TODO:
+ The contact.module was broken; a new patch for contact.module is needed.
+ Documentation is needed.
+ The most important modules need to be updated ASAP.
to validate other form submissions, not just comments. Two new functions
are introduced, form_token() and form_validate(). The first function uses
a private key and a public key to set a token in a hidden field. The second
function validates the token. The comment and contect module are updated to
use these functions.
Comment from Steven: It does this by redirecting the submission of the form to a hidden <iframe> when you click "Attach" (we cannot submit data through Ajax directly because you cannot read file contents from JS for security reasons). Once the file is submitted, the upload-section of the form is updated. Things to note:
* The feature degrades back to the current behaviour without JS.
* If there are errors with the uploaded file (disallowed type, too big, ...), they are displayed at the top of the file attachments fieldset.
* Though the hidden-iframe method sounds dirty, it's quite compact and is 100% implemented in .js files. The drupal.js api makes it a snap to use.
* I included some minor improvements to the Drupal JS API and code.
* I added an API drupal_call_js() to bridge the PHP/JS gap: it takes a function name and arguments, and outputs a <script> tag. The kicker is that it preserves the structure and type of arguments, so e.g. PHP associative arrays end up as objects in JS.
* I also included a progressbar widget that I wrote for drumm's ongoing update.php work. It includes Ajax status updating/monitoring, but it is only used as a pure throbber in this patch. But as the code was already written and is going to be used in the near future, I left that part in. It's pretty small ;). If PHP supports ad-hoc upload info in the future like Ruby on Rails, we can implement that in 5 minutes.
Note: I also (mostly) unified the tags to use the "// ID" form instead of "/* ID */", but that's more of a cosmetic issue. I'm not sure whether *.txt files and the stuff in themes/ need tags(?).
up the documentation a little.
chx: can you double-check whether the global $conf variable is secure?
(That is, make sure it can't be send using the URL or something.)
NOTE: this patch works well, but the improved node edit form still has
some rough edges. It is important that we continue to improve
usability. Give it a try.
There are 5 main functions that modules may now utilize to handle images:
* image_get_info() - this function checks a file. If it exists and is a valid image file, it will return an array containing things like the pixel dimensions of the image, plus the 'type' and common extension.
* image_scale - resizes a given image to fit within a given width / height dimensions, while maintaining aspect ratio (not distorting the image). This function can be used to generate thumbnails, or ensure a maximum resolution, etc.
* image_resize - similar to image_scale (but will not respect aspect ratio - may well distort the image).
* image_rotate - rotate an image by X degrees
* image_crop - crops an image to a given rectangle (defined as top-left x/y coordinates plus a width & height of the rectangle).
Contribution modules will now be able to rely on these base manipulation functions to offer additional functionality (such as image nodes, photo galleries, advanced image manipulation, etc).
We added a 'severity' column to watchdog():
watchdog($type, $message, $link) --> watchdog($type, $message, $severity, $link);
* Specify a severity in case you are reporting a warning or error.
* The $link-parameter is now the fourth parameter instead of the third.
TODO: document this in the upgrade guide.
* Less logic in theme code.
* Encourages use of the menu system.
* Easier to find where a title or breadcrumb comes from in other people's code because there are less places to look. Look in menu and then grep for the appropriate set function. Looking for calls to theme_page() is hard because there are too many of them.
* Very slightly more efficient.
- Slight addition to INSTALL.txt with regard to PHP versions.
- Updated/reworded some node type descriptions as per Boris' suggestions.
- Adding missing {} around a table name in update.php.
1. Fixed broken watchdog calls: two watchdog calls omitted the type parameter, and thus injected logs into the type field, instead of the message field.
2. Removed t() functions from user contributed content.
changes are:
1. Simplified the statistics pages: there are less pages and on the
remaining pages there is a lot less visual clutter (less columns and
better presentation).
2. Reorganized the 'administer - logs' menu: flattened the menu structure
and removed a number of links.
3. Improved performance. Most statistics pages used about 160 slow SQL
queries which made the statistics pages fairly unusable on my system.
The new pages use at least 10 times less SQL queries and render much
faster. They are actually usable.
4. There is now a 'track'-tab on node pages, and a second subtrab on the
user accounts 'track'-tab for people with the 'access statistics'
permission. They can be used to resp. track the node and the user.
This makes the statistics more accessible.
5. Changed the way watchdog messages are filtered. This makes it easier
to introduce new watchdog types.
6. Reworked the statistics module's permissions.
7. Less code: 223 insertions(+), 343 deletions(-).
8. Fixed several glitches: for example, the statistics pages sorted the
'Name' column by user ID instead of by name. Unfortunately, it is
too difficult to backport these to DRUPAL-4-5.
TODO:
1. Review the statistics modules help pages.
2. Help fine-tune the interfaces/views.
NOTES:
1. You'll want to run update.php.
+ Make bootstrap functionality work with HEAD.
