site:
- watchdog (rewrite):
+ the collected information provides more details and insights
for post-mortem research
+ input limitation
- database abstraction layer:
+ mysql errors are now verbose and is no longer displayed in a
browser - fixes a possible security risk
- admin.php:
+ updated watchdog page
+ fixed security flaw
- diary.php:
+ fixed nl2br problem
- themes:
+ fixed comment bug in all 3 themes.
- misc:
+ renamed some global variables for sake of consistency:
$sitename --> $site_name
$siteurl --> $site_url
+ added input check where (a) exploitable and (b) possible
+ added input size check
+ various small improvements
+ fixed various typoes
... and much, much more in fact.
- fixed bug in discussion.php
- theme update: comment() now takes 3 arguments:
$comment - an object with comment data
$link - a link to the reply form of that particular
comment
$thread - the subthread of that particular comment
- theme 'marvin' and theme 'zaphod' are updated, theme
'unconed' is left to be done
---------
- improved the user information page.
- improved the story submission page.
- fixed comments score bug: '.00' --> 'x.00'
- tried fixing the calendar wrapping - UnConeD, is it fixed now?
- provided a link back to the submission queue after having voted
for a story.
- fixed comment subject bug (and security flaw) by replacing
quotes by ".
- updated theme 'zaphod': fixed 2 bugs.
- updated theme 'marvin': fixed 1 bug and improved the layout so
things wrap (hopefully) better in Windows.
- comments have by default no subject pre-set - if no subject is
provided, the user is warned and when a comment eventually got
submitted without a subject, a subject is composed using the x
first characters of the comment's body.
- improved comments on submit.php
- corrected a typo in the FAQ.
UnConeD
-------
- replace 'article.php' by 'discussion.php'
- comment() still uses old references to account.php: the
parameters you supply to account.php does no longer hold.
You have to update those links to the new syntax.
- commentcontrol() is outdated - copy paste the one of
theme 'marvin' and adjust it to your likings.
made quite a lot of additions. The most remarkable addition is the
diary server, which I slapped together in less then 40 minutes. Most
of the other changes are however `unvisible' for the user but add much
value to a better maintainability from a developer's objective. Like
always, I fixed quite a number of small bugs that creeped into the code
so we should have a bigger, better and more stable drop.org.
Unfortunatly, some theme update _are_ required:
REQUIRED THEME UPDATES:
=======================
* use format_username() where usernames are used
* use format_date() where timestamps/dates are used
* use format_email() where e-mail addresses are displayed
* use format_url() where url are displayed
* replace 'formatTimestamp' with format_date
* replace 'morelink_*' with 'display_morelink'
[most of these functions are in function.inc or template.inc]
___PLEASE___ (<- this should get your attention ;) update your themes
as soon as possible - it only takes 30 min. to get in sync with the
other themes. Don't start whining about the fact you don't know what
to change ... either eat the source cookie, or ask me to elaborate on
a few changes. Just let me know what's puzzling you and I'll try to
help you out!
TODO LIST FOR NEXT WEEK
=======================
* Add checks for max. text length in textarea's? Is there an HMTL
attribute for this or ...?
* Comment moderation + mojo
* Edit/admin user accounts: block, delete, change permissions, ...
* E-mail password, change password, change e-mail address -> extra
checks and routines to validate such `special' changes.
* Input checking - input filter: bad words, html tags, ...
(1) fixed SQL bug in search.php.
(2) fixed SQL bug in discussion.php.
(3) fixed theme-bug in submit.php.
(4) fixed theme-bug in discussion.php.
(5) fixed Dries2-theme: it more or less works now though
I still have to change the look/layout.
Important:
(3) and (4) did fix the i-suddenly-seem-to-log-out behavior.
stream-lined and more compact. There are a few parts I like to optimize
prior to heading towards comment moderation.
Please test, report bugs and update the footer()-part of your themes a
bit (see my theme)!!!
-- Dries
=========================
Wulp. I did a major upgrade by (a) breaking a lot of stuff and (b) by
re-doing those things in a much better way. I redesigned the stories
and submissions SQL tables, the way they work and the way they co-
operate together.
In addition, I changed the way parameters are passed to
$theme->abstract() and $theme->article(). Instead of passing a
sh!tload of parameters that only cluttered the code and required too
much pre-processing on the engine-side, we now pass a singly object
$story. $story has more variables then the paramaters we used to pass,
so it allows for better theming (if you feel like it).
I'm not finished yet but I decided to upload my changes so you can
start patching and updating your themes: PLEASE update your themes
ASAP! I don't plan making heavy changes like this again, so don't
get intimiated. ;) You mainly have to update article() and abstract()
as well as a minor update of footer():
article(), abstract():
----------------------
- use the $story object - see my theme!
- the morelink can now be themed. Currently you can use the function
morelink_bytes() in function.inc to `render' the old morelink. The
idea is to make a morelink_words() or morelink_lines() sooner or
later because "188 bytes in body" is not half as clear as "52 words
in body". Clearly, "52 words" is much more informative. ;-)
footer():
---------
- in the article-part, you need to update the displayRelatedLinks():
instead of passing it $sid, you need to pass it $story (after you
globaled $story).
Everything should display correct on the following pages:
- main page
- article page (follow a `read more | xxx bytes in bdoy | x comments' link)
- submission queue
Check if they work with your theme: they should as they work fine for
me (theme `Dries') ... If you got stuck, just look at my theme or ask
for a hand on the list!
Hopefully you can update your themes asap. Thanks in advance.
fixed a lot of annoying bugs and boxed whatever there was left to be boxed.
* user.class.php: renamed $user->update() to $user->rehash().
* user.class.php: fixed a typical quote-bug in $user->rehash().
* functions.inc: fixed bug in displayOldHeadlines().
* functions.inc: improved several functions.
* account.php: fixed major bug in showUser().
* account.php: added some extra words to the human-readable
password-generator(tm).
* account.php: boxed ALL functions! Fieuw!
* submit.php: add some general information and guidlines on how to
post submissions.
* config.inc: re-thought the categories to be more generic.
* submission.php: minor changes
* search.pph: fixed minor bug with the author's names.
Woops. I have an exam within 4 hours: back to my books. ;-)
--------------------------------------------------------------------
* Anyone could check sumbit.php, sumbission.php and faq.php for
typoes?
* Anyone could adjust calendar.class.php to fit IE? *huh*huh*
* Don't be scared to hack along (see below)! I'll be working on
the submissions and comments.
--------------------------------------------------------------------
Status of drop v0.10:
(make the system erational' and release it.)
- submissions:
submission queue (75% complete)
submission moderation (75% complete)
- comments:
comment moderation ( 0% complete)
comment administration ( 0% complete)
fixup timestamp mess ( 0% complete)
- user system:
mail password ( 0% complete)
user administation (50% complete)
patch admin.php ( 0% complete)
account confirmation ( 0% complete)
e-mail confimation upon modification of e-mail address
( 0% complete)
- proper handling of forms: text2html, html2text
html2txt, txt2html (10% complete)
bad-word filter (80% complete)
automatic link detection ( 0% complete)
allowed HTML-tag checker ( 0% complete)
- FAQ:
cleanup, disclaimer (50% complete)
- theme:
box everything (100% complete)
Dries Buytaert
natrak