-----BEGIN PGP SIGNED MESSAGE----- Content Management 0.6 module for PHProjekt. Copyright ©2002-2005 by Mario A. Valdez-Ramirez (mario@mariovaldez.org). Portions copyright of the contributors (read the license.txt file for details). This is version 0.6.1. %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% Summary of this release (0.6.1): Bug fix for double-login after Phprojekt security bugfix. %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 0.6.1: Changed all comparisons regarding readdir function from "!= false" to "!== false", in files editorup.php, fileman.php, cm_lib.inc.php and adm_config.php. Modified several scripts so session_start is not being called (because it is already being called by the Phprojekt library code). The following files were modified: adm_config.php, adm_chkdata.php, adm_applog.php, adm_createdb.php, adm_editsec.php, adm_mkroot.php, adm_syndman.php, editorm.php, create.php, delete.php, display.php, edit.php, editor.php, console.php, editorup.php, fileman.php, getfile.php, graphpie.php, listing.php, print.php, redir.php, search.php, setup.php, statshits.php, usercomment.php and userrating.php. Previously, if the PHP option session.auto_start was set to false (0), the session of the CMS module was disociated from the Phprojekt session. This is part of the fix of Bug #. Updated all copyright legends for 2005. %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 0.6.0: Modified all files to change version number in copyright notices. Deleted block of commented restriction table data from cm_constraints.inc.php. Added related links to console.php and setup.php script files, also added related language strings to language files. Modified adm_config.php script to use yes/no drop-down lists to enable or disable items. This is to improve the usability of the configuration page. The lists are created by the function fcm_yn_menu() (this function is not in cm_lib.inc.php). Substitution of all hardcoded strings with data for cmdb_type so scripts use the CM_HITTYPE_PAGE, CM_HITTYPE_FILE and CM_HITTYPE_ELINK contants, including all SQL query strings. Rewriting of all "define" functions so contants are enclosed in double quotes (to stop some warning messages when debugging). Creation of CM_HITTYPE_CONTENTLESS and CM_HITTYPE_ANNOUNCE contants in cm_lib.inc.php. Added new parameter to fcn_title_nav2 ($cm_canrate) so rating icon can be better controlled (before this, the icon displaying was linked to $cm_can_post, however this is wrong because although the user-permissions to rate and post are linked, the properties of the page can allow/disallow posting and rating independently). Modified every call to fcn_title_nav2 to set the new $cm_can_rate parameter according to the permissions of the user and the setting of the current page. Modified every call to fcn_title_nav2 to set the new $cm_can_post parameter according to the permissions of the user and the setting of the current page. Before this, the parameter was only set according to user permissions, and the icon/link to post was being shown even if the page disallow user comments. Added new parameters to fcm_articlelist_box and fcm_echo_articlelist_box ($cm_iscontentless and $cm_isannounce) to support two new types of items to show in index: special announces (displayed according to new CSS properties) and content-less items (title and summary, but no content; useful for short announces). Changed every call to fcm_articlelist_box and fcm_echo_articlelist_box in all other script files. This feature based on patch and concept by Psymon (Mark Coudriet, ipsymon@yahoo.com). Changed fcm_can_berated function to test if the path is the root directory. Previously it could return true if there was a matching record in the table content3 (which currently would be not possible). Changed fcm_get_rating, fcm_get_userrating, fcm_getaverage_rating so old ratings are still shown even if currently the page disallow ratings. Before this, ratings were ignored at all if the settings of the page were changed to disallow ratings. Created a new global configuration variable $cm_historical_ratings to control this; if enabled old data is shown, if disabled no rating data can be read. Modified fcm_delete_rating to add new parameter $cm_hit_type, currently unused but added for future feature. Changed fcm_can_becommented function to test if the path is the root directory. Previously it could return true if there was a matching record in the table content3 (which currently would be not possible). Changed fcm_get_totalcomments, fcm_show_usercomments, fcm_show_txtusercomments so old comments are still shown even if currently the page disallow comments. Before this, comments were ignored at all if the settings of the page were changed to disallow comments. Created a new global configuration variable $cm_historical_comments to control this; if enabled old data is shown, if disabled no comments data can be read. Created fcm_delete_usercomments function to delete all user