- Redid settings.module and even renamed it to conf.module.
* Settings are now grouped in basic categories like "system
settings", "module settings" and "filters".
* Added new settings to make Drupal easier to configure and
to make some aspects like the watchdog scale better.
- Renamed includes/settings.php to includes/conf.php.
- Added filter support to conf.module and introduced filter hooks so
modules can implement and export new filters. Example filters are
an HTML filter (implemented), a profanity filter, an url converter,
ASCII smileys to images filter and so on ...
- Reworked the check_* functions: user contributed content/input is
only verified and filtered once in its lifespan.
NOTES
- Altough this is a large commit, no database changes are required.
- Rewrote the cron system. Removed cron.module and moved all cron
related options to settings.module. Cron was a confusing thing:
it has been made simpler both in terms of code and configuration.
+ You had to rehash your modules to make the cron show up in
the list. This is no longer required.
+ You couldn't tell what cron "watchdog" or cron "story" were
up to. Instead, we now display a clear description message
for every cron involved.
+ The user interface of setting.module - and the admin section
in general, looks a bit ackward but I couldn't care less and
don't want to see this improve at the time being.
- Improved setting.module:
+ Now uses variable_set().
+ Added some help and documentaition on how to setup cron.
- Improved ./export.
- Updated CHANGELOG.
TODO:
- I'm now going to look into UnConeD's question with regard to
check_output() and $theme->node(), as well as the filter and
macro stuff. I'll probably be fine-tuning setting.module a
bit more on my way.
On Windows machines (not sure about *nix boxes) it's not always pre-sorted by the filesystem. It has no effect code-wise, but it will cause all module-lists in Drupal to be sorted alphabetically (e.g. the links in admin.php).
- Simplified field_set() API.
- Made UnConeD's cool common timestamp format conform with the
general coding style. Sorry to be so picky about this but I
really can't help it. ;)
this information to the "users"-field in both nodes and comments.
This database/table change reduces the number of SQL queries and
makes Drupal scale better where a lot of voting/moderation takes
place. Last but not least it can be considered a new and better
foundation for future moderation metrics / algorithms. In other
words: it is plain better.
--> oops, all voting/moderation results will be lost!
--> requires database update, see "2.00-to-x.xx.sql"!
- Updated database/database.mysql
+ path_uri(): returns the fully-qualified URI of your drupal site.
+ path_img(): returns the image directory or http://image-server.com/
in case you prefer to load-balance bandwidth usage.
Replaced all occurences of the variable "site_url" with path_uri()
and removed "site_url" from "setting.module".
- Drastically simplified the node_save() API, which should make the
node-forms more secure. Updated "story.module", "book.module",
"forum.module", "page.module" and "node.module" to reflect this
change. This is needs more testing so hit it, beat it, tease it.
- Fixed an occasional glitch in the configuration file loading logic.
- Made "queue.module" display an informative notice when an anonymous
user tries accessing the moderation queue.
- Updated the hard-coded information in drupal.module a bit.
Note that - when upgrading - you have to rename all your existing
configuration files to reflect this change:
yourdomain.com.conf -> yourdomain.com.php
By default, i.e. if no configuration file is found, setting.php
will be used instead. Using the ".php"-extension will fix most
configuration/security issues with .htaccess-files ...
- Removed some dead code from forum.module.
is selected.
- Made theme_link() less "hard coded", we still have to make
it fully configurable though.
- Fixed glitch in story submission: the warning messages were
not displayed.
- Tidied up block.module a bit.
overhead, and a lot better (simpler) module API. I had to edit a
LOT of files to get this refactored but I'm sure it was worth the
effort.
For module writers / maintainers:
None of the hooks changed, so 95% of the old modules should still
work. You can remove some code instead as "$module = array(...)"
just became obsolete. Also - and let's thank God for this - the
global variable "$repository" has been eliminated to avoid modules
relying on, and poking in drupal's internal data structures. Take
a look at include/module.inc to investigate the details/changes.
- Improved design of the content modules "story", "book" and "node"
(to aid smooth integration of permisions + moderate.module). I'm
still working on the permissions but I got side tracked for which
I "Oops!".
- Added moderator permissions to nodes.
- Added moderator support to structure.module.
- Added new moderate.module.
- Renamed moderation.module to queue.module to avoid confusing.
Updated theme yaroon as it seems to have a hard-coded reference
to moderation.module.
- Polished on:
+ account.module: improved access list
+ fixed HTML typo in node.module
ACTIONS:
- Jeroen: can jeroen2.theme be removed from ./themes/yaroon?
CHANGES:
- Added "read" and "write" permissions into drupal but removed
it again because - when finished after 3 hours of work - it
was considered nothing but added complexity that didn't buy
us anything. :I
(I'll explain this in detail on the mailing list, I guess.)
- Added a very simple help.module to group all available
documentation on a single page.
- Fixed bug in node_control(), book.module: UnConeD forgot to
global $user when updating the combobox code.
- Removed static wishlist.module: in future, the wishlist can
be maintained as a page in our collaborative book.
- Revised most of settings.module: tidied up the code and the
descriptions to accompany the settings and introduced a new
"default maximum number of nodes to display on the main page"
variable.
- Revised most of comment.module: the administration interface
looks better now, integrated node permissions, and -finally-
made it possible to delete comments.
- Polished on:
+ account.module
+ structure.module
+ locale.module
+ module.module
+ forum.module
- Form-ified:
+ account.php
+ account.module
+ setting.module
+ cvs.module
+ submit.php
+ comment.module
+ forum.module
+ book.module
+ page.module
+ locale.module
- Updated CHANGELOG
INFO:
- Designed a "generic tracker system with optional backends"
on paper. The idea is to allow registered users to hot-list
certain topics, individual nodes or threads (comments) and
to "plug-in" output backends like - for instance - an e-mail
digest. The design requires "intelligent blocks" though.
TODO:
- I want to tidy up the headline.module and backend.class as
well as merge in headlineRSS10.module. Julian spent quite
some time working on headline.module but I'm not sure what
he changed and whether he'd contribute it back?
- Added new form_* functions to common.inc, used for building
forms: it should improve 'stability' (no form typos, every-
thing properly escaped/unescaped) and should help providing
a very consistent user interface (wrt forms).
- Adjusted node.module to use the new form functions.
(Can be used as an example.)
- Adjusted book.module to use the new form functions.
(Can be used as an example.)
- Merged function.inc into common.inc!
- Slowly removing all global $status and $rstatus variables:
use node_status() instead.
TODO:
- Apart from implementing the permission system, I'll spend
some time updating most modules today and tomorrow to use
the new form functions.
module to develop and test the permission system along with the
regular nodes. And hopefully, this forum module will grow into
a very useable piece of code for drop.org.
Requires a new SQL table "forum", see 2.00-to-x.xx.sql.
- Removed 1 unused hook from page.module.
- Removed 1 unused function from comment.inc.
- Modified conf_init() to use default.conf if nothing else can be found.
- Added some comments to hostname.conf to reflect the changes and
provide more information on how to rename the file.
TODO
- The Drupal handbook should be updated once the CVS version is released.
- Should try to remove the remainder of info from hostname.conf and go for a
completely web-based administration if possible.
- Does having all the settings in a SQL database make Drupal add more
overhead than including a .conf file? If nobody knows for sure some tests
should be done. If yes, concider having the admin interface generate an
include file in addition to saving to the database.
- Modified conf_init() to use default.conf if nothing else can be found.
- Added some comments to hostname.conf to reflect the changes and
provide more information on how to rename the file.
TODO
- The Drupal handbook should be updated once the CVS version is released.
- Should try to remove the remainder of info from hostname.conf and go for a
completely web-based administration if possible.
- Does having all the settings in a SQL database make Drupal add more
overhead than including a .conf file? If nobody knows for sure some tests
should be done. If yes, concider having the admin interface generate an
include file in addition to saving to the database.
- Fixed an error in module_rehash_blocks() that didn't handle '-symbols.
