Adding Admin setting page #70
Conversation
…on and dutch translations.
This commit replaces usage of scriptlets with JSTL, which does a better job at escaping user-provided values. Prevents people from abusing the console by entering things like `<script>alert('not good');</script>`
This will allow a user to click on the label to give focus to the input element.
This reduces the amount of code, and helps give a uniform look and feel to the admin console.
Filled a previously unused descriptive text.
|
Thanks for providing this! Many people are going to find this very useful! I've added a bunch of commits to your PR that apply small changes. The most relevant change is one that aims to prevent XSS, by ensuring that user-provided input is escaped while rendered on screen. @annovanvliet can you please verify that I didn't break anything for your environment? |
|
Fixed one essential typo. Still one question about the Maximum file size. The readme says -1 to disable the check. This value cannot be entered. Also the code is checking if value is larger then 0. So setting value to zero also disables the check. Whereas we actually were hoping to to be able to block filesharing by specifying 0 as the Maximum file size. |
|
Thanks for the fix, @annovanvliet! The discrepancy between documentation and implementation with regards to the maximum file size setting is annoying. That should be aligned. I'm not a big fan of re-using that particular setting to disable all of the functionality of the plugin. From an admin's perspective, that would be confusing, as we're mixing a very permissive configuration (do not use a limit) with a very restrictive one (disable all of the plugin). We should have a distinct setting for the latter (although one could just as well unload the plugin, I suppose). There might be room for yet another configuration option: one that disables upload, but allows download. Pragmatically, I'm not sure if there's a use-case for that. If there is not, then adding such an option might only add to the maintenance burden of the plugin. |
|
Thank you for your answer. You are raising a valid point with the permissive and restrictive site of the two distinct values. For now we go with the pragmatically solution of specifying 1 as the max size. An additional parameter is an option, but you are slowly opening an complete new area of extra functionality here, like access control and group or role based permissions to upload content, which involves more involvement then planned. |
|
I agree that we best create new issues for newly desired configuration options, but I think it's fine to have a generic "enable/disable" option added to this PR. Is that something that would benefit your use-case? |
Added a Admin page to modify the plugin specific properties and do some additional checks to inform the admin of difference between the internal and external address. Also checks the usability of the repository folder.