PLugin System like VB3

[Alex]

But skins is a tad easier as it stays with each update, as IP.Board asks if you wish to revert changes.

[bfarber]

Sorry for the bump, but I couldn't edit.

One thing I would like to see, in effort to reduce the overhead of including/opening external files, is the ability to add php directly to the templates. This is, in effect, the same thing as including a file and the skin template system already has to run a parse check for the "html logic" as it is now. Addition of a new tag (ie <php>) would be great B)

Umm....this is already possible. :P

* Allow PHP tags in template HTML?* Turning this on is a potential security risk as a malicious user* could, with access to your ACP, add in an executable* shell script which would allow root access to your* server!*/define( 'IPB_ACP_ALLOW_TEMPLATE_PHP', 0 );

/**

Disregarding the warning (which is only an issue if someone hacks your ACP to begin with) enabling this allows you to use

<php> some php code </php>

in templates, exactly what you are asking for.

opening up == discussion == exactly what we've just had so i'm happy :P . And wow didn't think ips would miss a security issue like that so its a little more than worrying. Hope they do address it.

This isn't a security hole exactly. In order to allow any php in the if statements, it's pretty hard to try to go through and block SOME. What if someone puts

<if="eval(base64_decode('abouhsaoy29yu2lh2oy21o'))">

(I just randomly typed those characters, but pretend for a second they are "include('somefile.php')")

Should we be trying to catch that too? Realistically, to keep the same flexibility we have now, we can't stop that very easily, completely. It's not really a security hole - the constant stops the exec.file and exec.url statements, not the html logic.



This is all good discussion, and comes back around to the beginning. A hooks system really would help. It would alleviate skin AND file edits for various things. i.e. members online today - if we had a hook in the boardstats file (a common file to edit really) that could automatically call in registered function/file/method calls, you could just register the hook and never edit the file. IPB could in theory see the registered hook, call the appropriate code at the appropriate location in the file, and print it out as if you edited the file.

This could also be used for things like Gallery and Download Manager to print out stats from the components on the board index.

Hooks systems have their limits, but that doesn't mean they're useless.

[Michael]

But skins is a tad easier as it stays with each update, as IP.Board asks if you wish to revert changes.

Not necessarily. Source code edits are going to be exact on each board the mod is installed on, skin edits on custom skins aren't always going to be the same on every skin.

[Jaggi]

i dunno what you suggest then bfarber but personally i'm uneasy with using php in the skin files and turning on things that could potentially open all kinds of security holes. I much more prefer keep php to the php files and html to the templates where possible with an exception of small bits but not gigantic pieces of code, not sure if you agree there. Seems a bit like a you done a u-turn in essence because after 1.3 ipb went into a huge frenzie about removing all html from php files to make it secure now they're putting php into templates... so assumed they shared the php in php files and html in templates idea.

[bfarber]

The idea isn't to remove all php from skin templates. :)

The idea is to separate presentation from logic. A lot of times, presentation can involve PHP - i.e. language bits, or variables. But sometimes it goes beyond that. i.e. foreach loops (a stronger php component) inside templates. Looping over and displaying results from an array is a matter of a presentational layer, and not a logic layer.

Granted running includes from templates is not really a presentational component, but other php functions could be, and thus running php from templates has massive appeal in our goal to separate presentation from logic.

[Vitaly]

Tasks? :s you can add whole new features to your board with the components system. With the new php allowed in templates aswell, you can make it as complicated as you want with your board...

Just a simple example: D22-pm_log mod. It doesn't modify appearance, but add functionality. In many situations, we can't insert functionality as exec call from template. That's why hooks is "must have" feature.

As bfarber said, there must be the way to sepatare functionality code from presentation (templates). Placeing php code into templates is not a good programming style, IMHO.

[Digi]

Umm....this is already possible. :P

I had an inclining that was what that was for, but I had yet to have the opportunity to actually take a look in to it.

For the rest of the hooks vs. template edits comments. Yes, I agree with (almost) all of that. I was not trying to say a hooks system would not make this all easier, because I said that it would earlier. I was just trying to promote developers to use the tools we have now. :thumbsup:

[Jaggi]

i agree Vitaly that php in templates isn't good programming style that ips used to uphold if fact they still uphold it, they don't have huge snippets of php code inside the templates i'm pretty sure they'd do everything possible first to avoid having to do that. I'm not disputing functional code in the templates such that add to presentation and logic but simply the idea of having huge snippets of code in the templates to avoid a few file edits. IPS with their ifs and foreach functionality inside the templates is a presentation thing in many cases and a logic one yes but isn't that why they added the <if> and <foreach> tags itself? they in fact updated these for 2.2 to be more logical however if they wanted to just put a piece of php in there they could have quite simply instead of making the whole <if> <foreach> system?

[Alex]

But I was saying you dont need to put loads of PHP in to save file edits, you could just use the include_once which is allowed in if tags...

[Vitaly]

That helps, but do solve only 1/2 of problems. The right mods api MUST support hooks too. Sometime hooks allow to keep files & skins intact. That's very signicant for upgrades. vB has very nice implementation of such functionality.

PS. And goood architecture can cache hooks code, to avoid often broadcast calls :)

[Michael P]

I was just trying to promote developers to use the tools we have now. :thumbsup:

Thats good, but the problem I have with it, is the developer documentation is quite poor. Last time I checked it didnt mention about the special IPB exec function in templates, nor about PHP in templates - I didn't even know it was possible.

I think IPS needs to promote their developer features more, but maybe that is just me, lots of people are happy with the documentation - but personally better developer docs would be good. It was a few months since I checked it though so maybe it has improved since then.

[Jaggi]

But I was saying you dont need to put loads of PHP in to save file edits, you could just use the include_once which is allowed in if tags...

yea read back i mentioned i'd never use a extra include when it wasn't needed simply because of the extra overhead.

[Digi]

Thats good, but the problem I have with it, is the developer documentation is quite poor. Last time I checked it didnt mention about the special IPB exec function in templates, nor about PHP in templates - I didn't even know it was possible.

I think IPS needs to promote their developer features more, but maybe that is just me, lots of people are happy with the documentation - but personally better developer docs would be good. It was a few months since I checked it though so maybe it has improved since then.

From what I understand, the developer's documentation is a document in a fetal stage. It's getting better, but more of a side note to other projects. Free time sort of thing I suppose. Honestly, I've always seen the need for an IPS community developer type site, but with the developer community so "separate" it seemed a bit difficult to accomplish. On top of that, I made very mild mention of it before, with the changes proposed for IPSB it wouldn't be necessary in the first place (for a separate site). Sure, we have the "modding" forum on IPSB, but I rarely see any sort of actual discussion beyond "how can I do this?" If this is something people are actually interested in though I'd be willing to join a collective to put forth a living document (wiki-like) for developers as well as provide a place to discuss things such as this, but it is not something I'd be able, or willing, to do on my own. :)

[Jaggi]

hey digi it sounds like a great idea, i'd prefer having a discussion area where we could discuss things and share code snippets for doing certain tasks and then having a wiki type site where we could compile all the information so its easy to read and interpret. If you get it up you can count me in.

[Alex]

If you need help Digi, I will also volunteer :)