- Removed some module depencies. Drupal will now run (sorta) even if there
are no modules installed.
- Changed theme_link() to check if certain modules are installed before
offering a link to them.
Todo
- Check all SQL queries to make sure they are addslashes'ed correctly.
- Check the effects of changing the PHP magic_quotes setting.
- Make the theme_link() function to be customizable either via the admin
page and/or in the module itself.
- Fixed an error in module_rehash_blocks() that didn't handle '-symbols.
- Removed some module depencies. Drupal will now run (sorta) even if there
are no modules installed.
- Changed theme_link() to check if certain modules are installed before
offering a link to them.
Todo
- Check all SQL queries to make sure they are addslashes'ed correctly.
- Check the effects of changing the PHP magic_quotes setting.
- Make the theme_link() function to be customizable either via the admin
page and/or in the module itself.
Some modules (such as diary) should be changed to take advantage of this function, as they are now still using GMT+0 dates in some cases (e.g. the recent diary entries box).
makes "promoting nodes" to the main page possible. Stories
and reviews could be promoted by default, but - on accasion
a good book entry could be manually promoted too. Thus all
existing content types can be shown on the main page, not
just stories.
Requires a SQL update, see 2.00-to-x.xx.sql!
- Addition: implemented "auto-post new submissions" feature
to disable or by-pass the moderation queue in addition to
"moderate new submissions".
TODO: admin moderation versus registered user moderation.
- Addition: added category and topic support to page.module.
a node per node basis, rather then on a category per category
basis. The default settings for each individual category can
be changed though.
Example: it can be setup so that - by default - all stories
posted to the category "article" will have comments enabled
but stories submitted to "announcement" not.
Different configuration schemes can easily be added later.
Requires a SQL update, see 2.00-to-x.xx.sql/database.mysql.
- Addition: made submit.php only use categories that users can
actually submit new content to.
to functions.inc useful for resp. verifying an e-mail address
and username: currently used by account.php - but reusable by
Julian's refer.module for example (prepares integration).
They both return a linked string with the respective category,
or topic name. Updated all themes to use these new functions.
- (stripped tabs from emsa files, nevermind)
Made it so that we can disable/enable comments on a category by category basis. In order to accomplish this I had to make a few (*temporary*) changes.
I moved all comment code from the "module level" (eg. story.module) to the "node level". It was nothing but the logical next step in nodifying drupal. This enables us to add comments to all existing content types including book entries. But also for book entries, this to can be toggled on and off. :-)
Moreover module writers don't have to worry about the complex comment logic: it is "abstracted" away. This implies that story.module got smaller, faster and easier to comprehend. :-)
In order to accomplish this, I had to update ALL THEMES, which I did - and on my way I updated Goofy, Oranzh and UnConeD - with the previous changes. All themes are up-to-date now! I also had to remove the [ reply to this story ] links, and temporally re-introcuded the "Add comment" button in the "Comment control". Tempora lly that is, UnConeD. ;)
I plan to upgrade drop.org either tommorow or wednesday so test away if you have some time to kill. ;)
Oh, I also fixed a few bugs and made various small improvements.
your theme:
- corrected some missing translations in story.module. Oops!
- grealty simplified the "moderation threshold mechanism"(tm) so
that module writers don't have to worry about this. As a result
story.module and book.module became a bit smaller and easier to
grasp.
- greatly simplified new "category" and "topic" code which is soon
going to replace the "section" code. Needs more work though so
hang on thight.
- includes/section.inc and modules/section.module are replaced by
includes/structure.module and modules/structure.module.
- beautified example.theme a bit without adding HTML complexity:
it is a good example but still useful as a theme
- made theme example use "categories" and "topics"
--> TAKE A LOOK AT IT AND UPDATE YOUR THEME
- made theme marvin use "categories" and "topics"
--> TAKE A LOOK AT IT AND UPDATE YOUR THEME
- added 2 new "story listings" to administrator interface of
story.module to verify story integrity.
- optimized comment table a bit (work in progress)
it now uses the new category code, incl content bindings.
