to the rendering engine, and therefore the solution is fully skinnable, both at the CSS level and at the PHP level (overlay the function '
The test page for skins, that is used by web designers to check rendering of their CSS, has been augmented with a fake contextual menu of 5 levels. See skins/test.php.
The nicetitle Javascript library has been placed in
A number of layouts have been enhanced to benefit from the nicetitle library. For example, at the Site Map, hovering a link will display the introduction of underlying section or article. See sections/layout_sections_as_yahoo.php.
The user menu, that appears after successful authentication, also features hovering titles. See shared/surfer.php.
Behaviors characterizes the intelligence we would like to add to sections. Behaviors is also the name of a new YACS module. Look at behaviors/behavior.php for more information on the interface that is supported. Interested PHP developers will also look at behaviors/agree_on_file_access.php as a smart example of implementation.
A new module, named i18n, has been added to better support the next translations of the software in many languages. As a first step, a library has been created to handle localizations made from within scripts. See i18n/i18n.php. As a result, all calls to
References (e.g., '
SQL requests have been modified to better support subscribers and readers. See for example articles/articles.php.
A new YACS code has been added to create shortcuts to decision, such as
The named constant COMPACT_LIST_SIZE is now used thoughout the software instead of various constants. This can be changed in the skin library to better adapt to particular needs if necessary.
The form used to submit a new comment now properly features the name of article author. See comments/edit.php.
The parser used to aggregate external news now takes care of the character encoding indicated in the feed, to better adapt to legacy RSS. See services/rss_codec.php.
New smileys have been added to feature Mac, *nix, and Windows operating systems. See smileys/smileys.php.
The new release is available for immediate download. If you are already running a YACS server we highly recommend you to smoothly upgrade your server.
Here is a list of new or updated features coming with this release:
Anonymous usage of YACS servers has been made safer, with the addition to anti-robot protections in web forms for articles (articles/edit.php) and comments (comments/edit.php). The letter o and the number 0 have been removed from random strings generated dynamically. They have proven to be just too confusing to most human beings. The list of recent articles in user profiles do not feature draft pages anymore, except to associates and original authors. See users/view.php. The dependance to gravatar.com has been reduced, to avoid too long response times when their server is not reachable. See users/edit.php and users/select_avatar.php. YACS now saves on automated mail messages, by suppressing surfer own e-mail address from the notification list. See agents/logger.php. Also, comments from associates are not notified anymore (comments/edit.php). YACS is currently 100% dependant of the MySQL engine, but this will evolve in the future. As a first step in this direction a new script shared/sql.php has been created to virtualize most invocations of the database service. Ultimately,at some point in the future we would like to let you decide which engine you would like to use. A new script, shared/safe.php, has been introduced between YACS and the actual run-time to better handle discrepancies between run-times. Do not let a sysop kill your server because of some forbidden function! One major design goal has been to better use the power of PHP, and in some cases we have added a couple of functions to shared/safe.php for this purpose. For example, instead of @include_once ... we are now writing Safe::load(...) to leverage PHP notice and warning messaging system. Also, we now use Safe::redirect() instead of header('Location: ...') to take care of tricky situations. The tables 'dates' used to have a field 'date', which has become a forbidden keyword in the new release of MySQL. Therefore the database schema has been changed, and YACS now fully supports MySQL version 5. Output buffering is also a hot PHP topic, and a nice function render_raw() has been introduced to take care of ob_start() and similar stuff. The configuration panel for users, at users/configure.php, has a new parameter to allow for fast login. When this parameter is activated, surfers are redirected swiftly on successful authentication instead of obtaining a welcome page. See users/login.php and users/configure.php. The new global parameter 'without_outbound_http' prevents YACS from contacting other web sites. This will help where ISPs block servers access to the Internet. See control/configure.php. An additional global parameter ('without_file_uploads') has been added to prevent the upload of images and files in the configuration panel for users (users/configure.php). This can be used to administratively stop file uploads, or in cases where server permission settings do not allow for uploads. When the parameter is activated, YACS smartly removes all links that could lead to some upload. The global parameter 'with_debug' has been introduced to beter support software developers working on top of the YACS platfom. See control/configure.php. When this parameter is activated, errors in SQL statements, or slow statements, are recorded in agents/debug.txt. See shared/sql.php. Do not activate this parameter at production servers, since all available disk space would be eaten on the long run. Two parameters have been added to the configuration panel for rendering, to limit the maximum size of avatar images. See images/configure.php and images/edit.php. The configuration panel for files allows now the input of