(groups) and 'permissions' ... (inspired by Zope's system).
+ Once installed, click the help-link for more information.
+ See updates/2.00-to-x.xx.sql for the SQL updates.
- Modified loads of code to use our new access.module. The system
still has to mature though: new permissions have to be added and
existing permissions need stream-lining. Awaiting suggestions.
- As a direct result of the new access system, I had to rewrite the
way the top-level links in admin.php are rendered and displayed,
and xhtml-ified admin.php while I was at it.
TODO
- Home-brewed modules need updating, home-brewed themes not.
(Examples: file.module, trip_link.module)
- As soon we *finished* the refactoring of the user system (KJ has
been working on this refactoring already) we should consider to
embed this role and permission code into account.module ...
it wasn't a good idea to split them up in first place, and it turned
out to be quite hard to decide where to put some variables.
Also moved some variables around and even renamed a few variables
while doing so.
- Added a page_header() and page_footer() to all top-level .php pages.
streamlined the existing code, added new watchdog type called "httpd"
for Apache errors. The latter should make it easier to add watchdog
filters later on.
- Clarified some watchdog messages.
update, you'll break your site as you need switching from structure
to index.module: so this can be considered an intermediate commit.
If you upgrade, and you are welcome to, just create a collection
called "section" (for now) and assign your nodes some attributes
in the described format.
Feedback and bugreports are welcomed. Questions will be answered.
CHANGES:
- comment system:
+ when replying to a node (rather then to a comment), that
node is displayed above the reply form.
+ when replying to a comment (rather then to a node), that
comment is displayd above the reply form.
- removed structure.inc, removed structure.module.
- node.inc:
+ added 2 new node functions called 'node_attribute_edit()' and
'node_attribute_save()' used to 'hook in' any indexing system
including your home-brewed stuff if you'd want to. Currently,
index.module is the facto default index system.
See story.module for usage.
- book.module, story.module, poll.module, page.module, forum.module:
+ added preview functionality to administration section (via node
module).
+ removed all references to structure.inc (category, topic).
- moderate.module:
+ removed all references to structure.inc (category, topic).
- book.module, story.module, page.module, forum.module:
+ increased the sizes of some textareas.
- submit.php:
+ removed all references to structure.inc (category, topic).
- marvin.theme:
+ removed dead code: function story() was depricated.
- unconed.theme:
+ removed hardcoded references to drop.org.
- marvin.theme, unconed.theme, jeroen.theme, yaroon.theme, example.theme:
+ removed all references to structure.inc (category, topic).
TODO:
- file.module, trip_link.module:
+ update preview functionality:
see story.module for example.
+ remove references to 'cid' and 'tid', use 'attribute' instead:
see story.module for example.
- extend and build upon index.module as well as making it configurable
- Redid settings.module and even renamed it to conf.module.
* Settings are now grouped in basic categories like "system
settings", "module settings" and "filters".
* Added new settings to make Drupal easier to configure and
to make some aspects like the watchdog scale better.
- Renamed includes/settings.php to includes/conf.php.
- Added filter support to conf.module and introduced filter hooks so
modules can implement and export new filters. Example filters are
an HTML filter (implemented), a profanity filter, an url converter,
ASCII smileys to images filter and so on ...
- Reworked the check_* functions: user contributed content/input is
only verified and filtered once in its lifespan.
NOTES
- Altough this is a large commit, no database changes are required.
+ path_uri(): returns the fully-qualified URI of your drupal site.
+ path_img(): returns the image directory or http://image-server.com/
in case you prefer to load-balance bandwidth usage.
Replaced all occurences of the variable "site_url" with path_uri()
and removed "site_url" from "setting.module".
- Drastically simplified the node_save() API, which should make the
node-forms more secure. Updated "story.module", "book.module",
"forum.module", "page.module" and "node.module" to reflect this
change. This is needs more testing so hit it, beat it, tease it.
- Fixed an occasional glitch in the configuration file loading logic.
- Made "queue.module" display an informative notice when an anonymous
user tries accessing the moderation queue.