You can setup different "categories" which map on a content
type. Example:
review -> review.module
article -> story.module
column -> story.module
announc. -> story.module
addons -> file.module
themes -> file.module
- "generalised" story.module and book.module's output.
- fixed bug in includes/timer.inc
- fixed glitch in theme example.theme: it said "$how by" but
the variable $how has never been declared.
- added "drupal development settings" to display some timings
- more work on the categories/topics -> does NOT work yet
footer message like a copyright notice. Themes should use this!
- small improvement to example theme
- added theme_footer to theme marvin
- small improvement to database.inc
- slightly improved story.module, node.module and book.module
- made the "default theme" a setting from the setting page
- polished a bit on the export function: we can now export the
book or parts thereof through the following url:
1. http://drop.org/export/book/
(full book)
2. http://drop.org/export/book/nid
(where nid is the node id to start with)
The export routine demonstrates how it can be done yet the
output is too basic and can only improve over time.
- streamlined method invocation in node.inc
- added node_status() function to modules
- added NEW (mostly static) page module
- added NEW settings module
- fixed update bug in book.module
- provide a log message when both adding and updating book pages
- all configurable variables are now accessed through "variable_get()":
- rewrote watchdog and submission throttle and removed watchdog.inc
- improved robustness of sections.inc
- imporved story.module
- updated ./database/database.sql
- improved "track drop.org": it has now 2 boxes, one for "track
comments" and one for "track nodes"
- various small improvements to the book module based on the
feedback we got.
- fixed typo in moderation module
- ...
- removed ban.inc and ban.module and integrated it in account.module
under the name "access control" --> the ban code was not really up
to standard so this has now been dealt with. This refactoring and
reintegration cuts down the code size with 100 lines too. :-)
(The ban.module code was really old and it showed.)
- added node.module and made the other modules reuse some of this
code --> cut down the code size of modules by at least 100 lines
and adds stability.
- added a status() function to admin.php to display a conform status
message where appropriate. See admin.php for usage.
- removed $theme->control() and made comments.inc handle this itself
wrapped in a $theme->box(). No need to clutter the themes with
such complexity --> updated all themes already. :-)
- some small visual changes to some administration pages to be more
consistent across different modules.
(reported by UnConeD)
- added "add node" link to book selection box and made it display the
current location
- removed tabs and whitespaces from themes - done automatically
- fixed small visual glitch in includes/function.inc
- changed SQL tables around a bit to be more consistent
(result: small changes to a lot of different files)
- improved robustness of includes/node.inc
- improved output of cron.module
- improved output of node.php
testing!
- you can't add a node with the same title twice within 5 minutes
(to avoid reposting by accidentically reloading your page after
having posted)
the index page will only display stories for now but this will/can
change in the near future
- all other files now thinks in terms of nodes, rather then stories
abstract() + article() = story()
abstract() and article() have been merged into a new function story()
which looks like:
function story($story_object, $reply) {
if (!reply) {
// full story
}
else {
// main page version / abstract
}
}
This should allow you to "compress" your theme as abstract() and
article() tended to be 98% identical.
=> I didn't really merge your themes so I leave it up to *you* to
improved the code!!! Do it ASAP as we release drupal 2.00 in 7
days.
In future we'll have similar functions for other content types as
for example:
review($review, $reply);
enquete($enquete, $reply);
...
revised most of the SQL queries and tried to make drupal as secure as possible (while trying to avoid redundant/duplicate checks). For drupal's sake, try to screw something up. See the mail about PHPNuke being hacked appr. 6 days ago. The one who finds a problem is rewarded a beer (and I'm willing to ship it to Norway if required). I beg you to be evil. Try dumping a table a la "http://localhost/index.php?date=77778;DROP TABLE users" or something. ;)
- added a couple of missing t() functions
- improved the comments module, fixed the score problem Jeroen
reported earlier -> it's slicker but I hope it won't break anything
certain users access to specific administration sections only.
Ex. a FAQ maintainer can only edit the FAQ, and members of an
"editorial board" can only edit comments, diaries and
stories, ..
