to validate other form submissions, not just comments. Two new functions
are introduced, form_token() and form_validate(). The first function uses
a private key and a public key to set a token in a hidden field. The second
function validates the token. The comment and contect module are updated to
use these functions.
Comment from Steven: It does this by redirecting the submission of the form to a hidden <iframe> when you click "Attach" (we cannot submit data through Ajax directly because you cannot read file contents from JS for security reasons). Once the file is submitted, the upload-section of the form is updated. Things to note:
* The feature degrades back to the current behaviour without JS.
* If there are errors with the uploaded file (disallowed type, too big, ...), they are displayed at the top of the file attachments fieldset.
* Though the hidden-iframe method sounds dirty, it's quite compact and is 100% implemented in .js files. The drupal.js api makes it a snap to use.
* I included some minor improvements to the Drupal JS API and code.
* I added an API drupal_call_js() to bridge the PHP/JS gap: it takes a function name and arguments, and outputs a <script> tag. The kicker is that it preserves the structure and type of arguments, so e.g. PHP associative arrays end up as objects in JS.
* I also included a progressbar widget that I wrote for drumm's ongoing update.php work. It includes Ajax status updating/monitoring, but it is only used as a pure throbber in this patch. But as the code was already written and is going to be used in the near future, I left that part in. It's pretty small ;). If PHP supports ad-hoc upload info in the future like Ruby on Rails, we can implement that in 5 minutes.
part of the node system! If you have a module that implements node
types, you'll have to udpate its CVS HEAD version.
We replaced _node_name() and _node_types() by _node(). The new _node()
hook let's you define one or more node types, including their names.
The implementation of the _node() hook needs to:
return array($type1 => array('name' => $name1, 'base' => $base1),
$type2 => array('name' => $name2, 'base' => $base2));
where $type is the node type, $name is the human readable name of the type
and $base is used instead of <hook> for <hook>_load, <hook>_view, etc.
For example, the story module's node hook looks like this:
function story_node() {
return array('story' => array('name' => t('story'), 'base' => 'story'));
}
The page module's node hook module like:
function page_node() {
return array('page' => array('name' => t('page'), 'base' => 'page'));
}
However, more complex node modules like the project module and the
flexinode module can use the 'base' parameter to specify a different base.
The project module implements two node types, proejcts and issues, so it
can do:
function project_node() {
return array(
array('project_project' => array('name' => t('project'), 'base' => 'project'),
array('project_issue' => array('name' => t('issue'), 'base' => 'project_issue'));
}
In the flexinode module's case there can only one base ...
This hook will simplify the CCK, and will make it easy (or easier) to merge
the story and page module.
In addition, node_list() became node_get_types(). In addition, we created
the following functions: node_get_name($type) and node_get_base($type).
list_themes() sorts the results by name. This uses filesort in MySQL since there aren't any indexes. Sorting is not used except in system_user(). This one use can be handled with ksort since it is not often executed (only on the user edit screen when multiple themes are enabled).
And a one line fix to remove a variable in system_user() is in here too.
Note: I also (mostly) unified the tags to use the "// ID" form instead of "/* ID */", but that's more of a cosmetic issue. I'm not sure whether *.txt files and the stuff in themes/ need tags(?).
"This function is called in one place, so it can be rolled into the calling function. The return value isn't used so we can remove handling of it. This is executed for every non-cached page view, so the smaller code should save a smallish ammount of memory and time."
up the documentation a little.
chx: can you double-check whether the global $conf variable is secure?
(That is, make sure it can't be send using the URL or something.)
NOTE: this patch works well, but the improved node edit form still has
some rough edges. It is important that we continue to improve
usability. Give it a try.
TODO: update the "Migrating themes from Drupal 4.6 to Drupal HEAD"-page in
the Drupal handbook!
TODO: update the themes in the contributions repository.
keep track of the user's last access. In turn, this allowed me to:
1. Optimize the "Who's online" block. On drupal.org, the "Who's online"
block requires 32 SQL queries. With this patch, only 2 queries are
left (eliminated 30 SQL queries), and one of the two remaining queries
became appr. 20 times faster.
2. Correct the "Last access" column in the user administration overview
table. The presented data was not accurate, which led to the column
being removed. You can now sort users by 'last access'.
Changes include:
* parsing of the primary/secondary links has been moved out of phptemplate and into theme_get_setting.
* unnecessary and XHTML-invalidating duplicate div#help removed from themes/bluemarine/page.tpl.php (this is already generated by theme_help)
* weird generation of the "edit primary/secondary links" messages removed from bluemarine and placed in theme.inc
* unnecessary changes to themes/bluemarine/style.css rolled back (the phptemplate bluemarine had an older version of style.css than the one in core)
* chameleon updated to work with new link scheme (passes links through theme_links)
- Converted the Bluemarine theme from XTemplate to PHPTemplate.
- Moved the the Pushbutton theme and the Xtemplate engine to the contributions repository.
Drupal's existing caching mechanism doesn't perform well on highly dynamic websites in which the cache is flushed frequently. One example is a site that is under attack by a spambot that is posting spam comments every few seconds, causing all cached pages to be flushed every few seconds. Loose caching immediately flushes the cache only for specific users who have modified cached data (whether or not they are logged in), delaying the flushing of data for other users by several minutes.
(I rewrote the help text a bit and made minor changes to the code comments.)
* Fix a bug which would cause the "configure" link for styles to be broken.
* Fix a bug with using drupal_get_filename for theme engines. Although this is not called anywhere in core, we should still fix it for contrib. (i.e. themes that may want to manually invoke a theme engine to create a hybrid theme)
* Correct an inaccurate comment in theme.inc
* Populate the default primary links with an "edit primary links" link for consistency with the secondary links
* remove some unnecessary variables in the theme administration which had misleading and confusing names
* replace time-consuming foreach when rendering theme admin page with a more efficient array_key_exists
* usability: rather than completely removing the search box checkbox when search.module is disabled, simply disable it. (UI elements shouldn't appear/disappear.)
Dries Buytaert
Steven Wittens