From 771d11f83310662a2d45dab9769aadb4963d1624 Mon Sep 17 00:00:00 2001 From: JT Smith Date: Fri, 2 Jun 2006 16:22:55 +0000 Subject: [PATCH] - fix: Help is missing style - fix: Setting expire password on user creation does nothing - fix: Collaboration settings in help - Lots of template fixes. --- docs/changelog/6.x.x.txt | 7 + docs/gotcha.txt | 6 + lib/WebGUI.pm | 2 + lib/WebGUI/Asset.pm | 34 ++--- lib/WebGUI/Asset/Wobject/Article.pm | 2 +- lib/WebGUI/Asset/Wobject/SyndicatedContent.pm | 8 +- lib/WebGUI/Auth.pm | 24 ---- lib/WebGUI/Auth/LDAP.pm | 123 +++++++----------- lib/WebGUI/Auth/WebGUI.pm | 121 ++++++----------- lib/WebGUI/Help/Asset_Collaboration.pm | 45 +++++++ lib/WebGUI/Operation/Group.pm | 16 +-- lib/WebGUI/Operation/Help.pm | 1 + 12 files changed, 181 insertions(+), 208 deletions(-) diff --git a/docs/changelog/6.x.x.txt b/docs/changelog/6.x.x.txt index 7322d7101..2650a4199 100644 --- a/docs/changelog/6.x.x.txt +++ b/docs/changelog/6.x.x.txt @@ -35,6 +35,13 @@ - fix: Reply count off when restoring from trash - fix: Karma not spent properly - fix: Avatar Message Board Template Not Working + - Added a check to Syndicated Content asset to throw out urls that are not + fully qualified. + - fix: Deleted items are still partially accessible. + - fix: Help is missing style + - fix: Setting expire password on user creation does nothing + - fix: Collaboration settings in help + - Lots of template fixes. - fixed another Events Calendar bug - added template variable 'owner' for Events Calendar templates diff --git a/docs/gotcha.txt b/docs/gotcha.txt index aedc68bfc..fa0b168ac 100644 --- a/docs/gotcha.txt +++ b/docs/gotcha.txt @@ -109,6 +109,12 @@ save you many hours of grief. 6.8.0 -------------------------------------------------------------------- + +NOTE: If you're upgrading from MySQL 4 to 5 you MUST do a mysqldump on your +databases from 4 and then after upgrading to 5, reimport them. If you do not +do this your databases will become corrupted. + + * Before upgrading you must install the following new Perl modules: DateTime DateTime::Format::Strptime diff --git a/lib/WebGUI.pm b/lib/WebGUI.pm index ae151e184..d09bfbcb2 100644 --- a/lib/WebGUI.pm +++ b/lib/WebGUI.pm @@ -364,6 +364,8 @@ sub tryAssetMethod { my $session = shift; my $asset = shift; my $method = shift; + my $state = $asset->get("state"); + return undef if ($state ne "published" && $state ne "archived" && !$session->var->isAdminOn); # can't interact with an asset if it's not published $session->asset($asset); my $methodToTry = "www_".$method; my $output = eval{$asset->$methodToTry()}; diff --git a/lib/WebGUI/Asset.pm b/lib/WebGUI/Asset.pm index 902fcee4d..150a70512 100644 --- a/lib/WebGUI/Asset.pm +++ b/lib/WebGUI/Asset.pm @@ -152,9 +152,9 @@ Unique hash identifier for a user. If not specified, uses current userId. sub canView { my $self = shift; - my $userId = shift || $self->session->user->userId; - my $user = WebGUI::User->new($self->session, $userId); - return 0 unless ($self->get("state") eq "published"); + my $userId = shift; + my $user = $self->session->user; + $user = WebGUI::User->new($self->session, $userId) if (defined $userId); if ($userId eq $self->get("ownerUserId")) { return 1; } elsif ($user->isInGroup($self->get("groupIdView"))) { @@ -174,19 +174,18 @@ Returns error messages if a user can't view due to publishing problems, otherwis sub checkView { my $self = shift; - unless ($self->canView) { - if ($self->get("state") eq "published") { # no privileges, make em log in - return $self->session->privilege->noAccess(); - } elsif ($self->session->var->get("adminOn") && $self->get("state") =~ /^trash/) { # show