"This function is called in one place, so it can be rolled into the calling function. The return value isn't used so we can remove handling of it. This is executed for every non-cached page view, so the smaller code should save a smallish ammount of memory and time."
up the documentation a little.
chx: can you double-check whether the global $conf variable is secure?
(That is, make sure it can't be send using the URL or something.)
NOTE: this patch works well, but the improved node edit form still has
some rough edges. It is important that we continue to improve
usability. Give it a try.
TODO: update the "Migrating themes from Drupal 4.6 to Drupal HEAD"-page in
the Drupal handbook!
TODO: update the themes in the contributions repository.
keep track of the user's last access. In turn, this allowed me to:
1. Optimize the "Who's online" block. On drupal.org, the "Who's online"
block requires 32 SQL queries. With this patch, only 2 queries are
left (eliminated 30 SQL queries), and one of the two remaining queries
became appr. 20 times faster.
2. Correct the "Last access" column in the user administration overview
table. The presented data was not accurate, which led to the column
being removed. You can now sort users by 'last access'.
Changes include:
* parsing of the primary/secondary links has been moved out of phptemplate and into theme_get_setting.
* unnecessary and XHTML-invalidating duplicate div#help removed from themes/bluemarine/page.tpl.php (this is already generated by theme_help)
* weird generation of the "edit primary/secondary links" messages removed from bluemarine and placed in theme.inc
* unnecessary changes to themes/bluemarine/style.css rolled back (the phptemplate bluemarine had an older version of style.css than the one in core)
* chameleon updated to work with new link scheme (passes links through theme_links)
- Converted the Bluemarine theme from XTemplate to PHPTemplate.
- Moved the the Pushbutton theme and the Xtemplate engine to the contributions repository.
Drupal's existing caching mechanism doesn't perform well on highly dynamic websites in which the cache is flushed frequently. One example is a site that is under attack by a spambot that is posting spam comments every few seconds, causing all cached pages to be flushed every few seconds. Loose caching immediately flushes the cache only for specific users who have modified cached data (whether or not they are logged in), delaying the flushing of data for other users by several minutes.
(I rewrote the help text a bit and made minor changes to the code comments.)
* Fix a bug which would cause the "configure" link for styles to be broken.
* Fix a bug with using drupal_get_filename for theme engines. Although this is not called anywhere in core, we should still fix it for contrib. (i.e. themes that may want to manually invoke a theme engine to create a hybrid theme)
* Correct an inaccurate comment in theme.inc
* Populate the default primary links with an "edit primary links" link for consistency with the secondary links
* remove some unnecessary variables in the theme administration which had misleading and confusing names
* replace time-consuming foreach when rendering theme admin page with a more efficient array_key_exists
* usability: rather than completely removing the search box checkbox when search.module is disabled, simply disable it. (UI elements shouldn't appear/disappear.)
There are 5 main functions that modules may now utilize to handle images:
* image_get_info() - this function checks a file. If it exists and is a valid image file, it will return an array containing things like the pixel dimensions of the image, plus the 'type' and common extension.
* image_scale - resizes a given image to fit within a given width / height dimensions, while maintaining aspect ratio (not distorting the image). This function can be used to generate thumbnails, or ensure a maximum resolution, etc.
* image_resize - similar to image_scale (but will not respect aspect ratio - may well distort the image).
* image_rotate - rotate an image by X degrees
* image_crop - crops an image to a given rectangle (defined as top-left x/y coordinates plus a width & height of the rectangle).
Contribution modules will now be able to rely on these base manipulation functions to offer additional functionality (such as image nodes, photo galleries, advanced image manipulation, etc).
We added a 'severity' column to watchdog():
watchdog($type, $message, $link) --> watchdog($type, $message, $severity, $link);
* Specify a severity in case you are reporting a warning or error.
* The $link-parameter is now the fourth parameter instead of the third.
TODO: document this in the upgrade guide.
* Less logic in theme code.
* Encourages use of the menu system.
* Easier to find where a title or breadcrumb comes from in other people's code because there are less places to look. Look in menu and then grep for the appropriate set function. Looking for calls to theme_page() is hard because there are too many of them.
* Very slightly more efficient.
- Slight addition to INSTALL.txt with regard to PHP versions.
- Updated/reworded some node type descriptions as per Boris' suggestions.
- Adding missing {} around a table name in update.php.
