> Hi Javier,

> Exciting stuff! Did a quick test to just see how one of the most important
> features in years were progressing.
> Was so great to see the list of languages to choose from. Did I say it was
> exciting :D

> I did meet the roadblock you mention of a token, and cant give much valid
> feedback with my "color blind" understanding of code...
> But maybe, just maybe it could be that this new action need to be in
> installation.js too?

> Note: I didnt have sound when watching the video, so it could be you
> mentioned it. They langauges steps will be adde before the current 'Finish'
> step, right? Right now having the button below the 'Remove folder' button'
> is sort of riski, as it is tempting to click remove first.

> Keep up the good work Javier!

> Cheers,

> Ole

> On Thu, Aug 16, 2012 at 2:07 AM, Javier Gómez <javier.go...@gmail.com<javascript:>
> > wrote:

>> Hi,

>> In the part two of my Google Summer of Code project you are available to
>> install languages in Joomla! CMS during the installation process.
>> You will have a better understanding if you watch this 4 minutes video
>> that explains what the project does: http://www.youtube.**
>> com/watch?v=jufj5kCT6Uw <http://www.youtube.com/watch?v=jufj5kCT6Uw>

>> This is my Alpha2 release that "almost" works. But I need your help with
>> an issue that I don't know how to solve.

>> The problem is in file /installation/controllers/setup.json.php, in lines:

>> 509 JSession::checkToken('request'**) or $this->sendResponse(new
>> Exception(JText::_('JINVALID_**TOKEN'), 403));

>> 574 JSession::checkToken('request'**) or $this->sendResponse(new
>> Exception(JText::_('JINVALID_**TOKEN'), 403));

>> If you comment this lines It works. But the right solution should check
>> the tokens to prevent atacks (see:
>> http://docs.joomla.org/How_to_add_CSRF_anti-spoofing_to_forms). The
>> checktoken() doesn't work because the two tokens are different. Why? I
>> don't know, and that is the problem ^_^

>> Please feel free to test it:

>> Files:

>>    - *install the ready to test* "joomla distro" (a complete Joomla!
>>    distro that includes the feature): https://dl.dropbox.**
>>    com/u/1648056/GSOC2012/part2/**tokenbug/joomla-distro-**
>>    language_installer-alpha2.zip<https://dl.dropbox.com/u/1648056/GSOC2012/part2/tokenbug/joomla-distr...>
>>    - *Or use* the "Git Patch" (test it against 2.5.x joomla-cms branch
>>    in Github): https://dl.dropbox.com/**u/1648056/GSOC2012/part2/**
>>    tokenbug/joomla-distro-**language_installer-alpha2.**gitpatch<https://dl.dropbox.com/u/1648056/GSOC2012/part2/tokenbug/joomla-distr...>
>>    - *Or* get the code directly from my Github branch:
>>    https://github.com/javigomez/GSOC-Installation/tree/languageinstaller...

>> Thanks so much for your help.

>> --
>> You received this message because you are subscribed to the Google Groups
>> "Joomla! CMS Development" group.
>> To view this discussion on the web, visit
>> https://groups.google.com/d/msg/joomla-dev-cms/-/QHK7zLWnvAIJ.
>> To post to this group, send an email to joomla-...@googlegroups.com<javascript:>
>> .
>> To unsubscribe from this group, send email to
>> joomla-dev-cm...@googlegroups.com <javascript:>.
>> For more options, visit this group at
>> http://groups.google.com/group/joomla-dev-cms?hl=en-GB.

> Hi Ole,

> Thanks very much for your nice words. I'm really excited also, I think
> that this feature could help a lot of non-native english speakers.

> You said:

>> Right now having the button below the 'Remove folder' button' is sort of
>> riski, as it is tempting to click remove first.

> That is a very good point. I have already take care of it, If the user
> clicks in "remove folder" the installation.js has a new line that will make
> the "install languages" button inactive.

> You said:

>> But maybe, just maybe it could be that this new action need to be in
>> installation.js too?

> Mmm that has sense, I will investigate there. Thanks

> Thanks again.

> On Thursday, August 16, 2012 12:53:40 AM UTC-6, Ole Ottosen wrote:

>> Hi Javier,

>> Exciting stuff! Did a quick test to just see how one of the most
>> important features in years were progressing.
>> Was so great to see the list of languages to choose from. Did I say it
>> was exciting :D

>> I did meet the roadblock you mention of a token, and cant give much valid
>> feedback with my "color blind" understanding of code...
>> But maybe, just maybe it could be that this new action need to be in
>> installation.js too?

>> Note: I didnt have sound when watching the video, so it could be you
>> mentioned it. They langauges steps will be adde before the current 'Finish'
>> step, right? Right now having the button below the 'Remove folder' button'
>> is sort of riski, as it is tempting to click remove first.