em trash - $self->session->http->setRedirect($self->getUrl("func=manageTrash")); - return undef; - } elsif ($self->session->var->get("adminOn") && $self->get("state") =~ /^clipboard/) { # show em clipboard - $self->session->http->setRedirect($self->getUrl("func=manageClipboard")); - return undef; - } else { # tell em it doesn't exist anymore - $self->session->http->setStatus("410"); - return WebGUI::Asset->getNotFound($self->session)->www_view; - } + return $self->session->privilege->noAccess() unless $self->canView; + if ($self->session->var->isAdminOn && $self->get("state") =~ /^trash/) { # show em trash + $self->session->http->setRedirect($self->getUrl("func=manageTrash")); + return "redirect"; + } elsif ($self->session->var->isAdminOn && $self->get("state") =~ /^clipboard/) { # show em clipboard + $self->session->http->setRedirect($self->getUrl("func=manageClipboard")); + return "redirect"; + } elsif ($self->get("state") ne "published" && $self->get("state") ne "archived") { # tell em it doesn't exist anymore + $self->session->http->setStatus("410"); + my $notFound = WebGUI::Asset->getNotFound($self->session); + $self->session->asset($notFound); + return $notFound->www_view; } $self->logView(); # must find a way to do this next line better @@ -2012,7 +2011,8 @@ Returns the view() method of the asset object if the requestor canView. sub www_view { my $self = shift; - return $self->session->privilege->noAccess() unless $self->canView; + my $check = $self->checkView; + return $check if (defined $check); $self->prepareView; $self->session->output->print($self->view); return undef; diff --git a/lib/WebGUI/Asset/Wobject/Article.pm b/lib/WebGUI/Asset/Wobject/Article.pm index 6645e6505..800167b20 100644 --- a/lib/WebGUI/Asset/Wobject/Article.pm +++ b/lib/WebGUI/Asset/Wobject/Article.pm @@ -294,7 +294,7 @@ sub view { } } $var{description} = $self->get("description"); - $var{"new.template"} = $self->getUrl.";overrideTemplateId="; + $var{"new.template"} = $self->getUrl("func=view").";overrideTemplateId="; $var{"description.full"} = $var{description}; $var{"description.full"} =~ s/\^\-\;//g; $var{"description.first.100words"} = $var{"description.full"}; diff --git a/lib/WebGUI/Asset/Wobject/SyndicatedContent.pm b/lib/WebGUI/Asset/Wobject/SyndicatedContent.pm index 16d6ed6bd..cfd4784bc 100644 --- a/lib/WebGUI/Asset/Wobject/SyndicatedContent.pm +++ b/lib/WebGUI/Asset/Wobject/SyndicatedContent.pm @@ -562,7 +562,11 @@ sub view { } my $maxHeadlines = $self->get('maxHeadlines') || 1000000; my @urls = split(/\s+/,$self->get('rssUrl')); - return $self->processTemplate({},$self->get('templateId')) unless (scalar(@urls)); + my @validatedUrls = (); + foreach my $url (@urls) { + push(@validatedUrls, $url) if ($url =~ m/^http/); + } + return $self->processTemplate({},$self->get('templateId')) unless (scalar(@validatedUrls)); my $title=$self->get('title'); #We came into this subroutine as @@ -570,7 +574,7 @@ sub view { my %var; - my($item_loop,$rss_feeds)=$self->_get_items(\@urls, $maxHeadlines); + my($item_loop,$rss_feeds)=$self->_get_items(\@validatedUrls, $maxHeadlines); if(@$rss_feeds > 1){ #If there is more than one (valid) feed in this wobject, put in the wobject description info. $var{'channel.title'} = $title; diff --git a/lib/WebGUI/Auth.pm b/lib/WebGUI/Auth.pm index 80ed567ef..3f22f6264 100644 --- a/lib/WebGUI/Auth.pm +++ b/lib/WebGUI/Auth.pm @@ -97,30 +97,6 @@ sub _logLogin { .$self->session->db->quote($self->session->env->get("REMOTE_ADDR")).",".