Adding tag input field in image.php

My image.php shows comments and now rating below the image. Is it possible to add a field for users to add tags to the picture without having to go into the admin section? If so, how?

P.S. In the future, a facebook-like person tagging system would be even better.

Zenphoto is amazing! Soo much better than Piwigo (though I wish it had as many extension and themes as piwigo has)

Comments

  • acrylian Administrator, Developer
    There is an unsupported plugin for front end edit.
    http://www.zenphoto.org/news/front_end_edit

    The functionality was officially removed quite some time ago because it opens the door for all kinds of security issues. Therefore it will not be re-added by us. But anyone is free to provide a third party solution of course.

    Zenphoto is amazing! Soo much better than Piwigo (though I wish it had as many extension and themes as piwigo has)
    Thanks, Piwigo is a good tool. I have no overview about the number of plugins and themes there but that dependends of course on users providing them. So feel free to provide some ;-)
  • Unfortunately, this plugin does not support `tags`.
  • acrylian Administrator, Developer
    Ok, Do I remember wrongfully that the front end edit before the plugin once did?
  • Aww, that's too bad. Maybe I can figure it out when I have some free time :)
  • acrylian: "The functionality was officially removed quite some time ago because it opens the door for all kinds of security issues."

    I have seen this reason several times throughout the forum. I was wondering if it would make any difference if the tags could be added from the front end, but would always be set for admin approval before they were made public. Would this lessen or eliminate the security risks?
  • acrylian Administrator, Developer
    No, because the tag to approve would have to be stored somewhere. Same possible security issue as if it was added directly.
  • I'm not trying to be difficult, just trying to understand.

    How is it that comments being added from the public side are not a risk and adding tags are?
  • TO be specific, any time "Posting" is allowed there is the possibility of a cross site reference forgery (XSRF) that exploits the post to do its own thing.

    On the administrative pages we have extensive protocols to detect and prevent XSRF, but these require added protocol and overhead on the server. We have chosen not to place that burden on the front end code, thus do not allow any changes to be made from those pages.

    For comment postings we have protocols to cleanse the comment, but since nothing is being "modified" XSRF threat is not there.

    It certainly is possible to re-add that functionality. The plugin Acrylian references does add the posting, but not the security protocols. The way that tags are presented and stored made it impossible to use a plugin to process updates to them, so that functionality is not in the plugin. Of course if you simply want to add tags (not edit ones already present) then the mechanisms used for simple fields could be adapted.
  • Thank you for the detailed explanation.

    Your last sentence seems hopeful that something can be added without being a security risk. Is it selecting a tag that already exists or adding a tag that doesn't exist?
  • hello does anyone know the answer to that last question?

    thanks
  • acrylian Administrator, Developer
    A new one is possibly more dangerous but any action from the front end that adds to the database can possibly be a security risk.
  • Sorry to hear that, but thanks for the answer. I think I might try to adapt the comments to submit tags for admin approval.
  • acrylian Administrator, Developer
    All can be done, software has no limit but someone has to do it ;-) But that is why we have an flexible plugin system so anyone can do what he feels missing. Let us know if you managed something so we can add it to the extensions section.
  • It seems that tagging photos is not a priority for zenphoto. Not a complaint, just an observation. The site I am currently working on has thousands of photos, and hundreds of tags.

    It would take a lifetime to tag photos using the admin interface, since you have to click by each photo to open more options, scroll down to check a box, then click submit.

    Having a somewhat limited budget to work with, the best solution seems to implement a plugin that will allow users to submit tags safely, which go to an admin approval queue to verify spelling, accuracy, and hacking attempts. That way, not only would admin be able to tag faster, but he could get some help for others who don't need/want to be users.

    I see you have a plugin info page here:
    http://www.zenphoto.org/news/zenphoto-plugin-architecture

    Which of the three categories listed is the appropriate one for me to work with?

    thanks!
  • acrylian Administrator, Developer
    Well, you are for a long time the first that really complains about tags. "One" is nothing that makes us put priority on things as you hopefully understand.

    For the admin to get a tag suggest I had suggested to open a ticket to be considered. That did not happen yet. I would work on that if there would be a ticket.

    For your front end ides. We are a small team so we really need to choose and set priorities what we decide work on. There are a lot of things to do and also some happen behind the scenes. All takes time and we are volunteers. I have already a few things on my list and there are lot more things I would like to do. I hove you get the impression.

    Your plugin would be both a front end and a backend plugin. So you will have a front end part and a admin utility page as somewhere the admin would need to be able to approve the tags.

