TODO:
+ The contact.module was broken; a new patch for contact.module is needed.
+ Documentation is needed.
+ The most important modules need to be updated ASAP.
I rewrote part of the patch to improve the themability of the block, as
well as its default look. I also left out the 'Recent posts' for now and
shuffled some code around.
* Less logic in theme code.
* Encourages use of the menu system.
* Easier to find where a title or breadcrumb comes from in other people's code because there are less places to look. Look in menu and then grep for the appropriate set function. Looking for calls to theme_page() is hard because there are too many of them.
* Very slightly more efficient.
Read the manual for pg_escape_string: "Use of this function is recommended instead of addslashes()." Or read sqlite_escape_string: "addslashes() should NOT be used to quote your strings for SQLite queries; it will lead to strange results when retrieving your data."
+ Drupal 4.4 stored profile data in the serialized user->data column. Drupal 4.5 stores profile data in tables (but user->data is still available and used for other stuff, like locale or themes). The update from 4.4 to 4.5 didn't remove the old data from the user->data column properly, because there is no mechanism in user_save to do so (it did try to unset the fields, but this has no effect).
+ On registration, hook_user('insert') is invoked after saving the data column. This means that any module-specific data is put into the data field. We cannot move hook_user('insert') higher up, because before that point, we do not have a complete $user object yet.
- Restoring broken update path.
- Adding birthday/date function back, with update path.
- Show private fields when viewing your own profile, or for admins.
- Do not allow browsing of private fields for non admins (403)
- Throw a 404 for browsing unbrowsable fields, rather than an SQL error
- Fixing input processing: nothing is filtered twice anymore, and I replaced several strip_tags with specialchars (more flexible).
- Minor admin UI tweaks + added friendly field type names.
Currently pager_query() is the black sheep of the database query family, because it does not allow for printf-style arguments to be inserted in the query. This is a problem because it introduces developer confusion when moving from an unpaged query to a paged one, and it encourages substitution of variables directly into the query, which can bypass our check_query() security feature.
This patch adds this ability to pager_query(). The change is backwards-compatible, but a couple calls to the function in core have been changed to use the new capability.
* The _validate hook and the _nodeapi('validate') hook of the node API (1) no longer take an 'error' parameter and (2) should no longer return an error array. To set an error, call form_set_error().
* The _form hook of the node module no longer takes a form hook and should not worry about displaying errors. Ditto for _nodeapi('form_post') and _nodeapi('form_pre').
$ diffstat user.patch
database/database.mysql | 4
database/database.pgsql | 2
database/updates.inc | 10 -
modules/block.module | 20 +-
modules/locale.module | 9
modules/profile.module | 108 +++++++----
modules/system.module | 8
modules/user.module | 456 +++++++++++++++++++-----------------------------
8 files changed, 289 insertions(+), 328 deletions(-)
More functionality, less code. Here is a list of the changes:
- Some user API changes:
+ When $type is 'form', you have to return an associative array of groups. In turn, each group is an array with a 'title', 'data' and 'weight'.
+ A new $type has been added, namely 'categories'. User settings can be organized in categories. Categories can be sorted, as can the groups within a category. (Ordering 'categories' is somewhat broken due to a bug in the menu system.)
- The 'my account > edit' page will use subtabs for each 'category'. Read: you can break down the account settings into multiple subpages.
- Profile module improvements:
+ Added support for private fields to the profile module!
+ Improved workflow of profile administration pages.
+ Improved the form descriptions.
- Code improvements:
+ Unified user_edit() and user_admin_edit().
+ Unified and cleaned up the validation code. Fixed some validation glitches too.
CHANGES
-------
+ Introduced tabs. First, we extended the menu system to support tabs. Next, a tab was added for every link that was (1) an administrative action other than the implicit 'view' (2) relevant to that particular page only. This is illustrated by the fact that all tabs are verbs and that clicking a page's tab leads you to a subpage of that page.
+ Flattened the administration menu. The tabs helped simplify the navigation menu as I could separate 'actions' from 'navigation'. In addition, I removed the 'administer > configuration'-menu, renamed 'blocks' to 'sidebars' which I hope is a bit more descriptive, and made a couple more changes. Earlier, we already renamed 'taxonomy' to 'categorization' and we move 'statistics' under 'logs'.
+ Grouped settings. All settings have been grouped under 'administer > settings'.
TODO
----
+ Update core themes: only Xtemplate default supports tabs and even those look ugly. Need help.
+ Update contributed modules. The menu() hook changed drastically. Updating your code adhere the new menu() function should be 90% of the work. Moreover, ensure that your modue's admin links are still valid and that URLs to node get updated to the new scheme ('node/view/x' -> 'node/x').
+ Introduced two new functions:
1. form_set_error($name, $message): files an error against the form
element with the specified $name.
2. form_has_errors(): returns true if errors has been filed against
form elements.
+ Updated the form handling:
1. The form_ functions will add 'class="error"' when a form field
has been found to be erroneous.
2. The error message is passed to theme_form_element() when the
particular form field has been found to be erroneous.
+ I updated the user and profile module to take advantage of these new
functions.
+ IMPORTANT: the _user() hook changed. The 'validate' case should no
longer retun an error message when something goes wrong but should
set it with form_set_error().
administrators will be able to define a custom 403 page, just as they
can define 404 pages now.
This needs to be documented in the "Changes since / migrating to ..."
pages.
configurable! Menu items can be disabled, repositioned, added and
so on.
Upgrading to requires you to run update.php.
This functionality depricates some of the 'navigation modules' in the
contributions repository. Furthermore, modules can now 'suggest'
menu items and site adminstrators can choose to enable them. Modules
in the contributions repository should try to take advantage of this.
+ Updated the _user() hook's "$type == 'view'" case to match the
"$type == 'edit'" case. That is, both have to return an associtive
array of the format array('category' => 'fields').
+ Updated the profile pages to group fields by category. Made possible
thanks to the above change.
+ Moved logic out of the theme_ functions.
+ Made it possible to define the page title of the user listing pages.
+ Used form_group()s for the profile administration page.
+ Fixed bug in database/updates.inc.
+ Added a 'created' field to the users table and renamed the 'timestamp'
fied to 'changed' (cfr. node table). Update.php will try to determine
a 'created' timestamp for existing users.
+ The profile module no longer uses serialized data but has its own set
of tables. Known existing profile data is migrated by these new tables.
TODO: migrate the birthday field.
+ The profile fields can be grouped, and within each group, profile fields
can be sorted using weights.
+ The profile pages can be themed.
+ The profiles can be browsed based on certain properties/settings.
+ Change the _user hook: (i) 'private_view' and 'public_view' are merged
into 'view' as there are no private fields and (ii) 'edit_form' has
been renamed to 'edit'.
+ Avatar handling has been refactored and is now part of the user module.
The users table has a dedicted 'picture' field.
+ Simplified the way themes should use display/visualize pictures or
avatars.
+ Made it possible for administrators to replace or delete avatars.
+ ...
I hope this make for a good base to build on collectively.
+ Tidied up the profile configuration page: grouped form elements.
+ Tidied up the block configuration settings: removed hard-coded
table.
+ Changed the profile API to return the preferred group name, and
changed the user module to group settings. Modules implementing
the _user hook will need to be udpated.
+ Removed register_form and register_validate for now.
- Usability improvements to the user module: removed some redundant menu
items by taking advantage of the column sorting, added status messages
and so on. Patch by Moshe plus some fixes.
- Made the profile module use the table() function. Patch by Moshe.
- Fixed breadcrumb spacing. Patch by Moshe.
- Fixed colspan problem with node overview table. Patch by Stefan.
- Fixed inconsistency with table sorting. Patch 0122 by Al.
the fix was somewhat simpler. Fixes bug #2003.
- Bugfix: fixed problem with voting on certain poll pages. Patch #37 by Al.
- Improvement: removed stupid descriptions from profile module.
- Bugfix: fixed the defaults for blocks in database.mssql so the NOT NULL fields get values. Patch by Kjartan.
- Bugfix: changed check_form() to use htmlspecialchars() instead of drupal_specialchars() as this caused Drupal to emit incorrect form items in presence of quotes. Example:
<input type="submit" class="form-submit" name="op" value="Submit "top nodes" block changes" />
IMO, drupal_specialchars() is better called xmlspecialchars() to avoid confusion.
