@@ -43,10 +43,10 @@ </thead> <tbody> {% for post in posts.paginated %} - <tr id="post_$post.id" class="post $post.status{% if loop.last %} last{% endif %}"> + <tr id="post_$post.id" class="post $post.status_class{% if loop.last %} last{% endif %}"> <td class="main"><a href="$post.url">${ post.title | truncate }</a></td> <td>${ post.created_at | strftime }</td> - <td>${ post.status | replace("_", " ") | title | translate }</td> + <td>$post.status_name</td> <td>$post.user.login</td> ${ trigger.call("manage_posts_column", post) } {% if post.editable and post.deletable %} admin/layout/pages/manage_posts.twig @@ -52,11 +52,16 @@ <label for="status">${ "Status" | translate }</label> <select name="status" id="status"> {% if route.action == "edit_post" %} - <option value="draft"{% if post.status == "draft" %} selected="selected"{% endif %}>${ "Draft" | translate }</option> + <option value="draft"${ post.status | option_selected("draft") }>${ "Draft" | translate }</option> {% endif %} - <option value="public"{% if post.status == "public" %} selected="selected"{% endif %}>${ "Public" | translate }</option> - <option value="private"{% if post.status == "private" %} selected="selected"{% endif %}>${ "Private" | translate }</option> - <option value="registered_only"{% if post.status == "registered_only" %} selected="selected"{% endif %}>${ "Registered Only" | translate }</option> + <option value="public"${ post.status | option_selected("public") }>${ "Public" | translate }</option> + <option value="private"${ post.status | option_selected("private") }>${ "Private" | translate }</option> + <option value="registered_only"${ post.status | option_selected("registered_only") }>${ "Registered Only" | translate }</option> + <optgroup label="${ "Group" | translate }"> + {% for group in groups %} + <option value="{$group.id}"${ post.status | option_selected("{"~ group.id ~"}") }>${ group.name | escape }</option> + {% endfor %} + </optgroup> </select> </p> {% endif %} admin/layout/partials/post_fields.twig @@ -989,4 +989,7 @@ img.smiley { font-weight: bold; color: #bbb; } +.group_prefix { + color: #999; +} /* @end */ admin/style.css @@ -203,7 +203,10 @@ } } - public function check_viewing_page($i_have_the_power = false) { + public function check_viewing_page() { + if (!INDEX) + return; + global $page; $config = Config::current(); @@ -220,11 +223,14 @@ foreach ($valids as $page) if ($page->url == end($this->arg)) return list($_GET['url'], $this->action) = array($page->url, "page"); - } elseif ($i_have_the_power) + } elseif (!preg_match("/^\((clean|url)\)\/?$/", $config->post_url)) # This is the last route parse. return $this->action = fallback($this->arg[0], "index"); } - public function check_viewing_post($i_have_the_power = false) { + public function check_viewing_post() { + if (!INDEX) + return; + $config = Config::current(); if (!empty($this->action)) @@ -259,11 +265,14 @@ return $this->action = "view"; } - if ($i_have_the_power) + if (preg_match("/^\((clean|url)\)\/?$/", $config->post_url)) # This is the last route parse. return $this->action = fallback($this->arg[0], "index"); } public function check_custom_routes() { + if (!INDEX) + return; + $config = Config::current(); # Custom pages added by Modules, Feathers, Themes, etc. includes/class/Route.php @@ -1,4 +1,14 @@ <?php + # File: Query + # See Also: + # <Query> + require_once INCLUDES_DIR."/class/Query.php"; + + # File: QueryBuilder + # See Also: + # <QueryBuilder> + require_once INCLUDES_DIR."/class/QueryBuilder.php"; + /** * Class: SQL * Contains the database settings and functions for interacting with the SQL database. @@ -298,22 +308,25 @@ * Escapes a string, escaping things like $1 and C:\foo\bar so that they don't get borked by the preg_replace. * This also handles calling the SQL connection method's "escape_string" functions. */ - public function escape($string) { + public function escape($string, $quotes = true) { switch(SQL::current()->method()) { case "pdo": - $string = $this->db->quote($string); + $string = ltrim(rtrim($this->db->quote($string), "'"), "'"); break; case "mysqli": - $string = "'".$this->db->escape_string($string)."'"; + $string = $this->db->escape_string($string); break; case "mysql": - $string = "'".mysql_real_escape_string($string)."'"; + $string = mysql_real_escape_string($string); break; } $string = str_replace('\\', '\\\\', $string); $string = str_replace('$', '\$', $string); + if ($quotes) + $string = "'".$string."'"; + return $string; } includes/class/SQL.php @@ -23,7 +23,7 @@ # Constant: DEBUG # Should Chyrp use debugging processes? - define('DEBUG', false); + define('DEBUG', true); # Fallback all these definitions. if (!defined('JAVASCRIPT')) define('JAVASCRIPT', false); @@ -87,16 +87,20 @@ if (!file_exists(INCLUDES_DIR."/config.yaml.php")) redirect("install.php"); - require_once INCLUDES_DIR."/class/Query.php"; - require_once INCLUDES_DIR."/class/QueryBuilder.php"; + # Libraries + require_once INCLUDES_DIR."/lib/gettext/gettext.php"; + require_once INCLUDES_DIR."/lib/gettext/streams.php"; require_once INCLUDES_DIR."/lib/YAML.php"; + # File: Config + # See Also: + # <Config> require_once INCLUDES_DIR."/class/Config.php"; - require_once INCLUDES_DIR."/class/SQL.php"; - # Translation stuff - require_once INCLUDES_DIR."/lib/gettext/gettext.php"; - require_once INCLUDES_DIR."/lib/gettext/streams.php"; + # File: SQL + # See Also: + # <SQL> + require_once INCLUDES_DIR."/class/SQL.php"; set_timezone($config->timezone); @@ -287,6 +291,7 @@ !empty($_GET['action']) and $_GET['action'] == "theme_preview" and !empty($_GET['theme']))); + $theme = PREVIEWING ? $_GET['theme'] : $config->theme; # Constant: THEME_DIR @@ -304,20 +309,18 @@ header("Content-type: ".(INDEX ? fallback($theme->type, "text/html") : "text/html")."; charset=UTF-8"); - if (INDEX) { - $route->check_custom_routes(); + $route->check_custom_routes(); - # If the post viewing URL is the same as the page viewing URL, check for viewing a page first. - if (preg_match("/^\((clean|url)\)\/?$/", $config->post_url)) { - $route->check_viewing_page(); - $route->check_viewing_post(true); - } else { - $route->check_viewing_page(true); - $route->check_viewing_post(); - } + # If the post viewing URL is the same as the page viewing URL, check for viewing a page first. + if (preg_match("/^\((clean|url)\)\/?$/", $config->post_url)) { + $route->check_viewing_page(); + $route->check_viewing_post(); + } else { + $route->check_viewing_post(); + $route->check_viewing_page(); + } - $trigger->call("runtime"); - } elseif (ADMIN) + if (INDEX or ADMIN) $trigger->call("runtime"); # Array: $statuses @@ -329,7 +332,8 @@ if ($visitor->group()->can("view_private")) $statuses[] = "private"; - Post::$private = "status IN ('".implode("', '", $statuses)."')"; + Post::$private = "(status IN ('".implode("', '", $statuses)."') OR". + " status LIKE '%{".$visitor->group()->id."}%')"; Post::$enabled_feathers = "feather IN ('".implode("', '", $config->enabled_feathers)."')"; # Load the translation engine includes/common.php @@ -34,6 +34,7 @@ $this->context["feathers"] = $feathers; $this->context["feather"] = $feathers[$_GET['feather']]; + $this->context["groups"] = Group::find(array("order" => "id ASC")); } /** @@ -88,6 +89,9 @@ $post = $feathers[$_POST['feather']]->submit(); + if (!$post->redirect) + $post->redirect = "/admin/?action=write_post"; + if (!isset($_POST['bookmarklet'])) Flash::notice(__("Post created!"), $post->redirect); else @@ -194,6 +198,25 @@ "drafts" => true, "where" => $where, "params" => $params)), 25); + + foreach ($this->context["posts"]->paginated as &$post) { + if (preg_match_all("/\{([0-9]+)\}/", $post->status, $matches)) { + $groups = array(); + $groupClasses = array(); + + foreach ($matches[1] as $id) { + $group = new Group($id); + $groups[] = "<span class=\"group_prefix\">Group:</span> ".$group->name; + $groupClasses[] = "group-".$id; + } + + $post->status_name = join(", ", $groups); + $post->status_class = join(" ", $groupClasses); + } else { + $post->status_name = camelize($post->status, true); + $post->status_class = $post->status; + } + } } /** includes/controller/Admin.php @@ -36,7 +36,7 @@ if (!XML_RPC) { $visitor = Visitor::current(); $private = (isset($options["drafts"]) and $options["drafts"] and $visitor->group()->can("view_draft")) ? - str_replace("')", "', 'draft')", self::$private) : + str_replace("') OR", "', 'draft') OR", self::$private) : self::$private; $options["where"][] = self::$enabled_feathers; @@ -76,7 +76,7 @@ if (!XML_RPC) { $visitor = Visitor::current(); $private = (isset($options["drafts"]) and $options["drafts"] and $visitor->group()->can("view_draft")) ? - str_replace("')", "', 'draft')", self::$private) : + str_replace("') OR", "', 'draft') OR", self::$private) : self::$private ; $options["where"][] = self::$enabled_feathers; includes/model/Post.php @@ -3,6 +3,9 @@ require "net/http" require "rubygems" require "hpricot" +`rm -Rfv uploads/*` +`mysql -f --user=root -D chyrp -e 'TRUNCATE TABLE chyrp_posts; TRUNCATE TABLE chyrp_pages; TRUNCATE TABLE chyrp_comments; TRUNCATE TABLE chyrp_tags;' > /dev/null` + FUZZER = { :textarea => "Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Nullam urna. Vivamus nisl. Mauris iaculis rutrum elit. Cras ornare congue mi. Nullam mi quam, luctus dapibus, euismod ut, dapibus sed, dui. Praesent est lectus, rutrum ac, blandit vitae, hendrerit at, massa. Morbi mauris purus, lobortis vel, commodo vitae, aliquet vehicula, ante. Nunc commodo. Pellentesque vel lacus. Quisque eros. Maecenas et quam. Curabitur eget justo a ante dignissim dapibus. Sed et lacus. Suspendisse potenti. Vivamus ipsum mi, blandit vitae, scelerisque a, pellentesque vitae, nisl. Donec vitae est et est egestas laoreet. Vestibulum commodo elit ut nisl. Nullam volutpat nisi non elit. Morbi sapien eros, ornare et, dapibus id, mattis id, nibh. Suspendisse ut nisl id est scelerisque faucibus.\n\nPraesent viverra felis nec justo. Duis gravida tempor massa. Aliquam lobortis tortor eu purus. Phasellus volutpat, justo eget molestie rhoncus, nibh tortor suscipit justo, non vehicula tortor tortor id sapien. Vivamus quis nisl et neque ullamcorper viverra. Vestibulum accumsan, elit luctus auctor fermentum, lorem tellus dignissim odio, a lobortis magna nulla eget arcu. Phasellus vel erat at dolor sagittis luctus. Nulla facilisi. In eros eros, molestie sit amet, ornare a, fermentum et, dui. Vivamus vel turpis quis diam iaculis dapibus. Nunc lacinia. Integer commodo, urna interdum imperdiet pretium, libero nulla pellentesque turpis, in ultrices neque tortor at arcu. Sed mollis odio eget mauris ultricies bibendum. Vivamus malesuada metus vel arcu. Nam sit amet metus. Pellentesque quis felis non nibh adipiscing adipiscing.", :text => "Test Input" @@ -17,29 +20,64 @@ HEADERS = { "User-Agent" => "tester.rb" } +POSTS = { + :text => { + "title" => "Test Text Post", + "body" => FUZZER[:textarea] + }, + :quote => { + "quote" => FUZZER[:textarea].split(". ")[0] + ".", + "source" => "Chyrp Tester" + }, + :chat => { + "title" => "Test Chat Post", + "dialogue" => "Person: Hi!