- Slight addition to INSTALL.txt with regard to PHP versions.
- Updated/reworded some node type descriptions as per Boris' suggestions.
- Adding missing {} around a table name in update.php.
+ Moved the block configuration settings to the block administration pages like we did with the other modules (also, administrators had to enable the aggregator blocks twice).
+ Small UI changes to the 'add news feed' page.
1. Fixed broken watchdog calls: two watchdog calls omitted the type parameter, and thus injected logs into the type field, instead of the message field.
2. Removed t() functions from user contributed content.
db_query($query, $a, $b, $c);
db_query($query, array($a, $b, $c));
This usage is particularly interesting when the query is constructed dynamically, and the amount of arguments to pass varies. In that case we use the second method to avoid using call_user_func_array(). This behaviour is not documented explicitly, but it is used in several places.
However, db_query_range() and pager_query() do not support this syntax properly, which means there are several pieces of code which still revert to the ugly call_user_func_array() call.
This patch updates db_query_range() and pager_query() so they support the array-passing method. I also added documentation about this method to each of the db functions.
I also cleaned up the code for db_query (it was weird and hard to understand) and moved db_query() and db_queryd() from database.xxxxx.inc to database.inc: it was the same between both mysql and pgsql, as it doesn't do anything database specific. It just prefixes the tables and inserts the arguments. The actual db query is performed in _db_query(), which is still in database.xxxxx.inc.
Finally, I updated several places with the new syntax, and the code is a lot cleaner. For example:
- array_unshift($params, "SELECT u.* FROM {users} u WHERE $query u.status < 3");
- $params[] = 0;
- $params[] = 1;
- $result = call_user_func_array('db_query_range', $params);
+ $result = db_query_range("SELECT u.* FROM {users} u WHERE $query u.status < 3", $params, 0, 1);
and
- return call_user_func_array('db_query_range', array_merge(array($query), $args, array((int)$pager_from_array[$element], (int)$limit)));
+ return db_query_range($query, $args, (int)$pager_from_array[$element], (int)$limit);
I've tested it on mysql. I didn't alter the actual db behaviour, so pgsql should be okay too.
This patch is important because many people avoid the call_user_func_array() method and put data directly into the db query. This is very, very bad because the database prefix will be applied to it, and strip out braces. It's also generally bad form as you have to call check_query() yourself. With the new, documented syntax, there is no more excuse to put data directly in the query.
changes are:
1. Simplified the statistics pages: there are less pages and on the
remaining pages there is a lot less visual clutter (less columns and
better presentation).
2. Reorganized the 'administer - logs' menu: flattened the menu structure
and removed a number of links.
3. Improved performance. Most statistics pages used about 160 slow SQL
queries which made the statistics pages fairly unusable on my system.
The new pages use at least 10 times less SQL queries and render much
faster. They are actually usable.
4. There is now a 'track'-tab on node pages, and a second subtrab on the
user accounts 'track'-tab for people with the 'access statistics'
permission. They can be used to resp. track the node and the user.
This makes the statistics more accessible.
5. Changed the way watchdog messages are filtered. This makes it easier
to introduce new watchdog types.
6. Reworked the statistics module's permissions.
7. Less code: 223 insertions(+), 343 deletions(-).
8. Fixed several glitches: for example, the statistics pages sorted the
'Name' column by user ID instead of by name. Unfortunately, it is
too difficult to backport these to DRUPAL-4-5.
TODO:
1. Review the statistics modules help pages.
2. Help fine-tune the interfaces/views.
NOTES:
1. You'll want to run update.php.
Read the manual for pg_escape_string: "Use of this function is recommended instead of addslashes()." Or read sqlite_escape_string: "addslashes() should NOT be used to quote your strings for SQLite queries; it will lead to strange results when retrieving your data."
+ throttle module: flush cache when the throttle enables/disables
+ throttle module: prevent throttle being enabled by 0 users or guests when disabled
+ system module: remove requirement for statistics.module
+ block module: update help text to reflect access log is no longer required
+ statistics module: throttle is now enabled/disabled, not using levels 0-5
* There are only two throttle levels instead of 5, namely 'enabled' and 'disabled'. This makes it a _lot_ easier to predict when the throttle will kick in. However, if you maintain a module that is throttle-aware, it needs to be updated!
* The throttle mechanism now uses the current number of anonymous users or the current number of authenticated users to kick in. This is a _lot_ more intuitive than the old throttle mechanism.
* The throttle block has been removed -- you can now use the "Who's online" block to determine the good throttle settings.
* Most of the documentation has been removed because it was deprecated.
* It's less code!
That should improve performance of session handling as well improve
performance of the "Who's online"-block. Drupal.org's sessions table
contains appr. 40.000 sessions on a slow day and rendering the "Who's
online"-block became a performance bottleneck.
This change has yet to be tested on a busy site so things might go wrong.
People were using node_title_list() without realizing it would do numereous database queries. This change greatly reduces the number of database queries required to render the node statistics block as well as to render the forum block (coming up next).
If your module is using node_title_list() and you want the number of comments to be shown as title attributes, chances are you have to update your SQL query to join node_comment_statistics.
+ When a comment is posted, a node needs to be re-indexed. Luckily, we can use node_comment_statistics for this easily.
+ When a node is deleted, it should be deleted from the search index as well.
+ The search wipe didn't properly remove links to nodes from the index.
+ Section url was faulty in _help.
+ Minor code rearrangement.
+ Display 'friendly' name rather than module name in search watchdog
messages.
+ Remove left-over from search_total table.
+ Add index wipe button to the admin
+ Moved the admin to admin/settings/search
+ Prevented menu bug when node modules update the breadcrumb in view
(thanks JonBob).
+ Changed search_total table's word key to PRIMARY.
The primary goal of this patch is to take the 'custom' and 'path' columns of the block overview page and make them into something understandable. As of Drupal 4.5 'custom' lacked an explanation which wasn't buried in help text and path required dealing with regular expressions.
Every block now has a configuration page to control these options. This gives more space to make form controls which do not require a lengthy explanation. This page also gives modules a chance to put their block configuration options in a place that makes sense using new operations in the block hook.
The only required changes to modules implementing hook_block() is to be careful about what is returned. Do not return anything if $op is not 'list' or 'view'. Once this change is made, modules will still be compatible with Drupal 4.5. Required changes to core modules are included in this path.
An additional optional change to modules is to implement the additional $op options added. 'configure' should return a string containing the configuration form for the block with the appropriate $delta. 'configure save' will come with an additional $edit argument, which will contain the submitted form data for saving. These changes to core modules are also included in this patch.
1) Clean up the text analyser: make it handle UTF-8 and all sorts of characters. The word splitter now does intelligent splitting into words and supports all Unicode characters. It has smart handling of acronyms, URLs, dates, ...
2) It now indexes the filtered output, which means it can take advantage of HTML tags. Meaningful tags (headers, strong, em, ...) are analysed and used to boost certain words scores. This has the side-effect of allowing the indexing of PHP nodes.
3) Link analyser for node links. The HTML analyser also checks for links. If they point to a node on the current site (handles path aliases) then the link's words are counted as part of the target node. This helps bring out commonly linked FAQs and answers to the top of the results.
4) Index comments along with the node. This means that the search can make a difference between a single node/comment about 'X' and a whole thread about 'X'. It also makes the search results much shorter and more relevant (before this patch, comments were even shown first).
5) We now keep track of total counts as well as a per item count for a word. This allows us to divide the word score by the total before adding up the scores for different words, and automatically makes noisewords have less influence than rare words. This dramatically improves the relevancy of multiword searches. This also makes the disadvantage of now using OR searching instead of AND searching less problematic.
6) Includes support for text preprocessors through a hook. This is required to index Chinese and Japanese, because these languages do not use spaces between words. An external utility can be used to split these into words through a simple wrapper module. Other uses could be spell checking (although it would have no UI).
7) Indexing is now regulated: only a certain amount of items will be indexed per cron run. This prevents PHP from running out of memory or timing out. This also makes the reindexing required for this patch automatic. I also added an index coverage estimate to the search admin screen.
8) Code cleanup! Moved all the search stuff from common.inc into search.module, rewired some hooks and simplified the functions used. The search form and results now also use valid XHTML and form_ functions. The search admin was moved from search/configure to admin/search for consistency.
9) Improved search output: we also show much more info per item: date, author, node type, amount of comments and a cool dynamic excerpt à la Google. The search form is now much more simpler and the help is only displayed as tips when no search results are found.
10) By moving all search logic to SQL, I was able to add a pager to the search results. This improves usability and performance dramatically.
Note that book_location_down() was missing an explicit field b.weight in the SQL SELECT statement, but this value would usually be supplied implicitly because it is used to ORDER the result.
+ Drupal 4.4 stored profile data in the serialized user->data column. Drupal 4.5 stores profile data in tables (but user->data is still available and used for other stuff, like locale or themes). The update from 4.4 to 4.5 didn't remove the old data from the user->data column properly, because there is no mechanism in user_save to do so (it did try to unset the fields, but this has no effect).
+ On registration, hook_user('insert') is invoked after saving the data column. This means that any module-specific data is put into the data field. We cannot move hook_user('insert') higher up, because before that point, we do not have a complete $user object yet.
+ Made error strings in blog.module consistent.
+ Explained a bit better what the RSD setting is for in the blog module.
+ Removed the notes about PHP content from block module and book module, since everything is handled via the input formats now.
+ made the helptext under the 'Explanation or submission guidelines', more the same (blog & story);
+ made the form_set_error() texts consistent when the body of a blog/story does not match or exceeds the specified minimal numer of words.
+ used the $options for form_select() and form_radios() inline like we do in the rest of drupal;
+ made the textarea sizes for the submission pages the same for all node types and also for the 'Explanation or submission guidelines';
- Patch #10308 by ccourtne: performance improvements: comment statistics are now cached in a new SQL table which significantly improves performance of the forum block and the forum pages. These pages are about 3 times faster now!
- removing file checks for uid #1 to be consistent with the roles/permissions.
- renaming script files to .txt's to prevent accidental execution (we don't allow them by default, but you never know)
1) Menu problems with Postgres (this is a highly critical 1 line fix)
2) Archive module fails with Postgres
3) Postgres setup problems - changes to database.pgsql (although i made these changes myself before finding this patch)
4) Book module fails with Postgres
5) Postgres problems following creation of a new type of user - which is actually about a taxonomy.module bug.
6) Creating accregator_item_table in PostgreSQL
7) Postgres - Polls not displayed on Poll Page
8) Blog module has sql errors with postgres
This should not affect MySQL users (hopefully).
Upload.module
- Fixing a bug caused by the PHP5 patches.
Beware: PHP4's array_merge() will silently accept objects and convert them to arrays. We should not depend on this behaviour in the future.
File.inc / file-using modules:
- Removing the constant FILE_SEPARATOR: forward slashes work fine on Windows, and it was being used incorrectly as an URL separator sometimes.
- Adding @ to mkdir and chmod to supress ugly PHP errors. They are already reported with drupal_set_message().
- Fixing default for variable 'file_directory_temp'.
- Clarifying the help tip for 'file_directory_temp' in admin > settings.
- Fixing broken .po import (due to file.inc changes).
- Do not show error notice on import page when no languages have been added (no longer necessary due to ability to add-and-import in one step).
- Added a notice about importing possibly taking a while.
- Raised the PHP execution time limit for importing (if not in safe mode, similar to cron.php).
- Fixed separate styles: added theme_get_styles() and the xtemplate {styles} tag to make sure stylesheets get included in the right order (drupal-specific, template-specific, style-specific).
- Fixing missing class on screenshots.
- Renamed drupal_get_theme_setting() and drupal_get_theme_settings() to theme_get_setting() and theme_get_settings().
- Changing theme('image') so the automatic image size fetching can be toggled independently from attributes. Specifying attributes and autosizing are 2 different things.
- Suppressing PHP errors from getimagesize() using @. drupal_set_message() is used to report these errors already and in a much prettier way.
