- fixed small visual glitch in includes/function.inc
- changed SQL tables around a bit to be more consistent
(result: small changes to a lot of different files)
- improved robustness of includes/node.inc
- improved output of cron.module
- improved output of node.php
the index page will only display stories for now but this will/can
change in the near future
- all other files now thinks in terms of nodes, rather then stories
abstract() + article() = story()
abstract() and article() have been merged into a new function story()
which looks like:
function story($story_object, $reply) {
if (!reply) {
// full story
}
else {
// main page version / abstract
}
}
This should allow you to "compress" your theme as abstract() and
article() tended to be 98% identical.
=> I didn't really merge your themes so I leave it up to *you* to
improved the code!!! Do it ASAP as we release drupal 2.00 in 7
days.
In future we'll have similar functions for other content types as
for example:
review($review, $reply);
enquete($enquete, $reply);
...
revised most of the SQL queries and tried to make drupal as secure as possible (while trying to avoid redundant/duplicate checks). For drupal's sake, try to screw something up. See the mail about PHPNuke being hacked appr. 6 days ago. The one who finds a problem is rewarded a beer (and I'm willing to ship it to Norway if required). I beg you to be evil. Try dumping a table a la "http://localhost/index.php?date=77778;DROP TABLE users" or something. ;)
This time I redid the "category"-stuff. Categories - from now on called sections - are now maintained from the admin pages, can have their own post, dump and timout thresholds as discussed earlier (some weeks ago). By tomorrow evening users will be able to enable or disable section as well - i.e. to customize the content of drop.org.
though but I think this is stable enough for public consumption and
real-life testing.
==> a first big step towards a flexible comment engine.
IMPORTANT:
- Required theme updatins:
UnConeD: check your $theme->controls() as I added a very, very
dummy implementation
- Required database updates:
alter table users modify mode tinyint(1) DEFAULT '' NOT NULL;
alter table comments change sid lid int(6) DEFAULT '0' NOT NULL;
alter table comments add link varchar(16) DEFAULT '' NOT NULL;
update comments set link = 'story';
- I rearranged some of the code and clean-up some of the mess.
- Added "blocks" which can be user defined/controlled: check
to see. The positioning of blocks is rather basic for the
moment, so I'm all open for input on that.
site:
- watchdog (rewrite):
+ the collected information provides more details and insights
for post-mortem research
+ input limitation
- database abstraction layer:
+ mysql errors are now verbose and is no longer displayed in a
browser - fixes a possible security risk
- admin.php:
+ updated watchdog page
+ fixed security flaw
- diary.php:
+ fixed nl2br problem
- themes:
+ fixed comment bug in all 3 themes.
- misc:
+ renamed some global variables for sake of consistency:
$sitename --> $site_name
$siteurl --> $site_url
+ added input check where (a) exploitable and (b) possible
+ added input size check
+ various small improvements
+ fixed various typoes
... and much, much more in fact.
visual changes:
- removed redundant files user.class.php, calendar.class.php
and backend.class.php.
- converted *all* mysql queries to queries supported by the
database abstraction layer.
- expanded the watchdog to record more information on what
actually happened.
- bugfix: anonymous readers where not able to view comments.
- bugfix: anonymous readers could gain read-only access to
the submission queue.
- bugfix: invalid includes in backend.php
- bugfix: invalid use of '$user->block'
and last but not least:
- redid 50% of the user account system
made quite a lot of additions. The most remarkable addition is the
diary server, which I slapped together in less then 40 minutes. Most
of the other changes are however `unvisible' for the user but add much
value to a better maintainability from a developer's objective. Like
always, I fixed quite a number of small bugs that creeped into the code
so we should have a bigger, better and more stable drop.org.
Unfortunatly, some theme update _are_ required:
REQUIRED THEME UPDATES:
=======================
* use format_username() where usernames are used
* use format_date() where timestamps/dates are used
* use format_email() where e-mail addresses are displayed
* use format_url() where url are displayed
* replace 'formatTimestamp' with format_date
* replace 'morelink_*' with 'display_morelink'
[most of these functions are in function.inc or template.inc]
___PLEASE___ (<- this should get your attention ;) update your themes
as soon as possible - it only takes 30 min. to get in sync with the
other themes. Don't start whining about the fact you don't know what
to change ... either eat the source cookie, or ask me to elaborate on
a few changes. Just let me know what's puzzling you and I'll try to
help you out!
