@peregrine interesting idea... so basically I can use the addon (newsfader) with Messages, creating the fade effect, right?
I added var quotes = $(".InfoMessage"); in the js file and it works (also removed the h2 elements from master template).
Only problems is I (admin) cannot see the message, I remember I stopped seeing any messages a long time ago, and I think it might have something to do with the fact that I dismissed one message - since then - I couldn't see any messages at all. Other (regular) users can see them. I'm not sure how to fix this, but I really like the idea, thanks!
Is this js code a potential security risk for my community? I'm just wondering, just in case I'm going to use it on a regular basis from now on.
all you did was add the fade in and out. that shouldn't be any more of a problem than any other jquery security problems (of which they regularly fix).
the one thing you need to be aware of is what users can input in the text fields (if you allow it). These must be validated and sanitized and would be the only issue.
I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.
@hgtonight said:
Pair it with dismissable messages and you have a win-win for people that don't like animated stuff on their screen.
Regarding 'dismiss message' option - I'm not 100% sure that by checking that option users will be able to see the other messages that are currently in 'rotation' - will have to test that.
manage messages in top grid. if it is checked they can add messages.
How can I check to see which roles have permissions to add messages and which don't ?
as a rule of thumb. whenever adding or writing plugins.
always log in under each role (create several accounts for yourself - one in each role).
and check all roles if what you think you have is really what you have (and what you want) and also verify guests and all custom permission categories as well.
in that way you always know what other people see or have permission to do in their respective roles.
I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.
Comments
users could add messages via the dashboard option messages and your plugin could fade based on the infomessage class.
I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.
@peregrine interesting idea... so basically I can use the addon (newsfader) with Messages, creating the fade effect, right?
I added
var quotes = $(".InfoMessage");in the js file and it works (also removed the h2 elements from master template).Only problems is I (admin) cannot see the message, I remember I stopped seeing any messages a long time ago, and I think it might have something to do with the fact that I dismissed one message - since then - I couldn't see any messages at all. Other (regular) users can see them. I'm not sure how to fix this, but I really like the idea, thanks!
to undismiss message.
you can do two things - delete the old one and recreate it.
or
go into the user table and look at the row pertaining to your user and look at the preferences field
you will see something like this.
"DismissedMessages";a:1:{i:0;s:1:"1";}you can delete it from preferences , leave the other parts of the preferences alone.
as long as you start from "D in DismissedMessages and go to the first closing bracket } for what you will be deleting.
I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.
@peregrine that did the trick, thanks again!
Is this js code a potential security risk for my community? I'm just wondering, just in case I'm going to use it on a regular basis from now on.
all you did was add the fade in and out. that shouldn't be any more of a problem than any other jquery security problems (of which they regularly fix).
the one thing you need to be aware of is what users can input in the text fields (if you allow it). These must be validated and sanitized and would be the only issue.
I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.
@peregrine you're referring to Garden > Manage > Settings right? I think that's the permission for managing messages, am I right?
That is a great idea! You could use it to cycle through a few messages which would, at least initially, bring some emphasis to the messages.
Pair it with dismissable messages and you have a win-win for people that don't like animated stuff on their screen.
Search first
Check out the Documentation! We are always looking for new content and pull requests.
Click on insightful, awesome, and funny reactions to thank community volunteers for their valuable posts.
I wouldn't give regular users the ability to add messages.
but a security risk would be any user input field that if you entered
jQuery(document).ready(function($) { alert("hello") }); or <SCRIPT> alert(“XSS”); </SCRIPT>and when the field displayed an alert box popped up. you would be adding a potential cross-site scripting vulnerability.
https://www.acunetix.com/websitesecurity/cross-site-scripting/
also see an older discussion:
http://vanillaforums.org/discussion/20608/xss-security-vulnerabilities-
I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.
Regarding 'dismiss message' option - I'm not 100% sure that by checking that option users will be able to see the other messages that are currently in 'rotation' - will have to test that.
How can I check to see which roles have permissions to add messages and which don't ?
manage messages in top grid. if it is checked they can add messages.
as a rule of thumb. whenever adding or writing plugins.
I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.
The option is checked for LvL 1 Mods, but I logged in with a Moderator account and I cannot add messages.
they would also need settings permission as well to get to dashboard.
unless you provide them a link
http://example.com/dashboard/message
I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.
@r0obert
add the code from this tutorial to your plugin if you like
http://vanillaforums.org/discussion/27099/tutorial-how-to-add-an-option-to-the-flyout-menu-in-2-1-and-add-link-in-dashboard-as-well
I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.