OJS主题(Theme)开发技巧

OJS的网站默认主题比较简单,颜色也略显单调,所以开发一个符合自己期刊风格的主题是必要的。在开发过程中,开发人员需要注意以下几点:

  1. 严格遵循OJS theme plugin的接口进行主题开发,便于OJS后续的升级与维护
  2. 由于OJS 2.x的版本是一个基于table的布局,所以bootstrap不是很适合。另外Jquery的版本过低也是不用bootstrap的原因
  3. 注意文章终端页样式,这里容易遗漏
  4. 模版最好做到唯一源,同样内容不得多次多处修改

差不多就这几点吧,希望对从事OJS主题开发的同行提供一些帮助。

在导航栏(Navigation Bar)里添加定制链接

Under Section 5.5: Navigation Bar, you can add a Navigation Bar link to the current set at the top of every journal page. This can be an in-site link (for example, linking directly to a Submission page), or an external link (linking to a journal sponsor’s website).

An interesting use of additional navigation links is to add a blog or wiki for your journal, allowing for more interaction with your readers, and the development of an online community.

For example, if your OJS site is at http://mysite.com/ojs and you have an associated blog at http://mysite.com/blog, you can add a link to that blog from the navigation bar.

OJS 2.4.8-3 released

PKP is proud to announce the release of OJS 2.4.8-3.

To run OJS 2.x, your web server will need:

  • PHP 4.2.x or later (including PHP 5.x) with MySQL or PostgreSQL support
    A database server: MySQL 4.1 or later OR PostgreSQL 8.0 or later
  • UNIX-like OS recommended (such as Linux, FreeBSD, Solaris, Mac OS X, etc.). OJS 2.0.2 and above supports Windows servers (including IIS).

If you do not understand these system requirements, consult your department’s technical administrator. If you are looking for OJS hosting support, PKP Publishing Services offers a full range of hosting and consultation services.

Download url:http://pkp.sfu.ca/ojs/download/ojs-2.4.8-3.tar.gz

OJS 2.4.8-2 released

PKP is proud to announce the release of OJS 2.4.8-2.

This is a maintenance release, containing several minor bug fixes for OJS 2.4.8-1. The most notable change is conformance to CrossRef’s updated DOI Display Guidelines 23. (OJS 3.x is already conformant to these changes.)

You can download OJS 2.4.8-2 from the OJS Download 35 page. Upgrade instructions are available in docs/UPGRADE.

Thanks as always to our community for its support and contributions.

OJS 2.4.8 中对已出版文章删除的正确操作

版本: OJS 2.4.8

如果有这种情况,对于已经分配于卷期的文章要做“删除”处理: 一般编辑会在当前卷期内移除,这时候前台的该卷期不再会显示该文章。

实际上呢,该文章并没有被彻底删除,而是被转移到了存档(Archives)中, 如果编辑没有存档的意图,只是用了Quick submission 插件,最好在存档中彻底删除该文章,做一个有效的清理。

Upgrade OJS 2.4.6 to OJS 3.x error

官方论坛有用户安装报错如下:

My system has OJS 2.4.6 running on

PHP 5.3.2-1
MySQL 5.7.21
Apache 2.4.18

I’m trying to update it to OJS 3 but all the tests I do are wrong.

    • I have tried to update it to version 3.0.1 and 3.0.2 in two different tests and after running
      php tools / upgrade.php upgrade” everything ends correctly.
      But the system does not work after the two update tests in the browser returns the error in trying to open the initial screen
Fatal error: Call to a member function getUserVar () on a non-object in /home/sp-dgroup/a3/www.um.es/testmigra/ojs_v3.0.2/classes/i18n/AppLocale.inc.php on line 75
  • I have also tried updating from OJS 2.4.6 to 3.1.0 and 3.1.0-1 in two different executions starting from the initial one, on the system

PHP 7.0
MySQL 5.7.21
Apache 2.4.18

but after the execution of “php tools / upgrade.php upgrade” it always returns the error

PHP Fatal error: Uncaught Error: Call to a member function getId() on null in /ojs_v3.1.0_1/classes/install/Upgrade.inc.php:1103
Stack trace:
#0 /ojs_v3.1.0_1/lib/pkp/classes/install/Installer.inc.php(415): Upgrade->convertSupplementaryFiles(Object(Upgrade), Array)
#1 /ojs_v3.1.0_1/lib/pkp/classes/install/Installer.inc.php(265): Installer->executeAction(Array)
#2 /ojs_v3.1.0_1/lib/pkp/classes/install/Installer.inc.php(186): Installer->executeInstaller()
#3 /ojs_v3.1.0_1/lib/pkp/classes/cliTool/UpgradeTool.inc.php(88): Installer->execute()
#4 /ojs_v3.1.0_1/lib/pkp/classes/cliTool/UpgradeTool.inc.php(64): UpgradeTool->upgrade()
#5 /ojs_v3.1.0_1/tools/upgrade.php(34): UpgradeTool->execute()
#6 {main}
thrown in /ojs_v3.1.0_1/classes/install/Upgrade.inc.php on line 1103

