ElkArte Community

Elk Development => Feature Discussion => Topic started by: Spuds on February 16, 2022, 10:28:33 am

Title: Are these features used?
Post by: Spuds on February 16, 2022, 10:28:33 am
There are a couple of areas that don't get much oversite and I'm curious as to how much they are used, so just looking for some feedback.

1) FTP control.  Its plugged in to a few areas, like packages and smileys and probably a some other spots.  The idea is that it allows one to sign in with your ftp credentials to CHMOD files/dirs when the user that the webserver is running under is not elevated to be able to do that.  Now I do use FTP but never the built in control.  I think its a goodie to have, but is it worth it vs simply saying use your web control panel to bla

2) The theme editor.  The ACP allows one to change the theme CSS and theme templates and somewhat see the live change.  This is not how I tend to operate so just curious if folks use this capability?  Its again a goodie to have, but when I'm making edits I (generally) do them in a full editor.

That code has not been looked at since 1.0 and likely mostly legacy as well. 
Title: Re: Are these features used?
Post by: badmonkey on February 16, 2022, 10:44:03 am
Perhaps someone else has a different perspective, but mine is similar to yours. I haven't used either feature in years. 

FWIW a typo in the css editor can truly bork a site. Such a mistake can be unrecoverable through the site itself should it occur in a critical location. It's better done through an external editor with undo functionality. Don't ask how I know..... :-X ;D
Title: Re: Are these features used?
Post by: vbgamer45 on February 16, 2022, 01:16:17 pm
Haven't used either of those personally.
Title: Re: Are these features used?
Post by: Steeley on February 16, 2022, 02:39:54 pm
I'm old school - I've been known to manually shift automatic transmissions..  so, no..
Title: Re: Are these features used?
Post by: Arantor on February 16, 2022, 04:41:07 pm
1) I've heard horror stories of the chmod process ending up making files unavailable to the webserver, and I've heard of cases where it simply fails to chmod anything because the FTP service simply ignores the request. Would suggest removing.

2) Editing the templates in the ACP is a security risk, plain and simple. (And it has been abused in the wild.) Editing the CSS should only be viable in the ACP if you don't let the ACP share any styles with the main theme, meaning that if they break the CSS of the theme, they don't also break the ACP.
Title: Re: Are these features used?
Post by: Antechinus on February 16, 2022, 05:14:46 pm
1) I don't have an opinion on this. Not my forte. :)

2) Kill the bloody thing, before it causes more trouble.

It's a horrendous format to work with in practice anyway. Much better to use a code editor (+ FTP, if not working on local). Also, these days we all have the browser's document inspector available, which allows live testing CSS edits immediately without running the risk of borking anything.

Template edits should never be done live in admin if you value your sanity. :P
Title: Re: Are these features used?
Post by: Spuds on February 16, 2022, 05:54:42 pm
Now that is what I was :pray: to hear! .... Now I get to do one of my favorite things, remove crusty old code :smiley:



Title: Re: Are these features used?
Post by: Antechinus on February 16, 2022, 06:01:24 pm
Yay! Bring on the chainsaw!

Also, just noticed (what I think is) a minor CSS bug. It's breaking fairly short words with a hyphen, instead of just bumping them to a new line. Not really optimal for legibility, IMO. Is the word break really needed for anything?

Code: [Select]
.messageContent {
  grid-row: messageContent;
  min-height: 70px;
  padding: 1em 1em .25em .5em;
  -webkit-hyphens: auto;
  hyphens: auto;
  border-top: 1px solid;
    border-top-color: currentcolor;
  overflow-wrap: break-word;
}
Title: Re: Are these features used?
Post by: Spuds on February 16, 2022, 06:10:41 pm
I see that now that you have pointed that out ... That might be the "hyphens" acting up?  The break word thing is for those that like to enter one long line of unbroken gibberish
Title: Re: Are these features used?
Post by: Antechinus on February 16, 2022, 06:34:41 pm
Seems to be the hyphens. Not sure those are needed. Never had them before, IIRC, and things seemed to be fine. If I knock them out in the dev tools the post renders "normally".
Title: Re: Are these features used?
Post by: Spuds on February 16, 2022, 08:59:09 pm
I'll remove those and see how things roll.  Reading about the hyphens tag its browser and language specific with just equals who the heck knows what it will really do.
Title: Re: Are these features used?
Post by: radu81 on February 17, 2022, 02:09:25 am
Title: Re: Are these features used?
Post by: Arantor on February 17, 2022, 06:30:24 am
I think point 2 is not quite so clear cut though. I may have spoken from a specific angle and eco outraged a view that isn’t quite the full story.

The current setup is a huuuuuge security risk. Yet other platforms do offer template editing - especially those that are cloud only offerings. But they do so by abstracting away the templates so bare PHP is not a consideration, and admin templates are usually firewalled off from the rest for the obvious reason. They also provide edit history.

I should note my own journey has been to remove the editing functionality, convert to a template language and consider how to reintroduce editing for this reason, since there are people who genuinely would be baffled by having to use FTP, and yet can make the most… incredible… of forum themes. (I would not venture to suggest they were all beautiful but the boundaries of the world I play in forum-wise are so vastly out there compared to SMF and I see very different skill sets. These people only exist on a forum-as-a-service environment and they’re using a modified IPB 1.3 to do it.)
Title: Re: Are these features used?
Post by: Antechinus on February 17, 2022, 03:21:06 pm
Ok, but I think we are still at the stage of "Kill all the crud that was inherited from SMF 2.0.x admin, which in turn was inherited from SMF 1.1.x admin, and God knows where THAT came from".

It's a pretty horrible thing to use, even without taking into account the security issues.
Title: Re: Are these features used?
Post by: Spuds on February 17, 2022, 04:23:29 pm
QuoteIt's a pretty horrible thing to use, even without taking into account the security issues.

I think that really sums it up, it was a :poop: to try and use.  I think I have it all gone now, cut down managethemes by 50%
Title: Re: Are these features used?
Post by: Arantor on February 18, 2022, 03:20:30 am
I figured, just putting it out there that the overall concept is worthwhile even if the current implementation was awful. If it were less awful it would be used more ;)
Title: Re: Are these features used?
Post by: Frenzie on March 20, 2022, 08:54:39 am
1. I've never used that.

2. I've used it once or twice so I would consider it vaguely useful. But given the security concerns raised above presumably it's better to axe it than to rework it into something safer. In any case I wouldn't miss it; there's a subtle distinction between that and finding something vaguely useful. ;)
Title: Re: Are these features used?
Post by: Spuds on March 20, 2022, 09:17:49 pm
Cool .. those items were removed!

There are still FTP functions available during a package install (a large update to those functions was done as well), BUT I'm still planning on doing additional changes so we have sftp / tls capable as well as ipv6, (neither work now).
Title: Re: Are these features used?
Post by: McFly on March 21, 2022, 03:24:46 am
Quote from: Spuds – ...
There are still FTP functions available during a package install (a large update to those functions was done as well), BUT I'm still planning on doing additional changes so we have sftp / tls capable as well as ipv6, (neither work now).
That sounds good to me. I set up a test server myself, which is only accessible via sftp, but does not have an ftp service installed.