Fixing FOAF output (Trac #2075) #2075
Comments
|
Attachment added by trac user melvincarvalho on 40297804-05-27: foaf.diff |
|
cash wrote on 40297992-02-04 The patch applies cleanly. Thanks! Does it make sense to include a user's username in foaf as it is currently or should we just expose the display name? Anyone have an opinion? Rather than removing mbox_sha1sum, should we implement it correctly? Or is that feature just not used in the wild? As a mental note to self: before committing, change the hard coded icon path to use getIcon() |
|
trac user melvincarvalho wrote on 40300644-08-30 Thanks for the comments! This was just a first cut to get things into shape for 1.7.1 There's a few more improvements I can make for the next version. I think foaf:name and foaf:nick are set as expected. Did I miss something? It was important to remove the mbox_sha1sum, as there's a security issue with it ... After 1.7.1 I'll make some more improvements for foaf for the next version, and will run it past the w3c folks. Hopefully elgg will have the best foaf out there! |
|
cash wrote on 40300762-03-02 I'm just wondering what the benefit is of including someone's username. That's all. There is nothing wrong with the code with reference to this. What's the security issue with mbox_sha1sum? |
|
trac user melvincarvalho wrote on 40300776-10-09 Good question! Username isnt 100% necessary, people often use a nick as an identifying mark eg timbl = tim berners-lee so it's pretty common in foafs to use that field. Re: mbox_sha1sum see: http://ebiquity.umbc.edu/blogger/2009/12/17/foafmbox_sha1sum-considered-harmful/ |
|
cash wrote on 40300810-06-28 Funny. I have worked with Tim - the author of that post. Anyway, doesn't seem that big of a deal (the spammers already have my address!). Is the FOAF community phasing this out? If so, is there a top contender to replace it that we should be adding? Regardless, I'll try to get this patch committed soon. |
|
trac user melvincarvalho wrote on 40300840-08-05 Awesome thanks, I think it's been marked as unsafe in the spec, and we're going to use something more like the elgg ACL's system going forward. It's not a huge security issue, but maybe a nice to have. Once I've got a clearer understanding, I'll try and put together some more code to do this. |
|
cash wrote on 40303812-09-06 (In [svn:5823]) Fixes #2075 - applied Melvin's patch to the foaf views |
Original ticket http://trac.elgg.org/ticket/2075 on 40297803-08-23 by trac user melvincarvalho, assigned to unknown.
Elgg version: 1.7
Hi All
I have a fix for the FOAF output. It was previously broken on any profile page with view=foaf.
It's tested against the latest checked out elgg 1.7 branch.
The FOAF was broken before and this should be a good base to go forward. It also fixes a security issue.
It's only a few lines of code, and it would be great if you could take a look.
Please excuse me if ive not got the format 100% right, it's my first patch!
I'll be around to discuss on #elgg
The text was updated successfully, but these errors were encountered: