TODO:
+ The contact.module was broken; a new patch for contact.module is needed.
+ Documentation is needed.
+ The most important modules need to be updated ASAP.
to validate other form submissions, not just comments. Two new functions
are introduced, form_token() and form_validate(). The first function uses
a private key and a public key to set a token in a hidden field. The second
function validates the token. The comment and contect module are updated to
use these functions.
Comment from Steven: It does this by redirecting the submission of the form to a hidden <iframe> when you click "Attach" (we cannot submit data through Ajax directly because you cannot read file contents from JS for security reasons). Once the file is submitted, the upload-section of the form is updated. Things to note:
* The feature degrades back to the current behaviour without JS.
* If there are errors with the uploaded file (disallowed type, too big, ...), they are displayed at the top of the file attachments fieldset.
* Though the hidden-iframe method sounds dirty, it's quite compact and is 100% implemented in .js files. The drupal.js api makes it a snap to use.
* I included some minor improvements to the Drupal JS API and code.
* I added an API drupal_call_js() to bridge the PHP/JS gap: it takes a function name and arguments, and outputs a <script> tag. The kicker is that it preserves the structure and type of arguments, so e.g. PHP associative arrays end up as objects in JS.
* I also included a progressbar widget that I wrote for drumm's ongoing update.php work. It includes Ajax status updating/monitoring, but it is only used as a pure throbber in this patch. But as the code was already written and is going to be used in the near future, I left that part in. It's pretty small ;). If PHP supports ad-hoc upload info in the future like Ruby on Rails, we can implement that in 5 minutes.
Note: I also (mostly) unified the tags to use the "// ID" form instead of "/* ID */", but that's more of a cosmetic issue. I'm not sure whether *.txt files and the stuff in themes/ need tags(?).
up the documentation a little.
chx: can you double-check whether the global $conf variable is secure?
(That is, make sure it can't be send using the URL or something.)
NOTE: this patch works well, but the improved node edit form still has
some rough edges. It is important that we continue to improve
usability. Give it a try.
There are 5 main functions that modules may now utilize to handle images:
* image_get_info() - this function checks a file. If it exists and is a valid image file, it will return an array containing things like the pixel dimensions of the image, plus the 'type' and common extension.
* image_scale - resizes a given image to fit within a given width / height dimensions, while maintaining aspect ratio (not distorting the image). This function can be used to generate thumbnails, or ensure a maximum resolution, etc.
* image_resize - similar to image_scale (but will not respect aspect ratio - may well distort the image).
* image_rotate - rotate an image by X degrees
* image_crop - crops an image to a given rectangle (defined as top-left x/y coordinates plus a width & height of the rectangle).
Contribution modules will now be able to rely on these base manipulation functions to offer additional functionality (such as image nodes, photo galleries, advanced image manipulation, etc).
We added a 'severity' column to watchdog():
watchdog($type, $message, $link) --> watchdog($type, $message, $severity, $link);
* Specify a severity in case you are reporting a warning or error.
* The $link-parameter is now the fourth parameter instead of the third.
TODO: document this in the upgrade guide.
* Less logic in theme code.
* Encourages use of the menu system.
* Easier to find where a title or breadcrumb comes from in other people's code because there are less places to look. Look in menu and then grep for the appropriate set function. Looking for calls to theme_page() is hard because there are too many of them.
* Very slightly more efficient.
- Slight addition to INSTALL.txt with regard to PHP versions.
- Updated/reworded some node type descriptions as per Boris' suggestions.
- Adding missing {} around a table name in update.php.
1. Fixed broken watchdog calls: two watchdog calls omitted the type parameter, and thus injected logs into the type field, instead of the message field.
2. Removed t() functions from user contributed content.
changes are:
1. Simplified the statistics pages: there are less pages and on the
remaining pages there is a lot less visual clutter (less columns and
better presentation).
2. Reorganized the 'administer - logs' menu: flattened the menu structure
and removed a number of links.
3. Improved performance. Most statistics pages used about 160 slow SQL
queries which made the statistics pages fairly unusable on my system.
The new pages use at least 10 times less SQL queries and render much
faster. They are actually usable.
4. There is now a 'track'-tab on node pages, and a second subtrab on the
user accounts 'track'-tab for people with the 'access statistics'
permission. They can be used to resp. track the node and the user.
This makes the statistics more accessible.
5. Changed the way watchdog messages are filtered. This makes it easier
to introduce new watchdog types.
6. Reworked the statistics module's permissions.
7. Less code: 223 insertions(+), 343 deletions(-).
8. Fixed several glitches: for example, the statistics pages sorted the
'Name' column by user ID instead of by name. Unfortunately, it is
too difficult to backport these to DRUPAL-4-5.
TODO:
1. Review the statistics modules help pages.
2. Help fine-tune the interfaces/views.
NOTES:
1. You'll want to run update.php.
+ Make bootstrap functionality work with HEAD.
+ Move functions into bootstrap.inc so that statistics_exit() works for cached pages. (Does this close any issues?)
Read the manual for pg_escape_string: "Use of this function is recommended instead of addslashes()." Or read sqlite_escape_string: "addslashes() should NOT be used to quote your strings for SQLite queries; it will lead to strange results when retrieving your data."
Steven Wittens
Dries Buytaert