Symfony Twig is a PHP templating engine, which has pretty much become the standard way that PHP applications do templating. I’ve used it in other projects, and find it pretty cool.

Known uses its own PHP templating language… or rather, it uses PHP. But, I thought it would be useful if Known could support both.

So, in the latest build, as well as .tpl.php Bonita template files, you can also create .html.twig files. These work in pretty much the same way, with the same hierarchy, but provide a more “standard” way of doing things.

I don’t imagine Bonita going anywhere any time soon, but I will probably be moving more and more stuff to twig going forward.

I use the Crayon syntax highlighting plugin in order to display code on this blog. Recently I upgrade my server to PHP 7.3, which broke a fair few things, including this plugin.

Unfortunately, it looks like this plugin is no longer being maintained – the latest stable release was three years ago, and the latest commit on their GitHub was over a year ago.

Never fear, open source is here!

If you’re using the stable version, open up crayon_langs.class.php and change crayon_langs.class.php:340 from this:

preg_replace('/[^\w-+#]/msi', '', $id);

To this:

preg_replace('/[^\w\-+#]/msi', '', $id);

Notice the escaping before the - character.

Should work now.

A number of folk have been starting to see some more spam comments appearing in their logged out comments section, posted by bots.

I’ve already written an Akismet plugin, which has helped with some of it, and Known core has also been extended with some countermeasures. However, I have wanted to see if I could do some more.

When I was wearing one of my other hats the other day, I had the opportunity to play with the new Recaptcha 3 code, and I thought I’d bring it to Known.

Recaptcha 3 takes a new approach to detecting bots. Rather than getting a popup and getting you to click on pictures (which is very very annoying, and hard for those with accessibility issues), Recaptcha 3 does some arcane magicks behind the scenes to determine who’s bot or not, and then gives you a score indicating the likelihood that you’re dealing with a human. 1.0 for high likelihood of a meat sack, 0.0 for a bot, and then any value in between.

Much like with spam detectors like Spam Assassin, you can then set your own threshold values and do this on a page by page basis.

Crucially, you’re never going to get a popup. Thank the Gods.

Anyway, I’ve built this out as a plugin. Out of the box, you’ll get protection for login, registration, and public comments, but you can extend it to protect your own custom forms without too much trouble.

Have a play!

» Visit the project on Github...