- code review => rewrote include/user.inc which is much easier now
- fixed 4 small bugs
- replaced the "open submission queue" (submission.php and submission.inc)
with an optional module (submission.module).
- tidied up the HTML code of some files
This time I redid the "category"-stuff. Categories - from now on called sections - are now maintained from the admin pages, can have their own post, dump and timout thresholds as discussed earlier (some weeks ago). By tomorrow evening users will be able to enable or disable section as well - i.e. to customize the content of drop.org.
though but I think this is stable enough for public consumption and
real-life testing.
==> a first big step towards a flexible comment engine.
IMPORTANT:
- Required theme updatins:
UnConeD: check your $theme->controls() as I added a very, very
dummy implementation
- Required database updates:
alter table users modify mode tinyint(1) DEFAULT '' NOT NULL;
alter table comments change sid lid int(6) DEFAULT '0' NOT NULL;
alter table comments add link varchar(16) DEFAULT '' NOT NULL;
update comments set link = 'story';
IMPORTANT: you have to drop 2 tables "blocks" and "layout"
and you have to recreate them again with those
in database/database.mysql
- integrated the documentation written by UnConeD
integrated them were appropriate. It works better and the code is
more readable then it used to be:
(see http://drop.org/discussion.php?id=44&pid=0#0)
- story authors can no longer moderate their own stories
(requested by Natrak)
- fix inie-winnie small detail in theme marvin
- drastically improved administration section
- drastically revamped story administration:
added new feature to schedule the publishing of stories
- applied correct naming conventions to submission.php
- fixed 1 small glitch in boxes
- somewhat expanded the documentation
= changed one SQL table
- updated the faq with info on drupal
- ... and more things I forgot about
- configuration:
+ renamed $db_name to $db_user
+ renamed $db_base to $db_name
- fixed small diary glitch
- fixed initial-comment-score problem
- fixed comment rating bug: improved the API and updated the
themes
- removed some tabs from Steven ;)
- fixed backend warnings and improved robustness
I'm not happy yet with the headline grabber - it generates
too many SQL errors.
- some small cosmetic changes in comment.module
- fixed minor glitch in format_interval()
- expanded documentation
(written by Jeroen)
- fixed bug in includes/module.inc
- fixed bug in modules/backend.class
- renamed some of the SQL tables (!)
- started making the diary.module truly modular (not finished yet)
- renamed "admin_blocks" to "boxes"
- added new functionality to "boxes": apart from PHP boxes, you
can now create ASCII boxes as well as HTML boxes for those who
are not confident with PHP.
(requested by stalor)
- added drupal-site module to keep track of known drupal sites
- added small Perl script to generate encrypted CVS passwords
- removed droplets
- added (optional) admin_blocks module
- added (optional) affiliate module
- added (optional) about module (only placeholder, under construction)
- fixed some tiny bugs (e.g. quote bug in search.php)
- partionally rewrote some modules to be big, bad and better
- partionally rewrote some modules to be more uniform
- added GNU GPL license to CVS
Also:
- installed PHP 4.0.4 on my localhost and now working
towards PHP 4.0.4 compatibility.
- I think I'll baptize the engine "drupal". If you have a
better idea, try convincing me ASAP.
Todo:
- more testing (also with PHP 4.0.4)
- make "project"-module: download, info, blah blah
- complete documentation
- I rearranged some of the code and clean-up some of the mess.
- Added "blocks" which can be user defined/controlled: check
to see. The positioning of blocks is rather basic for the
moment, so I'm all open for input on that.
- improved web interface of account module.
- added simple permission system with both administrators
and regular users. It can be made more fine-grained but
it will do for now.
- various small enhancements to the other modules, but
nothing big.
1. improved .htaccess to be more "secure": to keep prying
eyes out
2. rewrote the administration section from scratch using a
modular approach
3. improved the information gathered by error.php - we can
now (hopefully) track what bots are crawling us.
4. fixed a bug in submit.php, fixed a bug in theme zaphod,
fixed a bug in theme marvin.
5. rewrote cron from scratch - it now interfaces with
modules as it should have been from the beginning.