\nMe (me): Hello!\nPerson: How are you?\nMe: Great, thanks! And you?\nPerson: FUCKING AWESOME." + }, + :link => { + "name" => "Google Search", + "source" => "http://google.com/", + "description" => "I can't believe how long I've gone without finding this site." + } +} + class Chyrp < Test::Unit::TestCase def test_add_post - resp, write = get "/admin/?action=write_post" + POSTS.each do |feather, attrs| + resp, write = get "/admin/?action=write_post&feather="+ feather.to_s - page = Hpricot(write) + page = Hpricot(write) - post (page/"form").attr("action"), form_fuzz(page/"form") + form_fuzz(page/"form").each do |key, val| + attrs[key] = val unless attrs.has_key? key + end + + attrs['feather'] = feather.to_s + + post (page/"form").attr("action"), attrs + end end def test_add_draft - resp, write = get "/admin/?action=write_post" + POSTS.each do |feather, attrs| + resp, write = get "/admin/?action=write_post&feather="+ feather.to_s - page = Hpricot(write) + page = Hpricot(write) - data = form_fuzz(page/"form") - data['draft'] = "true" + form_fuzz(page/"form").each do |key, val| + attrs[key] = val unless attrs.has_key? key + end + + attrs['feather'] = feather.to_s + attrs['draft'] = "true" - post (page/"form").attr("action"), data + post (page/"form").attr("action"), attrs + end end def test_view_post resp, page = test_index page = Hpricot(page) + return unless page =~ /class="post / post_url = (page/".post:first/h2/a").attr("href") @@ -58,7 +96,10 @@ class Chyrp < Test::Unit::TestCase resp, page = test_index page = Hpricot(page) - page_url = (page/"#sidebar/ul:nth(0)/li:nth(0)/a").attr("href") + first_page = (page/"#sidebar/ul:nth(0)/li:nth(0)/a") + return unless first_page + + page_url = first_page.attr("href") get page_url end @@ -125,6 +166,7 @@ class Chyrp < Test::Unit::TestCase def test_pagination resp, page = get("/page/2/") + return unless page =~ /class="post / assert_match /Page 2 of /, page, "No pagination links displayed." end @@ -174,33 +216,16 @@ class Chyrp < Test::Unit::TestCase end def form_fuzz form - data = {} + data = form_get form (form/"*[@name]").each do |field| - if field['type'] == "hidden" or (field.name != "textarea" and field['value'] != "") or (field.name == "textarea" and !field.empty?) - if field.name == "select" - selected = (field/"option[@selected]") - option = selected.length > 0 ? selected : (field/"option:nth(0)") - data[field['name']] = option.attr("value") - elsif field.name != "button" - if field['type'] == "checkbox" - data[field['name']] = (field['checked'] || "no") == "checked" ? "1" : "0" - else - data[field['name']] = field['value'] || field.html - end - end - next - end + next unless data[field['name']].nil? or data[field['name']].empty? if field.name == "textarea" data[field['name']] = FUZZER[:textarea] elsif field.name == "input" - next if field['name'] == "trackbacks" - if field['name'] == "slug" - data[field['name']] = "test-slug" - else - data[field['name']] = FUZZER[:text] - end + next if field['type'] != "text" or field['name'] == "trackbacks" or field['name'] == "slug" + data[field['name']] = FUZZER[:text] end end tester.rb a3d1c5c28f03588ac451190abd4957e766f56a19 Alex Suraci i.am@toogeneric.com http://github.com/vito/chyrp/commit/40723b52d084891ccc2a05f46b9a191a885668c8 40723b52d084891ccc2a05f46b9a191a885668c8 2008-09-06T22:17:22-07:00 2008-09-06T22:17:22-07:00 * Group-specific post statuses. [#156 state:resolved] * More common.php cleanups. * Tester improvements. * SQL->escape can be set to not auto-wrap with quotes with the first (bool) argument. c50a3dddf0376f9434409956c388e195250c989f Alex Suraci i.am@toogeneric.com