* Makes the user login and password fields in the login _block_ required.
* Uses just if ($form['name']) rather than if (isset($form['name']) && $form['name']). AFAIK, using both is unnecessary with the form API.
* Changes maxlength for usernames to 60 which is the (rather odd) database value. The maxlength fields at present don't accomodate affiliate logins with extra long usernames/domains, but I've left that issue alone for now.
* Removes all instances of maxlength for password. They were a)not being applied with any degree of consistency, and b)unnecessary as only the hash is stored.
* Corrects an e-mail address maxlength from 55 to 64.
* unset() accepts more than one variable.
When a form element doesn't specify a #weight, it is assumed internally as #weight 0. However, to ensure that our form elements display visually *as they were defined in the array* we, in form_builder, count the number of elements, divide by 1000, and set that as the weight:
# Assign a decimal placeholder weight to preserve original array order
if (!isset($form[$key]['#weight'])) {
$form[$key]['#weight'] = $count/1000;
}
The above code will set the #weights of elements that have not defined a weight to something like 0 (first element in array definition), 0.001, 0.002, and so on. However, anytime a form element *explicitly* defines a #weight of 0, that #weight is kept at exactly 0, which would cause that form element to appear BEFORE the elements that didn't have a #weight defined (and thus received a #weight such as 0.002).
Consider the following pseudo example:
$form['game_title'] = array(
'#type' => 'textfield',
...
);
$form['game_description'] = array(
'#type' => 'textarea',
...
);
$form['game_format'] = filter_form(variable_get('game_format', NULL));
return $form;
Here, we're not definiing weights on our two textfields. We then add an filter_form. The second parameter of the filter_form is $weight, which defaults to 0. After this $form hits form_builder, we have weights 0 (game_title), 0.001 (game_description), and 0 (filter_form) respectively. This is then sorted by weight, which causes filter_form (the third element in the array) to appear BEFORE game_description (0 is lighter than 0.001).
The short lesson is: explicitly defining #weight 0 for a form element is probably a bad idea. This patch changes the default #weight of filter_form to NULL, instead of 0, and also removes any other explicit setting of #weight to 0 in core.
- When user #1 creates an account (we can assume this happens only once), system.module's schema version is set to the latest availiable.
- system_get_files_database() now includes a 'schema_version' child of each file object.
- That new information is re-saved when Drupal re-populates the system table.
- An array of newly-enabled modules is built, module_list() is reloaded, and the schema versions of each newly-enabled module are set to the most recent availiable. If the schema version is already set (presumably from a previous installation) it is not changed.
If your module uses variable_get('file_directory_temp', ...) or
variable_get('file_directory_path', ...) please update it to use the new
API.
A list of affected modules is available at http://drupal.org/node/26249#comment-54194.
TODO:
+ The contact.module was broken; a new patch for contact.module is needed.
+ Documentation is needed.
+ The most important modules need to be updated ASAP.
In several setups, one wants to grant the 'administer users' permission to certain roles (for example to forum admins), however without allowing those users to change permissions on the 'access control' page, and without allowing them to change the users' roles (so that they can't, for example, promote themselves to admin).
keep track of the user's last access. In turn, this allowed me to:
1. Optimize the "Who's online" block. On drupal.org, the "Who's online"
block requires 32 SQL queries. With this patch, only 2 queries are
left (eliminated 30 SQL queries), and one of the two remaining queries
became appr. 20 times faster.
2. Correct the "Last access" column in the user administration overview
table. The presented data was not accurate, which led to the column
being removed. You can now sort users by 'last access'.
- Clean URLs: search/type/keywords e.g. "search/node/drupal release". The search
form is POST submitted, but drupal_gotos to a GET page. This makes it easy to
copy/paste search URLs, and makes the pager a lot cleaner.
- Remember the search keywords when switching between the search tabs. This is
done through the same GET URLs rather than the session, so it does not mess up
between multiple browser tabs.
- Report which keywords were ignored because they were too short.