- Bugfix: when an anonymous user visits a site, they shouldn't see any content (except the login block, if it is enabled) unless they have the "access content" permissions. Patch by Matt Westgate.
- Improvement: improved the error checking and the error messages in the profile module. Updated the code to match the Drupal coding conventions. Modified patch from Matt Westgate.
- Improvement: don't generate the <base href=""> tag in the base theme; it is already emitted by theme_head(). Patch by Kristjan.
- Improvement: don't execute any SQL queries when checking the permissions of user #1. Patch by Kjartan.
- Improvement: made a scalable layout form that works in IE and that behaves better with narrow themes. Part of patch #51 by Al.
- Improvement: removed some redundant print statements from the comment module. Modified patch from Craig Courtney.
==> This fix requires to run update.php!
- Bugfix: made sessions work without warnings when register_globals is turned off. The solution is to use $_SESSION instead of session_register(). This fixes critical bug #1797. Patch by Marco.
- Bugfix: sometimes error messages where being discarded when previewing a node. Patch by Craig Courtney.
- Bugfix: fixed charset problems. This fixes critical bug #1549. Patch '0023.charset.patch' by Al.
- Code improvements: removed some dead code from the comment module. Patch by Marco.
- Documentation improvements: polished the node module help texts and form descriptions. Patch '0019.node.module.help.patch' by Al.
- CSS improvements all over the map! Patch '0021.more.css.patch' by Al.
- GUI improvements: improved the position of Druplicon in the admin menu. Patch '0020.admin.logo.patch' by Al.
- GUI improvements: new logos for theme Marvin and theme UnConeD. Logos by Kristjan Jansen.
- GUI improvements: small changes to the output emitted by the profile module. Suggestions by Steven Wittens.
- GUI improvements: small fixes to Xtemplate. Patch '0022.xtemplate.css.patch' by Al.
TODO:
- Some modules such as the buddy list module and the annotation module in the contributions repository are also using session_register(). They should be updated. We should setup a task on Drupal.
- There is code emitting '<div align="right">' which doesn't validate.
- Does our XML feeds validate with the charset changes?
- The forum module's SQL doesn't work properly on PostgreSQL.
to avoid XSS attacks! Patch by Al, Moshe, Marco, Kjartan and me.
- Bugfix: the admin module does now import drupal.css prior to admin.css.
Patch by me.
- Bugfix: the admin module was still emitting a <base href=""> tag. I
removed this as it is been taken care of by theme_head(); Patch by me.
- Bugfix: made the tracker module's pager only consider published pages.
Patch by Moshe.
- Bugfix: cured some typos in the comment module's help function. Patch by
Marco.
- Bugfix: fixed a typo in the pager_display() that caused optional
attributes to be discarded.
- Bugfix: made the Xtemplate emit empty boxes like any other theme does.
Patch by Al.
- Bugfix: fixed broken link on the statistics module's log page.
Reported by Kjartan.
- CSS improvements: made the HTML output emitted by the tracker module
look nicer. Patch by Moshe and Al.
- CSS improvements: added CSS classes for form elements. Patch by Al.
- CSS improvements: added a vertical gap between the last form item and the
submit button. Patch by Al. Note that Opera 6 is not picking up this
CSS but apparently others browsers such as Konqueror do.
- Xtemplate improvements: changed the color of the selected day in the
archive module's calendar. Patch by Al.
- Usability improvements: made the "birthday" field of the profile module
look nicer. Patch by Al.
------
- TODO: it might be a good idea to emit the following meta tag in the
theme_head() function:
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
Currently, some themes (and modules!) emit this while others don't. This
would also make it possible to change the charset site-wide.
- TODO: now we added support for td.dark and td.light to drupal.css, maybe
it can be removed from admin.css as well as xtemplate.css?
- Fixed a typo in the MSSQL database scheme. Patch by Michael Frankowski.
- Removed dependency on "register_globals = on"! Patches by Michael Frankowski.
Notes:
+ Updated the patches to use $foo["bar"] instead of $foo['bar'].
+ Updated the INSTALL and CHANGELOG files as well.
- Tiny improvement to the "./scripts/code-clean.sh" script.
Steven Wittens
Dries Buytaert
Kjartan Mannes