Very cool if you ask me - it can use UNIX/Linux
crontabs.
6. updated widget.inc to be module aware - needs more
work though - maybe this afternoon?
7. updated most modules: small bugfixes, improvements, and
even the documentation
8. removed diary.php and made it a module - you can now
run a drop.org site without a diary system if someone
would prefer so
9. updated all themes to use the new modules where
appropriate
10. added a robots.txt because the error message in the
watchdog become annoying.
11. added the new configuration system (mutliple vhosts
on the same source tree) - use hostname.conf instead
of config.inc
12. removed calendar.inc and made it a module
13. added format_interval() to functions.inc (UnConeD)
14. whatever I forgot ...
- fixed bug in story section
account.php:
- removed death code, clean-up, reorganization
- added "lost password?" functionality
faq.php:
- clean-up
watchdog.inc:
- improvements
- end of input-limit test period
error.php:
- improvements, still crappy layout though
site:
- watchdog (rewrite):
+ the collected information provides more details and insights
for post-mortem research
+ input limitation
- database abstraction layer:
+ mysql errors are now verbose and is no longer displayed in a
browser - fixes a possible security risk
- admin.php:
+ updated watchdog page
+ fixed security flaw
- diary.php:
+ fixed nl2br problem
- themes:
+ fixed comment bug in all 3 themes.
- misc:
+ renamed some global variables for sake of consistency:
$sitename --> $site_name
$siteurl --> $site_url
+ added input check where (a) exploitable and (b) possible
+ added input size check
+ various small improvements
+ fixed various typoes
... and much, much more in fact.
note that `widget.inc' is nothing more then a library with
standard widgets (eg "New headlines", "New diary entries",
and so on). Every theme builder is free to make custom
widgets and to include them in their .theme file!
- fixed bug in discussion.php
- theme update: comment() now takes 3 arguments:
$comment - an object with comment data
$link - a link to the reply form of that particular
comment
$thread - the subthread of that particular comment
- theme 'marvin' and theme 'zaphod' are updated, theme
'unconed' is left to be done
- fixed bug in discussion.php
- theme update: comment() now takes 3 arguments:
$comment - an object with comment data
$link - a link to the reply form of that particular
comment
$thread - the subthread of that particular comment
- theme 'marvin' and theme 'zaphod' are updated, theme
'unconed' is left to be done
(suggestion UnConeD)
- Added anchors to comment links to easy comment navigation.
(suggestion UnConeD)
- Fixed duplicate `you voted' after moderating a story.
(suggestion UnConeD)
- Fixed quote bug in administration center.
- Expanded user administration with timezone information.
- Improved the theme system by eliminating the "preview" function.
Let's not make the system more complex then it ought to be.
- Refined watchdog administration.
- ...
- fixed a bug in account.php: the confirmation url is now correct.
- improved error checking + security in diary.php.
- fixed a bug in the html code of theme zaphod.
- improved the date handling: always call format_date().
- expanded account information in administration pages.
- added a new variable $siteurl to ./includes/config.inc.
- added comment moderation to theme zaphod.
- "alter table users add timezone varchar(8);"
- !!! added new timezone feature !!! :o)
by means of better security checks in order to avoid malicious behavior.
In addition, quite some code has been fine-tuned.
However, as a result, every theme will require a small update ...
visual changes:
- removed redundant files user.class.php, calendar.class.php
and backend.class.php.
- converted *all* mysql queries to queries supported by the
database abstraction layer.
- expanded the watchdog to record more information on what
actually happened.
- bugfix: anonymous readers where not able to view comments.
- bugfix: anonymous readers could gain read-only access to
the submission queue.
- bugfix: invalid includes in backend.php
- bugfix: invalid use of '$user->block'
and last but not least:
- redid 50% of the user account system
- anonymous chicken was able to moderate commnets
- "anonymous chicken" was displayed in the comment reply form
- ...
The only thing left to be done is to tackle (or continue tackling)
the user accounts which in fact is quite some work. :o)
Dries Buytaert
Steven Wittens
Kjartan Mannes
natrak