comments related to a given page. Useful when deleting a page. Before this, user comments were not deleted if the commented page was deleted; user comments were still stored in the table cmcomments3. Modified create.php and edit.php to show two check boxes and supporting code: one to set the current page as content-less and another to set the current page as an special announce. Added fcm_delete_usercomments call to delete.php script file. Added two new CSS classes to cm-style.css and cm-styletxt.css to support the new "special announce" document type. Added new options to adm_config.php script: $cm_historical_ratings and $cm_historical_comments to support the changes in old ratings and postings handling. Added localized strings to language files. Fixed wrong file name in cm_images.inc.php for the AquaFusion iconset, the OK dialog icon. Minor correction in German translation string. Added compatibility code for Phprojekt 4.0 to cm_mainindex.inc.php and cm_navigation.inc.php. This code will be back-ported to 0.5.1. Moved old code to cm_mainindex-33.inc.php and cm_navigation-33.inc.php to be used as compatibility script files for future releases (so the module can work with old 3.3 setups). Renamed cm/doc/du.edithelp.php to de.edithelp.php. This error was disabling the markup help page for the German language. Reviewed again and changed all copyright notices. Reviewed and added missing data in the license.txt and readme.txt files. Reviewed and added copright notices to all language files. Created fcm_user_is_superuser function in cm_constraints.inc.php to verify if an user is the useruser or not. Added two new variables in cm_lib.inc.php: cm_codebaseversion and cm_codebasedetails to store the code version data. Before this, the version of the current CMS module was taken from the configuration file, but this file cannot be trusted. Modified fcm_title_nav2 so the parameter cm_isadmin now is cm_issuperuser. This is only used to show or hide the administrative console icon. Added link in console.php to check for updates of the CMS module. This link sends the current version data to the primary distribution server and display the remote page with a "smart" recomendation to update or stay with current version. The recomendation is based in the current version numbers and if the user is using a stable, beta or unstable release. Changed the calls to fcm_user_is_admin function to fcm_user_is_superuser from the following script files: create.php, delete.php, display.php, edit.php, fileman.php, usercomment.php and userrating.php. Added a verification routine to display.php, to check if the version of the code matchs the version in the configuration file. If not, then it means the module was upgraded but it was not reconfigured. This alert is shown to everybody but the message is different for the superuser, who is encouraged to rerun the configuration routine. Moved cm_swap_rowcolor internal function in fileman.php to cm_lib.inc.php as fcm_swap_rowcolor function. Changed all references of it in fileman.php. Changes in adm_applog.php: selected search field now is in preselected according to the last search (previously it was lost and preset to Date). deleted bogus conditional sentence that was making the applog to stop working (unknown conditions, maybe this has to do with the treatment of global vars from POST operations in Phprojekt 4.0), added code to add alternating colors for rows (improved readibility) with fcm_swap_rowcolor function. Added TARGET=_blank to all external links in console.php and setup.php. Previously, the external pages were being opened inside the Phprojekt frame. Added TARGET=_blank to "Go to Phprojekt homepage" internal link in console.php and setup.php. Previously this link was opening a Phprojekt frameset inside a previous Phprojekt frameset. Changed fcm_conv_fileindex in cm_lib.inc.php to use the fcm_swap_rowcolor function and show the file listings with alternating row colors. Modified cm_constraints.inc.php to add new restriction role (CM_SEC_DEFAULTUS) for users who don't have any specific role. The weight of this role is 1 (the lowest). Modified fcm_load_secdb, fcm_save_secdb, fcm_check_constrains and fcm_load_defsec to handle the new role. Modified adm_editsec.php to support new default restriction role. Created phpinfo.php file which executes a phpinfo() function. To be called from console.php and setup.php to verify the PHP setup. Added links in console.php and setup.php to phpinfo.php script file. Fixed fcm_save_secdb to record only one applog entry when saving the restriction matrix. Created function fcm_is_cleditable in cm_lib.inc.php to verify if a directory is content-less and can be edited by the given user. Modified fcm_conv_listing in cm_lib.inc.php to call fcm_is_cleditable to enable the link to content-less directories. Fixed listing.php so it doesn't create links for directories to which the current user has no access. Modified to call fcm_is_cleditable function to enable or disable