Commit 20397ad3 authored by Dries's avatar Dries

CHANGES

- Redid settings.module and even renamed it to conf.module.
    * Settings are now grouped in basic categories like "system
      settings", "module settings" and "filters".
  * Added new settings to make Drupal easier to configure and
  to make some aspects like the watchdog scale better.

- Renamed includes/settings.php to includes/conf.php.

- Added filter support to conf.module and introduced filter hooks so
  modules can implement and export new filters.  Example filters are
  an HTML filter (implemented), a profanity filter, an url converter,
  ASCII smileys to images filter and so on ...

- Reworked the check_* functions: user contributed content/input is
  only verified and filtered once in its lifespan.

NOTES

- Altough this is a large commit, no database changes are required.
parent 3fbd49d7
......@@ -2,7 +2,7 @@
include_once "includes/common.inc";
if (variable_get(dev_timing, 0)) timer_start();
page_header();
function account_get_user($uname) {
$result = db_query("SELECT * FROM users WHERE userid = '$uname'");
......@@ -74,7 +74,7 @@ function account_session_close() {
}
function account_user_edit() {
global $allowed_html, $theme, $user;
global $theme, $user;
if ($user->id) {
// construct form:
......@@ -83,8 +83,8 @@ function account_user_edit() {
$form .= form_item(t("Real e-mail address"), $user->real_email, t("Required, unique, can not be changed.") ." ". t("Your real e-mail address is never displayed publicly: only needed in case you lose your password."));
$form .= form_textfield(t("Fake e-mail address"), "fake_email", $user->fake_email, 30, 55, t("Optional") .". ". t("Displayed publicly so you may spam proof your real e-mail address if you want."));
$form .= form_textfield(t("Homepage"), "url", $user->url, 30, 55, t("Optional") .". ". t("Make sure you enter fully qualified URLs only. That is, remember to include \"http://\"."));
$form .= form_textarea(t("Bio"), "bio", $user->bio, 35, 5, t("Optional") .". ". t("Maximal 255 characters.") ." ". t("This biographical information is publicly displayed on your user page.") ."<BR>". t("Allowed HTML tags") .": ". htmlspecialchars($allowed_html));
$form .= form_textarea(t("Signature"), "signature", $user->signature, 35, 5, t("Optional") .". ". t("Maximal 255 characters.") ." ". t("This information will be publicly displayed at the end of your comments.") ."<BR>". t("Allowed HTML tags") .": ". htmlspecialchars($allowed_html));
$form .= form_textarea(t("Bio"), "bio", $user->bio, 35, 5, t("Optional") .". ". t("Maximal 255 characters.") ." ". t("This biographical information is publicly displayed on your user page.") ."<BR>". t("Allowed HTML tags") .": ". htmlspecialchars(variable_get("allowed_html", "")));
$form .= form_textarea(t("Signature"), "signature", $user->signature, 35, 5, t("Optional") .". ". t("Maximal 255 characters.") ." ". t("This information will be publicly displayed at the end of your comments.") ."<BR>". t("Allowed HTML tags") .": ". htmlspecialchars(variable_get("allowed_html", "")));
$form .= form_item(t("Password"), "<INPUT TYPE=\"password\" NAME=\"edit[pass1]\" SIZE=\"10\" MAXLENGTH=\"20\"> <INPUT TYPE=\"password\" NAME=\"edit[pass2]\" SIZE=\"10\" MAXLENGTH=\"20\">", t("Enter your new password twice if you want to change your current password or leave it blank if you are happy with your current password."));
$form .= form_submit(t("Save user information"));
......@@ -491,6 +491,6 @@ function account_track_site() {
account_user($user->userid);
}
if (variable_get(dev_timing, 0)) timer_print();
page_footer();
?>
\ No newline at end of file
......@@ -24,9 +24,9 @@ function module($name) {
<HEAD><TITLE><?php echo variable_get(site_name, "drupal"); ?> administration</TITLE></HEAD>
<STYLE>
body { font-family: helvetica, arial; }
h1 { font-size: 18pt; font-weight: bold; color: #990000; }
h2 { font-family: helvetica, arial; font-size: 18pt; font-weight: bold; }
h3 { font-family: helvetica, arial; font-size: 14pt; font-weight: bold; }
h1 { font-famile: helvetica, arial; font-size: 18pt; font-weight: bold; color: #660000; }
h2 { font-family: helvetica, arial; font-size: 18pt; font-weight: bold; color: #000066; }
h3 { font-family: helvetica, arial; font-size: 14pt; font-weight: bold; color: #006600; }
th { font-family: helvetica, arial; text-align: center; vertical-align: top; background-color: #CCCCCC; color: #995555; }
td { font-family: helvetica, arial; }
</STYLE>
......
......@@ -118,17 +118,6 @@ CREATE TABLE comments (
KEY lid (lid)
);
#
# Table structure for table 'crons'
#
DROP TABLE IF EXISTS crons;
CREATE TABLE crons (
module varchar(64) DEFAULT '' NOT NULL,
scheduled int(11),
timestamp int(11),
PRIMARY KEY (module)
);
#
# Table structure for table 'cvs'
#
......
......@@ -48,7 +48,7 @@ function comment_settings($mode, $order, $threshold) {
}
function comment_reply($pid, $id) {
global $allowed_html, $REQUEST_URI, $theme, $user;
global $REQUEST_URI, $theme, $user;
if ($pid) {
$item = db_fetch_object(db_query("SELECT comments.*, users.userid FROM comments LEFT JOIN users ON comments.author = users.id WHERE comments.cid = '$pid'"));
......@@ -69,8 +69,8 @@ function comment_reply($pid, $id) {
// Comment field:
$output .= "<B>".t("Comment") .":</B><BR>\n";
$output .= "<TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"10\" NAME=\"comment\">". check_textarea($user->signature) ."</TEXTAREA><BR>\n";
$output .= "<SMALL><I>". t("Allowed HTML tags") .": ". htmlspecialchars($allowed_html) .".</I></SMALL><P>\n";
$output .= "<TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"10\" NAME=\"comment\">". check_form($user->signature) ."</TEXTAREA><BR>\n";
$output .= "<SMALL><I>". t("Allowed HTML tags") .": ". htmlspecialchars(variable_get("allowed_html", "")) .".</I></SMALL><P>\n";
// Preview button:
$output .= "<SMALL><I>". t("You must preview at least once before you can submit") .":</I></SMALL><BR>\n";
......@@ -84,10 +84,10 @@ function comment_reply($pid, $id) {
}
function comment_preview($pid, $id, $subject, $comment) {
global $allowed_html, $REQUEST_URI, $theme, $user;
global $REQUEST_URI, $theme, $user;
// Preview comment:
comment_view(new Comment($user->userid, $subject, $comment, time(), $user->url, $user->fake_email, 0, 0, 0, 0), t("reply to this comment"));
comment_view(new Comment($user->userid, check_preview($subject), check_preview($comment), time(), check_preview($user->url), check_preview($user->fake_email), 0, 0, 0, 0), t("reply to this comment"));
// Build reply form:
$output .= "<FORM ACTION=\"$REQUEST_URI\" METHOD=\"post\">\n";
......@@ -98,12 +98,12 @@ function comment_preview($pid, $id, $subject, $comment) {
// Subject field:
$output .= "<B>". t("Subject") .":</B><BR>\n";
$output .= "<INPUT TYPE=\"text\" NAME=\"subject\" SIZE=\"50\" MAXLENGTH=\"60\" VALUE=\"". check_textfield($subject) ."\"><P>\n";
$output .= "<INPUT TYPE=\"text\" NAME=\"subject\" SIZE=\"50\" MAXLENGTH=\"60\" VALUE=\"". check_form($subject) ."\"><P>\n";
// Comment field:
$output .= "<B>". t("Comment") .":</B><BR>\n";
$output .= "<TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"10\" NAME=\"comment\">". check_textarea($comment) ."</TEXTAREA><BR>\n";
$output .= "<SMALL><I>". t("Allowed HTML tags") .": ". htmlspecialchars($allowed_html) .".</I></SMALL><P>\n";
$output .= "<TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"10\" NAME=\"comment\">". check_form($comment) ."</TEXTAREA><BR>\n";
$output .= "<SMALL><I>". t("Allowed HTML tags") .": ". htmlspecialchars(variable_get("allowed_html", "")) .".</I></SMALL><P>\n";
// Hidden fields:
$output .= "<INPUT TYPE=\"hidden\" NAME=\"pid\" VALUE=\"$pid\">\n";
......
......@@ -6,7 +6,7 @@ function conf_init() {
global $HTTP_HOST, $REQUEST_URI;
$file = strtolower(strtr($HTTP_HOST ."". substr($REQUEST_URI, 0, strrpos($REQUEST_URI, "/")), "/:", ".."));
while ($file && !file_exists("includes/$file.php")) $file = substr($file, 0, strrpos($file, "."));
return $file ? $file : "setting";
return $file ? $file : "conf";
}
function error_handler($errno, $message, $filename, $line, $variables) {
......@@ -52,30 +52,16 @@ function notice_account() {
return t("This page requires a valid user account. Please <A HREF=\"account.php\">create a user account</A> and <A HREF=\"account.php\">login</A> prior to accessing it.");
}
function check_textfield($message) {
return strip_tags(str_replace("\"", "&quot;", stripslashes($message)));
function check_form($text) {
return htmlspecialchars(stripslashes($text));
}
function check_select($message) {
return check_textfield($message);
function check_export($text) {
return htmlspecialchars(stripslashes($text));
}
function check_export($message) {
return check_textfield($message);
}
function check_textarea($message) {
global $allowed_html;
return htmlspecialchars(strip_tags(stripslashes($message), $allowed_html));
}
function check_input($message) {
global $allowed_html;
return strip_tags(addslashes(stripslashes(substr($message, 0, variable_get(max_input_size, 10000)))), $allowed_html);
}
function check_code($message) {
return $message;
function check_code($text) {
return $text;
}
function check_mail($mail) {
......@@ -86,10 +72,18 @@ function check_name($name) {
return ereg("[^a-zA-Z0-9_-]", $name) ? 0 : 1;
}
function check_output($message, $nl2br = 0) {
global $allowed_html, $na;
$var = strip_tags(stripslashes(node_macro($message)), $allowed_html);
return ($var) ? (($nl2br) ? nl2br($var) : $var) : $na;
function check_preview($text) {
return check_output(check_input($text), 1);
}
function check_input($text) {
foreach (module_list() as $module) $text = module_invoke($module, "filter", $text);
return addslashes(stripslashes(substr($text, 0, variable_get("max_input_size", 10000))));
}
function check_output($text, $nl2br = 0) {
global $na;
return ($text) ? (($nl2br) ? nl2br(stripslashes($text)) : stripslashes($text)) : $na;
}
function format_plural($count, $singular, $plural) {
......@@ -172,15 +166,15 @@ function form_item($title, $value, $description = 0) {
}
function form_textfield($title, $name, $value, $size, $maxlength, $description = 0) {
return form_item($title, "<INPUT MAXLENGTH=\"$maxlength\" NAME=\"edit[$name]\" SIZE=\"$size\" VALUE=\"". check_textfield($value) ."\">", $description);
return form_item($title, "<INPUT MAXLENGTH=\"$maxlength\" NAME=\"edit[$name]\" SIZE=\"$size\" VALUE=\"". check_form($value) ."\">", $description);
}
function form_textarea($title, $name, $value, $cols, $rows, $description = 0) {
return form_item($title, "<TEXTAREA WRAP=\"virtual\" COLS=\"$cols\" ROWS=\"$rows\" NAME=\"edit[$name]\">". check_textarea($value) ."</TEXTAREA>", $description);
return form_item($title, "<TEXTAREA WRAP=\"virtual\" COLS=\"$cols\" ROWS=\"$rows\" NAME=\"edit[$name]\">". check_form($value) ."</TEXTAREA>", $description);
}
function form_select($title, $name, $value, $options, $description = 0) {
foreach ($options as $key=>$choice) $select .= "<OPTION VALUE=\"$key\"". ($key == $value ? " SELECTED" : "") .">". check_select($choice) ."</OPTION>";
foreach ($options as $key=>$choice) $select .= "<OPTION VALUE=\"$key\"". ($key == $value ? " SELECTED" : "") .">". check_form($choice) ."</OPTION>";
return form_item($title, "<SELECT NAME=\"edit[$name]\">$select</SELECT>", $description);
}
......@@ -189,11 +183,11 @@ function form_file($title, $name, $size, $description = 0) {
}
function form_hidden($name, $value) {
return "<INPUT TYPE=\"hidden\" NAME=\"edit[$name]\" VALUE=\"". check_textfield($value) ."\">\n";
return "<INPUT TYPE=\"hidden\" NAME=\"edit[$name]\" VALUE=\"". check_form($value) ."\">\n";
}
function form_submit($value) {
return "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"". check_textfield($value) ."\">\n";
return "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"". check_form($value) ."\">\n";
}
function field_get($string, $name) {
......@@ -227,6 +221,26 @@ function field_set($string, $name, $value) {
return $rval;
}
function timer_start() {
global $timer;
$timer = explode(" ", microtime());
}
function timer_print() {
global $timer;
$stop = explode(" ", microtime());
$diff = $stop[0] - $timer[0];
print "<PRE>execution time: $diff ms</PRE>";
}
function page_header() {
if (variable_get("dev_timer", 0)) timer_start();
}
function page_footer() {
if (variable_get("dev_timer", 0)) timer_print();
}
$conf = conf_init();
include_once "includes/$conf.php";
......@@ -237,7 +251,6 @@ function field_set($string, $name, $value) {
include_once "includes/module.inc";
include_once "includes/locale.inc";
include_once "includes/search.inc";
include_once "includes/timer.inc";
include_once "includes/theme.inc";
include_once "includes/user.inc";
include_once "includes/node.inc";
......
......@@ -24,11 +24,6 @@
"+4" => "+ 4",
"+5" => "+ 5");
#
# Allowed HTML tags:
#
$allowed_html = "<A><B><BLOCKQUOTE><CODE><DD><DL><DT><EM><HR><I><LI><SMALL><OL><U><UL>";
#
# Themes:
# The first theme listed in this associative array will automatically
......@@ -47,16 +42,6 @@
# automatically become the default language. You can add a language
# but make sure your SQL table, called locales is updated
# appropriately.
#
# Translation support - as provided by the default locale module add
# significant overhead to your site in exchange for excessive
# maintenance capabilities. If your site does not require
# translation support, disable it by commenting out the $language
# variable below.
#$languages = array(); // = language support disabled
$languages = array("en" => "English");
# This line prevents users from accessing your settings file:
if (basename($SCRIPT_FILENAME) == basename(__FILE__) && basename($SCRIPT_FILENAME) != "") die("access denied");
?>
\ No newline at end of file
......@@ -6,6 +6,7 @@ function db_connect($host, $user, $pass, $name) {
// NOTE: we are using a persistent connection!
}
function db_query($query, $debug = 0) {
$result = mysql_query($query);
if ($debug) print "<P>query: $query<BR>error:". mysql_error() ."</P>";
......
......@@ -13,7 +13,7 @@ function module_iterate($function, $argument = "") {
// invoke hook $hook of module $name with optional arguments:
function module_invoke($name, $hook, $argument = "") {
$function = $name ."_". $hook;
if (function_exists($function)) return $function($argument);
return function_exists($function) ? $function($argument) : $argument;
}
// return true if module $name supports hook $hook, and false otherwise:
......
......@@ -183,13 +183,20 @@ function visit(site) {
}
$output .= "<FORM METHOD=\"get\" ACTION=\"\">\n";
foreach ($choices as $key => $value) $options .= "<OPTION VALUE=\"$key\"". (strstr($REQUEST_URI,"/$key") ? " SELECTED" : "") .">". check_select($value) ."</OPTION>\n";
foreach ($choices as $key => $value) $options .= "<OPTION VALUE=\"$key\"". (strstr($REQUEST_URI,"/$key") ? " SELECTED" : "") .">". check_form($value) ."</OPTION>\n";
$output .= " <SELECT NAME=\"op\" ONCHANGE=\"visit(this.options[this.selectedIndex].value)\">$options</SELECT>\n";
$output .= "</FORM>\n";
return $output;
}
function node_preview($node) {
foreach ($node as $key=>$value) {
if ($node[$key]) $node[$key] = check_preview($value);
}
return $node;
}
function node_visible($node) {
global $user, $status;
return ($node->status == $status[posted]) || ($node->status == $status[queued] && $user->id) || user_access($user, $node->type) || user_access($user, "node");
......
......@@ -3,7 +3,7 @@
function search_form($keys) {
global $REQUEST_URI;
$output .= "<FORM ACTION=\"$REQUEST_URI\" METHOD=\"POST\">\n";
$output .= " <INPUT SIZE=\"50\" VALUE=\"". check_textfield($keys) ."\" NAME=\"keys\">";
$output .= " <INPUT SIZE=\"50\" VALUE=\"". check_form($keys) ."\" NAME=\"keys\">";
$output .= " <INPUT TYPE=\"submit\" VALUE=\"". t("Search") ."\">\n";
$output .= "</FORM>\n";
return $output;
......
......@@ -74,7 +74,7 @@ function category_name($cid) {
function category_form_select($type, $edit = array(), $size = 1) {
$result = db_query("SELECT * FROM category WHERE type = '$type'");
while ($category = db_fetch_object($result)) {
$options .= "<OPTION VALUE=\"$category->cid\"". ($edit[cid] == $category->cid ? "SELECTED" : "") .">". check_select($category->name) ."</OPTION>";
$options .= "<OPTION VALUE=\"$category->cid\"". ($edit[cid] == $category->cid ? "SELECTED" : "") .">". check_form($category->name) ."</OPTION>";
}
return "<SELECT NAME=\"edit[cid]\" SIZE=\"$size\"". ($size > 1 ? "MULTIPLE" : "") .">$options</SELECT>\n";
}
......@@ -133,7 +133,7 @@ function topic_moderate($tid) {
// renders a HTML form to select one or more topics:
function topic_form_select($edit = array(), $size = 1) {
foreach (topic_tree() as $tid=>$name) {
$options .= "<OPTION VALUE=\"$tid\"". ($edit[tid] == $tid ? "SELECTED" : "") .">". check_select($name) ."</OPTION>";
$options .= "<OPTION VALUE=\"$tid\"". ($edit[tid] == $tid ? "SELECTED" : "") .">". check_form($name) ."</OPTION>";
}
return "<SELECT NAME=\"edit[tid]\" SIZE=\"$size\"". ($size > 1 ? "MULTIPLE" : "") .">$options</SELECT>\n";
}
......
......@@ -32,7 +32,7 @@ function variable_get($name, $default, $object = 0) {
case "expire_threshold":
return handler_expire_threshold($object, $default);
default:
return ($conf[$name] ? $conf[$name] : $default);
return $conf[$name] ? $conf[$name] : $default;
}
}
......@@ -45,4 +45,12 @@ function variable_set($name, $value) {
$conf[$name] = $value;
}
function variable_del($name) {
global $conf;
db_query("DELETE FROM variable WHERE name = '". check_input($name) ."'");
$conf[$name] = "";
}
?>
\ No newline at end of file
......@@ -2,9 +2,7 @@
include_once "includes/common.inc";
if (variable_get("dev_timing", 0)) {
timer_start();
}
page_header();
if ($category) {
$c = "AND cid = '". check_input($category) ."'";
......@@ -23,8 +21,6 @@
}
$theme->footer();
if (variable_get("dev_timing", 0)) {
timer_print();
}
page_footer();
?>
<?php
include_once "includes/common.inc";
if (variable_get(dev_timing, 0)) timer_start();
page_header();
module_invoke($mod, "page");
if (variable_get(dev_timing, 0)) timer_print();
page_footer();
?>
......@@ -101,7 +101,7 @@ function book_toc($parent = "", $indent = "", $toc = array()) {
}
function book_form($edit = array()) {
global $allowed_html, $REQUEST_URI, $user;
global $REQUEST_URI, $user;
$form .= form_item(t("Author"), format_username(($edit[userid] ? $edit[userid] : $user->userid)));
$form .= form_hidden(userid, $edit[userid]);
......@@ -117,7 +117,7 @@ function book_form($edit = array()) {
$form .= form_select(t("Parent"), "parent", $edit[parent], book_toc(), t("The parent subject or category the page belongs in."));
}
$form .= form_textarea(t("Content"), "body", $edit[body], 50, 10, t("Allowed HTML tags") .": ". htmlspecialchars($allowed_html));
$form .= form_textarea(t("Content"), "body", $edit[body], 50, 10, t("Allowed HTML tags") .": ". htmlspecialchars(variable_get("allowed_html", "")));
$form .= form_textarea(t("Log message"), "log", $edit[log], 50, 5, t("An explanation of the additions or updates being made to help the group understand your motivations."));
if (user_access($user, "book")) {
......@@ -218,7 +218,7 @@ function book_admin() {
print book_tree();
break;
case t("Preview"):
book_view(new Book($edit));
book_view(new Book(node_preview($edit)));
print book_form($edit);
break;
case t("Submit"):
......@@ -269,7 +269,7 @@ function book_user() {
$theme->box($title, book_update($id));
break;
case t("Preview"):
book_view(new Book($edit));
book_view(new Book(node_preview($edit)));
$theme->box($title, book_form($edit));
break;
case t("Submit"):
......
......@@ -101,7 +101,7 @@ function book_toc($parent = "", $indent = "", $toc = array()) {
}
function book_form($edit = array()) {
global $allowed_html, $REQUEST_URI, $user;
global $REQUEST_URI, $user;
$form .= form_item(t("Author"), format_username(($edit[userid] ? $edit[userid] : $user->userid)));
$form .= form_hidden(userid, $edit[userid]);
......@@ -117,7 +117,7 @@ function book_form($edit = array()) {
$form .= form_select(t("Parent"), "parent", $edit[parent], book_toc(), t("The parent subject or category the page belongs in."));
}
$form .= form_textarea(t("Content"), "body", $edit[body], 50, 10, t("Allowed HTML tags") .": ". htmlspecialchars($allowed_html));
$form .= form_textarea(t("Content"), "body", $edit[body], 50, 10, t("Allowed HTML tags") .": ". htmlspecialchars(variable_get("allowed_html", "")));
$form .= form_textarea(t("Log message"), "log", $edit[log], 50, 5, t("An explanation of the additions or updates being made to help the group understand your motivations."));
if (user_access($user, "book")) {
......@@ -218,7 +218,7 @@ function book_admin() {
print book_tree();
break;
case t("Preview"):
book_view(new Book($edit));
book_view(new Book(node_preview($edit)));
print book_form($edit);
break;
case t("Submit"):
......@@ -269,7 +269,7 @@ function book_user() {
$theme->box($title, book_update($id));
break;
case t("Preview"):
book_view(new Book($edit));
book_view(new Book(node_preview($edit)));
$theme->box($title, book_form($edit));
break;
case t("Submit"):
......
......@@ -104,7 +104,7 @@ function box_admin_edit($id) {
$output .= "<P>\n";
$output .= " <B>Subject:</B><BR>\n";
$output .= " <INPUT TYPE=\"text\" NAME=\"subject\" VALUE=\"". check_textfield($block->subject) ."\">\n";
$output .= " <INPUT TYPE=\"text\" NAME=\"subject\" VALUE=\"". check_form($block->subject) ."\">\n";
$output .= "</P>\n";
$output .= "<P>\n";
$output .= " <B>Content:</B><BR>\n";
......@@ -120,11 +120,11 @@ function box_admin_edit($id) {
$output .= "</P>\n";
$output .= "<P>\n";
$output .= " <B>Description:</B><BR>\n";
$output .= " <INPUT TYPE=\"text\" NAME=\"info\" VALUE=\"". check_textfield($block->info) ."\">\n";
$output .= " <INPUT TYPE=\"text\" NAME=\"info\" VALUE=\"". check_form($block->info) ."\">\n";
$output .= "</P>\n";
$output .= "<P>\n";
$output .= " <B>Link:</B><BR>\n";
$output .= " <INPUT TYPE=\"text\" NAME=\"link\" VALUE=\"". check_textfield($block->link) ."\">\n";
$output .= " <INPUT TYPE=\"text\" NAME=\"link\" VALUE=\"". check_form($block->link) ."\">\n";
$output .= "</P>\n";
$output .= "<P>\n";
$output .= " <INPUT TYPE=\"hidden\" NAME=\"id\" VALUE=\"$id\">\n";
......
......@@ -17,7 +17,7 @@ function cvs_cron() {
}
}
function cvs_conf() {
function cvs_conf_options() {
$period = array(43200 => format_interval(43200), 86400 => format_interval(86400), 172800 => format_interval(172800), 259200 => format_interval(259200), 604800 => format_interval(604800), 1209600 => format_interval(1209600));
$output .= form_textfield(t("Digest recepients"), "cvs_mail", variable_get("cvs_mail", "root@localhost"), 30, 55, t("The e-mail address to mail the CVS log messages to. Multiple recipients can be specified by putting a comma between each address."));
$output .= form_select(t("Digest interval"), "cvs_cron_time" , variable_get("cvs_cron_time", 86400), $period, t("The time interval at which batched CVS digests are dispatched. Requires crontab."));
......
......@@ -72,13 +72,13 @@ function diary_page_display($username) {
}
function diary_page_add() {
global $theme, $user, $allowed_html;
global $theme, $user;
$output .= "<FORM ACTION=\"module.php?mod=diary\" METHOD=\"post\">\n";
$output .= "<P>\n";
$output .= " <TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"15\" NAME=\"text\"></TEXTAREA><BR>\n";
$output .= " <SMALL><I>". t("Allowed HTML tags") .": ". htmlspecialchars($allowed_html) .".</I></SMALL>\n";
$output .= " <SMALL><I>". t("Allowed HTML tags") .": ". htmlspecialchars(variable_get("allowed_html", "")) .".</I></SMALL>\n";
$output .= "</P>\n";
$output .= "<P>\n";
......@@ -98,7 +98,7 @@ function diary_page_delete($id) {
}
function diary_page_edit($id) {
global $theme, $user, $allowed_html;
global $theme, $user;
$result = db_query("SELECT * FROM diaries WHERE id = '$id'");
$diary = db_fetch_object($result);
......@@ -107,8 +107,8 @@ function diary_page_edit($id) {
$output .= "<FORM ACTION=\"module.php?mod=diary\" METHOD=\"post\">\n";
$output .= "<P>\n";
$output .= " <TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"15\" NAME=\"text\">". check_textarea($diary->text) ."</TEXTAREA><BR>\n";
$output .= " <SMALL><I>". t("Allowed HTML tags") .": ". htmlspecialchars($allowed_html) .".</I></SMALL>\n";
$output .= " <TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"15\" NAME=\"text\">". check_form($diary->text) ."</TEXTAREA><BR>\n";
$output .= " <SMALL><I>". t("Allowed HTML tags") .": ". htmlspecialchars(variable_get("allowed_html", "")) .".</I></SMALL>\n";
$output .= "</P>\n";
$output .= "<P>\n";
$output .= " <INPUT TYPE=\"hidden\" NAME=\"id\" VALUE=\"$diary->id\">\n";
......@@ -123,14 +123,14 @@ function diary_page_edit($id) {
}
function diary_page_preview($text, $timestamp, $id = 0) {
global $theme, $user, $allowed_html;
global $theme, $user;
$output .= diary_page_entry($timestamp, $text);
$output .= "<FORM ACTION=\"module.php?mod=diary\" METHOD=\"post\">\n";
$output .= "<P>\n";
$output .= " <TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"15\" NAME=\"text\">". check_textarea($text) ."</TEXTAREA><BR>\n";
$output .= " <SMALL><I>". t("Allowed HTML tags") .": ". htmlspecialchars($allowed_html) .".</I></SMALL>\n";
$output .= " <TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"15\" NAME=\"text\">". check_form($text) ."</TEXTAREA><BR>\n";
$output .= " <SMALL><I>". t("Allowed HTML tags") .": ". htmlspecialchars(variable_get("allowed_html", "")) .".</I></SMALL>\n";
$output .= "</P>\n";
$output .= "<P>\n";
$output .= " <INPUT TYPE=\"hidden\" NAME=\"id\" VALUE=\"$id\">\n";
......@@ -239,7 +239,7 @@ function diary_admin_edit($id) {
$output .= "<P>\n";
$output .= "<B>Diary entry:</B><BR>\n";
$output .= " <TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"10\" NAME=\"text\">". check_textarea($diary->text) ."</TEXTAREA><BR>\n";
$output .= " <TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"10\" NAME=\"text\">". check_form($diary->text) ."</TEXTAREA><BR>\n";
$output .= "</P>\n";
$output .= "<P>\n";
......
......@@ -11,7 +11,7 @@ function headline_help() {
<?php
}
function headline_conf() {
function headline_conf_options() {
$period = array(900 => format_interval(900), 1800 => format_interval(1800), 3600 => format_interval(3600), 7200 => format_interval(7200), 10800 => format_interval(10800), 21600 => format_interval(21600), 32400 => format_interval(32400), 43200 => format_interval(43200), 64800 => format_interval(64800), 86400 => format_interval(86400));
$output .= form_select(t("Update interval"), "headline_cron_time" , variable_get("headline_cron_time", 86400), $period, t("The update interval indicating how often you want to update your headline channels. Requires crontab."));
return $output;
......
......@@ -3,7 +3,7 @@
function locale_help() {
?>
<P>Normally programs are written and documented in English, and use English to interact with users. This is true for a great deal of websites. However, most people are less comfortable with English than with their own native language, and would prefer to use their mother tongue as much as possible. Many people love see their website showing a lot less of English, and far more of their own language.</P>
<P>Therefore drupal provides a framework to setup a multi-lingual website, or to overwrite the default texts in English. We explored the various alternatives to support internationalization and decided to design the framework in such a way that the impact of internationalization on drupal's sources is minimized, modular and that it doesn't require a HTML or PHP wizard to maintain translations. Maintaining translations had to be simple so it became as easy as filling out forms on the administration page. A side effect is that translation support adds significant overhead to the dynamic generation of your website. If you don't need translation support, consider to turn it off.</P>
<P>Therefore drupal provides a framework to setup a multi-lingual website, or to overwrite the default texts in English. We explored the various alternatives to support internationalization and decided to design the framework in such a way that the impact of internationalization on drupal's sources is minimized, modular and that it doesn't require a HTML or PHP wizard to maintain translations. Maintaining translations had to be simple so it became as easy as filling out forms on the administration page. A side effect is that translation support adds significant overhead to the dynamic generation of your website. If you don't need translation support, consider to turning it off from the "conf" section.</P>
<H3>Adding a new language</H3>
......@@ -24,6 +24,10 @@ function locale_help() {
<?php
}
function locale_conf_options() {
return form_select(t("Locale support"), "locale", variable_get("locale", 1), array("Disabled", "Enabled"), t("Disable locale support if your site does not require translation or internationalization support."));
}
function locale_delete($id) {
db_query("DELETE FROM locales WHERE id = '$id'");
}
......
