New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
List of Core Hacks still necessary in 1.8.0-beta #573
Comments
Thanks for the list, I’ll respond to each of them. Note I’m on mobile so I can’t look up what every change does, so I might misunderstand some things.
|
Why not to give at least an option for html emails for the admin and then switch to the proposed code?
Alright, will create my own plugin for this. Thanks.
Because the database gets filled up heavily when
Oh, I left German. It says "Not yet member, register here." - In case somebody clicks on login. Good usability says: Provide a login link from register page, and provide a register link from login page.
Basically you are right. But having 100+ edits per day does not interest my community. The activity page is the main page for most, what is interesting is: Questions, answers, comments. I still vote for getting rid of the edit notices, or at least an admin option. Implementation is very easy, as shown:
But it says not only "do not allow the username change" for all. Current code says: "do not allow, but allow for users that have no posts." which is not the same. I hope we will soon have the implementation by userids, e. g.
By sorting unanswered questions by upvotes you find out which questions are the most interesting ones! Should definitely go into core. Proven as very helpful, even on stackoverflow.
No, from my community I see that either experienced users look there to post similar questions to the OP, or the OP finds a similar answer on the way. I cannot remember a single case where someone looked to related questions to answer them.
Ah damn, I forgot about this. Thanks a lot!
Alright. Done and removed the hack.
Why insecure? I hope you remember that this happens (several times in my forum): Incoming question, user Z writes his answer, meanwhile user A closes the question, user Z submits his answer. Page loads. Answer completely lost! The hack is the only way how to rescue the content.
Sure, could be added. Or as admin option? For me, this filter is until now very helpful.
This allows certain inline styles. More info here.
Maybe ignore this one, as SVG have security issues. It was just for completeness :) I even thought of removing it myself again. |
Mainly because I haven't had time to look into it. Features take time to implement and involve more than just changing 'false' to 'true' (especially in terms of security). I've been spending my time in other areas.
I was under the impression that a custom search plugin would disable the built-in search but it doesn't look like that is the case. Perhaps the built-in search could be moved out into
Makes sense, seems like most sites also do this.
Is this really a problem? If they have no posts yet then changing their username doesn't really mean anything.
Because closed questions cannot be answered, and this allows anyone to answer them. It's the equivalent of doing form validation only in JavaScript and not server side. |
Then I suggest to check the age of the closed notice - and if it is older than e. g. 12 hours, not allow the posting anymore. But I don't see any big problem here letting answers through. Frontend there are no buttons if there is a closed question. And it must be a developer to be able to do a submit for this case. |
Most of my issues I solved already with plugins, however, there is still work (core hacks within
qa-include
) after each upgrade. This list shows why and what - in the hope that this will be discussed and fixed in the core files:The text was updated successfully, but these errors were encountered: