+ +

+ + + + + +

+ + - - +

{lang_disclaimer}

From geeklog-cvs at lists.geeklog.net Fri Apr 10 16:17:58 2009 From: geeklog-cvs at lists.geeklog.net (geeklog-cvs at lists.geeklog.net) Date: Fri, 10 Apr 2009 16:17:58 -0400 Subject: [geeklog-cvs] geeklog: Add number of comments waiting in the moderation queue ... Message-ID: details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/727097e8a198 changeset: 6908:727097e8a198 user: Dirk Haun date: Fri Apr 10 21:04:16 2009 +0200 description: Add number of comments waiting in the moderation queue to the Submissions count; hide comment moderation list when disabled diffstat: 2 files changed, 30 insertions(+), 29 deletions(-) public_html/admin/moderation.php | 12 +++++---- public_html/lib-common.php | 47 ++++++++++++++++++-------------------- diffs (96 lines): diff -r d12ae9331d4d -r 727097e8a198 public_html/admin/moderation.php --- a/public_html/admin/moderation.php Fri Apr 10 20:43:59 2009 +0200 +++ b/public_html/admin/moderation.php Fri Apr 10 21:04:16 2009 +0200 @@ -215,18 +215,20 @@ $retval .= itemlist('story', $token); } - if (SEC_hasRights('story.edit')) { - if ($_CONF['listdraftstories'] == 1) { + if ($_CONF['listdraftstories'] == 1) { + if (SEC_hasRights('story.edit')) { $retval .= draftlist ($token); } } - if (SEC_hasRights('comment.moderate')) { - $retval .= itemlist('comment', $token); + if ($_CONF['commentsubmission'] == 1) { + if (SEC_hasRights('comment.moderate')) { + $retval .= itemlist('comment', $token); + } } if ($_CONF['usersubmission'] == 1) { - if (SEC_hasRights ('user.edit') && SEC_hasRights ('user.delete')) { + if (SEC_hasRights('user.edit') && SEC_hasRights('user.delete')) { $retval .= userlist ($token); } } diff -r d12ae9331d4d -r 727097e8a198 public_html/lib-common.php --- a/public_html/lib-common.php Fri Apr 10 20:43:59 2009 +0200 +++ b/public_html/lib-common.php Fri Apr 10 21:04:16 2009 +0200 @@ -2475,40 +2475,39 @@ } $modnum = 0; - if( SEC_hasRights( 'story.edit,story.moderate', 'OR' ) || (( $_CONF['usersubmission'] == 1 ) && SEC_hasRights( 'user.edit,user.delete' ))) - { - - if( SEC_hasRights( 'story.moderate' )) - { - if( empty( $topicsql )) - { - $modnum += DB_count( $_TABLES['storysubmission'] ); - } - else - { - $sresult = DB_query( "SELECT COUNT(*) AS count FROM {$_TABLES['storysubmission']} WHERE" . $topicsql ); - $S = DB_fetchArray( $sresult ); + if (SEC_hasRights('story.edit,story.moderate', 'OR') || + (($_CONF['commentsubmission'] == 1) && + SEC_hasRights('comment.moderate')) || + (($_CONF['usersubmission'] == 1) && + SEC_hasRights('user.edit,user.delete'))) { + + if (SEC_hasRights('story.moderate')) { + if (empty($topicsql)) { + $modnum += DB_count($_TABLES['storysubmission']); + } else { + $sresult = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['storysubmission']} WHERE" . $topicsql); + $S = DB_fetchArray($sresult); $modnum += $S['count']; } } - if(( $_CONF['listdraftstories'] == 1 ) && SEC_hasRights( 'story.edit' )) - { + if (($_CONF['listdraftstories'] == 1) && SEC_hasRights('story.edit')) { $sql = "SELECT COUNT(*) AS count FROM {$_TABLES['stories']} WHERE (draft_flag = 1)"; - if( !empty( $topicsql )) - { + if (!empty($topicsql)) { $sql .= ' AND' . $topicsql; } - $result = DB_query( $sql . COM_getPermSQL( 'AND', 0, 3 )); - $A = DB_fetchArray( $result ); + $result = DB_query($sql . COM_getPermSQL('AND', 0, 3)); + $A = DB_fetchArray($result); $modnum += $A['count']; } - if( $_CONF['usersubmission'] == 1 ) - { - if( SEC_hasRights( 'user.edit' ) && SEC_hasRights( 'user.delete' )) - { - $modnum += DB_count( $_TABLES['users'], 'status', '2' ); + if (($_CONF['commentsubmission'] == 1) && SEC_hasRights('comment.moderate')) { + $modnum += DB_count($_TABLES['commentsubmissions']); + } + + if ($_CONF['usersubmission'] == 1) { + if (SEC_hasRights('user.edit') && SEC_hasRights('user.delete')) { + $modnum += DB_count($_TABLES['users'], 'status', '2'); } } } From geeklog-cvs at lists.geeklog.net Fri Apr 10 16:18:00 2009 From: geeklog-cvs at lists.geeklog.net (geeklog-cvs at lists.geeklog.net) Date: Fri, 10 Apr 2009 16:18:00 -0400 Subject: [geeklog-cvs] geeklog: Missing addslashes Message-ID: details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/a88a3b7c7064 changeset: 6910:a88a3b7c7064 user: Dirk Haun date: Fri Apr 10 21:31:57 2009 +0200 description: Missing addslashes diffstat: 1 file changed, 21 insertions(+), 15 deletions(-) system/lib-comment.php | 36 +++++++++++++++++++++--------------- diffs (75 lines): diff -r b5b303bd0f52 -r a88a3b7c7064 system/lib-comment.php --- a/system/lib-comment.php Fri Apr 10 21:11:06 2009 +0200 +++ b/system/lib-comment.php Fri Apr 10 21:31:57 2009 +0200 @@ -1640,50 +1640,56 @@ * @param int cid comment id * @copyright Jared Wenerd 2008 * @author Jared Wenerd, wenerd87 AT gmail DOT com + * @param string $cid comment id * @return string of story id */ function CMT_approveModeration($cid) { global $_TABLES; - $result = DB_query ("SELECT type, sid, date, title, comment, uid, name, pid, ipaddress" - . " FROM {$_TABLES['commentsubmissions']} WHERE cid = '$cid'"); - $A = DB_fetchArray ($result); + $result = DB_query("SELECT type, sid, date, title, comment, uid, name, pid, ipaddress FROM {$_TABLES['commentsubmissions']} WHERE cid = '$cid'"); + $A = DB_fetchArray($result); if ($A['pid'] > 0) { - //get indent+1 of parent - $indent = DB_getItem ( $_TABLES['comments'],'indent+1', "cid = '{$A['pid']}'"); + // get indent+1 of parent + $indent = DB_getItem($_TABLES['comments'], 'indent+1', + "cid = '{$A['pid']}'"); } else { $indent = 0; } + + $A['title'] = addslashes($A['title']); + $A['comment'] = addslashes($A['comment']); + if (isset($A['name'])) { - //insert data - DB_save ($_TABLES['comments'], 'type,sid,date,title,comment,uid,name,pid,ipaddress,indent', + // insert data + $A['name'] = addslashes($A['name']); + DB_save($_TABLES['comments'], 'type,sid,date,title,comment,uid,name,pid,ipaddress,indent', "'{$A['type']}','{$A['sid']}','{$A['date']}','{$A['title']}','{$A['comment']}','{$A['uid']}',". "'{$A['name']}','{$A['pid']}','{$A['ipaddress']}',$indent"); } else { - //insert data, null automatically goes into name column - DB_save ($_TABLES['comments'], 'type,sid,date,title,comment,uid,pid,ipaddress,indent', + // insert data, null automatically goes into name column + DB_save($_TABLES['comments'], 'type,sid,date,title,comment,uid,pid,ipaddress,indent', "'{$A['type']}','{$A['sid']}','{$A['date']}','{$A['title']}','{$A['comment']}','{$A['uid']}',". "'{$A['pid']}','{$A['ipaddress']}',$indent"); } $newcid = DB_insertId(); - DB_delete($_TABLES['commentsubmissions'],'cid',$cid); + DB_delete($_TABLES['commentsubmissions'], 'cid', $cid); - DB_query("UPDATE {$_TABLES['commentnotifications']} SET cid = $newcid WHERE mid = $cid"); + DB_change($_TABLES['commentnotifications'], 'cid', $newcid, 'mid', $cid); - //notify of new published comment + // notify of new published comment if ($_CONF['allow_reply_notifications'] == 1 && $A['pid'] > 1) { - $result = DB_query ("SELECT cid, uid, deletehash FROM {$_TABLES['commentnotifications']} WHERE " - . "cid = {$A['pid']}"); + $result = DB_query("SELECT cid, uid, deletehash FROM {$_TABLES['commentnotifications']} WHERE cid = {$A['pid']}"); $B = DB_fetchArray($result); if ($B <> false) { CMT_sendReplyNotification($B); } } - + return $A['sid']; } + /** * Sends a notification of new comment reply * From geeklog-cvs at lists.geeklog.net Fri Apr 10 16:17:59 2009 From: geeklog-cvs at lists.geeklog.net (geeklog-cvs at lists.geeklog.net) Date: Fri, 10 Apr 2009 16:17:59 -0400 Subject: [geeklog-cvs] geeklog: Whoops, left in a COM_errorLog used for debugging Message-ID: details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/b5b303bd0f52 changeset: 6909:b5b303bd0f52 user: Dirk Haun date: Fri Apr 10 21:11:06 2009 +0200 description: Whoops, left in a COM_errorLog used for debugging diffstat: 1 file changed, 1 deletion(-) system/lib-syndication.php | 1 - diffs (11 lines): diff -r 727097e8a198 -r b5b303bd0f52 system/lib-syndication.php --- a/system/lib-syndication.php Fri Apr 10 21:04:16 2009 +0200 +++ b/system/lib-syndication.php Fri Apr 10 21:11:06 2009 +0200 @@ -403,7 +403,6 @@ $fulltext = PLG_replaceTags( $fulltext ); $storytext = SYND_truncateSummary( $fulltext, $contentLength ); $fulltext = trim( $fulltext ); -COM_errorLog($fulltext); $fulltext = str_replace(array("\015\012", "\015"), "\012", $fulltext); if( $row['postmode'] == 'plaintext' ) From geeklog-cvs at lists.geeklog.net Fri Apr 10 16:18:01 2009 From: geeklog-cvs at lists.geeklog.net (geeklog-cvs at lists.geeklog.net) Date: Fri, 10 Apr 2009 16:18:01 -0400 Subject: [geeklog-cvs] geeklog: Fixed comment notification Message-ID: details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/981aa6e65333 changeset: 6911:981aa6e65333 user: Dirk Haun date: Fri Apr 10 22:17:24 2009 +0200 description: Fixed comment notification diffstat: 3 files changed, 7 insertions(+), 8 deletions(-) language/english.php | 3 +-- language/english_utf-8.php | 3 +-- system/lib-comment.php | 9 +++++---- diffs (55 lines): diff -r a88a3b7c7064 -r 981aa6e65333 language/english.php --- a/language/english.php Fri Apr 10 21:31:57 2009 +0200 +++ b/language/english.php Fri Apr 10 22:17:24 2009 +0200 @@ -217,8 +217,7 @@ 37 => 'New Comment Reply', 38 => 'Someone has replied to your comment.', 39 => 'You may view the comment thread at the following address: ', - 40 => 'If you wish to receive no further notifications of replies, visit the - following link: ' + 40 => 'If you wish to receive no further notifications of replies, visit the following link: ' ); ############################################################################### diff -r a88a3b7c7064 -r 981aa6e65333 language/english_utf-8.php --- a/language/english_utf-8.php Fri Apr 10 21:31:57 2009 +0200 +++ b/language/english_utf-8.php Fri Apr 10 22:17:24 2009 +0200 @@ -217,8 +217,7 @@ 37 => 'New Comment Reply', 38 => 'Someone has replied to your comment.', 39 => 'You may view the comment thread at the following address: ', - 40 => 'If you wish to receive no further notifications of replies, visit the - following link: ' + 40 => 'If you wish to receive no further notifications of replies, visit the following link: ' ); ############################################################################### diff -r a88a3b7c7064 -r 981aa6e65333 system/lib-comment.php --- a/system/lib-comment.php Fri Apr 10 21:31:57 2009 +0200 +++ b/system/lib-comment.php Fri Apr 10 22:17:24 2009 +0200 @@ -1132,9 +1132,9 @@ } - DB_unlockTable ($_TABLES['comments']); $cid = DB_insertId(); - + DB_unlockTable($_TABLES['comments']); + //notify of new comment if ($_CONF['allow_reply_notifications'] == 1 && $pid > 1 && $ret == 0) { $result = DB_query ("SELECT cid, uid, deletehash FROM {$_TABLES['commentnotifications']} WHERE " @@ -1674,10 +1674,11 @@ "'{$A['pid']}','{$A['ipaddress']}',$indent"); } $newcid = DB_insertId(); + DB_delete($_TABLES['commentsubmissions'], 'cid', $cid); - + DB_change($_TABLES['commentnotifications'], 'cid', $newcid, 'mid', $cid); - + // notify of new published comment if ($_CONF['allow_reply_notifications'] == 1 && $A['pid'] > 1) { $result = DB_query("SELECT cid, uid, deletehash FROM {$_TABLES['commentnotifications']} WHERE cid = {$A['pid']}"); From geeklog-cvs at lists.geeklog.net Fri Apr 10 16:45:35 2009 From: geeklog-cvs at lists.geeklog.net (geeklog-cvs at lists.geeklog.net) Date: Fri, 10 Apr 2009 16:45:35 -0400 Subject: [geeklog-cvs] geeklog: Missing text: Disable Comments Message-ID: details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/6aa163a096ea changeset: 6912:6aa163a096ea user: Dirk Haun date: Fri Apr 10 22:31:05 2009 +0200 description: Missing text: Disable Comments diffstat: 2 files changed, 2 insertions(+), 2 deletions(-) language/english.php | 2 +- language/english_utf-8.php | 2 +- diffs (24 lines): diff -r 981aa6e65333 -r 6aa163a096ea language/english.php --- a/language/english.php Fri Apr 10 22:17:24 2009 +0200 +++ b/language/english.php Fri Apr 10 22:31:05 2009 +0200 @@ -792,7 +792,7 @@ 60 => '', 61 => 'Auto Archive', 62 => 'Auto Delete', - 63 => '', + 63 => 'Disable Comments', 64 => '', 65 => '', 66 => '', diff -r 981aa6e65333 -r 6aa163a096ea language/english_utf-8.php --- a/language/english_utf-8.php Fri Apr 10 22:17:24 2009 +0200 +++ b/language/english_utf-8.php Fri Apr 10 22:31:05 2009 +0200 @@ -792,7 +792,7 @@ 60 => '', 61 => 'Auto Archive', 62 => 'Auto Delete', - 63 => '', + 63 => 'Disable Comments', 64 => '', 65 => '', 66 => '', From geeklog-cvs at lists.geeklog.net Fri Apr 10 17:33:21 2009 From: geeklog-cvs at lists.geeklog.net (geeklog-cvs at lists.geeklog.net) Date: Fri, 10 Apr 2009 17:33:21 -0400 Subject: [geeklog-cvs] geeklog: Added new tables, groups, and permissions to MS SQL fil... Message-ID: details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/2a13f4520557 changeset: 6913:2a13f4520557 user: Dirk Haun date: Fri Apr 10 23:23:21 2009 +0200 description: Added new tables, groups, and permissions to MS SQL files - "only" need translation into MS SQL syntax ... diffstat: 4 files changed, 59 insertions(+), 12 deletions(-) sql/mssql_tableanddata.php | 47 ++++++++++++++++++++++++++++++++++ sql/mysql_tableanddata.php | 8 ++--- sql/updates/mssql_1.5.2_to_1.6.0.php | 8 ++--- sql/updates/mysql_1.5.2_to_1.6.0.php | 8 ++--- diffs (209 lines): diff -r 6aa163a096ea -r 2a13f4520557 sql/mssql_tableanddata.php --- a/sql/mssql_tableanddata.php Fri Apr 10 22:31:05 2009 +0200 +++ b/sql/mssql_tableanddata.php Fri Apr 10 23:23:21 2009 +0200 @@ -73,12 +73,35 @@ ) ON [PRIMARY] "; +/* FIXME - MySQL syntax +$_SQL[] = " +CREATE TABLE {$_TABLES['commentedits']} ( + cid int(10) NOT NULL, + uid mediumint(8) NOT NULL, + time datetime NOT NULL, + PRIMARY KEY (cid) +) TYPE=MyISAM +"; +*/ + $_SQL[] = " CREATE TABLE [dbo].[{$_TABLES['commentmodes']}] ( [mode] [varchar] (10) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL , [name] [varchar] (32) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ) ON [PRIMARY] "; + +/* FIXME - MySQL syntax +$_SQL[] = " +CREATE TABLE {$_TABLES['commentnotifications']} ( + cid int(10) default NULL, + uid mediumint(8) NOT NULL, + deletehash varchar(32) NOT NULL, + mid int(10) default NULL, + PRIMARY KEY (deletehash) +) TYPE=MyISAM +"; +*/ $_SQL[] = " CREATE TABLE [dbo].[{$_TABLES['comments']}] ( @@ -94,10 +117,29 @@ [lft] [numeric](10, 0) NULL , [rht] [numeric](10, 0) NULL , [indent] [numeric](10, 0) NULL , + [name] [varchar] (128) COLLATE SQL_Latin1_General_CP1_CI_AS NULL , [uid] [int] NULL , [ipaddress] [varchar] (15) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ) ON [PRIMARY] "; + +/* FIXME - MySQL syntax +$_SQL[] = " +CREATE TABLE {$_TABLES['commentsubmissions']} ( + cid int(10) unsigned NOT NULL auto_increment, + type varchar(30) NOT NULL default 'article', + sid varchar(40) NOT NULL, + date datetime default NULL, + title varchar(128) default NULL, + comment text, + uid mediumint(8) NOT NULL default '1', + name varchar(32) default NULL, + pid int(10) NOT NULL default '0', + ipaddress varchar(15) NOT NULL, + PRIMARY KEY (cid) +) TYPE=MyISAM +"; +*/ $_SQL[] = " CREATE TABLE [dbo].[{$_TABLES['conf_values']}] ( @@ -249,6 +291,7 @@ [hits] [numeric](8, 0) NOT NULL , [numemails] [numeric](8, 0) NOT NULL , [comments] [numeric](8, 0) NOT NULL , + [comment_expire] [datetime] NULL , [trackbacks] [numeric](8, 0) NOT NULL , [related] [varchar] (5000) COLLATE SQL_Latin1_General_CP1_CI_AS NULL , [featured] [tinyint] NOT NULL , @@ -1265,6 +1308,8 @@ INSERT INTO {$_TABLES['features']} (ft_id, ft_name, ft_descr, ft_gl_core) VALUES (17,'plugin.install','Can install/uninstall plugins',1) INSERT INTO {$_TABLES['features']} (ft_id, ft_name, ft_descr, ft_gl_core) VALUES (18,'plugin.upload','Can upload new plugins',1) INSERT INTO {$_TABLES['features']} (ft_id, ft_name, ft_descr, ft_gl_core) VALUES (19,'group.assign','Ability to assign users to groups',1) +INSERT INTO {$_TABLES['features']} (ft_id, ft_name, ft_descr, ft_gl_core) VALUES (20, 'comment.moderate', 'Ability to moderate comments', 1) +INSERT INTO {$_TABLES['features']} (ft_id, ft_name, ft_descr, ft_gl_core) VALUES (21, 'comment.submit', 'Comments are automatically published', 1) set identity_insert {$_TABLES['features']} off "; @@ -1322,6 +1367,8 @@ INSERT INTO {$_TABLES['groups']} (grp_id, grp_name, grp_descr, grp_gl_core) VALUES (11,'Group Admin','Is a User Admin with access to groups, too',1) INSERT INTO {$_TABLES['groups']} (grp_id, grp_name, grp_descr, grp_gl_core) VALUES (12,'Mail Admin','Can use Mail Utility',1) INSERT INTO {$_TABLES['groups']} (grp_id, grp_name, grp_descr, grp_gl_core) VALUES (13,'Logged-in Users','All registered members',1) +INSERT INTO {$_TABLES['groups']} (grp_id, grp_name, grp_descr, grp_gl_core) VALUES (14, 'Comment Admin', 'Can moderate comments', 1) +INSERT INTO {$_TABLES['groups']} (grp_id, grp_name, grp_descr, grp_gl_core) VALUES (15, 'Comment Submitters', 'Can submit comments', 0) set identity_insert {$_TABLES['groups']} off "; diff -r 6aa163a096ea -r 2a13f4520557 sql/mysql_tableanddata.php --- a/sql/mysql_tableanddata.php Fri Apr 10 22:31:05 2009 +0200 +++ b/sql/mysql_tableanddata.php Fri Apr 10 23:23:21 2009 +0200 @@ -66,7 +66,7 @@ uid mediumint(8) NOT NULL, time datetime NOT NULL, PRIMARY KEY (cid) -) TYPE=MYISAM +) TYPE=MyISAM "; $_SQL[] = " @@ -84,7 +84,7 @@ deletehash varchar(32) NOT NULL, mid int(10) default NULL, PRIMARY KEY (deletehash) -) ENGINE=MyISAM +) TYPE=MyISAM "; $_SQL[] = " @@ -126,7 +126,7 @@ pid int(10) NOT NULL default '0', ipaddress varchar(15) NOT NULL, PRIMARY KEY (cid) -) ENGINE=MyISAM +) TYPE=MyISAM "; $_SQL[] = " @@ -616,7 +616,7 @@ $_DATA[] = "INSERT INTO {$_TABLES['features']} (ft_id, ft_name, ft_descr, ft_gl_core) VALUES (17,'plugin.install','Can install/uninstall plugins',1) "; $_DATA[] = "INSERT INTO {$_TABLES['features']} (ft_id, ft_name, ft_descr, ft_gl_core) VALUES (18,'plugin.upload','Can upload new plugins',1) "; $_DATA[] = "INSERT INTO {$_TABLES['features']} (ft_id, ft_name, ft_descr, ft_gl_core) VALUES (19,'group.assign','Ability to assign users to groups',1) "; -$_DATA[] = "INSERT INTO {$_TABLES['features']} (ft_id, ft_name, ft_descr, ft_gl_core) VALUES (20, 'comment.moderate', 'Ability to moderate comments', 1)"; +$_DATA[] = "INSERT INTO {$_TABLES['features']} (ft_id, ft_name, ft_descr, ft_gl_core) VALUES (20, 'comment.moderate', 'Ability to moderate comments', 1)"; $_DATA[] = "INSERT INTO {$_TABLES['features']} (ft_id, ft_name, ft_descr, ft_gl_core) VALUES (21, 'comment.submit', 'Comments are automatically published', 1)"; $_DATA[] = "INSERT INTO {$_TABLES['frontpagecodes']} (code, name) VALUES (0,'Show Only in Topic') "; diff -r 6aa163a096ea -r 2a13f4520557 sql/updates/mssql_1.5.2_to_1.6.0.php --- a/sql/updates/mssql_1.5.2_to_1.6.0.php Fri Apr 10 22:31:05 2009 +0200 +++ b/sql/updates/mssql_1.5.2_to_1.6.0.php Fri Apr 10 23:23:21 2009 +0200 @@ -19,7 +19,7 @@ uid mediumint(8) NOT NULL, time datetime NOT NULL, PRIMARY KEY (cid) -) TYPE=MYISAM +) TYPE=MyISAM "; $_SQL[] = " CREATE TABLE {$_TABLES['commentnotifications']} ( @@ -28,7 +28,7 @@ deletehash varchar(32) NOT NULL, mid int(10) default NULL, PRIMARY KEY (deletehash) -) ENGINE=MyISAM +) TYPE=MyISAM "; $_SQL[] = " CREATE TABLE {$_TABLES['commentsubmissions']} ( @@ -43,14 +43,14 @@ pid int(10) NOT NULL default '0', ipaddress varchar(15) NOT NULL, PRIMARY KEY (cid) -) ENGINE=MyISAM +) TYPE=MyISAM "; $_SQL[] = "ALTER TABLE {$_TABLES['stories']} ADD comment_expire datetime NOT NULL default '0000-00-00 00:00:00' AFTER comments"; $_SQL[] = "ALTER TABLE {$_TABLES['comments']} ADD name varchar(32) default NULL AFTER indent"; */ $_SQL[] = "INSERT INTO {$_TABLES['groups']} (grp_name, grp_descr, grp_gl_core) VALUES ('Comment Admin', 'Can moderate comments', 1)"; $_SQL[] = "INSERT INTO {$_TABLES['groups']} (grp_name, grp_descr, grp_gl_core) VALUES ('Comment Submitters', 'Can submit comments', 0);"; -$_SQL[] = "INSERT INTO {$_TABLES['features']} (ft_name, ft_descr, ft_gl_core) VALUES ('comment.moderate', 'Ability to moderate comments', 1)"; +$_SQL[] = "INSERT INTO {$_TABLES['features']} (ft_name, ft_descr, ft_gl_core) VALUES ('comment.moderate', 'Ability to moderate comments', 1)"; $_SQL[] = "INSERT INTO {$_TABLES['features']} (ft_name, ft_descr, ft_gl_core) VALUES ('comment.submit', 'Comments are automatically published', 1)"; /** diff -r 6aa163a096ea -r 2a13f4520557 sql/updates/mysql_1.5.2_to_1.6.0.php --- a/sql/updates/mysql_1.5.2_to_1.6.0.php Fri Apr 10 22:31:05 2009 +0200 +++ b/sql/updates/mysql_1.5.2_to_1.6.0.php Fri Apr 10 23:23:21 2009 +0200 @@ -19,7 +19,7 @@ uid mediumint(8) NOT NULL, time datetime NOT NULL, PRIMARY KEY (cid) -) TYPE=MYISAM +) TYPE=MyISAM "; $_SQL[] = " CREATE TABLE {$_TABLES['commentnotifications']} ( @@ -28,7 +28,7 @@ deletehash varchar(32) NOT NULL, mid int(10) default NULL, PRIMARY KEY (deletehash) -) ENGINE=MyISAM +) TYPE=MyISAM "; $_SQL[] = " CREATE TABLE {$_TABLES['commentsubmissions']} ( @@ -43,13 +43,13 @@ pid int(10) NOT NULL default '0', ipaddress varchar(15) NOT NULL, PRIMARY KEY (cid) -) ENGINE=MyISAM +) TYPE=MyISAM "; $_SQL[] = "ALTER TABLE {$_TABLES['stories']} ADD comment_expire datetime NOT NULL default '0000-00-00 00:00:00' AFTER comments"; $_SQL[] = "ALTER TABLE {$_TABLES['comments']} ADD name varchar(32) default NULL AFTER indent"; $_SQL[] = "INSERT INTO {$_TABLES['groups']} (grp_name, grp_descr, grp_gl_core) VALUES ('Comment Admin', 'Can moderate comments', 1)"; $_SQL[] = "INSERT INTO {$_TABLES['groups']} (grp_name, grp_descr, grp_gl_core) VALUES ('Comment Submitters', 'Can submit comments', 0);"; -$_SQL[] = "INSERT INTO {$_TABLES['features']} (ft_name, ft_descr, ft_gl_core) VALUES ('comment.moderate', 'Ability to moderate comments', 1)"; +$_SQL[] = "INSERT INTO {$_TABLES['features']} (ft_name, ft_descr, ft_gl_core) VALUES ('comment.moderate', 'Ability to moderate comments', 1)"; $_SQL[] = "INSERT INTO {$_TABLES['features']} (ft_name, ft_descr, ft_gl_core) VALUES ('comment.submit', 'Comments are automatically published', 1)"; /** From geeklog-cvs at lists.geeklog.net Fri Apr 10 17:33:22 2009 From: geeklog-cvs at lists.geeklog.net (geeklog-cvs at lists.geeklog.net) Date: Fri, 10 Apr 2009 17:33:22 -0400 Subject: [geeklog-cvs] geeklog: Replace Wiki-style formatting in the Daily Digest and w... Message-ID: details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/6566283deb9f changeset: 6914:6566283deb9f user: Dirk Haun date: Fri Apr 10 23:33:02 2009 +0200 description: Replace Wiki-style formatting in the Daily Digest and when emailing a story to a friend (bug #0000837, patch provided by Pawel Szczur) diffstat: 3 files changed, 22 insertions(+), 9 deletions(-) public_html/docs/history | 2 ++ public_html/lib-common.php | 12 ++++++++---- public_html/profiles.php | 17 ++++++++++++----- diffs (75 lines): diff -r 2a13f4520557 -r 6566283deb9f public_html/docs/history --- a/public_html/docs/history Fri Apr 10 23:23:21 2009 +0200 +++ b/public_html/docs/history Fri Apr 10 23:33:02 2009 +0200 @@ -11,6 +11,8 @@ + Comment moderation and editable comments, by Jared Wenerd Other changes: +- Replace Wiki-style formatting in the Daily Digest and when emailing a story + to a friend (bug #0000837, patch provided by Pawel Szczur) - New plugin API function PLG_configChange (feature request #0000694) [Dirk] - Fixed layout of Batch Add and Batch Admin options of the User Manager [Dirk] - On a login failure, the user registration form showed up even when new user diff -r 2a13f4520557 -r 6566283deb9f public_html/lib-common.php --- a/public_html/lib-common.php Fri Apr 10 23:23:21 2009 +0200 +++ b/public_html/lib-common.php Fri Apr 10 23:33:02 2009 +0200 @@ -4022,9 +4022,9 @@ $U = DB_fetchArray( $users ); $storysql = array(); - $storysql['mysql'] = "SELECT sid,uid,date AS day,title,introtext,bodytext"; - - $storysql['mssql'] = "SELECT sid,uid,date AS day,title,CAST(introtext AS text) AS introtext,CAST(bodytext AS text) AS introtext"; + $storysql['mysql'] = "SELECT sid,uid,date AS day,title,introtext,postmode"; + + $storysql['mssql'] = "SELECT sid,uid,date AS day,title,CAST(introtext AS text) AS introtext,postmode"; $commonsql = " FROM {$_TABLES['stories']} WHERE draft_flag = 0 AND date <= NOW() AND date >= '{$lastrun}'"; @@ -4100,7 +4100,11 @@ if( $_CONF['emailstorieslength'] > 0 ) { - $storytext = COM_undoSpecialChars( strip_tags( PLG_replaceTags( stripslashes( $S['introtext'] )))); + if($S['postmode']==='wikitext'){ + $storytext = COM_undoSpecialChars( strip_tags( COM_renderWikiText ( stripslashes( $S['introtext'] )))); + } else { + $storytext = COM_undoSpecialChars( strip_tags( PLG_replaceTags( stripslashes( $S['introtext'] )))); + } if( $_CONF['emailstorieslength'] > 1 ) { diff -r 2a13f4520557 -r 6566283deb9f public_html/profiles.php --- a/public_html/profiles.php Fri Apr 10 23:23:21 2009 +0200 +++ b/public_html/profiles.php Fri Apr 10 23:33:02 2009 +0200 @@ -300,7 +300,7 @@ return $retval; } - $sql = "SELECT uid,title,introtext,bodytext,commentcode,UNIX_TIMESTAMP(date) AS day FROM {$_TABLES['stories']} WHERE sid = '$sid'"; + $sql = "SELECT uid,title,introtext,bodytext,commentcode,UNIX_TIMESTAMP(date) AS day,postmode FROM {$_TABLES['stories']} WHERE sid = '$sid'"; $result = DB_query ($sql); $A = DB_fetchArray ($result); $shortmsg = COM_stripslashes ($shortmsg); @@ -325,10 +325,17 @@ $author = COM_getDisplayName ($A['uid']); $mailtext .= $LANG01[1] . ' ' . $author . LB; } - $mailtext .= LB - . COM_undoSpecialChars(stripslashes(strip_tags($A['introtext']))).LB.LB - . COM_undoSpecialChars(stripslashes(strip_tags($A['bodytext']))).LB.LB - . '------------------------------------------------------------'.LB; + if($A['postmode']==='wikitext'){ + $mailtext .= LB + . COM_undoSpecialChars(stripslashes(strip_tags(COM_renderWikiText($A['introtext'])))).LB.LB + . COM_undoSpecialChars(stripslashes(strip_tags(COM_renderWikiText($A['bodytext'])))).LB.LB + . '------------------------------------------------------------'.LB; + } else { + $mailtext .= LB + . COM_undoSpecialChars(stripslashes(strip_tags($A['introtext']))).LB.LB + . COM_undoSpecialChars(stripslashes(strip_tags($A['bodytext']))).LB.LB + . '------------------------------------------------------------'.LB; + } if ($A['commentcode'] == 0) { // comments allowed $mailtext .= $LANG08[24] . LB . COM_buildUrl ($_CONF['site_url'] . '/article.php?story=' From geeklog-cvs at lists.geeklog.net Sat Apr 11 05:25:49 2009 From: geeklog-cvs at lists.geeklog.net (geeklog-cvs at lists.geeklog.net) Date: Sat, 11 Apr 2009 05:25:49 -0400 Subject: [geeklog-cvs] tools: Leave copy of lib-custom.php for phpDocumentor Message-ID: details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/4a84799526d6 changeset: 30:4a84799526d6 user: Dirk Haun date: Sat Apr 11 11:25:40 2009 +0200 description: Leave copy of lib-custom.php for phpDocumentor diffstat: 1 file changed, 7 insertions(+), 3 deletions(-) cronjobs/nightly.sh | 10 +++++++--- diffs (42 lines): diff -r cf915aa5cfed -r 4a84799526d6 cronjobs/nightly.sh --- a/cronjobs/nightly.sh Sat Apr 04 21:42:46 2009 +0200 +++ b/cronjobs/nightly.sh Sat Apr 11 11:25:40 2009 +0200 @@ -13,13 +13,16 @@ cd /usr/home/geeklog2/nightly/geeklog-nightly +rm -f system/lib-custom.php + # update repository /usr/local/bin/hg -q pull > /dev/null 2>&1 /usr/local/bin/hg -q up > /dev/null 2>&1 -# fix config names +# fix names of .dist files mv db-config.php.dist db-config.php mv public_html/siteconfig.php.dist public_html/siteconfig.php +mv system/lib-custom.php.dist system/lib-custom.php # add PEAR classes cd system/pear @@ -43,7 +46,6 @@ rm -f plugins/spamx/ProjectHoneyPot.Examine.class.php # about time we clean up the install directory ... rm -f public_html/admin/install/addindex.php -rm -f system/lib-custom.php.dist # PEAR buildpackage files rm -f plugins/calendar/buildpackage.php @@ -76,9 +78,11 @@ tar cf geeklog-nightly.tar '--exclude=\.hg' geeklog-nightly gzip geeklog-nightly.tar -# rename config files back to their names in the repository +# rename .dist files back to their names in the repository mv geeklog-nightly/db-config.php geeklog-nightly/db-config.php.dist mv geeklog-nightly/public_html/siteconfig.php geeklog-nightly/public_html/siteconfig.php.dist +# leave copy of lib-custom.php for phpDocumentor +cp -p geeklog-nightly/system/lib-custom.php geeklog-nightly/system/lib-custom.php.dist mv geeklog-nightly.tar.gz /usr/www/users/geeklog2/www/nightly/ From geeklog-cvs at lists.geeklog.net Sat Apr 11 08:50:14 2009 From: geeklog-cvs at lists.geeklog.net (geeklog-cvs at lists.geeklog.net) Date: Sat, 11 Apr 2009 08:50:14 -0400 Subject: [geeklog-cvs] geeklog: Fixed one of the predefined date format strings (bug #0... Message-ID: details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/bdf79bad8819 changeset: 6915:bdf79bad8819 user: Dirk Haun date: Sat Apr 11 14:42:39 2009 +0200 description: Fixed one of the predefined date format strings (bug #0000854) diffstat: 5 files changed, 9 insertions(+), 2 deletions(-) public_html/docs/history | 1 + sql/mssql_tableanddata.php | 2 +- sql/mysql_tableanddata.php | 2 +- sql/updates/mssql_1.5.2_to_1.6.0.php | 3 +++ sql/updates/mysql_1.5.2_to_1.6.0.php | 3 +++ diffs (61 lines): diff -r 6566283deb9f -r bdf79bad8819 public_html/docs/history --- a/public_html/docs/history Fri Apr 10 23:33:02 2009 +0200 +++ b/public_html/docs/history Sat Apr 11 14:42:39 2009 +0200 @@ -11,6 +11,7 @@ + Comment moderation and editable comments, by Jared Wenerd Other changes: +- Fixed one of the predefined date format strings (bug #0000854) - Replace Wiki-style formatting in the Daily Digest and when emailing a story to a friend (bug #0000837, patch provided by Pawel Szczur) - New plugin API function PLG_configChange (feature request #0000694) [Dirk] diff -r 6566283deb9f -r bdf79bad8819 sql/mssql_tableanddata.php --- a/sql/mssql_tableanddata.php Fri Apr 10 23:33:02 2009 +0200 +++ b/sql/mssql_tableanddata.php Sat Apr 11 14:42:39 2009 +0200 @@ -1272,7 +1272,7 @@ $_SQL[] = "INSERT INTO {$_TABLES['dateformats']} (dfid, format, description) VALUES (10,'%m-%d-%y %H:%M','3-21-99 22:00')"; $_SQL[] = "INSERT INTO {$_TABLES['dateformats']} (dfid, format, description) VALUES (11,'%d-%m-%y %H:%M','21-3-99 22:00')"; $_SQL[] = "INSERT INTO {$_TABLES['dateformats']} (dfid, format, description) VALUES (12,'%m-%d-%y %I:%M%p','3-21-99 10:00PM')"; -$_SQL[] = "INSERT INTO {$_TABLES['dateformats']} (dfid, format, description) VALUES (13,'%I:%M%p %B %D, %Y','10:00PM March 21st, 1999')"; +$_SQL[] = "INSERT INTO {$_TABLES['dateformats']} (dfid, format, description) VALUES (13,'%I:%M%p %B %e, %Y','10:00PM March 21, 1999')"; $_SQL[] = "INSERT INTO {$_TABLES['dateformats']} (dfid, format, description) VALUES (14,'%a %b %d, ''%y %I:%M%p','Sun Mar 21, ''99 10:00PM')"; $_SQL[] = "INSERT INTO {$_TABLES['dateformats']} (dfid, format, description) VALUES (15,'Day %j, %I ish','Day 80, 10 ish')"; $_SQL[] = "INSERT INTO {$_TABLES['dateformats']} (dfid, format, description) VALUES (16,'%y-%m-%d %I:%M','99-03-21 10:00')"; diff -r 6566283deb9f -r bdf79bad8819 sql/mysql_tableanddata.php --- a/sql/mysql_tableanddata.php Fri Apr 10 23:33:02 2009 +0200 +++ b/sql/mysql_tableanddata.php Sat Apr 11 14:42:39 2009 +0200 @@ -587,7 +587,7 @@ $_DATA[] = "INSERT INTO {$_TABLES['dateformats']} (dfid, format, description) VALUES (10,'%m-%d-%y %H:%M','3-21-99 22:00') "; $_DATA[] = "INSERT INTO {$_TABLES['dateformats']} (dfid, format, description) VALUES (11,'%d-%m-%y %H:%M','21-3-99 22:00') "; $_DATA[] = "INSERT INTO {$_TABLES['dateformats']} (dfid, format, description) VALUES (12,'%m-%d-%y %I:%M%p','3-21-99 10:00PM') "; -$_DATA[] = "INSERT INTO {$_TABLES['dateformats']} (dfid, format, description) VALUES (13,'%I:%M%p %B %D, %Y','10:00PM March 21st, 1999') "; +$_DATA[] = "INSERT INTO {$_TABLES['dateformats']} (dfid, format, description) VALUES (13,'%I:%M%p %B %e, %Y','10:00PM March 21, 1999') "; $_DATA[] = "INSERT INTO {$_TABLES['dateformats']} (dfid, format, description) VALUES (14,'%a %b %d, \'%y %I:%M%p','Sun Mar 21, \'99 10:00PM') "; $_DATA[] = "INSERT INTO {$_TABLES['dateformats']} (dfid, format, description) VALUES (15,'Day %j, %I ish','Day 80, 10 ish') "; $_DATA[] = "INSERT INTO {$_TABLES['dateformats']} (dfid, format, description) VALUES (16,'%y-%m-%d %I:%M','99-03-21 10:00') "; diff -r 6566283deb9f -r bdf79bad8819 sql/updates/mssql_1.5.2_to_1.6.0.php --- a/sql/updates/mssql_1.5.2_to_1.6.0.php Fri Apr 10 23:33:02 2009 +0200 +++ b/sql/updates/mssql_1.5.2_to_1.6.0.php Sat Apr 11 14:42:39 2009 +0200 @@ -52,6 +52,9 @@ $_SQL[] = "INSERT INTO {$_TABLES['groups']} (grp_name, grp_descr, grp_gl_core) VALUES ('Comment Submitters', 'Can submit comments', 0);"; $_SQL[] = "INSERT INTO {$_TABLES['features']} (ft_name, ft_descr, ft_gl_core) VALUES ('comment.moderate', 'Ability to moderate comments', 1)"; $_SQL[] = "INSERT INTO {$_TABLES['features']} (ft_name, ft_descr, ft_gl_core) VALUES ('comment.submit', 'Comments are automatically published', 1)"; + +// fix date format string +$_SQL[] = "UPDATE {$_TABLES['dateformats']} SET format = '%I:%M%p %B %e, %Y', description = '10:00PM March 21, 1999' WHERE dfid = 13"; /** * Add new config options diff -r 6566283deb9f -r bdf79bad8819 sql/updates/mysql_1.5.2_to_1.6.0.php --- a/sql/updates/mysql_1.5.2_to_1.6.0.php Fri Apr 10 23:33:02 2009 +0200 +++ b/sql/updates/mysql_1.5.2_to_1.6.0.php Sat Apr 11 14:42:39 2009 +0200 @@ -51,6 +51,9 @@ $_SQL[] = "INSERT INTO {$_TABLES['groups']} (grp_name, grp_descr, grp_gl_core) VALUES ('Comment Submitters', 'Can submit comments', 0);"; $_SQL[] = "INSERT INTO {$_TABLES['features']} (ft_name, ft_descr, ft_gl_core) VALUES ('comment.moderate', 'Ability to moderate comments', 1)"; $_SQL[] = "INSERT