+ Move functions into bootstrap.inc so that statistics_exit() works for cached pages. (Does this close any issues?)
Read the manual for pg_escape_string: "Use of this function is recommended instead of addslashes()." Or read sqlite_escape_string: "addslashes() should NOT be used to quote your strings for SQLite queries; it will lead to strange results when retrieving your data."
1) Clean up the text analyser: make it handle UTF-8 and all sorts of characters. The word splitter now does intelligent splitting into words and supports all Unicode characters. It has smart handling of acronyms, URLs, dates, ...
2) It now indexes the filtered output, which means it can take advantage of HTML tags. Meaningful tags (headers, strong, em, ...) are analysed and used to boost certain words scores. This has the side-effect of allowing the indexing of PHP nodes.
3) Link analyser for node links. The HTML analyser also checks for links. If they point to a node on the current site (handles path aliases) then the link's words are counted as part of the target node. This helps bring out commonly linked FAQs and answers to the top of the results.
4) Index comments along with the node. This means that the search can make a difference between a single node/comment about 'X' and a whole thread about 'X'. It also makes the search results much shorter and more relevant (before this patch, comments were even shown first).
5) We now keep track of total counts as well as a per item count for a word. This allows us to divide the word score by the total before adding up the scores for different words, and automatically makes noisewords have less influence than rare words. This dramatically improves the relevancy of multiword searches. This also makes the disadvantage of now using OR searching instead of AND searching less problematic.
6) Includes support for text preprocessors through a hook. This is required to index Chinese and Japanese, because these languages do not use spaces between words. An external utility can be used to split these into words through a simple wrapper module. Other uses could be spell checking (although it would have no UI).
7) Indexing is now regulated: only a certain amount of items will be indexed per cron run. This prevents PHP from running out of memory or timing out. This also makes the reindexing required for this patch automatic. I also added an index coverage estimate to the search admin screen.
8) Code cleanup! Moved all the search stuff from common.inc into search.module, rewired some hooks and simplified the functions used. The search form and results now also use valid XHTML and form_ functions. The search admin was moved from search/configure to admin/search for consistency.
9) Improved search output: we also show much more info per item: date, author, node type, amount of comments and a cool dynamic excerpt à la Google. The search form is now much more simpler and the help is only displayed as tips when no search results are found.
10) By moving all search logic to SQL, I was able to add a pager to the search results. This improves usability and performance dramatically.
The new locale module provides every functionality on the web interface, so you don't need to edit the configuration files or add columns, when you add a new language. This module is an integration of the old locale and localegettext modules, plus a bunch of logic to parse Gettext Portable Object files (opposed to Machine Object files, as supported by localegettext).
Note: I made some minor changes to the context-sensitive help texts and to some of the status messages.
Here's an overview of the changes:
1) Multiple Input formats: they are complete filter configurations (what filters to use, in what order and with which settings). Input formats are admin-definable, and usage of them is role-dependant. For example, you can set it up so that regular users can only use limited HTML, while admins can free HTML without any tag limitations.
The input format can be chosen per content item (nodes, comments, blocks, ...) when you add/edit them. If only a single format is available, there is no choice, and nothing changes with before.
The default install (and the upgrade) contains a basic set of formats which should satisfy the average user's needs.
2) Filters have toggles
Because now you might want to enable a filter only on some input formats, an explicit toggle is provided by the filter system. Modules do not need to worry about it and filters that still have their own on/off switch should get rid of it.
3) Multiple filters per module
This was necessary to accomodate the next change, and it's also a logical extension of the filter system.
4) Embedded PHP is now a filter
Thanks to the multiple input formats, I was able to move the 'embedded PHP' feature from block.module, page.module and book.module into a simple filter which executes PHP code. This filter is part of filter.module, and by default there is an input format 'PHP', restricted to the administrator only, which contains this filter.
This change means that block.module now passes custom block contents through the filter system.
As well as from reducing code duplication and avoiding two type selectors for page/book nodes, you can now combine PHP code with other filters.
5) User-supplied PHP code now requires <?php ?> tags.
This is required for teasers to work with PHP code. Because PHP evaluation is now just another step in the filter process, we can't do this. Also, because teasers are generated before filtering, this would result in errors when the teaser generation would cut off a piece of PHP code.
Also, regular PHP syntax explicitly includes the <?php ?> tags for PHP files, so it makes sense to use the same convention for embedded PHP in Drupal.
6) Filter caching was added.
Benchmarking shows that even for a simple setup (basic html filtering + legacy URL rewriting), filtercache can offer speedups. Unlike the old filtercache, this uses the normal cache table.
7) Filtertips were moved from help into a hook_filter_tips(). This was required to accomodate the fact that there are multiple filters per module, and that filter settings are format dependant. Shoehorning filter tips into _help was ugly and silly. The display of the filter tips is done through the input format selector, so filter_tips_short() no longer exists.