1. Fixed broken watchdog calls: two watchdog calls omitted the type parameter, and thus injected logs into the type field, instead of the message field.
2. Removed t() functions from user contributed content.
db_query($query, $a, $b, $c);
db_query($query, array($a, $b, $c));
This usage is particularly interesting when the query is constructed dynamically, and the amount of arguments to pass varies. In that case we use the second method to avoid using call_user_func_array(). This behaviour is not documented explicitly, but it is used in several places.
However, db_query_range() and pager_query() do not support this syntax properly, which means there are several pieces of code which still revert to the ugly call_user_func_array() call.
This patch updates db_query_range() and pager_query() so they support the array-passing method. I also added documentation about this method to each of the db functions.
I also cleaned up the code for db_query (it was weird and hard to understand) and moved db_query() and db_queryd() from database.xxxxx.inc to database.inc: it was the same between both mysql and pgsql, as it doesn't do anything database specific. It just prefixes the tables and inserts the arguments. The actual db query is performed in _db_query(), which is still in database.xxxxx.inc.
Finally, I updated several places with the new syntax, and the code is a lot cleaner. For example:
- array_unshift($params, "SELECT u.* FROM {users} u WHERE $query u.status < 3");
- $params[] = 0;
- $params[] = 1;
- $result = call_user_func_array('db_query_range', $params);
+ $result = db_query_range("SELECT u.* FROM {users} u WHERE $query u.status < 3", $params, 0, 1);
and
- return call_user_func_array('db_query_range', array_merge(array($query), $args, array((int)$pager_from_array[$element], (int)$limit)));
+ return db_query_range($query, $args, (int)$pager_from_array[$element], (int)$limit);
I've tested it on mysql. I didn't alter the actual db behaviour, so pgsql should be okay too.
This patch is important because many people avoid the call_user_func_array() method and put data directly into the db query. This is very, very bad because the database prefix will be applied to it, and strip out braces. It's also generally bad form as you have to call check_query() yourself. With the new, documented syntax, there is no more excuse to put data directly in the query.
changes are:
1. Simplified the statistics pages: there are less pages and on the
remaining pages there is a lot less visual clutter (less columns and
better presentation).
2. Reorganized the 'administer - logs' menu: flattened the menu structure
and removed a number of links.
3. Improved performance. Most statistics pages used about 160 slow SQL
queries which made the statistics pages fairly unusable on my system.
The new pages use at least 10 times less SQL queries and render much
faster. They are actually usable.
4. There is now a 'track'-tab on node pages, and a second subtrab on the
user accounts 'track'-tab for people with the 'access statistics'
permission. They can be used to resp. track the node and the user.
This makes the statistics more accessible.
5. Changed the way watchdog messages are filtered. This makes it easier
to introduce new watchdog types.
6. Reworked the statistics module's permissions.
7. Less code: 223 insertions(+), 343 deletions(-).
8. Fixed several glitches: for example, the statistics pages sorted the
'Name' column by user ID instead of by name. Unfortunately, it is
too difficult to backport these to DRUPAL-4-5.
TODO:
1. Review the statistics modules help pages.
2. Help fine-tune the interfaces/views.
NOTES:
1. You'll want to run update.php.
+ Make bootstrap functionality work with HEAD.
+ Move functions into bootstrap.inc so that statistics_exit() works for cached pages. (Does this close any issues?)
Read the manual for pg_escape_string: "Use of this function is recommended instead of addslashes()." Or read sqlite_escape_string: "addslashes() should NOT be used to quote your strings for SQLite queries; it will lead to strange results when retrieving your data."
* There are only two throttle levels instead of 5, namely 'enabled' and 'disabled'. This makes it a _lot_ easier to predict when the throttle will kick in. However, if you maintain a module that is throttle-aware, it needs to be updated!
* The throttle mechanism now uses the current number of anonymous users or the current number of authenticated users to kick in. This is a _lot_ more intuitive than the old throttle mechanism.
* The throttle block has been removed -- you can now use the "Who's online" block to determine the good throttle settings.
* Most of the documentation has been removed because it was deprecated.
* It's less code!
That should improve performance of session handling as well improve
performance of the "Who's online"-block. Drupal.org's sessions table
contains appr. 40.000 sessions on a slow day and rendering the "Who's
online"-block became a performance bottleneck.
This change has yet to be tested on a busy site so things might go wrong.
1) Clean up the text analyser: make it handle UTF-8 and all sorts of characters. The word splitter now does intelligent splitting into words and supports all Unicode characters. It has smart handling of acronyms, URLs, dates, ...
2) It now indexes the filtered output, which means it can take advantage of HTML tags. Meaningful tags (headers, strong, em, ...) are analysed and used to boost certain words scores. This has the side-effect of allowing the indexing of PHP nodes.
3) Link analyser for node links. The HTML analyser also checks for links. If they point to a node on the current site (handles path aliases) then the link's words are counted as part of the target node. This helps bring out commonly linked FAQs and answers to the top of the results.
4) Index comments along with the node. This means that the search can make a difference between a single node/comment about 'X' and a whole thread about 'X'. It also makes the search results much shorter and more relevant (before this patch, comments were even shown first).
5) We now keep track of total counts as well as a per item count for a word. This allows us to divide the word score by the total before adding up the scores for different words, and automatically makes noisewords have less influence than rare words. This dramatically improves the relevancy of multiword searches. This also makes the disadvantage of now using OR searching instead of AND searching less problematic.
6) Includes support for text preprocessors through a hook. This is required to index Chinese and Japanese, because these languages do not use spaces between words. An external utility can be used to split these into words through a simple wrapper module. Other uses could be spell checking (although it would have no UI).
7) Indexing is now regulated: only a certain amount of items will be indexed per cron run. This prevents PHP from running out of memory or timing out. This also makes the reindexing required for this patch automatic. I also added an index coverage estimate to the search admin screen.
8) Code cleanup! Moved all the search stuff from common.inc into search.module, rewired some hooks and simplified the functions used. The search form and results now also use valid XHTML and form_ functions. The search admin was moved from search/configure to admin/search for consistency.
9) Improved search output: we also show much more info per item: date, author, node type, amount of comments and a cool dynamic excerpt à la Google. The search form is now much more simpler and the help is only displayed as tips when no search results are found.
10) By moving all search logic to SQL, I was able to add a pager to the search results. This improves usability and performance dramatically.
1) Menu problems with Postgres (this is a highly critical 1 line fix)
2) Archive module fails with Postgres
3) Postgres setup problems - changes to database.pgsql (although i made these changes myself before finding this patch)
4) Book module fails with Postgres
5) Postgres problems following creation of a new type of user - which is actually about a taxonomy.module bug.
6) Creating accregator_item_table in PostgreSQL
7) Postgres - Polls not displayed on Poll Page
8) Blog module has sql errors with postgres
This should not affect MySQL users (hopefully).
Upload.module
- Fixing a bug caused by the PHP5 patches.
Beware: PHP4's array_merge() will silently accept objects and convert them to arrays. We should not depend on this behaviour in the future.
File.inc / file-using modules:
- Removing the constant FILE_SEPARATOR: forward slashes work fine on Windows, and it was being used incorrectly as an URL separator sometimes.
- Adding @ to mkdir and chmod to supress ugly PHP errors. They are already reported with drupal_set_message().
- Fixing default for variable 'file_directory_temp'.
- Clarifying the help tip for 'file_directory_temp' in admin > settings.
- Fixing broken .po import (due to file.inc changes).
- Do not show error notice on import page when no languages have been added (no longer necessary due to ability to add-and-import in one step).
- Added a notice about importing possibly taking a while.
- Raised the PHP execution time limit for importing (if not in safe mode, similar to cron.php).
- Fixed separate styles: added theme_get_styles() and the xtemplate {styles} tag to make sure stylesheets get included in the right order (drupal-specific, template-specific, style-specific).
- Fixing missing class on screenshots.
- Renamed drupal_get_theme_setting() and drupal_get_theme_settings() to theme_get_setting() and theme_get_settings().
- Changing theme('image') so the automatic image size fetching can be toggled independently from attributes. Specifying attributes and autosizing are 2 different things.
- Suppressing PHP errors from getimagesize() using @. drupal_set_message() is used to report these errors already and in a much prettier way.
- #9958: Fixing broken displaying of avatars.
- Don't show the default avatar in 'edit my account' if the user has no avatar of his/her own.
- Added ability to delete avatars (without having to replace them).
The new locale module provides every functionality on the web interface, so you don't need to edit the configuration files or add columns, when you add a new language. This module is an integration of the old locale and localegettext modules, plus a bunch of logic to parse Gettext Portable Object files (opposed to Machine Object files, as supported by localegettext).