- #820: Provide search block
- Treat multiple wildcards in a row as one
- permissions menu link updates in a number of modules help
- anchor link fix in distributed auth help
- "my account" link fix in user help
- spelling correction in tracker.module help
- I also changed 'admin/access/perms' to 'admin/access/permissions'.
There are 5 main functions that modules may now utilize to handle images:
* image_get_info() - this function checks a file. If it exists and is a valid image file, it will return an array containing things like the pixel dimensions of the image, plus the 'type' and common extension.
* image_scale - resizes a given image to fit within a given width / height dimensions, while maintaining aspect ratio (not distorting the image). This function can be used to generate thumbnails, or ensure a maximum resolution, etc.
* image_resize - similar to image_scale (but will not respect aspect ratio - may well distort the image).
* image_rotate - rotate an image by X degrees
* image_crop - crops an image to a given rectangle (defined as top-left x/y coordinates plus a width & height of the rectangle).
Contribution modules will now be able to rely on these base manipulation functions to offer additional functionality (such as image nodes, photo galleries, advanced image manipulation, etc).
We added a 'severity' column to watchdog():
watchdog($type, $message, $link) --> watchdog($type, $message, $severity, $link);
* Specify a severity in case you are reporting a warning or error.
* The $link-parameter is now the fourth parameter instead of the third.
TODO: document this in the upgrade guide.
+ After mailing the password, set a message and go to the login form (was print a message as the entire page).
+ Provide feedback if neither field was filled in.
+ Make it a full menu callback instead of going through user_page().
+ Fixed some indentation.
+ Changed some double quotes to single quotes.
+ Made sure all if statements have {}.
* Less logic in theme code.
* Encourages use of the menu system.
* Easier to find where a title or breadcrumb comes from in other people's code because there are less places to look. Look in menu and then grep for the appropriate set function. Looking for calls to theme_page() is hard because there are too many of them.
* Very slightly more efficient.
1. Fixed broken watchdog calls: two watchdog calls omitted the type parameter, and thus injected logs into the type field, instead of the message field.
2. Removed t() functions from user contributed content.
db_query($query, $a, $b, $c);
db_query($query, array($a, $b, $c));
This usage is particularly interesting when the query is constructed dynamically, and the amount of arguments to pass varies. In that case we use the second method to avoid using call_user_func_array(). This behaviour is not documented explicitly, but it is used in several places.
However, db_query_range() and pager_query() do not support this syntax properly, which means there are several pieces of code which still revert to the ugly call_user_func_array() call.
This patch updates db_query_range() and pager_query() so they support the array-passing method. I also added documentation about this method to each of the db functions.
I also cleaned up the code for db_query (it was weird and hard to understand) and moved db_query() and db_queryd() from database.xxxxx.inc to database.inc: it was the same between both mysql and pgsql, as it doesn't do anything database specific. It just prefixes the tables and inserts the arguments. The actual db query is performed in _db_query(), which is still in database.xxxxx.inc.
Finally, I updated several places with the new syntax, and the code is a lot cleaner. For example:
- array_unshift($params, "SELECT u.* FROM {users} u WHERE $query u.status < 3");
- $params[] = 0;
- $params[] = 1;
- $result = call_user_func_array('db_query_range', $params);
+ $result = db_query_range("SELECT u.* FROM {users} u WHERE $query u.status < 3", $params, 0, 1);
and
- return call_user_func_array('db_query_range', array_merge(array($query), $args, array((int)$pager_from_array[$element], (int)$limit)));
+ return db_query_range($query, $args, (int)$pager_from_array[$element], (int)$limit);
I've tested it on mysql. I didn't alter the actual db behaviour, so pgsql should be okay too.
This patch is important because many people avoid the call_user_func_array() method and put data directly into the db query. This is very, very bad because the database prefix will be applied to it, and strip out braces. It's also generally bad form as you have to call check_query() yourself. With the new, documented syntax, there is no more excuse to put data directly in the query.