- Updated the hard-coded information in drupal.module a bit.
overhead, and a lot better (simpler) module API. I had to edit a
LOT of files to get this refactored but I'm sure it was worth the
effort.
For module writers / maintainers:
None of the hooks changed, so 95% of the old modules should still
work. You can remove some code instead as "$module = array(...)"
just became obsolete. Also - and let's thank God for this - the
global variable "$repository" has been eliminated to avoid modules
relying on, and poking in drupal's internal data structures. Take
a look at include/module.inc to investigate the details/changes.
- Improved design of the content modules "story", "book" and "node"
(to aid smooth integration of permisions + moderate.module). I'm
still working on the permissions but I got side tracked for which
I "Oops!".
CHANGES:
- Added "read" and "write" permissions into drupal but removed
it again because - when finished after 3 hours of work - it
was considered nothing but added complexity that didn't buy
us anything. :I
(I'll explain this in detail on the mailing list, I guess.)
- Added a very simple help.module to group all available
documentation on a single page.
- Fixed bug in node_control(), book.module: UnConeD forgot to
global $user when updating the combobox code.
- Removed static wishlist.module: in future, the wishlist can
be maintained as a page in our collaborative book.
- Revised most of settings.module: tidied up the code and the
descriptions to accompany the settings and introduced a new
"default maximum number of nodes to display on the main page"
variable.
- Revised most of comment.module: the administration interface
looks better now, integrated node permissions, and -finally-
made it possible to delete comments.
- Polished on:
+ account.module
+ structure.module
+ locale.module
+ module.module
+ forum.module
- Form-ified:
+ account.php
+ account.module
+ setting.module
+ cvs.module
+ submit.php
+ comment.module
+ forum.module
+ book.module
+ page.module
+ locale.module
- Updated CHANGELOG
INFO:
- Designed a "generic tracker system with optional backends"
on paper. The idea is to allow registered users to hot-list
certain topics, individual nodes or threads (comments) and
to "plug-in" output backends like - for instance - an e-mail
digest. The design requires "intelligent blocks" though.
TODO:
- I want to tidy up the headline.module and backend.class as
well as merge in headlineRSS10.module. Julian spent quite
some time working on headline.module but I'm not sure what
he changed and whether he'd contribute it back?
a node per node basis, rather then on a category per category
basis. The default settings for each individual category can
be changed though.
Example: it can be setup so that - by default - all stories
posted to the category "article" will have comments enabled
but stories submitted to "announcement" not.
Different configuration schemes can easily be added later.
Requires a SQL update, see 2.00-to-x.xx.sql/database.mysql.
- Addition: made submit.php only use categories that users can
actually submit new content to.
it now uses the new category code, incl content bindings.
You can setup different "categories" which map on a content
type. Example:
review -> review.module
article -> story.module
column -> story.module
announc. -> story.module
addons -> file.module
themes -> file.module
- "generalised" story.module and book.module's output.
- fixed bug in includes/timer.inc
- fixed glitch in theme example.theme: it said "$how by" but
the variable $how has never been declared.
- added "drupal development settings" to display some timings
- more work on the categories/topics -> does NOT work yet
abstract() + article() = story()
abstract() and article() have been merged into a new function story()
which looks like:
function story($story_object, $reply) {
if (!reply) {
// full story
}
else {
// main page version / abstract
}
}
This should allow you to "compress" your theme as abstract() and
article() tended to be 98% identical.
=> I didn't really merge your themes so I leave it up to *you* to
improved the code!!! Do it ASAP as we release drupal 2.00 in 7
days.
In future we'll have similar functions for other content types as
for example:
review($review, $reply);
enquete($enquete, $reply);
...
revised most of the SQL queries and tried to make drupal as secure as possible (while trying to avoid redundant/duplicate checks). For drupal's sake, try to screw something up. See the mail about PHPNuke being hacked appr. 6 days ago. The one who finds a problem is rewarded a beer (and I'm willing to ship it to Norway if required). I beg you to be evil. Try dumping a table a la "http://localhost/index.php?date=77778;DROP TABLE users" or something. ;)
- replaced the "open submission queue" (submission.php and submission.inc)
with an optional module (submission.module).
