diff options
| author | Dries Buytaert <dries@buytaert.net> | 2001-05-20 13:51:40 +0000 |
|---|---|---|
| committer | Dries Buytaert <dries@buytaert.net> | 2001-05-20 13:51:40 +0000 |
| commit | 20397ad3d9dad39670ed92923d2513bd89c7b0bb (patch) | |
| tree | 1e16b41f8312007e0f0805c6db7c94813f5c05fb | |
| parent | 3fbd49d786e57ebde5736793a5050cda8796205d (diff) | |
| download | brdo-20397ad3d9dad39670ed92923d2513bd89c7b0bb.tar.gz brdo-20397ad3d9dad39670ed92923d2513bd89c7b0bb.tar.bz2 | |
CHANGES
- Redid settings.module and even renamed it to conf.module.
* Settings are now grouped in basic categories like "system
settings", "module settings" and "filters".
* Added new settings to make Drupal easier to configure and
to make some aspects like the watchdog scale better.
- Renamed includes/settings.php to includes/conf.php.
- Added filter support to conf.module and introduced filter hooks so
modules can implement and export new filters. Example filters are
an HTML filter (implemented), a profanity filter, an url converter,
ASCII smileys to images filter and so on ...
- Reworked the check_* functions: user contributed content/input is
only verified and filtered once in its lifespan.
NOTES
- Altough this is a large commit, no database changes are required.
35 files changed, 246 insertions, 183 deletions
diff --git a/account.php b/account.php index ae124a598..b8f84533e 100644 --- a/account.php +++ b/account.php @@ -2,7 +2,7 @@ include_once "includes/common.inc"; -if (variable_get(dev_timing, 0)) timer_start(); +page_header(); function account_get_user($uname) { $result = db_query("SELECT * FROM users WHERE userid = '$uname'"); @@ -74,7 +74,7 @@ function account_session_close() { } function account_user_edit() { - global $allowed_html, $theme, $user; + global $theme, $user; if ($user->id) { // construct form: @@ -83,8 +83,8 @@ function account_user_edit() { $form .= form_item(t("Real e-mail address"), $user->real_email, t("Required, unique, can not be changed.") ." ". t("Your real e-mail address is never displayed publicly: only needed in case you lose your password.")); $form .= form_textfield(t("Fake e-mail address"), "fake_email", $user->fake_email, 30, 55, t("Optional") .". ". t("Displayed publicly so you may spam proof your real e-mail address if you want.")); $form .= form_textfield(t("Homepage"), "url", $user->url, 30, 55, t("Optional") .". ". t("Make sure you enter fully qualified URLs only. That is, remember to include \"http://\".")); - $form .= form_textarea(t("Bio"), "bio", $user->bio, 35, 5, t("Optional") .". ". t("Maximal 255 characters.") ." ". t("This biographical information is publicly displayed on your user page.") ."<BR>". t("Allowed HTML tags") .": ". htmlspecialchars($allowed_html)); - $form .= form_textarea(t("Signature"), "signature", $user->signature, 35, 5, t("Optional") .". ". t("Maximal 255 characters.") ." ". t("This information will be publicly displayed at the end of your comments.") ."<BR>". t("Allowed HTML tags") .": ". htmlspecialchars($allowed_html)); + $form .= form_textarea(t("Bio"), "bio", $user->bio, 35, 5, t("Optional") .". ". t("Maximal 255 characters.") ." ". t("This biographical information is publicly displayed on your user page.") ."<BR>". t("Allowed HTML tags") .": ". htmlspecialchars(variable_get("allowed_html", ""))); + $form .= form_textarea(t("Signature"), "signature", $user->signature, 35, 5, t("Optional") .". ". t("Maximal 255 characters.") ." ". t("This information will be publicly displayed at the end of your comments.") ."<BR>". t("Allowed HTML tags") .": ". htmlspecialchars(variable_get("allowed_html", ""))); $form .= form_item(t("Password"), "<INPUT TYPE=\"password\" NAME=\"edit[pass1]\" SIZE=\"10\" MAXLENGTH=\"20\"> <INPUT TYPE=\"password\" NAME=\"edit[pass2]\" SIZE=\"10\" MAXLENGTH=\"20\">", t("Enter your new password twice if you want to change your current password or leave it blank if you are happy with your current password.")); $form .= form_submit(t("Save user information")); @@ -491,6 +491,6 @@ switch ($op) { account_user($user->userid); } -if (variable_get(dev_timing, 0)) timer_print(); +page_footer(); ?>
\ No newline at end of file @@ -24,9 +24,9 @@ function admin_page($mod) { <HEAD><TITLE><?php echo variable_get(site_name, "drupal"); ?> administration</TITLE></HEAD> <STYLE> body { font-family: helvetica, arial; } - h1 { font-size: 18pt; font-weight: bold; color: #990000; } - h2 { font-family: helvetica, arial; font-size: 18pt; font-weight: bold; } - h3 { font-family: helvetica, arial; font-size: 14pt; font-weight: bold; } + h1 { font-famile: helvetica, arial; font-size: 18pt; font-weight: bold; color: #660000; } + h2 { font-family: helvetica, arial; font-size: 18pt; font-weight: bold; color: #000066; } + h3 { font-family: helvetica, arial; font-size: 14pt; font-weight: bold; color: #006600; } th { font-family: helvetica, arial; text-align: center; vertical-align: top; background-color: #CCCCCC; color: #995555; } td { font-family: helvetica, arial; } </STYLE> diff --git a/database/database.mysql b/database/database.mysql index 7fc160d31..bdb675fbf 100644 --- a/database/database.mysql +++ b/database/database.mysql @@ -119,17 +119,6 @@ CREATE TABLE comments ( ); # -# Table structure for table 'crons' -# -DROP TABLE IF EXISTS crons; -CREATE TABLE crons ( - module varchar(64) DEFAULT '' NOT NULL, - scheduled int(11), - timestamp int(11), - PRIMARY KEY (module) -); - -# # Table structure for table 'cvs' # DROP TABLE IF EXISTS cvs; diff --git a/includes/comment.inc b/includes/comment.inc index 9ecc1c690..f7bea9ac6 100644 --- a/includes/comment.inc +++ b/includes/comment.inc @@ -48,7 +48,7 @@ function comment_settings($mode, $order, $threshold) { } function comment_reply($pid, $id) { - global $allowed_html, $REQUEST_URI, $theme, $user; + global $REQUEST_URI, $theme, $user; if ($pid) { $item = db_fetch_object(db_query("SELECT comments.*, users.userid FROM comments LEFT JOIN users ON comments.author = users.id WHERE comments.cid = '$pid'")); @@ -69,8 +69,8 @@ function comment_reply($pid, $id) { // Comment field: $output .= "<B>".t("Comment") .":</B><BR>\n"; - $output .= "<TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"10\" NAME=\"comment\">". check_textarea($user->signature) ."</TEXTAREA><BR>\n"; - $output .= "<SMALL><I>". t("Allowed HTML tags") .": ". htmlspecialchars($allowed_html) .".</I></SMALL><P>\n"; + $output .= "<TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"10\" NAME=\"comment\">". check_form($user->signature) ."</TEXTAREA><BR>\n"; + $output .= "<SMALL><I>". t("Allowed HTML tags") .": ". htmlspecialchars(variable_get("allowed_html", "")) .".</I></SMALL><P>\n"; // Preview button: $output .= "<SMALL><I>". t("You must preview at least once before you can submit") .":</I></SMALL><BR>\n"; @@ -84,10 +84,10 @@ function comment_reply($pid, $id) { } function comment_preview($pid, $id, $subject, $comment) { - global $allowed_html, $REQUEST_URI, $theme, $user; + global $REQUEST_URI, $theme, $user; // Preview comment: - comment_view(new Comment($user->userid, $subject, $comment, time(), $user->url, $user->fake_email, 0, 0, 0, 0), t("reply to this comment")); + comment_view(new Comment($user->userid, check_preview($subject), check_preview($comment), time(), check_preview($user->url), check_preview($user->fake_email), 0, 0, 0, 0), t("reply to this comment")); // Build reply form: $output .= "<FORM ACTION=\"$REQUEST_URI\" METHOD=\"post\">\n"; @@ -98,12 +98,12 @@ function comment_preview($pid, $id, $subject, $comment) { // Subject field: $output .= "<B>". t("Subject") .":</B><BR>\n"; - $output .= "<INPUT TYPE=\"text\" NAME=\"subject\" SIZE=\"50\" MAXLENGTH=\"60\" VALUE=\"". check_textfield($subject) ."\"><P>\n"; + $output .= "<INPUT TYPE=\"text\" NAME=\"subject\" SIZE=\"50\" MAXLENGTH=\"60\" VALUE=\"". check_form($subject) ."\"><P>\n"; // Comment field: $output .= "<B>". t("Comment") .":</B><BR>\n"; - $output .= "<TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"10\" NAME=\"comment\">". check_textarea($comment) ."</TEXTAREA><BR>\n"; - $output .= "<SMALL><I>". t("Allowed HTML tags") .": ". htmlspecialchars($allowed_html) .".</I></SMALL><P>\n"; + $output .= "<TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"10\" NAME=\"comment\">". check_form($comment) ."</TEXTAREA><BR>\n"; + $output .= "<SMALL><I>". t("Allowed HTML tags") .": ". htmlspecialchars(variable_get("allowed_html", "")) .".</I></SMALL><P>\n"; // Hidden fields: $output .= "<INPUT TYPE=\"hidden\" NAME=\"pid\" VALUE=\"$pid\">\n"; diff --git a/includes/common.inc b/includes/common.inc index bb8c2677e..2ceb45505 100644 --- a/includes/common.inc +++ b/includes/common.inc @@ -6,7 +6,7 @@ function conf_init() { global $HTTP_HOST, $REQUEST_URI; $file = strtolower(strtr($HTTP_HOST ."". substr($REQUEST_URI, 0, strrpos($REQUEST_URI, "/")), "/:", "..")); while ($file && !file_exists("includes/$file.php")) $file = substr($file, 0, strrpos($file, ".")); - return $file ? $file : "setting"; + return $file ? $file : "conf"; } function error_handler($errno, $message, $filename, $line, $variables) { @@ -52,30 +52,16 @@ function notice_account() { return t("This page requires a valid user account. Please <A HREF=\"account.php\">create a user account</A> and <A HREF=\"account.php\">login</A> prior to accessing it."); } -function check_textfield($message) { - return strip_tags(str_replace("\"", """, stripslashes($message))); +function check_form($text) { + return htmlspecialchars(stripslashes($text)); } -function check_select($message) { - return check_textfield($message); +function check_export($text) { + return htmlspecialchars(stripslashes($text)); } -function check_export($message) { - return check_textfield($message); -} - -function check_textarea($message) { - global $allowed_html; - return htmlspecialchars(strip_tags(stripslashes($message), $allowed_html)); -} - -function check_input($message) { - global $allowed_html; - return strip_tags(addslashes(stripslashes(substr($message, 0, variable_get(max_input_size, 10000)))), $allowed_html); -} - -function check_code($message) { - return $message; +function check_code($text) { + return $text; } function check_mail($mail) { @@ -86,10 +72,18 @@ function check_name($name) { return ereg("[^a-zA-Z0-9_-]", $name) ? 0 : 1; } -function check_output($message, $nl2br = 0) { - global $allowed_html, $na; - $var = strip_tags(stripslashes(node_macro($message)), $allowed_html); - return ($var) ? (($nl2br) ? nl2br($var) : $var) : $na; +function check_preview($text) { + return check_output(check_input($text), 1); +} + +function check_input($text) { + foreach (module_list() as $module) $text = module_invoke($module, "filter", $text); + return addslashes(stripslashes(substr($text, 0, variable_get("max_input_size", 10000)))); +} + +function check_output($text, $nl2br = 0) { + global $na; + return ($text) ? (($nl2br) ? nl2br(stripslashes($text)) : stripslashes($text)) : $na; } function format_plural($count, $singular, $plural) { @@ -172,15 +166,15 @@ function form_item($title, $value, $description = 0) { } function form_textfield($title, $name, $value, $size, $maxlength, $description = 0) { - return form_item($title, "<INPUT MAXLENGTH=\"$maxlength\" NAME=\"edit[$name]\" SIZE=\"$size\" VALUE=\"". check_textfield($value) ."\">", $description); + return form_item($title, "<INPUT MAXLENGTH=\"$maxlength\" NAME=\"edit[$name]\" SIZE=\"$size\" VALUE=\"". check_form($value) ."\">", $description); } function form_textarea($title, $name, $value, $cols, $rows, $description = 0) { - return form_item($title, "<TEXTAREA WRAP=\"virtual\" COLS=\"$cols\" ROWS=\"$rows\" NAME=\"edit[$name]\">". check_textarea($value) ."</TEXTAREA>", $description); + return form_item($title, "<TEXTAREA WRAP=\"virtual\" COLS=\"$cols\" ROWS=\"$rows\" NAME=\"edit[$name]\">". check_form($value) ."</TEXTAREA>", $description); } function form_select($title, $name, $value, $options, $description = 0) { - foreach ($options as $key=>$choice) $select .= "<OPTION VALUE=\"$key\"". ($key == $value ? " SELECTED" : "") .">". check_select($choice) ."</OPTION>"; + foreach ($options as $key=>$choice) $select .= "<OPTION VALUE=\"$key\"". ($key == $value ? " SELECTED" : "") .">". check_form($choice) ."</OPTION>"; return form_item($title, "<SELECT NAME=\"edit[$name]\">$select</SELECT>", $description); } @@ -189,11 +183,11 @@ function form_file($title, $name, $size, $description = 0) { } function form_hidden($name, $value) { - return "<INPUT TYPE=\"hidden\" NAME=\"edit[$name]\" VALUE=\"". check_textfield($value) ."\">\n"; + return "<INPUT TYPE=\"hidden\" NAME=\"edit[$name]\" VALUE=\"". check_form($value) ."\">\n"; } function form_submit($value) { - return "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"". check_textfield($value) ."\">\n"; + return "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"". check_form($value) ."\">\n"; } function field_get($string, $name) { @@ -227,6 +221,26 @@ function field_set($string, $name, $value) { return $rval; } +function timer_start() { + global $timer; + $timer = explode(" ", microtime()); +} + +function timer_print() { + global $timer; + $stop = explode(" ", microtime()); + $diff = $stop[0] - $timer[0]; + print "<PRE>execution time: $diff ms</PRE>"; +} + +function page_header() { + if (variable_get("dev_timer", 0)) timer_start(); +} + +function page_footer() { + if (variable_get("dev_timer", 0)) timer_print(); +} + $conf = conf_init(); include_once "includes/$conf.php"; @@ -237,7 +251,6 @@ include_once "includes/comment.inc"; include_once "includes/module.inc"; include_once "includes/locale.inc"; include_once "includes/search.inc"; -include_once "includes/timer.inc"; include_once "includes/theme.inc"; include_once "includes/user.inc"; include_once "includes/node.inc"; diff --git a/includes/setting.php b/includes/conf.php index 525de3bb4..77fb30298 100644 --- a/includes/setting.php +++ b/includes/conf.php @@ -25,11 +25,6 @@ $comment_votes = array("none" => "none", "+5" => "+ 5"); # -# Allowed HTML tags: -# -$allowed_html = "<A><B><BLOCKQUOTE><CODE><DD><DL><DT><EM><HR><I><LI><SMALL><OL><U><UL>"; - -# # Themes: # The first theme listed in this associative array will automatically # become the default theme. @@ -47,16 +42,6 @@ $themes = array("UnConeD" => array( # automatically become the default language. You can add a language # but make sure your SQL table, called locales is updated # appropriately. -# -# Translation support - as provided by the default locale module add -# significant overhead to your site in exchange for excessive -# maintenance capabilities. If your site does not require -# translation support, disable it by commenting out the $language -# variable below. -#$languages = array(); // = language support disabled $languages = array("en" => "English"); -# This line prevents users from accessing your settings file: -if (basename($SCRIPT_FILENAME) == basename(__FILE__) && basename($SCRIPT_FILENAME) != "") die("access denied"); - ?>
\ No newline at end of file diff --git a/includes/database.inc b/includes/database.inc index 634ec55ef..68562f334 100644 --- a/includes/database.inc +++ b/includes/database.inc @@ -6,6 +6,7 @@ function db_connect($host, $user, $pass, $name) { // NOTE: we are using a persistent connection! } + function db_query($query, $debug = 0) { $result = mysql_query($query); if ($debug) print "<P>query: $query<BR>error:". mysql_error() ."</P>"; diff --git a/includes/module.inc b/includes/module.inc index aa631faec..9033078c3 100644 --- a/includes/module.inc +++ b/includes/module.inc @@ -13,7 +13,7 @@ function module_iterate($function, $argument = "") { // invoke hook $hook of module $name with optional arguments: function module_invoke($name, $hook, $argument = "") { $function = $name ."_". $hook; - if (function_exists($function)) return $function($argument); + return function_exists($function) ? $function($argument) : $argument; } // return true if module $name supports hook $hook, and false otherwise: diff --git a/includes/node.inc b/includes/node.inc index fcfd26dd7..6d999e25c 100644 --- a/includes/node.inc +++ b/includes/node.inc @@ -183,13 +183,20 @@ function node_control($node) { } $output .= "<FORM METHOD=\"get\" ACTION=\"\">\n"; - foreach ($choices as $key => $value) $options .= "<OPTION VALUE=\"$key\"". (strstr($REQUEST_URI,"/$key") ? " SELECTED" : "") .">". check_select($value) ."</OPTION>\n"; + foreach ($choices as $key => $value) $options .= "<OPTION VALUE=\"$key\"". (strstr($REQUEST_URI,"/$key") ? " SELECTED" : "") .">". check_form($value) ."</OPTION>\n"; $output .= " <SELECT NAME=\"op\" ONCHANGE=\"visit(this.options[this.selectedIndex].value)\">$options</SELECT>\n"; $output .= "</FORM>\n"; return $output; } +function node_preview($node) { + foreach ($node as $key=>$value) { + if ($node[$key]) $node[$key] = check_preview($value); + } + return $node; +} + function node_visible($node) { global $user, $status; return ($node->status == $status[posted]) || ($node->status == $status[queued] && $user->id) || user_access($user, $node->type) || user_access($user, "node"); diff --git a/includes/search.inc b/includes/search.inc index af2139e84..11247c525 100644 --- a/includes/search.inc +++ b/includes/search.inc @@ -3,7 +3,7 @@ function search_form($keys) { global $REQUEST_URI; $output .= "<FORM ACTION=\"$REQUEST_URI\" METHOD=\"POST\">\n"; - $output .= " <INPUT SIZE=\"50\" VALUE=\"". check_textfield($keys) ."\" NAME=\"keys\">"; + $output .= " <INPUT SIZE=\"50\" VALUE=\"". check_form($keys) ."\" NAME=\"keys\">"; $output .= " <INPUT TYPE=\"submit\" VALUE=\"". t("Search") ."\">\n"; $output .= "</FORM>\n"; return $output; diff --git a/includes/structure.inc b/includes/structure.inc index 6d38bfbce..989ee7f2f 100644 --- a/includes/structure.inc +++ b/includes/structure.inc @@ -74,7 +74,7 @@ function category_name($cid) { function category_form_select($type, $edit = array(), $size = 1) { $result = db_query("SELECT * FROM category WHERE type = '$type'"); while ($category = db_fetch_object($result)) { - $options .= "<OPTION VALUE=\"$category->cid\"". ($edit[cid] == $category->cid ? "SELECTED" : "") .">". check_select($category->name) ."</OPTION>"; + $options .= "<OPTION VALUE=\"$category->cid\"". ($edit[cid] == $category->cid ? "SELECTED" : "") .">". check_form($category->name) ."</OPTION>"; } return "<SELECT NAME=\"edit[cid]\" SIZE=\"$size\"". ($size > 1 ? "MULTIPLE" : "") .">$options</SELECT>\n"; } @@ -133,7 +133,7 @@ function topic_moderate($tid) { // renders a HTML form to select one or more topics: function topic_form_select($edit = array(), $size = 1) { foreach (topic_tree() as $tid=>$name) { - $options .= "<OPTION VALUE=\"$tid\"". ($edit[tid] == $tid ? "SELECTED" : "") .">". check_select($name) ."</OPTION>"; + $options .= "<OPTION VALUE=\"$tid\"". ($edit[tid] == $tid ? "SELECTED" : "") .">". check_form($name) ."</OPTION>"; } return "<SELECT NAME=\"edit[tid]\" SIZE=\"$size\"". ($size > 1 ? "MULTIPLE" : "") .">$options</SELECT>\n"; } diff --git a/includes/variable.inc b/includes/variable.inc index 5f47c03e6..618c7f4ce 100644 --- a/includes/variable.inc +++ b/includes/variable.inc @@ -32,7 +32,7 @@ function variable_get($name, $default, $object = 0) { case "expire_threshold": return handler_expire_threshold($object, $default); default: - return ($conf[$name] ? $conf[$name] : $default); + return $conf[$name] ? $conf[$name] : $default; } } @@ -45,4 +45,12 @@ function variable_set($name, $value) { $conf[$name] = $value; } +function variable_del($name) { + global $conf; + + db_query("DELETE FROM variable WHERE name = '". check_input($name) ."'"); + + $conf[$name] = ""; +} + ?>
\ No newline at end of file @@ -2,9 +2,7 @@ include_once "includes/common.inc"; -if (variable_get("dev_timing", 0)) { - timer_start(); -} +page_header(); if ($category) { $c = "AND cid = '". check_input($category) ."'"; @@ -23,8 +21,6 @@ while ($node = db_fetch_object($result)) { } $theme->footer(); -if (variable_get("dev_timing", 0)) { - timer_print(); -} +page_footer(); ?> diff --git a/module.php b/module.php index 4dff9fe3f..13aca87e2 100644 --- a/module.php +++ b/module.php @@ -1,8 +1,9 @@ <?php include_once "includes/common.inc"; -if (variable_get(dev_timing, 0)) timer_start(); + +page_header(); module_invoke($mod, "page"); -if (variable_get(dev_timing, 0)) timer_print(); +page_footer(); ?> diff --git a/modules/book.module b/modules/book.module index 887f9f8f1..c46e7cd0d 100644 --- a/modules/book.module +++ b/modules/book.module @@ -101,7 +101,7 @@ function book_toc($parent = "", $indent = "", $toc = array()) { } function book_form($edit = array()) { - global $allowed_html, $REQUEST_URI, $user; + global $REQUEST_URI, $user; $form .= form_item(t("Author"), format_username(($edit[userid] ? $edit[userid] : $user->userid))); $form .= form_hidden(userid, $edit[userid]); @@ -117,7 +117,7 @@ function book_form($edit = array()) { $form .= form_select(t("Parent"), "parent", $edit[parent], book_toc(), t("The parent subject or category the page belongs in.")); } - $form .= form_textarea(t("Content"), "body", $edit[body], 50, 10, t("Allowed HTML tags") .": ". htmlspecialchars($allowed_html)); + $form .= form_textarea(t("Content"), "body", $edit[body], 50, 10, t("Allowed HTML tags") .": ". htmlspecialchars(variable_get("allowed_html", ""))); $form .= form_textarea(t("Log message"), "log", $edit[log], 50, 5, t("An explanation of the additions or updates being made to help the group understand your motivations.")); if (user_access($user, "book")) { @@ -218,7 +218,7 @@ function book_admin() { print book_tree(); break; case t("Preview"): - book_view(new Book($edit)); + book_view(new Book(node_preview($edit))); print book_form($edit); break; case t("Submit"): @@ -269,7 +269,7 @@ function book_user() { $theme->box($title, book_update($id)); break; case t("Preview"): - book_view(new Book($edit)); + book_view(new Book(node_preview($edit))); $theme->box($title, book_form($edit)); break; case t("Submit"): diff --git a/modules/book/book.module b/modules/book/book.module index 887f9f8f1..c46e7cd0d 100644 --- a/modules/book/book.module +++ b/modules/book/book.module @@ -101,7 +101,7 @@ function book_toc($parent = "", $indent = "", $toc = array()) { } function book_form($edit = array()) { - global $allowed_html, $REQUEST_URI, $user; + global $REQUEST_URI, $user; $form .= form_item(t("Author"), format_username(($edit[userid] ? $edit[userid] : $user->userid))); $form .= form_hidden(userid, $edit[userid]); @@ -117,7 +117,7 @@ function book_form($edit = array()) { $form .= form_select(t("Parent"), "parent", $edit[parent], book_toc(), t("The parent subject or category the page belongs in.")); } - $form .= form_textarea(t("Content"), "body", $edit[body], 50, 10, t("Allowed HTML tags") .": ". htmlspecialchars($allowed_html)); + $form .= form_textarea(t("Content"), "body", $edit[body], 50, 10, t("Allowed HTML tags") .": ". htmlspecialchars(variable_get("allowed_html", ""))); $form .= form_textarea(t("Log message"), "log", $edit[log], 50, 5, t("An explanation of the additions or updates being made to help the group understand your motivations.")); if (user_access($user, "book")) { @@ -218,7 +218,7 @@ function book_admin() { print book_tree(); break; case t("Preview"): - book_view(new Book($edit)); + book_view(new Book(node_preview($edit))); print book_form($edit); break; case t("Submit"): @@ -269,7 +269,7 @@ function book_user() { $theme->box($title, book_update($id)); break; case t("Preview"): - book_view(new Book($edit)); + book_view(new Book(node_preview($edit))); $theme->box($title, book_form($edit)); break; case t("Submit"): diff --git a/modules/box.module b/modules/box.module index 5edc748ac..5ae9aa538 100644 --- a/modules/box.module +++ b/modules/box.module @@ -104,7 +104,7 @@ function box_admin_edit($id) { $output .= "<P>\n"; $output .= " <B>Subject:</B><BR>\n"; - $output .= " <INPUT TYPE=\"text\" NAME=\"subject\" VALUE=\"". check_textfield($block->subject) ."\">\n"; + $output .= " <INPUT TYPE=\"text\" NAME=\"subject\" VALUE=\"". check_form($block->subject) ."\">\n"; $output .= "</P>\n"; $output .= "<P>\n"; $output .= " <B>Content:</B><BR>\n"; @@ -120,11 +120,11 @@ function box_admin_edit($id) { $output .= "</P>\n"; $output .= "<P>\n"; $output .= " <B>Description:</B><BR>\n"; - $output .= " <INPUT TYPE=\"text\" NAME=\"info\" VALUE=\"". check_textfield($block->info) ."\">\n"; + $output .= " <INPUT TYPE=\"text\" NAME=\"info\" VALUE=\"". check_form($block->info) ."\">\n"; $output .= "</P>\n"; $output .= "<P>\n"; $output .= " <B>Link:</B><BR>\n"; - $output .= " <INPUT TYPE=\"text\" NAME=\"link\" VALUE=\"". check_textfield($block->link) ."\">\n"; + $output .= " <INPUT TYPE=\"text\" NAME=\"link\" VALUE=\"". check_form($block->link) ."\">\n"; $output .= "</P>\n"; $output .= "<P>\n"; $output .= " <INPUT TYPE=\"hidden\" NAME=\"id\" VALUE=\"$id\">\n"; diff --git a/modules/settings.module b/modules/conf.module index 736ddbee2..a1d4eaaa2 100644 --- a/modules/settings.module +++ b/modules/conf.module @@ -1,10 +1,10 @@ <?php -function settings_help() { +function conf_help() { ?> - <P>Drupal comes with system-wide defaults but the setting-module provides control over many Drupal preferences, behaviors including visual and operational settings.</P> + <P>Drupal comes with system-wide defaults but the setting-module provides control over many Drupal preferences, behaviors including visual and operational conf.</P> <H3>Cron</H3> - <P>Some settings require a <I>cron</I> or <I>crontab</I>. Cron (which stands for chronograph) is a periodic command scheduler: it executes commands at intervals specified in seconds. It can be used to control the execution of daily, weekly and monthly jobs (or anything with a period of <i>n</i> seconds). Automating tasks is one of the best ways to keep a system running smoothly, and if most of your administration does not require your direct involvement, cron is an ideal solution.</P> + <P>Some conf require a <I>cron</I> or <I>crontab</I>. Cron (which stands for chronograph) is a periodic command scheduler: it executes commands at intervals specified in seconds. It can be used to control the execution of daily, weekly and monthly jobs (or anything with a period of <i>n</i> seconds). Automating tasks is one of the best ways to keep a system running smoothly, and if most of your administration does not require your direct involvement, cron is an ideal solution.</P> <P>Whenever <A HREF="<?php echo path_uri(); ?>cron.php"><?php echo path_uri(); ?>cron.php</A> is accessed, cron will run: it checks for the jobs cron controls, and their periods in seconds. If a certain task wasn't executed in the last n seconds, where n is the period of that job, it will be executed. When all the executed commands terminate, cron is done.</P> <P>The recommended way to setup your cron system is to setup a Unix/Linux crontab that frequently visits <A HREF="<?php echo path_uri(); ?>cron.php"><?php echo path_uri(); ?>cron.php</A>. Note that cron does not guarantee the commands will be executed at the specified interval. However, Drupal will try his best and run the crons as close to the specified intervals as possible. The more you visit cron.php, the more accurate cron will be.</P> <P>If your hosting company does not allow you to setup crontabs, you can always ask someone else to setup a crontab for you. After all, virtually any Unix/Linux machine with access to the internet can setup a crontab to frequently visit <A HREF="<?php echo path_uri(); ?>cron.php"><?php echo path_uri(); ?>cron.php</A>.</P> @@ -12,20 +12,21 @@ function settings_help() { <?php } -function settings_conf() { +function conf_view_system() { global $conf, $cmodes, $corder, $themes; // general settings: - $output .= form_textfield(t("Name"), "site_name", variable_get(site_name, "drupal"), 30, 55, t("The name of this website.")); - $output .= form_textfield(t("Slogan"), "site_slogan", variable_get(site_slogan, ""), 30, 55, t("The slogan of this website")); - $output .= form_textfield(t("E-mail address"), "site_mail", variable_get(site_mail, "root@localhost"), 30, 55, t("A valid e-mail address for this website, used by the auto-mailer to create new user accounts.")); - $output .= form_textarea(t("Footer message"), "site_footer", variable_get(site_footer, ""), 55, 3, t("This text will be displayed at the bottom of each page. Useful for adding a copyright notice to your pages.")); - $output .= form_textfield(t("Anonymous user"), "anonymous", variable_get(anonymous, "Anonymous"), 30, 55, t("The name used to indicate anonymous users.")); + $output .= "<H3>General settings</H3>\n"; + $output .= form_textfield(t("Name"), "site_name", variable_get("site_name", "drupal"), 30, 55, t("The name of this website.")); + $output .= form_textfield(t("Slogan"), "site_slogan", variable_get("site_slogan", ""), 30, 55, t("The slogan of this website")); + $output .= form_textfield(t("E-mail address"), "site_mail", variable_get("site_mail", "root@localhost"), 30, 55, t("A valid e-mail address for this website, used by the auto-mailer to create new user accounts.")); + $output .= form_textarea(t("Footer message"), "site_footer", variable_get("site_footer", ""), 55, 3, t("This text will be displayed at the bottom of each page. Useful for adding a copyright notice to your pages.")); + $output .= form_textfield(t("Anonymous user"), "anonymous", variable_get("anonymous", "Anonymous"), 30, 55, t("The name used to indicate anonymous users.")); $output .= "<HR>\n"; // node settings: $output .= "<H3>Node settings</H3>\n"; - $output .= form_select(t("Default number of nodes to display"), "default_nodes_main", variable_get(default_nodes_main, 10), array(10 => 10, 15 => 15, 20 => 20, 25 => 25, 30 => 30), t("The default maximum number of nodes to display on the main page.")); + $output .= form_select(t("Default number of nodes to display"), "default_nodes_main", variable_get("default_nodes_main", 10), array(10 => 10, 15 => 15, 20 => 20, 25 => 25, 30 => 30), t("The default maximum number of nodes to display on the main page.")); $output .= "<HR>\n"; // comment settings: @@ -39,77 +40,93 @@ function settings_conf() { // submission settings: $output .= "<H3>Submission settings</H3>\n"; $size = array(1000 => "1.000 characters", 5000 => "5.000 characters", 10000 => "10.000 characters", 15000 => "15.000 characters", 30.000 => "30.000 characters", 50000 => "50.000 characters", 100000 => "100.000 characters"); - $output .= form_select(t("Maximum submission size"), "max_input_size", variable_get(max_input_size, 10000), $size, t("The maximum number of characters someone can enter in a form.")); + $output .= form_select(t("Maximum submission size"), "max_input_size", variable_get("max_input_size", 10000), $size, t("The maximum number of characters someone can enter in a form.")); $rate = array(1 => "Maximum 1 every second", 5 => "Maximum 1 every 5 seconds", 15 => "Maximum 1 every 15 seconds", 30 => "Maximum 1 every 30 seconds", 60 => "Maximum 1 every minute", 300 => "Maximum 1 every 5 minutes", 900 => "Maximum 1 every 15 minutes", 1800 => "Maximum 1 every 30 minutes", 3600 => "Maximum 1 every hour", 21600 => "Maximum 1 every 6 hour", 43200 => "Maximum 1 every 12 hour"); - $output .= form_select(t("Maximum node rate"), "max_node_rate", variable_get(max_node_rate, 900), $rate, t("The maximum submission rate for nodes. Its purpose is to stop potential abuse or denial of service attacks.")); - $output .= form_select(t("Maximum comment rate"), "max_comment_rate", variable_get(max_comment_rate, 120), $rate, t("The maximum submission rate for comments. Its purpose is to stop potential abuse or denial of service attacks.")); + $output .= form_select(t("Maximum node rate"), "max_node_rate", variable_get("max_node_rate", 900), $rate, t("The maximum submission rate for nodes. Its purpose is to stop potential abuse or denial of service attacks.")); + $output .= form_select(t("Maximum comment rate"), "max_comment_rate", variable_get("max_comment_rate", 120), $rate, t("The maximum submission rate for comments. Its purpose is to stop potential abuse or denial of service attacks.")); $output .= "<HR>\n"; // theme settings: $output .= "<H3>Theme settings</H3>\n"; - foreach ($themes as $key=>$value) $options .= "<OPTION VALUE=\"$key\"". (variable_get(theme_default, key($themes)) == $key ? " SELECTED" : "") .">$key</OPTION>\n"; + foreach ($themes as $key=>$value) $options .= "<OPTION VALUE=\"$key\"". (variable_get("theme_default", key($themes)) == $key ? " SELECTED" : "") .">$key</OPTION>\n"; $output .= form_item(t("Default theme"), "<SELECT NAME=\"edit[theme_default]\">$options</SELECT>", t("The default theme as seen by new visitors and anonymous users.")); $output .= "<HR>\n"; // development settings: $output .= "<H3>Development settings</H3>\n"; - $output .= form_select(t("Display timings"), "dev_timing", variable_get(dev_timing, 0), array("Disabled", "Enabled"), t("Display the time it took to generate a page: for Drupal development only.")); + $output .= form_select(t("Display timer information"), "dev_timer", variable_get("dev_timer", 0), array("Disabled", "Enabled"), t("Display the time it took to generate a page. For Drupal development only.")); + $output .= "<HR>\n"; return $output; } -function setting_modules() { +function conf_view_module() { foreach (module_list() as $name) { - if (module_hook($name, "conf")) { - $output .= "<H3>". ucfirst($name) ." module</H3>\n"; - $output .= module_invoke($name, "conf"); - $output .= "<HR>\n"; + if (module_hook($name, "conf_options")) { + $output .= "<H3>". ucfirst($name) ." settings</H3>". module_invoke($name, "conf_options") ."<HR>\n"; } } return $output; } -function settings_save($edit = array()) { - // save variables: - foreach ($edit as $name=>$value) variable_set($name, $value); +function conf_view_filter() { + foreach (module_list() as $name) { + if (module_hook($name, "conf_filters")) { + $output .= module_invoke($name, "conf_filters"); + } + } + return $output; +} - return "all settings have been saved."; +function conf_save($edit = array()) { + foreach ($edit as $name=>$value) variable_set($name, $value); + return "the configuration options have been saved."; } -function settings_default() { - db_query("DELETE FROM variable"); - return "all settings have been reset to their default value."; +function conf_default($edit = array()) { + foreach ($edit as $name=>$value) variable_del($name); + return "the configuration options have been reset to their default values."; } -function settings_overview() { - global $settings; +function conf_view($type) { + global $REQUEST_URI; + + switch ($type) { + case "filter": + $form = conf_view_filter(); + break; + case "module": + $form = conf_view_module(); + break; + default: + $form = conf_view_system(); + } - $form .= setting_modules(); - $form .= form_submit("Save settings"); + $form .= form_submit("Save configuration"); $form .= form_submit("Reset to defaults"); - return form("admin.php?mod=settings", $form); + return form($REQUEST_URI, $form); } -function settings_admin() { - global $edit, $op; +function conf_admin() { + global $edit, $op, $type; - print "<SMALL><A HREF=\"admin.php?mod=settings\">overview</A> | <A HREF=\"admin.php?mod=settings&op=help\">help</A></SMALL><HR>\n"; + print "<SMALL><A HREF=\"admin.php?mod=conf&type=system\">system settings</A> | <A HREF=\"admin.php?mod=conf&type=module\">module settings</A> | <A HREF=\"admin.php?mod=conf&type=filter\">filters</A> | <A HREF=\"admin.php?mod=conf&op=help\">help</A></SMALL><HR>\n"; switch ($op) { case "help": - settings_help(); + conf_help(); break; case "Reset to defaults": - print status(settings_default($edit)); - print settings_overview(); + print status(conf_default($edit)); + print conf_view($type); break; - case "Save settings": - print status(settings_save($edit)); - print settings_overview(); + case "Save configuration": + print status(conf_save($edit)); + print conf_view($type); break; default: - print settings_overview(); + print conf_view($type); } } diff --git a/modules/cvs.module b/modules/cvs.module index f31dd2d26..1202047a6 100644 --- a/modules/cvs.module +++ b/modules/cvs.module @@ -17,7 +17,7 @@ function cvs_cron() { } } -function cvs_conf() { +function cvs_conf_options() { $period = array(43200 => format_interval(43200), 86400 => format_interval(86400), 172800 => format_interval(172800), 259200 => format_interval(259200), 604800 => format_interval(604800), 1209600 => format_interval(1209600)); $output .= form_textfield(t("Digest recepients"), "cvs_mail", variable_get("cvs_mail", "root@localhost"), 30, 55, t("The e-mail address to mail the CVS log messages to. Multiple recipients can be specified by putting a comma between each address.")); $output .= form_select(t("Digest interval"), "cvs_cron_time" , variable_get("cvs_cron_time", 86400), $period, t("The time interval at which batched CVS digests are dispatched. Requires crontab.")); diff --git a/modules/diary.module b/modules/diary.module index d003c7cc1..9cfb21c47 100644 --- a/modules/diary.module +++ b/modules/diary.module @@ -72,13 +72,13 @@ function diary_page_display($username) { } function diary_page_add() { - global $theme, $user, $allowed_html; + global $theme, $user; $output .= "<FORM ACTION=\"module.php?mod=diary\" METHOD=\"post\">\n"; $output .= "<P>\n"; $output .= " <TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"15\" NAME=\"text\"></TEXTAREA><BR>\n"; - $output .= " <SMALL><I>". t("Allowed HTML tags") .": ". htmlspecialchars($allowed_html) .".</I></SMALL>\n"; + $output .= " <SMALL><I>". t("Allowed HTML tags") .": ". htmlspecialchars(variable_get("allowed_html", "")) .".</I></SMALL>\n"; $output .= "</P>\n"; $output .= "<P>\n"; @@ -98,7 +98,7 @@ function diary_page_delete($id) { } function diary_page_edit($id) { - global $theme, $user, $allowed_html; + global $theme, $user; $result = db_query("SELECT * FROM diaries WHERE id = '$id'"); $diary = db_fetch_object($result); @@ -107,8 +107,8 @@ function diary_page_edit($id) { $output .= "<FORM ACTION=\"module.php?mod=diary\" METHOD=\"post\">\n"; $output .= "<P>\n"; - $output .= " <TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"15\" NAME=\"text\">". check_textarea($diary->text) ."</TEXTAREA><BR>\n"; - $output .= " <SMALL><I>". t("Allowed HTML tags") .": ". htmlspecialchars($allowed_html) .".</I></SMALL>\n"; + $output .= " <TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"15\" NAME=\"text\">". check_form($diary->text) ."</TEXTAREA><BR>\n"; + $output .= " <SMALL><I>". t("Allowed HTML tags") .": ". htmlspecialchars(variable_get("allowed_html", "")) .".</I></SMALL>\n"; $output .= "</P>\n"; $output .= "<P>\n"; $output .= " <INPUT TYPE=\"hidden\" NAME=\"id\" VALUE=\"$diary->id\">\n"; @@ -123,14 +123,14 @@ function diary_page_edit($id) { } function diary_page_preview($text, $timestamp, $id = 0) { - global $theme, $user, $allowed_html; + global $theme, $user; $output .= diary_page_entry($timestamp, $text); $output .= "<FORM ACTION=\"module.php?mod=diary\" METHOD=\"post\">\n"; $output .= "<P>\n"; - $output .= " <TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"15\" NAME=\"text\">". check_textarea($text) ."</TEXTAREA><BR>\n"; - $output .= " <SMALL><I>". t("Allowed HTML tags") .": ". htmlspecialchars($allowed_html) .".</I></SMALL>\n"; + $output .= " <TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"15\" NAME=\"text\">". check_form($text) ."</TEXTAREA><BR>\n"; + $output .= " <SMALL><I>". t("Allowed HTML tags") .": ". htmlspecialchars(variable_get("allowed_html", "")) .".</I></SMALL>\n"; $output .= "</P>\n"; $output .= "<P>\n"; $output .= " <INPUT TYPE=\"hidden\" NAME=\"id\" VALUE=\"$id\">\n"; @@ -239,7 +239,7 @@ function diary_admin_edit($id) { $output .= "<P>\n"; $output .= "<B>Diary entry:</B><BR>\n"; - $output .= " <TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"10\" NAME=\"text\">". check_textarea($diary->text) ."</TEXTAREA><BR>\n"; + $output .= " <TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"10\" NAME=\"text\">". check_form($diary->text) ."</TEXTAREA><BR>\n"; $output .= "</P>\n"; $output .= "<P>\n"; diff --git a/modules/headline.module b/modules/headline.module index cfb347086..1c6b41743 100644 --- a/modules/headline.module +++ b/modules/headline.module @@ -11,7 +11,7 @@ function headline_help() { <?php } -function headline_conf() { +function headline_conf_options() { $period = array(900 => format_interval(900), 1800 => format_interval(1800), 3600 => format_interval(3600), 7200 => format_interval(7200), 10800 => format_interval(10800), 21600 => format_interval(21600), 32400 => format_interval(32400), 43200 => format_interval(43200), 64800 => format_interval(64800), 86400 => format_interval(86400)); $output .= form_select(t("Update interval"), "headline_cron_time" , variable_get("headline_cron_time", 86400), $period, t("The update interval indicating how often you want to update your headline channels. Requires crontab.")); return $output; diff --git a/modules/locale.module b/modules/locale.module index deb802b29..1e2a074c8 100644 --- a/modules/locale.module +++ b/modules/locale.module @@ -3,7 +3,7 @@ function locale_help() { ?> <P>Normally programs are written and documented in English, and use English to interact with users. This is true for a great deal of websites. However, most people are less comfortable with English than with their own native language, and would prefer to use their mother tongue as much as possible. Many people love see their website showing a lot less of English, and far more of their own language.</P> - <P>Therefore drupal provides a framework to setup a multi-lingual website, or to overwrite the default texts in English. We explored the various alternatives to support internationalization and decided to design the framework in such a way that the impact of internationalization on drupal's sources is minimized, modular and that it doesn't require a HTML or PHP wizard to maintain translations. Maintaining translations had to be simple so it became as easy as filling out forms on the administration page. A side effect is that translation support adds significant overhead to the dynamic generation of your website. If you don't need translation support, consider to turn it off.</P> + <P>Therefore drupal provides a framework to setup a multi-lingual website, or to overwrite the default texts in English. We explored the various alternatives to support internationalization and decided to design the framework in such a way that the impact of internationalization on drupal's sources is minimized, modular and that it doesn't require a HTML or PHP wizard to maintain translations. Maintaining translations had to be simple so it became as easy as filling out forms on the administration page. A side effect is that translation support adds significant overhead to the dynamic generation of your website. If you don't need translation support, consider to turning it off from the "conf" section.</P> <H3>Adding a new language</H3> @@ -24,6 +24,10 @@ function locale_help() { <?php } +function locale_conf_options() { + return form_select(t("Locale support"), "locale", variable_get("locale", 1), array("Disabled", "Enabled"), t("Disable locale support if your site does not require translation or internationalization support.")); +} + function locale_delete($id) { db_query("DELETE FROM locales WHERE id = '$id'"); } diff --git a/modules/locale/locale.module b/modules/locale/locale.module index deb802b29..1e2a074c8 100644 --- a/modules/locale/locale.module +++ b/modules/locale/locale.module @@ -3,7 +3,7 @@ function locale_help() { ?> <P>Normally programs are written and documented in English, and use English to interact with users. This is true for a great deal of websites. However, most people are less comfortable with English than with their own native language, and would prefer to use their mother tongue as much as possible. Many people love see their website showing a lot less of English, and far more of their own language.