- #9958: Fixing broken displaying of avatars.
- Don't show the default avatar in 'edit my account' if the user has no avatar of his/her own.
- Added ability to delete avatars (without having to replace them).
- Admin - upload only shows up for 'access administration section' perms
- Users without 'upload files' perm do not see the attachments form (and cannot attach even when sending their own http request)
Note: if a user can edit a node, but not 'upload files', then the attachments are left untouched (and cannot be changed).
This makes sense because people will expect attachments to work everywhere when they enable this module. This also matches comment.module's behaviour, where comments are allowed by default unless turned off.
+ If an array of tb urls is given for mt_tb_ping_urls, the last url actually gets pinged twice.
+ mt_allow_comments and mt_convert_breaks were not being sent properly in the xmlrpc response for getPost.
* Don't rely on a blog table (i.e. do 'extended' the drupal way.
* Allow listing / setting new 'input format' - (using mt.supportedTextFilters).
* Handle MT extensions to metaWeblog.newPost/editPost where applicable.
* Implemented mt.supportedMethods.
* Also did a bit of refactoring to make sure we generate post values the same for both newPost/editPost but also for getRecentPosts and getPost
- Restoring broken update path.
- Adding birthday/date function back, with update path.
- Show private fields when viewing your own profile, or for admins.
- Do not allow browsing of private fields for non admins (403)
- Throw a 404 for browsing unbrowsable fields, rather than an SQL error
- Fixing input processing: nothing is filtered twice anymore, and I replaced several strip_tags with specialchars (more flexible).
- Minor admin UI tweaks + added friendly field type names.
* Refactored the "brains" of user_login() to user_authenticate($user, $pass) so that blogapi (and others) can authenticate users (including those using DistAuth) without all the html and drupal_goto calls
* Updates blogapi_validate_user to use user_authenticate.
* Adds missing quotes around the username in "session closed" watchdog messages from user.module (session opened has quotes, but session closed does not).
* Changed "view detals" after watchdog entries to "details".
I had some trouble adding this feature but realized that the "who's online" block is a geek think, and therefore it won't hurt to add some more geekiness. If you don't know what "offline users" means, you would not have understood "online users" in the first place. Either way, I think most people who have the block enabled, will find this an interesting addition.
The new locale module provides every functionality on the web interface, so you don't need to edit the configuration files or add columns, when you add a new language. This module is an integration of the old locale and localegettext modules, plus a bunch of logic to parse Gettext Portable Object files (opposed to Machine Object files, as supported by localegettext).
Note: I made some minor changes to the context-sensitive help texts and to some of the status messages.
Here's an overview of the changes:
1) Multiple Input formats: they are complete filter configurations (what filters to use, in what order and with which settings). Input formats are admin-definable, and usage of them is role-dependant. For example, you can set it up so that regular users can only use limited HTML, while admins can free HTML without any tag limitations.
The input format can be chosen per content item (nodes, comments, blocks, ...) when you add/edit them. If only a single format is available, there is no choice, and nothing changes with before.
The default install (and the upgrade) contains a basic set of formats which should satisfy the average user's needs.
2) Filters have toggles
Because now you might want to enable a filter only on some input formats, an explicit toggle is provided by the filter system. Modules do not need to worry about it and filters that still have their own on/off switch should get rid of it.
3) Multiple filters per module
This was necessary to accomodate the next change, and it's also a logical extension of the filter system.
4) Embedded PHP is now a filter
Thanks to the multiple input formats, I was able to move the 'embedded PHP' feature from block.module, page.module and book.module into a simple filter which executes PHP code. This filter is part of filter.module, and by default there is an input format 'PHP', restricted to the administrator only, which contains this filter.
This change means that block.module now passes custom block contents through the filter system.
As well as from reducing code duplication and avoiding two type selectors for page/book nodes, you can now combine PHP code with other filters.
5) User-supplied PHP code now requires <?php ?> tags.
This is required for teasers to work with PHP code. Because PHP evaluation is now just another step in the filter process, we can't do this. Also, because teasers are generated before filtering, this would result in errors when the teaser generation would cut off a piece of PHP code.
