Jump to content

Community

Andy Millne

Invision Community Team
  • Posts

    27,393
  • Joined

  • Days Won

    30

 Content Type 

Profiles

Downloads

IPS4 Providers

Release Notes

IPS4 Guides

IPS4 Developer Documentation

Invision Community Blog

Forums

Store

Everything posted by Andy Millne

  1. I have submitted a 4.6 compatibility update today
  2. Can you send me a PM with access info so I can investigate this please? I'm not seeing any issues locally.
  3. I have submitted a new version that should resolve this issue. Thank you for letting me know.
  4. There is a 4.5 compatibility update in review.
  5. This is intended for a single Pages database only, it does not generate a news sitemap for discussion topics. Support for regular sitemaps in topics is built in to Invision Community. Unfortunately the 4.4 version is no longer available but you're missing out by not upgrading to 4.5 😄 4.4 is still available and can be accessed from the changelog on the file listing.
  6. This should be the name of your publication e.g. "Wall Street Journal" although it is no longer required to exactly match the name in your articles at Google.
  7. The app now allows you to set a cover photo image for each competition. You can set these in the competition settings in the admin control panel.
  8. Please feel free to send me a PM with ACP access so I may investigate this. The theme is editable via the admin control panel as with all apps. Unfortunately I'm not able to assist with customization requests but there is a directory of 3rd party designers in the resources section at https://invisioncommunity.com/third-party/providers/
  9. I am planning to update this for 4.5 but I'm not sure when exactly it will be available unfortunately.
  10. Sorry @christopher-w, missed that. The theme templates/css are customisable via the default template editors if you wanted to change the layout but the aspect ratio is not configurable by default, no.
  11. Your screenshot is not showing and I'm not able to reproduce this locally but if you send me a PM with an admin login I can investigate that. @jesuralem and @Nathan Explosion There isn't any native support for videos currently. Any file uploaded will show as a downloadable link. I can look into adding video playback however.
  12. This hasn't been very popular so I wasn't planning to update it but that said it's quite straightforward and doesn't require much in the way of support so I'll see what I can do.
  13. Please send me a PM with access info and I will investigate. Thanks these are some great suggestions. I'll see what I can do for the next version.
  14. Are you logged in as a restricted administrator perhaps? If so you may need to enable the completion restrictions using a different admin user.
  15. Just a momentary thing for the moderator.
  16. For a very long time Invision Community has allowed community owners to choose how open or private their communities should be. Communities could optionally allow guests to post without registering, they could allow the use of pseudonyms or they could require the use of real names. This covers a diverse range of communities but feedback from our clients made us realize that some use cases have not been accounted for. For some types of community, where discussion topics are particularly sensitive, community owners want to make sure that members register with their real details but are given the option to post anonymously where appropriate. For example, organisations dealing with abuse or sensitive topics might want the member to feel safe and disinhibited to post info without fear of being identified by the rest of the community. With our next release, we are pleased to introduce Anonymous Posting to make this a reality. When enabled, members will see the option to post anonymously when creating or replying to content. Starting a new anonymous topic Author details for anonymously posted content is hidden throughout the community and instead a default profile picture and name is shown. Total anonymity is not always desirable however and in some cases it may be necessary for trusted staff members to know who posted the content. Where allowed, these staff members will be shown an option to reveal the content author. Author details are hidden but can be revealed by trusted staff members Anonymous posting can be enabled on a per group basis and also limited to specific forums, albums and categories etc. The ability for staff members to reveal who really posted the content is a moderator permission. We hope this new feature is a useful addition and where appropriate makes your members feel safe or comfortable to share info they might not have otherwise. How open or private is your community and what do you find are the benefits or disadvantages of anonymity?
  17. There is a 4.5 compatible version currently submitted and in the review process now. Thanks for your patience.
  18. The app is not officially compatible with 4.5 currently. It may work without issue but I will be reviewing shortly and releasing a confirmed compatibility update in the next couple of weeks.
  19. New Application Extensions Three new application extensions are available; core/RssImport core/MobileNavigation core/OverviewStatistics \IPS\Application::getRootPath() A new \IPS\Application::getRootPath() method is available to return the path to application files regardless of the server environment, which should be used instead of \IPS\ROOT_PATH Stock Photos The WYSIWYG editor now includes an "allowStockPhotos" options array parameter. A boolean value is accepted and will determine whether or not the editor can have images attached via the Pixabay stock photo picker if also enabled in community enhancements. Admin Control Panel CSRF Protection Additional protections are now required for admin control panel controllers to protect against cross site request forgery attacks. The steps required are described in the security considerations guide.