INTO {$_TABLES['features']} (ft_name, ft_descr, ft_gl_core) VALUES ('comment.submit', 'Comments are automatically published', 1)"; + +// fix date format string +$_SQL[] = "UPDATE {$_TABLES['dateformats']} SET format = '%I:%M%p %B %e, %Y', description = '10:00PM March 21, 1999' WHERE dfid = 13"; /** * Add new config options From geeklog-cvs at lists.geeklog.net Sat Apr 11 09:50:54 2009 From: geeklog-cvs at lists.geeklog.net (geeklog-cvs at lists.geeklog.net) Date: Sat, 11 Apr 2009 09:50:54 -0400 Subject: [geeklog-cvs] geeklog: Fresh installs + MySQL only: Changed some tinyint field... Message-ID: details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/2fcb4527bb04 changeset: 6916:2fcb4527bb04 user: Dirk Haun date: Sat Apr 11 15:35:58 2009 +0200 description: Fresh installs + MySQL only: Changed some tinyint fields that are only used as flags to tinyint(1) from tinyint(3) (bug #0000857) diffstat: 2 files changed, 9 insertions(+), 7 deletions(-) public_html/docs/history | 4 +++- sql/mysql_tableanddata.php | 12 ++++++------ diffs (77 lines): diff -r bdf79bad8819 -r 2fcb4527bb04 public_html/docs/history --- a/public_html/docs/history Sat Apr 11 14:42:39 2009 +0200 +++ b/public_html/docs/history Sat Apr 11 15:35:58 2009 +0200 @@ -1,6 +1,6 @@ Geeklog History/Changes: -Apr ??, 2009 (1.6.0) +Apr 20, 2009 (1.6.0) ------------ Geeklog 1.6.0 incorporates the following projects implemented during @@ -11,6 +11,8 @@ + Comment moderation and editable comments, by Jared Wenerd Other changes: +- Fresh installs + MySQL only: Changed some tinyint fields that are only used + as flags to tinyint(1) from tinyint(3) (bug #0000857) - Fixed one of the predefined date format strings (bug #0000854) - Replace Wiki-style formatting in the Daily Digest and when emailing a story to a friend (bug #0000837, patch provided by Pawel Szczur) diff -r bdf79bad8819 -r 2fcb4527bb04 sql/mysql_tableanddata.php --- a/sql/mysql_tableanddata.php Sat Apr 11 14:42:39 2009 +0200 +++ b/sql/mysql_tableanddata.php Sat Apr 11 15:35:58 2009 +0200 @@ -33,7 +33,7 @@ rdf_last_modified varchar(40) default NULL, rdf_etag varchar(40) default NULL, rdflimit smallint(5) unsigned NOT NULL default '0', - onleft tinyint(3) unsigned NOT NULL default '1', + onleft tinyint(1) unsigned NOT NULL default '1', phpblockfn varchar(128) default '', help varchar(255) default '', owner_id mediumint(8) unsigned NOT NULL default '1', @@ -235,7 +235,7 @@ pi_name varchar(30) NOT NULL default '', pi_version varchar(20) NOT NULL default '', pi_gl_version varchar(20) NOT NULL default '', - pi_enabled tinyint(3) unsigned NOT NULL default '1', + pi_enabled tinyint(1) unsigned NOT NULL default '1', pi_homepage varchar(128) NOT NULL default '', INDEX plugins_enabled(pi_enabled), PRIMARY KEY (pi_name) @@ -296,7 +296,7 @@ CREATE TABLE {$_TABLES['stories']} ( sid varchar(40) NOT NULL default '', uid mediumint(8) NOT NULL default '1', - draft_flag tinyint(3) unsigned default '0', + draft_flag tinyint(1) unsigned default '0', tid varchar(20) NOT NULL default 'General', date datetime default NULL, title varchar(128) default NULL, @@ -308,7 +308,7 @@ comment_expire datetime NOT NULL default '0000-00-00 00:00:00', trackbacks mediumint(8) unsigned NOT NULL default '0', related text, - featured tinyint(3) unsigned NOT NULL default '0', + featured tinyint(1) unsigned NOT NULL default '0', show_topic_icon tinyint(1) unsigned NOT NULL default '1', commentcode tinyint(4) NOT NULL default '0', trackbackcode tinyint(4) NOT NULL default '0', @@ -316,7 +316,7 @@ expire DATETIME NOT NULL default '0000-00-00 00:00:00', postmode varchar(10) NOT NULL default 'html', advanced_editor_mode tinyint(1) unsigned default '0', - frontpage tinyint(3) unsigned default '1', + frontpage tinyint(1) unsigned default '1', owner_id mediumint(8) NOT NULL default '1', group_id mediumint(8) NOT NULL default '2', perm_owner tinyint(1) unsigned NOT NULL default '3', @@ -477,7 +477,7 @@ $_SQL[] = " CREATE TABLE {$_TABLES['userprefs']} ( uid mediumint(8) NOT NULL default '1', - noicons tinyint(3) unsigned NOT NULL default '0', + noicons tinyint(1) unsigned NOT NULL default '0', willing tinyint(3) unsigned NOT NULL default '1', dfid tinyint(3) unsigned NOT NULL default '0', tzid varchar(125) NOT NULL default '', From geeklog-cvs at lists.geeklog.net Sat Apr 11 09:50:55 2009 From: geeklog-cvs at lists.geeklog.net (geeklog-cvs at lists.geeklog.net) Date: Sat, 11 Apr 2009 09:50:55 -0400 Subject: [geeklog-cvs] geeklog: Call finish() on the header template so that undefined ... Message-ID: details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/c0cb15eefe17 changeset: 6917:c0cb15eefe17 user: Dirk Haun date: Sat Apr 11 15:48:10 2009 +0200 description: Call finish() on the header template so that undefined variables are removed (as done in the footer) diffstat: 1 file changed, 1 insertion(+), 1 deletion(-) public_html/lib-common.php | 2 +- diffs (12 lines): diff -r 2fcb4527bb04 -r c0cb15eefe17 public_html/lib-common.php --- a/public_html/lib-common.php Sat Apr 11 15:35:58 2009 +0200 +++ b/public_html/lib-common.php Sat Apr 11 15:48:10 2009 +0200 @@ -1226,7 +1226,7 @@ // prove useful at times ... // Don't use PHP in templates if you can live without it! - $tmp = $header->parse( 'index_header', 'header' ); + $tmp = $header->finish($header->parse('index_header', 'header')); $xml_declaration = ''; if ( get_cfg_var('short_open_tag') == '1' ) From geeklog-cvs at lists.geeklog.net Sat Apr 11 13:45:16 2009 From: geeklog-cvs at lists.geeklog.net (geeklog-cvs at lists.geeklog.net) Date: Sat, 11 Apr 2009 13:45:16 -0400 Subject: [geeklog-cvs] geeklog: Make the name of the 'anon-name' cookie configurable an... Message-ID: details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/1014d42f9fa7 changeset: 6918:1014d42f9fa7 user: Dirk Haun date: Sat Apr 11 16:59:56 2009 +0200 description: Make the name of the 'anon-name' cookie configurable and keep it alive for longer diffstat: 7 files changed, 30 insertions(+), 11 deletions(-) language/english.php | 1 language/english_utf-8.php | 1 public_html/admin/install/config-install.php | 1 public_html/docs/config.html | 5 ++++ sql/updates/mssql_1.5.2_to_1.6.0.php | 3 ++ sql/updates/mysql_1.5.2_to_1.6.0.php | 3 ++ system/lib-comment.php | 27 +++++++++++++++----------- diffs (128 lines): diff -r c0cb15eefe17 -r 1014d42f9fa7 language/english.php --- a/language/english.php Sat Apr 11 15:48:10 2009 +0200 +++ b/language/english.php Sat Apr 11 16:59:56 2009 +0200 @@ -1683,6 +1683,7 @@ 'cookie_theme' => "Theme Cookie Name", 'cookie_language' => "Language Cookie Name", 'cookie_tzid' => "Timezone Cookie Name", + 'cookie_anon_name' => 'Anon. Username Cookie Name', 'cookie_ip' => "Cookies embed IP?", 'default_perm_cookie_timeout' => "Permanent Timeout", 'session_cookie_timeout' => "Session Timeout", diff -r c0cb15eefe17 -r 1014d42f9fa7 language/english_utf-8.php --- a/language/english_utf-8.php Sat Apr 11 15:48:10 2009 +0200 +++ b/language/english_utf-8.php Sat Apr 11 16:59:56 2009 +0200 @@ -1683,6 +1683,7 @@ 'cookie_theme' => "Theme Cookie Name", 'cookie_language' => "Language Cookie Name", 'cookie_tzid' => "Timezone Cookie Name", + 'cookie_anon_name' => 'Anon. Username Cookie Name', 'cookie_ip' => "Cookies embed IP?", 'default_perm_cookie_timeout' => "Permanent Timeout", 'session_cookie_timeout' => "Session Timeout", diff -r c0cb15eefe17 -r 1014d42f9fa7 public_html/admin/install/config-install.php --- a/public_html/admin/install/config-install.php Sat Apr 11 15:48:10 2009 +0200 +++ b/public_html/admin/install/config-install.php Sat Apr 11 16:59:56 2009 +0200 @@ -301,6 +301,7 @@ $c->add('cookie_theme','theme','text',7,30,NULL,560,TRUE); $c->add('cookie_language','language','text',7,30,NULL,570,TRUE); $c->add('cookie_tzid','timezone','text',7,30,NULL,575,TRUE); + $c->add('cookie_anon_name','anon_name','text',7,30,NULL,577,TRUE); $c->add('cookie_ip',0,'select',7,30,0,580,TRUE); $c->add('default_perm_cookie_timeout',28800,'text',7,30,NULL,590,TRUE); $c->add('session_cookie_timeout',7200,'text',7,30,NULL,600,TRUE); diff -r c0cb15eefe17 -r 1014d42f9fa7 public_html/docs/config.html --- a/public_html/docs/config.html Sat Apr 11 15:48:10 2009 +0200 +++ b/public_html/docs/config.html Sat Apr 11 16:59:56 2009 +0200 @@ -1253,6 +1253,11 @@ timezone Name of the timezone cookie. + cookie_anon_name + anon_name + Name of the cookie to store the username of anonymous + users. + cookie_ip 0 Session ID to contain IP address of user as well as random number. This is more secure but will more than likely require dialed up users to login each and every time. (0=no, 1=yes) diff -r c0cb15eefe17 -r 1014d42f9fa7 sql/updates/mssql_1.5.2_to_1.6.0.php --- a/sql/updates/mssql_1.5.2_to_1.6.0.php Sat Apr 11 15:48:10 2009 +0200 +++ b/sql/updates/mssql_1.5.2_to_1.6.0.php Sat Apr 11 16:59:56 2009 +0200 @@ -109,6 +109,9 @@ $c->add('comment_close_rec_stories',0,'text',4,21,NULL,1688,TRUE); $c->add('allow_reply_notifications',0,'select',4,21,0, 1689, TRUE); + // cookie to store name of anonymous commenters + $c->add('cookie_anon_name','anon_name','text',7,30,NULL,577,TRUE); + return true; } diff -r c0cb15eefe17 -r 1014d42f9fa7 sql/updates/mysql_1.5.2_to_1.6.0.php --- a/sql/updates/mysql_1.5.2_to_1.6.0.php Sat Apr 11 15:48:10 2009 +0200 +++ b/sql/updates/mysql_1.5.2_to_1.6.0.php Sat Apr 11 16:59:56 2009 +0200 @@ -108,6 +108,9 @@ $c->add('comment_close_rec_stories',0,'text',4,21,NULL,1688,TRUE); $c->add('allow_reply_notifications',0,'select',4,21,0, 1689, TRUE); + // cookie to store name of anonymous commenters + $c->add('cookie_anon_name','anon_name','text',7,30,NULL,577,TRUE); + return true; } diff -r c0cb15eefe17 -r 1014d42f9fa7 system/lib-comment.php --- a/system/lib-comment.php Sat Apr 11 15:48:10 2009 +0200 +++ b/system/lib-comment.php Sat Apr 11 16:59:56 2009 +0200 @@ -401,10 +401,12 @@ $template->set_var( 'sid', $A['sid'] ); $template->set_var( 'type', $A['type'] ); - //COMMENT edit rights - if ( $_USER['uid'] == $A['uid'] && $_CONF['comment_edit'] == 1 - && (time() - $A['nice_date']) < $_CONF['comment_edittime'] && - DB_getItem($_TABLES['comments'], 'COUNT(*)', "pid = {$A['cid']}") == 0) { + // COMMENT edit rights + if (isset($A['uid']) && isset($_USER['uid']) + && ($_USER['uid'] == $A['uid']) && ($_CONF['comment_edit'] == 1) + && ((time() - $A['nice_date']) < $_CONF['comment_edittime']) + && (DB_getItem($_TABLES['comments'], 'COUNT(*)', + "pid = {$A['cid']}") == 0)) { $edit_option = true; if ( empty($token)) { $token = SEC_createToken(); @@ -900,15 +902,16 @@ $comment_template->set_var('lang_logoutorcreateaccount', $LANG03[03]); } else { - //Anonymous user + // Anonymous user $comment_template->set_var('uid', 1); - if ( isset($A['username']) ) { - $name = $A['username']; //for preview - } elseif (isset($_COOKIE['anon-name'])) { + if (isset($A['username'])) { + $name = $A['username']; // for preview + } elseif (isset($_COOKIE[$_CONF['cookie_anon_name']])) { + //stored as cookie, name used before $name = htmlspecialchars(COM_checkWords(strip_tags( - COM_stripslashes($_COOKIE['anon-name'])))); //stored as cookie, name used before + COM_stripslashes($_COOKIE[$_CONF['cookie_anon_name']])))); } else { - $name = $LANG03[24]; //anonymous user + $name = $LANG03[24]; // anonymous user } $usernameblock = ''; @@ -1064,7 +1067,9 @@ if (isset($_POST['username']) && strcmp($_POST['username'],$LANG03[24]) != 0 && $uid == 1) { $name = COM_checkWords(strip_tags(COM_stripslashes($_POST['username']))); - setcookie('anon-name', $name); + setcookie($_CONF['cookie_anon_name'], $name, time() + 31536000, + $_CONF['cookie_path'], $_CONF['cookiedomain'], + $_CONF['cookiesecure']); $name = addslashes($name); } From geeklog-cvs at lists.geeklog.net Sat Apr 11 13:45:16 2009 From: geeklog-cvs at lists.geeklog.net (geeklog-cvs at lists.geeklog.net) Date: Sat, 11 Apr 2009 13:45:16 -0400 Subject: [geeklog-cvs] geeklog: Remove ProjectHoneyPot module for Spam-X (we never ship... Message-ID: details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/63d54d84c058 changeset: 6919:63d54d84c058 user: Dirk Haun date: Sat Apr 11 17:00:38 2009 +0200 description: Remove ProjectHoneyPot module for Spam-X (we never shipped it anyway) diffstat: 1 file changed, 195 deletions(-) plugins/spamx/ProjectHoneyPot.Examine.class.php | 195 ----------------------- diffs (199 lines): diff -r 1014d42f9fa7 -r 63d54d84c058 plugins/spamx/ProjectHoneyPot.Examine.class.php --- a/plugins/spamx/ProjectHoneyPot.Examine.class.php Sat Apr 11 16:59:56 2009 +0200 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,195 +0,0 @@ - | -// +---------------------------------------------------------------------------+ -// | Copyright (C) 2007 by the following authors: | -// | | -// | Authors: Michael Jervis - mike at fuckingbrit.com | -// +---------------------------------------------------------------------------+ -// | | -// | This program is free software; you can redistribute it and/or | -// | modify it under the terms of the GNU General Public License | -// | as published by the Free Software Foundation; either version 2 | -// | of the License, or (at your option) any later version. | -// | | -// | This program is distributed in the hope that it will be useful, | -// | but WITHOUT ANY WARRANTY; without even the implied warranty of | -// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | -// | GNU General Public License for more details. | -// | | -// | You should have received a copy of the GNU General Public License | -// | along with this program; if not, write to the Free Software Foundation, | -// | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. | -// | | -// +---------------------------------------------------------------------------+ - -/** -* @package Spam-X -* @subpackage Modules -*/ - -if (strpos(strtolower($_SERVER['PHP_SELF']), 'ProjectHoneyPot.Examine.class.php') !== false) { - die('This file can not be used on its own!'); -} - -/** -* Include Abstract Examine Class -*/ -require_once $_CONF['path'] . 'plugins/spamx/' . 'BaseCommand.class.php'; - -define('HTTP_BL_SEARCH_ENGINE', 0); -define('HTTP_BL_SUSPICIOUS', 1); -define('HTTP_BL_HARVESTER', 2); -define('HTTP_BL_SUSPICIOUS_HARVESTER', 3); -define('HTTP_BL_COMMENT_SPAMMER', 4); -define('HTTP_BL_SUSPICIOUS_COMMENT', 5); -define('HTTP_BL_HARVESTER_COMMENT', 6); -define('HTTP_BL_ALL', 7); - -/* - * The following settings all relate to the ProjectHoneyPot.org http:BL - * examine module. In order to use this, you *MUST* register with - * ProjectHoneyPot. You *MUST* install a Honey Pot. You *MUST* accept the - * terms of use of the http:BL and acquire your own http:BL access key. - */ -$_SPX_CONF['http_bl_enable'] = true; // Whether or not to use the http:BL, true or false. -// You can get your access key from: http://www.projecthoneypot.org/httpbl_configure.php -// regardless of http_bl_enable, if you don't have a key, this won't work. -$_SPX_CONF['http_bl_access_key'] = 'NOT.CONFIGURED.RIGHT'; -// Whether or not to use TCP (Virtual Circuits) instead of UDP. If set to false, -// UDP will be used unless TCP is required. TCP is required for questions or -// responses greater than 512 bytes. -$_SPX_CONF['http_bl_use_tcp'] = true; -// DNS Servers to use, in my development environment, I found that the examine -// failed without configuring this. Must be an array of IP addresses, or false: -$_SPX_CONF['http_bl_dns_servers'] = false; -// example of array with dummy values: $_SPX_CONF['http_bl_dns_servers'] = array('ip1','ip2'); - - -/* - * Debug settings: - * - * HTTP_BL_VERBOSE_LOGGING if set to 1 will increase the amount of logging - * performed to logs/spamx.log, this is helpful when you are trying to set up - * your nameservers and http:BL access key. You /really/ want to set this to 0. - * - * HTTP_BL_DEBUG_MODE is purely for testing, if set to 1, rather than using - * the IP address of the person posting comment/request will use HTTP_BL_TEST_IP - * this allows you to test and confirm that it is functioning correctly and - * trapping all real blacklisted ip types. For a list of valid test values see: - * http://www.projecthoneypot.org/httpbl_api.php - */ -define('HTTP_BL_VERBOSE_LOGGING', 0); -define('HTTP_BL_DEBUG_MODE', 0); -define('HTTP_BL_TEST_IP', '127.1.1.1'); - - -/** -* Examines the IP address of the poster using the http:BL available to users of -* ProjectHoneyPot.org. This involves performing a special DNS query using a -* special Project Honey Pot access key. See this plugins config.php for use. -* -* @author Mike Jervis, mike AT fuckingbrit DOT com -* @package Spam-X -* -*/ -class ProjectHoneyPot extends BaseCommand { - /** - * Here we do the work - */ - function execute($comment) - { - global $_SPX_CONF; - $ans = 0; - //$_CONF, $_TABLES, $_USER, $LANG_SX00, $result; - if (isset ($_SPX_CONF['http_bl_access_key']) && $_SPX_CONF['http_bl_enable']) { - /* - * We query for accesskey.reversedipaddress.dnsbl.httpbl.org - */ - if (HTTP_BL_DEBUG_MODE == 1) { - $targetip = explode('.', HTTP_BL_TEST_IP); - } else { - $targetip = explode('.', $_SERVER['REMOTE_ADDR']); - } - $querydomain = $_SPX_CONF['http_bl_access_key']; - for($i = 3; $i >= 0; $i--) { - $querydomain .= ".{$targetip[$i]}"; - } - $querydomain .= '.dnsbl.httpbl.org'; - require_once('Net/DNS.php'); - $resolver = new Net_DNS_Resolver(); - if ($_SPX_CONF['http_bl_use_tcp']) { - $resolver->usevc = 1; - } - if (is_array($_SPX_CONF['http_bl_dns_servers'])) { - $resolver->nameservers = $_SPX_CONF['http_bl_dns_servers']; - } - if (HTTP_BL_VERBOSE_LOGGING == 1) { - SPAMX_Log("Performing http:BL query for $querydomain"); - } - $response = $resolver->query($querydomain); - if ($response) { - $result = $response->answer[0]->address; - $resultArray = explode('.', $result); - if (($resultArray[0] == 127) && ($resultArray[3] > HTTP_BL_SEARCH_ENGINE)) { - // Valid, and not a search engine. - $days = $resultArray[1]; - $threat = $resultArray[2]; - switch($resultArray[3]) { - case HTTP_BL_SUSPICIOUS: // suspicious - $type = '"Suspicious"'; - break; - case HTTP_BL_HARVESTER: // harvester - $type = '"Harvester"'; - break; - case HTTP_BL_SUSPICIOUS_HARVESTER: // suspicious harvester - $type = '"Suspicious" and "Harvester"'; - break; - case HTTP_BL_COMMENT_SPAMMER: // comment spammer - $type = '"Comment Spammer"'; - break; - case HTTP_BL_SUSPICIOUS_COMMENT: // suspicious & comment spammer - $type = '"Suspicious" and "Comment Spammer"'; - break; - case HTTP_BL_HARVESTER_COMMENT: // harvester & comment spammer - $type = '"Harvester" and "Comment Spammer"'; - break; - case HTTP_BL_ALL: // suspicious, harvesting comment spammer - $type = '"Suspicious", "Harvester" and "Comment Spammer"'; - break; - } - SPAMX_Log("http:BL reports {$_SERVER['REMOTE_ADDR']} as a $type of threat level $threat. Activity was last seen $days day(s) ago."); - $ans = 1; - } else { - // Either invalid query, or, a search engine. - if (!($resultArray[3] == HTTP_BL_SEARCH_ENGINE)) { - SPAMX_Log('Invalid response from http:BL queried: "' . - $querydomain . '". Received: "' . $result . '"'); - } - $ans = 0; - } - } - } else { - if (HTTP_BL_VERBOSE_LOGGING == 1) { - SPAMX_Log('No response received from http:BL for '.$queryDomain); - } - $ans = 0; - } - - - return $ans; - } -} - -?> From geeklog-cvs at lists.geeklog.net Sat Apr 11 13:45:16 2009 From: geeklog-cvs at lists.geeklog.net (geeklog-cvs at lists.geeklog.net) Date: Sat, 11 Apr 2009 13:45:16 -0400 Subject: [geeklog-cvs] geeklog: Make the CIDR check not trip over Mac OS X's use of ::1... Message-ID: details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/add909bdec43 changeset: 6920:add909bdec43 user: Dirk Haun date: Sat Apr 11 17:03:12 2009 +0200 description: Make the CIDR check not trip over Mac OS X's use of ::1 for localhost diffstat: 1 file changed, 10 insertions(+), 8 deletions(-) plugins/spamx/IP.Examine.class.php | 18 ++++++++++-------- diffs (30 lines): diff -r 63d54d84c058 -r add909bdec43 plugins/spamx/IP.Examine.class.php --- a/plugins/spamx/IP.Examine.class.php Sat Apr 11 17:00:38 2009 +0200 +++ b/plugins/spamx/IP.Examine.class.php Sat Apr 11 17:03:12 2009 +0200 @@ -99,16 +99,18 @@ // here's our highest int $high = $i | (~$mask & 0xFFFFFFFF); - // now split the ip were checking against up into classes - list($a, $b, $c, $d) = explode('.', $iptocheck); + // now split the ip we're checking against up into classes + $ex = explode('.', $iptocheck); - // now convert the ip we're checking against to an int - $check = ($a << 24) + ($b << 16) + ($c << 8) + $d; + if (count($ex) == 4) { + // now convert the ip we're checking against to an int + $check = ($ex[0] << 24) + ($ex[1] << 16) + ($ex[2] << 8) + $ex[3]; - // if the ip is within the range, including - // highest/lowest values, then it's witin the CIDR range - if (($check >= $low) && ($check <= $high)) { - return true; + // if the ip is within the range, including + // highest/lowest values, then it's witin the CIDR range + if (($check >= $low) && ($check <= $high)) { + return true; + } } return false; From geeklog-cvs at lists.geeklog.net Sat Apr 11 13:45:18 2009 From: geeklog-cvs at lists.geeklog.net (geeklog-cvs at lists.geeklog.net) Date: Sat, 11 Apr 2009 13:45:18 -0400 Subject: [geeklog-cvs] geeklog: Changed PLG_configChange to also notify plugins of conf... Message-ID: details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/5dd79ca26230 changeset: 6921:5dd79ca26230 user: Dirk Haun date: Sat Apr 11 17:55:09 2009 +0200 description: Changed PLG_configChange to also notify plugins of config changes in other plugins but without providing details (plugins should not depend on internals of other plugins). diffstat: 1 file changed, 17 insertions(+), 13 deletions(-) system/lib-plugins.php | 30 +++++++++++++++++------------- diffs (51 lines): diff -r add909bdec43 -r 5dd79ca26230 system/lib-plugins.php --- a/system/lib-plugins.php Sat Apr 11 17:03:12 2009 +0200 +++ b/system/lib-plugins.php Sat Apr 11 17:55:09 2009 +0200 @@ -2519,8 +2519,9 @@ /** * Inform plugins of configuration changes * -* NOTE: Plugins will only be notified of 'Core' changes and changes in their -* own configuration. Changes in other plugins will not be sent. +* NOTE: Plugins will only be notified of details of changes in 'Core' and in +* their own configuration. For other plugins, they will only be notified +* of the fact that something in the other plugin's config changed. * * @param string $group plugin name or 'Core' for $_CONF changes * @param array $changes names of config values that changed @@ -2533,21 +2534,24 @@ { global $_PLUGINS; - $args[1] = $group; - $args[2] = $changes; + foreach ($_PLUGINS as $pi_name) { + $args = array(); + $args[1] = $group; - if ($group == 'Core') { - foreach ($_PLUGINS as $pi_name) { - PLG_callFunctionForOnePlugin('plugin_configchange_' . $pi_name, - $args); + if (($group == 'Core') || ($group == $pi_name)) { + $args[2] = $changes; } - $function = 'CUSTOM_configchange'; - if (function_exists($function)) { - $function('Core', $changes); + PLG_callFunctionForOnePlugin('plugin_configchange_' . $pi_name, $args); + } + + $function = 'CUSTOM_configchange'; + if (function_exists($function)) { + if ($group == 'Core') { + $function($group, $changes); + } else { + $function($group); } - } else { - PLG_callFunctionForOnePlugin('plugin_configchange_' . $group, $args); } } From geeklog-cvs at lists.geeklog.net Sat Apr 11 13:45:19 2009 From: geeklog-cvs at lists.geeklog.net (geeklog-cvs at lists.geeklog.net) Date: Sat, 11 Apr 2009 13:45:19 -0400 Subject: [geeklog-cvs] geeklog: New plugin API function PLG_getDocumentationUrl (featur... Message-ID: details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/e7a542a82561 changeset: 6922:e7a542a82561 user: Dirk Haun date: Sat Apr 11 18:52:02 2009 +0200 description: New plugin API function PLG_getDocumentationUrl (feature request #0000848) diffstat: 8 files changed, 165 insertions(+), 18 deletions(-) plugins/calendar/functions.inc | 25 +++++++++++++++++++++++++ plugins/links/functions.inc | 25 +++++++++++++++++++++++++ plugins/polls/functions.inc | 25 +++++++++++++++++++++++++ plugins/spamx/functions.inc | 25 +++++++++++++++++++++++++ plugins/staticpages/functions.inc | 25 +++++++++++++++++++++++++ public_html/docs/history | 2 ++ system/classes/config.class.php | 25 ++++++++++++++----------- system/lib-plugins.php | 31 ++++++++++++++++++++++++------- diffs (289 lines): diff -r 5dd79ca26230 -r e7a542a82561 plugins/calendar/functions.inc --- a/plugins/calendar/functions.inc Sat Apr 11 17:55:09 2009 +0200 +++ b/plugins/calendar/functions.inc Sat Apr 11 18:52:02 2009 +0200 @@ -1899,4 +1899,29 @@ return $retval; } +/** +* Provide URL of a documentation file +* +* @param string $file documentation file being requested, e.g. 'config' +* @return mixed URL or false when not available +* +*/ +function plugin_getdocumentationurl_calendar($file) +{ + global $_CONF; + + switch ($file) { + case 'index': + case 'config': + $retval = $_CONF['site_url'] . '/docs/calendar.html'; + break; + + default: + $retval = false; + break; + } + + return $retval; +} + ?> diff -r 5dd79ca26230 -r e7a542a82561 plugins/links/functions.inc --- a/plugins/links/functions.inc Sat Apr 11 17:55:09 2009 +0200 +++ b/plugins/links/functions.inc Sat Apr 11 18:52:02 2009 +0200 @@ -1626,4 +1626,29 @@ return $categorysql; } +/** +* Provide URL of a documentation file +* +* @param string $file documentation file being requested, e.g. 'config' +* @return mixed URL or false when not available +* +*/ +function plugin_getdocumentationurl_links($file) +{ + global $_CONF; + + switch ($file) { + case 'index': + case 'config': + $retval = $_CONF['site_url'] . '/docs/links.html'; + break; + + default: + $retval = false; + break; + } + + return $retval; +} + ?> diff -r 5dd79ca26230 -r e7a542a82561 plugins/polls/functions.inc --- a/plugins/polls/functions.inc Sat Apr 11 17:55:09 2009 +0200 +++ b/plugins/polls/functions.inc Sat Apr 11 18:52:02 2009 +0200 @@ -1321,4 +1321,29 @@ return $retval; } +/** +* Provide URL of a documentation file +* +* @param string $file documentation file being requested, e.g. 'config' +* @return mixed URL or false when not available +* +*/ +function plugin_getdocumentationurl_polls($file) +{ + global $_CONF; + + switch ($file) { + case 'index': + case 'config': + $retval = $_CONF['site_url'] . '/docs/polls.html'; + break; + + default: + $retval = false; + break; + } + + return $retval; +} + ?> diff -r 5dd79ca26230 -r e7a542a82561 plugins/spamx/functions.inc --- a/plugins/spamx/functions.inc Sat Apr 11 17:55:09 2009 +0200 +++ b/plugins/spamx/functions.inc Sat Apr 11 18:52:02 2009 +0200 @@ -390,4 +390,29 @@ return $out; } +/** +* Provide URL of a documentation file +* +* @param string $file documentation file being requested, e.g. 'config' +* @return mixed URL or false when not available +* +*/ +function plugin_getdocumentationurl_spamx($file) +{ + global $_CONF; + + switch ($file) { + case 'index': + case 'config': + $retval = $_CONF['site_url'] . '/docs/spamx.html'; + break; + + default: + $retval = false; + break; + } + + return $retval; +} + ?> diff -r 5dd79ca26230 -r e7a542a82561 plugins/staticpages/functions.inc --- a/plugins/staticpages/functions.inc Sat Apr 11 17:55:09 2009 +0200 +++ b/plugins/staticpages/functions.inc Sat Apr 11 18:52:02 2009 +0200 @@ -1327,4 +1327,29 @@ return $retval; } +/** +* Provide URL of a documentation file +* +* @param string $file documentation file being requested, e.g. 'config' +* @return mixed URL or false when not available +* +*/ +function plugin_getdocumentationurl_staticpages($file) +{ + global $_CONF; + + switch ($file) { + case 'index': + // TBD: case 'config': + $retval = $_CONF['site_url'] . '/docs/staticpages.html'; + break; + + default: + $retval = false; + break; + } + + return $retval; +} + ?> diff -r 5dd79ca26230 -r e7a542a82561 public_html/docs/history --- a/public_html/docs/history Sat Apr 11 17:55:09 2009 +0200 +++ b/public_html/docs/history Sat Apr 11 18:52:02 2009 +0200 @@ -11,6 +11,8 @@ + Comment moderation and editable comments, by Jared Wenerd Other changes: +- New plugin API function PLG_getDocumentationUrl (feature request #0000848) + [Dirk] - Fresh installs + MySQL only: Changed some tinyint fields that are only used as flags to tinyint(1) from tinyint(3) (bug #0000857) - Fixed one of the predefined date format strings (bug #0000854) diff -r 5dd79ca26230 -r e7a542a82561 system/classes/config.class.php --- a/system/classes/config.class.php Sat Apr 11 17:55:09 2009 +0200 +++ b/system/classes/config.class.php Sat Apr 11 18:52:02 2009 +0200 @@ -2,13 +2,13 @@ /* Reminder: always indent with 4 spaces (no tabs). */ // +---------------------------------------------------------------------------+ -// | Geeklog 1.5 | +// | Geeklog 1.6 | // +---------------------------------------------------------------------------+ // | config.class.php | // | | // | Controls the UI and database for configuration settings | // +---------------------------------------------------------------------------+ -// | Copyright (C) 2007-2008 by the following authors: | +// | Copyright (C) 2007-2009 by the following authors: | // | | // | Authors: Aaron Blankstein - kantai AT gmail DOT com | // +---------------------------------------------------------------------------+ @@ -28,8 +28,6 @@ // | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. | // | | // +---------------------------------------------------------------------------+ -// -// $Id: config.class.php,v 1.50 2008/08/31 19:17:39 dhaun Exp $ class config { var $dbconfig_file; @@ -640,18 +638,23 @@ $on = $name; } if (! is_numeric($on)) { - if (!empty($GLOBALS['_CONF']['site_url'])) { - $baseUrl = $GLOBALS['_CONF']['site_url']; + if ($group == 'Core') { + if (!empty($GLOBALS['_CONF']['site_url'])) { + $baseUrl = $GLOBALS['_CONF']['site_url']; + } else { + $baseUrl = 'http://www.geeklog.net'; + } + $descUrl = $baseUrl . '/docs/config.html#desc_' . $o; } else { - $baseUrl = 'http://www.geeklog.net'; + $descUrl = PLG_getDocumentationUrl($group, 'config'); + if (! empty($descUrl)) { + $descUrl .= '#desc_' . $o; + } } - if ($group == 'Core') { - $descUrl = $baseUrl . '/docs/config.html#desc_' . $o; + if (! empty($descUrl)) { $t->set_var('doc_url', $descUrl); $t->set_var('doc_link', '(?)'); - } else { - // TBD: link to description of plugin option } } } diff -r 5dd79ca26230 -r e7a542a82561 system/lib-plugins.php --- a/system/lib-plugins.php Sat Apr 11 17:55:09 2009 +0200 +++ b/system/lib-plugins.php Sat Apr 11 18:52:02 2009 +0200 @@ -2362,7 +2362,7 @@ . $type . '.gif'; $fh = @fopen ($icon, 'r'); if ($fh === false) { - // give up and us a generic icon + // give up and use a generic icon $retval = $_CONF['site_url'] . '/images/icons/plugins.gif'; } else { $retval = $icon; @@ -2380,12 +2380,12 @@ /** * Invoke a service * - * @param string type The plugin type whose service is to be called - * @param string action The service action to be performed - * @param array args The arguments to be passed to the service invoked - * @param array output The output variable that will contain the output after invocation - * @param array svc_msg The output variable that will contain the service messages - * @return int The result of the invocation + * @param string $type The plugin type whose service is to be called + * @param string $action The service action to be performed + * @param array $args The arguments to be passed to the service invoked + * @param array $output The output variable that will contain the output after invocation + * @param array $svc_msg The output variable that will contain the service messages + * @return int The result of the invocation * @link http://wiki.geeklog.net/index.php/Webservices_API * */ @@ -2555,4 +2555,21 @@ } } +/** +* Ask plugin for the URL to its documentation +* +* @param string $type plugin name +* @param string $file documentation file being requested, e.g. 'config' +* @return mixed URL or false / empty string when not available +* @since Geeklog 1.6.0 +* +*/ +function PLG_getDocumentationUrl($type, $file) +{ + $args[1] = $file; + $function = 'plugin_getdocumentationurl_' . $type; + + return PLG_callFunctionForOnePlugin($function, $args); +} + ?> From geeklog-cvs at lists.geeklog.net Sat Apr 11 13:45:19 2009 From: geeklog-cvs at lists.geeklog.net (geeklog-cvs at lists.geeklog.net) Date: Sat, 11 Apr 2009 13:45:19 -0400 Subject: [geeklog-cvs] geeklog: Added description of the Static Pages config options an... Message-ID: details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/8c489120d27e changeset: 6923:8c489120d27e user: Dirk Haun date: Sat Apr 11 19:44:23 2009 +0200 description: Added description of the Static Pages config options and enabled links from the Configuration panel diffstat: 4 files changed, 89 insertions(+), 2 deletions(-) plugins/staticpages/functions.inc | 2 public_html/docs/spamx.html | 2 public_html/docs/staticpages.html | 86 +++++++++++++++++++++++++++++++++++++ system/lib-plugins.php | 1 diffs (131 lines): diff -r e7a542a82561 -r 8c489120d27e plugins/staticpages/functions.inc --- a/plugins/staticpages/functions.inc Sat Apr 11 18:52:02 2009 +0200 +++ b/plugins/staticpages/functions.inc Sat Apr 11 19:44:23 2009 +0200 @@ -1340,7 +1340,7 @@ switch ($file) { case 'index': - // TBD: case 'config': + case 'config': $retval = $_CONF['site_url'] . '/docs/staticpages.html'; break; diff -r e7a542a82561 -r 8c489120d27e public_html/docs/spamx.html --- a/public_html/docs/spamx.html Sat Apr 11 18:52:02 2009 +0200 +++ b/public_html/docs/spamx.html Sat Apr 11 19:44:23 2009 +0200 @@ -269,7 +269,7 @@ href="config.html#desc_check_trackback_link">documentation for the configuration for more information.