additional file extensions. A straightforward approach to support some file types without waiting for a new release of YACS. See files/configure.php and files/files.php. Subscribers can now comment pages they are reading. See comments/edit.php. Previously subscribers were not able to interact with server at all. Because safety requires precision, all calls to function_exists() have been turned to is_callable(), and most calls of file_exists() have been changed to is_readable(). The release of a new version of YACS is a process with several steps. At one step all scripts are included to ensure they are free of syntax errors. Unfortunately some scripts are not eligible to this check. With version 6.9 some of these non-eligible scripts have been changed to be included into generic syntax check. Non-standard network port numbers are now fully tested, and you can setup a web server on whatever socket you want. See shared/global.php. Some code has been added to a couple of scripts to block attacks from hackers, based on lessons learnt during Summer time. This is based on the patch made available in August. Access to check scripts has been restricted to associates. See for example articles/index.php. Performance also contributes to overall safety, and 'returns by reference' construction have been generalized to avoid data copy within server memory and, ultimately, to save on CPU cycles. YACS is powerful, but this does not mean you will wait for ages to get pages. For the sake of the phpDoc documentation, scripts/phpdoc.php has been enhanced to support functions that return references. The Control Panel features a better handling of software versions, and is more explicit on memory usage and demonstration mode. Thelink to the CSV import now works properly. See control/index.php. Information related to YACS execution is provided in the information panel, at control/info.php. The Content Assistant has been extended to simplify the creation of a wiki, whether it be public or restricted. See control/populate.php. A new keyword 'members_edit' can be added to any section to turn it to a 'community wiki', that is, a wiki restricted to community members. Look at articles/edit.php to see how this is handled internally. The layout for comments in wikis and manuals relies now on definition lists, and new styles have been introduced to enable full control through CSS. Open style sheets of reference skins and look for 'wiki_comments' and 'manual_comments' for more information. In previous versions comments of a wiki were considered as 'page extensions'. Now they are labelled as 'page annotations', which is less confusing. See sections/section.php for more information. Hierarchical focus to some article or section has been added to articles/view.php and sections/view.php. A side menu lists neighboring sections to enable transverse navigation. The data structure created in articles/article.php and sections/section.php is provided to the rendering engine, and therefore the solution is fully skinnable, both at the CSS level and at the PHP level (overlay the function 'build_contextual_menu() in skin.php). The test page for skins, that is used by web designers to check rendering of their CSS, has been augmented with a fake contextual menu of 5 levels. See skins/test.php. The nicetitle Javascript library has been placed in included/browser for global sharing. The related CSS and image have been replicated in skin directories to allow for some customization where applicable. All reference templates now invokes nicetitle. Look for example in skins/skeleton/template.php on how this has been achieved. A number of layouts have been enhanced to benefit from the nicetitle library. For example, at the Site Map, hovering a link will display the introduction of underlying section or article. See sections/layout_sections_as_yahoo.php. The user menu, that appears after successful authentication, also features hovering titles. See shared/surfer.php. Behaviors characterizes the intelligence we would like to add to sections. Behaviors is also the name of a new YACS module. Look at behaviors/behavior.php for more information on the interface that is supported. Interested PHP developers will also look at behaviors/agree_on_file_access.php as a smart example of implementation. A new module, named i18n, has been added to better support the next translations of the software in many languages. As a first step, a library has been created to handle localizations made from within scripts. See i18n/i18n.php. As a result, all calls to get_local() have been changed to i18n:user(), and all calls to get_preferred() to i18n::server(). In future versions this module will be expanded to support external language files. References (e.g., '[image=123]) have been added to the main index of images, at images/index.php. SQL requests have been modified to better support subscribers and readers. See for example articles/articles.php. A new YACS code has been added to create shortcuts to decision, such as [decision=123,my decision]. This complements the long list of shortcuts to articles, sections, categories, files, comments, etc. See codes/codes.php. The named constant COMPACT_LIST_SIZE is now used thoughout the software instead of various constants. This can be changed in the skin library to better adapt to particular needs if necessary. The form used to submit a new comment now properly features the name of article author. See comments/edit.php. The parser used to aggregate external news now takes care of the character encoding indicated in the feed, to better adapt to legacy RSS. See services/rss_codec.php. New smileys have been added to feature Mac, *nix, and Windows operating systems. See smileys/smileys.php.Links
| | YACS 6.9: safety, community wiki, contextual menu, nicetitle, behaviors, internationalization - accident osha (health and safety consultants) |