the link to content-less directories (if the user has editing permissions, the link is enabled). Modified display.php, print.php and search.php to call fcm_is_cleditable function to verify if the article entry (to be listed) is content-less and editable by the current user. New definitions in cm_images.inc.php for PHPinfo console option. Deleted the language definition strings postrating, thisdoc, bethefirstperson, postingacomment and aboutthisdoc from all language files. Modified function fcm_show_usercomments in cm_lib.inc.php to have two extra parameters: page number and forward/backward order. Modified the code to display only "pages" of user comments according to those parameters and the value of the global variable $cm_max_usercomments. Also creates a simple page-navigation control to change the page of the displayed comments. Previously, only $cm_max_usercomments number of the user comments were shown without pagination. This is a bug fix. Modified function fcm_show_txtusercomments in cm_lib.inc.php to show all user comments when printing the page. Moved function fcm_show_usercomments to display.php script file. This function is too complex, its operation is of a too high level and is only used by this script file. Moved functions fcm_show_usercomments to print.php script file. This function is too complex, its operation is of a too high level and is only used by this script file. Modified display.php, print.php, create.php and edit.php so they don't display the body of the article if the item is content-less. Modified adm_createdb.php to create cmsynd3 database table to store the syndication newsfeeds data. The syndication data no longer will be stored in content3. Added setup-syndman image reference to cm_images.inc.php for the link to the syndication newsfeeds manager from the admin console. Added link to console.php to the syndication newsfeeds manager (adm_syndman.php). Created adm_syndman.php, the syndication newsfeeds manager. This is an administrative script only available to the superuser to add, delete or edit the syndication newsfeeds. Also added supporting localization strings to language files. Modified display.php and dlsynd.php to don't use fcm_storerdf, fcm_readrdf or fcm_display_rdfbox. Now they use fcm_load_synd and fcm_display_synd functions. Added missing constant definition for CM_HTTPTYPE_SYND to cm_lib.inc.php. Modified fcm_storerdf and fcm_readrdf functions in cm_lib.inc.php to now use the cmsynd3 database table. Created fcm_load_synd and fcm_display_synd functions in cm_lib.inc.php to load and display the syndication news from the homepage and dlsynd.php. Created fcm_val_droplist funtion to create html form drop-lists according to a given array of values. Added excel spreadsheet file todo.xls to cm/doc/design directory with the roadmap/status of features of the module. Added constant for applog type CM_APPLOG_EDIT_SYND in cm_lib.inc.php. Changed constant for applog type CM_APPLOG_DELETE_FILE (9) and CM_APPLOG_UPLOAD_FILE (8) in cm_lib.inc.php so now there is only CM_APPLOG_FILE (8). Added new configuration variable cm_comments_chronorder to set the default order of the user comments. Modified adm_config.php, print.php and display.php to use this variable. Added function fcm_rename_hitrecord in cm_lib.inc.php to change the object name of a hit record. Used when renaming a file. Uncommented "Pragma: no-store" header sentence in getfile.php. Some problems with IE and SSL are solved by this header. (These problems were rediscovered after disabling zlib.output_compression for the PHP testing server). Unsolved bug/feature. If zlib.output_compression is enabled we cannot reproduce the IE+SSL download problems, but PHP was compressing with gzip all data send to the browser, including Gzip files (which ended up being compressed twice). This seems to affect also Phprojekt. Created new functions in fileman.php: fcm_display_uploader, fcm_gzip_file and fcm_gunzip_file to be used by fileman.php only. Added more functions to fileman.php: compress file with gzip, uncompress gzip file, rename file, duplicate file. Added supporting localized strings in language files. Added cm_doclogo_height and cm_doclogo_width configuration variables to adm_config.php. These variables set the default image size for the documents logos (the images shown in the article listings). Added related localized strings to language files. Modified adm_config.php to display the default values along with the current values for every available setting. Modified cm_lib.inc.php to set a default charset (Latin1, iso-8859-1). Previously, the charset was only set for some languages (pl,cz,hu,si,ru,tw,zh) and for others, the browser was left to guess. There are reports of users getting wrong charset guessing in the browser, so we force here the Latin1. It is unknown if this will cause any future problem. Modified cm_lib.inc.php to display in the footer of pages the current language along with the user name and CMS module version. Modified