>> Keep up the good work Javier!

>> Cheers,

>> Ole

>> On Thu, Aug 16, 2012 at 2:07 AM, Javier Gómez <javier.go...@gmail.com>wrote:

>>> Hi,

>>> In the part two of my Google Summer of Code project you are available to
>>> install languages in Joomla! CMS during the installation process.
>>> You will have a better understanding if you watch this 4 minutes video
>>> that explains what the project does: http://www.youtube.**
>>> com/watch?v=jufj5kCT6Uw <http://www.youtube.com/watch?v=jufj5kCT6Uw>

>>> This is my Alpha2 release that "almost" works. But I need your help with
>>> an issue that I don't know how to solve.

>>> The problem is in file /installation/controllers/setup.json.php, in
>>> lines:

>>> 509 JSession::checkToken('request'**) or $this->sendResponse(new
>>> Exception(JText::_('JINVALID_**TOKEN'), 403));

>>> 574 JSession::checkToken('request'**) or $this->sendResponse(new
>>> Exception(JText::_('JINVALID_**TOKEN'), 403));

>>> If you comment this lines It works. But the right solution should check
>>> the tokens to prevent atacks (see:
>>> http://docs.joomla.org/How_to_add_CSRF_anti-spoofing_to_forms). The
>>> checktoken() doesn't work because the two tokens are different. Why? I
>>> don't know, and that is the problem ^_^

>>> Please feel free to test it:

>>> Files:

>>>    - *install the ready to test* "joomla distro" (a complete Joomla!
>>>    distro that includes the feature): https://dl.dropbox.**
>>>    com/u/1648056/GSOC2012/part2/**tokenbug/joomla-distro-**
>>>    language_installer-alpha2.zip<https://dl.dropbox.com/u/1648056/GSOC2012/part2/tokenbug/joomla-distr...>
>>>    - *Or use* the "Git Patch" (test it against 2.5.x joomla-cms branch
>>>    in Github): https://dl.dropbox.com/**u/1648056/GSOC2012/part2/**
>>>    tokenbug/joomla-distro-**language_installer-alpha2.**gitpatch<https://dl.dropbox.com/u/1648056/GSOC2012/part2/tokenbug/joomla-distr...>
>>>    - *Or* get the code directly from my Github branch:
>>>    https://github.com/javigomez/GSOC-Installation/tree/languageinstaller...

>>> Thanks so much for your help.

>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Joomla! CMS Development" group.
>>> To view this discussion on the web, visit
>>> https://groups.google.com/d/msg/joomla-dev-cms/-/QHK7zLWnvAIJ.
>>> To post to this group, send an email to joomla-...@googlegroups.com.
>>> To unsubscribe from this group, send email to
>>> joomla-dev-cm...@googlegroups.com.
>>> For more options, visit this group at
>>> http://groups.google.com/group/joomla-dev-cms?hl=en-GB.

> The problem was that the tokes where different:
> https://dl.dropbox.com/u/1648056/GSOC2012/part2/tokenbug/problem1.png

> And they where different because Joomla! uses the configuration.php
> "secret word" to build the hash of the token (this make your tokens
> different from other installations even if you session id):
> https://dl.dropbox.com/u/1648056/GSOC2012/part2/tokenbug/problem2.png

> The configuration depends on the application. During installation in
> Joomla! there is no configuration.php, so there is not "secret word". And
> in my language installation I'm using the just created "configuration.php"
> to be able to use the JUpdater and other classes that needs the main
> configuration file.

> So I just did that:

> public function installLanguages()
> {
> + JFactory::$config = null;
> + JFactory::getConfig(JPATH_SITE . '/configuration.php');
> + JFactory::$session = null;

> // Check for a valid token. If invalid, send a 403 with the error message.
> JSession::checkToken() or $this->sendResponse(new
> Exception(JText::_('JINVALID_TOKEN'), 403));

> That makes Joomla! to reload the config including the configuration.php
> information.

> By now it looks like a hack, maybe doesn't look bad for you. I was
> wondering if any of you have any idea of how to make it look better?

> Thanks everyone

> On Thursday, August 16, 2012 8:56:50 AM UTC-6, Javier Gómez wrote:

>> Hi Ole,

>> Thanks very much for your nice words. I'm really excited also, I think
>> that this feature could help a lot of non-native english speakers.

>> You said:

>>> Right now having the button below the 'Remove folder' button' is sort of
>>> riski, as it is tempting to click remove first.

>> That is a very good point. I have already take care of it, If the user
>> clicks in "remove folder" the installation.js has a new line that will make
>> the "install languages" button inactive.

>> You said:

>>> But maybe, just maybe it could be that this new action need to be in
>>> installation.js too?

>> Mmm that has sense, I will investigate there. Thanks

>> Thanks again.