Configuration File

Configuration

The Spam-X plugin's configuration can be changed from the Configuration admin panel:

diff -r e7a542a82561 -r 8c489120d27e public_html/docs/staticpages.html --- a/public_html/docs/staticpages.html Sat Apr 11 18:52:02 2009 +0200 +++ b/public_html/docs/staticpages.html Sat Apr 11 19:44:23 2009 +0200 @@ -141,6 +141,92 @@

In the Configuration admin panel for the static pages plugin, you can set the "Delete Pages with Owner?" option to either "False" (which is also the default), meaning that static pages will not be deleted withtheir owner, but assigned to a member of the Root group instead (the user withthe lowest user ID, most likely the Admin). Setting the option to "True" means that static pages will be deleted when their owner's account is deleted.

Configuration

+ +

The configuration options for the Static Pages plugin can be changed from +the Configuration admin panel:

+ +

Static Pages Main Settings

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Variable	Default Value	Description
allow_php	`true`	Allows you to globally allow or disallow the use of PHP + in static pages, i.e. it overrides the setting on individual pages.
sort_by	`'id'`	Define sort order when more than one static page is displayed in + centerblocks. Allows sorting by page ID, page title, and date of last + change.
sort_menu_by	`'label'`	Define sort order for static pages in the site's menu. Allows sorting by + page label, page ID, page title, and date of last change.
delete_pages	`false`	Specify what should happen to a static page when its owner (i.e. the user + who created the page) is deleted. 'True' would delete the page, 'False' + will assign it to a user in the "Root" group (usually the user with the + lowest user ID).
in_block	`true`	Whether to display the content of static pages inside a block template or + not. This is the default setting and can be overridden per page.
show_hits	`true`	Whether to show the number of hits for a static page.
show_date	`true`	Whether to show the date and time of the last change to a static page.
filter_html	`false`	Whether HTML in static pages should be run through Geeklog's HTML filter + option.
censor	`false`	Whether the content of the static page should be run through Geeklog's + "bad words" filter.
aftersave	`'list'`	Which page to go to after a static page has been saved: + + 'item': display the page + 'list': show admin's list of static pages (default) + 'home': display the site's homepage + 'admin': go to the "Admin Home" page, i.e. Command & Control +
atom_max_items	10	Max. number of static pages returned when an Atom feed is requested + through the webservices API.

The Geeklog Documentation Project
All trademarks and copyrights on this page are owned by their respective owners. Geeklog is copyleft. diff -r e7a542a82561 -r 8c489120d27e system/lib-plugins.php --- a/system/lib-plugins.php Sat Apr 11 18:52:02 2009 +0200 +++ b/system/lib-plugins.php Sat Apr 11 19:44:23 2009 +0200 @@ -2561,6 +2561,7 @@ * @param string $type plugin name * @param string $file documentation file being requested, e.g. 'config' * @return mixed URL or false / empty string when not available +* @link http://wiki.geeklog.net/index.php/PLG_getDocumentationUrl * @since Geeklog 1.6.0 * */ From geeklog-cvs at lists.geeklog.net Sun Apr 12 03:28:42 2009 From: geeklog-cvs at lists.geeklog.net (geeklog-cvs at lists.geeklog.net) Date: Sun, 12 Apr 2009 03:28:42 -0400 Subject: [geeklog-cvs] geeklog: Re-introduced function get_SPX_Ver in the install scrip... Message-ID: details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/19b279c51458 changeset: 6924:19b279c51458 user: Dirk Haun date: Sun Apr 12 09:21:52 2009 +0200 description: Re-introduced function get_SPX_Ver in the install script, which is still needed when upgrading from old Geeklog releases (reported by Sheila) diffstat: 2 files changed, 22 insertions(+) public_html/admin/install/lib-upgrade.php | 20 ++++++++++++++++++++ public_html/docs/history | 2 ++ diffs (42 lines): diff -r 8c489120d27e -r 19b279c51458 public_html/admin/install/lib-upgrade.php --- a/public_html/admin/install/lib-upgrade.php Sat Apr 11 19:44:23 2009 +0200 +++ b/public_html/admin/install/lib-upgrade.php Sun Apr 12 09:21:52 2009 +0200 @@ -710,6 +710,26 @@ return $retval; } +/** +* Check if the Spam-X plugin is already installed +* +* Note: Needed for upgrades from old versions - don't remove. +* +* @return int 1 = is installed, 0 = not installed +* +*/ +function get_SPX_Ver() +{ + global $_TABLES; + + $retval = 0; + + if (DB_count($_TABLES['plugins'], 'pi_name', 'spamx') == 1) { + $retval = 1; + } + + return $retval; +} /** * Run all the database queries from the update file. diff -r 8c489120d27e -r 19b279c51458 public_html/docs/history --- a/public_html/docs/history Sat Apr 11 19:44:23 2009 +0200 +++ b/public_html/docs/history Sun Apr 12 09:21:52 2009 +0200 @@ -11,6 +11,8 @@ + Comment moderation and editable comments, by Jared Wenerd Other changes: +- Re-introduced function get_SPX_Ver in the install script, which is still + needed when upgrading from old Geeklog releases (reported by Sheila) [Dirk] - New plugin API function PLG_getDocumentationUrl (feature request #0000848) [Dirk] - Fresh installs + MySQL only: Changed some tinyint fields that are only used From geeklog-cvs at lists.geeklog.net Sun Apr 12 05:12:08 2009 From: geeklog-cvs at lists.geeklog.net (geeklog-cvs at lists.geeklog.net) Date: Sun, 12 Apr 2009 05:12:08 -0400 Subject: [geeklog-cvs] geeklog: Make sure formerly optional config items can be disable... Message-ID: details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/4f787c061bda changeset: 6925:4f787c061bda user: Dirk Haun date: Sun Apr 12 11:11:10 2009 +0200 description: Make sure formerly optional config items can be disabled (bug #0000846) diffstat: 2 files changed, 38 insertions(+), 1 deletion(-) public_html/admin/install/lib-upgrade.php | 38 ++++++++++++++++++++++++++++- public_html/docs/history | 1 diffs (71 lines): diff -r 19b279c51458 -r 4f787c061bda public_html/admin/install/lib-upgrade.php --- a/public_html/admin/install/lib-upgrade.php Sun Apr 12 09:21:52 2009 +0200 +++ b/public_html/admin/install/lib-upgrade.php Sun Apr 12 11:11:10 2009 +0200 @@ -375,7 +375,8 @@ $tmp_path = $_CONF['path']; // We'll need this to remember what the correct path is. // Including config.php will overwrite all our $_CONF values. - require($tmp_path . 'config.php'); + require $tmp_path . 'config.php'; + // Load some important values from config.php into conf_values foreach ($_CONF as $key => $val) { $config->set($key, $val); @@ -466,6 +467,8 @@ update_ConfValues(); upgrade_addNewPermissions(); upgrade_addIsoFormat(); + + INST_fixOptionalConfig(); $current_gl_version = '1.6.0'; $_SQL = ''; @@ -863,4 +866,37 @@ return $failed; } +/** +* Make sure optional config options can be disabled +* +* Back when Geeklog used a config.php file, some of the comment options were +* commented out, i.e. they were optional. Make sure those options can still be +* disabled from the Configuration admin panel. +* +* @return void +* +*/ +function INST_fixOptionalConfig() +{ + global $_TABLES; + + // list of optional config options + $optional_config = array( + 'copyrightyear', 'debug_image_upload', 'default_photo', + 'force_photo_width', 'gravatar_rating', 'ip_lookup', 'language_files', + 'languages', 'path_to_mogrify', 'path_to_netpbm' + ); + + foreach ($optional_config as $name) { + $result = DB_query("SELECT value, default_value FROM {$_TABLES['conf_values']} WHERE name = '$name'"); + list($value, $default_value) = DB_fetchArray($result); + if ($value != 'unset') { + if (substr($default_value, 0, 6) != 'unset:') { + $unset = addslashes('unset:' . $default_value); + DB_query("UPDATE {$_TABLES['conf_values']} SET default_value = '$unset' WHERE name = '$name'"); + } + } + } +} + ?> diff -r 19b279c51458 -r 4f787c061bda public_html/docs/history --- a/public_html/docs/history Sun Apr 12 09:21:52 2009 +0200 +++ b/public_html/docs/history Sun Apr 12 11:11:10 2009 +0200 @@ -11,6 +11,7 @@ + Comment moderation and editable comments, by Jared Wenerd Other changes: +- Make sure formerly optional config items can be disabled (bug #0000846) [Dirk] - Re-introduced function get_SPX_Ver in the install script, which is still needed when upgrading from old Geeklog releases (reported by Sheila) [Dirk] - New plugin API function PLG_getDocumentationUrl (feature request #0000848) From geeklog-cvs at lists.geeklog.net Sun Apr 12 11:39:24 2009 From: geeklog-cvs at lists.geeklog.net (geeklog-cvs at lists.geeklog.net) Date: Sun, 12 Apr 2009 11:39:24 -0400 Subject: [geeklog-cvs] geeklog: Fixed function descriptions as best as I could Message-ID: details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/f794788d8253 changeset: 6926:f794788d8253 user: Dirk Haun date: Sun Apr 12 12:34:06 2009 +0200 description: Fixed function descriptions as best as I could diffstat: 1 file changed, 10 insertions(+), 1 deletion(-) system/lib-comment.php | 11 ++++++++++- diffs (51 lines): diff -r 4f787c061bda -r f794788d8253 system/lib-comment.php --- a/system/lib-comment.php Sun Apr 12 11:11:10 2009 +0200 +++ b/system/lib-comment.php Sun Apr 12 12:34:06 2009 +0200 @@ -1459,6 +1459,7 @@ * * @copyright Jared Wenerd 2008 * @author Jared Wenerd, wenerd87 AT gmail DOT com + * @param string $mode whether to store edited comment in the queue * @return string HTML (possibly a refresh) */ function CMT_handleEditSubmit($mode = null) @@ -1589,11 +1590,11 @@ return $comment; } + /** * Disables comments for all stories where current time is past comment expire time and * enables comments for certain number of most recent stories. * - * @param int cid comment id * @copyright Jared Wenerd 2008 * @author Jared Wenerd, wenerd87 AT gmail DOT com */ @@ -1617,11 +1618,18 @@ $sql = "UPDATE {$_TABLES['stories']} SET commentcode = 1 WHERE UNIX_TIMESTAMP(comment_expire) < UNIX_TIMESTAMP() AND UNIX_TIMESTAMP(comment_expire) <> 0"; DB_query($sql); } + /** * Rebuilds hierarchical data of comments after moderation using recursion. * * @copyright Jared Wenerd 2008 * @author Jared Wenerd, wenerd87 AT gmail DOT com + * @param string $sid id of object comment belongs to + * @param int $pid id of parent comment + * @param int $left id of left-hand successor + * @return int id of right-hand successor + * @see CMT_deleteComment + * */ function CMT_rebuildTree($sid, $pid = 0, $left = 0) { @@ -1639,6 +1647,7 @@ return $right+1; } + /** * Moves comment from submission table to comments table * From geeklog-cvs at lists.geeklog.net Sun Apr 12 11:39:25 2009 From: geeklog-cvs at lists.geeklog.net (geeklog-cvs at lists.geeklog.net) Date: Sun, 12 Apr 2009 11:39:25 -0400 Subject: [geeklog-cvs] geeklog: Use a more efficient implementation of Story::hasConten... Message-ID: details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/4978619d27c6 changeset: 6927:4978619d27c6 user: Dirk Haun date: Sun Apr 12 15:21:52 2009 +0200 description: Use a more efficient implementation of Story::hasContent (bug #0000858, patch provided by Maciej Cupial) diffstat: 2 files changed, 18 insertions(+), 4 deletions(-) public_html/docs/history | 2 ++ system/classes/story.class.php | 20 ++++++++++++++++---- diffs (49 lines): diff -r f794788d8253 -r 4978619d27c6 public_html/docs/history --- a/public_html/docs/history Sun Apr 12 12:34:06 2009 +0200 +++ b/public_html/docs/history Sun Apr 12 15:21:52 2009 +0200 @@ -11,6 +11,8 @@ + Comment moderation and editable comments, by Jared Wenerd Other changes: +- Use a more efficient implementation of Story::hasContent (bug #0000858, patch + provided by Maciej Cupial) - Make sure formerly optional config items can be disabled (bug #0000846) [Dirk] - Re-introduced function get_SPX_Ver in the install script, which is still needed when upgrading from old Geeklog releases (reported by Sheila) [Dirk] diff -r f794788d8253 -r 4978619d27c6 system/classes/story.class.php --- a/system/classes/story.class.php Sun Apr 12 12:34:06 2009 +0200 +++ b/system/classes/story.class.php Sun Apr 12 15:21:52 2009 +0200 @@ -344,9 +344,17 @@ */ function hasContent() { - $test = $this->_title . $this->_introtext . $this->_bodytext; - $test = trim($test); - return ($test != ''); + if (trim($this->_title) != '') { + return true; + } + if (trim($this->_introtext) != '') { + return true; + } + if (trim($this->_bodytext) != '') { + return true; + } + + return false; } /** @@ -386,7 +394,11 @@ } else { $this->_expire = '0'; } - $this->_comment_expire = $story['cmt_expire_unix']; + if (!empty($story['cmt_expire_unix'])) { + $this->_comment_expire = $story['cmt_expire_unix']; + } else { + $this->_comment_expire = '0'; + } // Store the original SID $this->_originalSid = $this->_sid; From geeklog-cvs at lists.geeklog.net Sun Apr 12 11:39:25 2009 From: geeklog-cvs at lists.geeklog.net (geeklog-cvs at lists.geeklog.net) Date: Sun, 12 Apr 2009 11:39:25 -0400 Subject: [geeklog-cvs] geeklog: Slightly faster template class (feature request #000076... Message-ID: details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/4aa10bdc1ff6 changeset: 6928:4aa10bdc1ff6 user: Dirk Haun date: Sun Apr 12 16:15:38 2009 +0200 description: Slightly faster template class (feature request #0000760, patches provided by dengen and mystral-kk) diffstat: 2 files changed, 47 insertions(+), 84 deletions(-) public_html/docs/history | 2 system/classes/template.class.php | 129 ++++++++++++------------------------- diffs (truncated from 402 to 300 lines): diff -r 4978619d27c6 -r 4aa10bdc1ff6 public_html/docs/history --- a/public_html/docs/history Sun Apr 12 15:21:52 2009 +0200 +++ b/public_html/docs/history Sun Apr 12 16:15:38 2009 +0200 @@ -11,6 +11,8 @@ + Comment moderation and editable comments, by Jared Wenerd Other changes: +- Slightly faster template class (feature request #0000760, patches provided + by dengen and mystral-kk) - Use a more efficient implementation of Story::hasContent (bug #0000858, patch provided by Maciej Cupial) - Make sure formerly optional config items can be disabled (bug #0000846) [Dirk] diff -r 4978619d27c6 -r 4aa10bdc1ff6 system/classes/template.class.php --- a/system/classes/template.class.php Sun Apr 12 15:21:52 2009 +0200 +++ b/system/classes/template.class.php Sun Apr 12 16:15:38 2009 +0200 @@ -66,7 +66,7 @@ * @var string * @access public */ - var $classname = "Template"; + var $classname = 'Template'; /** * Determines how much debugging output Template will produce. @@ -91,7 +91,7 @@ * @access private * @see set_root */ - var $root = "."; + var $root = '.'; /** * A hash of strings forming a translation table which translates variable names @@ -103,17 +103,6 @@ * @see set_file */ var $file = array(); - - /** - * A hash of strings forming a translation table which translates variable names - * into regular expressions for themselves. - * $varkeys[varname] = "/varname/" - * - * @var array - * @access private - * @see set_var - */ - var $varkeys = array(); /** * A hash of strings forming a translation table which translates variable names @@ -133,7 +122,7 @@ * @access private * @see set_unknowns */ - var $unknowns = "remove"; + var $unknowns = 'remove'; /** * Determines how Template handles error conditions. @@ -145,7 +134,7 @@ * @access public * @see halt */ - var $halt_on_error = "yes"; + var $halt_on_error = 'yes'; /** * The last error message is retained in this variable. @@ -154,7 +143,7 @@ * @access public * @see halt */ - var $last_error = ""; + var $last_error = ''; /****************************************************************************** * Class constructor. May be called with two optional parameters. @@ -170,7 +159,7 @@ * @access public * @return void */ - function Template($root = ".", $unknowns = "remove") { + function Template($root = '.', $unknowns = 'remove') { if ($this->debug & 4) { echo "

Template: root = $root, unknowns = $unknowns

\n"; } @@ -228,7 +217,7 @@ * @access public * @return void */ - function set_unknowns($unknowns = "remove") { + function set_unknowns($unknowns = 'remove') { if ($this->debug & 4) { echo "

unknowns: unknowns = $unknowns

\n"; } @@ -257,12 +246,12 @@ * @access public * @return boolean */ - function set_file($varname, $filename = "") { + function set_file($varname, $filename = '') { if (!is_array($varname)) { if ($this->debug & 4) { echo "

set_file: (with scalar) varname = $varname, filename = $filename

\n"; } - if ($filename == "") { + if ($filename == '') { $this->halt("set_file: For varname $varname filename is empty."); return false; } @@ -272,7 +261,7 @@ if ($this->debug & 4) { echo "

set_file: (with array) varname = $v, filename = $f

\n"; } - if ($f == "") { + if ($f == '') { $this->halt("set_file: For varname $v filename is empty."); return false; } @@ -287,7 +276,7 @@ * A variable $parent may contain a variable block defined by: *  content . This function removes * that block from $parent and replaces it with a variable reference named $name. - * The block is inserted into the varkeys and varvals hashes. If $name is + * The block is inserted into the varvals hashes. If $name is * omitted, it is assumed to be the same as $varname. * * Blocks may be nested but care must be taken to extract the blocks in order @@ -303,7 +292,7 @@ * @access public * @return boolean */ - function set_block($parent, $varname, $name = "") { + function set_block($parent, $varname, $name = '') { if ($this->debug & 4) { echo "

set_block: parent = $parent, varname = $varname, name = $name

\n"; } @@ -311,14 +300,14 @@ $this->halt("set_block: unable to load $parent."); return false; } - if ($name == "") { + if ($name == '') { $name = $varname; } $str = $this->get_var($parent); $reg = "/[ \t]*\s*?\n?(\s*.*?\n?)\s*\s*?\n?/sm"; preg_match_all($reg, $str, $m); - $str = preg_replace($reg, "{" . "$name}", $str); + $str = str_replace($m[0][0], '{' . $name . '}', $str); $this->set_var($varname, $m[1][0]); $this->set_var($parent, $str); return true; @@ -332,9 +321,9 @@ * an associative array with the key being the varname and the value being * the new variable value. * - * The function inserts the new value of the variable into the $varkeys and - * $varvals hashes. It is not necessary for a variable to exist in these hashes - * before calling this function. + * The function inserts the new value of the variable into the $varvals hashes. + * It is not necessary for a variable to exist in these hashes before calling + * this function. * * An optional third parameter allows the value for each varname to be appended * to the existing variable instead of replacing it. The default is to replace. @@ -351,13 +340,12 @@ * @access public * @return void */ - function set_var($varname, $value = "", $append = false) { + function set_var($varname, $value = '', $append = false) { if (!is_array($varname)) { if (!empty($varname)) { if ($this->debug & 1) { printf("set_var: (with scalar) %s = '%s'\n", $varname, htmlentities($value)); } - $this->varkeys[$varname] = "/".$this->varname($varname)."/"; if ($append && isset($this->varvals[$varname])) { $this->varvals[$varname] .= $value; } else { @@ -370,7 +358,6 @@ if ($this->debug & 1) { printf("set_var: (with array) %s = '%s'\n", $k, htmlentities($v)); } - $this->varkeys[$k] = "/".$this->varname($k)."/"; if ($append && isset($this->varvals[$k])) { $this->varvals[$k] .= $v; } else { @@ -388,9 +375,9 @@ * It may be called with either a varname as a string or an array with the * values being the varnames to be cleared. * - * The function sets the value of the variable in the $varkeys and $varvals - * hashes to "". It is not necessary for a variable to exist in these hashes - * before calling this function. + * The function sets the value of the variable in the $varvals hashes to "". + * It is not necessary for a variable to exist in these hashes before calling + * this function. * * * usage: clear_var(string $varname) @@ -407,7 +394,7 @@ if ($this->debug & 1) { printf("clear_var: (with scalar) %s\n", $varname); } - $this->set_var($varname, ""); + $this->set_var($varname, ''); } } else { foreach ($varname as $v) { @@ -415,7 +402,7 @@ if ($this->debug & 1) { printf("clear_var: (with array) %s\n", $v); } - $this->set_var($v, ""); + $this->set_var($v, ''); } } } @@ -447,7 +434,6 @@ if ($this->debug & 1) { printf("unset_var: (with scalar) %s\n", $varname); } - unset($this->varkeys[$varname]); unset($this->varvals[$varname]); } } else { @@ -456,7 +442,6 @@ if ($this->debug & 1) { printf("unset_var: (with array) %s\n", $v); } - unset($this->varkeys[$v]); unset($this->varvals[$v]); } } @@ -480,7 +465,6 @@ * @return string */ function subst($varname) { - $varvals_quoted = array(); if ($this->debug & 4) { echo "

subst: varname = $varname

\n"; } @@ -488,14 +472,13 @@ $this->halt("subst: unable to load $varname."); return false; } - - // quote the replacement strings to prevent bogus stripping of special chars - foreach ($this->varvals as $k => $v) { - $varvals_quoted[$k] = str_replace(array('\\', '$'), array('\\\\', '\\$'), $v); - } - + + $varkeys = array_map( + create_function('$a', 'return "{" . $a . "}";'), + array_keys($this->varvals) + ); $str = $this->get_var($varname); - $str = preg_replace($this->varkeys, $varvals_quoted, $str); + $str = str_replace($varkeys, array_values($this->varvals), $str); return $str; } @@ -530,9 +513,9 @@ * It may be called with either a target and a varname as two strings or a * target as a string and an array of variable names in varname. * - * The function inserts the new value of the variable into the $varkeys and - * $varvals hashes. It is not necessary for a variable to exist in these hashes - * before calling this function. + * The function inserts the new value of the variable into the $varvals hashes. + * It is not necessary for a variable to exist in these hashes before calling + * this function. * * An optional third parameter allows the value for each varname to be appended * to the existing target variable instead of replacing it. The default is to @@ -640,10 +623,7 @@ if ($this->debug & 4) { echo "

get_vars: constructing array of vars...

