- removed ban.inc and ban.module and integrated it in account.module
under the name "access control" --> the ban code was not really up
to standard so this has now been dealt with. This refactoring and
reintegration cuts down the code size with 100 lines too. :-)
(The ban.module code was really old and it showed.)
- added node.module and made the other modules reuse some of this
code --> cut down the code size of modules by at least 100 lines
and adds stability.
- added a status() function to admin.php to display a conform status
message where appropriate. See admin.php for usage.
- removed $theme->control() and made comments.inc handle this itself
wrapped in a $theme->box(). No need to clutter the themes with
such complexity --> updated all themes already. :-)
- some small visual changes to some administration pages to be more
consistent across different modules.
(reported by UnConeD)
- added "add node" link to book selection box and made it display the
current location
- removed tabs and whitespaces from themes - done automatically
certain users access to specific administration sections only.
Ex. a FAQ maintainer can only edit the FAQ, and members of an
"editorial board" can only edit comments, diaries and
stories, ..
- code review => rewrote include/user.inc which is much easier now
- fixed 4 small bugs
This time I redid the "category"-stuff. Categories - from now on called sections - are now maintained from the admin pages, can have their own post, dump and timout thresholds as discussed earlier (some weeks ago). By tomorrow evening users will be able to enable or disable section as well - i.e. to customize the content of drop.org.
- improved web interface of account module.
- added simple permission system with both administrators
and regular users. It can be made more fine-grained but
it will do for now.
- various small enhancements to the other modules, but
nothing big.
site:
- watchdog (rewrite):
+ the collected information provides more details and insights
for post-mortem research
+ input limitation
- database abstraction layer:
+ mysql errors are now verbose and is no longer displayed in a
browser - fixes a possible security risk
- admin.php:
+ updated watchdog page
+ fixed security flaw
- diary.php:
+ fixed nl2br problem
- themes:
+ fixed comment bug in all 3 themes.
- misc:
+ renamed some global variables for sake of consistency:
$sitename --> $site_name
$siteurl --> $site_url
+ added input check where (a) exploitable and (b) possible
+ added input size check
+ various small improvements
+ fixed various typoes
... and much, much more in fact.
visual changes:
- removed redundant files user.class.php, calendar.class.php
and backend.class.php.
- converted *all* mysql queries to queries supported by the
database abstraction layer.
- expanded the watchdog to record more information on what
actually happened.
- bugfix: anonymous readers where not able to view comments.
- bugfix: anonymous readers could gain read-only access to
the submission queue.
- bugfix: invalid includes in backend.php
- bugfix: invalid use of '$user->block'
and last but not least:
- redid 50% of the user account system
Dries Buytaert