MyBB Community Forums - MyBB 1.9 Development

Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95

(2022-07-03, 11:02 PM)jimski Wrote: [ -> ]1. That PHP can be used as a templating language? Then you may want to read about Wordpress or Joomla which use PHP for templating.

While it can be used as a templating language it is quite too powerful. For example you shouldn't be able to manipulate from a template.

(2022-07-03, 11:02 PM)jimski Wrote: [ -> ]2. Twig is a bloatware because it is an unnecessary addon on top of PHP which is slowing down dispatching of each request.

A good template engine is necessary unless you have only very few templates.

(2022-07-03, 11:02 PM)jimski Wrote: [ -> ]3. Twig's security is imaginary. If someone doesn't know how to write secure PHP then he/she shouldn't be writing any commercial code in the first place. BTW Twig is written in PHP

PHP allows you to access any global variable and execute literally any code. That's not secure at all.

(2022-07-03, 11:02 PM)jimski Wrote: [ -> ]4. Not even mentioning that Twig will introduce its own set of bugs and security problems and another unneeded obstacle during a deployment and debugging.

Twig is not that complex and compiles templates into plain PHP.

(2022-07-03, 11:02 PM)jimski Wrote: [ -> ]5. If you are concerned about things like <?php echo $item_caption ?> then you can sanitize the variable before sending it to the template or use htmlspecialchars() in the template <?php echo(htmlsepcialchars($item_caption))?>. For more complex HTML output there are third party PHP functions such as htmlawed() which purify/sanitize the output.

That's more code and less readable.

(2022-07-03, 11:02 PM)jimski Wrote: [ -> ]6. BTW, Twig claims to be fast, just like Laravel calimed the same nonsense. Here is the comparison of pure PHP vs the Laravel bloatware which should be called "Larval" :-)

You are not using Laravel because it's fast but because of all the features it has. Developing is so much faster with a framework when you start implementing your application instead of writing all the boilerplate yourself.

(2022-07-04, 05:32 AM)jimski Wrote: [ -> ]And Wordpress is a pretty good standard to use as a reference in 2022, as it commands 50% of the CMS market.

Just because a software is popular doesn't mean its code is good or based on modern standards.

Quote:StefanT

1. While it can be used as a templating language it is quite too powerful. For example you shouldn't be able to manipulate from a template.
jimski
2. A good template engine is necessary unless you have only very few templates.
jimski
3. PHP allows you to access any global variable and execute literally any code. That's not secure at all.
jimski
4. Twig is not that complex and compiles templates into plain PHP.
jimski
5. That's more code and less readable.
6. You are not using Laravel because it's fast but because of all the features it has. Developing is so much faster with a framework when you start implementing your application instead of writing all the boilerplate yourself.
7.Just because a software is popular doesn't mean its code is good or based on modern standards.

Re:
1. Who do you mean by "you", the developer/deployer or the user? The user doesn't have any access to manipulate PHP because templates sent to the user don't display PHP code. And the developer or deployer always can manipulate anything they want because they have the access to scripts. So templating engine doesn't provide any security in this regard as it can always be bypassed.

2. This is your opinion not supported by any evidence. Meanwhile, Worpress, Joomla, Yii and many other projects have proven that templating engine is not necessary no matter how many templates you have.

3. Again the same argument. A developer or deployer can always bypass templating engine and access global variables no matter what templating engine is being used.

4. Not that complex? Let's see, 170 files and 16,000 lines of Twig's code is not complex?

5. That's again your opinion that {{ some code }} is more readable than <?php some code ?> I see no advantage in readability whatsoever and thousands of template developers for Wordpress or Joomla have no problem reading PHP.

6. MyBB is a framework, so why do you want to build a framework on top on a sluggish and bloated framework like Laravel?

7. What are modern standards? OOP is a modern standard and yet websites with high traffic are ditching this standard and moving to functional code with Scala or Haskell. Original code of MyBB was using procedural/functional approach and that's why it was fast and light weight comparig to bloatware like Laravel or Twig. Standards are for normies, and normies always trail the pack instead leading it.

Looks like you guys already made up your mind to use Twig and no argument is going convince you otherwise.

I wish you good luck but MyBB's development team is shrinking and growing number of admins are switching to other BBs.

You are ignoring the fact I'm taking about third party themes. A theme must not introduce any additional security issues or backdoors, whether out of carelessness or malicious intent. The average user can't detect the issues when a theme has hundreds or thousands lines of code.

The current system stops malicious code by restricting the syntax to a bare minimum and doesn't allow any logic. Twig offers similar security but also allows loops, conditions and other useful extensions.

Allowing all PHP code is somewhat dangerous. Wordpress is a good example because they had serious vulnerabilities in several pretty popular themes in the past.

And calling software that has valid use cases bloatware or refusing well proven standards doesn't prove your point at all. Not to mention Twigs has already been implemented in MyBB 1.9. Switching to something different would delay it even further.