\n"; } - foreach ($this->varkeys as $k => $v) { - $result[$k] = $this->get_var($k); - } - return $result; + return $this->varvals; } @@ -670,7 +650,7 @@ if (isset($this->varvals[$varname])) { $str = $this->varvals[$varname]; } else { - $str = ""; + $str = ''; } if ($this->debug & 2) { From geeklog-cvs at lists.geeklog.net Sun Apr 12 11:39:26 2009 From: geeklog-cvs at lists.geeklog.net (geeklog-cvs at lists.geeklog.net) Date: Sun, 12 Apr 2009 11:39:26 -0400 Subject: [geeklog-cvs] geeklog: Forgot to fix trackback URLs during site migration Message-ID: details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/232159071876 changeset: 6929:232159071876 user: Dirk Haun date: Sun Apr 12 16:23:31 2009 +0200 description: Forgot to fix trackback URLs during site migration diffstat: 1 file changed, 1 insertion(+), 1 deletion(-) public_html/admin/install/migrate.php | 2 +- diffs (12 lines): diff -r 4aa10bdc1ff6 -r 232159071876 public_html/admin/install/migrate.php --- a/public_html/admin/install/migrate.php Sun Apr 12 16:15:38 2009 +0200 +++ b/public_html/admin/install/migrate.php Sun Apr 12 16:23:31 2009 +0200 @@ -61,7 +61,7 @@ 'stories' => 'sid, introtext, bodytext, related', 'storysubmission' => 'sid, introtext, bodytext', 'comments' => 'cid, comment', - 'trackback' => 'cid, excerpt', + 'trackback' => 'cid, excerpt, url', 'blocks' => 'bid, content' ); From geeklog-cvs at lists.geeklog.net Sun Apr 12 18:29:57 2009 From: geeklog-cvs at lists.geeklog.net (geeklog-cvs at lists.geeklog.net) Date: Sun, 12 Apr 2009 18:29:57 -0400 Subject: [geeklog-cvs] geeklog: Fixed unfiltered GET parameter when unsubscribing from ... Message-ID: details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/7bec51f9c947 changeset: 6931:7bec51f9c947 user: Dirk Haun date: Sun Apr 12 23:16:52 2009 +0200 description: Fixed unfiltered GET parameter when unsubscribing from comments diffstat: 1 file changed, 15 insertions(+), 6 deletions(-) public_html/comment.php | 21 +++++++++++++++------ diffs (58 lines): diff -r 6a32420ccd94 -r 7bec51f9c947 public_html/comment.php --- a/public_html/comment.php Sun Apr 12 19:56:19 2009 +0200 +++ b/public_html/comment.php Sun Apr 12 23:16:52 2009 +0200 @@ -335,8 +335,8 @@ $mode = COM_applyFilter ($_REQUEST['mode']); } switch ($mode) { -case $LANG03[28]: //Preview Changes (for edit) -case $LANG03[34]: //Preview Submission changes (for edit) +case $LANG03[28]: // Preview Changes (for edit) +case $LANG03[34]: // Preview Submission changes (for edit) case $LANG03[14]: // Preview $display .= COM_siteHeader('menu', $LANG03[14]) . CMT_commentForm (strip_tags ($_POST['title']), $_POST['comment'], @@ -346,8 +346,9 @@ COM_applyFilter ($_POST['postmode'])) . COM_siteFooter(); break; -case $LANG03[35]: //Submit Changes to Moderation table -case $LANG03[29]: //Submit Changes + +case $LANG03[35]: // Submit Changes to Moderation table +case $LANG03[29]: // Submit Changes if (SEC_checkToken()) { $display .= CMT_handleEditSubmit($mode); } else { @@ -390,10 +391,12 @@ $display .= COM_refresh($_CONF['site_url'] . '/index.php'); } break; + case 'editsubmission': if (!SEC_hasRights('comment.moderate')) { break; } + // deliberate fall-through case 'edit': if (SEC_checkToken()) { $display .= handleEdit($mode); @@ -401,10 +404,16 @@ $display .= COM_refresh($_CONF['site_url'] . '/index.php'); } break; + case 'unsubscribe': - DB_delete($_TABLES['commentnotifications'],'deletehash', - $_GET['key'],$_CONF['site_url'] . '/index.php?msg=16'); + $key = COM_applyFilter($_GET['key']); + if (! empty($key)) { + $key = addslashes($key); + DB_delete($_TABLES['commentnotifications'], 'deletehash', + $key, $_CONF['site_url'] . '/index.php?msg=16'); + } break; + default: // New Comment $abort = false; $sid = COM_applyFilter ($_REQUEST['sid']); From geeklog-cvs at lists.geeklog.net Sun Apr 12 18:29:56 2009 From: geeklog-cvs at lists.geeklog.net (geeklog-cvs at lists.geeklog.net) Date: Sun, 12 Apr 2009 18:29:56 -0400 Subject: [geeklog-cvs] geeklog: Fixed wrong username display when editing someone else'... Message-ID: details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/6a32420ccd94 changeset: 6930:6a32420ccd94 user: Dirk Haun date: Sun Apr 12 19:56:19 2009 +0200 description: Fixed wrong username display when editing someone else's comments; also fixed some E_ALL errors diffstat: 2 files changed, 82 insertions(+), 61 deletions(-) public_html/comment.php | 6 +- system/lib-comment.php | 137 +++++++++++++++++++++++++++-------------------- diffs (286 lines): diff -r 232159071876 -r 6a32420ccd94 public_html/comment.php --- a/public_html/comment.php Sun Apr 12 16:23:31 2009 +0200 +++ b/public_html/comment.php Sun Apr 12 19:56:19 2009 +0200 @@ -268,7 +268,7 @@ */ function handleEdit($mode) { - global $_TABLES; $LANG03; + global $_TABLES, $LANG03; //get needed data $cid = COM_applyFilter ($_REQUEST['cid']); @@ -315,8 +315,8 @@ } return COM_siteHeader('menu', $LANG03[1]) - . CMT_commentForm($title, $commenttext, $sid, - COM_applyFilter($_REQUEST['pid'], true), $type, $mode, $postmode) + . CMT_commentForm($title, $commenttext, $sid, $cid, $type, $mode, + $postmode) . COM_siteFooter(); } diff -r 232159071876 -r 6a32420ccd94 system/lib-comment.php --- a/system/lib-comment.php Sun Apr 12 16:23:31 2009 +0200 +++ b/system/lib-comment.php Sun Apr 12 19:56:19 2009 +0200 @@ -243,23 +243,30 @@ } // Make sure we have a default value for comment indentation - if( !isset( $_CONF['comment_indent'] )) { + if (!isset($_CONF['comment_indent'])) { $_CONF['comment_indent'] = 25; } - if( $preview ) { + if ($preview) { $A = $comments; - if( empty( $A['nice_date'] )) { + if (empty( $A['nice_date'])) { $A['nice_date'] = time(); } - if( !isset( $A['cid'] )) { + if (!isset($A['cid'])) { $A['cid'] = 0; } - if( !isset( $A['photo'] )) { - if( isset( $_USER['photo'] )) { + if (!isset($A['photo'])) { + if (isset($_USER['photo'])) { $A['photo'] = $_USER['photo']; } else { $A['photo'] = ''; + } + } + if (! isset($A['email'])) { + if (isset($_USER['email'])) { + $A['email'] = $_USER['email']; + } else { + $A['email'] = ''; } } $mode = 'flat'; @@ -267,7 +274,7 @@ $A = DB_fetchArray( $comments ); } - if( empty( $A ) ) { + if (empty($A)) { return ''; } @@ -275,29 +282,31 @@ if ($delete_option && !$preview) { $token = SEC_createToken(); } - - //check for comment edit - + + // check for comment edit + $row = 1; do { - //check for comment edit + // check for comment edit $commentedit = DB_query("SELECT cid,uid,UNIX_TIMESTAMP(time) AS time FROM {$_TABLES['commentedits']} WHERE cid = {$A['cid']}"); $B = DB_fetchArray($commentedit); if ($B) { //comment edit present - //get correct editor name + // get correct editor name if ($A['uid'] == $B['uid']) { $editname = $A['username']; } else { - $editname = DB_getItem($_TABLES['users'], 'username', "uid={$B['cid']}"); + $editname = DB_getItem($_TABLES['users'], 'username', + "uid={$B['uid']}"); } - //add edit info to text - $A['comment'] .= LB . '' . $LANG03[30] . ' ' - . strftime($_CONF['date'],$B['time']) . ' ' . $LANG03[31] . ' ' - . $editname . ''; + // add edit info to text + $A['comment'] .= LB . '' . $LANG03[30] + . ' ' . strftime($_CONF['date'], $B['time']) . ' ' + . $LANG03[31] . ' ' . $editname + . ''; } - + // determines indentation for current comment - if( $mode == 'threaded' || $mode == 'nested' ) { + if ($mode == 'threaded' || $mode == 'nested') { $indent = ($A['indent'] - $A['pindent']) * $_CONF['comment_indent']; } @@ -308,19 +317,23 @@ $template->set_var('cid', $A['cid']); $template->set_var('cssid', $row % 2); - if( $A['uid'] > 1 ) { - $fullname = COM_getDisplayName( $A['uid'], $A['username'], - $A['fullname'] ); - $template->set_var( 'author_fullname', $fullname ); - $template->set_var( 'author', $fullname ); + if ($A['uid'] > 1) { + $fullname = ''; + if (! empty($A['fullname'])) { + $fullname = $A['fullname']; + } + $fullname = COM_getDisplayName($A['uid'], $A['username'], + $fullname); + $template->set_var('author_fullname', $fullname); + $template->set_var('author', $fullname); $alttext = $fullname; $photo = ''; - if( $_CONF['allow_user_photo'] ) { - if (isset ($A['photo']) && empty ($A['photo'])) { + if ($_CONF['allow_user_photo']) { + if (isset ($A['photo']) && empty($A['photo'])) { $A['photo'] = '(none)'; } - $photo = USER_getPhoto( $A['uid'], $A['photo'], $A['email'] ); + $photo = USER_getPhoto($A['uid'], $A['photo'], $A['email']); } if( !empty( $photo )) { $template->set_var( 'author_photo', $photo ); @@ -715,7 +728,7 @@ $commentuid = $uid; $table = $_TABLES['comments']; - if ( ($mode == 'edit' || $mode == $LANG03[28]) && isset($_REQUEST['cid']) ) { + if (($mode == 'edit' || $mode == $LANG03[28]) && isset($_REQUEST['cid'])) { $cid = COM_applyFilter ($_REQUEST['cid']); $commentuid = DB_getItem ($_TABLES['comments'], 'uid', "cid = '$cid'"); } elseif ($mode == 'editsubmission' || $mode == $LANG03[34]) { @@ -724,8 +737,8 @@ $table = $_TABLES['commentsubmissions']; } - if (empty($_USER['username']) && - (($_CONF['loginrequired'] == 1) || ($_CONF['commentsloginrequired'] == 1))) { + if (COM_isAnonUser() && + (($_CONF['loginrequired'] == 1) || ($_CONF['commentsloginrequired'] == 1))) { $retval .= COM_startBlock ($LANG_LOGIN[1], '', COM_getBlockTemplate ('_msg_block', 'header')); $loginreq = new Template($_CONF['path_layout'] . 'submit'); @@ -743,12 +756,13 @@ } else { COM_clearSpeedlimit ($_CONF['commentspeedlimit'], 'comment'); + $last = 0; if ($mode != 'edit' && $mode != 'editsubmission' - && $mode != $LANG03[28] && $mode != $LANG03[34]) { - //not edit mode or preview changes + && $mode != $LANG03[28] && $mode != $LANG03[34]) { + // not edit mode or preview changes $last = COM_checkSpeedlimit ('comment'); } - + if ($last > 0) { $retval .= COM_startBlock ($LANG12[26], '', COM_getBlockTemplate ('_msg_block', 'header')) @@ -828,13 +842,13 @@ } } - //correct time and username for edit preview - if ($mode == $LANG03[28] || $mode == $LANG03[34]) { - $A['nice_date'] = DB_getItem ($table, - 'UNIX_TIMESTAMP(date)', "cid = '$cid'"); + // correct time and username for edit preview + if (($mode == $LANG03[28]) || ($mode == $LANG03[34])) { + $A['nice_date'] = DB_getItem($table, 'UNIX_TIMESTAMP(date)', + "cid = '$cid'"); if ($_USER['uid'] != $commentuid) { - $A['username'] = DB_getItem ($_TABLES['users'], - 'username', "uid = $commentuid"); + $uresult = DB_query("SELECT username, fullname, email, photo FROM {$_TABLES['users']} WHERE uid = $commentuid"); + $A = array_merge($A, DB_fetchArray($uresult)); } } if (empty ($A['username'])) { @@ -875,39 +889,30 @@ $comment_template->set_var('sid', $sid); $comment_template->set_var('pid', $pid); $comment_template->set_var('type', $type); - + $formurl = $_CONF['site_url'] . '/comment.php'; if ($mode == 'edit' || $mode == $LANG03[28]) { //edit modes - $comment_template->set_var('start_block_postacomment', COM_startBlock($LANG03[32])); + $comment_template->set_var('start_block_postacomment', + COM_startBlock($LANG03[32])); $comment_template->set_var('cid', ''); } else if ($mode == 'editsubmission' || $mode == $LANG03[34]) { - $comment_template->set_var('start_block_postacomment', COM_startBlock($LANG03[33])); - //$formurl = $_CONF['site_admin_url'] . '/comment.php'; + $comment_template->set_var('start_block_postacomment', + COM_startBlock($LANG03[33])); $comment_template->set_var('cid', ''); } else { - $comment_template->set_var('start_block_postacomment', COM_startBlock($LANG03[1])); + $comment_template->set_var('start_block_postacomment', + COM_startBlock($LANG03[1])); $comment_template->set_var('cid', ''); } $comment_template->set_var('form_url', $formurl); - - if (!empty($_USER['username'])) { - $comment_template->set_var('CSRF_TOKEN', SEC_createToken()); - $comment_template->set_var('uid', $_USER['uid']); - $name = COM_getDisplayName($_USER['uid'], $_USER['username'], - $_USER['fullname']); - $comment_template->set_var('username', $name); - $comment_template->set_var('action_url', - $_CONF['site_url'] . '/users.php?mode=logout'); - $comment_template->set_var('lang_logoutorcreateaccount', - $LANG03[03]); - } else { + if (COM_isAnonUser()) { // Anonymous user $comment_template->set_var('uid', 1); if (isset($A['username'])) { $name = $A['username']; // for preview } elseif (isset($_COOKIE[$_CONF['cookie_anon_name']])) { - //stored as cookie, name used before + // stored as cookie, name used before $name = htmlspecialchars(COM_checkWords(strip_tags( COM_stripslashes($_COOKIE[$_CONF['cookie_anon_name']])))); } else { @@ -921,6 +926,22 @@ $_CONF['site_url'] . '/users.php?mode=new'); $comment_template->set_var('lang_logoutorcreateaccount', $LANG03[04]); + } else { + if ($commentuid != $_USER['uid']) { + $uresult = DB_query("SELECT username, fullname FROM {$_TABLES['users']} WHERE uid = $commentuid"); + list($username, $fullname) = DB_fetchArray($uresult); + } else { + $username = $_USER['username']; + $fullname = $_USER['fullname']; + } + $comment_template->set_var('CSRF_TOKEN', SEC_createToken()); + $comment_template->set_var('uid', $commentuid); + $name = COM_getDisplayName($commentuid, $username, $fullname); + $comment_template->set_var('username', $name); + $comment_template->set_var('action_url', + $_CONF['site_url'] . '/users.php?mode=logout'); + $comment_template->set_var('lang_logoutorcreateaccount', + $LANG03[03]); } if ($postmode == 'html') { @@ -1659,7 +1680,7 @@ */ function CMT_approveModeration($cid) { - global $_TABLES; + global $_CONF, $_TABLES; $result = DB_query("SELECT type, sid, date, title, comment, uid, name, pid, ipaddress FROM {$_TABLES['commentsubmissions']} WHERE cid = '$cid'"); $A = DB_fetchArray($result); From geeklog-cvs at lists.geeklog.net Sun Apr 12 18:29:57 2009 From: geeklog-cvs at lists.geeklog.net (geeklog-cvs at lists.geeklog.net) Date: Sun, 12 Apr 2009 18:29:57 -0400 Subject: [geeklog-cvs] geeklog: Don't send comment notification when replying to self Message-ID: details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/462ba3404c2d changeset: 6932:462ba3404c2d user: Dirk Haun date: Sun Apr 12 23:42:22 2009 +0200 description: Don't send comment notification when replying to self diffstat: 1 file changed, 25 insertions(+), 21 deletions(-) system/lib-comment.php | 46 +++++++++++++++++++++++++--------------------- diffs (77 lines): diff -r 7bec51f9c947 -r 462ba3404c2d system/lib-comment.php --- a/system/lib-comment.php Sun Apr 12 23:16:52 2009 +0200 +++ b/system/lib-comment.php Sun Apr 12 23:42:22 2009 +0200 @@ -1161,12 +1161,11 @@ $cid = DB_insertId(); DB_unlockTable($_TABLES['comments']); - //notify of new comment + // notify of new comment if ($_CONF['allow_reply_notifications'] == 1 && $pid > 1 && $ret == 0) { - $result = DB_query ("SELECT cid, uid, deletehash FROM {$_TABLES['commentnotifications']} WHERE " - . "cid = $pid"); + $result = DB_query("SELECT cid, uid, deletehash FROM {$_TABLES['commentnotifications']} WHERE cid = $pid"); $A = DB_fetchArray($result); - if ($A <> false) { + if ($A !== false) { CMT_sendReplyNotification($A); } } @@ -1718,7 +1717,7 @@ if ($_CONF['allow_reply_notifications'] == 1 && $A['pid'] > 1) { $result = DB_query("SELECT cid, uid, deletehash FROM {$_TABLES['commentnotifications']} WHERE cid = {$A['pid']}"); $B = DB_fetchArray($result); - if ($B <> false) { + if ($B !== false) { CMT_sendReplyNotification($B); } } @@ -1729,27 +1728,32 @@ /** * Sends a notification of new comment reply * - * @param array contains cid, uid, and deletekey + * @param array $A contains cid, uid, and deletekey + * @param boolean $send_self send notification when replying to self? * @copyright Jared Wenerd 2008 * @author Jared Wenerd, wenerd87 AT gmail DOT com */ -function CMT_sendReplyNotification($A) +function CMT_sendReplyNotification($A, $send_self = false) { - global $_CONF, $_TABLES, $LANG03; - - $mailsubject = $_CONF['site_name'] . ': ' . $LANG03[37]; - - $mailbody = $LANG03[38] . LB . LB; - $mailbody .= $LANG03[39] . LB . $_CONF['site_url'] . '/comment.php?mode=view&cid=' - . $A['cid'] . '&format=nested' . LB . LB; - $mailbody .= $LANG03[40] . LB . $_CONF['site_url'] . '/comment.php?mode=unsubscribe&' - . 'key=' . $A['deletehash']; - - $email = DB_getItem($_TABLES['users'], 'email', "uid = {$A['uid']}"); - if (!empty($email)) { - COM_mail ($email, $mailsubject, $mailbody); + global $_CONF, $_TABLES, $_USER, $LANG03; + + if (($_USER['uid'] != $A['uid']) || $send_self) { + + $mailsubject = $_CONF['site_name'] . ': ' . $LANG03[37]; + + $mailbody = $LANG03[38] . LB . LB; + $mailbody .= $LANG03[39] . LB . $_CONF['site_url'] + . '/comment.php?mode=view&cid=' . $A['cid'] . '&format=nested' + . LB . LB; + $mailbody .= $LANG03[40] . LB . $_CONF['site_url'] + . '/comment.php?mode=unsubscribe&key=' . $A['deletehash']; + + $email = DB_getItem($_TABLES['users'], 'email', "uid = {$A['uid']}"); + if (!empty($email)) { + COM_mail($email, $mailsubject, $mailbody); + } + } - } ?> From geeklog-cvs at lists.geeklog.net Mon Apr 13 03:18:17 2009 From: geeklog-cvs at lists.geeklog.net (geeklog-cvs at lists.geeklog.net) Date: Mon, 13 Apr 2009 03:18:17 -0400 Subject: [geeklog-cvs] geeklog: Fixed handling of empty id in autotags Message-ID: details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/2be2c5fff798 changeset: 6933:2be2c5fff798 user: Dirk Haun date: Mon Apr 13 08:47:58 2009 +0200 description: Fixed handling of empty id in autotags diffstat: 4 files changed, 55 insertions(+), 45 deletions(-) plugins/calendar/functions.inc | 20 +++++++++++--------- plugins/links/functions.inc | 36 +++++++++++++++++++----------------- plugins/staticpages/functions.inc | 34 +++++++++++++++++++--------------- system/lib-plugins.php | 10 ++++++---- diffs (147 lines): diff -r 462ba3404c2d -r 2be2c5fff798 plugins/calendar/functions.inc --- a/plugins/calendar/functions.inc Sun Apr 12 23:42:22 2009 +0200 +++ b/plugins/calendar/functions.inc Mon Apr 13 08:47:58 2009 +0200 @@ -1104,16 +1104,18 @@ if ($op == 'tagname' ) { return 'event'; } else if ($op == 'parse') { - $eid = COM_applyFilter ($autotag['parm1']); - $url = $_CONF['site_url'] . '/calendar/event.php?eid=' . $eid; - if (empty ($autotag['parm2'])) { - $linktext = stripslashes (DB_getItem ($_TABLES['events'], - 'title', "eid = '$eid'")); - } else { - $linktext = $autotag['parm2']; + $eid = COM_applyFilter($autotag['parm1']); + if (! empty($eid)) { + $url = $_CONF['site_url'] . '/calendar/event.php?eid=' . $eid; + if (empty ($autotag['parm2'])) { + $linktext = stripslashes (DB_getItem ($_TABLES['events'], + 'title', "eid = '$eid'")); + } else { + $linktext = $autotag['parm2']; + } + $link = COM_createLink($linktext, $url); + $content = str_replace ($autotag['tagstr'], $link, $content); } - $link = COM_createLink($linktext, $url); - $content = str_replace ($autotag['tagstr'], $link, $content); return $content; } diff -r 462ba3404c2d -r 2be2c5fff798 plugins/links/functions.inc --- a/plugins/links/functions.inc Sun Apr 12 23:42:22 2009 +0200 +++ b/plugins/links/functions.inc Mon Apr 13 08:47:58 2009 +0200 @@ -181,25 +181,27 @@ return 'link'; } else if ($op == 'parse') { $lid = COM_applyFilter($autotag['parm1']); - $url = COM_buildUrl($_CONF['site_url'] + if (! empty($lid)) { + $url = COM_buildUrl($_CONF['site_url'] . '/links/portal.php?what=link&item=' . $lid); - if (empty($autotag['parm2'])) { - $result = DB_query("SELECT url, title FROM {$_TABLES['links']} WHERE lid = '$lid'"); - list($siteurl, $linktext) = DB_fetchArray($result); - } else { - $linktext = $autotag['parm2']; - $siteurl = DB_getItem($_TABLES['links'], 'url', "lid = '$lid'"); + if (empty($autotag['parm2'])) { + $result = DB_query("SELECT url, title FROM {$_TABLES['links']} WHERE lid = '$lid'"); + list($siteurl, $linktext) = DB_fetchArray($result); + } else { + $linktext = $autotag['parm2']; + $siteurl = DB_getItem($_TABLES['links'], 'url', "lid = '$lid'"); + } + $class = 'ext-link'; + if ((!empty($LANG_DIRECTION)) && ($LANG_DIRECTION == 'rtl')) { + $class .= '-rtl'; + } + $attr = array( + 'title' => $siteurl, + 'class' => $class + ); + $link = COM_createLink($linktext, $url, $attr); + $content = str_replace($autotag['tagstr'], $link, $content); } - $class = 'ext-link'; - if ((!empty($LANG_DIRECTION)) && ($LANG_DIRECTION == 'rtl')) { - $class .= '-rtl'; - } - $attr = array( - 'title' => $siteurl, - 'class' => $class - ); - $link = COM_createLink($linktext, $url, $attr); - $content = str_replace($autotag['tagstr'], $link, $content); return $content; } diff -r 462ba3404c2d -r 2be2c5fff798 plugins/staticpages/functions.inc --- a/plugins/staticpages/functions.inc Sun Apr 12 23:42:22 2009 +0200 +++ b/plugins/staticpages/functions.inc Mon Apr 13 08:47:58 2009 +0200 @@ -943,25 +943,29 @@ } else if ($op == 'parse') { if ($autotag['tag'] == 'staticpage' ) { $sp_id = COM_applyFilter($autotag['parm1']); - $url = COM_buildUrl($_CONF['site_url'] + if (! empty($sp_is)) { + $url = COM_buildUrl($_CONF['site_url'] . '/staticpages/index.php?page=' . $sp_id); - if (empty($autotag['parm2'])) { - $linktext = stripslashes(DB_getItem ($_TABLES['staticpage'], - 'sp_title', "sp_id = '$sp_id'")); - } else { - $linktext = $autotag['parm2']; + if (empty($autotag['parm2'])) { + $linktext = stripslashes(DB_getItem($_TABLES['staticpage'], + 'sp_title', "sp_id = '$sp_id'")); + } else { + $linktext = $autotag['parm2']; + } + $link = COM_createLink($linktext, $url); + $content = str_replace($autotag['tagstr'], $link, $content); } - $link = COM_createLink($linktext, $url); - $content = str_replace($autotag['tagstr'], $link, $content); } else if ($autotag['tag'] == 'staticpage_content') { $sp_id = COM_applyFilter($autotag['parm1']); - if (isset($recursive[$sp_id])) { - $content = ''; - } else { - $recursive[$sp_id] = true; - $sp_content = SP_returnStaticpage($sp_id, 'autotag'); - $content = str_replace($autotag['tagstr'], $sp_content, - $content); + if (! empty($sp_id)) { + if (isset($recursive[$sp_id])) { + $content = ''; + } else { + $recursive[$sp_id] = true; + $sp_content = SP_returnStaticpage($sp_id, 'autotag'); + $content = str_replace($autotag['tagstr'], $sp_content, + $content); + } } } diff -r 462ba3404c2d -r 2be2c5fff798 system/lib-plugins.php --- a/system/lib-plugins.php Sun Apr 12 23:42:22 2009 +0200 +++ b/system/lib-plugins.php Mon Apr 13 08:47:58 2009 +0200 @@ -1618,10 +1618,12 @@ $linktext = $autotag['parm2']; if ($autotag['tag'] == 'story') { $autotag['parm1'] = COM_applyFilter ($autotag['parm1']); - $url = COM_buildUrl ($_CONF['site_url'] - . '/article.php?story=' . $autotag['parm1']); - if (empty ($linktext)) { - $linktext = stripslashes (DB_getItem ($_TABLES['stories'], 'title', "sid = '{$autotag['parm1']}'")); + if (! empty($autotag['parm1'])) { + $url = COM_buildUrl ($_CONF['site_url'] + . '/article.php?story=' . $autotag['parm1']); + if (empty ($linktext)) { + $linktext = stripslashes (DB_getItem ($_TABLES['stories'], 'title', "sid = '{$autotag['parm1']}'")); + } } } From geeklog-cvs at lists.geeklog.net Mon Apr 13 06:47:44 2009 From: geeklog-cvs at lists.geeklog.net (geeklog-cvs at lists.geeklog.net) Date: Mon, 13 Apr 2009 06:47:44 -0400 Subject: [geeklog-cvs] geeklog: Made the comment notification email a bit nicer and mor... Message-ID: details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/a815234a6238 changeset: 6934:a815234a6238 user: Dirk Haun date: Mon Apr 13 10:07:09 2009 +0200 description: Made the comment notification email a bit nicer and more personal diffstat: 3 files changed, 18 insertions(+), 12 deletions(-) language/english.php | 7 ++++--- language/english_utf-8.php | 7 ++++--- system/lib-comment.php | 16 ++++++++++------ diffs (62 lines): diff -r 2be2c5fff798 -r a815234a6238 language/english.php --- a/language/english.php Mon Apr 13 08:47:58 2009 +0200 +++ b/language/english.php Mon Apr 13 10:07:09 2009 +0200 @@ -215,9 +215,10 @@ 35 => 'Save Changes to Queue', 36 => 'Notify me of new replies', 37 => 'New Comment Reply', - 38 => 'Someone has replied to your comment.', - 39 => 'You may view the comment thread at the following address: ', - 40 => 'If you wish to receive no further notifications of replies, visit the following link: ' + 38 => "A reply has been made to your comment '%s'.", + 39 => 'You may view the comment thread at the following address:', + 40 => 'If you wish to receive no further notifications of replies, visit the following link:', + 41 => 'Hello %s,' ); ############################################################################### diff -r 2be2c5fff798 -r a815234a6238 language/english_utf-8.php --- a/language/english_utf-8.php Mon Apr 13 08:47:58 2009 +0200 +++ b/language/english_utf-8.php Mon Apr 13 10:07:09 2009 +0200 @@ -215,9 +215,10 @@ 35 => 'Save Changes to Queue', 36 => 'Notify me of new replies', 37 => 'New Comment Reply', - 38 => 'Someone has replied to your comment.', - 39 => 'You may view the comment thread at the following address: ', - 40 => 'If you wish to receive no further notifications of replies, visit the following link: ' + 38 => "A reply has been made to your comment '%s'.", + 39 => 'You may view the comment thread at the following address:', + 40 => 'If you wish to receive no further notifications of replies, visit the following link:', + 41 => 'Hello %s,' ); ############################################################################### diff -r 2be2c5fff798 -r a815234a6238 system/lib-comment.php --- a/system/lib-comment.php Mon Apr 13 08:47:58 2009 +0200 +++ b/system/lib-comment.php Mon Apr 13 10:07:09 2009 +0200 @@ -1739,14 +1739,18 @@ if (($_USER['uid'] != $A['uid']) || $send_self) { + $name = COM_getDisplayName($A['uid']); + $title = DB_getItem($_TABLES['comments'], 'title', "cid = {$A['cid']}"); + $commenturl = $_CONF['site_url'] . '/comment.php'; + $mailsubject = $_CONF['site_name'] . ': ' . $LANG03[37]; - $mailbody = $LANG03[38] . LB . LB; - $mailbody .= $LANG03[39] . LB . $_CONF['site_url'] - . '/comment.php?mode=view&cid=' . $A['cid'] . '&format=nested' - . LB . LB; - $mailbody .= $LANG03[40] . LB . $_CONF['site_url'] - . '/comment.php?mode=unsubscribe&key=' . $A['deletehash']; + $mailbody = sprintf($LANG03[41], $name) . LB . LB; + $mailbody .= sprintf($LANG03[38], $title) . LB . LB; + $mailbody .= $LANG03[39] . LB . '<' . $commenturl . '?mode=view&cid=' + . $A['cid'] . '&format=nested' . '>' . LB . LB; + $mailbody .= $LANG03[40] . LB . '<' . $commenturl + . '?mode=unsubscribe&key=' . $A['deletehash'] . '>' . LB; $email = DB_getItem($_TABLES['users'], 'email', "uid = {$A['uid']}"); if (!empty($email)) { From geeklog-cvs at lists.geeklog.net Mon Apr 13 06:47:45 2009 From: geeklog-cvs at lists.geeklog.net (geeklog-cvs at lists.geeklog.net) Date: Mon, 13 Apr 2009 06:47:45 -0400 Subject: [geeklog-cvs] geeklog: Nicer handling of comment unsubcriptions Message-ID: details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/60b129e9336d changeset: 6935:60b129e9336d user: Dirk Haun date: Mon Apr 13 10:52:56 2009 +0200 description: Nicer handling of comment unsubcriptions diffstat: 4 files changed, 63 insertions(+), 22 deletions(-) language/english.php | 6 +++- language/english_utf-8.php | 6 +++- public_html/comment.php | 19 +++++++++++++-- system/lib-comment.php | 54 +++++++++++++++++++++++++++++++------------- diffs (175 lines): diff -r a815234a6238 -r 60b129e9336d language/english.php --- a/language/english.php Mon Apr 13 10:07:09 2009 +0200 +++ b/language/english.php Mon Apr 13 10:52:56 2009 +0200 @@ -218,7 +218,9 @@ 38 => "A reply has been made to your comment '%s'.", 39 => 'You may view the comment thread at the following address:', 40 => 'If you wish to receive no further notifications of replies, visit the following link:', - 41 => 'Hello %s,' + 41 => 'Hello %s,', + 42 => 'Unsubscribe', + 43 => 'Unsubscribe from reply notifications' ); ############################################################################### @@ -1147,7 +1149,7 @@ 13 => 'Your topic has been successfully saved.', 14 => 'The topic and all its stories and blocks have been successfully deleted.', 15 => 'Your comment has been submitted for review and will be published when approved by a moderator.', - 16 => 'You have been unsubscribed. You will no longer be notified of new replies', + 16 => 'You have been unsubscribed. You will no longer be notified of new replies.', 17 => '', 18 => '', 19 => '', diff -r a815234a6238 -r 60b129e9336d language/english_utf-8.php --- a/language/english_utf-8.php Mon Apr 13 10:07:09 2009 +0200 +++ b/language/english_utf-8.php Mon Apr 13 10:52:56 2009 +0200 @@ -218,7 +218,9 @@ 38 => "A reply has been made to your comment '%s'.", 39 => 'You may view the comment thread at the following address:', 40 => 'If you wish to receive no further notifications of replies, visit the following link:', - 41 => 'Hello %s,' + 41 => 'Hello %s,', + 42 => 'Unsubscribe', + 43 => 'Unsubscribe from reply notifications' ); ############################################################################### @@ -1147,7 +1149,7 @@ 13 => 'Your topic has been successfully saved.', 14 => 'The topic and all its stories and blocks have been successfully deleted.', 15 => 'Your comment has been submitted for review and will be published when approved by a moderator.', - 16 => 'You have been unsubscribed. You will no longer be notified of new replies', + 16 => 'You have been unsubscribed. You will no longer be notified of new replies.', 17 => '', 18 => '', 19 => '', diff -r a815234a6238 -r 60b129e9336d public_html/comment.php --- a/public_html/comment.php Mon Apr 13 10:07:09 2009 +0200 +++ b/public_html/comment.php Mon Apr 13 10:52:56 2009 +0200 @@ -255,7 +255,10 @@ break; } - return COM_siteHeader('menu', $title) . $display . COM_siteFooter(); + return COM_siteHeader('menu', $title) + . COM_showMessageFromParameter() + . $display + . COM_siteFooter(); } /** @@ -406,12 +409,22 @@ break; case 'unsubscribe': + $cid = 0; $key = COM_applyFilter($_GET['key']); if (! empty($key)) { $key = addslashes($key); - DB_delete($_TABLES['commentnotifications'], 'deletehash', - $key, $_CONF['site_url'] . '/index.php?msg=16'); + $cid = DB_getItem($_TABLES['commentnotifications'], 'cid', + "deletehash = '$key'"); + if (! empty($cid)) { + $redirecturl = $_CONF['site_url'] + . '/comment.php?mode=view&cid=' . $cid + . '&format=nested&msg=16'; + DB_delete($_TABLES['commentnotifications'], 'deletehash', $key, + $redirecturl); + exit; + } } + $display = COM_refresh($_CONF['site_url'] . '/index.php'); break; default: // New Comment diff -r a815234a6238 -r 60b129e9336d system/lib-comment.php --- a/system/lib-comment.php Mon Apr 13 10:07:09 2009 +0200 +++ b/system/lib-comment.php Mon Apr 13 10:52:56 2009 +0200 @@ -415,27 +415,43 @@ $template->set_var( 'type', $A['type'] ); // COMMENT edit rights + $edit_option = false; if (isset($A['uid']) && isset($_USER['uid']) && ($_USER['uid'] == $A['uid']) && ($_CONF['comment_edit'] == 1) && ((time() - $A['nice_date']) < $_CONF['comment_edittime']) && (DB_getItem($_TABLES['comments'], 'COUNT(*)', "pid = {$A['cid']}") == 0)) { $edit_option = true; - if ( empty($token)) { + if (empty($token)) { $token = SEC_createToken(); } - } else if ( SEC_hasRights( 'comment.moderate' )) { + } elseif (SEC_hasRights('comment.moderate')) { $edit_option = true; - } else { - $edit_option = false; } - //edit link + // edit link + $edit = ''; if ($edit_option) { $editlink = $_CONF['site_url'] . '/comment.php?mode=edit&cid=' . $A['cid'] . '&sid=' . $A['sid'] . '&type=' . $type . '&' . CSRF_TOKEN . '=' . $token; - $edit = COM_createLink( $LANG01[4], $editlink) . ' | '; + $edit = COM_createLink($LANG01[4], $editlink) . ' | '; + } + + // unsubscribe link + $unsubscribe = ''; + if (($_CONF['allow_reply_notifications'] == 1) && !COM_isAnonUser() + && isset($A['uid']) && isset($_USER['uid']) + && ($_USER['uid'] == $A['uid'])) { + $hash = DB_getItem($_TABLES['commentnotifications'], 'deletehash', + "cid = {$A['cid']} AND uid = {$_USER['uid']}"); + if (! empty($hash)) { + $unsublink = $_CONF['site_url'] + . '/comment.php?mode=unsubscribe&key=' . $hash; + $unsubattr = array('title' => $LANG03[43]); + $unsubscribe = COM_createLink($LANG03[42], $unsublink, + $unsubattr) . ' | '; + } } // if deletion is allowed, displays delete link @@ -464,18 +480,26 @@ } } + if (! empty($unsubscribe)) { + $deloption .= $unsubscribe; + } + $template->set_var('delete_option', $deloption); } elseif ($edit_option) { - $template->set_var('delete_option', $edit); - } elseif (!empty( $_USER['username'])) { - $reportthis_link = $_CONF['site_url'] - . '/comment.php?mode=report&cid=' . $A['cid'] - . '&type=' . $type; - $report_attr = array('title' => $LANG01[110]); - $reportthis = COM_createLink($LANG01[109], $reportthis_link, $report_attr) . ' | '; - $template->set_var( 'delete_option', $reportthis ); + $template->set_var('delete_option', $edit . $unsubscribe); + } elseif (! COM_isAnonUser()) { + $reportthis = ''; + if ($A['uid'] != $_USER['uid']) { + $reportthis_link = $_CONF['site_url'] + . '/comment.php?mode=report&cid=' . $A['cid'] + . '&type=' . $type; + $report_attr = array('title' => $LANG01[110]); + $reportthis = COM_createLink($LANG01[109], $reportthis_link, + $report_attr) . ' | '; + } + $template->set_var('delete_option', $reportthis . $unsubscribe); } else { - $template->set_var( 'delete_option', '' ); + $template->set_var('delete_option', ''); } //and finally: format the actual text of the comment, but check only the text, not sig or edit From geeklog-cvs at lists.geeklog.net Mon Apr 13 06:47:45 2009 From: geeklog-cvs at lists.geeklog.net (geeklog-cvs at lists.geeklog.net) Date: Mon, 13 Apr 2009 06:47:45 -0400 Subject: [geeklog-cvs] geeklog: Minor HTML fix Message-ID: details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/135118e76d96 changeset: 6936:135118e76d96 user: Dirk Haun date: Mon Apr 13 11:30:14 2009 +0200 description: Minor HTML fix diffstat: 1 file changed, 1 insertion(+), 1 deletion(-) public_html/layout/professional/preferences/deleteaccount.thtml | 2 +- diffs (12 lines): diff -r 60b129e9336d -r 135118e76d96 public_html/layout/professional/preferences/deleteaccount.thtml --- a/public_html/layout/professional/preferences/deleteaccount.thtml Mon Apr 13 10:52:56 2009 +0200 +++ b/public_html/layout/professional/preferences/deleteaccount.thtml Mon Apr 13 11:30:14 2009 +0200 @@ -5,7 +5,7 @@