functions fcm_articlelist_box and fcm_echo_articlelist_box in cm_lib.inc.php to accept a cm_logo parameter, defining the logo image to use for article listings. The image is shown in the left side of the article box. Modified function fcm_conv_index in cm_lib.inc.php and the script files print.php, display.php and search.php to get the cmdb_logo field from the conten3 database table and to use it in the call to fcm_echo_articlelist_box or fcm_articlelist_box. Modified edit.php and create.php script files to ask for the logo image of the article and store it in the cmdb_logo field from the conten3 database table. This image should be a local image stored in the directory of the edited document. Modified all generated HTML tags so they always belong to a CSS class. The default CSS class is "cms" for HTML of the CMS module and "gcms" for HTML from page content (from user data). Edited the CSS files cm-styletxt.css and cm-style.css to simplify the classes. This process is needed to separate the style of the user data from the style of the CMS module data. Modified all generated boxes to simplify the HTML generated code and leverage the new CSS classes. Changed images used for the dir tree listings. Now the images are smaller (16x16). Edited cm_images.inc.php and adm_config.php accordingly. Added color picker to WYSIWYG editor. Also, the controls now show the current font, color and size of the selected text. Fixed fileman.php, now it checks if the file uploading capabilities of PHP are enabled. Added localized string to language files. Fixed fileman.php, now it checks if the file was really uploaded by checking the "size" element in the autoglobal array $_FILES. Previously, it only checked "name", whis is not safe. Modified display.php to enclose the generated HTML user code in a DIV with class "maincontent". This class defines the background color. As the user has no control over the background color (defined by the current skin), we need to provide them a constant background. Fixed call to editor.php in cm_lib.inc.php so now it cheks if the browser is MSIE before printing the suggestion to use the WYSIWYG HTML editor. Fixed HTML format checking in WYSIWYG editor to check when the user double clicks. Added new options to adm_config.php script: $cm_enable_visedit (enable the WYSIWYG editor), $cm_enable_platfonts (the selection list of fonts in the the WYSIWYG editor will list platform dependant fonts or only general fonts), $cm_enable_cleanhtml (the WYSIWYG editor will try to clean up the generated code after editing) and $cm_enable_verifylogo (the user will be warned if the document logo image is available or too large). Added localized strings to language files. Modified call to fcm_call_htmleditor from create.php and edit.php to use the $cm_enable_visedit variable. Modified editor.php to use the variable $cm_enable_platfonts when creating the selection font list. Modified editor.php to disable itself if called when $cm_enable_visedit is false. Modified editor.php to use a simple dialog when asking for the URL when inserting a link or image. Previously, the browser provided the dialog, but the script had no control or easy way to filter the user-entered data. Also, when inserting an image, fix the URL to use getfile.php. Modified editor.php to have new insert-table option. The user is only asked for the number of rows and cols and a simple table is created at the cursor point. Added buttong image to cm/img02 and localized strings to language files. Created constant CM_MAX_LOGO_SIZE in cm_lib.inc.php to store the max size (in bytes) of the logo images of the articles. Created function fcm_check_imagelogo in cm_lib.inc.php to check if a given file image (the logo image) exists, if it dimensions are smaller than the double of the defined size given by $cm_doclogo_width and $cm_doclogo_height and if its size (in bytes) is smaller than CM_MAX_LOGO_SIZE. If not, a warning is shown only to the author or to those users wha have writting permissions in the directory/document. Added localized strings in language files. Added calls to fcm_check_imagelogo in display.php and edit.php. (It cannot be used in create.php because the logo image is not loaded yet, as the directory don't exist yet). Fixed create.php and edit.php so the filename of the logo images can only be a local file with simple characters. Splitted fcm_conv_album function and created a new function called fcm_create_thumbnail with the sole purpose to create thumbnails, leaving the former function the job to parse the directory and render the album table. Created new function for the file manager fileman.php. The new option is to create a thumbnail from a jpeg image. The user can define the new size and name of the thumbnail. Actually the user can resize the image to a bigger size, too. Modified function fcm_conv_index in cm_lib.inc.php to search only the next level directories or to search all lower directories when listing recent articles. Also, modified