Note: I made some minor changes to the context-sensitive help texts and to some of the status messages.
Here's an overview of the changes:
1) Multiple Input formats: they are complete filter configurations (what filters to use, in what order and with which settings). Input formats are admin-definable, and usage of them is role-dependant. For example, you can set it up so that regular users can only use limited HTML, while admins can free HTML without any tag limitations.
The input format can be chosen per content item (nodes, comments, blocks, ...) when you add/edit them. If only a single format is available, there is no choice, and nothing changes with before.
The default install (and the upgrade) contains a basic set of formats which should satisfy the average user's needs.
2) Filters have toggles
Because now you might want to enable a filter only on some input formats, an explicit toggle is provided by the filter system. Modules do not need to worry about it and filters that still have their own on/off switch should get rid of it.
3) Multiple filters per module
This was necessary to accomodate the next change, and it's also a logical extension of the filter system.
4) Embedded PHP is now a filter
Thanks to the multiple input formats, I was able to move the 'embedded PHP' feature from block.module, page.module and book.module into a simple filter which executes PHP code. This filter is part of filter.module, and by default there is an input format 'PHP', restricted to the administrator only, which contains this filter.
This change means that block.module now passes custom block contents through the filter system.
As well as from reducing code duplication and avoiding two type selectors for page/book nodes, you can now combine PHP code with other filters.
5) User-supplied PHP code now requires <?php ?> tags.
This is required for teasers to work with PHP code. Because PHP evaluation is now just another step in the filter process, we can't do this. Also, because teasers are generated before filtering, this would result in errors when the teaser generation would cut off a piece of PHP code.
Also, regular PHP syntax explicitly includes the <?php ?> tags for PHP files, so it makes sense to use the same convention for embedded PHP in Drupal.
6) Filter caching was added.
Benchmarking shows that even for a simple setup (basic html filtering + legacy URL rewriting), filtercache can offer speedups. Unlike the old filtercache, this uses the normal cache table.
7) Filtertips were moved from help into a hook_filter_tips(). This was required to accomodate the fact that there are multiple filters per module, and that filter settings are format dependant. Shoehorning filter tips into _help was ugly and silly. The display of the filter tips is done through the input format selector, so filter_tips_short() no longer exists.
8) A more intelligent linebreak convertor was added, which doesn't stop working if you use block-level tags and which adds <p> tags.
- Users who have not edited their account yet would be reset to GMT rather than the sitewide timezone.
- Users who chose GMT (zero timezone) on a site with a non-zero timezone as default would have incorrect timezone.
Modules can be stored anywhere, as there is now a set of functions called module_get_filename, and module_set_filename .. which allow system_listing and module_list to specify the locations of the files.
A new function module_load_all() replaces the hardcoded includes in module_init, and loads all modules which have been enabled, using module_load.
module_listing no longer includes files itself, instead it just keeps the listing (and sets the filenames).
This patch is a requirement for the multisite configuration patch, as overriding modules are currently being loaded due to the only protection of loading them is include_once.
The headers stored for cached pages ended in a newline, which caused header("") to get called when serving the page.
On some PHP versions (happens on 4.3.3 at least, but not in 5.0), PHP adds a blank header to the HTTP request (i.e. just \r\n) which ends HTTP headers prematurely and adds a newline at the beginning of the page.
This was not an issue before because we output HTML. Now that we have GZip compression, this bug caused corruption of the output. :P
*phew*
Currently pager_query() is the black sheep of the database query family, because it does not allow for printf-style arguments to be inserted in the query. This is a problem because it introduces developer confusion when moving from an unpaged query to a paged one, and it encourages substitution of variables directly into the query, which can bypass our check_query() security feature.
This patch adds this ability to pager_query(). The change is backwards-compatible, but a couple calls to the function in core have been changed to use the new capability.
http://drupal.org/files/issues/error_messages_list.png (issue #9138).
drupal_set_message() has been changed to group message by type and a
helper function, theme_status_message(), is added to display the messages.
Chameleon and Xtemplate have been updated to use this new function.
- Updated CHANGELOG.txt.
* The _validate hook and the _nodeapi('validate') hook of the node API (1) no longer take an 'error' parameter and (2) should no longer return an error array. To set an error, call form_set_error().
* The _form hook of the node module no longer takes a form hook and should not worry about displaying errors. Ditto for _nodeapi('form_post') and _nodeapi('form_pre').
Dries Buytaert
Steven Wittens