$self->session->db->quote($self->session->env->get("HTTP_USER_AGENT")).")"); } -#------------------------------------------------------------------- - -=head2 addUserForm ( userId ) - -Creates elements for the add user form specific to this Authentication Method. - -=cut - -sub addUserForm { - #Added for interface purposes only. Needs to be implemented in the subclass. -} - -#------------------------------------------------------------------- - -=head2 addUserFormSave ( properties [,userId] ) - -Saves user elements unique to this authentication method - -=cut - -sub addUserFormSave { - my $self = shift; - $self->saveParams(($_[1] || $self->userId),$self->authMethod,$_[0]); -} #------------------------------------------------------------------- diff --git a/lib/WebGUI/Auth/LDAP.pm b/lib/WebGUI/Auth/LDAP.pm index 42a77a074..27598f3d9 100644 --- a/lib/WebGUI/Auth/LDAP.pm +++ b/lib/WebGUI/Auth/LDAP.pm @@ -76,78 +76,6 @@ sub _isValidLDAPUser { $self->error($error); return $error eq ""; } -#------------------------------------------------------------------- - -=head2 addUserForm ( ) - - Creates user form elements specific to this Auth Method. - -=cut - -sub addUserForm { - my $self = shift; - my $userData = $self->getParams; - my $connection = $self->{_connection}; - my $ldapUrl = $self->session->form->process('authLDAP_ldapUrl') || $userData->{ldapUrl} || $connection->{ldapURL}; - my $connectDN = $self->session->form->process('authLDAP_connectDN') || $userData->{connectDN}; - my $ldapConnection = $self->session->form->process('authLDAP_ldapConnection') || $userData->{ldapConnection}; - my $ldapLinks = $self->session->db->buildHashRef("select ldapLinkId,ldapUrl from ldapLink"); - my $f = WebGUI::HTMLForm->new($self->session); - my $jscript = ""; - my $i18n = WebGUI::International->new($self->session,'AuthLDAP'); - if(scalar(keys %{$ldapLinks}) > 0) { - my $jsArray = ""; - foreach my $key (keys %{$ldapLinks}) { - next unless ($key); - $jsArray .= 'ldapValue["'.$key.'"]="'.$ldapLinks->{$key}.'";'."\n"; - } - $jsArray .= 'ldapValue["0"]="'.$ldapUrl.'";'."\n"; - $jscript = qq| - |; - $f->selectBox( - -name=>"authLDAP_ldapConnection", - -label=>$i18n->get("ldapConnection"), - -hoverHelp=>$i18n->get("ldapConnection description"), - -options=>WebGUI::LDAPLink->getList($self->session,), - -value=>[$ldapConnection], - -extras=>q|onchange="this.form.authLDAP_ldapUrl.value=ldapValue[this.options[this.selectedIndex].value];"| - ); - } - $f->url( - -name => "authLDAP_ldapUrl", - -label => $i18n->get(3), - -value => $ldapUrl, - ); - $f->text( - -name => "authLDAP_connectDN", - -label => $i18n->get(4), - -value => $connectDN, - ); - $self->session->style->setRawHeadTags($jscript); - return $f->printRowsOnly; -} - -#------------------------------------------------------------------- - -=head2 addUserFormSave ( ) - - Saves user elements unique to this authentication method - -=cut - -sub addUserFormSave { - my $self = shift; - my $properties; - $properties->{connectDN} = $self->session->form->process('authLDAP_connectDN'); - $properties->{ldapUrl} = $self->session->form->process('authLDAP_ldapUrl'); - $properties->{ldapConnection} = $self->session->form->process('authLDAP_ldapConnection'); - $self->SUPER::addUserFormSave($properties); -} #------------------------------------------------------------------- sub authenticate { @@ -335,7 +263,50 @@ sub displayLogin { sub editUserForm { my $self = shift; - return $self->addUserForm; + my $userData = $self->getParams; + my $connection = $self->{_connection}; + my $ldapUrl = $self->session->form->process('authLDAP_ldapUrl') || $userData->{ldapUrl} || $connection->{ldapURL}; + my $connectDN = $self->session->form->process('authLDAP_connectDN') || $userData->{connectDN}; + my $ldapConnection = $self->session->form->process('authLDAP_ldapConnection') || $userData->{ldapConnection}; + my $ldapLinks = $self->session->db->buildHashRef("select ldapLinkId,ldapUrl from ldapLink"); + my $f = WebGUI::HTMLForm->new($self->session); + my $jscript = ""; + my $i18n = WebGUI::International->new($self->session,'AuthLDAP'); + if(scalar(keys %{$ldapLinks}) > 0) { + my $jsArray = ""; + foreach my $key (keys %{$ldapLinks}) { + next unless ($key); + $jsArray .