The Input formats - filter patch has landed. I still need to make update instructions for modules and update the hook docs.

Here's an overview of the changes:
1) Multiple Input formats: they are complete filter configurations (what filters to use, in what order and with which settings). Input formats are admin-definable, and usage of them is role-dependant. For example, you can set it up so that regular users can only use limited HTML, while admins can free HTML without any tag limitations.
The input format can be chosen per content item (nodes, comments, blocks, ...) when you add/edit them. If only a single format is available, there is no choice, and nothing changes with before.

The default install (and the upgrade) contains a basic set of formats which should satisfy the average user's needs.

2) Filters have toggles
Because now you might want to enable a filter only on some input formats, an explicit toggle is provided by the filter system. Modules do not need to worry about it and filters that still have their own on/off switch should get rid of it.

3) Multiple filters per module
This was necessary to accomodate the next change, and it's also a logical extension of the filter system.

4) Embedded PHP is now a filter
Thanks to the multiple input formats, I was able to move the 'embedded PHP' feature from block.module, page.module and book.module into a simple filter which executes PHP code. This filter is part of filter.module, and by default there is an input format 'PHP', restricted to the administrator only, which contains this filter.
This change means that block.module now passes custom block contents through the filter system.
As well as from reducing code duplication and avoiding two type selectors for page/book nodes, you can now combine PHP code with other filters.

5) User-supplied PHP code now requires <?php ?> tags.
This is required for teasers to work with PHP code. Because PHP evaluation is now just another step in the filter process, we can't do this. Also, because teasers are generated before filtering, this would result in errors when the teaser generation would cut off a piece of PHP code.

Also, regular PHP syntax explicitly includes the <?php ?> tags for PHP files, so it makes sense to use the same convention for embedded PHP in Drupal.

6) Filter caching was added.
Benchmarking shows that even for a simple setup (basic html filtering + legacy URL rewriting), filtercache can offer speedups. Unlike the old filtercache, this uses the normal cache table.

7) Filtertips were moved from help into a hook_filter_tips(). This was required to accomodate the fact that there are multiple filters per module, and that filter settings are format dependant. Shoehorning filter tips into _help was ugly and silly. The display of the filter tips is done through the input format selector, so filter_tips_short() no longer exists.

8) A more intelligent linebreak convertor was added, which doesn't stop working if you use block-level tags and which adds <p> tags.

1 files changed, 5 insertions, 46 deletions

diff --git a/modules/page/page.module b/modules/page/page.module
index ac3f6d4fb..4d0336172 100644
--- a/modules/page/page.module
+++ b/modules/page/page.module
@@ -9,7 +9,6 @@ function page_help($section) {
     case 'admin/help#page':
       return t("
       <p>The page module is used when you want to create content that optionally inserts a link into your navigation system. You can also, however, create pages that don't have this link by skipping the link text field in the page form. At this time, not all themes support the link insertion behavior. Some themes, like xtemplate, provide alternative mechanisms for link creation. Pages are also unique in that they shortcut the typical lifecycle of user generated content (i.e. submit -&gt; moderate -&gt; post -&gt; comment). </p>
-      <p>If you enable the <strong>create PHP content</strong> permission for a role, pages may consist of PHP code in addition to HTML and text.</p>
       <h3>User access permissions for pages</h3>
       <p><strong>create pages:</strong> Allows a role to create pages. They cannot edit or delete pages, even if they are the authors. You must enable this permission to in order for a role to create a page.</p>
       <p><strong>edit own pages:</strong> Allows a role to add/edit pages if they own the page. Use this permission if you want users to be able to edit and maintain their own pages.</p>
@@ -56,14 +55,14 @@ function page_access($op, $node) {
  * Implementation of hook_insert().
  */
 function page_insert($node) {
-  db_query("INSERT INTO {page} (nid, format, link, description) VALUES (%d, %d, '%s', '%s')", $node->nid, $node->format, $node->link, $node->description);
+  db_query("INSERT INTO {page} (nid, link, description) VALUES (%d, '%s', '%s')", $node->nid, $node->link, $node->description);
 }
 
 /**
  * Implementation of hook_update().
  */
 function page_update($node) {
-  db_query("UPDATE {page} SET format = %d, link = '%s', description = '%s' WHERE nid = %d", $node->format, $node->link, $node->description, $node->nid);
+  db_query("UPDATE {page} SET link = '%s', description = '%s' WHERE nid = %d", $node->link, $node->description, $node->nid);
 }
 
 /**
@@ -77,7 +76,7 @@ function page_delete(&$node) {
  * Implementation of hook_load().
  */
 function page_load($node) {
-  return db_fetch_object(db_query('SELECT format, link, description FROM {page} WHERE nid = %d', $node->nid));
+  return db_fetch_object(db_query('SELECT link, description FROM {page} WHERE nid = %d', $node->nid));
 }
 
 /**
@@ -92,23 +91,9 @@ function page_menu() {
 
 /**
  * Implementation of hook_content().
- *
- * If body is dynamic (using PHP code), the body will be generated.
  */
 function page_content($node, $teaser = FALSE) {
-  if ($node->format == 1) {
-    // PHP type
-    ob_start();
-    eval($node->body);
-    $node->body = ob_get_contents();
-    ob_end_clean();
-    $node->teaser = node_teaser($node->body);
-    $node->readmore = (strlen($node->teaser) < strlen($node->body));
-  }
-  else {
-    // Assume HTML type by default
-    $node = node_prepare($node, $teaser);
-  }
+  $node = node_prepare($node, $teaser);
   return $node;
 }
 
@@ -128,38 +113,12 @@ function page_form(&$node) {
     $output .= implode('', taxonomy_node_form('page', $node));
   }
 
-  if (($node->format == 1) && (!user_access('create php content'))) {
-    drupal_set_message(t('the body contents of this page are written in PHP and you do not have sufficient permissions to make changes to the body. You can edit the other elements of the page.'));
-    $output .= form_hidden('format', $node->format);
-    $hide_types = true;
-  }
-  else {
-    $output .= form_textarea(t('Body'), 'body', $node->body, 60, 20, filter_tips_short(), NULL, TRUE);
-  }
+  $output .= form_textarea(t('Body'), 'body', $node->body, 60, 20, '', NULL, TRUE);
 
   $output .= form_textfield(t('Link name'), 'link', $node->link, 60, 64, t('To make the page show up in the navigation links, enter the name of the link. Otherwise, leave this blank.'));
   $output .= form_textfield(t('Link description'), 'description', $node->description, 60, 64, t("The description displayed when hovering over the page's link.  Leave blank when you don't want a description."));
-  $content_type = (user_access('create php content')) ? array(0 => 'HTML', 1 => 'PHP') : false;
-  if (!$hide_types && $content_type) {
-    $output .= form_radios(t('Type'), 'format', $node->format, $content_type);
-  }
 
   return $output;
 }
 
-/**
- * Implementation of hook_validate().
- */
-function page_validate(&$node) {
-  if ($node->format && user_access('create php content')) {
-    // Do not filter PHP code, do not auto-extract a teaser
-    $node->teaser = $node->body;
-  }
-
-  if (($node->format == 1) && (!user_access('create php content'))) {
-    /* Overwrite the submitted node body since they don't have sufficient privileges. */
-    $node->body = db_result(db_query('SELECT body FROM {node} WHERE nid = %d', $node->nid));
-  }
-}
-
 ?>