>> On Thursday, August 16, 2012 12:53:40 AM UTC-6, Ole Ottosen wrote:

>>> Hi Javier,

>>> Exciting stuff! Did a quick test to just see how one of the most
>>> important features in years were progressing.
>>> Was so great to see the list of languages to choose from. Did I say it
>>> was exciting :D

>>> I did meet the roadblock you mention of a token, and cant give much
>>> valid feedback with my "color blind" understanding of code...
>>> But maybe, just maybe it could be that this new action need to be in
>>> installation.js too?

>>> Note: I didnt have sound when watching the video, so it could be you
>>> mentioned it. They langauges steps will be adde before the current 'Finish'
>>> step, right? Right now having the button below the 'Remove folder' button'
>>> is sort of riski, as it is tempting to click remove first.

>>> Keep up the good work Javier!

>>> Cheers,

>>> Ole

>>> On Thu, Aug 16, 2012 at 2:07 AM, Javier Gómez <javier.go...@gmail.com>wrote:

>>>> Hi,

>>>> In the part two of my Google Summer of Code project you are available
>>>> to install languages in Joomla! CMS during the installation process.
>>>> You will have a better understanding if you watch this 4 minutes video
>>>> that explains what the project does: http://www.youtube.**com/**
>>>> watch?v=jufj5kCT6Uw <http://www.youtube.com/watch?v=jufj5kCT6Uw>

>>>> This is my Alpha2 release that "almost" works. But I need your help
>>>> with an issue that I don't know how to solve.

>>>> The problem is in file /installation/controllers/**setup.json.php, in
>>>> lines:

>>>> 509 JSession::checkToken('request'****) or $this->sendResponse(new
>>>> Exception(JText::_('JINVALID_**T**OKEN'), 403));

>>>> 574 JSession::checkToken('request'****) or $this->sendResponse(new
>>>> Exception(JText::_('JINVALID_**T**OKEN'), 403));

>>>> If you comment this lines It works. But the right solution should check
>>>> the tokens to prevent atacks (see: http://docs.joomla.org/**
>>>> How_to_add_CSRF_anti-spoofing_**to_forms<http://docs.joomla.org/How_to_add_CSRF_anti-spoofing_to_forms>).
>>>> The checktoken() doesn't work because the two tokens are different. Why? I
>>>> don't know, and that is the problem ^_^

>>>> Please feel free to test it:

>>>> Files:

>>>>    - *install the ready to test* "joomla distro" (a complete Joomla!
>>>>    distro that includes the feature): https://dl.dropbox.**c**
>>>>    om/u/1648056/GSOC2012/part2/**to**kenbug/joomla-distro-**language_**
>>>>    installer-alpha2.zip<https://dl.dropbox.com/u/1648056/GSOC2012/part2/tokenbug/joomla-distr...>
>>>>    - *Or use* the "Git Patch" (test it against 2.5.x joomla-cms branch
>>>>    in Github): https://dl.dropbox.**com/**u/1648056/GSOC2012/part2/**t*
>>>>    *okenbug/joomla-distro-**language**_installer-alpha2.**gitpatch<https://dl.dropbox.com/u/1648056/GSOC2012/part2/tokenbug/joomla-distr...>
>>>>    - *Or* get the code directly from my Github branch:
>>>>    https://github.com/**javigomez/GSOC-Installation/**
>>>>    tree/languageinstaller-**installation-2.5.x<https://github.com/javigomez/GSOC-Installation/tree/languageinstaller...>

>>>> Thanks so much for your help.

>>>> --
>>>> You received this message because you are subscribed to the Google
>>>> Groups "Joomla! CMS Development" group.
>>>> To view this discussion on the web, visit https://groups.google.com/d/*
>>>> *msg/joomla-dev-cms/-/**QHK7zLWnvAIJ<https://groups.google.com/d/msg/joomla-dev-cms/-/QHK7zLWnvAIJ>
>>>> .
>>>> To post to this group, send an email to joomla-...@googlegroups.com.
>>>> To unsubscribe from this group, send email to
>>>> joomla-dev-cm...@googlegroups.**com.
>>>> For more options, visit this group at http://groups.google.com/**
>>>> group/joomla-dev-cms?hl=en-GB<http://groups.google.com/group/joomla-dev-cms?hl=en-GB>
>>>> .

>>>  --
> You received this message because you are subscribed to the Google Groups
> "Joomla! CMS Development" group.
> To view this discussion on the web, visit
> https://groups.google.com/d/msg/joomla-dev-cms/-/oIOhreDSr4gJ.

> To post to this group, send an email to joomla-dev-cms@googlegroups.com.
> To unsubscribe from this group, send email to
> joomla-dev-cms+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/joomla-dev-cms?hl=en-GB.