- tidied up the HTML code of some files
This time I redid the "category"-stuff. Categories - from now on called sections - are now maintained from the admin pages, can have their own post, dump and timout thresholds as discussed earlier (some weeks ago). By tomorrow evening users will be able to enable or disable section as well - i.e. to customize the content of drop.org.
integrated them were appropriate. It works better and the code is
more readable then it used to be:
(see http://drop.org/discussion.php?id=44&pid=0#0)
- story authors can no longer moderate their own stories
(requested by Natrak)
- fix inie-winnie small detail in theme marvin
- drastically improved administration section
- drastically revamped story administration:
added new feature to schedule the publishing of stories
- applied correct naming conventions to submission.php
- fixed 1 small glitch in boxes
- somewhat expanded the documentation
= changed one SQL table
- updated the faq with info on drupal
- ... and more things I forgot about
- removed droplets
- added (optional) admin_blocks module
- added (optional) affiliate module
- added (optional) about module (only placeholder, under construction)
- fixed some tiny bugs (e.g. quote bug in search.php)
- partionally rewrote some modules to be big, bad and better
- partionally rewrote some modules to be more uniform
- added GNU GPL license to CVS
Also:
- installed PHP 4.0.4 on my localhost and now working
towards PHP 4.0.4 compatibility.
- I think I'll baptize the engine "drupal". If you have a
better idea, try convincing me ASAP.
Todo:
- more testing (also with PHP 4.0.4)
- make "project"-module: download, info, blah blah
- complete documentation
- I rearranged some of the code and clean-up some of the mess.
- Added "blocks" which can be user defined/controlled: check
to see. The positioning of blocks is rather basic for the
moment, so I'm all open for input on that.
1. improved .htaccess to be more "secure": to keep prying
eyes out
2. rewrote the administration section from scratch using a
modular approach
3. improved the information gathered by error.php - we can
now (hopefully) track what bots are crawling us.
4. fixed a bug in submit.php, fixed a bug in theme zaphod,
fixed a bug in theme marvin.
5. rewrote cron from scratch - it now interfaces with
modules as it should have been from the beginning.
Very cool if you ask me - it can use UNIX/Linux
crontabs.
6. updated widget.inc to be module aware - needs more
work though - maybe this afternoon?
7. updated most modules: small bugfixes, improvements, and
even the documentation
8. removed diary.php and made it a module - you can now
run a drop.org site without a diary system if someone
would prefer so
9. updated all themes to use the new modules where
appropriate
10. added a robots.txt because the error message in the
watchdog become annoying.
11. added the new configuration system (mutliple vhosts
on the same source tree) - use hostname.conf instead
of config.inc
12. removed calendar.inc and made it a module
13. added format_interval() to functions.inc (UnConeD)
14. whatever I forgot ...
site:
- watchdog (rewrite):
+ the collected information provides more details and insights
for post-mortem research
+ input limitation
- database abstraction layer:
+ mysql errors are now verbose and is no longer displayed in a
browser - fixes a possible security risk
- admin.php:
+ updated watchdog page
+ fixed security flaw
- diary.php:
+ fixed nl2br problem
- themes:
+ fixed comment bug in all 3 themes.
- misc:
+ renamed some global variables for sake of consistency:
$sitename --> $site_name
$siteurl --> $site_url
+ added input check where (a) exploitable and (b) possible
+ added input size check
+ various small improvements
+ fixed various typoes
... and much, much more in fact.
- fixed bug in discussion.php
- theme update: comment() now takes 3 arguments:
$comment - an object with comment data
$link - a link to the reply form of that particular
comment
$thread - the subthread of that particular comment
- theme 'marvin' and theme 'zaphod' are updated, theme
'unconed' is left to be done
(suggestion UnConeD)
- Added anchors to comment links to easy comment navigation.
(suggestion UnConeD)
- Fixed duplicate `you voted' after moderating a story.
(suggestion UnConeD)
- Fixed quote bug in administration center.
- Expanded user administration with timezone information.
- Improved the theme system by eliminating the "preview" function.