Quote:6. MyBB is a framework, so why do you want to build a framework on top on a sluggish and bloated framework like Laravel?

That.

I don't think it matters at this point. I'd like to see a poll of MyBB admins asking if they plan to upgrade their forum software to MYBB 1.9. Years of templates and plugins will stop working. Upgrading for some of us isn't an option. It would take me years of work, that is not an exaggeration.

MyBB has a lot of awesomeness in 1.8x still imho. But not a lot of time left in php 7x and MyBB 1.8x doesn't support php 8 yet.

https://github.com/mybb/mybb/issues/4138

Support for php 8 imho is a higher priority.

(2022-07-12, 07:02 AM)labrocca Wrote: [ -> ]
Quote:6. MyBB is a framework, so why do you want to build a framework on top on a sluggish and bloated framework like Laravel?

That.

I don't think it matters at this point. I'd like to see a poll of MyBB admins asking if they plan to upgrade their forum software to MYBB 1.9. Years of templates and plugins will stop working. Upgrading for some of us isn't an option. It would take me years of work, that is not an exaggeration.

MyBB has a lot of awesomeness in 1.8x still imho. But not a lot of time left in php 7x and MyBB 1.8x doesn't support php 8 yet.

https://github.com/mybb/mybb/issues/4138

Support for php 8 imho is a higher priority.

Could you imagine your forum not working anymore because of compatibility issues. All the Hack Forums that are out now on a different platforms would flourish if that was the case.

(2022-07-13, 01:48 AM)xXMoeXx Wrote: [ -> ]
(2022-07-12, 07:02 AM)labrocca Wrote: [ -> ]
Quote:6. MyBB is a framework, so why do you want to build a framework on top on a sluggish and bloated framework like Laravel?

That.

I don't think it matters at this point. I'd like to see a poll of MyBB admins asking if they plan to upgrade their forum software to MYBB 1.9. Years of templates and plugins will stop working. Upgrading for some of us isn't an option. It would take me years of work, that is not an exaggeration.

MyBB has a lot of awesomeness in 1.8x still imho. But not a lot of time left in php 7x and MyBB 1.8x doesn't support php 8 yet.

https://github.com/mybb/mybb/issues/4138

Support for php 8 imho is a higher priority.

Could you imagine your forum not working anymore because of compatibility issues. All the Hack Forums that are out now on a different platforms would flourish if that was the case.

xXMoeXx and labrocca bring very valid points. Large forums will take a lot of work and pain if version 1.9 breaks template and/or plugin compatibility.

In the same time, removing templates from the database and serving them as PHP includes would improve the performance by about 10% without breaking compatibility. And implementing support for PHP 8 would improve performance by another 10 to 30%, depending which version of PHP 7 is taken as a reference. https://www.phoronix.com/scan.php?page=n...Perf-Early

A boost in performance by 20% to 40% alone would be a serious improvement. But NO, they want Twig which will take all the performance gains away and break the template compatibility.

On the other hand, old templates can be re-coded to work with Twig, but this will be an additinal burden on the development team and will probably take many months if not years before it happens (if ever).

I also suggest to release version 1.9 under MIT license. This will allow commercial companies to use the code for their proprietary projects (as some of them apparently wanted to do so in the past) and potentially also help the community as more commercial developers would most likely also contribute to MyBB development as they work on their proprietary projects.

While GPL license allows companies to use the code, they can't release proprietary projects with this code and thus it limits commercial interest in MyBB.

Concerns that MIT license will limit contributions are unfounded which is demonstrated by countless successful projects which use MIT license which has become the most popular open source license, by far. https://github.blog/2015-03-09-open-sour...ithub-com/

(2022-07-14, 06:36 PM)jimski Wrote: [ -> ]xXMoeXx and labrocca bring very valid points. Large forums will take a lot of work and pain if version 1.9 breaks template and/or plugin compatibility.

True, but it's the price we pay for improvement.

(2022-07-14, 06:36 PM)jimski Wrote: [ -> ]In the same time, removing templates from the database and serving them as PHP includes would improve the performance by about 10% without breaking compatibility.

I'm curious to know what you base that figure on. I'm not contesting it, just genuinely interested in how you arrived at it.

(2022-07-14, 06:36 PM)jimski Wrote: [ -> ]On the other hand, old templates can be re-coded to work with Twig, but this will be an additinal burden on the development team and will probably take many months if not years before it happens (if ever).

It's been done already, quite some time ago. The main work to do now is the revision of the theme system infrastructure, especially on the ACP side, to support filesystem-based themes and especially filesystem-based Twig templates. It is current and ongoing though, and progress is slowly but surely being made.

(2022-07-14, 06:36 PM)jimski Wrote: [ -> ]I also suggest to release version 1.9 under MIT license.