分析:从报错信息来看,无法辨识错误具体原因,由于OJS含有众多插件,而且是第三方的为多,OJS 开发者忙于主干开发,插件跟进比较吃力,升级报错一般来源于插件,或者一些次要的功能模组。

OJS and Security

这是官方的OJS安全建议,我摘抄了一部分关于OJS,建议参看:

OJS is all web-based applications that allow users to create accounts and upload content, including files, to the web server. As such, the security of each application must be taken seriously – by the developer (that’s PKP), and by the end-user (that could be you, your university, or another hosting service). In this FAQ entry, we address:

  1. The steps PKP takes to develop secure software, and how you can help
  2. Best practices for deploying PKP software securely
  3. Recommended practices for appropriate file management and “internet hygiene” as a user of the system

1) The steps PKP takes to develop secure software, and how you can help

PKP follows standard best practices for web security, including consistent use of escaping to avoid XSS attacks, tokens to prevent CSRF attacks, etc. We stay abreast of recent trends in security, and wherever possible, use best-of-breed third-party tools with large communities of support. Our software includes structures to permit authorization policy recombination, ensuring that sensitive content is not exposed beyond the amount required for a scholarly workflow. We are responsive to bug reports, security audits, and community inquiries and welcome any such contributions. We disclose serious security issues, when they are discovered, via each applications’ software download page:

OJS: https://pkp.sfu.ca/ojs/ojs_download/ 45

The small number of these, historically, is testament to our caution in keeping our software secure.

2) Best practices for deploying PKP software securely

A secure deployment of OJS can be best achieved by using the following recommendations, which are described in docs/README in every download of OJS:

  • Dedicate a database to OJS; use unique credentials to access it. Configure this database to perform automated backups on a regular basis. Perform a manual backup when upgrading or performing maintenance.
  • Configure OJS (config.inc.php) to use SHA1 hashing rather than MD5.
  • Enable captcha or recaptcha in your config.inc.php file, and test that they are working. This will prevent most spam user registrations.
  • Configure OJS (config.inc.php) to use force_ssl_login so that authenticated users communicate with the server via HTTPS. (You will also have to properly create and configure an SSL certificate to do this properly.)
  • Install OJS so that the files directory is NOT a subdirectory of the OJS installation and cannot be accessed directly via the web server.
  • Restrict file permissions as much as possible.
  • Deploy and test a proper backup mechanism. The backup mechanism should back up the database, the OJS system files, and the OJS submission files directory (the “files_dir” parameter in config.inc.php. Ideally, you should make both on-site and off-site backups.
  • Ensure that your web server environment is regularly updated, in particular with any and all security patches.

If these steps are followed, you will substantially reduce the risk of falling prey to common hacking techniques. We strongly urge you to review your existing configurations and ensure these steps have been followed.

3) Recommended practices for appropriate file management and “internet hygiene” as a user of the system

As an author, reviewer, or editor in OJS you deal with submission files from people you don’t know on a daily basis, and there are some basic precautions that you will want to take to mitigate the possibility of being compromised via one of these files. These steps don’t differ from how you would deal with email or other daily life on the internet, but are worth outlining in general form here.

Make sure you have antivirus software installed, and that it is up to date;
Make sure your operating system and all software (especially Word and Excel) are kept up to date, ideally by turning on any auto-update features available to you;
Make sure you have a backup solution available for your work computers;
Practice good password management: don’t use the same username/password in OJS as you would for any other online account, and don’t use an easy to guess password;

Treat everything that you get online with the knowledge that you received it from someone you don’t know, and act likewise. If a submission appears to be suspicious for any reason (strange email address, suspiciously generic title or abstract, etc.), treat the included files with an additional level of diligence.

如果您有更多的安全问题,可以联系edwin@hxstong.com

OJS 3.1.1-2 Released

PKP announces the release of OJS 3.1.1-2.

These are bugfix releases, notably correcting a reflected XSS vulnerability:

  • OJS 3.0.0 to 3.1.1-1: Issue #3785 28 (also Bootstrap and Health Sciences themes)

This type of vulnerability requires some social engineering to take advantage of, and runs client-side, so does not present a high risk. However, it is worth correcting if you’re running an affected release (and we always recommend staying up to date). If you are unable to upgrade to the latest release, there are patch instructions at the links above.

To download OJS 3.1.1-2, and for information on upgrading from previous releases, please see http://pkp.sfu.ca/ojs_download 15

See PKP Applications and Security 4 for general information on security.

Thanks to Metamorfosec for discovery & reporting of the XSS issues.