- + {captcha} diff -r 30016d8c4d9c -r e585b2e59749 public_html/layout/professional/comment/commentform_advanced.thtml --- a/public_html/layout/professional/comment/commentform_advanced.thtml Mon Apr 13 11:36:37 2009 +0200 +++ b/public_html/layout/professional/comment/commentform_advanced.thtml Mon Apr 13 11:52:14 2009 +0200 @@ -40,7 +40,7 @@ - {allowed_html} + {allowed_html} {captcha} diff -r 30016d8c4d9c -r e585b2e59749 public_html/layout/professional/submit/submitstory.thtml --- a/public_html/layout/professional/submit/submitstory.thtml Mon Apr 13 11:36:37 2009 +0200 +++ b/public_html/layout/professional/submit/submitstory.thtml Mon Apr 13 11:52:14 2009 +0200 @@ -30,7 +30,7 @@ - {allowed_html} + {allowed_html} {captcha} diff -r 30016d8c4d9c -r e585b2e59749 public_html/layout/professional/submit/submitstory_advanced.thtml --- a/public_html/layout/professional/submit/submitstory_advanced.thtml Mon Apr 13 11:36:37 2009 +0200 +++ b/public_html/layout/professional/submit/submitstory_advanced.thtml Mon Apr 13 11:52:14 2009 +0200 @@ -38,7 +38,7 @@ - {allowed_html} + {allowed_html} {captcha} From geeklog-cvs at lists.geeklog.net Mon Apr 13 12:05:18 2009 From: geeklog-cvs at lists.geeklog.net (geeklog-cvs at lists.geeklog.net) Date: Mon, 13 Apr 2009 12:05:18 -0400 Subject: [geeklog-cvs] geeklog: Re-introduced function get_SPX_Ver in the install scrip... Message-ID: details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/0bea4f397e63 changeset: 6940:0bea4f397e63 user: Dirk Haun date: Sun Apr 12 09:30:19 2009 +0200 description: Re-introduced function get_SPX_Ver in the install script, which is still needed when upgrading from old Geeklog releases (reported by Sheila) diffstat: 1 file changed, 22 insertions(+) public_html/admin/install/index.php | 22 ++++++++++++++++++++++ diffs (32 lines): diff -r cb03b069c0f4 -r 0bea4f397e63 public_html/admin/install/index.php --- a/public_html/admin/install/index.php Sat Apr 04 16:26:52 2009 +0200 +++ b/public_html/admin/install/index.php Sun Apr 12 09:30:19 2009 +0200 @@ -136,6 +136,28 @@ break; } } + } + + return $retval; +} + + +/** +* Check if the Spam-X plugin is already installed +* +* Note: Needed for upgrades from old versions - don't remove. +* +* @return int 1 = is installed, 0 = not installed +* +*/ +function get_SPX_Ver() +{ + global $_TABLES; + + $retval = 0; + + if (DB_count($_TABLES['plugins'], 'pi_name', 'spamx') == 1) { + $retval = 1; } return $retval; From geeklog-cvs at lists.geeklog.net Mon Apr 13 12:05:18 2009 From: geeklog-cvs at lists.geeklog.net (geeklog-cvs at lists.geeklog.net) Date: Mon, 13 Apr 2009 12:05:18 -0400 Subject: [geeklog-cvs] geeklog: Filter username in webservices authentication Message-ID: details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/5d4ce27e033e changeset: 6941:5d4ce27e033e user: Dirk Haun date: Mon Apr 13 15:20:33 2009 +0200 description: Filter username in webservices authentication diffstat: 1 file changed, 3 insertions(+), 2 deletions(-) system/lib-webservices.php | 5 +++-- diffs (29 lines): diff -r 0bea4f397e63 -r 5d4ce27e033e system/lib-webservices.php --- a/system/lib-webservices.php Sun Apr 12 09:30:19 2009 +0200 +++ b/system/lib-webservices.php Mon Apr 13 15:20:33 2009 +0200 @@ -782,7 +782,7 @@ $status = -1; if (isset($_SERVER['PHP_AUTH_USER'])) { - $username = $_SERVER['PHP_AUTH_USER']; + $username = COM_applyBasicFilter($_SERVER['PHP_AUTH_USER']); $password = $_SERVER['PHP_AUTH_PW']; if ($WS_VERBOSE) { @@ -815,7 +815,7 @@ $key = trim($key); $val = trim($val, "\x22\x27"); if ($key == 'Username') { - $username = $val; + $username = COM_applyBasicFilter($val); } elseif ($key == 'PasswordDigest') { $pwdigest = $val; } elseif ($key == 'Created') { @@ -858,6 +858,7 @@ list($auth_type, $auth_data) = explode(' ', $_SERVER['REMOTE_USER']); list($username, $password) = explode(':', base64_decode($auth_data)); + $username = COM_applyBasicFilter($username); if ($WS_VERBOSE) { COM_errorLog("WS: Attempting to log in user '$username' (via \$_SERVER['REMOTE_USER'])"); From geeklog-cvs at lists.geeklog.net Mon Apr 13 12:05:19 2009 From: geeklog-cvs at lists.geeklog.net (geeklog-cvs at lists.geeklog.net) Date: Mon, 13 Apr 2009 12:05:19 -0400 Subject: [geeklog-cvs] geeklog: Updated version numbers and list of changes Message-ID: details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/bd0dc0217703 changeset: 6942:bd0dc0217703 user: Dirk Haun date: Mon Apr 13 15:57:21 2009 +0200 description: Updated version numbers and list of changes diffstat: 4 files changed, 22 insertions(+), 4 deletions(-) public_html/admin/install/index.php | 2 +- public_html/docs/changes.html | 7 +++++-- public_html/docs/history | 15 +++++++++++++++ public_html/siteconfig.php.dist | 2 +- diffs (68 lines): diff -r 5d4ce27e033e -r bd0dc0217703 public_html/admin/install/index.php --- a/public_html/admin/install/index.php Mon Apr 13 15:20:33 2009 +0200 +++ b/public_html/admin/install/index.php Mon Apr 13 15:57:21 2009 +0200 @@ -48,7 +48,7 @@ define("LB", "\n"); } if (!defined('VERSION')) { - define('VERSION', '1.5.2sr2'); + define('VERSION', '1.5.2sr3'); } if (!defined('XHTML')) { define('XHTML', ' /'); diff -r 5d4ce27e033e -r bd0dc0217703 public_html/docs/changes.html --- a/public_html/docs/changes.html Mon Apr 13 15:20:33 2009 +0200 +++ b/public_html/docs/changes.html Mon Apr 13 15:57:21 2009 +0200 @@ -16,12 +16,15 @@ ChangeLog. The file docs/changed-files has a list of files that have been changed since the last release.

Geeklog 1.5.2sr3

+ +

Bookoo of the Nine Situations Group posted another SQL injection exploit, this time targetting the webservices API. As with the previous issue, this allowed an attacker to extract the password hash for any account and is fixed with this release. + +

Geeklog 1.5.2sr2

Bookoo of the Nine Situations Group posted an SQL injection exploit for glFusion that also works with Geeklog. This issue allowed an attacker to extract the password hash for any account and is fixed with this release.

- -

Fernando Muñoz reported a possible XSS in the query form on most admin panels that we are fixing with this release.

Geeklog 1.5.2sr1

diff -r 5d4ce27e033e -r bd0dc0217703 public_html/docs/history --- a/public_html/docs/history Mon Apr 13 15:20:33 2009 +0200 +++ b/public_html/docs/history Mon Apr 13 15:57:21 2009 +0200 @@ -1,4 +1,19 @@ Geeklog History/Changes: + +Apr 13, 2009 (1.5.2sr3) +------------ + +This release addresses the following security issue: + +Bookoo of the Nine Situations Group posted another SQL injection exploit, this +time targetting the webservices API. As with the previous issue, this allowed +an attacker to extract the password hash for any account and is fixed with this +release. + +Not security-related: +- Re-introduced function get_SPX_Ver in the install script, which is still + needed when upgrading from old Geeklog releases (reported by Sheila) [Dirk] + Apr 4, 2009 (1.5.2sr2) ----------- diff -r 5d4ce27e033e -r bd0dc0217703 public_html/siteconfig.php.dist --- a/public_html/siteconfig.php.dist Mon Apr 13 15:20:33 2009 +0200 +++ b/public_html/siteconfig.php.dist Mon Apr 13 15:57:21 2009 +0200 @@ -38,7 +38,7 @@ define('LB',"\n"); } if (!defined('VERSION')) { - define('VERSION', '1.5.2sr2'); + define('VERSION', '1.5.2sr3'); } ?> From geeklog-cvs at lists.geeklog.net Mon Apr 13 12:05:19 2009 From: geeklog-cvs at lists.geeklog.net (geeklog-cvs at lists.geeklog.net) Date: Mon, 13 Apr 2009 12:05:19 -0400 Subject: [geeklog-cvs] geeklog: Added tag geeklog_1_5_2sr3 for changeset bd0dc0217703 Message-ID: details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/fd8a6d903a70 changeset: 6943:fd8a6d903a70 user: Dirk Haun date: Mon Apr 13 16:46:20 2009 +0200 description: Added tag geeklog_1_5_2sr3 for changeset bd0dc0217703 diffstat: 1 file changed, 1 insertion(+) .hgtags | 1 + diffs (8 lines): diff -r bd0dc0217703 -r fd8a6d903a70 .hgtags --- a/.hgtags Mon Apr 13 15:57:21 2009 +0200 +++ b/.hgtags Mon Apr 13 16:46:20 2009 +0200 @@ -4,3 +4,4 @@ 70c2ed57cfa5808ee0859f113dfa77d867720b5c geeklog_1_5_2_stable e8be41d4f5d184142659a2d74b15e400e8c542a7 geeklog_1_5_2sr1 0e10ca8cf00c66e1fe3a91eae50b4a1c41f9f133 geeklog_1_5_2sr2 +bd0dc021770325e55175a9caf131c4db336c7924 geeklog_1_5_2sr3 From geeklog-cvs at lists.geeklog.net Mon Apr 13 12:08:24 2009 From: geeklog-cvs at lists.geeklog.net (geeklog-cvs at lists.geeklog.net) Date: Mon, 13 Apr 2009 12:08:24 -0400 Subject: [geeklog-cvs] geeklog: Filter username in webservices authentication Message-ID: details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/8e5d4241718e changeset: 6944:8e5d4241718e user: Dirk Haun date: Mon Apr 13 15:20:33 2009 +0200 description: Filter username in webservices authentication diffstat: 1 file changed, 3 insertions(+), 2 deletions(-) system/lib-webservices.php | 5 +++-- diffs (29 lines): diff -r e585b2e59749 -r 8e5d4241718e system/lib-webservices.php --- a/system/lib-webservices.php Mon Apr 13 11:52:14 2009 +0200 +++ b/system/lib-webservices.php Mon Apr 13 15:20:33 2009 +0200 @@ -790,7 +790,7 @@ $status = -1; if (isset($_SERVER['PHP_AUTH_USER'])) { - $username = $_SERVER['PHP_AUTH_USER']; + $username = COM_applyBasicFilter($_SERVER['PHP_AUTH_USER']); $password = $_SERVER['PHP_AUTH_PW']; if ($WS_VERBOSE) { @@ -823,7 +823,7 @@ $key = trim($key); $val = trim($val, "\x22\x27"); if ($key == 'Username') { - $username = $val; + $username = COM_applyBasicFilter($val); } elseif ($key == 'PasswordDigest') { $pwdigest = $val; } elseif ($key == 'Created') { @@ -866,6 +866,7 @@ list($auth_type, $auth_data) = explode(' ', $_SERVER['REMOTE_USER']); list($username, $password) = explode(':', base64_decode($auth_data)); + $username = COM_applyBasicFilter($username); if ($WS_VERBOSE) { COM_errorLog("WS: Attempting to log in user '$username' (via \$_SERVER['REMOTE_USER'])"); From geeklog-cvs at lists.geeklog.net Mon Apr 13 12:08:25 2009 From: geeklog-cvs at lists.geeklog.net (geeklog-cvs at lists.geeklog.net) Date: Mon, 13 Apr 2009 12:08:25 -0400 Subject: [geeklog-cvs] geeklog: Sync list of changes with 1.5.2sr3 Message-ID: details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/23beb1e0bbb1 changeset: 6945:23beb1e0bbb1 user: Dirk Haun date: Mon Apr 13 18:08:11 2009 +0200 description: Sync list of changes with 1.5.2sr3 diffstat: 2 files changed, 20 insertions(+), 2 deletions(-) public_html/docs/changes.html | 5 +++++ public_html/docs/history | 17 +++++++++++++++-- diffs (49 lines): diff -r 8e5d4241718e -r 23beb1e0bbb1 public_html/docs/changes.html --- a/public_html/docs/changes.html Mon Apr 13 15:20:33 2009 +0200 +++ b/public_html/docs/changes.html Mon Apr 13 18:08:11 2009 +0200 @@ -35,6 +35,11 @@

The minimum PHP version required by Geeklog is now PHP 4.3.0. Given that the PHP team ended support for PHP 4 in August 2008, you should be looking into upgrading to PHP 5 anyway.

+ + +

Geeklog 1.5.2sr3

+ +

Geeklog 1.5.2sr2

diff -r 8e5d4241718e -r 23beb1e0bbb1 public_html/docs/history --- a/public_html/docs/history Mon Apr 13 15:20:33 2009 +0200 +++ b/public_html/docs/history Mon Apr 13 18:08:11 2009 +0200 @@ -16,8 +16,6 @@ - Use a more efficient implementation of Story::hasContent (bug #0000858, patch provided by Maciej Cupial) - Make sure formerly optional config items can be disabled (bug #0000846) [Dirk] -- Re-introduced function get_SPX_Ver in the install script, which is still - needed when upgrading from old Geeklog releases (reported by Sheila) [Dirk] - New plugin API function PLG_getDocumentationUrl (feature request #0000848) [Dirk] - Fresh installs + MySQL only: Changed some tinyint fields that are only used @@ -142,6 +140,21 @@ now [Dirk] - Display "successfully saved" and "successfully deleted" messages, just like every other plugin and built-in function does (bug #0000644) [Dirk] + + +Apr 13, 2009 (1.5.2sr3) +------------ + +This release addresses the following security issue: + +Bookoo of the Nine Situations Group posted another SQL injection exploit, this +time targetting the webservices API. As with the previous issue, this allowed +an attacker to extract the password hash for any account and is fixed with this +release. + +Not security-related: +- Re-introduced function get_SPX_Ver in the install script, which is still + needed when upgrading from old Geeklog releases (reported by Sheila) [Dirk] Apr 4, 2009 (1.5.2sr2) From geeklog-cvs at lists.geeklog.net Mon Apr 13 13:34:24 2009 From: geeklog-cvs at lists.geeklog.net (geeklog-cvs at lists.geeklog.net) Date: Mon, 13 Apr 2009 13:34:24 -0400 Subject: [geeklog-cvs] geeklog: Fixed dropdown for the "censor mode", which has more th... Message-ID: details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/ee900b120ca7 changeset: 6946:ee900b120ca7 user: Dirk Haun date: Mon Apr 13 19:31:28 2009 +0200 description: Fixed dropdown for the "censor mode", which has more than the two options offered previously (bug #0000692) diffstat: 4 files changed, 9 insertions(+), 1 deletion(-) public_html/admin/install/config-install.php | 2 +- public_html/docs/history | 2 ++ sql/updates/mssql_1.5.2_to_1.6.0.php | 3 +++ sql/updates/mysql_1.5.2_to_1.6.0.php | 3 +++ diffs (50 lines): diff -r 23beb1e0bbb1 -r ee900b120ca7 public_html/admin/install/config-install.php --- a/public_html/admin/install/config-install.php Mon Apr 13 18:08:11 2009 +0200 +++ b/public_html/admin/install/config-install.php Mon Apr 13 19:31:28 2009 +0200 @@ -331,7 +331,7 @@ $c->add('allowed_protocols',array('http','ftp','https'),'%text',7,34,NULL,1740,TRUE); $c->add('fs_censoring', NULL, 'fieldset', 7, 35, NULL, 0, TRUE); - $c->add('censormode',1,'select',7,35,0,1760,TRUE); + $c->add('censormode',1,'select',7,35,18,1760,TRUE); $c->add('censorreplace','*censored*','text',7,35,NULL,1770,TRUE); $c->add('censorlist', array('fuck','cunt','fucker','fucking','pussy','cock','c0ck',' cum ','twat','clit','bitch','fuk','fuking','motherfucker'),'%text',7,35,NULL,1780,TRUE); diff -r 23beb1e0bbb1 -r ee900b120ca7 public_html/docs/history --- a/public_html/docs/history Mon Apr 13 18:08:11 2009 +0200 +++ b/public_html/docs/history Mon Apr 13 19:31:28 2009 +0200 @@ -11,6 +11,8 @@ + Comment moderation and editable comments, by Jared Wenerd Other changes: +- Fixed dropdown for the "censor mode", which has more than the two options + offered previously (bug #0000692) [Mike, Maciej Cupial] - Slightly faster template class (feature request #0000760, patches provided by dengen and mystral-kk) - Use a more efficient implementation of Story::hasContent (bug #0000858, patch diff -r 23beb1e0bbb1 -r ee900b120ca7 sql/updates/mssql_1.5.2_to_1.6.0.php --- a/sql/updates/mssql_1.5.2_to_1.6.0.php Mon Apr 13 18:08:11 2009 +0200 +++ b/sql/updates/mssql_1.5.2_to_1.6.0.php Mon Apr 13 19:31:28 2009 +0200 @@ -74,6 +74,9 @@ // change default for num_search_results $thirty = addslashes(serialize(30)); DB_query("UPDATE {$_TABLES['conf_values']} SET value = '$thirty', default_value = '$thirty' WHERE name = 'num_search_results'"); + + // fix censormode dropdown + DB_query("UPDATE {$_TABLES['conf_values']} SET selectionArray = 18 WHERE name = 'censormode'"); $c = config::get_instance(); diff -r 23beb1e0bbb1 -r ee900b120ca7 sql/updates/mysql_1.5.2_to_1.6.0.php --- a/sql/updates/mysql_1.5.2_to_1.6.0.php Mon Apr 13 18:08:11 2009 +0200 +++ b/sql/updates/mysql_1.5.2_to_1.6.0.php Mon Apr 13 19:31:28 2009 +0200 @@ -73,6 +73,9 @@ // change default for num_search_results $thirty = addslashes(serialize(30)); DB_query("UPDATE {$_TABLES['conf_values']} SET value = '$thirty', default_value = '$thirty' WHERE name = 'num_search_results'"); + + // fix censormode dropdown + DB_query("UPDATE {$_TABLES['conf_values']} SET selectionArray = 18 WHERE name = 'censormode'"); $c = config::get_instance(); From geeklog-cvs at lists.geeklog.net Mon Apr 13 15:15:52 2009 From: geeklog-cvs at lists.geeklog.net (geeklog-cvs at lists.geeklog.net) Date: Mon, 13 Apr 2009 15:15:52 -0400 Subject: [geeklog-cvs] tools: Geeklog 1.5.2sr3 is the current version now Message-ID: details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/489a17895656 changeset: 31:489a17895656 user: Dirk Haun date: Mon Apr 13 21:15:39 2009 +0200 description: Geeklog 1.5.2sr3 is the current version now diffstat: 1 file changed, 15 insertions(+), 14 deletions(-) versionchecker/versionchecker.php | 29 +++++++++++++++-------------- diffs (47 lines): diff -r 4a84799526d6 -r 489a17895656 versionchecker/versionchecker.php --- a/versionchecker/versionchecker.php Sat Apr 11 11:25:40 2009 +0200 +++ b/versionchecker/versionchecker.php Mon Apr 13 21:15:39 2009 +0200 @@ -9,7 +9,7 @@