TODO LIST FOR NEXT WEEK
=======================
* Add checks for max. text length in textarea's? Is there an HMTL
attribute for this or ...?
* Comment moderation + mojo
* Edit/admin user accounts: block, delete, change permissions, ...
* E-mail password, change password, change e-mail address -> extra
checks and routines to validate such `special' changes.
* Input checking - input filter: bad words, html tags, ...
=========================
Wulp. I did a major upgrade by (a) breaking a lot of stuff and (b) by
re-doing those things in a much better way. I redesigned the stories
and submissions SQL tables, the way they work and the way they co-
operate together.
In addition, I changed the way parameters are passed to
$theme->abstract() and $theme->article(). Instead of passing a
sh!tload of parameters that only cluttered the code and required too
much pre-processing on the engine-side, we now pass a singly object
$story. $story has more variables then the paramaters we used to pass,
so it allows for better theming (if you feel like it).
I'm not finished yet but I decided to upload my changes so you can
start patching and updating your themes: PLEASE update your themes
ASAP! I don't plan making heavy changes like this again, so don't
get intimiated. ;) You mainly have to update article() and abstract()
as well as a minor update of footer():
article(), abstract():
----------------------
- use the $story object - see my theme!
- the morelink can now be themed. Currently you can use the function
morelink_bytes() in function.inc to `render' the old morelink. The
idea is to make a morelink_words() or morelink_lines() sooner or
later because "188 bytes in body" is not half as clear as "52 words
in body". Clearly, "52 words" is much more informative. ;-)
footer():
---------
- in the article-part, you need to update the displayRelatedLinks():
instead of passing it $sid, you need to pass it $story (after you
globaled $story).
Everything should display correct on the following pages:
- main page
- article page (follow a `read more | xxx bytes in bdoy | x comments' link)
- submission queue
Check if they work with your theme: they should as they work fine for
me (theme `Dries') ... If you got stuck, just look at my theme or ask
for a hand on the list!
Hopefully you can update your themes asap. Thanks in advance.
number of SQL on the mainpage with factor 10 and shortened the code with 4
lines. There is only *one* optimized SQL query left, being:
$result = db_query("SELECT stories.*, COUNT(comments.sid) AS comments FROM
stories LEFT JOIN comments ON stories.sid = comments.sid WHERE
stories.status = 1 AND stories.time <= $date GROUP BY stories.sid ORDER BY
stories.sid DESC LIMIT $number");
Note: we use a LEFT JOIN to retrieve the number of comments associated
with each story. By retrieving this data now, we elimate a *lot*
of individual queries that would otherwise be required inside the
while-loop. If there is no matching record for the right table in
the ON-part of the LEFT JOIN, a row with all columns set to NULL
is used for the right table. This is required, as not every story
has a counterpart in the comments table (at a given time).
to the outside world. It's a first step towards improving the submission
queue.
* More important (to the theme babies): instead of passing individual
parameters I'm considering to pass an object.
$theme->abstract($story->aid, $story->informant, $story->time,
stripslashes($story->subject), stripslashes($story->abstract),
stripslashes($story->comments), $story->category, $story->department,
$morelink);
would become:
$theme->abstract($story);
What do you guys think about pushing this trough? It would be much better
and would give extra `power' to the themes.
rendering a calendar less expensive.
* Added a function displayCalendar($theme, $active_date) to functions.inc.
* Adjusted index.php so it would support URIs formated like
"?date=$unix_timestamp".
* Integrated the calendar in my personal theme: themes/Dries/theme.class.
If you want to include the calendar in your theme, check the code in my
$theme->footer(): global $date and call displayCalendar($theme, $date).
Check the main page at http://beta.drop.org/ with theme 'Dries' to see it
yourself!
Dries Buytaert
Kjartan Mannes