Finally after about 1 year of development, the final, stable Schoorbs 1.0 is here! Schoorbs is a web based room and resource booking system. Schoorbs 1.0 has the following features:
- book rooms & resources grouped by areas
- activity could be log via a simple logging interface
- code is automatically tested by several unit tests
- easy stylable through the usage of a template system
- produces valid XHTML 1.1 output
- packages for Debian and Ubuntu are available
- well documented on the Schoorbs website
Since Schoorbs is a fork of MRBS, we have to mention the changes since the fork:
- flavoured GUI with mircoformats
- Rewritten search inteface
- Added a REST interface, so that Schoorbs could be used as a webservice
- Refreshed GUI, compacter and more modern than MRBS
- runs without register_globals=on and without an emulation of this (security!)
- fixed several SQL injection possibilities
- added a simple logging interface
- removed complicated e-mail code
- rewritten Javascript code to work in modern browsers (using jQuery)
- Javascript and CSS are delivered compress -> speedup in enduser performance (thanks to Rainpress and Packr)
Links:
Tags: schoorbs, mrbs, room, resource, booking, php, mysql, postgresql, microformats, debian, ubuntu, xhtml, css, javascript, jquery, rainpress, packr, sql-injection, rest, 1.0, release, stable, final
While I was fixing bug #4 of Schoorbs, I noticed this part in the JavaScript code of edit_entry.php. It really represents the loss of security in MRBS. Relying on input checking by client-side JavaScript is one of the big mistakes that was done in the dot-com time, but shouldn’t have been done in time of AJAX and more modern technics.
// check that a room(s) has been selected
// this is needed as edit_entry_handler does not check that a room(s)
// has been chosen
if( document.forms["main"].elements['rooms[]‘].selectedIndex == -1 )
{
alert(”{get_vocab text=”you_have_not_selected”}\n{get_vocab text=”valid_room”}”);
return false;
}
For all people who think client-side JavaScript input checking is secure: The input is not checked if your user hasn’t JavaScript enabled. An if someone really wants to do sth. bad, he won’t even use your HTML-Form to send his data to you, he would add it raw to the GET-parameters or the POST-data, because here is not restricted to the fields you give him.
Some MRBS insider would remark the {get_vocab …} statements which aren’t there in MRBS, this is only my Smarty-Replacement for the get_vocab()-PHP-function, I’ve ported this page a time ago to use Smarty as a template and I’m now analyzing the JavaScript code and refresh it with the use of jQuery.
Tags: schoorbs, mrbs, javascript, client-side, input, checking
I just wanted to use on thickbox file for several environments(the same file available under several urls), but I noticed that I have to set the loadingAnimation-image-url statically, so I thought let’s change that and I made a patch, so that you just only need to set the variable TB_LoadingAnimation to the position of the image. I does not matter if you set it before or after loading thickbox.js. Here’s the code which I added on top of the thickbox.js file, it checks whether the variable is already set and if not sets it to the default.
// set the location of the animation shown
// while loading the content of a Thickbox
if(TB_LoadingAnimation === undefined) {
var TB_LoadingAnimation = "images/loadingAnimation.gif";
}
Later in the thickbox.js I replaced the image url with the TB_LoadingAnimation variable. For those who want to use it, here I have for you:
technorati tags:javascript, patch, thickbox, TB_LoadingAnimation, jquery
Blogged with Flock
Just after I converted script.aculo.us to be used woth Drupal, here’s my version of Lightbox2 I just provide the js, please catch the rest on the Lightbox2 homepage. I can not really say, if it works, because I haven’t tested it (there was no ‘rake test’-testuite 
). I was a long time user of Lightbox, but when I started to care about licences(I want to release some opensource scripts soon) I noticed that Lightbox2 is released under the CC-By 2.5, which GNU declares as GPL-incompatible, so I moved to Thickbox which works on the basis of jQuery which is much better when using Drupal (you need to load less javascript files).
As already known, here the 2 version of Lightbox2:
technorati tags:javascript, prototype, script.aculo.us, lightbox, lightbox2, drupal, thickbox, jquery, jsjuicer
Blogged with Flock
Because there seems to be a need for prototype/script.aculo.us/lightbox2 for some Drupal users I’ll continue converting those packages into a Drupal compatible spelling. This time I transformed the script.aculo.us(version 1.7.0) library to use $ID() instead of $(). All tests that went through with the original library did succed too on the transformed, so I hope there’s nothing broken. As before I added a JSJuicer compressed version, so that people do not need to bother about the size. In the next time(maybe already in the next hour I upload a transformed Lightbox2 to help to close a discussion at drupal.org).
But in my opinion I have to say that people might should consider to make their javascripts with jQuery if they are only used within a drupal-environment, you still need change it for use with Drupal since the $()-function isn’t the same.
In the end: grab script.aculo.us for Drupal:
technorati tags:prototype, javascript, jquery, script.aculo.us, drupal, jsjuicer, compressed
Blogged with Flock