1. Fixed broken watchdog calls: two watchdog calls omitted the type parameter, and thus injected logs into the type field, instead of the message field.
2. Removed t() functions from user contributed content.
db_query($query, $a, $b, $c);
db_query($query, array($a, $b, $c));
This usage is particularly interesting when the query is constructed dynamically, and the amount of arguments to pass varies. In that case we use the second method to avoid using call_user_func_array(). This behaviour is not documented explicitly, but it is used in several places.
However, db_query_range() and pager_query() do not support this syntax properly, which means there are several pieces of code which still revert to the ugly call_user_func_array() call.
This patch updates db_query_range() and pager_query() so they support the array-passing method. I also added documentation about this method to each of the db functions.
I also cleaned up the code for db_query (it was weird and hard to understand) and moved db_query() and db_queryd() from database.xxxxx.inc to database.inc: it was the same between both mysql and pgsql, as it doesn't do anything database specific. It just prefixes the tables and inserts the arguments. The actual db query is performed in _db_query(), which is still in database.xxxxx.inc.
Finally, I updated several places with the new syntax, and the code is a lot cleaner. For example:
- array_unshift($params, "SELECT u.* FROM {users} u WHERE $query u.status < 3");
- $params[] = 0;
- $params[] = 1;
- $result = call_user_func_array('db_query_range', $params);
+ $result = db_query_range("SELECT u.* FROM {users} u WHERE $query u.status < 3", $params, 0, 1);
and
- return call_user_func_array('db_query_range', array_merge(array($query), $args, array((int)$pager_from_array[$element], (int)$limit)));
+ return db_query_range($query, $args, (int)$pager_from_array[$element], (int)$limit);
I've tested it on mysql. I didn't alter the actual db behaviour, so pgsql should be okay too.
This patch is important because many people avoid the call_user_func_array() method and put data directly into the db query. This is very, very bad because the database prefix will be applied to it, and strip out braces. It's also generally bad form as you have to call check_query() yourself. With the new, documented syntax, there is no more excuse to put data directly in the query.
Read the manual for pg_escape_string: "Use of this function is recommended instead of addslashes()." Or read sqlite_escape_string: "addslashes() should NOT be used to quote your strings for SQLite queries; it will lead to strange results when retrieving your data."
That should improve performance of session handling as well improve
performance of the "Who's online"-block. Drupal.org's sessions table
contains appr. 40.000 sessions on a slow day and rendering the "Who's
online"-block became a performance bottleneck.
This change has yet to be tested on a busy site so things might go wrong.
The primary goal of this patch is to take the 'custom' and 'path' columns of the block overview page and make them into something understandable. As of Drupal 4.5 'custom' lacked an explanation which wasn't buried in help text and path required dealing with regular expressions.
Every block now has a configuration page to control these options. This gives more space to make form controls which do not require a lengthy explanation. This page also gives modules a chance to put their block configuration options in a place that makes sense using new operations in the block hook.
The only required changes to modules implementing hook_block() is to be careful about what is returned. Do not return anything if $op is not 'list' or 'view'. Once this change is made, modules will still be compatible with Drupal 4.5. Required changes to core modules are included in this path.
An additional optional change to modules is to implement the additional $op options added. 'configure' should return a string containing the configuration form for the block with the appropriate $delta. 'configure save' will come with an additional $edit argument, which will contain the submitted form data for saving. These changes to core modules are also included in this patch.
1) Clean up the text analyser: make it handle UTF-8 and all sorts of characters. The word splitter now does intelligent splitting into words and supports all Unicode characters. It has smart handling of acronyms, URLs, dates, ...
2) It now indexes the filtered output, which means it can take advantage of HTML tags. Meaningful tags (headers, strong, em, ...) are analysed and used to boost certain words scores. This has the side-effect of allowing the indexing of PHP nodes.
3) Link analyser for node links. The HTML analyser also checks for links. If they point to a node on the current site (handles path aliases) then the link's words are counted as part of the target node. This helps bring out commonly linked FAQs and answers to the top of the results.
4) Index comments along with the node. This means that the search can make a difference between a single node/comment about 'X' and a whole thread about 'X'. It also makes the search results much shorter and more relevant (before this patch, comments were even shown first).
5) We now keep track of total counts as well as a per item count for a word. This allows us to divide the word score by the total before adding up the scores for different words, and automatically makes noisewords have less influence than rare words. This dramatically improves the relevancy of multiword searches. This also makes the disadvantage of now using OR searching instead of AND searching less problematic.
6) Includes support for text preprocessors through a hook. This is required to index Chinese and Japanese, because these languages do not use spaces between words. An external utility can be used to split these into words through a simple wrapper module. Other uses could be spell checking (although it would have no UI).
7) Indexing is now regulated: only a certain amount of items will be indexed per cron run. This prevents PHP from running out of memory or timing out. This also makes the reindexing required for this patch automatic. I also added an index coverage estimate to the search admin screen.
8) Code cleanup! Moved all the search stuff from common.inc into search.module, rewired some hooks and simplified the functions used. The search form and results now also use valid XHTML and form_ functions. The search admin was moved from search/configure to admin/search for consistency.
9) Improved search output: we also show much more info per item: date, author, node type, amount of comments and a cool dynamic excerpt à la Google. The search form is now much more simpler and the help is only displayed as tips when no search results are found.
10) By moving all search logic to SQL, I was able to add a pager to the search results. This improves usability and performance dramatically.
+ Drupal 4.4 stored profile data in the serialized user->data column. Drupal 4.5 stores profile data in tables (but user->data is still available and used for other stuff, like locale or themes). The update from 4.4 to 4.5 didn't remove the old data from the user->data column properly, because there is no mechanism in user_save to do so (it did try to unset the fields, but this has no effect).