Also, regular PHP syntax explicitly includes the <?php ?> tags for PHP files, so it makes sense to use the same convention for embedded PHP in Drupal.
6) Filter caching was added.
Benchmarking shows that even for a simple setup (basic html filtering + legacy URL rewriting), filtercache can offer speedups. Unlike the old filtercache, this uses the normal cache table.
7) Filtertips were moved from help into a hook_filter_tips(). This was required to accomodate the fact that there are multiple filters per module, and that filter settings are format dependant. Shoehorning filter tips into _help was ugly and silly. The display of the filter tips is done through the input format selector, so filter_tips_short() no longer exists.
8) A more intelligent linebreak convertor was added, which doesn't stop working if you use block-level tags and which adds <p> tags.
- Users who have not edited their account yet would be reset to GMT rather than the sitewide timezone.
- Users who chose GMT (zero timezone) on a site with a non-zero timezone as default would have incorrect timezone.
+ The 'previous topic' / 'next topic' links skipped topic without comments (changed one inner join back to a left join).
+ The default order setting in admin/settings/forum had no effect.
+ The 'first new topic' link jumped to the first unread topic ever instead of the first unread topic since NODE_NEW_LIMIT.
+ This also removes the unused $offset param from theme_forum_display and theme_forum_topic_list, so any themes using these functions should be updated (i checked the core themes but none of them used these functions).
As discussed before, the path "taxonomy/page/or/1,2" becomes "taxonomy/term/1+2" and the path "taxonomy/page/and/1,2" becomes "taxonomy/term/1,2". The most common case of listing nodes attached to a single term becomes simpler, since it doesn't require a meaningless "or" or "and". A depth of "0" is assumed, but a positive integer or "all" can be used. Feeds are available at "taxonomy/term/1+2/all/feed" and the like.
This iteration of the patch also changes the structure of taxonomy_select_nodes(), since it was not following Drupal conventions. A handful of contrib modules call this function, and will need to be updated. Instead of passing in a $taxonomy object containing parameters for the function, the parameters are passed independently. This simplifies the code quite a bit. The queries were changed to only return node IDs for speed; all results from this function are passed through node_load() anyway, so the extra information returned was discarded. The AND query was also changed to avoid the strange trick and remove an extra query, at the expense of a table join per root term in the AND. This cleans up the code substantially while at the same time enabling the use of AND with a depth parameter.
TODO: update contribution modules.
+ the confirmation before deleting a comment was missing a check_output.
+ after editing a comment, two pages were shown (two calls to theme('page',..)), replaced this by a drupal_goto.
Modules can be stored anywhere, as there is now a set of functions called module_get_filename, and module_set_filename .. which allow system_listing and module_list to specify the locations of the files.
A new function module_load_all() replaces the hardcoded includes in module_init, and loads all modules which have been enabled, using module_load.
module_listing no longer includes files itself, instead it just keeps the listing (and sets the filenames).
This patch is a requirement for the multisite configuration patch, as overriding modules are currently being loaded due to the only protection of loading them is include_once.
Here's a new patch that unifies the node/52 and book/view/52 paths for nodes. It involves a small change to hook_view(), which is discussed first:
Currently hook_view() expects node modules to return a themed node. However, each module does this the same way; they modify $node as necessary, then call theme('node', $node) and return the result. We can refactor this so that the calling function node_view() calls theme('node') instead. By doing this, it becomes possible for hook_nodeapi('view') to be called after hook_view() where the node contents are filtered, and before theme('node') where the body is enclosed in other HTML. This way the book module can insert its navigation into the body right before the theming.
Advantages of this refactoring:
- I can use it for book.module to remove the extra viewing path.
- The function of hook_nodeapi('view') becomes more like hook_view(), as neither will expect a return value.
- We more closely follow the flow of other nodeapi calls, which usually directly follow their corresponding specific node type hooks (instead of preceding them).
- The attachment.module people could use it to append their attachments in a list after the node.
- Gabor could use it instead of his filter perversion for his "articles in a series" module.