fcm_process_markup to use the markup #SHORTINDEX# to call fcm_conv_index with limited search enabled. (This way we keep the markup stable). Also, updated the wikimarkup help documents (cm/doc). Added new constant to cm_lib.inc.php CM_DEFAULT_MARKUP ("#SHORTINDEX#") to contain the markup inserted when creating and empty document. Also, modified create.php to use this constant. Previously the markup "#INDEX#" was inserted. Created editorup.php script to handle the image uploads done through the WYSIWYG editor. It lets the user upload an image file or to choose from those image files available in the document directory, then it inserts the image tag with default arguments. Modified editor.php to use this script file. Added localized strings to language files. Modified editor.php to have new section-format option to defined headers (H1, H2, etc), normal text and preformated text. Added buttong image to cm/img02 and localized strings to language files. Create editorm.php to contain the Midas-based HTML WYSIWYG editor (Mozilla 1.3 compatible). Modified function fcm_call_htnleditor to create the javascript to call the Midas-based editor for Mozilla (editorm.php). Fixed color palette in both editor.php and editorm.php. It was displayed as inline element, not block element. It prevented the user to select some colors in the Midas-based version. Created InsertAtSelection function in editorm.php based on example code from mozilla.org to insert a node in the DOM of the the editing iframe. Added code to editorm.php to generate the node tree to insert a custom table at the editing iframe. Added default neutral values to the font options of editor.php and editorm.php. This is needed in editorm.php as there is still no code to detect the formatting of the current cursor position and give feedback thru the controls to the user. In the IE version this is not an issue. Fixed code in editorm.php to receive from and to send back the HTML code to the edit.php and create.php scripts. Minor fixes to cm-style.css to improve the Mozilla compatibility. Fixed edit.php, where the first form was rendered with the textarea cm_content without ID. This caused the Midas-based WYSIWYG editor to fail passing th data back to the script. Fixed editor.php and editorm.php, the URLs generated by inserting images were not filtered properly to make them relatives. Previously only the first occurrence of the URL string was replaced. Also added replacing for ampersands in URLs (required to use getfile.php). Fixed editorm.php to use a default dummy file as source for the editing iframe. Previously no content was linked, resulting in an iframe that could not resolve relative links (required by images). Unsolved bug: could not use the current image uploader with the Midas-based WYSIWYG editor because Mozilla lacks a way to open a modal window. Currently, in the IE version of the editor, the showModalDialog is used. This let us display the upload dialog and wait until the user is done selecting the image (or canceling), and then, with the returned data the editor.php file can build a IMG tag. Modified cm_lib.inc.php, adm_config.php and setup.php so they don't modify the variable $langua. Now we copy its value to $cm_langua and use that to display content for the user. Previously, if the user was using a language not available in the CMS module, the $langua variable was being changed to the CMS default (en), which created a mismatch between the language of the module and the set charset. Also, this prevents any collateral effects caused by changing Phprojekt global vars. (Policy should be to not modify globals, but to copy them and them modify/use the copy in the CMS module). Also modified edit.php and create.php which were affected by this change. Modified cm_lib.inc.php to include in the page footer the code of the user language, the code of the CMS language and the charset. Fixed cm_mainindex.inc.php. Added condition to cm_mainindex.inc.php in the default switch block, to be executed only if the module names looks like a CMS directory. Previously the default block was being executed for every Phprojekt module. 0.6.0b1: Fixed all magic_quotes checking in create.php, edit.php, usercomments.php, editor.php and editorm.php. Previously, if magic_quotes was disabled, no slash stripping was done. However, Phprojekt "fix" the GPC variables before the CMS code process them, so, in setups where magic_quotes were disabled, the CMS module was leaving escaping slashes. Fixed cm-style.css file, using comments tag enclosing the style block content. Without this, the first block was being ignored by IE. Defined new global variables in cm_lib.inc.php: $cm_http_useragent (user agent of current user) and $cm_php_self (name of current script). They already have equivalents in Phprojekt ($PHP_SELF and $HTTP_USER_AGENT), but the user agent is not reliable as it depend on PHP getenv function which doesn't work with PHP-ISAPI. Modified fcm_call_htmleditor to use this variable. Modified