more british….
The next step towards a “Web 2.0″ room/resource booking is done: since revision 175 the view_entry.php is now flavoured with the hCalendar-microformat to support such features as the operator plugin for FireFox or the technorati mircoformat search.
Tags: schoorbs, hcalendar, microformats
Drossellog, my upcoming logfile analyzer, is now available throuch Bazaar at Launchpad. This code is not even in the state of being a alpha release worth, so don’t expect anything to work as it should when we release a alpha/beta. If someone is interested in helping me to build a new Apache combined-log analyzer in ruby with a Ruby on Rails GUI, just contact me, I’ll be happy.
While I was fixing bug #4 of Schoorbs, I noticed this part in the JavaScript code of edit_entry.php. It really represents the loss of security in MRBS. Relying on input checking by client-side JavaScript is one of the big mistakes that was done in the dot-com time, but shouldn’t have been done in time of AJAX and more modern technics.
// check that a room(s) has been selected
// this is needed as edit_entry_handler does not check that a room(s)
// has been chosen
if( document.forms["main"].elements['rooms[]‘].selectedIndex == -1 )
{
alert(”{get_vocab text=”you_have_not_selected”}\n{get_vocab text=”valid_room”}”);
return false;
}
For all people who think client-side JavaScript input checking is secure: The input is not checked if your user hasn’t JavaScript enabled. An if someone really wants to do sth. bad, he won’t even use your HTML-Form to send his data to you, he would add it raw to the GET-parameters or the POST-data, because here is not restricted to the fields you give him.
Some MRBS insider would remark the {get_vocab …} statements which aren’t there in MRBS, this is only my Smarty-Replacement for the get_vocab()-PHP-function, I’ve ported this page a time ago to use Smarty as a template and I’m now analyzing the JavaScript code and refresh it with the use of jQuery.
Tags: schoorbs, mrbs, javascript, client-side, input, checking
I’m a great fan of Eclipse, but those versions in Ubuntu didn’t really work stable. In the last week I needed Eclipse for Java development, which I couldn’t anymore per CLI since it relied on Eclipse Project files. I downloaded the new published Eclipse Europa 3.3 and hoped that it will work better than the Eclipser 3.2.x-versions. It did not really, but instead of becoming some 32bit<->64bit conversion problems, I became after about 30 minutes a “java.lang.OutOfMemory: PermGen Space”-error. I was told to increase -Xmx to bigger value, I turned it to 2048m which should have been enough, but the error came again, after the same time. A bit of searchin in the net and I found out that there a 2 different type of memory-spaces in Java and that I have to increase -XX:MaxPermSize too, with a value of 2048m Eclipse is now working without problems
Tags: eclipse, europa, java, outofmemory, permanent
After some time of hard work, it’s finally time to release the first alpha version of Schoorbs, a fork of MRBS, a room and resource booking system. The major changes in Schoorbs made it necessary to create a fork, because the differences in the codebase of Schoorbs and the CVS version of MRBS were to big, which makes a merge impossible. The major changes are:
We are still using the same database structure and config-file as MRBS so you just have to copy your old config.inc.php into the new Schoorbs directory and it schould run out of the box.
Links:
technorati tags:schoorbs, mrbs, alpha, fork