</P> - <P>Therefore drupal provides a framework to setup a multi-lingual website, or to overwrite the default texts in English. We explored the various alternatives to support internationalization and decided to design the framework in such a way that the impact of internationalization on drupal's sources is minimized, modular and that it doesn't require a HTML or PHP wizard to maintain translations. Maintaining translations had to be simple so it became as easy as filling out forms on the administration page. A side effect is that translation support adds significant overhead to the dynamic generation of your website. If you don't need translation support, consider to turn it off.</P> + <P>Therefore drupal provides a framework to setup a multi-lingual website, or to overwrite the default texts in English. We explored the various alternatives to support internationalization and decided to design the framework in such a way that the impact of internationalization on drupal's sources is minimized, modular and that it doesn't require a HTML or PHP wizard to maintain translations. Maintaining translations had to be simple so it became as easy as filling out forms on the administration page. A side effect is that translation support adds significant overhead to the dynamic generation of your website. If you don't need translation support, consider to turning it off from the "conf" section.</P> <H3>Adding a new language</H3> @@ -24,6 +24,10 @@ function locale_help() { <?php } +function locale_conf_options() { + return form_select(t("Locale support"), "locale", variable_get("locale", 1), array("Disabled", "Enabled"), t("Disable locale support if your site does not require translation or internationalization support.")); +} + function locale_delete($id) { db_query("DELETE FROM locales WHERE id = '$id'"); } diff --git a/modules/node.module b/modules/node.module index 53c32219f..98b6482ef 100644 --- a/modules/node.module +++ b/modules/node.module @@ -11,13 +11,34 @@ class Node { } } -function node_macro($text) { +function node_conf_filters() { + $output .= form_select(t("Strip HTML tags"), "filter_html", variable_get("filter_html", 0), array("Disabled", "Enabled"), t("Strip HTML and PHP tags.")); + $output .= form_textfield(t("Allowed HTML tags"), "allowed_html", variable_get("allowed_html", "<A><B><BLOCKQUOTE><DD><DL><DT><I><LI><OL><U><UL>"), 64, 128, t("If enabled, optionally specify tags which should not be stripped. 'STYLE' attributes, 'ON' attributes and unclosed tags are always stripped.")); + $output .= "<HR>"; + $output .= form_select(t("Strip link tags"), "filter_link", variable_get("filter_link", 0), array("Disabled", "Enabled"), t("Substitute special [[link]] tags.")); + $output .= "<HR>"; + return $output; +} + +function node_filter_html($text) { + $text = eregi_replace("([ \f\r\t\n\'\"])style=[^>]+", "\\1", $text); + $text = eregi_replace("([ \f\r\t\n\'\"])on[a-z]+=[^>]+", "\\1", $text); + $text = strip_tags($text, variable_get("allowed_html", "")); + return $text; +} + +function node_filter_link($text) { $src = array("/\[\[(([^\|]*?)(\|([^\|]*?))?)\]\]/e"); // [link|description] $dst = array(format_tag('\\2', '\\4')); // [link|description] - return preg_replace($src, $dst, $text); } +function node_filter($text) { + if (variable_get("filter_html", 0)) $text = node_filter_html($text); + if (variable_get("filter_link", 0)) $text = node_filter_link($text); + return $text; +} + function node_overview($query = array()) { global $user; diff --git a/modules/node/node.module b/modules/node/node.module index 53c32219f..98b6482ef 100644 --- a/modules/node/node.module +++ b/modules/node/node.module @@ -11,13 +11,34 @@ class Node { } } -function node_macro($text) { +function node_conf_filters() { + $output .= form_select(t("Strip HTML tags"), "filter_html", variable_get("filter_html", 0), array("Disabled", "Enabled"), t("Strip HTML and PHP tags.")); + $output .= form_textfield(t("Allowed HTML tags"), "allowed_html", variable_get("allowed_html", "<A><B><BLOCKQUOTE><DD><DL><DT><I><LI><OL><U><UL>"), 64, 128, t("If enabled, optionally specify tags which should not be stripped. 'STYLE' attributes, 'ON' attributes and unclosed tags are always stripped.")); + $output .= "<HR>"; + $output .= form_select(t("Strip link tags"), "filter_link", variable_get("filter_link", 0), array("Disabled", "Enabled"), t("Substitute special [[link]] tags.")); + $output .= "<HR>"; + return $output; +} + +function node_filter_html($text) { + $text = eregi_replace("([ \f\r\t\n\'\"])style=[^>]+", "\\1", $text); + $text = eregi_replace("([ \f\r\t\n\'\"])on[a-z]+=[^>]+", "\\1", $text); + $text = strip_tags($text, variable_get("allowed_html", "")); + return $text; +} + +function node_filter_link($text) { $src = array("/\[\[(([^\|]*?)(\|([^\|]*?))?)\]\]/e"); // [link|description] $dst = array(format_tag('\\2', '\\4')); // [link|description] - return preg_replace($src, $dst, $text); } +function node_filter($text) { + if (variable_get("filter_html", 0)) $text = node_filter_html($text); + if (variable_get("filter_link", 0)) $text = node_filter_link($text); + return $text; +} + function node_overview($query = array()) { global $user; diff --git a/modules/poll.module b/modules/poll.module index c79723b09..06661ba51 100644 --- a/modules/poll.module +++ b/modules/poll.module @@ -152,7 +152,7 @@ function poll_view($node, $main = 0, $block = 0) { } function poll_form($edit = array(), $nocheck = 0) { - global $allowed_html, $REQUEST_URI, $user; + global $REQUEST_URI, $user; $duration = array(0 => t("Unlimited"), 86400 => t("1 day"), 172800 => t("2 days"), 345600 => t("4 days"), 604800 => t("1 week"), 1209600 => t("2 weeks"), 2678400 => t("1 month"), 5356800 => t("2 months"), @@ -281,7 +281,7 @@ function poll_admin() { case t("Refresh"): $refresh = 1; case t("Preview"): - poll_view(new Poll($edit)); + poll_view(new Poll(node_preview($edit))); case "add": print poll_form($edit, $refresh); break; @@ -301,7 +301,7 @@ function poll_user() { case t("Refresh"): $refresh = 1; case t("Preview"): - poll_view(new Poll($edit)); + poll_view(new Poll(node_preview($edit))); $theme->box(t("Submit"), poll_form($edit, $refresh)); break; case t("Submit"): diff --git a/modules/poll/poll.module b/modules/poll/poll.module index c79723b09..06661ba51 100644 --- a/modules/poll/poll.module +++ b/modules/poll/poll.module @@ -152,7 +152,7 @@ function poll_view($node, $main = 0, $block = 0) { } function poll_form($edit = array(), $nocheck = 0) { - global $allowed_html, $REQUEST_URI, $user; + global $REQUEST_URI, $user; $duration = array(0 => t("Unlimited"), 86400 => t("1 day"), 172800 => t("2 days"), 345600 => t("4 days"), 604800 => t("1 week"), 1209600 => t("2 weeks"), 2678400 => t("1 month"), 5356800 => t("2 months"), @@ -281,7 +281,7 @@ function poll_admin() { case t("Refresh"): $refresh = 1; case t("Preview"): - poll_view(new Poll($edit)); + poll_view(new Poll(node_preview($edit))); case "add": print poll_form($edit, $refresh); break; @@ -301,7 +301,7 @@ function poll_user() { case t("Refresh"): $refresh = 1; case t("Preview"): - poll_view(new Poll($edit)); + poll_view(new Poll(node_preview($edit))); $theme->box(t("Submit"), poll_form($edit, $refresh)); break; case t("Submit"): diff --git a/modules/rating.module b/modules/rating.module index 3c3e301b7..18a23841f 100644 --- a/modules/rating.module +++ b/modules/rating.module @@ -1,6 +1,6 @@ <?php -function rating_conf() { +function rating_conf_options() { $period = array(3600 => format_interval(3600), 10800 => format_interval(10800), 21600 => format_interval(21600), 32400 => format_interval(32400), 43200 => format_interval(43200), 86400 => format_interval(86400), 172800 => format_interval(172800), 259200 => format_interval(259200), 604800 => format_interval(604800), 1209600 => format_interval(1209600)); $output .