Geeklog Forums

I've read http://www.geeklog.net/faqman/index.php?op=view&t=32, and I am trying so hard to like the kses stripping functionality of Geeklog, but it constantly gets in the way of simple things we want to do in stories we want to publish!! It's driving me mad.

For instance, I have a table in a story, and I want the top row of the table to be column headers. I want these column headers to have a black background with white text.

To control table cell background colors, FCKeditor uses the <td bgcolor> element and attribute. So I log in as Admin, and go to Configuration > Miscellaneous > HTML Filtering, view the Admin HTML list, and add td > bgcolor. That works. Yey!

Now, to control font color within the table cell, FCKeditor uses the <span style> element and attribute. So I log in as Admin, and go to Configuration > Miscellaneous > HTML Filtering, view the Admin HTML list, and add span > style. But even though I have done this, Geeklog strips the content of the style attibute away!

Geeklog strips this:



...down to this:



Which results in black text on a black background! Grrr!

So is there a way to prevent this?

I have to ask (and I mean no disrespect - it's just frustrating as hell to me):

Why offer the FCKeditor if you only turn around and cripple the living crap out of it??

Why do you not let me decide who I will trust to create articles on my site? I don't want to have to give out my root password to people just so they can use the editor to its full potential.

Sorry for the tone, but I've been wasting lots of time running into issue after issue like this with FCKeditor and kses, and it's quite frustrating!

---

-mono

As far as content coming from your users is concerned, it's really in your own best interest that these things are filtered ...

I can understand your frustration from an Admin's point of view, though. That's why there's the "Skip HTML Filter for Root?" option ...

Inline CSS isn't going to work with kses. That's a bug / limitation of kses. For missing tags and attributes, maybe someone could write an "import" script that makes it easier to get a working set of HTML tags and attributes into the configuration?

bye, Dirk

To me, this is a fundamental flaw in logic.

On the one hand, you take the position that it's in my own best interests that content from ALL users – even users I happen to deem safe – is filtered. Yet on the other hand, you are providing access to the FCKeditor to *all* users when it is enabled! Either you want Geeklog users to enjoy FCKeditor, or not - you can't have it both ways. If you try to have it both ways, you end up with this very frustrating scenario where something that could be excellent is crippled / broken instead. At best, you're setting up FCKeditor for failure with this logic, which is, like it or not, a bad user experience for Geeklog users and administrators.

What you seem to be telling me is my only recourse is to:

a. Give all story admins access to the root account so that they can use FCKeditor the way it is designed to be used. I refuse to do this. Why have the story admin group at all then?
-or-
b. Disable FCKeditor completely, since there is no way to get it working correctly for all story editors.
I'd hate to do that, because the alternative Plain Text and HTML editors pretty much suck.

Neither is an acceptable answer to this problem, to me. I don't see the point in offering FCKeditor to your users if half of its features are, in effect, hopelessly broken.

Please reconsider your position on this. This is not good for the Geeklog community as it stands. You might as well remove FCKeditor completely, IMO. It's a bad user experience.

---

-mono

mono,

try glfusion instead www.glfusion.org

they forked from geeklog a while back and i'm setting up all my new sites with it. its very nice

cheers!

No problem, you can hack this in lib-common.php line 2966

Find: SEC_inGroup( 'Root' )) and replace with SEC_inGroup( 'Story Admin' ))

Now all HTML is being skipped for story admins rather than root. That`s good when you have a limited number of story admins you can trust.

Mine happened to be in a different place, probably because I've got different modifications:

Anyhow, I just checked and it does appear to work! So I thank you!!

Now I would love to see a configuration option for this sort of thing in Geeklog at some point in the future, so I don't have to make this hack every time I upgrade. Should I file a bug report on it, or what?

---

-mono

Yes, I think it would be good to have a feature request for it. There should be a drop down box for "skip root for ???" and then a list of the groups.

This is very helpful if there is a limited user group as it is typical on a homepage where the owner is not root. This is the case with all my friends for whom I set up a geeklog.

The proper way to do it would be to create a feature "htmlfilter.bypass" (or something). Then you could assign this permission to any group you wanted (and even take it away from root). Then the configuration option is unnecessary. Then change the whole if to if (SEC_HasAccess("htmlfilter.bypass").