8) A more intelligent linebreak convertor was added, which doesn't stop working if you use block-level tags and which adds <p> tags.
- Users who have not edited their account yet would be reset to GMT rather than the sitewide timezone.
- Users who chose GMT (zero timezone) on a site with a non-zero timezone as default would have incorrect timezone.
The headers stored for cached pages ended in a newline, which caused header("") to get called when serving the page.
On some PHP versions (happens on 4.3.3 at least, but not in 5.0), PHP adds a blank header to the HTTP request (i.e. just \r\n) which ends HTTP headers prematurely and adds a newline at the beginning of the page.
This was not an issue before because we output HTML. Now that we have GZip compression, this bug caused corruption of the output. :P
*phew*
* The _validate hook and the _nodeapi('validate') hook of the node API (1) no longer take an 'error' parameter and (2) should no longer return an error array. To set an error, call form_set_error().
* The _form hook of the node module no longer takes a form hook and should not worry about displaying errors. Ditto for _nodeapi('form_post') and _nodeapi('form_pre').
CHANGES
-------
+ Introduced tabs. First, we extended the menu system to support tabs. Next, a tab was added for every link that was (1) an administrative action other than the implicit 'view' (2) relevant to that particular page only. This is illustrated by the fact that all tabs are verbs and that clicking a page's tab leads you to a subpage of that page.
+ Flattened the administration menu. The tabs helped simplify the navigation menu as I could separate 'actions' from 'navigation'. In addition, I removed the 'administer > configuration'-menu, renamed 'blocks' to 'sidebars' which I hope is a bit more descriptive, and made a couple more changes. Earlier, we already renamed 'taxonomy' to 'categorization' and we move 'statistics' under 'logs'.
+ Grouped settings. All settings have been grouped under 'administer > settings'.
TODO
----
+ Update core themes: only Xtemplate default supports tabs and even those look ugly. Need help.
+ Update contributed modules. The menu() hook changed drastically. Updating your code adhere the new menu() function should be 90% of the work. Moreover, ensure that your modue's admin links are still valid and that URLs to node get updated to the new scheme ('node/view/x' -> 'node/x').
+ Introduced two new functions:
1. form_set_error($name, $message): files an error against the form
element with the specified $name.
2. form_has_errors(): returns true if errors has been filed against
form elements.
+ Updated the form handling:
1. The form_ functions will add 'class="error"' when a form field
has been found to be erroneous.
2. The error message is passed to theme_form_element() when the
particular form field has been found to be erroneous.
+ I updated the user and profile module to take advantage of these new
functions.
+ IMPORTANT: the _user() hook changed. The 'validate' case should no
longer retun an error message when something goes wrong but should
set it with form_set_error().
administrators will be able to define a custom 403 page, just as they
can define 404 pages now.
This needs to be documented in the "Changes since / migrating to ..."
pages.
+ only adds an optional parameter to url() and l(), so individual links
can be set to be absolute
+ modifies drupal_goto() to accept the parameters of url() without the
$absolute parameter, so cleaner invocations can be used
+ rework of some code in node_feed, making it much better to look at
(the current code uses foreach with an immediate brake to get the first
key of the associative array, geeeeez)
+ added xml:base to the rss tag generated by node_feed()
+ set all user mail URLs to be absolute
+ fix a small fragmented URL in user.module
they will be part of the same documentation group, as well as created a new
'formatting functions' group and added a lot of docs for them. Also fixed
some small errors reported by the doxygen parser.
containing two elements, the first being the requested title, and the second being
the result list. Advantages:
* Cleaner search code in common.inc
* Po extraction is possible and works fine
* No hardcoded exceptions for node and comment modules, since any module can
return results in order of relevance (or another order)
- Adds drupal_set_header() and drupal_get_headers().
- Cache now stores custom headers.
- Replace theme_head() with drupal_get_html_head(), added drupal_set_html_head().
- Added RSS autodiscover links to node, blog and taxonomy pages.
+ Added drupal_http_request().
+ Replaced rssfeeds with OPML feed subscription list.
+ Added support for pubDate.
+ Added support for conditional gets using ETag and Last-Modified.
/**
* Wrapper around xml_parser_create() which extracts the encoding from the XML
* data first and sets the output encoding to UTF-8. This function should be
* used instead of xml_parser_create(), because PHP's XML parser doesn't check
* the input encoding itself.
*
* This is also where unsupported encodings should be converted.
* Callers should take this into account: $data might have been changed after
* the call.
*
* @param $data The XML data which will be parsed later.
*/
To do this cleanly, I reorganised some bits of system.module: there is now a generic handler available for simple variable-get/set based configuration pages. Look at filter_admin() or system_view() for example usage.
(based on the patch by Goba)
Neil Drumm
Dries Buytaert
Steven Wittens
Gerhard Killesreiter
Kjartan Mannes