- Fixed tiny quote problem in account.php.
- Fixed tiny bug in comment.inc.
- Fixed tiny bug in comment.module.
- Fixed tiny bug in meta.module.
- Simplified user_access() API.
- Rewrote link system: still needs fine-tuning and testing so don't
upgrade if you are running a production site. ;)
Updated all modules and themes to reflect this change. All other
themes and modules need updating too!
(groups) and 'permissions' ... (inspired by Zope's system).
+ Once installed, click the help-link for more information.
+ See updates/2.00-to-x.xx.sql for the SQL updates.
- Modified loads of code to use our new access.module. The system
still has to mature though: new permissions have to be added and
existing permissions need stream-lining. Awaiting suggestions.
- As a direct result of the new access system, I had to rewrite the
way the top-level links in admin.php are rendered and displayed,
and xhtml-ified admin.php while I was at it.
TODO
- Home-brewed modules need updating, home-brewed themes not.
(Examples: file.module, trip_link.module)
- As soon we *finished* the refactoring of the user system (KJ has
been working on this refactoring already) we should consider to
embed this role and permission code into account.module ...
- Moved account_password() and account_validate() to user.inc.
- Greatly reduced the number of SQL calls in account_save() when editing an
account. Now uses one db_query() call instead of 1 + (2 * # of access
granted).
- Fixed access not being saved when account was added.
- Should now be possible to edit and add accounts. There were certain bugs
before that would cause odd errors.
for the different content types. These weights are used when
calculating each user's gravity. This is a required step before
we can even think of "nodifying" the diary or headline module.
- Polished a bit more on the other modules' crons.
this information to the "users"-field in both nodes and comments.
This database/table change reduces the number of SQL queries and
makes Drupal scale better where a lot of voting/moderation takes
place. Last but not least it can be considered a new and better
foundation for future moderation metrics / algorithms. In other
words: it is plain better.
--> oops, all voting/moderation results will be lost!
--> requires database update, see "2.00-to-x.xx.sql"!
- Updated database/database.mysql
- removed ban.inc and ban.module and integrated it in account.module
under the name "access control" --> the ban code was not really up
to standard so this has now been dealt with. This refactoring and
reintegration cuts down the code size with 100 lines too. :-)
(The ban.module code was really old and it showed.)
- added node.module and made the other modules reuse some of this
code --> cut down the code size of modules by at least 100 lines
and adds stability.
- added a status() function to admin.php to display a conform status
message where appropriate. See admin.php for usage.
- removed $theme->control() and made comments.inc handle this itself
wrapped in a $theme->box(). No need to clutter the themes with
such complexity --> updated all themes already. :-)
- some small visual changes to some administration pages to be more
consistent across different modules.
(reported by UnConeD)
- added "add node" link to book selection box and made it display the
current location
- removed tabs and whitespaces from themes - done automatically
certain users access to specific administration sections only.
Ex. a FAQ maintainer can only edit the FAQ, and members of an
"editorial board" can only edit comments, diaries and
stories, ..
- code review => rewrote include/user.inc which is much easier now
- fixed 4 small bugs
This time I redid the "category"-stuff. Categories - from now on called sections - are now maintained from the admin pages, can have their own post, dump and timout thresholds as discussed earlier (some weeks ago). By tomorrow evening users will be able to enable or disable section as well - i.e. to customize the content of drop.org.
- improved web interface of account module.
- added simple permission system with both administrators
and regular users. It can be made more fine-grained but
it will do for now.
- various small enhancements to the other modules, but
nothing big.
site:
- watchdog (rewrite):
+ the collected information provides more details and insights
for post-mortem research
+ input limitation
- database abstraction layer:
+ mysql errors are now verbose and is no longer displayed in a
browser - fixes a possible security risk
- admin.php:
+ updated watchdog page
+ fixed security flaw
- diary.php:
+ fixed nl2br problem
- themes:
+ fixed comment bug in all 3 themes.
- misc:
+ renamed some global variables for sake of consistency:
$sitename --> $site_name
$siteurl --> $site_url
+ added input check where (a) exploitable and (b) possible
+ added input size check
+ various small improvements
+ fixed various typoes
... and much, much more in fact.
visual changes:
- removed redundant files user.class.php, calendar.class.php
and backend.class.php.
- converted *all* mysql queries to queries supported by the
database abstraction layer.
- expanded the watchdog to record more information on what
actually happened.
- bugfix: anonymous readers where not able to view comments.
- bugfix: anonymous readers could gain read-only access to
the submission queue.
- bugfix: invalid includes in backend.php
- bugfix: invalid use of '$user->block'
and last but not least:
- redid 50% of the user account system
Dries Buytaert
natrak