Greetings all you fine developers out there. I have a question for you. I was working on trying to solve a problem with including <IMAGE_TITLE> and <IMAGE_THUMBNAIL> and found that a lot of useful things happen inside an if loop that only returns true when x= is not set in the URL. I am wondering if there was a specific design intent for only running this section of code for the main and comment templates, or if there may be some security vulnerablity executing this when pulled from another template?

More than likely I will just hack the condition on this line to allow my x= template to have access to the variables that run in here, but wanted to check with you guys before I did this.

off topic, sorry, but damn, i was in Athens, GA on Sat for the opening season UGA vs WKU game...it really is a small world.

off topic, sorry, but damn, i was in Athens, GA on Sat for the opening season UGA vs WKU game...it really is a small world.

After 10 years and two degrees I finally bid farewell to UGA in May. Damn I miss those $20 season tickets!

I am wondering if there was a specific design intent for only running this section of code for the main and comment templates, or if there may be some security vulnerablity executing this when pulled from another template?

this is for security reasons of course
any value can be set to "x" and that would open a lot of doors

it is necessary and ok and necessary again to stop this and allow allow a restricted number of parameters here
it is necessary not to pass through parameters which are given on the fly in URLs without beeing proofed in the script
this is not thought to stop something from templates, this is meant not to accept values from URLs

but if you read how to write addons and/or admin addons you will find a big choice of possibilities to extend the functionality of the script

Connie, I have read the documentation for creating addons and have enough experience with other programming languages to understand what's going on in the script.

What I was looking for was a way to minimize the amount of code. Since the functionality for pulling the image information out of the database, assigning the DB info to variables, and replacing the template tags already exists within the script, I am trying to find a way to use the code that's already there. Currently if I use something like: www.somedomain.com/index.php?x=test&showimage=10, the showimage part of the string is ignored by PixelPost, because the if condition that starts on line 202 says not to grab any of the image information if x is set.

I would rather not hack the code, because it means I would have to remember what changes I made the next time a new version is released. I could create an addon, but the addons don't get called in and executed until the just before the template get's spit out, I would have to copy all of the code in the if loop, which adds unnecessary bulk to the page. The most efficient way I can see to do this would be just to modify line 202 to something like: if(!isset($_GET['x']) OR (isset($_GET['x']) && $_GET['x'] == "test"))

If there's a way to do this with an addon that doesn't require duplicating a lot of code, please let me know how this might be done. In future versions of PP I would like to see the database queries and other code that generates these tags:<IMAGE_THUMBNAIL>, <IMAGE_THUMBNAIL_NO_LINK>, <IMAGE_PERMALINK>, included somewhere like the functions.php so they can be accessed by an addon. Since my suggestions don't seem to be regarded too highly around here, please don't take this as a suggestion. Merely one man's wish.

I ran into something like this too when I tried to create an Addon. It would be nice if the devs can externalize the loading of a photo from the DB and associated tags.

So as to not duplicate the functionality and the processing time if you need access or to update some of the variables.

Since my suggestions don't seem to be regarded too highly around here, please don't take this as a suggestion. Merely one man's wish.

fishing for compliments? I prefer not to continue that and you should also not continue
that's not the way to befriend here, I think, and I will not continue

what you write is a good point for future development
in the moment we are a little tired, a long way to 1.5 and summer as well
so we will not jump to it immediately

in the moment our next topics are a better organisation of the forum, a new portal of the website, better organisation of download section etc.

I will add your "idea" to the list in our brainstorming section...

Some time ago I had maybe better idea.
1) rewrite whole code
2) exclude, what is possible, to external files/classes/functions
3) add workspaces in index.php before and after each base functionality like RSS, ATOM, image data generation, ...

GeoS I think that's a great idea. Is this still something you're considering? It would provide a lot more flexibility in devloping addons.

give us time and nothing to do else in our life ... and it could be possible maybe sometime who knows...

you know that everything is very time-consuming

it's a great idea and it would be a great amount of work for sure..