- A little less code in each view hook.
- The content hook is no longer needed, so that means even less code.
Disadvantages:
- Any modules written to use nodeapi('view') could be affected (but these would all be post-4.4 modules).
- Implementations of hook_view() would need to be updated (but return values would be ignored, so most would work without updates anyway).
Now the patch takes advantage of this API shift to inject its navigation at the end of all book nodes, regardless of the viewing path. In fact, since the paths become identical, I've removed the book/view handler entirely. We should probably provide an .htaccess rewrite for this (one is still needed for node/view/nn anyway). At the same time, there is a check in book_block() that shows the block appropriately on these pages.
Currently pager_query() is the black sheep of the database query family, because it does not allow for printf-style arguments to be inserted in the query. This is a problem because it introduces developer confusion when moving from an unpaged query to a paged one, and it encourages substitution of variables directly into the query, which can bypass our check_query() security feature.
This patch adds this ability to pager_query(). The change is backwards-compatible, but a couple calls to the function in core have been changed to use the new capability.
- #8193: Moving the two instances of the timezone list into a function.
- #3859: Adding drupal_goto for module/theme/settings pages. Aside from general drupal_goto usability, this fixes the bug of menu items not immediately appearing after enabling a module.
This commit fixes the problem: custom menus were being defined as MENU_CUSTOM_ITEM rather than MENU_CUSTOM_MENU. It also fixes a problem in which custom menus were mistakenly given the MENU_VISIBLE_IN_BREADCRUMB bit when edited. This would cause their titles to show up in the breadcrumb (which is undesirable... only menu items should be in there).
Note that this will not fix any non-functioning custom menus you've defined since this bug appeared. You'll have to delete and recreate them or update the "type" column in the DB manually.
Changes are as follows:
"maintain personal blog" -> "edit own blog" (aggregator.module, blog.module, blogapi.module)
"maintain personal pages" -> "edit own pages" (page.module)
"maintain personal stories" -> "edit own stories (story.module)
* improves the doxygentation and help text.
* deletes comment_admin and comment_page; using proper callbacks instead.
* related/modified callbacks/menus/functions were tweaked to not use arg() at all.
* the "settings" subtab was weighted to -10 so it'd appear first (in prep of JonBob's local default).
* moderation pages weren't properly showing defined votes or thresholds; fixed.
* when moderation votes or thresholds didn't exist, no error stating as such was shown; fixed.
* we show "submit votes" on the moderation votes page only when votes actually exist.
* fixes the (broken in CVS) comment/reply and comment/edit features.
* fixes the (broken in CVS) "save settings" for comment view options and comment moderation.
In addition I:
* fixed a couple warnings introduced by Morbus' patch.
* fixed a couple translation bugs.
* fixed comment_node_url().
I also found that:
* the collapsed comment views (i.e. 'threaded list - collapsed) are broken.
forms using the $required argument of the form_ functions.
- Replaced all Optional's and Required's from the taxonomy forms with proper
use of the form_ functions.
Please check your contributed modules too!
- If you are allowed to vote, results are now shown on a separate node tab "node/id/results".
- Poll voting now submits to a separate URL and uses drupal_goto to go back to the poll node
* The _validate hook and the _nodeapi('validate') hook of the node API (1) no longer take an 'error' parameter and (2) should no longer return an error array. To set an error, call form_set_error().
* The _form hook of the node module no longer takes a form hook and should not worry about displaying errors. Ditto for _nodeapi('form_post') and _nodeapi('form_pre').
* slightly reorders the functions in anticipation of http://drupal.org/node/view/9010.
* reorders help definitions to match the alphabetical nature of the menu items.
* tweaked visual appearance of menu code (whitespace, etc.)
* minor tweaks to "warning" help to match style of others.
* @file header with a oneliner and blurb description about watchdog.module.
* standardized the text between admin/help#watchdog and admin/logs.
* tweaked the descriptions of log types available ever so slightly.
* removed anything that referred to the old settings page.
* added an assumed 'type' to one of the menu's.
Dries Buytaert
Steven Wittens
Kjartan Mannes