......@@ -3,7 +3,7 @@
function locale_help() {
?>
<P>Normally programs are written and documented in English, and use English to interact with users. This is true for a great deal of websites. However, most people are less comfortable with English than with their own native language, and would prefer to use their mother tongue as much as possible. Many people love see their website showing a lot less of English, and far more of their own language.</P>
<P>Therefore drupal provides a framework to setup a multi-lingual website, or to overwrite the default texts in English. We explored the various alternatives to support internationalization and decided to design the framework in such a way that the impact of internationalization on drupal's sources is minimized, modular and that it doesn't require a HTML or PHP wizard to maintain translations. Maintaining translations had to be simple so it became as easy as filling out forms on the administration page. A side effect is that translation support adds significant overhead to the dynamic generation of your website. If you don't need translation support, consider to turn it off.</P>
<P>Therefore drupal provides a framework to setup a multi-lingual website, or to overwrite the default texts in English. We explored the various alternatives to support internationalization and decided to design the framework in such a way that the impact of internationalization on drupal's sources is minimized, modular and that it doesn't require a HTML or PHP wizard to maintain translations. Maintaining translations had to be simple so it became as easy as filling out forms on the administration page. A side effect is that translation support adds significant overhead to the dynamic generation of your website. If you don't need translation support, consider to turning it off from the "conf" section.</P>
<H3>Adding a new language</H3>
......@@ -24,6 +24,10 @@ function locale_help() {
<?php
}
function locale_conf_options() {
return form_select(t("Locale support"), "locale", variable_get("locale", 1), array("Disabled", "Enabled"), t("Disable locale support if your site does not require translation or internationalization support."));
}
function locale_delete($id) {
db_query("DELETE FROM locales WHERE id = '$id'");
}
......
......@@ -11,13 +11,34 @@ function Node($node) {
}
}
function node_macro($text) {
function node_conf_filters() {
$output .= form_select(t("Strip HTML tags"), "filter_html", variable_get("filter_html", 0), array("Disabled", "Enabled"), t("Strip HTML and PHP tags."));
$output .= form_textfield(t("Allowed HTML tags"), "allowed_html", variable_get("allowed_html", "<A><B><BLOCKQUOTE><DD><DL><DT><I><LI><OL><U><UL>"), 64, 128, t("If enabled, optionally specify tags which should not be stripped. 'STYLE' attributes, 'ON' attributes and unclosed tags are always stripped."));
$output .= "<HR>";
$output .= form_select(t("Strip link tags"), "filter_link", variable_get("filter_link", 0), array("Disabled", "Enabled"), t("Substitute special [[link]] tags."));
$output .= "<HR>";
return $output;
}
function node_filter_html($text) {
$text = eregi_replace("([ \f\r\t\n\'\"])style=[^>]+", "\\1", $text);
$text = eregi_replace("([ \f\r\t\n\'\"])on[a-z]+=[^>]+", "\\1", $text);
$text = strip_tags($text, variable_get("allowed_html", ""));
return $text;
}
function node_filter_link($text) {
$src = array("/\[\[(([^\|]*?)(\|([^\|]*?))?)\]\]/e"); // [link|description]
$dst = array(format_tag('\\2', '\\4')); // [link|description]
return preg_replace($src, $dst, $text);
}
function node_filter($text) {
if (variable_get("filter_html", 0)) $text = node_filter_html($text);
if (variable_get("filter_link", 0)) $text = node_filter_link($text);
return $text;
}
function node_overview($query = array()) {
global $user;
......
......@@ -11,13 +11,34 @@ function Node($node) {
}
}
function node_macro($text) {
function node_conf_filters() {
$output .= form_select(t("Strip HTML tags"), "filter_html", variable_get("filter_html", 0), array("Disabled", "Enabled"), t("Strip HTML and PHP tags."));
$output .= form_textfield(t("Allowed HTML tags"), "allowed_html", variable_get("allowed_html", "<A><B><BLOCKQUOTE><DD><DL><DT><I><LI><OL><U><UL>"), 64, 128, t("If enabled, optionally specify tags which should not be stripped. 'STYLE' attributes, 'ON' attributes and unclosed tags are always stripped."));
$output .= "<HR>";
$output .= form_select(t("Strip link tags"), "filter_link", variable_get("filter_link", 0), array("Disabled", "Enabled"), t("Substitute special [[link]] tags."));
$output .= "<HR>";
return $output;
}
function node_filter_html($text) {
$text = eregi_replace("([ \f\r\t\n\'\"])style=[^>]+", "\\1", $text);
$text = eregi_replace("([ \f\r\t\n\'\"])on[a-z]+=[^>]+", "\\1", $text);
$text = strip_tags($text, variable_get("allowed_html", ""));
return $text;
}
function node_filter_link($text) {
$src = array("/\[\[(([^\|]*?)(\|([^\|]*?))?)\]\]/e"); // [link|description]
$dst = array(format_tag('\\2', '\\4')); // [link|description]
return preg_replace($src, $dst, $text);
}
function node_filter($text) {
if (variable_get("filter_html", 0)) $text = node_filter_html($text);