The pros and cons of this aside, it is probably anyway effectively impossible. Why? Because, as best I can tell, GPL code cannot legally be re-released under the MIT, unless all of those who contributed to the code agree that it may be released under that licence, and gaining the agreement of all MyBB contributors would seem to be unlikely or at least too impractical to be feasible.

(2022-07-14, 08:55 PM)Laird Wrote: [ -> ]
(2022-07-14, 06:36 PM)jimski Wrote: [ -> ]xXMoeXx and labrocca bring very valid points. Large forums will take a lot of work and pain if version 1.9 breaks template and/or plugin compatibility.

1. True, but it's the price we pay for improvement.

(2022-07-14, 06:36 PM)jimski Wrote: [ -> ]In the same time, removing templates from the database and serving them as PHP includes would improve the performance by about 10% without breaking compatibility.

2. I'm curious to know what you base that figure on. I'm not contesting it, just genuinely interested in how you arrived at it.

(2022-07-14, 06:36 PM)jimski Wrote: [ -> ]I also suggest to release version 1.9 under MIT license.

3. The pros and cons of this aside, it is probably anyway effectively impossible. Why? Because, as best I can tell, GPL code cannot legally be re-released under the MIT, unless all of those who contributed to the code agree that it may be released under that licence, and gaining the agreement of all MyBB contributors would seem to be unlikely or at least too impractical to be feasible.

1. This is alleged improvement. Reducing performance, and adding bloatware and complexity, in exchange for security gains, may be perceived by some as improvement and by others as deteriorations and degradation.

2. The 10% performance improvement is an estimate based on an experiment which I did on a framework which I'm building for the company that I work for. I measured the time to complete a request by fetching a medium complexity template from MySQL database versus from a file stored on an SSD. Usually, relational databases are one of the slowest elements in web applications. Of course the exact performance improvement will vary depending on the database load, hardware, type of hosting (shared vs dedicated) and many other factors.

3. As far as MIT license is concerned you already changed the license to BSD-3 when you published the code repository for version 2.O. So if changing the license to BSD wasn't a problem back then why suddenly changing the license would be a problem right now?

(2022-07-16, 01:23 AM)jimski Wrote: [ -> ]The 10% performance improvement by removing templates from the database is an estimate based on an experiment which I did on a framework which I'm building for the company that I work for. I measured the time to complete a request by fetching a template of medium complexity from a MySQL database versus from a file stored on an SSD. Usually, relational databases are one of the slowest elements in web applications. Of course the exact performance improvement will vary depending on the database load, hardware, type of hosting (shared vs dedicated) and many other factors.

Interesting. Thanks.

(2022-07-16, 01:23 AM)jimski Wrote: [ -> ]As far as MIT license is concerned you already changed the license to BSD-3 when you published the code repository for version 2.O. So if changing the license to BSD wasn't a problem back then why suddendly changing the license would be a problem right now?

That's before my time. I wasn't part of the team when the version 2.0 code was published, and I don't know what the thinking/decision-making process around that change of licence was. It is again interesting, although I suspect that, as for a change to the MIT licence, it is not a legal change, unless the agreement of every contributor to MyBB had been obtained, which seems unlikely.

I'd be interested to hear from those who were involved in that decision, and will make private inquiries.

I see you've added this, to which I'll also offer a response:

(2022-07-16, 01:23 AM)jimski Wrote: [ -> ]1. This is alleged improvement. Reducing performance, and adding bloatware and complexity, in exchange for alleged security gains, may be perceived by some as improvement and by others as deteriorations and degradation.

Sure, different folk will have different opinions as to whether it genuinely consists in improvement. I don't begrudge you your view.

However, here's a view on it all from my perspective as a relatively new MyBB developer:

The primary complaint the community has with MyBB 1.8 (or at least a primary complaint) is that its default theme is not responsive. I take this complaint seriously, and my personal aim as a MyBB developer is to contribute to remedying it.

The default theme for MyBB 1.9 is responsive. This remedies the complaint.

However, the templates for that responsive theme are coded in Twig. All MyBB 1.8 templates (with maybe a couple of exceptions) including all non-responsive templates have been migrated to responsive Twig templates for MyBB 1.9. That was extensive and hard work which has been completed and is in a sense "development capital".

If we were to abandon Twig at this point, that hard work would have to be repeated so as to migrate responsive Twig templates to responsive PHP templates. We would lose the advantage of our development capital, and have to rebuild it.

We are currently short on developers, and a migration of this extent - a loss and rebuilding of development capital - is not, in my view, currently feasible nor desirable.

Therefore, aside from any arguments as to which theme system is preferable, I think it's best that we continue to develop what we've got (a responsive Twig-based theme system) despite any potential criticisms that might be made of it.

Of course, MyBB is free software, so if anybody wants to fork it and provide an alternative base of development capital by putting together a PHP, filesystem-based, responsive theme, and try to convince the core team by example that it's preferable, then they're free to do so, and we might very well be convinced.

In any case, thank you for sharing your thoughts. They're appreciated.