Zotpress for Wordpress

2
  • Thanks for the discussion—it was informative.

    Zotpress 2.5 has been released. I've re-written a chunk of the code. When I wrote the original code, I was self-teaching myself the ways of PHP and XML, and I went about it the wrong way. But now the app should no longer be making HTTP calls to itself. I've also extended the "check" time to one hour. Again, once I can check for 304 status I will remove this completely. It's in there right now for the reason ajlyon explained: in case a Zotero user or group updates their citation repository.

    I've also fixed up the update table code. I've tested it on my server, but if anyone is still encountering difficulties, please let me know.

    I'm not sure if the private key security issue has been resolved. If not, please let me know. I'm open to suggestions on how to make the script more secure. Feel free to suggest e.g. approaches or PHP functions.
  • I still get "Error: undefined" with Zotpress 2.5.1.
  • @ simifilm Can you give me more details? Is the error only occurring on the front-end (can you still see citations on the admin side)? What browser and version are you using? Is it a group or individual account? What is the shortcode you're using? Could you possibly send a link to your site, if it's public? If you'd like to figure this out in private, feel free to send me a message through Zotero.
  • @ kseaborn: On the Wordpress admin side everything seems ok. I get the error when I try to display a website. I used the simplest code possible, just [zotpress], see here. This is an individual account. I see the same error on Firefox 4.0b11 and Safari 5.0.3 on OSX 10.6.6.

    There actually was a point – I think before version 2 – when Zotpress would display the data correctly.
  • @ simifilm I'm getting a JavaScript error:

    Error: jQuery is not a function
    Source File: http://www.simifilm.ch/wordpress/wp-content/plugins/sexybookmarks/js/sexy-bookmarks-public.js?ver=3.3.2
    Line: 2

    Can you try deactivating this plugin? I see that jQuery is loaded, so I'm wondering if it's this plugin ...
  • My problems all disappeared when I deleted the old version and dropped the tables in MySQL, then reinstalled. Now it works for me!
  • @kseaborn Strange you get a Javascript. I deactivated the sexybookmarks plugin, but this doesn't seem to change anything.
  • I also explicitly added jQuery to my theme's header, since appeared to be missing for me.
  • I'm getting another JavaScript error now:

    Error: jQuery is undefined
    Source File: http://www.simifilm.ch/wordpress/wp-content/plugins/wp-prettyphoto/js/jquery.prettyPhoto.js?ver=2.5.6
    Line: 8

    Are these other plugins working for you? Is it just Zotpress that's not working? Maybe you could try deactivating Zotpress and seeing if there's still a JavaScript error. Or take ajlyon's suggestion and drop the tables in MySQL (although the Wordpress code I've used is supposed to take care of that...)
  • @kseaborn What browser do you use? I don't get these Javascript errors. Both plugins have been working fine for – with or without Zotpress. As I said: Zotpress has been working before – with both plugins enabled. I just tried disabling prettyphoto – it's now enabled again since I really need it – and my Zotpress site still gives me the same error.
  • edited February 20, 2011
    Update: I got the culprit. It's a plugin called WordPress Amazon Associate. When I deactivate it, everything works fine – also with prettyphoto and sexybookmarks enabled.
  • Great. The JavaScript errors indicated that another plugin was causing problems. I'm using Firefox with Firebug and Web Developer, by the way.
  • Alright, it's my turn for a question! I've been informed that PDFs uploaded to Zotero can only be downloaded when displayed by Zotpress if the user is logged into Zotero ... is there any way to get around this, to provide uploaded PDFs to any user, whether they're logged into Zotero or not?
  • I've been informed that PDFs uploaded to Zotero can only be downloaded when displayed by Zotpress if the user is logged into Zotero
    Where were you informed of that? It's not the case.

    API responses include rel="enclosure" links for attachment items. Append the API key to those and you have a download link. (It's possible the API should append the key to those automatically, which would allow them to work in feed readers without modification, but it doesn't currently.)
  • A Zotpress user came forward with this issue.