Read the manual for pg_escape_string: "Use of this function is recommended instead of addslashes()." Or read sqlite_escape_string: "addslashes() should NOT be used to quote your strings for SQLite queries; it will lead to strange results when retrieving your data."
That should improve performance of session handling as well improve
performance of the "Who's online"-block. Drupal.org's sessions table
contains appr. 40.000 sessions on a slow day and rendering the "Who's
online"-block became a performance bottleneck.
This change has yet to be tested on a busy site so things might go wrong.
The primary goal of this patch is to take the 'custom' and 'path' columns of the block overview page and make them into something understandable. As of Drupal 4.5 'custom' lacked an explanation which wasn't buried in help text and path required dealing with regular expressions.
Every block now has a configuration page to control these options. This gives more space to make form controls which do not require a lengthy explanation. This page also gives modules a chance to put their block configuration options in a place that makes sense using new operations in the block hook.
The only required changes to modules implementing hook_block() is to be careful about what is returned. Do not return anything if $op is not 'list' or 'view'. Once this change is made, modules will still be compatible with Drupal 4.5. Required changes to core modules are included in this path.
An additional optional change to modules is to implement the additional $op options added. 'configure' should return a string containing the configuration form for the block with the appropriate $delta. 'configure save' will come with an additional $edit argument, which will contain the submitted form data for saving. These changes to core modules are also included in this patch.
1) Clean up the text analyser: make it handle UTF-8 and all sorts of characters. The word splitter now does intelligent splitting into words and supports all Unicode characters. It has smart handling of acronyms, URLs, dates, ...
2) It now indexes the filtered output, which means it can take advantage of HTML tags. Meaningful tags (headers, strong, em, ...) are analysed and used to boost certain words scores. This has the side-effect of allowing the indexing of PHP nodes.
3) Link analyser for node links. The HTML analyser also checks for links. If they point to a node on the current site (handles path aliases) then the link's words are counted as part of the target node. This helps bring out commonly linked FAQs and answers to the top of the results.
4) Index comments along with the node. This means that the search can make a difference between a single node/comment about 'X' and a whole thread about 'X'. It also makes the search results much shorter and more relevant (before this patch, comments were even shown first).
5) We now keep track of total counts as well as a per item count for a word. This allows us to divide the word score by the total before adding up the scores for different words, and automatically makes noisewords have less influence than rare words. This dramatically improves the relevancy of multiword searches. This also makes the disadvantage of now using OR searching instead of AND searching less problematic.
6) Includes support for text preprocessors through a hook. This is required to index Chinese and Japanese, because these languages do not use spaces between words. An external utility can be used to split these into words through a simple wrapper module. Other uses could be spell checking (although it would have no UI).
7) Indexing is now regulated: only a certain amount of items will be indexed per cron run. This prevents PHP from running out of memory or timing out. This also makes the reindexing required for this patch automatic. I also added an index coverage estimate to the search admin screen.
8) Code cleanup! Moved all the search stuff from common.inc into search.module, rewired some hooks and simplified the functions used. The search form and results now also use valid XHTML and form_ functions. The search admin was moved from search/configure to admin/search for consistency.
9) Improved search output: we also show much more info per item: date, author, node type, amount of comments and a cool dynamic excerpt à la Google. The search form is now much more simpler and the help is only displayed as tips when no search results are found.
10) By moving all search logic to SQL, I was able to add a pager to the search results. This improves usability and performance dramatically.
+ Drupal 4.4 stored profile data in the serialized user->data column. Drupal 4.5 stores profile data in tables (but user->data is still available and used for other stuff, like locale or themes). The update from 4.4 to 4.5 didn't remove the old data from the user->data column properly, because there is no mechanism in user_save to do so (it did try to unset the fields, but this has no effect).
+ On registration, hook_user('insert') is invoked after saving the data column. This means that any module-specific data is put into the data field. We cannot move hook_user('insert') higher up, because before that point, we do not have a complete $user object yet.
Neil Drumm
Dries Buytaert
Gerhard Killesreiter
Steven Wittens