= 'ldapValue["'.$key.'"]="'.$ldapLinks->{$key}.'";'."\n"; + } + $jsArray .= 'ldapValue["0"]="'.$ldapUrl.'";'."\n"; + $jscript = qq| + |; + $f->selectBox( + -name=>"authLDAP_ldapConnection", + -label=>$i18n->get("ldapConnection"), + -hoverHelp=>$i18n->get("ldapConnection description"), + -options=>WebGUI::LDAPLink->getList($self->session,), + -value=>[$ldapConnection], + -extras=>q|onchange="this.form.authLDAP_ldapUrl.value=ldapValue[this.options[this.selectedIndex].value];"| + ); + } + $f->url( + -name => "authLDAP_ldapUrl", + -label => $i18n->get(3), + -value => $ldapUrl, + ); + $f->text( + -name => "authLDAP_connectDN", + -label => $i18n->get(4), + -value => $connectDN, + ); + $self->session->style->setRawHeadTags($jscript); + return $f->printRowsOnly; } #------------------------------------------------------------------- @@ -348,7 +319,11 @@ sub editUserForm { sub editUserFormSave { my $self = shift; - return $self->addUserFormSave; + my $properties; + $properties->{connectDN} = $self->session->form->process('authLDAP_connectDN'); + $properties->{ldapUrl} = $self->session->form->process('authLDAP_ldapUrl'); + $properties->{ldapConnection} = $self->session->form->process('authLDAP_ldapConnection'); + $self->SUPER::editUserFormSave($properties); } #------------------------------------------------------------------- diff --git a/lib/WebGUI/Auth/WebGUI.pm b/lib/WebGUI/Auth/WebGUI.pm index 954a6f9ea..3c6566a48 100644 --- a/lib/WebGUI/Auth/WebGUI.pm +++ b/lib/WebGUI/Auth/WebGUI.pm @@ -70,75 +70,6 @@ sub _logSecurityMessage { $self->session->errorHandler->security("change password. Password changed successfully"); } -#------------------------------------------------------------------- - -=head2 addUserForm ( ) - - Creates user form elements specific to this Auth Method. - -=cut - -sub addUserForm { - my $self = shift; - my $userData = $self->getParams; - my $f = WebGUI::HTMLForm->new($self->session); - my $i18n = WebGUI::International->new($self->session); - $f->password( - name=>"authWebGUI.identifier", - label=>$i18n->get(51), - value=>"password" - ); - $f->interval( - -name=>"authWebGUI.passwordTimeout", - -label=>$i18n->get(16,'AuthWebGUI'), - -value=>$userData->{passwordTimeout}, - -defaultValue=>$self->session->setting->get("webguiPasswordTimeout") - ); - my $userChange = $self->session->setting->get("webguiChangeUsername"); - if($userChange || $userChange eq "0"){ - $userChange = $userData->{changeUsername}; - } - $f->yesNo( - -name=>"authWebGUI.changeUsername", - -value=>$userChange, - -label=>$i18n->get(21,'AuthWebGUI') - ); - my $passwordChange = $self->session->setting->get("webguiChangePassword"); - if($passwordChange || $passwordChange eq "0"){ - $passwordChange = $userData->{changePassword}; - } - $f->yesNo( - -name=>"authWebGUI.changePassword", - -value=>$passwordChange, - -label=>$i18n->get(20,'AuthWebGUI') - ); - return $f->printRowsOnly; -} - -#------------------------------------------------------------------- - -=head2 addUserFormSave ( ) - - Saves user elements unique to this authentication method - -=cut - -sub addUserFormSave { - my $self = shift; - my $properties; - unless ($self->session->form->process('authWebGUI.identifier') eq "password") { - $properties->{identifier} = Digest::MD5::md5_base64($self->session->form->process('authWebGUI.identifier')); - } - $properties->{changeUsername} = $self->session->form->process('authWebGUI.changeUsername'); - $properties->{changePassword} = $self->session->form->process('authWebGUI.changePassword'); - $properties->{passwordTimeout} = $self->session->form->interval('authWebGUI.passwordTimeout'); - $properties->{passwordLastUpdated} =$self->session->datetime->time(); - if($self->session->setting->get("webguiExpirePasswordOnCreation")){ - $properties->{passwordLastUpdated} =$self->session->datetime->time() - $properties->{passwordTimeout}; - } - $self->SUPER::addUserFormSave($properties); -} - #------------------------------------------------------------------- sub authenticate { my $self = shift; @@ -322,7 +253,39 @@ sub displayLogin { sub editUserForm { my $self = shift; - return $self->addUserForm; + my $userData = $self->getParams; + my $f = WebGUI::HTMLForm->new($self->session); + my $i18n = WebGUI::International->new($self->session); + $f->password( + name=>"authWebGUI.identifier", + label=>$i18n->get(51), + value=>"password" + ); + $f->interval( + -name=>"authWebGUI.passwordTimeout", + -label=>$i18n->get(16,'AuthWebGUI'), + -value=>$userData->{passwordTimeout}, + -defaultValue=>$self->session->setting->get("webguiPasswordTimeout") + ); + my $userChange = $self->session->setting->get("webguiChangeUsername"); + if($userChange || $userChange eq "0"){ + $userChange = $userData->{changeUsername}; + } + $f->yesNo( + -name=>"authWebGUI.changeUsername", + -value=>$userChange, + -label=>$i18n->get(21,'AuthWebGUI') + ); + my $passwordChange = $self->session->setting->get("webguiChangePassword"); + if($passwordChange || $passwordChange eq "0"){ + $passwordChange = $userData->{changePassword}; + } + $f->yesNo( + -name=>"authWebGUI.changePassword", + -value=>$passwordChange, + -label=>$i18n->get(20,'AuthWebGUI') + ); + return $f->printRowsOnly; } #------------------------------------------------------------------- @@ -347,6 +310,12 @@ sub editUserFormSave { $properties->{passwordTimeout} = $self->session->form->interval('authWebGUI.passwordTimeout'); $properties->{changeUsername} = $self->session->form->process('authWebGUI.changeUsername'); $properties->{changePassword} = $self->session->form->process('authWebGUI.changePassword'); + if($userId eq "new") { + $properties->{passwordLastUpdated} =$self->session->datetime->time(); + if ($self->session->setting->get("webguiExpirePasswordOnCreation")){ + $properties->{passwordLastUpdated} =$self->session->datetime->time() - $properties->{passwordTimeout}; + } + } $self->SUPER::editUserFormSave($properties); } @@ -498,8 +467,9 @@ sub login { if($self->getSetting("passwordTimeout") && $userData->{passwordTimeout}){ my $expireTime = $userData->{passwordLastUpdated} + $userData->{passwordTimeout}; if ($self->session->datetime->time() >= $expireTime){ + my $userId = $self->userId; $self->logout; - return $self->resetExpiredPassword($self->userId); + return $self->resetExpiredPassword($userId); } } @@ -619,19 +589,14 @@ sub resetExpiredPasswordSave { $error .= '
  • '.$i18n->get(12,'AuthWebGUI').'
    • ' if ($self->session->form->process("oldPassword") eq $self->session->form->process("identifier")); $error .= $self->error if(!$self->_isValidPassword($self->session->form->process("identifier"),$self->session->form->process("identifierConfirm"))); - return $self->resetExpiredPassword("

    ".$i18n->get(70)."

    ".$error) if($error ne ""); + return $self->resetExpiredPassword($u->userId, "

    ".$i18n->get(70)."