editor.php, editorm.php and editorup.php to use $cm_php_self. Defined new global variable in cm_lib.inc.php: $cm_mod_useragent (user agent reported to servers when downloading the syndication files). This is formed by the CMS module ID, Phprojekt ID and web server ID and sql server ID. Modified fcm_storerdf to use it. Modified console.php to display at the bottom of the page the module user agent and the client user agent, for debugging purposes. Modified editor.php to don't use the event onbeforeedit (now we use onclick) in the edition DIV to trigger the status/format checker, because it was being triggered just after the user changed the font of the selected text, and the font selector was being returned to the original font position, disabling effectively the font change. Added color to adm_chkdata.php warning messages. Added styles to cm-style.css. Modified adm_config.php to allow longer directory name input. Added constant CM_MAX_SYNDLEN defining the max lenght of an entry from a syndication newsfeed. Modified cm_lib.inc.php, function cm_readrdf Fixed fcm_conv_index, which was not seelcting the right records when retrieving only immediate lower directories for SHORTINDEX markup. Fixed fcm_process_markup to call fcm_conv_index with the right arguments for SHORTINDEX. Thanks to Psymon (Mark Coudriet, ipsymon@yahoo.com) for the bug report and patch suggestions. Modified fcm_readrdf function in cm_lib.inc.php to get a third parameter defining the max lenght allowed for an entry, truncating if longer. Modified fcm_display_synd to use CM_MAX_SYNDLEN constant as argument for fcm_readrdf. Modified editor.php to build manually the A markup to insert when creating a link. Now it asks for the URL and if the link will open in a new window. Then it create a URL according to the type of URL (http, mailto, ftp, local file) and inserts the HTML code without using execCommand. If no text is selected, then the URL is used as caption. Done the same thing in editorm.php but here we don't preserve the selected text (bug to fix). Dropped all code related to user pages, as this feature has been delayed for so much time and it seems there is no (perceived) need for it. This feature may emerge again in the future if requested. Added configuration option to adm_config.php to define a global variable $cm_remoteroot. This variable is set if the content directory is located in a remote Windows share (defined in $cm_mainroot as //servername/sharename/dirpath). Thanks to Psymon (Mark Coudriet, ipsymon@yahoo.com) for the feature request and patch suggestions. Modified adm_chkdata.php, editorup.php and fileman.php to work according to the new configuration variable $cm_remoteroot. 0.6.0b2: Defined new global variable in cm_lib.inc.php: $cm_server_name as substitute of $SERVER_NAME, as this is not reliable in a ISAPI setup. Modified editor.php, editorm.php and editorup.php to use it. Added more cleaning code for URLs to editor.php and editorm.php. Now we also try to redefine all local URL (images) to the canonical form (deleting all server name and directory references, because these are resolved by getfile.php). 0.6.0b3-5: Added "focus" style to A links similar to "hover" to easy the keyboard navigation. Modified fileman.php so that the default values for image resizing are those defined as the size for logo images (supposedly one of the main usages of the image resizing was to create the image logos from full size images). Added numeric codes to error messages in language files to easy error reporting. Fixed missing language string (edit_selblock) to several language files. Disabled div.maincontent style because it causes IE to make rendering mistakes (blocks of text displayed with the color of the background). Pending to check why and if this a known bug in IE. Modified function fcm_recode_URIs in cm_lib.inc.php. The functions existed before but was disabled (empty). This function recode all URLs entered as HTML code (HREFs and SRCs) to use getfile.php and redir.php. This is different from the code used in the WYSIWYG editor, where the URLs were recoded as entered. This function is called only from create.php and edit.php, at saving time, so the preview (in create.php) maybe inacurate on local links. Also modified create.php and edit.php to call the function before saving and when previewing (in edit.php). (The reason to don't call it in the preview of create.php is because the directory path doesn't yet exist. 