  20. The Invision Community framework is set up with security best practices in mind but there are a few things you should make use of in order to not inadvertently bypass these protections. Validating User Input Where your application or plugins request user data the built in Form handling methods should be used. By default form input is protected against vulnerabilities but you should still ensure the correct form types are used for example using email address, number and radio fields etc. where appropriate. This not only provides the best user experience but also means the input is validated using appropriate methods. When using environment, request and cookie variables you should also be sure to use the \IPS\Request methods that are adjusted to account for environment differences. This data is *not* validated and should be treated as untrusted and validated and sanitised as appropriate. Escaping Output Invision Community template syntax automatically escapes variables on output but this can be bypassed with the raw modifier as explained in the template syntax guide. The raw modifier should only ever be used with trusted and sanitised content otherwise a risk of introducing a vulnerability exists. Querying The Database The database class contains distinct methods for selecting, updating, inserting and deleting data and contains security features to prevent database injection vulnerabilities. The raw query() method should be avoided wherever possible and if used, only ever with sanitised and pre-formatted queries. Protecting Against Cross Site Request Forgeries Any methods that alter data/state, or which process any data, should be protected against cross site request forgeries to make sure requests are initiated by the user that intended it. When using the built in form handling methods this will occur automatically when called in conjunction with the $form->values() method. Outside of forms you can protect links generated with the built in URL classes by using the built in csrf() method. For example the following; \IPS\Http\Url::internal( "app=myapp&module=mymodule&controller=mycontroller&do=myaction" )->csrf() ...will add the csrf key to your link. The controller that acts on the request should then be protected by adding the following before the action is performed. For example; public function myaction() { \IPS\Session::i()->csrfCheck(); // Your code here } Both of these steps must be in place for an effective CSRF defense. When deleting something, you should also implement the deletion public function delete() { \IPS\Request::i()->confirmedDelete(); //your deletion logic } In addition, within the admin control panel you should add the following class property to confirm suitable CSRF checks are in place; /** * @brief Has been CSRF-protected */ public static $csrfProtected = TRUE; This page is not an exhaustive list of security considerations and serves only as a guide to the most common pitfalls new developers face. Industry best practices should be followed at all times when developing applications and plugins for the Invision Community platform.
  21. What it is MobileNavigation extensions are used to add new tabs to the mobile app navigation menu, tying in directly with the menu manager in the AdminCP. How to use Many of the same methods are implemented as the core/FrontNavigation extension so if you are familiar with this extension you already have a head start. Implemented methods in the mobile navigation extension are as follows; /** * Can the currently logged in user access the content this item links to? * * @return bool */ public function canAccessContent() The canAccessContent() method allows you to dynamically check if the current viewing member an access the page or not. Often this will come down to checking if the member can access the module or not, however you can perform whatever checks you want, returning TRUE if the member can access the tab and FALSE if not. /** * Get Title * * @return string */ public function title() The title() method returns the tab title to display within the app. /** * Get Link * * @return \IPS\Http\Url */ public function link() The link() method, as you might expect, returns the link that the tab should point to. A full \IPS\Http\Url object should be returned. /** * Permissions can be inherited? * * @return bool */ public static function permissionsCanInherit() By default permissions can be inherited by menu items (e.g. if you cannot access any menu items, do not show the tab), however you can disable this if you wish by overriding this method and returning FALSE. /** * Allow multiple instances? * * @return string */ public static function allowMultiple() By default, only one instance of a menu item is available to set up (so you cannot create two 'Gallery' tabs by choosing Gallery in the menu manager), however if your menu class would benefit from supporting multiple instances this method can be overridden and return TRUE. This is used for the base generic Menu mobile navigation extension, for instance, as you may want to create multiple menus. /** * Get configuration fields * * @param array $configuration The existing configuration, if editing an existing item * @param int $id The ID number of the existing item, if editing * @return array */ public static function configuration( $existingConfiguration, $id = NULL ) If your menu requires special configuration, you can define a static configuration() method to return an array of form helper elements to display in order to configure the menu. /** * Parse configuration fields * * @param array $configuration The values received from the form * @return array */ public static function parseConfiguration( $configuration, $id ) If your menu requires special configuration, you can define a static parseConfiguration() method to process the form helper elements returned with the configuration() method described above. /** * Can this item be used at all? * For example, if this will link to a particular feature which has been diabled, it should * not be available, even if the user has permission * * @return bool */ public static function isEnabled() As the docblock states, you can return FALSE from the isEnabled() method if you need to completely disable the menu item regardless of user permissions. MobileNavigation extensions extend \IPS\core\MobileNavigation\MobileNavigationAbstract so it is worth taking a look at this class to understand the methods being extended and how they interact if there is any confusion.
  22. Ah I see, it's the vertical menu that prevents a sub item. It's not possible to add a link Link as in your screenshot unless you're comfortable making theme edits in which case you would edit the "competitions" template. Alternatively you could edit the "There are no competitions available" language string to include a link. I don't have a date yet but it will likely be inline with the Invision Community 4.5 release or shortly after.
  23. If you still have a primary nav bar for the contest page you could add an external link type as a sub item using the menu manager. Would that work?
  24. Helen took on extra responsibilities in her day job and no longer had the time to commit to it.
×
×
  • Create New...

Important Information

We use technologies, such as cookies, to customise content and advertising, to provide social media features and to analyse traffic to the site. We also share information about your use of our site with our trusted social media, advertising and analytics partners. See more about cookies and our Privacy Policy