HTML Logo by World Wide Web Consortium (www.w3.org). Click to learn more about our commitment to accessibility and standards.

Moving forward with Composr

ocPortal has been relaunched as Composr CMS, which is now in beta. ocPortal 9 will be superseded by Composr 10.

Head over to compo.sr for our new site, and to our migration roadmap. Existing ocPortal member accounts have been mirrored.


"Sorry, Guest does not have access to use the 'block' Comcode tag (usage blocked)."

Login / Search

 [ Join | More ]
 Add topic 
Posted
Rating:
#102897 (In Topic #20150)
Avatar

Well-settled

So I am seeing the error above on my Wiki+ pages where I have a block for a menu.  The error happens whether you are a guest or not.

The fix seems to be to go into the Wiki+ page, click "edit" then hit "save".

My question, does http://ocportal.com/tracker/view.php?id=1602 resolve this issue?

Russ Teicheira
http://vvarmachine.com or http://vvarnc.com - OCPortal Install
http://www.russteicheira.net
 - Profile Site that needs updating
http://projectxfire.com - Tech Blog that I need to get back to
Back to the top
 
Posted
Rating:
#102900
Avatar

If you are on 9.0.12, you would have received this fix.

This fix makes it so editing will copy the ownership of the page through to the saved Comcode. That seems to be what is happening when you edit, so suggests you do have this fix.

As I am not aware of the background to how this issue popped up on your site, it's difficult for me to say why you would receive this error, and why the page ownerships would have got out of sync – but I can speculate on two possible causes.

  1. If you've run some query to change who owns the page, that would explain why editing is now propagating this change.
  2. Or, if a non-admin edited the page since an admin created it, that edit could have lowered the Comcode permissions down to those of the non-admin, as discussed in here: View topic: Markup for Comcode page header getting ignored - ocPortal.com

In short - non-admins should not be able to place blocks, as it is a major security hazard. ocPortal is allowing things edited by a non-admin to have blocks in it. If you are trying to create a non-admin editable wiki, plus have blocks and other complex stuff in there that non-admins can edit, it's not something that can work permission-wise.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#102906
Avatar

Well-settled

Had not done anything on the back end.  And it's just a block placed on the page for navigating our "Code of Conduct".  All the pages are open to guest view.

I ended up "editing" and "saving" all the Wiki+ pages.  They had also lost their formatting.  Not really sure what happened.

Russ Teicheira
http://vvarmachine.com or http://vvarnc.com - OCPortal Install
http://www.russteicheira.net
 - Profile Site that needs updating
http://projectxfire.com - Tech Blog that I need to get back to
Back to the top
 
Posted
Rating:
#102911
Avatar

Well-settled

The forum topic Chris recommends - a recent conversation between him and myself on this same issue - was extremely informative to me!

Basically important: Every time a Comcode page is edited and saved, it's saved along with the Usergroup ID of the person saving it. If that Usergroup has different Comcode Permissions (set in Global Privileges - Comcode) the saved edit will reflect - for all viewers - the Comcode permissions of the saver's Usergroup. Crucially, if the page was originally created by a Usergroup with the "Subject to a more liberal HTML filter" privilege (by default, Administrators only) and then edited by someone without that privilege, the original HTML tagging will get stripped when he/she saves it.

Another aspect of this same behaviour: you'll notice that when you start creating a new Comcode page, the special Comcode tag buttons don't show up on the CK editor toolbar. After your initial save, they'll show up - providing you've created the page as a member of a Usergroup with Comcode privileges.

Hope this helps!

Richard

Back to the top
 
Posted
Rating:
#102913
Avatar

Thanks. Just to correct a terminology issue here…

These aren't Comcode pages, they're Wiki+ pages, and Wiki+ pages use Comcode.

Comcode pages are something specific within ocPortal, while Comcode is the markup technology used in a various kinds of content types (including Wiki+ pages, Comcode pages, forum posts, …).


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#102914
Avatar

Well-settled

Thanks, Chris!

Apologies, rteichera, for any confusion caused - my carelessness entirely. I'd actually intended to say "all pages
built with Comcode (including Wiki+ pages) ...", but neglected to in the haste of writing!

Regards

Richard

Back to the top
 
Posted
Rating:
#102920
Avatar

Well-settled

No problem!  As I said I ended up just reediting all of the pages (only a dozen or so) to get them back to working order… not sure what happened.  Only thing I can think of is something went bad during the last update.

Russ Teicheira
http://vvarmachine.com or http://vvarnc.com - OCPortal Install
http://www.russteicheira.net
 - Profile Site that needs updating
http://projectxfire.com - Tech Blog that I need to get back to
Back to the top
 
Posted
Rating:
#102931
Avatar

Well-settled

Okay, so I have started noticing similar issues all across the website, and some of these were posted post 9.0.12 upgrade.

Posts & pages randomly lose formatting.  As an example, a news post I posted on 3/27/2014 lost all it's formatting and I had to go in and "save" it again to get the formatting back.  This is also impacting signatures of most of my members.

Almost seems that ownership of the pages/posts are loosing their ownership at random or something else is going on.