'1.3.11sr7-1', '1.3.11sr7' => '1.3.11sr7-1', */ - '1.4.0' => '1.5.2sr2', - '1.4.0sr1' => '1.5.2sr2', - '1.4.0sr2' => '1.5.2sr2', - '1.4.0sr3' => '1.5.2sr2', - '1.4.0sr4' => '1.5.2sr2', - '1.4.0sr5' => '1.5.2sr2', - '1.4.0sr5-1' => '1.5.2sr2', - '1.4.0sr6' => '1.5.2sr2', - '1.4.1' => '1.5.2sr2', + '1.4.0' => '1.5.2sr3', + '1.4.0sr1' => '1.5.2sr3', + '1.4.0sr2' => '1.5.2sr3', + '1.4.0sr3' => '1.5.2sr3', + '1.4.0sr4' => '1.5.2sr3', + '1.4.0sr5' => '1.5.2sr3', + '1.4.0sr5-1' => '1.5.2sr3', + '1.4.0sr6' => '1.5.2sr3', + '1.4.1' => '1.5.2sr3', - '1.5.0' => '1.5.2sr2', - '1.5.1' => '1.5.2sr2', - '1.5.2' => '1.5.2sr2', - '1.5.2sr1' => '1.5.2sr2' + '1.5.0' => '1.5.2sr3', + '1.5.1' => '1.5.2sr3', + '1.5.2' => '1.5.2sr3', + '1.5.2sr1' => '1.5.2sr3', + '1.5.2sr2' => '1.5.2sr3' ); $v = explode ('.', $version); From geeklog-cvs at lists.geeklog.net Thu Apr 16 09:38:10 2009 From: geeklog-cvs at lists.geeklog.net (geeklog-cvs at lists.geeklog.net) Date: Thu, 16 Apr 2009 09:38:10 -0400 Subject: [geeklog-cvs] geeklog: New plugin API function PLG_pluginStateChange Message-ID: details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/deca272b55c8 changeset: 6947:deca272b55c8 user: Dirk Haun date: Wed Apr 15 20:24:04 2009 +0200 description: New plugin API function PLG_pluginStateChange diffstat: 3 files changed, 56 insertions(+), 5 deletions(-) public_html/admin/plugins.php | 23 ++++++++++++++++++----- public_html/docs/history | 1 + system/lib-plugins.php | 37 +++++++++++++++++++++++++++++++++++++ diffs (152 lines): diff -r ee900b120ca7 -r deca272b55c8 public_html/admin/plugins.php --- a/public_html/admin/plugins.php Mon Apr 13 19:31:28 2009 +0200 +++ b/public_html/admin/plugins.php Wed Apr 15 20:24:04 2009 +0200 @@ -35,7 +35,7 @@ /** * This is the plugin administration page. Here you can install, uninstall, -* enable, disable, and upload plugins. +* upgrade, enable, disable, and upload plugins. * */ @@ -186,10 +186,12 @@ PLG_enableStateChange($P['pi_name'], true); DB_change($_TABLES['plugins'], 'pi_enabled', 1, 'pi_name', $P['pi_name']); + PLG_pluginStateChange($P['pi_name'], 'enabled'); } elseif (!isset($pi_name_arr[$P['pi_name']]) && $P['pi_enabled'] == 1) { // disable it PLG_enableStateChange($P['pi_name'], false); DB_change($_TABLES['plugins'], 'pi_enabled', 0, 'pi_name', $P['pi_name']); + PLG_pluginStateChange($P['pi_name'], 'disabled'); } } } @@ -223,13 +225,18 @@ $pi_gl_version = addslashes ($pi_gl_version); $pi_homepage = addslashes ($pi_homepage); - $currentState = DB_getItem ($_TABLES['plugins'], 'pi_enabled', - "pi_name= '{$pi_name}' LIMIT 1"); + $currentState = DB_getItem($_TABLES['plugins'], 'pi_enabled', + "pi_name= '{$pi_name}' LIMIT 1"); if ($currentState != $enabled) { - PLG_enableStateChange ($pi_name, ($enabled == 1) ? true : false); + PLG_enableStateChange($pi_name, ($enabled == 1) ? true : false); } - DB_save ($_TABLES['plugins'], 'pi_name, pi_version, pi_gl_version, pi_enabled, pi_homepage', "'$pi_name', '$pi_version', '$pi_gl_version', $enabled, '$pi_homepage'"); + DB_save($_TABLES['plugins'], 'pi_name, pi_version, pi_gl_version, pi_enabled, pi_homepage', "'$pi_name', '$pi_version', '$pi_gl_version', $enabled, '$pi_homepage'"); + + if ($currentState != $enabled) { + PLG_pluginStateChange($pi_name, + ($enabled == 1) ? 'enabled' : 'disabled'); + } $retval = COM_refresh($_CONF['site_admin_url'] . '/plugins.php?msg=28'); } else { @@ -357,6 +364,7 @@ $result = PLG_upgrade($pi_name); if ($result > 0 ) { if ($result === TRUE) { // Catch returns that are just true/false + PLG_pluginStateChange($pi_name, 'upgraded'); $retval .= COM_refresh($_CONF['site_admin_url'] . '/plugins.php?msg=60'); } else { // Plugin returned a message number @@ -396,6 +404,8 @@ } if (PLG_uninstall($pi_name)) { + PLG_pluginStateChange($pi_name, 'uninstalled'); + $retval = 45; // success msg } else { $retval = 95; // error msg @@ -749,6 +759,7 @@ ($code_version != $pi_version)) { $result = PLG_upgrade($dirname); if ($result === true) { + PLG_pluginStateChange($dirname, 'upgraded'); $msg = 60; // successfully updated } else { $msg_with_plugin_name = true; @@ -763,6 +774,7 @@ } elseif (file_exists($plg_path . 'autoinstall.php')) { // if the plugin has an autoinstall.php, install it now if (plugin_autoinstall($pi_name)) { + PLG_pluginStateChange($pi_name, 'installed'); $msg = 44; // successfully installed } else { $msg = 72; // an error occured while installing the plugin @@ -1207,6 +1219,7 @@ $plugin = COM_applyFilter($_GET['plugin']); } if (plugin_autoinstall($plugin)) { + PLG_pluginStateChange($plugin, 'installed'); $display .= COM_refresh($_CONF['site_admin_url'] . '/plugins.php?msg=44'); } else { diff -r ee900b120ca7 -r deca272b55c8 public_html/docs/history --- a/public_html/docs/history Mon Apr 13 19:31:28 2009 +0200 +++ b/public_html/docs/history Wed Apr 15 20:24:04 2009 +0200 @@ -11,6 +11,7 @@ + Comment moderation and editable comments, by Jared Wenerd Other changes: +- New plugin API function PLG_pluginStateChange [Dirk] - Fixed dropdown for the "censor mode", which has more than the two options offered previously (bug #0000692) [Mike, Maciej Cupial] - Slightly faster template class (feature request #0000760, patches provided diff -r ee900b120ca7 -r deca272b55c8 system/lib-plugins.php --- a/system/lib-plugins.php Mon Apr 13 19:31:28 2009 +0200 +++ b/system/lib-plugins.php Wed Apr 15 20:24:04 2009 +0200 @@ -353,6 +353,7 @@ * @param string $type Plugin name * @param boolean $enable true if enabling, false if disabling * @return boolean Returns true on success otherwise false +* @see PLG_pluginStateChange * */ function PLG_enableStateChange ($type, $enable) @@ -2575,4 +2576,40 @@ return PLG_callFunctionForOnePlugin($function, $args); } +/** +* Inform plugins when another plugin's state changed +* +* Unlike PLG_enableStateChange, this function is called after the state +* change. +* +* NOTE: You can not rely on being informed of state changes for 'installed', +* 'uninstalled', and 'upgraded', as these may happen in the plugin's install +* script, outside of Geeklog's control. +* +* @param string $type plugin name +* @param string $status new status: 'enabled', 'disabled', 'installed', 'uninstalled', 'upgraded' +* @return void +* @see PLG_enableStateChange +* @since Geeklog 1.6.0 +* +*/ +function PLG_pluginStateChange($type, $status) +{ + global $_PLUGINS; + + $args[1] = $type; + $args[2] = $status; + foreach ($_PLUGINS as $pi_name) { + if ($pi_name != $type) { + $function = 'plugin_pluginstatechange_' . $pi_name; + PLG_callFunctionForOnePlugin($function, $args); + } + } + + $function = 'CUSTOM_pluginstatechange'; + if (function_exists($function)) { + $function($type, $status); + } +} + ?> From geeklog-cvs at lists.geeklog.net Thu Apr 16 14:37:43 2009 From: geeklog-cvs at lists.geeklog.net (geeklog-cvs at lists.geeklog.net) Date: Thu, 16 Apr 2009 14:37:43 -0400 Subject: [geeklog-cvs] geeklog: Fixed create tables in MSSQL Mode. Message-ID: details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/b01aaa1858c2 changeset: 6948:b01aaa1858c2 user: Mike Jervis date: Thu Apr 16 19:37:23 2009 +0100 description: Fixed create tables in MSSQL Mode. diffstat: 1 file changed, 39 insertions(+), 32 deletions(-) sql/mssql_tableanddata.php | 71 ++++++++++++++++++++++++-------------------- diffs (101 lines): diff -r deca272b55c8 -r b01aaa1858c2 sql/mssql_tableanddata.php --- a/sql/mssql_tableanddata.php Wed Apr 15 20:24:04 2009 +0200 +++ b/sql/mssql_tableanddata.php Thu Apr 16 19:37:23 2009 +0100 @@ -73,16 +73,18 @@ ) ON [PRIMARY] "; -/* FIXME - MySQL syntax $_SQL[] = " -CREATE TABLE {$_TABLES['commentedits']} ( - cid int(10) NOT NULL, - uid mediumint(8) NOT NULL, - time datetime NOT NULL, - PRIMARY KEY (cid) -) TYPE=MyISAM +CREATE TABLE [dbo].[{$_TABLES['commentedits']}] ( + [cid] [int] NOT NULL, + [uid] [int] NOT NULL, + [time] [datetime] NOT NULL, +) ON [PRIMARY] "; -*/ + +$_SQL[] = " +ALTER TABLE [dbo].[{$_TABLES['commentedits']}] ADD CONSTRAINT +[PK_{$_TABLES['commentedits']}] PRIMARY KEY CLUSTERED ([cid]) ON [PRIMARY] +"; $_SQL[] = " CREATE TABLE [dbo].[{$_TABLES['commentmodes']}] ( @@ -91,17 +93,20 @@ ) ON [PRIMARY] "; -/* FIXME - MySQL syntax $_SQL[] = " -CREATE TABLE {$_TABLES['commentnotifications']} ( - cid int(10) default NULL, - uid mediumint(8) NOT NULL, - deletehash varchar(32) NOT NULL, - mid int(10) default NULL, - PRIMARY KEY (deletehash) -) TYPE=MyISAM +CREATE TABLE [dbo].[{$_TABLES['commentnotifications']}]( + [cid] [INT] NOT NULL, + [uid] [INT] NOT NULL, + [deletehash] [varchar] (32) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL, + [mid] [INT] DEFAULT NULL +) ON [PRIMARY] "; -*/ + +$_SQL[] = " +ALTER TABLE [dbo].[{$_TABLES['commentnotifications']}] ADD CONSTRAINT +[PK_{$_TABLES['commentnotifications']}] PRIMARY KEY CLUSTERED ([cid]) ON [PRIMARY] +"; + $_SQL[] = " CREATE TABLE [dbo].[{$_TABLES['comments']}] ( @@ -123,23 +128,25 @@ ) ON [PRIMARY] "; -/* FIXME - MySQL syntax $_SQL[] = " -CREATE TABLE {$_TABLES['commentsubmissions']} ( - cid int(10) unsigned NOT NULL auto_increment, - type varchar(30) NOT NULL default 'article', - sid varchar(40) NOT NULL, - date datetime default NULL, - title varchar(128) default NULL, - comment text, - uid mediumint(8) NOT NULL default '1', - name varchar(32) default NULL, - pid int(10) NOT NULL default '0', - ipaddress varchar(15) NOT NULL, - PRIMARY KEY (cid) -) TYPE=MyISAM +CREATE TABLE [dbo].[{$_TABLES['commentsubmissions']}] ( + [cid] [int] IDENTITY (1,1) NOT NULL, + [type] [varchar] (30) NOT NULL default 'article', + [sid] [varchar](40) NOT NULL, + [date] [datetime] default NULL, + [title] [varchar] (128) default NULL, + [comment] [NTEXT], + [uid] [INT] NOT NULL default '1', + [name] [varchar] (32) default NULL, + [pid] [INT] NOT NULL default '0', + [ipaddress] [varchar](15) NOT NULL +) ON [PRIMARY] "; -*/ + +$_SQL[] = " +ALTER TABLE [dbo].[{$_TABLES['commentsubmissions']}] ADD CONSTRAINT +[PK_{$_TABLES['commentsubmissions']}] PRIMARY KEY CLUSTERED ([cid]) ON [PRIMARY] +"; $_SQL[] = " CREATE TABLE [dbo].[{$_TABLES['conf_values']}] ( From geeklog-cvs at lists.geeklog.net Thu Apr 16 14:43:30 2009 From: geeklog-cvs at lists.geeklog.net (geeklog-cvs at lists.geeklog.net) Date: Thu, 16 Apr 2009 14:43:30 -0400 Subject: [geeklog-cvs] geeklog: Upgrade MSSQL support Message-ID: details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/c55adbf4e2d4 changeset: 6949:c55adbf4e2d4 user: Mike Jervis date: Thu Apr 16 19:43:08 2009 +0100 description: Upgrade MSSQL support diffstat: 1 file changed, 43 insertions(+), 30 deletions(-) sql/updates/mssql_1.5.2_to_1.6.0.php | 73 ++++++++++++++++++++-------------- diffs (89 lines): diff -r b01aaa1858c2 -r c55adbf4e2d4 sql/updates/mssql_1.5.2_to_1.6.0.php --- a/sql/updates/mssql_1.5.2_to_1.6.0.php Thu Apr 16 19:37:23 2009 +0100 +++ b/sql/updates/mssql_1.5.2_to_1.6.0.php Thu Apr 16 19:43:08 2009 +0100 @@ -12,42 +12,55 @@ $_SQL[] = "INSERT INTO {$_TABLES['features']} (ft_name, ft_descr, ft_gl_core) VALUES ('group.assign','Ability to assign users to groups',1)"; // new comment tables, groups, and permissions -/* FIXME: MySQL syntax ... + $_SQL[] = " -CREATE TABLE {$_TABLES['commentedits']} ( - cid int(10) NOT NULL, - uid mediumint(8) NOT NULL, - time datetime NOT NULL, - PRIMARY KEY (cid) -) TYPE=MyISAM +CREATE TABLE [dbo].[{$_TABLES['commentedits']}] ( + [cid] [int] NOT NULL, + [uid] [int] NOT NULL, + [time] [datetime] NOT NULL, +) ON [PRIMARY] "; + $_SQL[] = " -CREATE TABLE {$_TABLES['commentnotifications']} ( - cid int(10) default NULL, - uid mediumint(8) NOT NULL, - deletehash varchar(32) NOT NULL, - mid int(10) default NULL, - PRIMARY KEY (deletehash) -) TYPE=MyISAM +ALTER TABLE [dbo].[{$_TABLES['commentedits']}] ADD CONSTRAINT +[PK_{$_TABLES['commentedits']}] PRIMARY KEY CLUSTERED ([cid]) ON [PRIMARY] "; + $_SQL[] = " -CREATE TABLE {$_TABLES['commentsubmissions']} ( - cid int(10) unsigned NOT NULL auto_increment, - type varchar(30) NOT NULL default 'article', - sid varchar(40) NOT NULL, - date datetime default NULL, - title varchar(128) default NULL, - comment text, - uid mediumint(8) NOT NULL default '1', - name varchar(32) default NULL, - pid int(10) NOT NULL default '0', - ipaddress varchar(15) NOT NULL, - PRIMARY KEY (cid) -) TYPE=MyISAM +CREATE TABLE [dbo].[{$_TABLES['commentnotifications']}]( + [cid] [INT] NOT NULL, + [uid] [INT] NOT NULL, + [deletehash] [varchar] (32) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL, + [mid] [INT] DEFAULT NULL +) ON [PRIMARY] "; -$_SQL[] = "ALTER TABLE {$_TABLES['stories']} ADD comment_expire datetime NOT NULL default '0000-00-00 00:00:00' AFTER comments"; -$_SQL[] = "ALTER TABLE {$_TABLES['comments']} ADD name varchar(32) default NULL AFTER indent"; -*/ + +$_SQL[] = " +ALTER TABLE [dbo].[{$_TABLES['commentnotifications']}] ADD CONSTRAINT +[PK_{$_TABLES['commentnotifications']}] PRIMARY KEY CLUSTERED ([cid]) ON [PRIMARY] +"; + +$_SQL[] = " +CREATE TABLE [dbo].[{$_TABLES['commentsubmissions']}] ( + [cid] [int] IDENTITY (1,1) NOT NULL, + [type] [varchar] (30) NOT NULL default 'article', + [sid] [varchar](40) NOT NULL, + [date] [datetime] default NULL, + [title] [varchar] (128) default NULL, + [comment] [NTEXT], + [uid] [INT] NOT NULL default '1', + [name] [varchar] (32) default NULL, + [pid] [INT] NOT NULL default '0', + [ipaddress] [varchar](15) NOT NULL +) ON [PRIMARY] +"; + +$_SQL[] = " +ALTER TABLE [dbo].[{$_TABLES['commentsubmissions']}] ADD CONSTRAINT +[PK_{$_TABLES['commentsubmissions']}] PRIMARY KEY CLUSTERED ([cid]) ON [PRIMARY] +"; +$_SQL[] = "ALTER TABLE {$_TABLES['stories']} ADD comment_expire datetime NOT NULL default '1901-01-01 00:00:00.000'"; +$_SQL[] = "ALTER TABLE {$_TABLES['comments']} ADD name varchar(32) default NULL "; $_SQL[] = "INSERT INTO {$_TABLES['groups']} (grp_name, grp_descr, grp_gl_core) VALUES ('Comment Admin', 'Can moderate comments', 1)"; $_SQL[] = "INSERT INTO {$_TABLES['groups']} (grp_name, grp_descr, grp_gl_core) VALUES ('Comment Submitters', 'Can submit comments', 0);"; $_SQL[] = "INSERT INTO {$_TABLES['features']} (ft_name, ft_descr, ft_gl_core) VALUES ('comment.moderate', 'Ability to moderate comments', 1)"; From geeklog-cvs at lists.geeklog.net Fri Apr 17 01:42:27 2009 From: geeklog-cvs at lists.geeklog.net (geeklog-cvs at lists.geeklog.net) Date: Fri, 17 Apr 2009 01:42:27 -0400 Subject: [geeklog-cvs] geeklog: Updated article.php to use a page number from $_GET or ... Message-ID: details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/be9bbaaa4bf8 changeset: 6950:be9bbaaa4bf8 user: vinny date: Thu Apr 16 23:39:31 2009 -0600 description: Updated article.php to use a page number from $_GET or $_POST instead of assuming register globals. diffstat: 1 file changed, 7 insertions(+) public_html/article.php | 7 +++++++ diffs (31 lines): diff -r c55adbf4e2d4 -r be9bbaaa4bf8 public_html/article.php --- a/public_html/article.php Thu Apr 16 19:43:08 2009 +0100 +++ b/public_html/article.php Thu Apr 16 23:39:31 2009 -0600 @@ -64,6 +64,7 @@ $order = ''; $query = ''; $reply = ''; +$page = 0; if (isset ($_POST['mode'])) { $sid = COM_applyFilter ($_POST['story']); $mode = COM_applyFilter ($_POST['mode']); @@ -75,6 +76,9 @@ } if (isset ($_POST['reply'])) { $reply = COM_applyFilter ($_POST['reply']); + } + if (isset ($_POST['page'])) { + $page = COM_applyFilter ($_REQUEST['page'], true); } } else { COM_setArgNames (array ('story', 'mode')); @@ -88,6 +92,9 @@ } if (isset ($_GET['reply'])) { $reply = COM_applyFilter ($_GET['reply']); + } + if (isset ($_GET['page'])) { + $page = COM_applyFilter ($_REQUEST['page'], true); } } From geeklog-cvs at lists.geeklog.net Fri Apr 17 16:44:25 2009 From: geeklog-cvs at lists.geeklog.net (geeklog-cvs at lists.geeklog.net) Date: Fri, 17 Apr 2009 16:44:25 -0400 Subject: [geeklog-cvs] geeklog: Fixed SQL injection exploit in usersettings.php Message-ID: details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/71e0b093375c changeset: 6951:71e0b093375c user: vinny date: Fri Apr 17 14:42:28 2009 -0600 description: Fixed SQL injection exploit in usersettings.php See: http://www.milw0rm.com/exploits/8448 diffstat: 1 file changed, 16 insertions(+), 6 deletions(-) public_html/usersettings.php | 22 ++++++++++++++++------ diffs (51 lines): diff -r be9bbaaa4bf8 -r 71e0b093375c public_html/usersettings.php --- a/public_html/usersettings.php Thu Apr 16 23:39:31 2009 -0600 +++ b/public_html/usersettings.php Fri Apr 17 14:42:28 2009 -0600 @@ -1372,23 +1372,33 @@ } } - $TIDS = @array_values($A[$_TABLES['topics']]); - $AIDS = @array_values($A['selauthors']); - $BOXES = @array_values($A["{$_TABLES['blocks']}"]); - $ETIDS = @array_values($A['etids']); + $TIDS = @array_values($A[$_TABLES['topics']]); // array of strings + $AIDS = @array_values($A['selauthors']); // array of integers + $BOXES = @array_values($A["{$_TABLES['blocks']}"]); // array of integers + $ETIDS = @array_values($A['etids']); // array of strings + $AETIDS = USER_getAllowedTopics(); // array of strings (fetched, needed to "clean" $TIDS and $ETIDS) $tids = ''; if (sizeof ($TIDS) > 0) { - $tids = addslashes (implode (' ', $TIDS)); + // the array_intersect mitigates the need to scrub the TIDS input + $tids = addslashes (implode (' ', array_intersect ($AETIDS, $TIDS)); } $aids = ''; if (sizeof ($AIDS) > 0) { + // Scrub the AIDS array to prevent SQL injection and bad values + foreach ($AIDS as $key => $val) { + $AIDS[$key] = COM_applyFilter($val, true); + } $aids = addslashes (implode (' ', $AIDS)); } $selectedblocks = ''; if (count ($BOXES) > 0) { + // Scrub the BOXES array to prevent SQL injection and bad values + foreach ($BOXES as $key => $val) { + $BOXES[$key] = COM_applyFilter($val, true); + } $boxes = addslashes (implode (',', $BOXES)); $blockresult = DB_query("SELECT bid,name FROM {$_TABLES['blocks']} WHERE bid NOT IN ($boxes)"); @@ -1406,7 +1416,7 @@ $etids = ''; if (sizeof ($ETIDS) > 0) { - $AETIDS = USER_getAllowedTopics(); + // the array_intersect mitigates the need to scrub the ETIDS input $etids = addslashes (implode (' ', array_intersect ($AETIDS, $ETIDS))); } From geeklog-cvs at lists.geeklog.net Fri Apr 17 16:50:27 2009 From: geeklog-cvs at lists.geeklog.net (geeklog-cvs at lists.geeklog.net) Date: Fri, 17 Apr 2009 16:50:27 -0400 Subject: [geeklog-cvs] geeklog: Fixed syntax error in usersettings.php Message-ID: details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/317c2bc8e5a5 changeset: 6952:317c2bc8e5a5 user: vinny date: Fri Apr 17 14:50:21 2009 -0600 description: Fixed syntax error in usersettings.php diffstat: 1 file changed, 1 insertion(+), 1 deletion(-) public_html/usersettings.php | 2 +- diffs (12 lines): diff -r 71e0b093375c -r 317c2bc8e5a5 public_html/usersettings.php --- a/public_html/usersettings.php Fri Apr 17 14:42:28 2009 -0600 +++ b/public_html/usersettings.php Fri Apr 17 14:50:21 2009 -0600 @@ -1381,7 +1381,7 @@ $tids = ''; if (sizeof ($TIDS) > 0) { // the array_intersect mitigates the need to scrub the TIDS input - $tids = addslashes (implode (' ', array_intersect ($AETIDS, $TIDS)); + $tids = addslashes (implode (' ', array_intersect ($AETIDS, $TIDS))); } $aids = ''; From geeklog-cvs at lists.geeklog.net Sat Apr 18 07:23:25 2009 From: geeklog-cvs at lists.geeklog.net (geeklog-cvs at lists.geeklog.net) Date: Sat, 18 Apr 2009 07:23:25 -0400 Subject: [geeklog-cvs] geeklog: Fixed SQL injection exploit in usersettings.php Message-ID: details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/bf1cdc081217 changeset: 6953:bf1cdc081217 user: vinny date: Fri Apr 17 14:42:28 2009 -0600 description: Fixed SQL injection exploit in usersettings.php diffstat: 1 file changed, 16 insertions(+), 6 deletions(-) public_html/usersettings.php | 22 ++++++++++++++++------ diffs (51 lines): diff -r fd8a6d903a70 -r bf1cdc081217 public_html/usersettings.php --- a/public_html/usersettings.php Mon Apr 13 16:46:20 2009 +0200 +++ b/public_html/usersettings.php Fri Apr 17 14:42:28 2009 -0600 @@ -1345,23 +1345,33 @@ } } - $TIDS = @array_values($A[$_TABLES['topics']]); - $AIDS = @array_values($A['selauthors']); - $BOXES = @array_values($A["{$_TABLES['blocks']}"]); - $ETIDS = @array_values($A['etids']); + $TIDS = @array_values($A[$_TABLES['topics']]); // array of strings + $AIDS = @array_values($A['selauthors']); // array of integers + $BOXES = @array_values($A["{$_TABLES['blocks']}"]); // array of integers + $ETIDS = @array_values($A['etids']); // array of strings + $AETIDS = USER_getAllowedTopics(); // array of strings (fetched, needed to "clean" $TIDS and $ETIDS) $tids = ''; if (sizeof ($TIDS) > 0) { - $tids = addslashes (implode (' ', $TIDS)); + // the array_intersect mitigates the need to scrub the TIDS input + $tids = addslashes (implode (' ', array_intersect ($AETIDS, $TIDS))); } $aids = ''; if (sizeof ($AIDS) > 0) { + // Scrub the AIDS array to prevent SQL injection and bad values + foreach ($AIDS as $key => $val) { + $AIDS[$key] = COM_applyFilter($val, true); + } $aids = addslashes (implode (' ', $AIDS)); } $selectedblocks = ''; if (count ($BOXES) > 0) { + // Scrub the BOXES array to prevent SQL injection and bad values + foreach ($BOXES as $key => $val) { + $BOXES[$key] = COM_applyFilter($val, true); + } $boxes = addslashes (implode (',', $BOXES)); $blockresult = DB_query("SELECT bid,name FROM {$_TABLES['blocks']} WHERE bid NOT IN ($boxes)"); @@ -1379,7 +1389,7 @@ $etids = ''; if (sizeof ($ETIDS) > 0) { - $AETIDS = USER_getAllowedTopics(); + // the array_intersect mitigates the need to scrub the ETIDS input $etids = addslashes (implode (' ', array_intersect ($AETIDS, $ETIDS))); } From geeklog-cvs at lists.geeklog.net Sat Apr 18 07:23:26 2009 From: geeklog-cvs at lists.geeklog.net (geeklog-cvs at lists.geeklog.net) Date: Sat, 18 Apr 2009 07:23:26 -0400 Subject: [geeklog-cvs] geeklog: Updated version numbers and list of changes Message-ID: details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/c8ee796a9cb9 changeset: 6954:c8ee796a9cb9 user: Dirk Haun date: Sat Apr 18 09:58:24 2009 +0200 description: Updated version numbers and list of changes diffstat: 4 files changed, 19 insertions(+), 3 deletions(-) public_html/admin/install/index.php | 2 +- public_html/docs/changes.html | 7 ++++++- public_html/docs/history | 11 +++++++++++ public_html/siteconfig.php.dist | 2 +- diffs (62 lines): diff -r bf1cdc081217 -r c8ee796a9cb9 public_html/admin/install/index.php --- a/public_html/admin/install/index.php Fri Apr 17 14:42:28 2009 -0600 +++ b/public_html/admin/install/index.php Sat Apr 18 09:58:24 2009 +0200 @@ -48,7 +48,7 @@ define("LB", "\n"); } if (!defined('VERSION')) { - define('VERSION', '1.5.2sr3'); + define('VERSION', '1.5.2sr4'); } if (!defined('XHTML')) { define('XHTML', ' /'); diff -r bf1cdc081217 -r c8ee796a9cb9 public_html/docs/changes.html --- a/public_html/docs/changes.html Fri Apr 17 14:42:28 2009 -0600 +++ b/public_html/docs/changes.html Sat Apr 18 09:58:24 2009 +0200 @@ -16,9 +16,14 @@ ChangeLog. The file docs/changed-files has a list of files that have been changed since the last release.

Geeklog 1.5.2sr4

+ +

Bookoo of the Nine Situations Group posted another SQL injection exploit, targetting an old bug in usersettings.php. As with the previous issues, this allowed an attacker to extract the password hash for any account and is fixed with this release.

+ +

Geeklog 1.5.2sr3

Geeklog 1.5.2sr2

diff -r bf1cdc081217 -r c8ee796a9cb9 public_html/docs/history --- a/public_html/docs/history Fri Apr 17 14:42:28 2009 -0600 +++ b/public_html/docs/history Sat Apr 18 09:58:24 2009 +0200 @@ -1,4 +1,15 @@ Geeklog History/Changes: + +Apr 18, 2009 (1.5.2sr4) +------------ + +This release addresses the following security issue: + +Bookoo of the Nine Situations Group posted another SQL injection exploit, +targetting an old bug in usersettings.php. As with the previous issues, this +allowed an attacker to extract the password hash for any account and is fixed +with this release. + Apr 13, 2009 (1.5.2sr3) ------------ diff -r bf1cdc081217 -r c8ee796a9cb9 public_html/siteconfig.php.dist --- a/public_html/siteconfig.php.dist Fri Apr 17 14:42:28 2009 -0600 +++ b/public_html/siteconfig.php.dist Sat Apr 18 09:58:24 2009 +0200 @@ -38,7 +38,7 @@ define('LB',"\n"); } if (!defined('VERSION')) { - define('VERSION', '1.5.2sr3'); + define('VERSION', '1.5.2sr4'); } ?> From geeklog-cvs at lists.geeklog.net Sat Apr 18 07:23:26 2009 From: geeklog-cvs at lists.geeklog.net (geeklog-cvs at lists.geeklog.net) Date: Sat, 18 Apr 2009 07:23:26 -0400 Subject: [geeklog-cvs] geeklog: Added tag geeklog_1_5_2sr4 for changeset c8ee796a9cb9 Message-ID: details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/5ff40e9528d9 changeset: 6955:5ff40e9528d9 user: Dirk Haun date: Sat Apr 18 10:00:36 2009 +0200 description: Added tag geeklog_1_5_2sr4 for changeset c8ee796a9cb9 diffstat: 1 file changed, 1 insertion(+) .hgtags | 1 + diffs (8 lines): diff -r c8ee796a9cb9 -r 5ff40e9528d9 .hgtags --- a/.hgtags Sat Apr 18 09:58:24 2009 +0200 +++ b/.hgtags Sat Apr 18 10:00:36 2009 +0200 @@ -5,3 +5,4 @@ e8be41d4f5d184142659a2d74b15e400e8c542a7 geeklog_1_5_2sr1 0e10ca8cf00c66e1fe3a91eae50b4a1c41f9f133 geeklog_1_5_2sr2 bd0dc021770325e55175a9caf131c4db336c7924 geeklog_1_5_2sr3 +c8ee796a9cb98bf61c9714c7b49733a003ea6ef7 geeklog_1_5_2sr4 From geeklog-cvs at lists.geeklog.net Sat Apr 18 07:24:54 2009 From: geeklog-cvs at lists.geeklog.net (geeklog-cvs at lists.geeklog.net) Date: Sat, 18 Apr 2009 07:24:54 -0400 Subject: [geeklog-cvs] tools: Geeklog 1.5.2sr4 is the current version now Message-ID: details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/03daab5f96b0 changeset: 32:03daab5f96b0 user: Dirk Haun date: Sat Apr 18 13:24:44 2009 +0200 description: Geeklog 1.5.2sr4 is the current version now diffstat: 1 file changed, 16 insertions(+), 15 deletions(-) versionchecker/versionchecker.php | 31 ++++++++++++++++--------------- diffs (49 lines): diff -r 489a17895656 -r 03daab5f96b0 versionchecker/versionchecker.php --- a/versionchecker/versionchecker.php Mon Apr 13 21:15:39 2009 +0200 +++ b/versionchecker/versionchecker.php Sat Apr 18 13:24:44 2009 +0200 @@ -9,7 +9,7 @@

'1.3.11sr7-1', '1.3.11sr7' => '1.3.11sr7-1', */ - '1.4.0' => '1.5.2sr3', - '1.4.0sr1' => '1.5.2sr3', - '1.4.0sr2' => '1.5.2sr3', - '1.4.0sr3' => '1.5.2sr3', - '1.4.0sr4' => '1.5.2sr3', - '1.4.0sr5' => '1.5.2sr3', - '1.4.0sr5-1' => '1.5.2sr3', - '1.4.0sr6' => '1.5.2sr3', - '1.4.1' => '1.5.2sr3', + '1.4.0' => '1.5.2sr4', + '1.4.0sr1' => '1.5.2sr4', + '1.4.0sr2' => '1.5.2sr4', + '1.4.0sr3' => '1.5.2sr4', + '1.4.0sr4' => '1.5.2sr4', + '1.4.0sr5' => '1.5.2sr4', + '1.4.0sr5-1' => '1.5.2sr4', + '1.4.0sr6' => '1.5.2sr4', + '1.4.1' => '1.5.2sr4', - '1.5.0' => '1.5.2sr3', - '1.5.1' => '1.5.2sr3', - '1.5.2' => '1.5.2sr3', - '1.5.2sr1' => '1.5.2sr3', - '1.5.2sr2' => '1.5.2sr3' + '1.5.0' => '1.5.2sr4', + '1.5.1' => '1.5.2sr4', + '1.5.2' => '1.5.2sr4', + '1.5.2sr1' => '1.5.2sr4', + '1.5.2sr2' => '1.5.2sr4', + '1.5.2sr3' => '1.5.2sr4' ); $v = explode ('.', $version); From geeklog-cvs at lists.geeklog.net Sat Apr 18 07:28:04 2009 From: geeklog-cvs at lists.geeklog.net (geeklog-cvs at lists.geeklog.net) Date: Sat, 18 Apr 2009 07:28:04 -0400 Subject: [geeklog-cvs] geeklog: Synced list of changes with 1.5.2sr4 Message-ID: details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/c576291f3575 changeset: 6956:c576291f3575 user: Dirk Haun date: Sat Apr 18 13:27:50 2009 +0200 description: Synced list of changes with 1.5.2sr4 diffstat: 2 files changed, 16 insertions(+) public_html/docs/changes.html | 5 +++++ public_html/docs/history | 11 +++++++++++ diffs (36 lines): diff -r 317c2bc8e5a5 -r c576291f3575 public_html/docs/changes.html --- a/public_html/docs/changes.html Fri Apr 17 14:50:21 2009 -0600 +++ b/public_html/docs/changes.html Sat Apr 18 13:27:50 2009 +0200 @@ -35,6 +35,11 @@

The minimum PHP version required by Geeklog is now PHP 4.3.0. Given that the PHP team ended support for PHP 4 in August 2008, you should be looking into upgrading to PHP 5 anyway.

+ + +

Geeklog 1.5.2sr4

+ +

Geeklog 1.5.2sr3

diff -r 317c2bc8e5a5 -r c576291f3575 public_html/docs/history --- a/public_html/docs/history Fri Apr 17 14:50:21 2009 -0600 +++ b/public_html/docs/history Sat Apr 18 13:27:50 2009 +0200 @@ -143,6 +143,17 @@ now [Dirk] - Display "successfully saved" and "successfully deleted" messages, just like every other plugin and built-in function does (bug #0000644) [Dirk] + + +Apr 18, 2009 (1.5.2sr4) +------------ + +This release addresses the following security issue: + +Bookoo of the Nine Situations Group posted another SQL injection exploit, +targetting an old bug in usersettings.php. As with the previous issues, this +allowed an attacker to extract the password hash for any account and is fixed +with this release. Apr 13, 2009 (1.5.2sr3) From geeklog-cvs at lists.geeklog.net Sat Apr 18 13:51:03 2009 From: geeklog-cvs at lists.geeklog.net (geeklog-cvs at lists.geeklog.net) Date: Sat, 18 Apr 2009 13:51:03 -0400 Subject: [geeklog-cvs] geeklog: Can't think of a good reason to index usersettings.php Message-ID: details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/39ae3400a1ae changeset: 6957:39ae3400a1ae user: Dirk Haun date: Sat Apr 18 14:02:32 2009 +0200 description: Can't think of a good reason to index usersettings.php diffstat: 1 file changed, 1 insertion(+) public_html/robots.txt | 1 + diffs (8 lines): diff -r c576291f3575 -r 39ae3400a1ae public_html/robots.txt --- a/public_html/robots.txt Sat Apr 18 13:27:50 2009 +0200 +++ b/public_html/robots.txt Sat Apr 18 14:02:32 2009 +0200 @@ -3,3 +3,4 @@ Disallow: /pingback.php Disallow: /submit.php Disallow: /trackback.php +Disallow: /usersettings.php From geeklog-cvs at lists.geeklog.net Sat Apr 18 13:51:04 2009 From: geeklog-cvs at lists.geeklog.net (geeklog-cvs at lists.geeklog.net) Date: Sat, 18 Apr 2009 13:51:04 -0400 Subject: [geeklog-cvs] geeklog: Moved documentation to docs/english so that it can be t... Message-ID: details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/0774a19f037c changeset: 6958:0774a19f037c user: Dirk Haun date: Sat Apr 18 19:46:23 2009 +0200 description: Moved documentation to docs/english so that it can be translated (feature request #0000770) diffstat: 83 files changed, 6910 insertions(+), 6751 deletions(-) INSTALL | 2 plugins/calendar/functions.inc | 15 plugins/links/functions.inc | 15 plugins/polls/functions.inc | 15 plugins/spamx/functions.inc | 15 plugins/staticpages/functions.inc | 15 plugins/staticpages/language/czech.php | 4 plugins/staticpages/language/czech_utf-8.php | 4 plugins/staticpages/language/danish.php | 4 plugins/staticpages/language/danish_utf-8.php | 4 plugins/staticpages/language/dutch.php | 4 plugins/staticpages/language/dutch_utf-8.php | 4 plugins/staticpages/language/english.php | 2 plugins/staticpages/language/english_utf-8.php | 2 plugins/staticpages/language/estonian.php | 4 plugins/staticpages/language/estonian_utf-8.php | 4 plugins/staticpages/language/french_canada.php | 4 plugins/staticpages/language/french_canada_utf-8.php | 4 plugins/staticpages/language/german.php | 4 plugins/staticpages/language/german_formal.php | 4 plugins/staticpages/language/german_formal_utf-8.php | 4 plugins/staticpages/language/german_utf-8.php | 4 plugins/staticpages/language/hebrew_utf-8.php | 4 plugins/staticpages/language/italian.php | 4 plugins/staticpages/language/italian_utf-8.php | 4 plugins/staticpages/language/japanese_utf-8.php | 4 plugins/staticpages/language/korean.php | 4 plugins/staticpages/language/korean_utf-8.php | 4 plugins/staticpages/language/polish.php | 4 plugins/staticpages/language/polish_utf-8.php | 4 plugins/staticpages/language/portuguese_brazil.php | 4 plugins/staticpages/language/portuguese_brazil_utf-8.php | 4 plugins/staticpages/language/slovenian.php | 4 plugins/staticpages/language/slovenian_utf-8.php | 4 plugins/staticpages/language/spanish.php | 4 plugins/staticpages/language/spanish_utf-8.php | 4 plugins/staticpages/language/swedish.php | 4 plugins/staticpages/language/swedish_utf-8.php | 4 plugins/staticpages/language/turkish.php | 4 plugins/staticpages/language/turkish_utf-8.php | 4 plugins/staticpages/language/ukrainian.php | 4 plugins/staticpages/language/ukrainian_koi8-u.php | 4 plugins/staticpages/language/ukrainian_utf-8.php | 4 public_html/admin/install/configinfo.php | 4 public_html/admin/install/index.php | 4 public_html/admin/moderation.php | 16 public_html/admin/plugins/spamx/index.php | 2 public_html/admin/sectest.php | 6 public_html/admin/trackback.php | 78 public_html/docs/calendar.html | 131 - public_html/docs/changes.html | 1306 ----------- public_html/docs/config.html | 1616 -------------- public_html/docs/english/calendar.html | 131 + public_html/docs/english/changes.html | 1306 +++++++++++ public_html/docs/english/config.html | 1616 ++++++++++++++ public_html/docs/english/index.html | 137 + public_html/docs/english/install.html | 237 ++ public_html/docs/english/links.html | 167 + public_html/docs/english/plugin.html | 567 ++++ public_html/docs/english/polls.html | 133 + public_html/docs/english/spamx.html | 332 ++ public_html/docs/english/staticpages.html | 235 ++ public_html/docs/english/support.html | 104 public_html/docs/english/theme.html | 1105 +++++++++ public_html/docs/english/themevars.html | 418 +++ public_html/docs/english/trackback.html | 110 public_html/docs/history | 2 public_html/docs/index.html | 137 - public_html/docs/install.html | 237 -- public_html/docs/links.html | 167 - public_html/docs/plugin.html | 567 ---- public_html/docs/polls.html | 133 - public_html/docs/spamx.html | 332 -- public_html/docs/staticpages.html | 235 -- public_html/docs/support.html | 104 public_html/docs/theme.html | 1105 --------- public_html/docs/themevars.html | 418 --- public_html/docs/trackback.html | 110 public_html/lib-common.php | 44 readme | 19 sql/mssql_tableanddata.php | 4 sql/mysql_tableanddata.php | 4 system/classes/config.class.php | 61 diffs (truncated from 14652 to 300 lines): diff -r 39ae3400a1ae -r 0774a19f037c INSTALL --- a/INSTALL Sat Apr 18 14:02:32 2009 +0200 +++ b/INSTALL Sat Apr 18 19:46:23 2009 +0200 @@ -1,7 +1,7 @@ Installation instructions for Geeklog can be found in the docs directory, specifically in - public_html/docs/install.html + public_html/docs/english/install.html That document also includes a section on common installation problems. diff -r 39ae3400a1ae -r 0774a19f037c plugins/calendar/functions.inc --- a/plugins/calendar/functions.inc Sat Apr 18 14:02:32 2009 +0200 +++ b/plugins/calendar/functions.inc Sat Apr 18 19:46:23 2009 +0200 @@ -1912,10 +1912,23 @@ { global $_CONF; + static $docurl; + switch ($file) { case 'index': case 'config': - $retval = $_CONF['site_url'] . '/docs/calendar.html'; + if (isset($docurl)) { + $retval = $docurl; + } else { + $doclang = COM_getLanguageName(); + $docs = 'docs/' . $doclang . '/calendar.html'; + if (file_exists($_CONF['path_html'] . $docs)) { + $retval = $_CONF['site_url'] . '/' . $docs; + } else { + $retval = $_CONF['site_url'] . '/docs/english/calendar.html'; + } + $docurl = $retval; + } break; default: diff -r 39ae3400a1ae -r 0774a19f037c plugins/links/functions.inc --- a/plugins/links/functions.inc Sat Apr 18 14:02:32 2009 +0200 +++ b/plugins/links/functions.inc Sat Apr 18 19:46:23 2009 +0200 @@ -1639,10 +1639,23 @@ { global $_CONF; + static $docurl; + switch ($file) { case 'index': case 'config': - $retval = $_CONF['site_url'] . '/docs/links.html'; + if (isset($docurl)) { + $retval = $docurl; + } else { + $doclang = COM_getLanguageName(); + $docs = 'docs/' . $doclang . '/links.html'; + if (file_exists($_CONF['path_html'] . $docs)) { + $retval = $_CONF['site_url'] . '/' . $docs; + } else { + $retval = $_CONF['site_url'] . '/docs/english/links.html'; + } + $docurl = $retval; + } break; default: diff -r 39ae3400a1ae -r 0774a19f037c plugins/polls/functions.inc --- a/plugins/polls/functions.inc Sat Apr 18 14:02:32 2009 +0200 +++ b/plugins/polls/functions.inc Sat Apr 18 19:46:23 2009 +0200 @@ -1332,10 +1332,23 @@ { global $_CONF; + static $docurl; + switch ($file) { case 'index': case 'config': - $retval = $_CONF['site_url'] . '/docs/polls.html'; + if (isset($docurl)) { + $retval = $docurl; + } else { + $doclang = COM_getLanguageName(); + $docs = 'docs/' . $doclang . '/polls.html'; + if (file_exists($_CONF['path_html'] . $docs)) { + $retval = $_CONF['site_url'] . '/' . $docs; + } else { + $retval = $_CONF['site_url'] . '/docs/english/polls.html'; + } + $docurl = $retval; + } break; default: diff -r 39ae3400a1ae -r 0774a19f037c plugins/spamx/functions.inc --- a/plugins/spamx/functions.inc Sat Apr 18 14:02:32 2009 +0200 +++ b/plugins/spamx/functions.inc Sat Apr 18 19:46:23 2009 +0200 @@ -401,10 +401,23 @@ { global $_CONF; + static $docurl; + switch ($file) { case 'index': case 'config': - $retval = $_CONF['site_url'] . '/docs/spamx.html'; + if (isset($docurl)) { + $retval = $docurl; + } else { + $doclang = COM_getLanguageName(); + $docs = 'docs/' . $doclang . '/spamx.html'; + if (file_exists($_CONF['path_html'] . $docs)) { + $retval = $_CONF['site_url'] . '/' . $docs; + } else { + $retval = $_CONF['site_url'] . '/docs/english/spamx.html'; + } + $docurl = $retval; + } break; default: diff -r 39ae3400a1ae -r 0774a19f037c plugins/staticpages/functions.inc --- a/plugins/staticpages/functions.inc Sat Apr 18 14:02:32 2009 +0200 +++ b/plugins/staticpages/functions.inc Sat Apr 18 19:46:23 2009 +0200 @@ -1342,10 +1342,23 @@ { global $_CONF; + static $docurl; + switch ($file) { case 'index': case 'config': - $retval = $_CONF['site_url'] . '/docs/staticpages.html'; + if (isset($docurl)) { + $retval = $docurl; + } else { + $doclang = COM_getLanguageName(); + $docs = 'docs/' . $doclang . '/staticpages.html'; + if (file_exists($_CONF['path_html'] . $docs)) { + $retval = $_CONF['site_url'] . '/' . $docs; + } else { + $retval = $_CONF['site_url'] . '/docs/english/staticpages.html'; + } + $docurl = $retval; + } break; default: diff -r 39ae3400a1ae -r 0774a19f037c plugins/staticpages/language/czech.php --- a/plugins/staticpages/language/czech.php Sat Apr 18 14:02:32 2009 +0200 +++ b/plugins/staticpages/language/czech.php Sat Apr 18 19:46:23 2009 +0200 @@ -102,7 +102,7 @@ 'select_php_none' => 'do not execute PHP', 'select_php_return' => 'execute PHP (return)', 'select_php_free' => 'execute PHP', - 'php_not_activated' => "The use of PHP in static pages is not activated. Please see the documentation for details.", + 'php_not_activated' => "The use of PHP in static pages is not activated. Please see the documentation for details.", 'printable_format' => 'Printable Format', 'copy' => 'Copy', 'limit_results' => 'Limit Results', @@ -157,4 +157,4 @@ 12 => array('No access' => 0, 'Read-Only' => 2, 'Read-Write' => 3) ); -?> \ No newline at end of file +?> diff -r 39ae3400a1ae -r 0774a19f037c plugins/staticpages/language/czech_utf-8.php --- a/plugins/staticpages/language/czech_utf-8.php Sat Apr 18 14:02:32 2009 +0200 +++ b/plugins/staticpages/language/czech_utf-8.php Sat Apr 18 19:46:23 2009 +0200 @@ -102,7 +102,7 @@ 'select_php_none' => 'do not execute PHP', 'select_php_return' => 'execute PHP (return)', 'select_php_free' => 'execute PHP', - 'php_not_activated' => "The use of PHP in static pages is not activated. Please see the documentation for details.", + 'php_not_activated' => "The use of PHP in static pages is not activated. Please see the documentation for details.", 'printable_format' => 'Printable Format', 'copy' => 'Copy', 'limit_results' => 'Limit Results', @@ -157,4 +157,4 @@ 12 => array('No access' => 0, 'Read-Only' => 2, 'Read-Write' => 3) ); -?> \ No newline at end of file +?> diff -r 39ae3400a1ae -r 0774a19f037c plugins/staticpages/language/danish.php --- a/plugins/staticpages/language/danish.php Sat Apr 18 14:02:32 2009 +0200 +++ b/plugins/staticpages/language/danish.php Sat Apr 18 19:46:23 2009 +0200 @@ -103,7 +103,7 @@ 'select_php_none' => 'do not execute PHP', 'select_php_return' => 'execute PHP (return)', 'select_php_free' => 'execute PHP', - 'php_not_activated' => "The use of PHP in static pages is not activated. Please see the documentation for details.", + 'php_not_activated' => "The use of PHP in static pages is not activated. Please see the documentation for details.", 'printable_format' => 'Printable Format', 'copy' => 'Copy', 'limit_results' => 'Limit Results', @@ -158,4 +158,4 @@ 12 => array('No access' => 0, 'Read-Only' => 2, 'Read-Write' => 3) ); -?> \ No newline at end of file +?> diff -r 39ae3400a1ae -r 0774a19f037c plugins/staticpages/language/danish_utf-8.php --- a/plugins/staticpages/language/danish_utf-8.php Sat Apr 18 14:02:32 2009 +0200 +++ b/plugins/staticpages/language/danish_utf-8.php Sat Apr 18 19:46:23 2009 +0200 @@ -103,7 +103,7 @@ 'select_php_none' => 'do not execute PHP', 'select_php_return' => 'execute PHP (return)', 'select_php_free' => 'execute PHP', - 'php_not_activated' => "The use of PHP in static pages is not activated. Please see the documentation for details.", + 'php_not_activated' => "The use of PHP in static pages is not activated. Please see the documentation for details.", 'printable_format' => 'Printable Format', 'copy' => 'Copy', 'limit_results' => 'Limit Results', @@ -158,4 +158,4 @@ 12 => array('No access' => 0, 'Read-Only' => 2, 'Read-Write' => 3) ); -?> \ No newline at end of file +?> diff -r 39ae3400a1ae -r 0774a19f037c plugins/staticpages/language/dutch.php --- a/plugins/staticpages/language/dutch.php Sat Apr 18 14:02:32 2009 +0200 +++ b/plugins/staticpages/language/dutch.php Sat Apr 18 19:46:23 2009 +0200 @@ -104,7 +104,7 @@ 'select_php_none' => 'maak het uitvoeren van PHP onmogelijk', 'select_php_return' => 'uitvoeren van PHP (return)', 'select_php_free' => 'voer PHP uit', - 'php_not_activated' => "Het gebruik van PHP in Static Pages is niet geactiveerd. Bekijk de documentatie voor meer bijzonderheden.", + 'php_not_activated' => "Het gebruik van PHP in Static Pages is niet geactiveerd. Bekijk de documentatie voor meer bijzonderheden.", 'printable_format' => 'Printbare versie', 'copy' => 'Copy', 'limit_results' => 'Limit Results', @@ -159,4 +159,4 @@ 12 => array('No access' => 0, 'Read-Only' => 2, 'Read-Write' => 3) ); -?> \ No newline at end of file +?> diff -r 39ae3400a1ae -r 0774a19f037c plugins/staticpages/language/dutch_utf-8.php --- a/plugins/staticpages/language/dutch_utf-8.php Sat Apr 18 14:02:32 2009 +0200 +++ b/plugins/staticpages/language/dutch_utf-8.php Sat Apr 18 19:46:23 2009 +0200 @@ -104,7 +104,7 @@ 'select_php_none' => 'maak het uitvoeren van PHP onmogelijk', 'select_php_return' => 'uitvoeren van PHP (return)', 'select_php_free' => 'voer PHP uit', - 'php_not_activated' => "Het gebruik van PHP in Static Pages is niet geactiveerd. Bekijk de documentatie voor meer bijzonderheden.", + 'php_not_activated' => "Het gebruik van PHP in Static Pages is niet geactiveerd. Bekijk de documentatie voor meer bijzonderheden.", 'printable_format' => 'Printbare versie', 'copy' => 'Copy', 'limit_results' => 'Limit Results', @@ -159,4 +159,4 @@ 12 => array('No access' => 0, 'Read-Only' => 2, 'Read-Write' => 3) ); -?> \ No newline at end of file +?> diff -r 39ae3400a1ae -r 0774a19f037c plugins/staticpages/language/english.php --- a/plugins/staticpages/language/english.php Sat Apr 18 14:02:32 2009 +0200 +++ b/plugins/staticpages/language/english.php Sat Apr 18 19:46:23 2009 +0200 @@ -102,7 +102,7 @@ 'select_php_none' => 'do not execute PHP', 'select_php_return' => 'execute PHP (return)', 'select_php_free' => 'execute PHP', - 'php_not_activated' => 'The use of PHP in static pages is not activated. Please see the documentation for details.', + 'php_not_activated' => 'The use of PHP in static pages is not activated. Please see the documentation for details.', 'printable_format' => 'Printable Format', 'edit' => 'Edit', 'copy' => 'Copy', diff -r 39ae3400a1ae -r 0774a19f037c plugins/staticpages/language/english_utf-8.php --- a/plugins/staticpages/language/english_utf-8.php Sat Apr 18 14:02:32 2009 +0200 +++ b/plugins/staticpages/language/english_utf-8.php Sat Apr 18 19:46:23 2009 +0200 @@ -102,7 +102,7 @@ 'select_php_none' => 'do not execute PHP', 'select_php_return' => 'execute PHP (return)', 'select_php_free' => 'execute PHP', - 'php_not_activated' => 'The use of PHP in static pages is not activated. Please see the documentation for details.', + 'php_not_activated' => 'The use of PHP in static pages is not activated. Please see the documentation for details.', 'printable_format' => 'Printable Format', 'edit' => 'Edit', 'copy' => 'Copy', diff -r 39ae3400a1ae -r 0774a19f037c plugins/staticpages/language/estonian.php --- a/plugins/staticpages/language/estonian.php Sat Apr 18 14:02:32 2009 +0200 +++ b/plugins/staticpages/language/estonian.php Sat Apr 18 19:46:23 2009 +0200 @@ -104,7 +104,7 @@ 'select_php_none' => '?ra k?ivita PHP', 'select_php_return' => 'k?ivita PHP (return)', 'select_php_free' => 'k?ivita PHP', - 'php_not_activated' => "Staatilistel lehtedel pole PHP kasutamine sisse l?litatud. T?psemat infot palun vaata dokumentatsioonist.", + 'php_not_activated' => "Staatilistel lehtedel pole PHP kasutamine sisse l?litatud. T?psemat infot palun vaata dokumentatsioonist.", 'printable_format' => 'Prinditaval kujul', From geeklog-cvs at lists.geeklog.net Sat Apr 18 15:10:53 2009 From: geeklog-cvs at lists.geeklog.net (geeklog-cvs at lists.geeklog.net) Date: Sat, 18 Apr 2009 15:10:53 -0400 Subject: [geeklog-cvs] geeklog: More missing finish() calls (cf. bug #0000855) Message-ID: details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/a9694bc60a1a changeset: 6959:a9694bc60a1a user: Dirk Haun date: Sat Apr 18 21:10:04 2009 +0200 description: More missing finish() calls (cf. bug #0000855) diffstat: 5 files changed, 42 insertions(+), 19 deletions(-) public_html/admin/plugins.php | 6 +++++- public_html/admin/user.php | 23 ++++++++++++++++++++--- public_html/docs/history | 2 ++ public_html/lib-common.php | 20 ++++++++++---------- system/lib-comment.php | 10 +++++----- diffs (159 lines): diff -r 0774a19f037c -r a9694bc60a1a public_html/admin/plugins.php --- a/public_html/admin/plugins.php Sat Apr 18 19:46:23 2009 +0200 +++ b/public_html/admin/plugins.php Sat Apr 18 21:10:04 2009 +0200 @@ -43,6 +43,10 @@ * Geeklog common function library */ require_once '../lib-common.php'; + +/** +* Security check to ensure user even belongs on this page +*/ require_once 'auth.inc.php'; // Uncomment the line below if you need to debug the HTTP variables being passed @@ -161,7 +165,7 @@ $plg_templates->set_var('end_block', COM_endBlock (COM_getBlockTemplate ('_admin_block', 'footer'))); - $retval .= $plg_templates->parse('output', 'editor'); + $retval .= $plg_templates->finish($plg_templates->parse('output', 'editor')); return $retval; } diff -r 0774a19f037c -r a9694bc60a1a public_html/admin/user.php --- a/public_html/admin/user.php Sat Apr 18 19:46:23 2009 +0200 +++ b/public_html/admin/user.php Sat Apr 18 21:10:04 2009 +0200 @@ -33,10 +33,25 @@ // +---------------------------------------------------------------------------+ /** +* User administration: Manage users (create, delete, import) and their +* group membership. +* +*/ + +/** * Geeklog common function library */ require_once '../lib-common.php'; + +/** +* Security check to ensure user even belongs on this page +*/ + require_once 'auth.inc.php'; + +/** +* User-related functions +*/ require_once $_CONF['path_system'] . 'lib-user.php'; // Set this to true to get various debug messages from this script @@ -819,7 +834,7 @@ $user_templates->set_var('action_reminder', $LANG28[78]); $user_templates->parse('test', 'reminder'); - $form_arr['top'] = $user_templates->get_var('test'); + $form_arr['top'] = $user_templates->finish($user_templates->get_var('test')); $token = SEC_createToken(); $form_arr['bottom'] = ""; @@ -911,8 +926,8 @@ $template->set_var ('name', COM_getDisplayName ($uid)); $template->set_var ('lastlogin', $lasttime[0]); - $template->parse ('output', 'mail'); - $mailtext = $template->get_var ('output'); + $template->parse('output', 'mail'); + $mailtext = $template->finish($template->get_var('output')); } else { if ($lastlogin == 0) { $mailtext = $LANG28[83] . "\n\n"; @@ -1094,6 +1109,8 @@ global $_CONF, $LANG28, $LANG_ADMIN, $_IMAGE_TYPE; require_once $_CONF['path_system'] . 'lib-admin.php'; + + $retval = ''; $token = SEC_createToken(); $retval .= COM_siteHeader('menu', $LANG28[24]); diff -r 0774a19f037c -r a9694bc60a1a public_html/docs/history --- a/public_html/docs/history Sat Apr 18 19:46:23 2009 +0200 +++ b/public_html/docs/history Sat Apr 18 21:10:04 2009 +0200 @@ -11,6 +11,8 @@ + Comment moderation and editable comments, by Jared Wenerd Other changes: +- Added missing finish() calls for some templates, e.g. header.thtml + (bug #0000855) [Dirk] - Moved documentation to docs/english so that it can be translated (feature request #0000770) [Dirk] - New plugin API function PLG_pluginStateChange [Dirk] diff -r 0774a19f037c -r a9694bc60a1a public_html/lib-common.php --- a/public_html/lib-common.php Sat Apr 18 19:46:23 2009 +0200 +++ b/public_html/lib-common.php Sat Apr 18 21:10:04 2009 +0200 @@ -2313,8 +2313,8 @@ $usermenu->set_var( 'option_label', $LANG01[19] ); $usermenu->set_var( 'option_count', '' ); $usermenu->set_var( 'option_url', $url ); - $retval .= $usermenu->parse( 'item', 'option' ); - $retval .= COM_endBlock( COM_getBlockTemplate( 'user_block', 'footer', $position )); + $retval .= $usermenu->finish($usermenu->parse('item', 'option')); + $retval .= COM_endBlock(COM_getBlockTemplate('user_block', 'footer', $position)); } else { @@ -2387,8 +2387,8 @@ $login->set_var('openid_login', ''); } - $retval .= $login->parse( 'output', 'form' ); - $retval .= COM_endBlock( COM_getBlockTemplate( 'user_block', 'footer', $position )); + $retval .= $login->finish($login->parse('output', 'form')); + $retval .= COM_endBlock( COM_getBlockTemplate('user_block', 'footer', $position)); } return $retval; @@ -2745,12 +2745,12 @@ } $url = $_CONF['site_admin_url'] . '/moderation.php'; - $adminmenu->set_var( 'option_url', $url ); - $adminmenu->set_var( 'option_label', $LANG01[10] ); - $adminmenu->set_var( 'option_count', COM_numberFormat( $modnum )); - $menu_item = $adminmenu->parse( 'item', - ( $thisUrl == $url ) ? 'current' : 'option' ); - $link_array = array( $menu_item ) + $link_array; + $adminmenu->set_var('option_url', $url); + $adminmenu->set_var('option_label', $LANG01[10]); + $adminmenu->set_var('option_count', COM_numberFormat($modnum)); + $menu_item = $adminmenu->finish($adminmenu->parse('item', + ($thisUrl == $url) ? 'current' : 'option')); + $link_array = array($menu_item) + $link_array; foreach( $link_array as $link ) { diff -r 0774a19f037c -r a9694bc60a1a system/lib-comment.php --- a/system/lib-comment.php Sat Apr 18 19:46:23 2009 +0200 +++ b/system/lib-comment.php Sat Apr 18 21:10:04 2009 +0200 @@ -712,13 +712,13 @@ $delete_option, false, $ccode ); // Pagination - $tot_pages = ceil( $count / $limit ); + $tot_pages = ceil($count / $limit); $pLink = $_CONF['site_url'] . "/article.php?story=$sid&type=$type&order=$order&mode=$mode"; - $template->set_var( 'pagenav', - COM_printPageNavigation($pLink, $page, $tot_pages)); + $template->set_var('pagenav', + COM_printPageNavigation($pLink, $page, $tot_pages)); - $template->set_var( 'comments', $thecomments ); - $retval = $template->parse( 'output', 'commentarea' ); + $template->set_var('comments', $thecomments); + $retval = $template->finish($template->parse('output', 'commentarea')); } return $retval; From geeklog-cvs at lists.geeklog.net Sat Apr 18 16:46:29 2009 From: geeklog-cvs at lists.geeklog.net (geeklog-cvs at lists.geeklog.net) Date: Sat, 18 Apr 2009 16:46:29 -0400 Subject: [geeklog-cvs] geeklog: Fixed wrong use of COM_allowedHTML and COM_checkHTML in... Message-ID: details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/2e3298a69f73 changeset: 6960:2e3298a69f73 user: Dirk Haun date: Sat Apr 18 22:10:44 2009 +0200 description: Fixed wrong use of COM_allowedHTML and COM_checkHTML in plugins (bug #0000785) diffstat: 9 files changed, 73 insertions(+), 51 deletions(-) plugins/staticpages/services.inc.php | 2 public_html/admin/plugins/calendar/index.php | 27 +++++----- public_html/admin/plugins/links/category.php | 6 +- public_html/admin/plugins/links/index.php | 7 +- public_html/admin/plugins/staticpages/index.php | 9 ++- public_html/admin/story.php | 3 - public_html/docs/history | 4 + system/classes/story.class.php | 4 - system/lib-comment.php | 62 ++++++++++++----------- diffs (truncated from 307 to 300 lines): diff -r a9694bc60a1a -r 2e3298a69f73 plugins/staticpages/services.inc.php --- a/plugins/staticpages/services.inc.php Sat Apr 18 21:10:04 2009 +0200 +++ b/plugins/staticpages/services.inc.php Sat Apr 18 22:10:44 2009 +0200 @@ -353,7 +353,7 @@ $sp_title = COM_checkWords ($sp_title); } if ($_SP_CONF['filter_html'] == 1) { - $sp_content = COM_checkHTML ($sp_content); + $sp_content = COM_checkHTML($sp_content, 'staticpages.edit'); } $sp_title = strip_tags ($sp_title); $sp_label = strip_tags ($sp_label); diff -r a9694bc60a1a -r 2e3298a69f73 public_html/admin/plugins/calendar/index.php --- a/public_html/admin/plugins/calendar/index.php Sat Apr 18 21:10:04 2009 +0200 +++ b/public_html/admin/plugins/calendar/index.php Sat Apr 18 22:10:44 2009 +0200 @@ -87,7 +87,8 @@ $event_templates->set_var('site_url', $_CONF['site_url']); $event_templates->set_var('site_admin_url', $_CONF['site_admin_url']); $event_templates->set_var('layout_url',$_CONF['layout_url']); - $event_templates->set_var('lang_allowed_html', COM_allowedHTML()); + $event_templates->set_var('lang_allowed_html', + COM_allowedHTML('calendar.edit')); $event_templates->set_var('lang_postmode', $LANG_CAL_ADMIN[3]); if ($mode <> 'editsubmission' AND !empty($A['eid'])) { @@ -463,20 +464,22 @@ // clean 'em up if ($postmode == 'html') { - $description = COM_checkHTML (COM_checkWords ($description)); + $description = COM_checkHTML(COM_checkWords($description), + 'calendar.edit'); } else { $postmode = 'plaintext'; - $description = htmlspecialchars (COM_checkWords ($description)); + $description = htmlspecialchars(COM_checkWords($description)); } - $description = addslashes ($description); - $title = addslashes (COM_checkHTML (COM_checkWords ($title))); - $location = addslashes (COM_checkHTML (COM_checkWords ($location))); - $address1 = addslashes (COM_checkHTML (COM_checkWords ($address1))); - $address2 = addslashes (COM_checkHTML (COM_checkWords ($address2))); - $city = addslashes (COM_checkHTML (COM_checkWords ($city))); - $zipcode = addslashes (COM_checkHTML (COM_checkWords ($zipcode))); - $event_type = addslashes (strip_tags (COM_checkWords ($event_type))); - $url = addslashes (strip_tags ($url)); + $description = addslashes($description); + $title = addslashes(strip_tags(COM_checkWords($title))); + $location = addslashes(COM_checkHTML(COM_checkWords($location), + 'calendar.edit')); + $address1 = addslashes(strip_tags(COM_checkWords($address1))); + $address2 = addslashes(strip_tags(COM_checkWords($address2))); + $city = addslashes(strip_tags(COM_checkWords($city))); + $zipcode = addslashes(strip_tags(COM_checkWords($zipcode))); + $event_type = addslashes(strip_tags(COM_checkWords($event_type))); + $url = addslashes(strip_tags($url)); if ($allday == 0) { // Add 12 to make time on 24 hour clock if needed diff -r a9694bc60a1a -r 2e3298a69f73 public_html/admin/plugins/links/category.php --- a/public_html/admin/plugins/links/category.php Sat Apr 18 21:10:04 2009 +0200 +++ b/public_html/admin/plugins/links/category.php Sat Apr 18 22:10:44 2009 +0200 @@ -316,8 +316,10 @@ } // clean 'em up - $description = addslashes(COM_checkHTML(COM_checkWords($description))); - $category = addslashes(COM_checkHTML(COM_checkWords($category))); + $description = addslashes(COM_checkHTML(COM_checkWords($description), + 'links.edit')); + $category = addslashes(COM_checkHTML(COM_checkWords($category), + 'links.edit')); $pid = addslashes(strip_tags($pid)); $cid = addslashes(strip_tags($cid)); $old_cid = addslashes(strip_tags($old_cid)); diff -r a9694bc60a1a -r 2e3298a69f73 public_html/admin/plugins/links/index.php --- a/public_html/admin/plugins/links/index.php Sat Apr 18 21:10:04 2009 +0200 +++ b/public_html/admin/plugins/links/index.php Sat Apr 18 22:10:44 2009 +0200 @@ -254,9 +254,10 @@ } // clean 'em up - $description = addslashes (COM_checkHTML (COM_checkWords ($description))); - $title = addslashes (COM_checkHTML (COM_checkWords ($title))); - $cid = addslashes ($cid); + $description = addslashes(COM_checkHTML(COM_checkWords($description), + 'links.edit')); + $title = addslashes(strip_tags(COM_checkWords($title))); + $cid = addslashes($cid); if (empty ($owner_id)) { // this is new link from admin, set default values diff -r a9694bc60a1a -r 2e3298a69f73 public_html/admin/plugins/staticpages/index.php --- a/public_html/admin/plugins/staticpages/index.php Sat Apr 18 21:10:04 2009 +0200 +++ b/public_html/admin/plugins/staticpages/index.php Sat Apr 18 22:10:44 2009 +0200 @@ -362,9 +362,11 @@ } $sp_template->set_var('sp_content', $content); if ($_SP_CONF['filter_html'] == 1) { - $sp_template->set_var('lang_allowedhtml', COM_allowedHTML()); + $sp_template->set_var('lang_allowedhtml', + COM_allowedHTML('staticpages.edit')); } else { - $sp_template->set_var('lang_allowedhtml', $LANG_STATIC['all_html_allowed']); + $sp_template->set_var('lang_allowedhtml', + $LANG_STATIC['all_html_allowed']); } $sp_template->set_var ('lang_hits', $LANG_STATIC['hits']); if (empty ($A['sp_hits'])) { @@ -476,7 +478,8 @@ if (empty ($A['unixdate'])) { $A['unixdate'] = time (); } - $A['sp_content'] = COM_checkHTML (COM_checkWords ($A['sp_content'])); + $A['sp_content'] = COM_checkHTML(COM_checkWords($A['sp_content']), + 'staticpages.edit'); } if (isset ($A['sp_title'])) { $A['sp_title'] = strip_tags ($A['sp_title']); diff -r a9694bc60a1a -r 2e3298a69f73 public_html/admin/story.php --- a/public_html/admin/story.php Sat Apr 18 21:10:04 2009 +0200 +++ b/public_html/admin/story.php Sat Apr 18 22:10:44 2009 +0200 @@ -660,7 +660,8 @@ } } $story_templates->set_var('post_options',$post_options ); - $story_templates->set_var('lang_allowed_html', COM_allowedHTML()); + $story_templates->set_var('lang_allowed_html', + COM_allowedHTML('story.edit')); $fileinputs = ''; $saved_images = ''; if ($_CONF['maximagesperarticle'] > 0) { diff -r a9694bc60a1a -r 2e3298a69f73 public_html/docs/history --- a/public_html/docs/history Sat Apr 18 21:10:04 2009 +0200 +++ b/public_html/docs/history Sat Apr 18 22:10:44 2009 +0200 @@ -11,6 +11,10 @@ + Comment moderation and editable comments, by Jared Wenerd Other changes: +- Fixed wrong use of COM_allowedHTML and COM_checkHTML in plugins: Functions + were called without specific permissions, so they defaulted to 'story.edit'. + I.e. as a Story Admin, you could use the admin_html set in events, but as a + Calendar admin, you could not ... (bug #0000785) [Dirk] - Added missing finish() calls for some templates, e.g. header.thtml (bug #0000855) [Dirk] - Moved documentation to docs/english so that it can be translated diff -r a9694bc60a1a -r 2e3298a69f73 system/classes/story.class.php --- a/system/classes/story.class.php Sat Apr 18 21:10:04 2009 +0200 +++ b/system/classes/story.class.php Sat Apr 18 22:10:44 2009 +0200 @@ -1908,8 +1908,8 @@ } $this->_title = htmlspecialchars(strip_tags(COM_checkWords($title))); - $this->_introtext = COM_checkHTML(COM_checkWords($intro)); - $this->_bodytext = COM_checkHTML(COM_checkWords($body)); + $this->_introtext = COM_checkHTML(COM_checkWords($intro), 'story.edit'); + $this->_bodytext = COM_checkHTML(COM_checkWords($body), 'story.edit'); } diff -r a9694bc60a1a -r 2e3298a69f73 system/lib-comment.php --- a/system/lib-comment.php Sat Apr 18 21:10:04 2009 +0200 +++ b/system/lib-comment.php Sat Apr 18 22:10:44 2009 +0200 @@ -52,7 +52,7 @@ * * @param string $sid ID of item in question * @param string $title Title of item -* @param string $type Type of item (i.e. story, photo, etc) +* @param string $type Type of item (i.e. article, photo, etc) * @param string $order Order that comments are displayed in * @param string $mode Mode (nested, flat, etc.) * @param int $ccode Comment code: -1=no comments, 0=allowed, 1=closed @@ -813,9 +813,10 @@ $fakepostmode = $postmode; if ($postmode == 'html') { - $comment = COM_checkWords (COM_checkHTML (COM_stripslashes ($comment))); + $html_perm = ($type == 'article') ? 'story.edit' : "$type.edit"; + $comment = COM_checkWords(COM_checkHTML(COM_stripslashes($comment), $html_perm)); } else { - $comment = htmlspecialchars (COM_checkWords (COM_stripslashes ($comment))); + $comment = htmlspecialchars(COM_checkWords(COM_stripslashes($comment))); $newcomment = COM_makeClickableLinks ($comment); if (strcmp ($comment, $newcomment) != 0) { $comment = nl2br ($newcomment); @@ -832,12 +833,12 @@ $_POST['title'] = $title; $newcomment = $comment; - if ($mode == $LANG03[28] ) { //for preview - $newcomment = CMT_prepareText($comment, $postmode, true, $cid); + if ($mode == $LANG03[28] ) { // for preview + $newcomment = CMT_prepareText($comment, $postmode, $type, true, $cid); } elseif ($mode == $LANG03[34]) { - $newcomment = CMT_prepareText($comment, $postmode, true); + $newcomment = CMT_prepareText($comment, $postmode, $type, true); } else { - $newcomment = CMT_prepareText($comment, $postmode); + $newcomment = CMT_prepareText($comment, $postmode, $type); } $_POST['comment'] = $newcomment; @@ -982,8 +983,11 @@ $comment_template->set_var('lang_comment', $LANG03[9]); $comment_template->set_var('comment', $commenttext); $comment_template->set_var('lang_postmode', $LANG03[2]); - $comment_template->set_var('postmode_options', COM_optionList($_TABLES['postmodes'],'code,name',$postmode)); - $comment_template->set_var('allowed_html', COM_allowedHTML()); + $comment_template->set_var('postmode_options', + COM_optionList($_TABLES['postmodes'], 'code,name', $postmode)); + $comment_template->set_var('allowed_html', + COM_allowedHTML($type == 'article' + ? 'story.edit' : "$type.edit")); $comment_template->set_var('lang_importantstuff', $LANG03[18]); $comment_template->set_var('lang_instr_line1', $LANG03[19]); $comment_template->set_var('lang_instr_line2', $LANG03[20]); @@ -1108,7 +1112,7 @@ return $someError; } - $comment = addslashes(CMT_prepareText($comment, $postmode)); + $comment = addslashes(CMT_prepareText($comment, $postmode, $type)); $title = addslashes(COM_checkWords(strip_tags($title))); if (isset($_POST['username']) && strcmp($_POST['username'],$LANG03[24]) != 0 && $uid == 1) { @@ -1513,10 +1517,10 @@ $display = ''; - $type = COM_applyFilter ($_POST['type']); - $sid = COM_applyFilter ($_POST['sid']); - $cid = COM_applyFilter ($_POST['cid']); - $postmode = COM_applyFilter ($_POST['postmode']); + $type = COM_applyFilter($_POST['type']); + $sid = COM_applyFilter($_POST['sid']); + $cid = COM_applyFilter($_POST['cid']); + $postmode = COM_applyFilter($_POST['postmode']); $commentuid = DB_getItem ($_TABLES['comments'], 'uid', "cid = '$cid'"); if ( empty($_USER['uid'])) { @@ -1525,11 +1529,10 @@ $uid = $_USER['uid']; } - //check for bad input - if (empty ($sid) || empty ($_POST['title']) || empty ($_POST['comment']) || !is_numeric ($cid) - || $cid < 1 ) { - COM_errorLog("CMT_handleEditSubmit(): {{$_USER['uid']} from {$_SERVER['REMOTE_ADDR']} tried " - . 'to edit a comment with one or more missing values.'); + // check for bad input + if (empty($sid) || empty($_POST['title']) || empty($_POST['comment']) || + !is_numeric($cid) || ($cid < 1)) { + COM_errorLog("CMT_handleEditSubmit(): {{$_USER['uid']} from {$_SERVER['REMOTE_ADDR']} tried to edit a comment with one or more missing values."); return COM_refresh($_CONF['site_url'] . '/index.php'); } elseif ( $uid != $commentuid && !SEC_hasRights( 'comment.moderate' ) ) { //check permissions @@ -1538,7 +1541,7 @@ return COM_refresh($_CONF['site_url'] . '/index.php'); } - $comment = CMT_prepareText($_POST['comment'], $postmode); + $comment = CMT_prepareText($_POST['comment'], $postmode, $type); $title = COM_checkWords (strip_tags (COM_stripslashes ($_POST['title']))); if ($mode == $LANG03[35]) { @@ -1573,7 +1576,9 @@ . 'to submit a comment with invalid $title and/or $comment.'); return COM_refresh($_CONF['site_url'] . '/index.php'); } - return COM_refresh (COM_buildUrl ($_CONF['site_url'] . "/article.php?story=$sid")); + + return COM_refresh(COM_buildUrl($_CONF['site_url'] + . "/article.php?story=$sid")); } /** @@ -1581,21 +1586,24 @@ * * @copyright Jared Wenerd 2008 * @author Jared Wenerd, wenerd87 AT gmail DOT com - * @param string $comment comment text - * @param string $postmode ('html', 'plaintext',..) + * @param string $comment comment text + * @param string $postmode ('html', 'plaintext', ...) + * @param string $type Type of item (article, poll, etc.) * @param bool $edit if true append edit tag * @param int $cid commentid if editing comment (for proper sig) * @return string of comment text */ -function CMT_prepareText($comment, $postmode, $edit = false, $cid = null) +function CMT_prepareText($comment, $postmode, $type, $edit = false, $cid = null) { global $_USER, $_TABLES, $LANG03, $_CONF; if ($postmode == 'html') { - $comment = COM_checkWords (COM_checkHTML (COM_stripslashes ($comment))); + $html_perm = ($type == 'article') ? 'story.edit' : "$type.edit"; + $comment = COM_checkWords(COM_checkHTML(COM_stripslashes($comment), + $html_perm)); } else { From geeklog-cvs at lists.geeklog.net Sat Apr 18 16:46:30 2009 From: geeklog-cvs at lists.geeklog.net (geeklog-cvs at lists.geeklog.net) Date: Sat, 18 Apr 2009 16:46:30 -0400 Subject: [geeklog-cvs] geeklog: Added colons (for consistency) Message-ID: details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/1f91c5b92808 changeset: 6961:1f91c5b92808 user: Dirk Haun date: Sat Apr 18 22:26:05 2009 +0200 description: Added colons (for consistency) diffstat: 1 file changed, 5 insertions(+), 5 deletions(-) plugins/links/templates/admin/categoryeditor.thtml | 10 +++++----- diffs (32 lines): diff -r 2e3298a69f73 -r 1f91c5b92808 plugins/links/templates/admin/categoryeditor.thtml --- a/plugins/links/templates/admin/categoryeditor.thtml Sat Apr 18 22:10:44 2009 +0200 +++ b/plugins/links/templates/admin/categoryeditor.thtml Sat Apr 18 22:26:05 2009 +0200 @@ -3,23 +3,23 @@

