Commit Graph

32 Commits

Author SHA1 Message Date
Bharat Mediratta
1e90e40d3a Use events to generate menus, instead of having xxx_menu helpers.
This is the first step towards having a simple, lightweight and
unified API for module interaction.
2009-07-28 13:47:22 -07:00
Bharat Mediratta
5b3b675b6d Non-trivial changes to the event handling code:
1) The item_updated event no longer takes the old and new items.
   Instead we overload ORM to track the original data and make
   that available via the item.  This will allow us to move event
   publishing down into the API methods which in turn will give us
   more stability since we won't require each controller to remember
   to do it.

2) ORM class now tracks the original values.  It doesn't track
   the original relationships (no need for that, yet)

3) Added new events:
     item_deleted
     group_deleted
     user_deleted
2009-07-16 11:19:34 -07:00
Bharat Mediratta
e2a9a1d284 Add quotes around all values that contain spaces in them, and add a
test to make sure that we continue to do so.

This makes sure that we don't have problems with 5.3 which treats the
literal "on" as a boolean.
2009-07-13 10:36:55 -07:00
Bharat Mediratta
bfca0c7903 Refactor the install/upgrade code to be more flexible.
Add xxx_installer::upgrade($version) method so that upgrade stanzas
are separate from install stanzas.  In the old code, to do an upgrade
meant that you had to re-evolve everything from the initial install
because we'd step through each version's changes.  But what we really
want is for the initial install to start off in the perfect initial
state, and the upgrades to do the work behind the scenes.  So now the
install() function gets things set up properly the first time, and the
upgrade() function does any work to catch you up to the latest code.
See gallery_installer.php for a good example.
2009-06-23 12:00:49 -07:00
Tim Almdal
5b767b6443 Fix for ticket #366
Move the creation of the setting menu back to gallery_menu::admin, now that
there is a mechanism to remove empty menu items
2009-06-17 06:42:31 -07:00
Andy Staudacher
5f7dfc272e Remove double quotes from module.info (theme.info) attribute values.
(actually, we did that before: Now removing HTML element attributes since they were delimited by single quotes because PHP's ini parser can't
deal with double-quotes in values.)

Background:
Requiring all l10n messages a) to be well-formed HTML and b) to use double-quotes as HTML element attributes, since the l10n server side
validation normalizes all attribute delimiters to double-quotes). See ticket #254.
2009-06-09 21:05:33 -07:00
Bharat Mediratta
8d9010cfe3 Let the Akismet module create the statistics menu, since it's the only
one that uses it.  Perhaps this is not the best solution, but it's the
pragmatic one.
2009-06-04 17:36:37 -07:00
andyst
02a840c84c Merge branch 'master' of git@github.com:gallery/gallery3 2009-06-01 23:45:37 -07:00
Andy
d0845aadc6 Workaround for parse_ini_file issue: There's no way to escape a double-quote in a value that's read with
parse_ini_file. Using single quotes instead, even if that's not the best style in English.
2009-06-01 23:08:13 -07:00
Bharat Mediratta
43abcd9386 Security pass over all controller code. Mostly adding CSRF checking
and verifying user permissions, but there are several above-the-bar
changes:

1) Server add is now only available to admins.  This is a hard
   requirement because we have to limit server access (eg:
   server_add::children) to a user subset and the current permission
   model doesn't include that.  Easiest fix is to restrict to admins.
   Got rid of the server_add permission.

2) We now know check permissions at every level, which means in
   controllers AND in helpers.  This "belt and suspenders" approach will
   give us defense in depth in case we overlook it in one area.

3) We now do CSRF checking in every controller method that changes the
   code, in addition to the Forge auto-check.  Again, defense in depth
   and it makes scanning the code for security much simpler.

4) Moved Simple_Uploader_Controller::convert_filename_to_title to
   item:convert_filename_to_title

5) Fixed a bug in sending notification emails.

6) Fixed the Organize code to verify that you only have access to your
   own tasks.  In general, added permission checks to organize which had
   pretty much no validation code.

I did my best to verify every feature that I touched.
2009-06-01 22:40:22 -07:00
Bharat Mediratta
7aed923908 Restructure the module lifecycle.
Install: <module>_installer::install() is called, any necessary tables
are created.

Activate: <module>_installer::activate() is called.  Module
controllers are routable, helpers are accessible, etc.  The module is
in use.

Deactivate: <module>_installer::deactivate() is called.  Module code
is not accessible or routable.  Module is *not* in use, but its tables
are still around.

Uninstall: <module>_installer::uninstall() is called.  Module is
completely removed from the database.

Admin > Modules will install and activate modules, but will only
deactivate (will NOT uninstall modules).
2009-05-26 05:28:59 +00:00
Bharat Mediratta
5495037a3d Gee it's May already. Update copyright to 2009. 2009-05-13 20:04:58 +00:00
Bharat Mediratta
a2dd24d7ca Remove extra blank line. 2009-04-05 17:51:25 +00:00
Tim Almdal
a8233ed979 Undo the adding underscores to the id on forge generated forms 2009-01-25 06:28:04 +00:00
Chad Kieffer
55cd2afde5 Admin theme style cleanup. Merged separate selected, available, unavailable into a single set of reusable classes. Applied alternating row bg colors. Removed inline CSS from admin views. Moved user admin css into admin_default theme style sheet. 2009-01-24 20:06:13 +00:00
Tim Almdal
cbff78daa8 Supply a form id on all forms. This id can be used by modules other
than the originating module to provide additional functionality to the form.
2009-01-24 17:26:47 +00:00
Bharat Mediratta
91be7a38f8 Clear the "akismet is not configured" message on uninstall. 2009-01-17 00:39:38 +00:00
Bharat Mediratta
23b0ee3628 Don't try to check comments if Akismet lacks an API key 2009-01-16 03:50:51 +00:00
Andy Staudacher
e4a9b19bf9 Changing t() placeholder syntax from {{replace_me}} to %replace_me. 2009-01-15 10:02:41 +00:00
Bharat Mediratta
034f30190e Rename 'xxx_changed' events to 'xxx_updated' 2009-01-15 02:52:42 +00:00
Bharat Mediratta
f3ba69c1d6 Make sure that helper functions are all static. Add new
File_Structure_Test to make sure we don't regress.

According to the PHP docs, the "public" keyword is implied on static
functions, so remove it.  Also, require private static functions to
start with an _.

http://php.net/manual/en/language.oop5.visibility.php
2009-01-14 04:12:02 +00:00
Bharat Mediratta
ae73ef3d57 Updated for new Form_Submit API.
OLD:
  $form->submit("Foo")  -->  <input type="submit" value="Foo">

New:
  $form->submit("foo_button")->("Foo") --> <input type="submit" name="foo_button" value="Foo">

Mostly we don't care what the button is so we leave the name blank.
2009-01-12 07:50:04 +00:00
Andy Staudacher
bdf2e9f698 Fix Aksimet tests for MySQL strict mode. Not sure how this would pass on linux, since the given value for server_remote_port is longer than 16 chars, the actual length of the DB field.
Removed the leading "server_" part of the test values to ensure that all values are small enough to be stored in the DB.
2009-01-11 04:45:11 +00:00
Bharat Mediratta
a53b2d85c7 Set all the server_xxx values to known quanities, and demonstrate that
they're actually getting sent to Akismet.  It looks like this code was
broken in the past, since it wasn't sending any of this extra info.
2009-01-11 02:40:09 +00:00
Bharat Mediratta
253c56608e Update setup to match new comment::create() API 2009-01-11 01:58:46 +00:00
Bharat Mediratta
a7feeb576f Big set of changes to comments, with related changes to akismet and
user modules.

* Don't delete vars when we delete a module.  This makes
  reinstalling a module a lot easier.

* Add user::lookup() as the preferred way to load a user, so that
  other modules don't delve into the user module (that'd be a
  problem when we swap out user modules)

* Notify site admins if Akismet is not fully configured

* Bundle all server variables into the comment so that if/when we
  re-check the comment, we are not using the server info from the
  site admin's request.

* Update Akismet to grab request context data from the comment

* Pre-seed comment fields if we have a logged in user.  Update
  comment::create() API to clarify it for this.

* Delete comment::update(), that's a controller function.

* Add url to User_Model

* Add author_name() author_email() and author_url() to
  Comment_Model.  It'll return the appropriate values depending
  on whether the comment was left by a logged in user or a guest.

* Use resetForm() instead of clearForm() when we reload the
  comment form after ajax submit, this way we preserve the
  pre-seeded values.

* In the user profile page, ignore blank passwords.
2009-01-10 00:34:23 +00:00
Andy Staudacher
a631fe29f3 i18n refactoring: Rename all _() (reserved by gettext) calls to t().
- And refactor printf to our string interpolation / pluralization syntax
- Also, a slight change to the translations_incomings table, using binary(16) instead of char(32) as message key.
2009-01-08 17:13:06 +00:00
Bharat Mediratta
bc36ba609d Add akismet::$test_mode, initialize it to TEST_MODE and don't contact
akismet if it's on.  Force it on in the scaffolding so that we don't
try to run all comments we add from there through Akismet.
2009-01-08 02:56:49 +00:00
Bharat Mediratta
8bf388a6f6 Incremental improvement in comment moderation:
1) Akismet now detects when we change a comment's published state and submits
   info back to akismet.com as appropriate

2) We now show 4 different queues (all / approved / unapproved / spam) and let you
   move messages between the queues

3) We track and display "spam caught" stats.

4) You can delete comments entirely.
2009-01-08 02:50:23 +00:00
Bharat Mediratta
f8802d438a Properly handle the case where the akismet backend doesn't return a true/false
value.  Add phpdoc.
2009-01-07 19:50:27 +00:00
Bharat Mediratta
8bcc3de28d Listen for comment creation, and run it through Akismet. Make the
akismet stats page take up as much room as possible.
2009-01-07 08:20:22 +00:00
Bharat Mediratta
ba052c0cc9 Extract the Akismet driver from the Spam_Filter module into a module
in its own right.  Clean up the tests, streamline the code and improve
the admin interaction.  Add a working stats page.
2009-01-07 07:36:48 +00:00