| ID |
Date |
Icon |
Author |
Author Email |
Category |
OS |
ELOG Version |
Subject |
|
1326
|
Tue Jul 26 10:55:03 2005 |
 | Emiliano Gabrielli | AlberT@SuperAlberT.it | Question | Linux | 2.6.0b | Re: Can't set Author attribute properly in reply? |
| Stefan Ritt wrote: |
| Emiliano Gabrielli wrote: | | Substitute is the only way I have to be assure it is as I want ... |
No, that's not true. A
Locked attributes = Author
will do the job as well. |
I can't argue how it works ...
The following code will assure that, if the HTML generated by elog would be modified by hand by a malicious user the server can still preset the author field with the right $long_name?
Locked attributes = Author
Preset on Reply Author = $long_name
how works in details the "Locked Attribute" parameter then ?? ... |
|
1327
|
Tue Jul 26 10:59:45 2005 |
| Stefan Ritt | stefan.ritt@psi.ch | Question | Linux | 2.6.0b | Re: Can't set Author attribute properly in reply? |
| Emiliano Gabrielli wrote: | | The following code will assure that, if the HTML generated by elog would be modified by hand by a malicious user the server can still preset the author field with the right $long_name? |
Ok, you're right. But that requires quite some knowledge to change the generated HTML by hand. So for paranoiac people the "Subst" might be better. Actually you could have both the "Preset on Reply" and the "Subst on Reply", so on the reply entry form one sees already the correct author. |
|
1328
|
Tue Jul 26 12:02:35 2005 |
| Emiliano Gabrielli | AlberT@SuperAlberT.it | Question | Linux | 2.6.0b | Re: Can't set Author attribute properly in reply? |
| Stefan Ritt wrote: |
| Emiliano Gabrielli wrote: | | The following code will assure that, if the HTML generated by elog would be modified by hand by a malicious user the server can still preset the author field with the right $long_name? |
Ok, you're right. But that requires quite some knowledge to change the generated HTML by hand. So for paranoiac people the "Subst" might be better. Actually you could have both the "Preset on Reply" and the "Subst on Reply", so on the reply entry form one sees already the correct author. |
It's my actual configuration infact  |
|
1332
|
Tue Jul 26 17:32:59 2005 |
 | Chris Green | greenc@fnal.gov | Question | Linux | 2.6.0b | Re: Can't set Author attribute properly in reply? |
Thanks for this, gents.
Chris. |
|
1333
|
Tue Jul 26 17:41:10 2005 |
 | Chris Green | greenc@fnal.gov | Question | Linux | 2.6.0b | New and reply pages don't use Page Title |
Is this intentional, or can it be changed? I'd like every page associated with a particular logbook to use that logbook's page title as at least part of its own.
Also, is it possible to have a reply comment in the same way as one has a message comment?
Thanks,
Chris. |
|
1334
|
Tue Jul 26 17:57:36 2005 |
| Chris Green | greenc@fnal.gov | Request | Linux | 2.6.0b | Restrict Top Groups to logged-in users? |
Hi,
I'd like to be able to prevent non-logged-in users from seeing what logbooks exist in a top group. Currently it seems that one is only required to log in once one has chosen a logbook. Is this possible?
Thanks,
Chris. |
|
1335
|
Tue Jul 26 20:23:33 2005 |
| Stefan Ritt | stefan.ritt@psi.ch | Question | Linux | 2.6.0b | Re: New and reply pages don't use Page Title |
| Chris Green wrote: | | I'd like every page associated with a particular logbook to use that logbook's page title as at least part of its own. |
On the list page, you can use "summary page title = <title>". Since this option is misleading, I renamed it to "List page title = <title>". Then I added "edit page title = <title>". Modifications are in CVS.
| Chris Green wrote: | | Also, is it possible to have a reply comment in the same way as one has a message comment? |
I added "reply comment = <comment>"
So, that gave another two options. With all that many options it's hard to read through the configuration documentation. So if you have time and fun doing it, you could restructure the documentation page into some separate pages, to give people a better overview. Please send the modified pages back to me and I will include them on the web site. |
|
1336
|
Tue Jul 26 20:32:02 2005 |
| Stefan Ritt | stefan.ritt@psi.ch | Request | Linux | 2.6.0b | Re: Restrict Top Groups to logged-in users? |
| Chris Green wrote: | | I'd like to be able to prevent non-logged-in users from seeing what logbooks exist in a top group. Currently it seems that one is only required to log in once one has chosen a logbook. Is this possible? |
To protect the logbook selection page, you put the "password file = <file>" into the [global] section or the [global <top group>] section. So "hide" the top group selection page, you put a "show top groups = 0" into the [global] section. |