= form_select(t("Update interval"), "rating_cron_time" , variable_get("rating_cron_time", 86400), $period, t("The update interval for the user ratings. Requires crontab.")); return $output; diff --git a/modules/story.module b/modules/story.module index 7f0c1ba64..935f0ca93 100644 --- a/modules/story.module +++ b/modules/story.module @@ -35,14 +35,14 @@ function story_view($node, $main = 0) { } function story_form($edit = array()) { - global $allowed_html, $REQUEST_URI, $user; + global $REQUEST_URI, $user; $form .= form_item(t("Your name"), format_username(($edit[userid] ? $edit[userid] : $user->userid))); $form .= form_hidden("userid", $edit[userid]); $form .= form_textfield(t("Subject"), "title", $edit[title], 50, 64); $form .= structure_form("story", $edit); - $form .= form_textarea(t("Abstract"), "abstract", $edit[abstract], 50, 10, t("Allowed HTML tags") .": ". htmlspecialchars($allowed_html)); - $form .= form_textarea(t("Body"), "body", $edit[body], 50, 15, t("Allowed HTML tags") .": ". htmlspecialchars($allowed_html)); + $form .= form_textarea(t("Abstract"), "abstract", $edit[abstract], 50, 10, t("Allowed HTML tags") .": ". htmlspecialchars(variable_get("allowed_html", ""))); + $form .= form_textarea(t("Body"), "body", $edit[body], 50, 15, t("Allowed HTML tags") .": ". htmlspecialchars(variable_get("allowed_html", ""))); // hidden fields: if ($edit[nid] > 0) { @@ -148,7 +148,7 @@ function story_admin() { print search_data($keys, $mod); break; case t("Preview"): - story_view(new Story($edit)); + story_view(new Story(node_preview($edit))); print story_form($edit); break; case t("Submit"): @@ -165,7 +165,7 @@ function story_user() { switch($op) { case t("Preview"): - story_view(new Story($edit)); + story_view(new Story(node_preview($edit))); $theme->box(t("Submit"), story_form($edit)); break; case t("Submit"): diff --git a/modules/story/story.module b/modules/story/story.module index 7f0c1ba64..935f0ca93 100644 --- a/modules/story/story.module +++ b/modules/story/story.module @@ -35,14 +35,14 @@ function story_view($node, $main = 0) { } function story_form($edit = array()) { - global $allowed_html, $REQUEST_URI, $user; + global $REQUEST_URI, $user; $form .= form_item(t("Your name"), format_username(($edit[userid] ? $edit[userid] : $user->userid))); $form .= form_hidden("userid", $edit[userid]); $form .= form_textfield(t("Subject"), "title", $edit[title], 50, 64); $form .= structure_form("story", $edit); - $form .= form_textarea(t("Abstract"), "abstract", $edit[abstract], 50, 10, t("Allowed HTML tags") .": ". htmlspecialchars($allowed_html)); - $form .= form_textarea(t("Body"), "body", $edit[body], 50, 15, t("Allowed HTML tags") .": ". htmlspecialchars($allowed_html)); + $form .= form_textarea(t("Abstract"), "abstract", $edit[abstract], 50, 10, t("Allowed HTML tags") .": ". htmlspecialchars(variable_get("allowed_html", ""))); + $form .= form_textarea(t("Body"), "body", $edit[body], 50, 15, t("Allowed HTML tags") .": ". htmlspecialchars(variable_get("allowed_html", ""))); // hidden fields: if ($edit[nid] > 0) { @@ -148,7 +148,7 @@ function story_admin() { print search_data($keys, $mod); break; case t("Preview"): - story_view(new Story($edit)); + story_view(new Story(node_preview($edit))); print story_form($edit); break; case t("Submit"): @@ -165,7 +165,7 @@ function story_user() { switch($op) { case t("Preview"): - story_view(new Story($edit)); + story_view(new Story(node_preview($edit))); $theme->box(t("Submit"), story_form($edit)); break; case t("Submit"): diff --git a/modules/watchdog.module b/modules/watchdog.module index 8397da666..6c40f7e14 100644 --- a/modules/watchdog.module +++ b/modules/watchdog.module @@ -7,7 +7,7 @@ function watchdog_help() { <?php } -function watchdog_conf() { +function watchdog_conf_options() { $period = array(3600 => format_interval(3600), 10800 => format_interval(10800), 21600 => format_interval(21600), 32400 => format_interval(32400), 43200 => format_interval(43200), 86400 => format_interval(86400), 172800 => format_interval(172800), 259200 => format_interval(259200), 604800 => format_interval(604800), 1209600 => format_interval(1209600), 2419200 => format_interval(2419200)); $output .= form_select(t("Discard entries older than"), "watchdog_clear", variable_get("watchdog_clear", 604800), $period, t("The time watchdog entries should be kept. Older entries will be automatically discarded. Requires crontab.")); return $output; diff --git a/modules/watchdog/watchdog.module b/modules/watchdog/watchdog.module index 8397da666..6c40f7e14 100644 --- a/modules/watchdog/watchdog.module +++ b/modules/watchdog/watchdog.module @@ -7,7 +7,7 @@ function watchdog_help() { <?php } -function watchdog_conf() { +function watchdog_conf_options() { $period = array(3600 => format_interval(3600), 10800 => format_interval(10800), 21600 => format_interval(21600), 32400 => format_interval(32400), 43200 => format_interval(43200), 86400 => format_interval(86400), 172800 => format_interval(172800), 259200 => format_interval(259200), 604800 => format_interval(604800), 1209600 => format_interval(1209600), 2419200 => format_interval(2419200)); $output .= form_select(t("Discard entries older than"), "watchdog_clear", variable_get("watchdog_clear", 604800), $period, t("The time watchdog entries should be kept. Older entries will be automatically discarded. Requires crontab.")); return $output; @@ -2,7 +2,7 @@ include_once "includes/common.inc"; -if (variable_get(dev_timing, 0)) timer_start(); +page_header(); function node_render($node) { global $id, $cid, $op, $moderate, $pid, $subject, $comment, $theme, $mode, $order, $threshold, $PHP_SELF; @@ -114,6 +114,6 @@ else { node_failure(); } -if (variable_get(dev_timing, 0)) timer_print(); +page_footer(); ?>
\ No newline at end of file diff --git a/search.php b/search.php index 1fc46bc10..59b5aace1 100644 --- a/search.php +++ b/search.php @@ -10,7 +10,7 @@ function find_module($name) { module_iterate("find_module"); $search .= "<FORM ACTION=\"search.php\" METHOD=\"POST\">\n"; -$search .= " <INPUT SIZE=\"50\" VALUE=\"". check_textfield($keys) ."\" NAME=\"keys\" TYPE=\"text\">\n"; +$search .= " <INPUT SIZE=\"50\" VALUE=\"". check_form($keys) ."\" NAME=\"keys\" TYPE=\"text\">\n"; $search .= " <SELECT NAME=\"type\">$options</SELECT>\n"; $search .= " <INPUT TYPE=\"submit\" VALUE=\"". t("Search") ."\">\n"; $search .= "</FORM>\n"; diff --git a/submit.php b/submit.php index 484e532c8..3d5d0af19 100644 --- a/submit.php +++ b/submit.php @@ -2,8 +2,6 @@ include_once "includes/common.inc"; -if (variable_get(dev_timing, 0)) timer_start(); - $theme->header(); if ($user->id) { @@ -32,6 +30,4 @@ else { $theme->footer(); -if (variable_get(dev_timing, 0)) timer_print(); - ?> |