Comment from Steven: It does this by redirecting the submission of the form to a hidden <iframe> when you click "Attach" (we cannot submit data through Ajax directly because you cannot read file contents from JS for security reasons). Once the file is submitted, the upload-section of the form is updated. Things to note:
* The feature degrades back to the current behaviour without JS.
* If there are errors with the uploaded file (disallowed type, too big, ...), they are displayed at the top of the file attachments fieldset.
* Though the hidden-iframe method sounds dirty, it's quite compact and is 100% implemented in .js files. The drupal.js api makes it a snap to use.
* I included some minor improvements to the Drupal JS API and code.
* I added an API drupal_call_js() to bridge the PHP/JS gap: it takes a function name and arguments, and outputs a <script> tag. The kicker is that it preserves the structure and type of arguments, so e.g. PHP associative arrays end up as objects in JS.
* I also included a progressbar widget that I wrote for drumm's ongoing update.php work. It includes Ajax status updating/monitoring, but it is only used as a pure throbber in this patch. But as the code was already written and is going to be used in the near future, I left that part in. It's pretty small ;). If PHP supports ad-hoc upload info in the future like Ruby on Rails, we can implement that in 5 minutes.
part of the node system! If you have a module that implements node
types, you'll have to udpate its CVS HEAD version.
We replaced _node_name() and _node_types() by _node(). The new _node()
hook let's you define one or more node types, including their names.
The implementation of the _node() hook needs to:
return array($type1 => array('name' => $name1, 'base' => $base1),
$type2 => array('name' => $name2, 'base' => $base2));
where $type is the node type, $name is the human readable name of the type
and $base is used instead of <hook> for <hook>_load, <hook>_view, etc.
For example, the story module's node hook looks like this:
function story_node() {
return array('story' => array('name' => t('story'), 'base' => 'story'));
}
The page module's node hook module like:
function page_node() {
return array('page' => array('name' => t('page'), 'base' => 'page'));
}
However, more complex node modules like the project module and the
flexinode module can use the 'base' parameter to specify a different base.
The project module implements two node types, proejcts and issues, so it
can do:
function project_node() {
return array(
array('project_project' => array('name' => t('project'), 'base' => 'project'),
array('project_issue' => array('name' => t('issue'), 'base' => 'project_issue'));
}
In the flexinode module's case there can only one base ...
This hook will simplify the CCK, and will make it easy (or easier) to merge
the story and page module.
In addition, node_list() became node_get_types(). In addition, we created
the following functions: node_get_name($type) and node_get_base($type).
list_themes() sorts the results by name. This uses filesort in MySQL since there aren't any indexes. Sorting is not used except in system_user(). This one use can be handled with ksort since it is not often executed (only on the user edit screen when multiple themes are enabled).
And a one line fix to remove a variable in system_user() is in here too.
Note: I also (mostly) unified the tags to use the "// ID" form instead of "/* ID */", but that's more of a cosmetic issue. I'm not sure whether *.txt files and the stuff in themes/ need tags(?).
"This function is called in one place, so it can be rolled into the calling function. The return value isn't used so we can remove handling of it. This is executed for every non-cached page view, so the smaller code should save a smallish ammount of memory and time."
up the documentation a little.
chx: can you double-check whether the global $conf variable is secure?
(That is, make sure it can't be send using the URL or something.)
NOTE: this patch works well, but the improved node edit form still has
some rough edges. It is important that we continue to improve
usability. Give it a try.
TODO: update the "Migrating themes from Drupal 4.6 to Drupal HEAD"-page in
the Drupal handbook!
TODO: update the themes in the contributions repository.
keep track of the user's last access. In turn, this allowed me to:
1. Optimize the "Who's online" block. On drupal.org, the "Who's online"
block requires 32 SQL queries. With this patch, only 2 queries are
left (eliminated 30 SQL queries), and one of the two remaining queries
became appr. 20 times faster.
2. Correct the "Last access" column in the user administration overview
table. The presented data was not accurate, which led to the column
being removed. You can now sort users by 'last access'.
Changes include:
* parsing of the primary/secondary links has been moved out of phptemplate and into theme_get_setting.
* unnecessary and XHTML-invalidating duplicate div#help removed from themes/bluemarine/page.tpl.php (this is already generated by theme_help)
* weird generation of the "edit primary/secondary links" messages removed from bluemarine and placed in theme.inc
* unnecessary changes to themes/bluemarine/style.css rolled back (the phptemplate bluemarine had an older version of style.css than the one in core)
* chameleon updated to work with new link scheme (passes links through theme_links)
- Converted the Bluemarine theme from XTemplate to PHPTemplate.
- Moved the the Pushbutton theme and the Xtemplate engine to the contributions repository.
Drupal's existing caching mechanism doesn't perform well on highly dynamic websites in which the cache is flushed frequently. One example is a site that is under attack by a spambot that is posting spam comments every few seconds, causing all cached pages to be flushed every few seconds. Loose caching immediately flushes the cache only for specific users who have modified cached data (whether or not they are logged in), delaying the flushing of data for other users by several minutes.
(I rewrote the help text a bit and made minor changes to the code comments.)
* Fix a bug which would cause the "configure" link for styles to be broken.
