Hi guys.

Could I *please* submit a feature request for future versions of Geeklog? At the moment, the only way for a user to upload an image is for them to be assigned "Story Admin". Unfortunately once you do that, there's no way to moderate the content (ie, their submission shows straight up on the front page). It would be great if users could have the same flexibility as story admins with regards to introduction, story body, images, etc, but still have their stories moderated (the way it works now)

I've dug through the forums, and found references to previous forum posts like this and this, and as it stands now, it seems almost impossible to implement.

If anyone has successfully done what I've said above, I'd really appreciate if you could get in touch with me and let me know how you did it, or better still post it in these forums.

Thanks, and great work Geeklog team, best blog software evar!

Billy

Geeklog has been pretty much stubborn about this issue ie not implementing this feature. If this is what you need you can find an easier solution at http://e107.org
Give us feedback whether it helped you or not

@billyboy

In order to the features you want, significant development time would need to be devoted to the implementation of image upload/advacned story editing in the "non story admin" story editor.

This is something that has not had a high priority over time on the Geeklog project. You could implement it yourself and submit a patch, which could then be integrated into the full product.

Or you could implement an image upload plugin, and use the Geeklog smarttag api to allow easy insertion of images into the stories users submit with that.

@J Lopez:

that kind of answer: use another CMS, is unhelpful and innapropriate.

Billyboy, why not enable the FCKeditor for the non-editor story submit form and enable the toolbar items like the image manager. You would also have to enable the extra html tags to support the images.

The main reason we don't ship this feature enabled is security. Geeklog has always put security first and let users open it up should they want.

Also, I believe you can delegate smaller story.edit groups by assigning topic edit rights to groupA for example. You need both the topic edit perms and story.edit right. I may be wrong on the subtleties of the topic perms but believe there is a way to sub-divide editorial rights.

---

Geeklog components by PortalParts -- www.portalparts.com

JLopez, thanks for the tip, but I've been a big fan of Geeklog over the years, and don't plan on choosing another CMS anytime soon. I see the problem of image uploads as a small hinderance, one which can and will be overcome in time...

THEMike, I need to look a bit more closely at Geeklog's security management. While I'm not a full time coder, I know enough to get by, so I'll dig around and see what I can come up with... a patch is a good idea. If anyone is interested in working together on it, let me know

Blaine, great to hear from you! Big fan of your work, and some great tips. Agreed RE security and its importance, but perhaps worthy of considering sometime down the track? It'd give Geeklog the ability to not only suit a single blogger, but open it up to friends you know, or don't, allowing for moderation before publishing. I don't expect or want Geeklog to become a bloated CMS, but this addition would imho give it a lot more flexibility

Billy

Thanks for the feedbacks.

@Blaine
I am not sure how allowing .gif .jpg uploads/attachments by registered users can cause a breach of security. GL had its fair share of big security holes even without this feature and may be other holes are yet to be discovered. If that is are all the gallery scripts having security breaches ??


@TheMike
I am sorry for suggesting another cms - I see from where you come. But you must see from where 'we' the endusers come too. A typical enduser is just that - uses the end-product , suggesting them to be geeky and develop patch or plugins may not be always a very good idea, IMHO

@Billyboy
being a GL fan is all good - probably thats the reason I am also here but keeping other options without checking them may not be a logical thing for ever. What you want to do can be easily done by the e107 for the submission part without need to change other parts of the GL. As submissions are supposed to be finally approved by you , you can import them to GL.

@J Lopez: You have to enable the HTML img tag and tag parameters for any image to appear in the rendered content. It's the additional HTML tags that are the potential security issue and why by default GL filters these tags out. But your more them welcome to enable these tags on your site. It all depends on your sites audience, function and how much you trust/know the community of users.

There is for example an exploit where a user may upload HTML code that is embedded in a image file and could execute a cross site script. It appears like an image is being uploaded until a user views the image. Same exploit used by most email spammers to verify a user has read a message without ever needing the user to reply.

---

Geeklog components by PortalParts -- www.portalparts.com

There are other ways to let "normal" users posts images, btw. You could use one of the image galleries that support an autotag (i.e. upload image in the gallery, use the autotag to link to it with a thumbnail). Or you could use my flickr plugin.

bye, Dirk

@Blaine
Thanks Blaine. Actually core GL does NOT always filter this out, for example
the profile page allows user photo upload. By the same logic as yours an user
may use this for exploit !!
Thus it is not quite logical to me as to what you say. BTW how does gallery
scripts handle the security issue then ??

@Dirk
Posting news at one place and image at other will be too cumbersome for the
user as also many users dislike FCKeditors and sort as they take time to load.