{lang_deleteoption}:

From geeklog-cvs at lists.geeklog.net Mon Apr 13 06:47:46 2009 From: geeklog-cvs at lists.geeklog.net (geeklog-cvs at lists.geeklog.net) Date: Mon, 13 Apr 2009 06:47:46 -0400 Subject: [geeklog-cvs] geeklog: Fixed E_ALL error when permanent cookie expired Message-ID: details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/9974c9c57e3c changeset: 6937:9974c9c57e3c user: Dirk Haun date: Mon Apr 13 11:34:54 2009 +0200 description: Fixed E_ALL error when permanent cookie expired diffstat: 1 file changed, 9 insertions(+), 8 deletions(-) system/lib-sessions.php | 17 +++++++++-------- diffs (38 lines): diff -r 135118e76d96 -r 9974c9c57e3c system/lib-sessions.php --- a/system/lib-sessions.php Mon Apr 13 11:30:14 2009 +0200 +++ b/system/lib-sessions.php Mon Apr 13 11:34:54 2009 +0200 @@ -130,12 +130,13 @@ $userid = COM_applyFilter ($userid, true); $cookie_password = ''; $userpass = ''; - if ($userid > 1) { + if (($userid > 1) && + isset($_COOKIE[$_CONF['cookie_password']])) { $cookie_password = $_COOKIE[$_CONF['cookie_password']]; - $userpass = DB_getItem ($_TABLES['users'], 'passwd', - "uid = $userid"); + $userpass = DB_getItem($_TABLES['users'], 'passwd', + "uid = $userid"); } - if (empty ($cookie_password) || ($cookie_password <> $userpass)) { + if (empty($cookie_password) || ($cookie_password <> $userpass)) { // User may have modified their UID in cookie, ignore them } else if ($userid > 1) { // Check user status @@ -175,12 +176,12 @@ $userid = COM_applyFilter ($userid, true); $cookie_password = ''; $userpass = ''; - if ($userid > 1) { - $userpass = DB_getItem ($_TABLES['users'], 'passwd', - "uid = $userid"); + if (($userid > 1) && isset($_COOKIE[$_CONF['cookie_password']])) { + $userpass = DB_getItem($_TABLES['users'], 'passwd', + "uid = $userid"); $cookie_password = $_COOKIE[$_CONF['cookie_password']]; } - if (empty ($cookie_password) || ($cookie_password <> $userpass)) { + if (empty($cookie_password) || ($cookie_password <> $userpass)) { // User could have modified UID in cookie, don't do shit } else if ($userid > 1) { // Check user status From geeklog-cvs at lists.geeklog.net Mon Apr 13 06:47:47 2009 From: geeklog-cvs at lists.geeklog.net (geeklog-cvs at lists.geeklog.net) Date: Mon, 13 Apr 2009 06:47:47 -0400 Subject: [geeklog-cvs] geeklog: Comment signature and edit notes should be in

not... Message-ID: details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/30016d8c4d9c changeset: 6938:30016d8c4d9c user: Dirk Haun date: Mon Apr 13 11:36:37 2009 +0200 description: Comment signature and edit notes should be in

not diffstat: 2 files changed, 20 insertions(+), 14 deletions(-) public_html/layout/professional/style.css | 5 +++++ system/lib-comment.php | 29 +++++++++++++++-------------- diffs (79 lines): diff -r 9974c9c57e3c -r 30016d8c4d9c public_html/layout/professional/style.css --- a/public_html/layout/professional/style.css Mon Apr 13 11:34:54 2009 +0200 +++ b/public_html/layout/professional/style.css Mon Apr 13 11:36:37 2009 +0200 @@ -411,6 +411,11 @@ } .comment-edit { font-style: italic; + padding-top:1ex; +} +.comment-sig { + color:#666666; + padding-top:1ex; } /******************************************************************************/ .edit-perm-down { diff -r 9974c9c57e3c -r 30016d8c4d9c system/lib-comment.php --- a/system/lib-comment.php Mon Apr 13 11:34:54 2009 +0200 +++ b/system/lib-comment.php Mon Apr 13 11:36:37 2009 +0200 @@ -299,10 +299,10 @@ "uid={$B['uid']}"); } // add edit info to text - $A['comment'] .= LB . '' . $LANG03[30] - . ' ' . strftime($_CONF['date'], $B['time']) . ' ' + $A['comment'] .= '

' . $LANG03[30] . ' ' + . strftime($_CONF['date'], $B['time']) . ' ' . $LANG03[31] . ' ' . $editname - . ''; + . '

'; } // determines indentation for current comment @@ -503,10 +503,11 @@ } //and finally: format the actual text of the comment, but check only the text, not sig or edit - $text = str_replace('', '', $A['comment']); - $text = str_replace('', '', $text); - $text = str_replace('', '', $text); - $text = str_replace('', '', $text); + $text = str_replace('

', '', + $A['comment']); + $text = str_replace('

', '', $text); + $text = str_replace('

', '', $text); if( preg_match( '/<.*>/', $text ) == 0 ) { $A['comment'] = nl2br( $A['comment'] ); } @@ -1602,9 +1603,9 @@ } if ($edit) { - $comment .= LB . '' . $LANG03[30] . ' ' - . strftime( $_CONF['date'], time() ) . ' ' .$LANG03[31] .' ' - . $_USER['username'] . ''; + $comment .= '

' . $LANG03[30] . ' ' + . strftime($_CONF['date'], time()) . ' ' .$LANG03[31] .' ' + . $_USER['username'] . '

'; $text = $comment; } @@ -1622,13 +1623,13 @@ if ($uid > 1) { $sig = DB_getItem ($_TABLES['users'], 'sig', "uid = '$uid'"); if (!empty ($sig)) { - $comment .= ''; + $comment .= '

'; if ( $postmode == 'html') { - $comment .= '

---' . nl2br ($sig); + $comment .= '---' . nl2br($sig); } else { - $comment .= LB . LB . '---' . LB . $sig; + $comment .= '---' . LB . $sig; } - $comment .= ''; + $comment .= '

'; } } From geeklog-cvs at lists.geeklog.net Mon Apr 13 06:47:48 2009 From: geeklog-cvs at lists.geeklog.net (geeklog-cvs at lists.geeklog.net) Date: Mon, 13 Apr 2009 06:47:48 -0400 Subject: [geeklog-cvs] geeklog: Too many nested and

tags Message-ID: details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/e585b2e59749 changeset: 6939:e585b2e59749 user: Dirk Haun date: Mon Apr 13 11:52:14 2009 +0200 description: Too many nested and

tags diffstat: 4 files changed, 4 insertions(+), 4 deletions(-) public_html/layout/professional/comment/commentform.thtml | 2 +- public_html/layout/professional/comment/commentform_advanced.thtml | 2 +- public_html/layout/professional/submit/submitstory.thtml | 2 +- public_html/layout/professional/submit/submitstory_advanced.thtml | 2 +- diffs (48 lines): diff -r 30016d8c4d9c -r e585b2e59749 public_html/layout/professional/comment/commentform.thtml --- a/public_html/layout/professional/comment/commentform.thtml Mon Apr 13 11:36:37 2009 +0200 +++ b/public_html/layout/professional/comment/commentform.thtml Mon Apr 13 11:52:14 2009 +0200 @@ -26,7 +26,7 @@ - {allowed_html} + {allowed_html}

- + - + - + - + - + From geeklog-cvs at lists.geeklog.net Sat Apr 18 17:41:53 2009 From: geeklog-cvs at lists.geeklog.net (geeklog-cvs at lists.geeklog.net) Date: Sat, 18 Apr 2009 17:41:53 -0400 Subject: [geeklog-cvs] geeklog: Bad design decision: COM_checkList would use the table ... Message-ID: details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/41c7d6494b98 changeset: 6962:41c7d6494b98 user: Dirk Haun date: Sat Apr 18 23:37:42 2009 +0200 description: Bad design decision: COM_checkList would use the table name in the HTML. Added a new parameter for the name to use instead. diffstat: 3 files changed, 34 insertions(+), 24 deletions(-) public_html/docs/history | 3 +++ public_html/lib-common.php | 30 ++++++++++++++++++------------ public_html/usersettings.php | 25 +++++++++++++------------ diffs (119 lines): diff -r 1f91c5b92808 -r 41c7d6494b98 public_html/docs/history --- a/public_html/docs/history Sat Apr 18 22:26:05 2009 +0200 +++ b/public_html/docs/history Sat Apr 18 23:37:42 2009 +0200 @@ -11,6 +11,9 @@ + Comment moderation and editable comments, by Jared Wenerd Other changes: +- COM_checkList would use the table name for the name of the checkbox array in + the HTML(!) - added a new parameter for the name (pointed out by Bookoo in + the exploit for usersettings.php, cf. Geeklog 1.5.2sr4) [Dirk] - Fixed wrong use of COM_allowedHTML and COM_checkHTML in plugins: Functions were called without specific permissions, so they defaulted to 'story.edit'. I.e. as a Story Admin, you could use the admin_html set in events, but as a diff -r 1f91c5b92808 -r 41c7d6494b98 public_html/lib-common.php --- a/public_html/lib-common.php Sat Apr 18 22:26:05 2009 +0200 +++ b/public_html/lib-common.php Sat Apr 18 23:37:42 2009 +0200 @@ -88,7 +88,7 @@ * Configuration Include: * You do NOT need to modify anything here any more! */ -require_once 'siteconfig.php' ; +require_once 'siteconfig.php'; /** * Configuration class @@ -1703,16 +1703,16 @@ * * Creates a group of checkbox form fields with given arguments * -* @param string $table DB Table to pull data from -* @param string $selection Comma delimited list of fields to pull from table -* @param string $where Where clause of SQL statement -* @param string $selected Value to set to CHECKED -* @see function COM_optionList -* @return string HTML with Checkbox code -* -*/ - -function COM_checkList( $table, $selection, $where='', $selected='' ) +* @param string $table DB Table to pull data from +* @param string $selection Comma delimited list of fields to pull from table +* @param string $where Where clause of SQL statement +* @param string $selected Value to set to CHECKED +* @param string $fieldname Name to use for the checkbox array +* @return string HTML with Checkbox code +* @see COM_optionList +* +*/ +function COM_checkList($table, $selection, $where = '', $selected = '', $fieldname = '') { global $_TABLES, $_COM_VERBOSE; @@ -1755,9 +1755,15 @@ $access = false; } + if (empty($fieldname)) { + // Not a good idea, as that will expose our table name and prefix! + // Make sure you pass a distinct field name! + $fieldname = $table; + } + if( $access ) { - $retval .= '

set_var ('exclude_topic_checklist', - COM_checkList($_TABLES['topics'],'tid,topic',$permissions,$A['tids'])); + COM_checkList($_TABLES['topics'], 'tid,topic', $permissions, $A['tids'], + 'topics')); if (($_CONF['contributedbyline'] == 1) && ($_CONF['hide_author_exclusion'] == 0)) { @@ -639,13 +640,13 @@ } elseif ($user_etids == '-') { // this means "no topics" $user_etids = ''; } - $tmp = COM_checkList ($_TABLES['topics'], 'tid,topic', $permissions, - $user_etids); - $preferences->set_var ('email_topic_checklist', - str_replace ($_TABLES['topics'], 'etids', $tmp)); - $preferences->parse ('digest_block', 'digest', true); + $tmp = COM_checkList($_TABLES['topics'], 'tid,topic', $permissions, + $user_etids, 'topics'); + $preferences->set_var('email_topic_checklist', + str_replace($_TABLES['topics'], 'etids', $tmp)); + $preferences->parse('digest_block', 'digest', true); } else { - $preferences->set_var ('digest_block', ''); + $preferences->set_var('digest_block', ''); } // boxes block @@ -1372,11 +1373,11 @@ } } - $TIDS = @array_values($A[$_TABLES['topics']]); // array of strings - $AIDS = @array_values($A['selauthors']); // array of integers - $BOXES = @array_values($A["{$_TABLES['blocks']}"]); // array of integers - $ETIDS = @array_values($A['etids']); // array of strings - $AETIDS = USER_getAllowedTopics(); // array of strings (fetched, needed to "clean" $TIDS and $ETIDS) + $TIDS = @array_values($A['topics']); // array of strings + $AIDS = @array_values($A['selauthors']); // array of integers + $BOXES = @array_values($A['blocks']); // array of integers + $ETIDS = @array_values($A['etids']); // array of strings + $AETIDS = USER_getAllowedTopics(); // array of strings (fetched, needed to "clean" $TIDS and $ETIDS) $tids = ''; if (sizeof ($TIDS) > 0) { From geeklog-cvs at lists.geeklog.net Sat Apr 18 20:58:18 2009 From: geeklog-cvs at lists.geeklog.net (geeklog-cvs at lists.geeklog.net) Date: Sat, 18 Apr 2009 20:58:18 -0400 Subject: [geeklog-cvs] geeklog: Added nicer install script buttons, removed functions u... Message-ID: details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/6443b6740a09 changeset: 6963:6443b6740a09 user: Matt West date: Sat Apr 18 20:56:36 2009 -0400 description: Added nicer install script buttons, removed functions used during install script development diffstat: 5 files changed, 131 insertions(+), 156 deletions(-) public_html/admin/install/index.php | 102 ++++++++++++------------- public_html/admin/install/install-plugins.php | 8 - public_html/admin/install/layout/style.css | 27 ++++++ public_html/admin/install/lib-install.php | 54 ------------- public_html/admin/install/migrate.php | 96 +++++++++++------------ diffs (truncated from 569 to 300 lines): diff -r 41c7d6494b98 -r 6443b6740a09 public_html/admin/install/index.php --- a/public_html/admin/install/index.php Sat Apr 18 23:37:42 2009 +0200 +++ b/public_html/admin/install/index.php Sat Apr 18 20:56:36 2009 -0400 @@ -29,8 +29,8 @@ // | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. | // | | // +---------------------------------------------------------------------------+ -// | You don't need to change anything in this file. Please read | -// | docs/english/install.html which describes how to install Geeklog. | +// | You don't need to change anything in this file. | +// | Please read docs/install.html which describes how to install Geeklog. | // +---------------------------------------------------------------------------+ require_once 'lib-install.php'; @@ -181,8 +181,8 @@ $display .=' - - + + ' . LB; break; @@ -303,7 +303,7 @@ ' . $hidden_fields . ' - + @@ -313,7 +313,7 @@ ' . $hidden_fields . ' - + ' . LB; @@ -361,7 +361,7 @@ } $display .= '

- + ' . LB; $curv = $old_versions[count($old_versions) - 1]; @@ -425,11 +425,11 @@ - + - + @@ -438,7 +438,7 @@ - + @@ -697,7 +697,7 @@ -

'; return $display; @@ -938,7 +938,7 @@ } $display .= ' - + '; } $display .= ' @@ -975,7 +975,7 @@ $dbconfig_path = ''; $dbconfig_file = 'db-config.php'; - $display .= INST_printTab(2) . '

' . $LANG_INSTALL[3] . '

' . LB; + $display .= '

' . $LANG_INSTALL[3] . '

' . LB; if (!file_exists($gl_path . $dbconfig_file) && !file_exists($gl_path . 'public_html/' . $dbconfig_file)) { // If the file/directory is not located in the default location @@ -1002,7 +1002,7 @@ ' . $form_fields . ' - + ' . LB; $display .= '

' . $LANG_INSTALL[94] . '

' . LB . '

' . $LANG_INSTALL[95] . '' . LB @@ -1038,16 +1038,16 @@ // The path to db-config.php is what we'll use to generate our /path/to/geeklog so // we want to make sure it's valid and exists before we continue and create problems. if (!file_exists($_PATH['db-config.php'])) { - $display .= INST_printTab(2) . '
' . $LANG_INSTALL[3] . '
' . LB - . INST_printTab(3) . '
' . $LANG_INSTALL[38] . '' . LB - . INST_printTab(3) . $LANG_INSTALL[84] . '' . $_PATH['db-config.php'] . '' . $LANG_INSTALL[85] . LB - . INST_printTab(3) . '
' . LB - . INST_printTab(3) . '
' . LB - . INST_printTab(3) . '
' . LB - . INST_printTab(3) . '' . LB - . INST_printTab(3) . '' . LB - . INST_printTab(3) . '' . LB - . INST_printTab(3) . '
' . LB; + $display .= '
' . $LANG_INSTALL[3] . '
' . LB + . '
' . $LANG_INSTALL[38] . '' . LB + . $LANG_INSTALL[84] . '' . $_PATH['db-config.php'] . '' . $LANG_INSTALL[85] . LB + . '
' . LB + . '
' . LB + . '
' . LB + . '' . LB + . '' . LB + . '' . LB + . '
' . LB; } else { require_once $_PATH['db-config.php']; // We need db-config.php the current DB information @@ -1055,8 +1055,8 @@ $gl_path = str_replace('db-config.php', '', $_PATH['db-config.php']); $num_wrong = 0; // number of files with wrong permissions - $display_permissions = INST_printTab(4) . '
' . $LANG_INSTALL[10] . ' ' . LB - . INST_printTab(5) . '' . $LANG_INSTALL[11] . '
' . LB; + $display_permissions = '
' . $LANG_INSTALL[10] . ' ' . LB + . '' . $LANG_INSTALL[11] . '
' . LB; $chmod_string = 'chmod -R 777 '; // Files to check if writable $file_list = array( $_PATH['db-config.php'], @@ -1075,8 +1075,8 @@ foreach ($file_list as $file) { if (!is_writable($file)) { $permission = sprintf("%3o", @fileperms($file) & 0777); - $display_permissions .= INST_printTab(4) . '
' . $file . '' . LB - . INST_printTab(5) . ' ' . $LANG_INSTALL[12] . ' 777 (' + $display_permissions .= '
' . $file . '' . LB + . ' ' . $LANG_INSTALL[12] . ' 777 (' . $LANG_INSTALL[13] . ' ' . $permission . ')
' . LB ; $chmod_string .= $file . ' ' ; $num_wrong++; @@ -1091,27 +1091,27 @@ if ($num_wrong) { // If any files have incorrect permissions. - $display .= INST_printTab(2) . '
' . $LANG_INSTALL[101] . ' ' . $display_step . ' - ' . $LANG_INSTALL[97] . '
' . LB; + $display .= '
' . $LANG_INSTALL[101] . ' ' . $display_step . ' - ' . $LANG_INSTALL[97] . '
' . LB; $display_step++; if (isset($_GET['install_type'])) { // If the user tried to start an installation before setting file permissions - $display .= INST_printTab(3) . '
' . $LANG_INSTALL[38] . ' ' + $display .= '
' . $LANG_INSTALL[38] . ' ' . $LANG_INSTALL[21] . '
' . LB; } else { // The first page that is displayed during the "check_permissions" step - $display .= INST_printTab(3) . '
' . $LANG_INSTALL[9] . '
' . LB - . INST_printTab(3) . '
' . $LANG_INSTALL[19] . '
' . LB; + $display .= '
' . $LANG_INSTALL[9] . '
' . LB + . '
' . $LANG_INSTALL[19] . '
' . LB; } // List the files that have incorrect permissions and also what the permissions should be // Also, list the auto-generated chmod command for advanced users - $display .= INST_printTab(3) . '
' . LB - . $display_permissions . INST_printTab(3) . '
' . LB - . INST_printTab(3) . '
' . $LANG_INSTALL[98] . '
' . LB - . INST_printTab(3) . '
' . $LANG_INSTALL[99] . '
' . LB - . INST_printTab(3) . '
' . $chmod_string . LB - . INST_printTab(3) . '

' . LB; + $display .= '
' . LB + . $display_permissions . '
' . LB + . '
' . $LANG_INSTALL[98] . '
' . LB + . '
' . $LANG_INSTALL[99] . '
' . LB + . '
' . $chmod_string . LB + . '

' . LB; $step++; } else { @@ -1149,16 +1149,16 @@ // Show the "Select your installation method" buttons $upgr_class = ($LANG_DIRECTION == 'rtl') ? 'upgrade-rtl' : 'upgrade' ; - $display .= INST_printTab(2) . '
' . $LANG_INSTALL[101] . ' ' . $display_step . ' - ' . $LANG_INSTALL[23] . '
' . LB - . INST_printTab(3) . '
' . LB - . INST_printTab(3) . '' . LB - . INST_printTab(3) . '' . LB - . INST_printTab(3) . '' . LB - . INST_printTab(3) . '' . LB - . INST_printTab(3) . '' . LB - . INST_printTab(3) . '' . LB - . INST_printTab(3) . '' . LB - . INST_printTab(3) . '
' . LB; + $display .= '
' . $LANG_INSTALL[101] . ' ' . $display_step . ' - ' . $LANG_INSTALL[23] . '
' . LB + . '
' . LB + . '' . LB + . '' . LB + . '' . LB + . '' . LB + . '' . LB + . '' . LB + . '' . LB + . '
' . LB; } break; @@ -1236,9 +1236,9 @@ } // end if (php_v()) -$display .= INST_printTab(3) . '' . LB - . INST_printTab(2) . '
' . LB - . INST_printTab(1) . '' . LB +$display .= '' . LB + . '' . LB + . '' . LB . '' . LB . ''; diff -r 41c7d6494b98 -r 6443b6740a09 public_html/admin/install/install-plugins.php --- a/public_html/admin/install/install-plugins.php Sat Apr 18 23:37:42 2009 +0200 +++ b/public_html/admin/install/install-plugins.php Sat Apr 18 20:56:36 2009 -0400 @@ -247,7 +247,7 @@ . '' . LB . '
' . $LANG_PLUGINS[10] . ' ' . INST_helpLink('plugin_upload') . ' ' . LB . '
' . LB - . '
' . LB + . '
' . LB . '' . LB; } @@ -457,15 +457,15 @@ // Form footer $display .= '

{lang_parent}	{lang_parent}:
{lang_category}	{lang_category}:
{lang_cid}	{lang_cid}:
{lang_description}	{lang_description}:
{lang_topic}	{lang_topic}:	{topic_selection}

' . LB - . '' . LB - . '' . LB + . '' . LB + . '' . LB . '

' . LB; } else { $display .= '

' . $LANG_PLUGINS[20] . '

' . LB . '

' . LB; } diff -r 41c7d6494b98 -r 6443b6740a09 public_html/admin/install/layout/style.css --- a/public_html/admin/install/layout/style.css Sat Apr 18 23:37:42 2009 +0200 +++ b/public_html/admin/install/layout/style.css Sat Apr 18 20:56:36 2009 -0400 @@ -59,9 +59,7 @@ color:#FF0000 } body { -/* width:99%; */ width:800px; -/* background:#FFFFFF; */ background:#1A3955; color:#000000; font:.8em arial,sans-serif,verdana,tahoma,helvetica; @@ -469,3 +467,28 @@ margin-left:1em; margin-right:1em; } + +.button { + background-color: #1A3955; + border: 0px; + color: white; + text-align: center; + -moz-border-radius: 5px; + -webkit-border-radius: 5px; +} + +.button:hover { + background-color: #295a86; +} + From geeklog-cvs at lists.geeklog.net Sun Apr 19 03:31:56 2009 From: geeklog-cvs at lists.geeklog.net (geeklog-cvs at lists.geeklog.net) Date: Sun, 19 Apr 2009 03:31:56 -0400 Subject: [geeklog-cvs] geeklog: No need to even look at $ETIDS when the Daily Digest is... Message-ID: details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/0fa486c53e02 changeset: 6964:0fa486c53e02 user: Dirk Haun date: Sun Apr 19 00:05:27 2009 +0200 description: No need to even look at $ETIDS when the Daily Digest is disabled diffstat: 1 file changed, 1 insertion(+), 1 deletion(-) public_html/usersettings.php | 2 +- diffs (12 lines): diff -r 41c7d6494b98 -r 0fa486c53e02 public_html/usersettings.php --- a/public_html/usersettings.php Sat Apr 18 23:37:42 2009 +0200 +++ b/public_html/usersettings.php Sun Apr 19 00:05:27 2009 +0200 @@ -1416,7 +1416,7 @@ } $etids = ''; - if (sizeof ($ETIDS) > 0) { + if (($_CONF['emailstories'] == 1) && (sizeof($ETIDS) > 0)) { // the array_intersect mitigates the need to scrub the ETIDS input $etids = addslashes (implode (' ', array_intersect ($AETIDS, $ETIDS))); } From geeklog-cvs at lists.geeklog.net Sun Apr 19 03:31:56 2009 From: geeklog-cvs at lists.geeklog.net (geeklog-cvs at lists.geeklog.net) Date: Sun, 19 Apr 2009 03:31:56 -0400 Subject: [geeklog-cvs] geeklog: We'd better filter the Spam-X command, just in case Message-ID: details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/729132c4527b changeset: 6965:729132c4527b user: Dirk Haun date: Sun Apr 19 00:23:45 2009 +0200 description: We'd better filter the Spam-X command, just in case diffstat: 1 file changed, 32 insertions(+), 28 deletions(-) public_html/admin/plugins/spamx/index.php | 60 +++++++++++++++-------------- diffs (94 lines): diff -r 0fa486c53e02 -r 729132c4527b public_html/admin/plugins/spamx/index.php --- a/public_html/admin/plugins/spamx/index.php Sun Apr 19 00:05:27 2009 +0200 +++ b/public_html/admin/plugins/spamx/index.php Sun Apr 19 00:23:45 2009 +0200 @@ -3,9 +3,9 @@ // +---------------------------------------------------------------------------+ // | Spam-X plugin 1.2 | // +---------------------------------------------------------------------------+ -// | admin/index.php | +// | index.php | // | | -// | Administration page. | +// | Spam-X administration page. | // +---------------------------------------------------------------------------+ // | Copyright (C) 2002-2009 by the following authors: | // | | @@ -65,48 +65,52 @@ * Main */ -$display = COM_siteHeader ('menu', $LANG_SX00['plugin_name']); -$T = new Template ($_CONF['path'] . 'plugins/spamx/templates'); -$T->set_file ('admin', 'admin.thtml'); -$T->set_var ( 'xhtml', XHTML ); -$T->set_var ('site_url', $_CONF['site_url']); -$T->set_var ('site_admin_url', $_CONF['site_admin_url']); -$T->set_var ('header', $LANG_SX00['admin']); -$T->set_var ('plugin_name', $LANG_SX00['plugin_name']); -$T->set_var ('plugin', 'spamx'); -$T->parse ('output', 'admin'); -$display .= $T->finish ($T->get_var ('output')); +$display = COM_siteHeader('menu', $LANG_SX00['plugin_name']); +$T = new Template($_CONF['path'] . 'plugins/spamx/templates'); +$T->set_file('admin', 'admin.thtml'); +$T->set_var('xhtml', XHTML); +$T->set_var('site_url', $_CONF['site_url']); +$T->set_var('site_admin_url', $_CONF['site_admin_url']); +$T->set_var('layout_url', $_CONF['layout_url']); +$T->set_var('header', $LANG_SX00['admin']); +$T->set_var('plugin_name', $LANG_SX00['plugin_name']); +$T->set_var('plugin', 'spamx'); +$T->parse('output', 'admin'); +$display .= $T->finish($T->get_var('output')); -$files = array (); -if ($dir = @opendir ($_CONF['path'] . 'plugins/spamx/')) { - while (($file = readdir ($dir)) !== false) { - if (is_file ($_CONF['path'] . 'plugins/spamx/' . $file)) - { - if (substr ($file, -16) == '.Admin.class.php') { - $tmp = str_replace ('.Admin.class.php', '', $file); - array_push ($files, $tmp); +$files = array(); +if ($dir = @opendir($_CONF['path'] . 'plugins/spamx/')) { + while (($file = readdir($dir)) !== false) { + if (is_file($_CONF['path'] . 'plugins/spamx/' . $file)) { + if (substr($file, -16) == '.Admin.class.php') { + $tmp = str_replace('.Admin.class.php', '', $file); + array_push($files, $tmp); } } } - closedir ($dir); + closedir($dir); } $display .= '

' . $LANG_SX00['adminc'] . '

' . COM_createLink($CM->link (), $_CONF['site_admin_url'] + $display .= '
' . COM_createLink($CM->link(), $_CONF['site_admin_url'] . '/plugins/spamx/index.php?command=' . $file) . '
' . COM_createLink($LANG_SX00['documentation'], plugin_getdocumentationurl_spamx('index')) . '

'; -if (isset ($_REQUEST['command'])) { - $CM = new $_REQUEST['command']; - $display .= $CM->display (); +if (isset($_REQUEST['command'])) { + $cmd = COM_applyFilter($_REQUEST['command']); + if (!empty($cmd) && in_array($cmd, $files)) { + $CM = new $cmd; + $display .= $CM->display(); + } } -$display .= COM_siteFooter (true); +$display .= COM_siteFooter(true); echo $display; From geeklog-cvs at lists.geeklog.net Sun Apr 19 03:31:57 2009 From: geeklog-cvs at lists.geeklog.net (geeklog-cvs at lists.geeklog.net) Date: Sun, 19 Apr 2009 03:31:57 -0400 Subject: [geeklog-cvs] geeklog: Merging branches Message-ID: details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/1f89a4c2396a changeset: 6966:1f89a4c2396a user: Dirk Haun date: Sun Apr 19 09:20:39 2009 +0200 description: Merging branches diffstat: 5 files changed, 129 insertions(+), 154 deletions(-) public_html/admin/install/index.php | 98 ++++++++++++------------- public_html/admin/install/install-plugins.php | 8 +- public_html/admin/install/layout/style.css | 27 ++++++ public_html/admin/install/lib-install.php | 54 ------------- public_html/admin/install/migrate.php | 96 ++++++++++++------------ diffs (truncated from 558 to 300 lines): diff -r 729132c4527b -r 1f89a4c2396a public_html/admin/install/index.php --- a/public_html/admin/install/index.php Sun Apr 19 00:23:45 2009 +0200 +++ b/public_html/admin/install/index.php Sun Apr 19 09:20:39 2009 +0200 @@ -181,8 +181,8 @@ $display .=' - - + + ' . LB; break; @@ -303,7 +303,7 @@ ' . $hidden_fields . ' - +

'.$LANG20[4].'
'.$LANG20[5].'
'.$LANG20[6].'' - .'

'.$LANG20[4].'
'.$LANG20[5].'
'.$LANG20[6].'' + .'

'.$LANG20[4].'
'.$LANG20[5].'
'.$LANG20[6].'' - .'

'.$LANG20[4].'
'.$LANG20[5].'
'.$LANG20[6].'' + .'

' . $LANG_INSTALL[3] . '

' . $LANG_INSTALL[3] . '

' . $LANG_INSTALL[3] . '

' . $LANG_INSTALL[3] . '

' . $LANG_INSTALL[101] . ' ' . $display_step . ' - ' . $LANG_INSTALL[97] . '

' . $LANG_INSTALL[101] . ' ' . $display_step . ' - ' . $LANG_INSTALL[97] . '

' . $LANG_INSTALL[98] . '

' . $LANG_INSTALL[98] . '

' . $LANG_INSTALL[101] . ' ' . $display_step . ' - ' . $LANG_INSTALL[23] . '

' . $LANG_INSTALL[101] . ' ' . $display_step . ' - ' . $LANG_INSTALL[23] . '

' . $LANG_INSTALL[3] . '

' . $LANG_INSTALL[3] . '

' . $LANG_INSTALL[3] . '

' . $LANG_INSTALL[3] . '

' . $LANG_INSTALL[101] . ' ' . $display_step . ' - ' . $LANG_INSTALL[97] . '

' . $LANG_INSTALL[101] . ' ' . $display_step . ' - ' . $LANG_INSTALL[97] . '

' . $LANG_INSTALL[98] . '

' . $LANG_INSTALL[98] . '

' . $LANG_INSTALL[101] . ' ' . $display_step . ' - ' . $LANG_INSTALL[23] . '

' . $LANG_INSTALL[101] . ' ' . $display_step . ' - ' . $LANG_INSTALL[23] . '

Plugins

Blog/CMS Features

Administration Features

Security Features

Developer Features

Development

Security Issues

Plugins

Plugins