Welcome to Geeklog Tuesday, January 26 2021 @ 10:43 pm EST

Geeklog Forums

Stories not always saving


Status: offline

worldfooty

Forum User
Full Member
Registered: 13/01/09
Posts: 156
Location:Mostly Adelaide, South Australia, Australia
Hi,

I upgraded to GL1.5.1 recently from GL1.4.0.

I've started to notice that sometimes I edit people's stories and then press save and I don't get the saved story message 9. Instead it goes back to the story list and only the stories for that topic are showing (the selection menu shows the specific topic).

I'm wondering if this is related to the CSRF fix mentioned here http://www.geeklog.net/article.php/csrf

I don't know much about it, but could it be because some token expires? I typically have stories sitting there mid-edit for an hour or more - some are very long, some need emails answered or images edited, and sometimes I just wander off around the house.

If that is the problem, shouldn't it at least give an error message saying so, and suggesting pressing BACK and cut and pasting your hard work to somewhere safe?

There's a few issues like that which I'm curious about but I figure I should start a new thread for each topic.

Cheers,
Brett
 Quote

Status: offline

Dirk

Site Admin
Admin
Registered: 12/01/02
Posts: 13073
Location:Stuttgart, Germany
Yes, the CSRF token expires after 20 minutes. So you should at least hit Preview once in a while to refresh it.

And I agree, we should be displaying a warning message.

bye, Dirk
 Quote

Status: offline

worldfooty

Forum User
Full Member
Registered: 13/01/09
Posts: 156
Location:Mostly Adelaide, South Australia, Australia
OK, I'll warn my other editors.

Does that mean error message is officially a request for future releases or should I note it somewhere?

Would this affect public users submitting stories as submissions or just editors?

 Quote

Status: offline

Dirk

Site Admin
Admin
Registered: 12/01/02
Posts: 13073
Location:Stuttgart, Germany
Quote by: worldfooty

Does that mean error message is officially a request for future releases or should I note it somewhere?


Adding it on our bugtracker can't hurt ...


Quote by: worldfooty

Would this affect public users submitting stories as submissions or just editors?


The CSRF protection is only implemented for the various admin functions.

bye, Dirk
 Quote

Status: offline

::Ben

Forum User
Full Member
Registered: 14/01/05
Posts: 1569
Location:la rochelle, France
Hello,

I made a feature request for auto draft story, like this we could also bypass the CSRF token expiration.

::Ben
I'm available to customise your themes or plugins for your Geeklog CMS
 Quote

Status: offline

worldfooty

Forum User
Full Member
Registered: 13/01/09
Posts: 156
Location:Mostly Adelaide, South Australia, Australia

Oh dear, I warned all our regular writers about this timeout issue, but I've already had one guy come back and say he wrote a long story (his first for quite a while) and it didn't save because of this. The key being that he didn't notice until much later when it was too late. Hopefully he'll remember!
 Quote

Status: offline

TeMpTiN

Forum User
Newbie
Registered: 16/03/05
Posts: 13
No matter what is at fault I always recommend writing stories and some time even forum posts in you local word processor and the copying to the story editor.
It is a pain some times but you should never loose your work to a timeout or connection glitch.

 Quote

Status: offline

worldfooty

Forum User
Full Member
Registered: 13/01/09
Posts: 156
Location:Mostly Adelaide, South Australia, Australia
Yes, I tell our writers the same thing - and then fail to observe that rule myself.

I also discovered that the same thing happens with static pages, but even worse in that you can't use Preview to make sure it is "fresh".
 Quote

Status: offline

Dirk

Site Admin
Admin
Registered: 12/01/02
Posts: 13073
Location:Stuttgart, Germany
Just wanted to mention that the problem with the expiring tokens will finally be addressed in Geeklog 1.6.2:
http://wiki.geeklog.net/index.php/Re-Authentication_for_expired_Tokens

bye, Dirk
 Quote

Status: offline

worldfooty

Forum User
Full Member
Registered: 13/01/09
Posts: 156
Location:Mostly Adelaide, South Australia, Australia
:banana:

That's great news! In my list of top 10 issues with Geeklog, it fills spots 1 to 6 !

It will be a great relief, especially with static pages where there was no hint, to know whether an article is saving.

The suggested solution looks nice and I like the text re-assuring the user that their changes will not be lost - that should stop people panicking and pressing Back.

 Quote

Status: offline

worldfooty

Forum User
Full Member
Registered: 13/01/09
Posts: 156
Location:Mostly Adelaide, South Australia, Australia
Having just installed 1.7.1 (up from 1.5) I was very excited that the CSRF token expiration issue would go away.

Sure enough, I was logged in as myself with admin functions, editing a story, and it expired, so it took me to the authentication page, and I entered by username and password and it saved it okay. Yes!

But I've had the same thing happen several more times, with a complete failure. I've been editing, pressed saved and been sent to the page:

http://www.worldfootynews.com/admin/story.php

The security token for this operation has expired. Please authenticate again to continue.
Authentication Required

The security token for this operation has expired. If you want to continue with this operation, then please authenticate again below. This will ensure that the changes you just made will not be lost.
Username:
Password:


So I enter it, and then I get sent to:

http://www.worldfootynews.com/users.php

Authentication Required
Username:
Password:
All access to administrative portions of this web site are logged and reviewed.
This page is for the use of authorized personnel only.


I enter my username and password and end up at the moderation page, and my story is lost. If I go back on my browser, I get to the last version of the story prior to all my changes. So no way of recovering it.

Any ideas what is going wrong? I'm using Firefox and my user account is set to keep me logged in for 8 hours, and the error seems to occur even if I am still logged in.
 Quote

Status: offline

worldfooty

Forum User
Full Member
Registered: 13/01/09
Posts: 156
Location:Mostly Adelaide, South Australia, Australia

I wonder if it is tied up with my whole login expiring? I just went back to my site, where I was logged in, and clicked on Stories from the admin menu, to go back and look at a story. It took me back to the login Authentication Required page (the url was /admin/story.php?mode=edit&editor=std&sid=20101229122021798), even though it had been only about 60 mins away from the window, and then when I entered my username and password it took me to /admin/moderation.php rather than the story I had clicked on.
 Quote

Status: offline

::Ben

Forum User
Full Member
Registered: 14/01/05
Posts: 1569
Location:la rochelle, France
Could it be a theme issue? Did you upgrade your theme?

::Ben

I'm available to customise your themes or plugins for your Geeklog CMS
 Quote

Status: offline

worldfooty

Forum User
Full Member
Registered: 13/01/09
Posts: 156
Location:Mostly Adelaide, South Australia, Australia
Woops, didn't mean to have an emoticon above.

My only theme is Professional, which I believe rolls out with GL 1.7.1, and I make the same mods to it after each upgrade. Are any of these likely to affect it?

\public_html\
lib-common.php - changed one case of Root to Story Admin so HTML checking not applied to Admins

\geeklog\language\
english_utf-8.php - some extra stuff

\geeklog\system\
lib-comment.php - 2 extra lines for comment form
lib-story.php - restrict hits display to only if > 150 and body not empty
lib-custom.php - added phpblock_submissions for my own submissions style

\public_html\
stats.php - commented out part so active users is registered users

\public_html\layout\professional\
footer.thtml - add credits to 2 other sotes, change widths to handle it
style.css - several changes to header section and added image-body
img section to put space across story images
leftblocks.thtml - added small WFN logo at top of LHS block
header.thtml - add banner and sponsor ad, required changes to style.css too, and new header-bg,
and add Google analytics code.

\public_html\layout\professional\comment\
commentform.thtml - insert the 2 extra lines for the comment form
commentform_advanced.thtml - insert the 2 extra lines for the comment form

 Quote

All times are EST. The time is now 10:43 pm.

  • Normal Topic
  • Sticky Topic
  • Locked Topic
  • New Post
  • Sticky Topic W/ New Post
  • Locked Topic W/ New Post
  •  View Anonymous Posts
  •  Able to post
  •  Filtered HTML Allowed
  •  Censored Content