Let's not make the system more complex then it ought to be.
- Refined watchdog administration.
- ...
- fixed a bug in account.php: the confirmation url is now correct.
- improved error checking + security in diary.php.
- fixed a bug in the html code of theme zaphod.
- improved the date handling: always call format_date().
- expanded account information in administration pages.
- added a new variable $siteurl to ./includes/config.inc.
- added comment moderation to theme zaphod.
- "alter table users add timezone varchar(8);"
- !!! added new timezone feature !!! :o)
by means of better security checks in order to avoid malicious behavior.
In addition, quite some code has been fine-tuned.
However, as a result, every theme will require a small update ...
visual changes:
- removed redundant files user.class.php, calendar.class.php
and backend.class.php.
- converted *all* mysql queries to queries supported by the
database abstraction layer.
- expanded the watchdog to record more information on what
actually happened.
- bugfix: anonymous readers where not able to view comments.
- bugfix: anonymous readers could gain read-only access to
the submission queue.
- bugfix: invalid includes in backend.php
- bugfix: invalid use of '$user->block'
and last but not least:
- redid 50% of the user account system
---------
- improved the user information page.
- improved the story submission page.
- fixed comments score bug: '.00' --> 'x.00'
- tried fixing the calendar wrapping - UnConeD, is it fixed now?
- provided a link back to the submission queue after having voted
for a story.
- fixed comment subject bug (and security flaw) by replacing
quotes by ".
- updated theme 'zaphod': fixed 2 bugs.
- updated theme 'marvin': fixed 1 bug and improved the layout so
things wrap (hopefully) better in Windows.
- comments have by default no subject pre-set - if no subject is
provided, the user is warned and when a comment eventually got
submitted without a subject, a subject is composed using the x
first characters of the comment's body.
- improved comments on submit.php
- corrected a typo in the FAQ.
UnConeD
-------
- replace 'article.php' by 'discussion.php'
- comment() still uses old references to account.php: the
parameters you supply to account.php does no longer hold.
You have to update those links to the new syntax.
- commentcontrol() is outdated - copy paste the one of
theme 'marvin' and adjust it to your likings.
- Added a basic implementation of comment moderation
- Updated and renamed my 2 themes: I removed redundant boxes and tried to
work towards simplicity.
- Disabled the other themes as they are broken (I gave you sufficent time
to update them).
- Removed redundant files.
- Added security checks with regard to the usage of HTML tags.
made quite a lot of additions. The most remarkable addition is the
diary server, which I slapped together in less then 40 minutes. Most
of the other changes are however `unvisible' for the user but add much
value to a better maintainability from a developer's objective. Like
always, I fixed quite a number of small bugs that creeped into the code
so we should have a bigger, better and more stable drop.org.
Unfortunatly, some theme update _are_ required:
REQUIRED THEME UPDATES:
=======================
* use format_username() where usernames are used
* use format_date() where timestamps/dates are used
* use format_email() where e-mail addresses are displayed
* use format_url() where url are displayed
* replace 'formatTimestamp' with format_date
* replace 'morelink_*' with 'display_morelink'
[most of these functions are in function.inc or template.inc]
___PLEASE___ (<- this should get your attention ;) update your themes
as soon as possible - it only takes 30 min. to get in sync with the
other themes. Don't start whining about the fact you don't know what
to change ... either eat the source cookie, or ask me to elaborate on
a few changes. Just let me know what's puzzling you and I'll try to
help you out!
TODO LIST FOR NEXT WEEK
=======================
* Add checks for max. text length in textarea's? Is there an HMTL
attribute for this or ...?
* Comment moderation + mojo
* Edit/admin user accounts: block, delete, change permissions, ...
* E-mail password, change password, change e-mail address -> extra
checks and routines to validate such `special' changes.
* Input checking - input filter: bad words, html tags, ...
and sleep, new stuff is finally in drop.org. This is a quite large
and wide-ranging update, which affects almost all of the system files
in one way or another. I fixed quite a lot of bugs and added quite a
lot of new features, mostly administrative tools as these were really
lacking. It's far from finished but it's a start ...
Dries Buytaert