    ".$error) if($error ne ""); $properties->{identifier} = Digest::MD5::md5_base64($self->session->form->process("identifier")); $properties->{passwordLastUpdated} =$self->session->datetime->time(); $self->saveParams($u->userId,$self->authMethod,$properties); $self->_logSecurityMessage(); - - $msg = $self->login; - if($msg eq ""){ - $msg = "
  • ".$i18n->get(17,'AuthWebGUI').'
    • '; - } - return $self->displayLogin($msg); + return $self->SUPER::login(); } #------------------------------------------------------------------- diff --git a/lib/WebGUI/Help/Asset_Collaboration.pm b/lib/WebGUI/Help/Asset_Collaboration.pm index fc98ae656..53f646f1c 100644 --- a/lib/WebGUI/Help/Asset_Collaboration.pm +++ b/lib/WebGUI/Help/Asset_Collaboration.pm @@ -146,6 +146,51 @@ our $HELP = { description => 'enable avatars description', namespace => 'Asset_Collaboration', }, + { + title => 'get mail', + description => 'get mail help', + namespace => 'Asset_Collaboration', + }, + { + title => 'mail server', + description => 'mail server help', + namespace => 'Asset_Collaboration', + }, + { + title => 'mail account', + description => 'mail account help', + namespace => 'Asset_Collaboration', + }, + { + title => 'mail password', + description => 'mail password help', + namespace => 'Asset_Collaboration', + }, + { + title => 'mail address', + description => 'mail address help', + namespace => 'Asset_Collaboration', + }, + { + title => 'get mail interval', + description => 'get mail interval help', + namespace => 'Asset_Collaboration', + }, + { + title => 'mail prefix', + description => 'mail prefix help', + namespace => 'Asset_Collaboration', + }, + { + title => 'auto subscribe to thread', + description => 'auto subscribe to thread help', + namespace => 'Asset_Collaboration', + }, + { + title => 'require subscription for email posting', + description => 'require subscription for email posting help', + namespace => 'Asset_Collaboration', + }, ], related => [ { diff --git a/lib/WebGUI/Operation/Group.pm b/lib/WebGUI/Operation/Group.pm index 59b53e91b..60ba71d22 100644 --- a/lib/WebGUI/Operation/Group.pm +++ b/lib/WebGUI/Operation/Group.pm @@ -531,18 +531,10 @@ sub www_emailGroup { sub www_emailGroupSend { my $session = shift; return $session->privilege->adminOnly() unless ($session->user->isInGroup(3) || _hasSecondaryPrivilege($session,$session->form->process("gid"))); - my ($sth, $email); - $sth = $session->db->read("select b.fieldData from groupings a left join userProfileData b - on a.userId=b.userId and b.fieldName='email' where a.groupId=".$session->db->quote($session->form->process("gid"))); - while (($email) = $sth->array) { - if ($email ne "") { - my $mail = WebGUI::Mail::Send->create($session, {to=>$email,subject=>$session->form->process("subject"),from=>$session->form->process("from")}); - $mail->addHtml($session->form->process("message","HTMLArea")); - $mail->addFooter; - $mail->queue; - } - } - $sth->finish; + my $mail = WebGUI::Mail::Send->create($session, {toGroup=>$session->form->process("gid"),subject=>$session->form->process("subject"),from=>$session->form->process("from")}); + $mail->addHtml($session->form->process("message","HTMLArea")); + $mail->addFooter; + $mail->queue; my $i18n = WebGUI::International->new($session); return _submenu($session,$i18n->get(812)); } diff --git a/lib/WebGUI/Operation/Help.pm b/lib/WebGUI/Operation/Help.pm index 49f78e85d..5c0e03909 100644 --- a/lib/WebGUI/Operation/Help.pm +++ b/lib/WebGUI/Operation/Help.pm @@ -256,6 +256,7 @@ sub www_viewHelp { my $session = shift; return $session->privilege->insufficient() unless ($session->user->isInGroup(7)); my $ac = WebGUI::AdminConsole->new($session,"help"); + $session->style->setLink($session->url->extras("/help.css"), {rel=>"stylesheet", type=>"text/css"}); my $namespace = $session->form->process("namespace","className") || "WebGUI"; my $i18n = WebGUI::International->new($session, $namespace); my $help = _get($session,$session->form->process("hid"),$namespace);