Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
BlogThis develoment
Anyone working on a port for BlogThis addon for V2?
If not, any one willing to do it for a price?
If not, any one willing to do it for a price?
0
Comments
Way to many addons i need to wait for v2.
Much easier than trying to do it the other way around (integrate a forum with a blog).
http://bitbucket.org/bean/simpleblog/
It's been a while since I had time to redo the different steps and document it.
I planned to show this to @Mark once everything is written, to be used as the "Application" doc. Hopefully, I will find time to finish this within a month.
I've seen simpleblog's code and I have some comments.
1. Add/Edit are similarity. No need separate the code in controller and views.
Use such:
public function Add(){
$this->Permission('Blog.Entry.Add');
$this->View = 'Edit';
$this->Edit();
}
public function Edit($ID = ''){
if (Is_Numeric($ID)){
$Data = $Model->GetID($ID);
if($Data == False) Redirect('garden/home/filenotfound');
// editing
// check permissions here
}else{
// new
}
....
$this->Render();
}
And views too. See example code in applications\vanilla\views\post\comment.php
2. Model.
$SimpleblogModel = new Gdn_Model('Simpleblog', $Validation);Gdn_Model - accept only one param: table name. But why you use class "Gdn_Model" if you created special class model "SimpleblogModel"?
3. Security. You getting UserID from hidden field and dont checking it in Model::Save(). So hacker can add blog entry for any user with substituted post request.
3.1.
echo sprintf('%s', $Blog->Body);- bad construction.Use Format::Html() or Format::To($Blog->Body, 'Html')
4. SimpleblogModel::Save(). Actually this method is uselless for this simple construction. Parent method of Gdn_Model will do this (and validation too, if "UserID" field was named InsertUserID)
1. the 2 methods/views are done on purpose. To teach people how to write things, I think it will confuse people if everything is merged directly. But it could, definitely, be merged in a future step of the tutorial it's meant to be.
2. no idea.
3. Indeed, it will have been one of the caveat written in the tutorial commentary, as many other checks are missing too, checks complicates code for beginners.
3.1 It's used in vanilla2 code somewhere though, as it's where I've picked it
4. It's been a while since I wrote all this, and I've had pratically no php experience beforehand, and not that much programming experience too
I'll have a look again.
It is indeed something not to use in the real world as many things are missing (some of those are already stated in the wiki page of the project), the purpose of this is to understand how you can write an application with garden.
The differents commits in the project will be whipped clean, and new ones following each steps will be created so that users can learn from it, viewing the diffs easily.
I aim it for beginners, not for people used to do php already.
Thanks for the feedback, maybe if I have time, or demand is high, it will grow into a real blogging system, but don't count on it.