    How would I append the API Key to the URL while ensuring security? (Since exposed keys are a security breach, right?)
  • The API key gives access to the resources that you have selected to expose to requests using that key. It is not be possible to expose saved files to clients from Zotero File Storage without exposing the key. The site visitor could then independently use the same key for unlimited access to whatever parts of your data that key had been granted.

    It would be possible to proxy the file requests through Zotpress, but that'd be a mess and expensive.

    One more option might be to have file requests hit Zotpress, which could send a request to the URL at zotero.org and get an actual URL for the underlying item in S3 (see http://forums.zotero.org/discussion/16523). I think that the S3 URLs contain only temporary authentication tokens, so exposing them to your client (with a Location: header) would probably be safe.

    But tread carefully here, and maybe wait for Dan to chip in.
  • ajlyon is spot on, and that's precisely what the Zotero website does.

    Amazon URLs are generated on-demand and have a 60-second timeout, so it's important that you do this only when a user is downloading a file—the Amazon URL should be presented to the user only in a 302 redirect from a Zotpress URL for that file.

    It's worth considering whether this is a good idea at all, though. It's mostly/entirely the user's problem, but you do run the risk of enabling users to expose files they don't have the rights to distribute. The Zotero website doesn't allow file sharing in public groups for this reason. At the very least, this should be an optional setting in Zotpress, and possibly off by default.
  • Thanks for the information! Another possibility: My understanding is that if I incorporate OAuth, the need for Zotero users to create private keys is nullified. Wouldn't this also solve this problem?
  • No. The API server still requires keys. OAuth just helps users create them.
  • Another idea: Is there a way of Zotpress seeing whether or not a user is logged in and therefore has access to the files? This way, I could selectively display or not display a download link.
  • Whom are you trying to give access to? In most cases, an arbitrary visitor to the website shouldn't have access to PDFs in someone's library, and even another Zotero user likely wouldn't be a member of the group.
  • Just brainstorming here. It sounds like ajlyon's idea with the S3 URLs is probably the best way forward.
  • Well, but what's the answer to my question? It's not clear that the plugin should be providing file access at all.
  • The user would like to provide PDF files of his publications to a public audience. He holds the rights.
  • OK, well that's fine—but then, as I said, you probably want to make this an optional setting, disabled by default.
  • edited February 22, 2011
    Right. Out of curiosity, if a user were to provide a file publicly when they don't have permission to do so, who would be held liable?

    The reason I ask is because security is paramount, and there is another option for those who wish to provide files publicly: uploading these files to their own servers (or the servers they're renting), in the same way that Zotpress already allows users to upload and link images as thumbnails to citations.
  • edited February 22, 2011
    Generally speaking, the user who shared it would be liable. Zotero (or CDS, technically) is just a service provider, like YouTube and other sites. Allowing people to share files they have the rights for via the Zotero API is fine, but given that anybody can sue anybody for anything, and Zotero would have to respond to takedown notices, reasonable default settings and clear warnings are a good idea.
  • edited March 30, 2011
    Greetings! Great tool! I am in need of assistance. I ran into what i believe is a bug. I posted resources from one of my collections and set download to yes. However, the files are still not downloadable.

    http://www.lassanamagassa.com/me/about/general-exam-progress-update/

    How shall i proceed?
  • edited March 31, 2011
    Hey!

    Zotpress is a really great WP PlugIn. May I come up with two minor issues?

    1) The Sort-Function isn't sorting my displayed collection, I tried Author, Date

    2) The Download Function also doesn't seem to work at all
  • @lmagassa, lepasteffen

    Can you check and make sure that your downloads are publicly available on Zotero? If the download links aren't showing up, that's the only non-bug reason I can think of. If all is good on the Zotero side, Iet me know, and I'll follow up with troubleshooting on the Zotpress side.
Sign In or Register to comment.