+ On registration, hook_user('insert') is invoked after saving the data column. This means that any module-specific data is put into the data field. We cannot move hook_user('insert') higher up, because before that point, we do not have a complete $user object yet.
Upload.module
- Fixing a bug caused by the PHP5 patches.
Beware: PHP4's array_merge() will silently accept objects and convert them to arrays. We should not depend on this behaviour in the future.
File.inc / file-using modules:
- Removing the constant FILE_SEPARATOR: forward slashes work fine on Windows, and it was being used incorrectly as an URL separator sometimes.
- Adding @ to mkdir and chmod to supress ugly PHP errors. They are already reported with drupal_set_message().
- Fixing default for variable 'file_directory_temp'.
- Clarifying the help tip for 'file_directory_temp' in admin > settings.
- Changing theme('image') so the automatic image size fetching can be toggled independently from attributes. Specifying attributes and autosizing are 2 different things.
- Suppressing PHP errors from getimagesize() using @. drupal_set_message() is used to report these errors already and in a much prettier way.
- #9958: Fixing broken displaying of avatars.
- Don't show the default avatar in 'edit my account' if the user has no avatar of his/her own.
- Added ability to delete avatars (without having to replace them).
* Refactored the "brains" of user_login() to user_authenticate($user, $pass) so that blogapi (and others) can authenticate users (including those using DistAuth) without all the html and drupal_goto calls
* Updates blogapi_validate_user to use user_authenticate.
* Adds missing quotes around the username in "session closed" watchdog messages from user.module (session opened has quotes, but session closed does not).
* Changed "view detals" after watchdog entries to "details".
I had some trouble adding this feature but realized that the "who's online" block is a geek think, and therefore it won't hurt to add some more geekiness. If you don't know what "offline users" means, you would not have understood "online users" in the first place. Either way, I think most people who have the block enabled, will find this an interesting addition.
* The _validate hook and the _nodeapi('validate') hook of the node API (1) no longer take an 'error' parameter and (2) should no longer return an error array. To set an error, call form_set_error().
* The _form hook of the node module no longer takes a form hook and should not worry about displaying errors. Ditto for _nodeapi('form_post') and _nodeapi('form_pre').
$ diffstat user.patch
database/database.mysql | 4
database/database.pgsql | 2
database/updates.inc | 10 -
modules/block.module | 20 +-
modules/locale.module | 9
modules/profile.module | 108 +++++++----
modules/system.module | 8
modules/user.module | 456 +++++++++++++++++++-----------------------------
8 files changed, 289 insertions(+), 328 deletions(-)
More functionality, less code. Here is a list of the changes:
- Some user API changes:
+ When $type is 'form', you have to return an associative array of groups. In turn, each group is an array with a 'title', 'data' and 'weight'.
+ A new $type has been added, namely 'categories'. User settings can be organized in categories. Categories can be sorted, as can the groups within a category. (Ordering 'categories' is somewhat broken due to a bug in the menu system.)
- The 'my account > edit' page will use subtabs for each 'category'. Read: you can break down the account settings into multiple subpages.
- Profile module improvements:
+ Added support for private fields to the profile module!
+ Improved workflow of profile administration pages.
+ Improved the form descriptions.
- Code improvements:
+ Unified user_edit() and user_admin_edit().
+ Unified and cleaned up the validation code. Fixed some validation glitches too.
CHANGES
-------
+ Introduced tabs. First, we extended the menu system to support tabs. Next, a tab was added for every link that was (1) an administrative action other than the implicit 'view' (2) relevant to that particular page only. This is illustrated by the fact that all tabs are verbs and that clicking a page's tab leads you to a subpage of that page.
+ Flattened the administration menu. The tabs helped simplify the navigation menu as I could separate 'actions' from 'navigation'. In addition, I removed the 'administer > configuration'-menu, renamed 'blocks' to 'sidebars' which I hope is a bit more descriptive, and made a couple more changes. Earlier, we already renamed 'taxonomy' to 'categorization' and we move 'statistics' under 'logs'.
+ Grouped settings. All settings have been grouped under 'administer > settings'.
TODO
----
+ Update core themes: only Xtemplate default supports tabs and even those look ugly. Need help.
+ Update contributed modules. The menu() hook changed drastically. Updating your code adhere the new menu() function should be 90% of the work. Moreover, ensure that your modue's admin links are still valid and that URLs to node get updated to the new scheme ('node/view/x' -> 'node/x').
+ Introduced two new functions:
1. form_set_error($name, $message): files an error against the form
element with the specified $name.
2. form_has_errors(): returns true if errors has been filed against
form elements.
+ Updated the form handling:
1. The form_ functions will add 'class="error"' when a form field
has been found to be erroneous.
2. The error message is passed to theme_form_element() when the
particular form field has been found to be erroneous.
+ I updated the user and profile module to take advantage of these new
functions.
+ IMPORTANT: the _user() hook changed. The 'validate' case should no
longer retun an error message when something goes wrong but should
set it with form_set_error().
made it possible to enforce a username/e-mail address. Based on
James Seng's work there are now 3 radio buttons:
( ) Anonymous users may not enter contact information
( ) Anonymous users may leave contact information
( ) Anonymous users must leave contact information
- Fixed a bug in the default theme_comment_view() function.
- Added permalinks for comments. Requested by Michael and Christina.
Maintainers of contributed themes might want to add permalinks too.
TODO:
- Fix the interaction design of the submission form: the page you are
directed to and the validation of the contact information.
- Changing the comment viewing options appears to be broken?
Dries Buytaert
Steven Wittens
Kjartan Mannes