    Do you have coding knowledge? Just asking as I am not sure if this is something for starters. You will also need to look at the object model if you want to do it right (you can do it via sql queries but that is really not recommended). This is quite advanced stuff. But that should not keep you from trying of course.
  • It seems that tagging photos is not a priority for zenphoto. Not a complaint, just an observation.
    Where on earth did you get this notion? We provide extensive tagging of images including extracting the keywords from the image metadata and using those for tabs.

    What IS NOT A PRIORITY is compromising Zenphoto's security. That was explained to you earlier in this post. Anything that allows a visitor to store data is a potential security risk. We have chosen to limit those risks to the Administrative pages in general where we have much greater control of the process.

    Of course we allow visitors to post comments. We have carefully coded that process to eliminate dangerous strings and otherwise limit what can be done to actually creating a comment. Certainly you could put the same scrutiny on other front end actions. But if you choose to do so, you best be very conversant with the kinds of exploits hackers use these days (and you need to keep up on them as they get better at their "job" daily.)

    So, good luck if you want to allow non-users to add tags. But do not expect us to take up the cause.
  • Hello acrylian and sbillard -

    Typing messages is so full of potential for misunderstanding as opposed to sitting across the table with the beverage of one's choice. Here are two sentences that were the entire basis of that post, and both were sincere.

    1. "Not a complaint, just an observation."
    2. Which of the three categories listed is the appropriate one for ***me*** to work with?

    I'm not criticizing anyone or anything, nor I am not trying to convince anyone to do anything. I completely understand "the needs of the many" and am just asking for help to proceed on my own - not asking anyone to rewrite zenphoto to custom fit me.

    acrylian:
    1. I am not complaining about tags. I need something that you don't want to offer, and I am trying to figure out how to do it myself.
    2. I am not asking your team to do this. You already explained that you were busy, even for a paid mod, and I heard you.
    3. I don't know coding much at all. I am trying to explain the requirements for a plugin to a programmer to create one for me. If I can explain the plugin process to her so she can do it, then that's what I want to do. If you guys think it is secure, you can use it. If not, then you don't have to.
    4. Thanks for the info. I'll pass it along.

    sbillard:
    I am not trying to convince anybody here do do anything. I understand you don't want to do this, and am not posting to argue. I'm posting to find out how I can do this on my own. All I'm asking of anyone who cares to answer is for information, guidance, and suggestions on how to proceed.

    Since you are obsessed with security (a compliment here, btw), I was wondering if the path you took for users to submit comments would be a good model ***for me*** to look at. Since comments and tags are both words, if comments have been made secure, then maybe the same process would be a good starting point for anonymous user tags. And again, this is not to argue, but to develop a strategy for the programmer to pursue.

    I hope I have explained myself enough that you don't feel I am some whiney complainer trying to get you to program according to my needs. I'm merely seeking information and advice on how I can proceed on my own.

    friends?

    if so:

    1. Would the comment submission/approval plugin be a good place for me to suggest to the programmer to start?

    2. acrylian, you said this would be two mods.
    --So one would be and Admin Utility?
    --Would the front end be a Template Plugin or a Core Plugin?

    3. sbillard, you said "including extracting the keywords from the image metadata and using those for tabs." I read about this, and still trying to figure it out. I added keywords to the ITPC Core data in Bridge, but it doesn't show up in tags. Still trying to figure that out. Not asking for help, just reporting my progress.

    thanks for your understanding and help
  • ps - sbillard, would your admin-approval plugin somehow fit into what I'm trying to accomplish?
  • acrylian Administrator, Developer
    Your post came over a bit demanding. But ass you said the problem of written text easily being misunderstood…

    So no problems as we all have made our position clear now. We of course apprecitate and encourage it if you want to do something you really need and want yourself. That is what open source projects like ZP live from since we can't do everything. (I could probably make a long list of things "nice to have" :-))

    To the questions:
    1. Probably although comments work a bit different than tags (comments have their own class, tags not). But the principle would be the same I guess but I don't remember the code offhand.

    2. Your plugin will need to provide both. Off hand as an example the downloadlist plugin both provides template functions and a utility.

    3. The principle but it is for items which are technically a bit differently. Items are published, tags don't have that status at all. They are there and/or assigned or not. You would have to "park" tags probably in the plugin_storage table to workaround that It would need to be adapted.
  • The model you would have to match is how the administrative pages do things. Otherwise your site will be open to hackers adding all the tags they desire. This involves enabling sessions, a "costly" and XSRF tagging and checking of each submission of a tag.

    I hope you understand that since I think this an unwise thing I am not really motivated to provide much help.
Sign In or Register to comment.