Russ Teicheira
http://vvarmachine.com or http://vvarnc.com - OCPortal Install
http://www.russteicheira.net
 - Profile Site that needs updating
http://projectxfire.com - Tech Blog that I need to get back to
Back to the top
 
Posted
Rating:
#102933
Avatar

Have you removed the "Subject to a more liberal HTML filter" privilege from a common usergroup? If so, as soon as the Tempcode cache was cleared it would rebuild things without that privilege.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#102938
Avatar

Well-settled

Hi rteicheira!
This is also impacting signatures of most of my members.
 Can you identify any common elements affected within their signatures generally? Dead hyperlinks, emoticons displayed as text, embedded images/logos? Elements like that predictably would be impacted if the members concerned had had the "liberal HTML filter" privilege when they composed the signature, but the privilege had more recently been removed - as Chris just noted. Which leads me to your comment,
Almost seems that ownership of the pages/posts are loosing their ownership at random or something else is going on.
 Ownership of a page (which is the effect of binding of its last editor's username to its title) and "ownership" (i.e., control, less ambiguously) of its Comcode page-content are two quite different matters. The page's creator will lose control of the Comcode if the "liberal HTML filter" privilege has been removed - or added - if he/she edits, or re-uses a portion of pre-existing Comcode and saves the page, but won't be losing ownership of the page. On the other hand, if someone else edits the page, on saving it its previous owner will lose ownership of it to them, but - provided that both parties have always had the same Usergroup privilege regarding HTML filtering - the creator of the page or signature will retain his/her original ability to control its Comcode formatting (as its new owner will, also).

Your experiencing of lost Comcode formatting, then, doesn't imply there's something wrong. Things have been deliberately programmed to work this way - all the tag-stripping and re-building as Comcode is in the interest of preventing people from entering dangerous or malicious HTML into a page. Getting used to how it all works in practice, and how to fix these issues, might seem a bit of a learning-curve, but in my experience, hasn't proven a hugely steep one.:) The most crucial measure, I've found, when aiming to fix someone else's page, is to work on it masquerading as him/her; if you opt to work on their originally saved page, however, you'll need to do so as a super-moderator (in order to access its versions) set with the same Comcode privileges that the page's creator now has (regardless of his/her privileges when it was created).

Chris - when you read this: I haven't needed to apply the new fix to my v9.0.9 that rteicheira has, so I can't 
offer anything specifically v..12 related, but I was wondering: How does the Site Configuration option "Convert XHTML to Comcode" impact on v..12, and would setting it one way or the other help alleviate rteicheira's present situation or, at least, to prevent it as regards members' future posted comments?

Looking forward to your comeback, rteicheira!


Last edit: by RichT
Back to the top
 
Posted
Rating:
#102939
Avatar

How does the Site Configuration option "Convert XHTML to Comcode" impact on v..12, and would setting it one way or the other help alleviate rteicheira's present situation or, at least, to prevent it as regards members' future posted comments?

I really don't recommend that option, it will just open a different can of worms ;).


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#103228
Avatar

Well-settled

This problem is reoccurring again… signatures, wiki+ pages, etc.

Russ Teicheira
http://vvarmachine.com or http://vvarnc.com - OCPortal Install
http://www.russteicheira.net
 - Profile Site that needs updating
http://projectxfire.com - Tech Blog that I need to get back to
Back to the top
 
Posted
Rating:
#103269
Avatar

Community saint

I have the same issue, with comcode permissons on calendar entries. Specifically the reminders you subscribe to (which contain a comcode block referencing the relevant Wiki+ page). I created the entries and the Wiki+ pages, but when I view reminder PT I don't have permission to view the comcode. Will check the relevant settings mentioned here, but I don't recall changing them.
Back to the top
 
Posted
Rating:
#103288
Avatar

Sorry for the delay on this guys, it's been a very busy week and I needed to give this some concentration. Replies coming.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#103289
Avatar

KingBast said

I have the same issue, with comcode permissons on calendar entries. Specifically the reminders you subscribe to (which contain a comcode block referencing the relevant Wiki+ page). I created the entries and the Wiki+ pages, but when I view reminder PT I don't have permission to view the comcode. Will check the relevant settings mentioned here, but I don't recall changing them.
Okay, this one looks like a very specific bug, so I'll tackle this first.

When ocPortal sends a notification it specifies the security of what the notification Comcode will be processed with. Obviously you don't want some content to be written by a hacker referencing blocks that leak protected site data and then having the hacker trigger a notification to themselves containing the evaluated version of that.

In the case of the calendar alerts, it was setting it as a generic unprivileged access token, rather than the calendar event submitter. That's secure, but we can expand the permissions to the correct one for this case.

sources/hooks/cron/calendar.php:
Attachment
» Download: calendar.php (6 Kb, 93 downloads so far)


I couldn't find any other cases of this in the code, just for the calendar alerts.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#103290
Avatar

rteicheira said

This problem is reoccurring again… signatures, wiki+ pages, etc.
I think you are probably suffering from this:
0001625: Bug: Lost Comcode permissions after an upgrade - ocPortal feature tracker

It's a nasty bug caused by recent changes, resulting in lost Comcode permissions when the Comcode cache is cleared.

Most site webmasters can be confident that non-admins have not been editing admin content. If that is the case, run the reset_comcode_ownership.php attached to the issue to reset your Comcode ownerships to match the permissions of the owner of the content it is attached to. It should magically fix everything, assuming the content owner really does have the permissions you intended. I just updated the script to ensure it covers Wiki+ pages/posts and signatures.

I recently worked with another user on this, and off-hand I can't remember who it was. But it resolved their problem.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
There are too many online users to list.
Control functions:

Quick reply   Contract

Your name:
Your message: