Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Security page #368

Merged

Conversation

@invisnet
Copy link
Collaborator

commented Feb 19, 2019

Description

A placeholder security page.

Motivation and context

This shows intent, and gives authors a chance to update their plugins/themes to support ClassicPress.

How has this been tested?

Observation (yes, the new page is there), and a quick test plugin.

Screenshots (if appropriate):

security-page

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

  • My code follows the code style of this project.
  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
@@ -22,7 +22,7 @@
<h2><?php _e( '"Security First"' ); ?></h2>
<p><?php _e( "Security is important to business and it’s important to us here at ClassicPress. By bringing security forward to a place of greater prominence within the admin interface, we create a more streamlined experience for both users and developers." ); ?></p>
<p><?php _e( "As ClassicPress continues to evolve, the Security page will become the hub for all security features for ClassicPress core and 3<sup>rd</sup> party plugins that choose to support it." ); ?></p>
<p><?php _e( "Watch this page and the ClassicPress Security forum for more news as development continues. If you’d like to contribute in this area, please connect with us <a href=\"#\">here</a>." ); ?></p>
<p><?php _e( "Watch this page and the ClassicPress Security forum for more news as development continues. If you’d like to contribute in this area, please connect with us <a href=\"https://forums.classicpress.net/security\" target=\"_blank\">here</a>." ); ?></p>

This comment has been minimized.

Copy link
@nylen

nylen Feb 19, 2019

Member

It looks like you can use https://forums.classicpress.net/c/team-discussions/classicpress-security to avoid an extra redirect.

Also the usual way to translate strings like this is as follows:

printf(
    /* translators: link to security subforum */
    __( 'Watch this page and etc more info <a href="%s">on our security subforum</a>.' ),
    'https://forums.classicpress.net/c/team-discussions/classicpress-security'
);

This comment has been minimized.

Copy link
@invisnet

invisnet Feb 19, 2019

Author Collaborator

That's the correct canonical URL.
As for printf - OK, but does glotpress check the conversion specifiers match?

This comment has been minimized.

Copy link
@nylen

nylen Feb 20, 2019

Member

I'm not sure. Maybe @Mte90 knows.

This comment has been minimized.

Copy link
@Mte90

Mte90 Feb 20, 2019

Collaborator

For glotpress there will be no replace for string, it will use the content inside __() and extract the comment inside printf as description for the localizers

@nylen

This comment has been minimized.

Copy link
Member

commented Feb 19, 2019

Why do we have both horizontal tabs in the main content area, and vertical submenu items in the admin menu?

If we're going to keep both of those, I think the tabs should be the same as the submenu items, but I think it would probably be even better to just pick one.

invisnet added some commits Feb 19, 2019

invisnet
@invisnet

This comment has been minimized.

Copy link
Collaborator Author

commented Feb 19, 2019

Why do we have both horizontal tabs in the main content area, and vertical submenu items in the admin menu?

Tabs and submenus will do completely different things; easiest just to drop the tabs for now.

@nylen nylen added this to the Future release: Security screen milestone Feb 23, 2019

@nylen nylen changed the base branch from develop to feature/security-page Feb 24, 2019

@nylen

This comment has been minimized.

Copy link
Member

commented Feb 24, 2019

@invisnet this is something we'll want to continue building on in the future, so I'm going to merge it as feature/security-page in the main repo.

Then we can submit further PRs against that branch (e.g. to add the first options to this screen), and merge into develop when we're satisfied.

@nylen nylen merged commit 00cffa5 into ClassicPress:feature/security-page Feb 24, 2019

1 check passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details
@bahiirwa

This comment has been minimized.

Copy link
Contributor

commented Apr 2, 2019

When building menu pages we have always had particular priority numbers/set apart for each of the menu pages that come by default. Is this still to be respected? What number will be set for security pages if so? We would add this to documentation so that developers can respect that space.

@nylen nylen referenced this pull request Jul 2, 2019
@jessuppi

This comment has been minimized.

Copy link

commented Jul 23, 2019

This is a bad idea for several reasons. Firstly, you're insinuating that Security is a setting for users to turn on or off and be done with it (obviously, that's not how security works).

Secondly, it's stumbling right into what I feared for ClassicPress which is not appreciating how the vast ecosystem of WordPress works -- the CMS cannot and should not overstep its bounds. If you want to create an ecosystem of plugins, themes, agencies, web hosts (etc) then you need to know your place and integrate with other industry players.

More: https://petitions.classicpress.net/posts/136/new-settings-submenu-security

The problem here is insinuating that security is a "setting" to turn on and off and that its wholly included in the CMS. (It's not, of course.)

Security is a huge, multi-layer concept in web development and stacks, and using the title "security" anywhere in CMS settings does not make sense. If anything, it only misleads users who are browsing their settings...

Should there also be a "Speed" menu? Or a "Marketing" menu? These are macro concepts that cannot be applied to specific software settings. Despite OP's sentiments, it does in fact compete directly with "plugin" branding.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
5 participants
You can’t perform that action at this time.