to avoid XSS attacks! Patch by Al, Moshe, Marco, Kjartan and me.
- Bugfix: the admin module does now import drupal.css prior to admin.css.
Patch by me.
- Bugfix: the admin module was still emitting a <base href=""> tag. I
removed this as it is been taken care of by theme_head(); Patch by me.
- Bugfix: made the tracker module's pager only consider published pages.
Patch by Moshe.
- Bugfix: cured some typos in the comment module's help function. Patch by
Marco.
- Bugfix: fixed a typo in the pager_display() that caused optional
attributes to be discarded.
- Bugfix: made the Xtemplate emit empty boxes like any other theme does.
Patch by Al.
- Bugfix: fixed broken link on the statistics module's log page.
Reported by Kjartan.
- CSS improvements: made the HTML output emitted by the tracker module
look nicer. Patch by Moshe and Al.
- CSS improvements: added CSS classes for form elements. Patch by Al.
- CSS improvements: added a vertical gap between the last form item and the
submit button. Patch by Al. Note that Opera 6 is not picking up this
CSS but apparently others browsers such as Konqueror do.
- Xtemplate improvements: changed the color of the selected day in the
archive module's calendar. Patch by Al.
- Usability improvements: made the "birthday" field of the profile module
look nicer. Patch by Al.
------
- TODO: it might be a good idea to emit the following meta tag in the
theme_head() function:
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
Currently, some themes (and modules!) emit this while others don't. This
would also make it possible to change the charset site-wide.
- TODO: now we added support for td.dark and td.light to drupal.css, maybe
it can be removed from admin.css as well as xtemplate.css?
- Fixed a typo in the MSSQL database scheme. Patch by Michael Frankowski.
- Removed dependency on "register_globals = on"! Patches by Michael Frankowski.
Notes:
+ Updated the patches to use $foo["bar"] instead of $foo['bar'].
+ Updated the INSTALL and CHANGELOG files as well.
- Tiny improvement to the "./scripts/code-clean.sh" script.
- Removed headline.module: it became obsolete.
- Removed backend.class: it became obsolete.
- Added export.module.
For now, you can use:
1. http://drupal/export.php?headlines.rss
2. http://drupal/export.php?headlines.rdf
- Renamed export to export.php.
For now, you can use:
1. http://drupal/export.php?headlines.rss
2. http://drupal/export.php?headlines.rdf
Renaming this file has main 3 advantages:
1. We no longer rely on .htaccess for being able to export.
2. It is more conform with the general naming conventions.
3. It removes a pseudo-hack with formatting the URI.
- Made import.module export blocks with feeds.
- streamlined method invocation in node.inc
- added node_status() function to modules
- added NEW (mostly static) page module
- added NEW settings module
1. improved .htaccess to be more "secure": to keep prying
eyes out
2. rewrote the administration section from scratch using a
modular approach
3. improved the information gathered by error.php - we can
now (hopefully) track what bots are crawling us.
4. fixed a bug in submit.php, fixed a bug in theme zaphod,
fixed a bug in theme marvin.
5. rewrote cron from scratch - it now interfaces with
modules as it should have been from the beginning.
Very cool if you ask me - it can use UNIX/Linux
crontabs.
6. updated widget.inc to be module aware - needs more
work though - maybe this afternoon?
7. updated most modules: small bugfixes, improvements, and
even the documentation
8. removed diary.php and made it a module - you can now
run a drop.org site without a diary system if someone
would prefer so
9. updated all themes to use the new modules where
appropriate
10. added a robots.txt because the error message in the
watchdog become annoying.
11. added the new configuration system (mutliple vhosts
on the same source tree) - use hostname.conf instead
of config.inc
12. removed calendar.inc and made it a module
13. added format_interval() to functions.inc (UnConeD)
14. whatever I forgot ...
---------
- improved the user information page.
- improved the story submission page.
- fixed comments score bug: '.00' --> 'x.00'
- tried fixing the calendar wrapping - UnConeD, is it fixed now?
- provided a link back to the submission queue after having voted
for a story.
- fixed comment subject bug (and security flaw) by replacing
quotes by ".
- updated theme 'zaphod': fixed 2 bugs.
- updated theme 'marvin': fixed 1 bug and improved the layout so
things wrap (hopefully) better in Windows.
- comments have by default no subject pre-set - if no subject is
provided, the user is warned and when a comment eventually got
submitted without a subject, a subject is composed using the x
first characters of the comment's body.
- improved comments on submit.php
- corrected a typo in the FAQ.
UnConeD
-------
- replace 'article.php' by 'discussion.php'
- comment() still uses old references to account.php: the
parameters you supply to account.php does no longer hold.
You have to update those links to the new syntax.
- commentcontrol() is outdated - copy paste the one of
theme 'marvin' and adjust it to your likings.
- Added a basic implementation of comment moderation
- Updated and renamed my 2 themes: I removed redundant boxes and tried to
work towards simplicity.
- Disabled the other themes as they are broken (I gave you sufficent time
to update them).
- Removed redundant files.
- Added security checks with regard to the usage of HTML tags.
made quite a lot of additions. The most remarkable addition is the
diary server, which I slapped together in less then 40 minutes. Most
of the other changes are however `unvisible' for the user but add much
value to a better maintainability from a developer's objective. Like
always, I fixed quite a number of small bugs that creeped into the code
so we should have a bigger, better and more stable drop.org.
Unfortunatly, some theme update _are_ required:
REQUIRED THEME UPDATES:
=======================
* use format_username() where usernames are used
* use format_date() where timestamps/dates are used
* use format_email() where e-mail addresses are displayed
* use format_url() where url are displayed
* replace 'formatTimestamp' with format_date
* replace 'morelink_*' with 'display_morelink'
[most of these functions are in function.inc or template.inc]
___PLEASE___ (<- this should get your attention ;) update your themes
as soon as possible - it only takes 30 min. to get in sync with the
other themes. Don't start whining about the fact you don't know what
to change ... either eat the source cookie, or ask me to elaborate on
a few changes. Just let me know what's puzzling you and I'll try to
help you out!
TODO LIST FOR NEXT WEEK
=======================
* Add checks for max. text length in textarea's? Is there an HMTL
attribute for this or ...?
* Comment moderation + mojo
* Edit/admin user accounts: block, delete, change permissions, ...
* E-mail password, change password, change e-mail address -> extra
checks and routines to validate such `special' changes.
* Input checking - input filter: bad words, html tags, ...
longer be accessed from the web. Let's keep lurking eyes out. ;)
* I'm still idling (except for these kind of tidbits) until Natrak commited
the new user system. *evil grin*
.inc files can be read from the web including `config.inc' which contains
the account information (login, password) to the MySQL database. Apache
has now been setup to deny access to all *.inc files from the web.