* Fix a bug with using drupal_get_filename for theme engines. Although this is not called anywhere in core, we should still fix it for contrib. (i.e. themes that may want to manually invoke a theme engine to create a hybrid theme)
* Correct an inaccurate comment in theme.inc
* Populate the default primary links with an "edit primary links" link for consistency with the secondary links
* remove some unnecessary variables in the theme administration which had misleading and confusing names
* replace time-consuming foreach when rendering theme admin page with a more efficient array_key_exists
* usability: rather than completely removing the search box checkbox when search.module is disabled, simply disable it. (UI elements shouldn't appear/disappear.)
There are 5 main functions that modules may now utilize to handle images:
* image_get_info() - this function checks a file. If it exists and is a valid image file, it will return an array containing things like the pixel dimensions of the image, plus the 'type' and common extension.
* image_scale - resizes a given image to fit within a given width / height dimensions, while maintaining aspect ratio (not distorting the image). This function can be used to generate thumbnails, or ensure a maximum resolution, etc.
* image_resize - similar to image_scale (but will not respect aspect ratio - may well distort the image).
* image_rotate - rotate an image by X degrees
* image_crop - crops an image to a given rectangle (defined as top-left x/y coordinates plus a width & height of the rectangle).
Contribution modules will now be able to rely on these base manipulation functions to offer additional functionality (such as image nodes, photo galleries, advanced image manipulation, etc).
We added a 'severity' column to watchdog():
watchdog($type, $message, $link) --> watchdog($type, $message, $severity, $link);
* Specify a severity in case you are reporting a warning or error.
* The $link-parameter is now the fourth parameter instead of the third.
TODO: document this in the upgrade guide.
* Less logic in theme code.
* Encourages use of the menu system.
* Easier to find where a title or breadcrumb comes from in other people's code because there are less places to look. Look in menu and then grep for the appropriate set function. Looking for calls to theme_page() is hard because there are too many of them.
* Very slightly more efficient.
- Slight addition to INSTALL.txt with regard to PHP versions.
- Updated/reworded some node type descriptions as per Boris' suggestions.
- Adding missing {} around a table name in update.php.
1. Fixed broken watchdog calls: two watchdog calls omitted the type parameter, and thus injected logs into the type field, instead of the message field.
2. Removed t() functions from user contributed content.
db_query($query, $a, $b, $c);
db_query($query, array($a, $b, $c));
This usage is particularly interesting when the query is constructed dynamically, and the amount of arguments to pass varies. In that case we use the second method to avoid using call_user_func_array(). This behaviour is not documented explicitly, but it is used in several places.
However, db_query_range() and pager_query() do not support this syntax properly, which means there are several pieces of code which still revert to the ugly call_user_func_array() call.
This patch updates db_query_range() and pager_query() so they support the array-passing method. I also added documentation about this method to each of the db functions.
I also cleaned up the code for db_query (it was weird and hard to understand) and moved db_query() and db_queryd() from database.xxxxx.inc to database.inc: it was the same between both mysql and pgsql, as it doesn't do anything database specific. It just prefixes the tables and inserts the arguments. The actual db query is performed in _db_query(), which is still in database.xxxxx.inc.
Finally, I updated several places with the new syntax, and the code is a lot cleaner. For example:
- array_unshift($params, "SELECT u.* FROM {users} u WHERE $query u.status < 3");
- $params[] = 0;
- $params[] = 1;
- $result = call_user_func_array('db_query_range', $params);
+ $result = db_query_range("SELECT u.* FROM {users} u WHERE $query u.status < 3", $params, 0, 1);
and
- return call_user_func_array('db_query_range', array_merge(array($query), $args, array((int)$pager_from_array[$element], (int)$limit)));
+ return db_query_range($query, $args, (int)$pager_from_array[$element], (int)$limit);
I've tested it on mysql. I didn't alter the actual db behaviour, so pgsql should be okay too.
This patch is important because many people avoid the call_user_func_array() method and put data directly into the db query. This is very, very bad because the database prefix will be applied to it, and strip out braces. It's also generally bad form as you have to call check_query() yourself. With the new, documented syntax, there is no more excuse to put data directly in the query.
changes are:
1. Simplified the statistics pages: there are less pages and on the
remaining pages there is a lot less visual clutter (less columns and
better presentation).
2. Reorganized the 'administer - logs' menu: flattened the menu structure
and removed a number of links.
3. Improved performance. Most statistics pages used about 160 slow SQL
queries which made the statistics pages fairly unusable on my system.
The new pages use at least 10 times less SQL queries and render much
faster. They are actually usable.
4. There is now a 'track'-tab on node pages, and a second subtrab on the
user accounts 'track'-tab for people with the 'access statistics'
permission. They can be used to resp. track the node and the user.
This makes the statistics more accessible.
5. Changed the way watchdog messages are filtered. This makes it easier
to introduce new watchdog types.
6. Reworked the statistics module's permissions.
7. Less code: 223 insertions(+), 343 deletions(-).
8. Fixed several glitches: for example, the statistics pages sorted the
'Name' column by user ID instead of by name. Unfortunately, it is
too difficult to backport these to DRUPAL-4-5.
TODO:
1. Review the statistics modules help pages.
2. Help fine-tune the interfaces/views.
NOTES:
1. You'll want to run update.php.
+ Make bootstrap functionality work with HEAD.
+ Move functions into bootstrap.inc so that statistics_exit() works for cached pages. (Does this close any issues?)
Read the manual for pg_escape_string: "Use of this function is recommended instead of addslashes()." Or read sqlite_escape_string: "addslashes() should NOT be used to quote your strings for SQLite queries; it will lead to strange results when retrieving your data."
Dries Buytaert
Steven Wittens