Radio Userland comments: Capture/Export

| 8 Comments

Based on a question from Steve Kirks, I've started working on a tool that would capture a copy of a Radio Userland weblog's comments on Userland's server so they could in turn be exported to another blog application (e.g. Movable Type).

I have most of the "core" import code written - the export code still needs to be written, and the new tool needs "window dressing" so someone besides me can use it. It seemed like now would be a good time to solicit some suggestions for a tool like this. If you have any, let me know in the comments.

8 Comments

Wow...I'm humbled. I was getting pretty comfortable with the idea that I spoke but nobody listened.

:>

Feature requests:

Allow for comment deletion in between Radio export and MT import

Musings:

If you can read from the server, is it possible to write to the server? If so, this tool could turn into a comment editor for Radio. Run the tool and it reads comments from the last X number of posts. Checkmark ones to delete. Tool makes a run and deletes the comments and/or replaces with boilerplate text.

More info here:

http://www.pycs.net/notes/stories/2002/05/06/howRadioTalksToACommunityServer.html

If you can read from the server, is it possible to write to the server?

Yes, it is possible to write to the server, but you have to be a "Managing Editor" of the web server. I nor any other ordinary Radio user would have this level of access, so we're basically limited to read-only activities.

Feature requests:

Allow for comment deletion in between Radio export and MT import

I hadn't thought of that, but it's certainly do-able.

I just won't make the import from the Radio comment server / export to MT-readable text file a single operation. After the import from the Radio comment server, the comments will be stored in a Radio table. There could be (and probably should be) a browser page available to review the imported comments and select ones for deletion. After this has been done, the user could then click on an "Export" button to write out the comments they want to keep to the MT import text file.

"but you have to be a "Managing Editor" of the web server"

Well, how do comments get posted then? The comment macro in Radio....popup window generates the form...hmmm

Sounds like I'm answering my own question. If the method already exists to communicate with xmlStorageSystem using the Radio (or other community server's) usernum and password, then this should be simple to do.

Found more info that makes my brain wonder even more. My Radio installation is pointing to http://radiocomments2.userland.com/ for comments. I looked at the source URL of the comments popup. Here's an example:

http://radiocomments2.userland.com/comments?u=111853&p=375&link=http%3A%2F%2Fhouseofwarwick.com%2F2003%2F11%2F09.html%23a375

u=my usernum
p=post number
l=permalink to the post

So far, no surprises...

Problem? Yes. Post 375 doesn't exist. I created the comment by manipulating the URL. Bad.

Also, I found that if you go to the base URL:

http://radiocomments2.userland.com

...it's just a Manila site and the comments are dicussion topics on the server. This means that it's capable of much more than we imagined....

I'm emailing Dave, Jake and Lawrence about this.

Well, how do comments get posted then? The comment macro in Radio....popup window generates the form...hmmm

The comment popup window sends the comment pretty much as you see it (an HTML form) - the usernum is sent so the community server knows which weblog is being commented on, but a password is not required (and not sent) to create a new comment.

Sounds like I'm answering my own question. If the method already exists to communicate with xmlStorageSystem using the Radio (or other community server's) usernum and password, then this should be simple to do.

The method does exist - it's called XML-RPC. It is not always necessary to use the Radio usernum (and the Radio password is never required), but you do have to be a "member" on the Manila server.

Problem? Yes. Post 375 doesn't exist. I created the comment by manipulating the URL. Bad.

Depends on what you mean by "bad".

"......it's just a Manila site and the comments are dicussion topics on the server. This means that it's capable of much more than we imagined...."

If you want to see what can be done over XML-RPC, take a look at this page: Manila-RPC Interface

I'm emailing Dave, Jake and Lawrence about this.

I've been in e-mail contact already with Jake - he was very helpful and gave me crucial tips in how to write the code to do what I am attempting. You could try asking me whatever it is you want to know.

First, an explaination of "Bad". The hole in the current commenting system could allow you to send comment spam to every RCS weblog for every post they have made up to now and will make, just by incrementing the usernum and the postnum in the URL.

Second, about the fact that the commenting system is just a Manila discussion group on radiocomments.userland.com: wouldn't this mean that the infrastructure exists to allow editing of comments? If you are a member of a Manila site, you can log in and edit your comments in a discussion group now.

I sent Jake and Dave a private email with more details. I don't want to be alarmist in public. :>

The hole in the current commenting system could allow you to send comment spam to every RCS weblog for every post they have made up to now and will make, just by incrementing the usernum and the postnum in the URL.

This is not a "hole" in as much as it is something that naturally occurs with having "open" comments. It is not something unique to Radio - HaloScan and Movable Type comments have similar comment URL schemes and are vulnerable as well unless protective measures are put in place on the comment server.

Second, about the fact that the commenting system is just a Manila discussion group on radiocomments.userland.com: wouldn't this mean that the infrastructure exists to allow editing of comments?

Sort of. The way I read the XML-RPC interfaces: Yes, there are commands available to allow editing of comments, but not in a way that restricts someone so they can edit only their own comments. A member is a managing editor or not, and depending on that, they either can edit everyone's comments or nobody's.