0.6.0b6: Fixed fcm_articlelist_box and fcm_echo_articlelist_box functions in cm_lib.inc.php to don't display total comments, ratings or visits if the article is set as content-less. Fixed fcm_conv_links to only user redir.php for http and https links, other are unmodified. Fixed fcm_conv_album, because it was missing the creation of the last image in each row (this bus seems to be introduced in this version when creating fcm_create_thumbnail function). Modified fcm_articlelist_box function in cm_lib.inc.php so the priority for setting styles is now announce > header > default. Previously header > announce > default. (This is to fix a bug: when you create an announce at root level, it was not rendered with alert color but with header colors). Fixed fcm_conv_index in cm_lib.inc.php to display all announces regardless the value of the level argument, and to display announces before the rest of the articles. Fixed display.php and print.php to display all announces before the rest of the articles (but following their header items). This is to fix a bug where announces become hidden if their update or creation date was old and their position was later than the max allowed to display in the front page. Fixed editor.php to return the BlockType menu to the neutral position after setting the type for a selection. Previously the menu stayed in the latest choosen type and the user cannot select again the same type because the type is applied only when the menu changed it current selection. Created function fcm_get_viewergroup in cm_lib.inc.php to get the group ID and name of a given directory. This function is to be called by create.php. Modified create.php to use fcm_get_viewergroup to set the default of the page to be created as the same group as the parent directory. Previously, the default group was used. (This is a security feature, now if user forget to set the viewer group, it won't be set to "everybody"). 0.6.0b7: Added to adm_syndman.php links to sources of syndicated newsfeeds listings. Modified cm_lib.inc.php to identify Japanese and Slovakian charsets, and to user iso- definitions for Russian (Phprojekt uses windows- charset), and added an inactive alternative charset (koi8-r). Fixed fcm_call_htmleditor in cm_lib.inc.php to use a new parameter defining if the editing directory already exists or not (to disable local-file links and image uploads). Previously if the user tried to upload something, it was stored in the parent directory, and the corrected paths for images and links were fixed to the parent directory. Also modified create.php and edit.php to use this new parameter. Fixed create.php to disable upload, edit, delete and create icons, because there is not yet a directory. Previously, those icons were targeting the operations on the parent directory. Modified editor.php and editorm.php to disable image uploads/insertions and local-file links if the current directory doesn't yet exist. Modified listing.php to have the option to display the full title, short title, or the path, short or full, and to show/hide the details (update time, owner and viewer group). Also modified fcm_title_nav2 in cm_lib.inc.php to set these parameters when calling listing.php. Fixed adm_config.php by adding Catalan language selection. Security fix: disabled uploads and file listings of PHP files, as they can be used to access the CMS files avoiding all other security measures. Added a new array to cm_filetypes.inc.php named $cm_disabled_type, defining all disabled file extensions. Modified function fcm_conv_fileindex in cm_lib.inc.php to don't display any file with a disabled file extension (which may not be really a problem as all downloads are done thru getfile.php so no execution of the target file is done). Fixed editorup.php to disallow uploadings of files with invalid file extensions. Fixed fileman.php to disable any operation which would lead to the creation of a file with invalid file extension. Fixed function fcm_conv_fileindex in cm_lib.inc.php to don't display directories. 0.6.0b8: Modified cm-style.css and cm-styletxt.css files to modify the class h3.docdatatitle to reduce the interline spacing after the document title (in the document summary). Fixed display.php so it won't display any article if the max articles to list is set to zero. Based on patch by Psymon (Mark Coudriet, ipsymon@yahoo.com). Modified functions fcm_articlelist_box and fcm_echo_articlelist_box in cm_lib.inc.php to force 3 blank spaces between the title and the abstract text. Based on patch and concept by Psymon (Mark Coudriet, ipsymon@yahoo.com). Modified functions fcm_articlelist_box and fcm_echo_articlelist_box in cm_lib.inc.php to call fcm_check_logoimage to adjust the logo image size if necessary or leave it as is. Previously the logo image was always adjusted to the max allowed, producing a distorted logo image. Also, with this call, it can be checked if the logo image exist or not. Based on patch and concept by Psymon (Mark Coudriet, ipsymon@yahoo.com). Changed purpose of fcm_check_logoimage in cm_lib.inc.php. Now it checks several parameters of the logo image and return a status code, the real dimensions of the image and the adjusted dimensions. Created fcm_warn_logoimage in cm_lib.inc.php to do the work of the previous fcm_check_logoimage. (To display an error message if the logo image has wrong dimensions or it was too big. Also, fixed the checking of the global configuration variable cm_enable_verifylogo in this function. (In fcm_check_logoimage it was disabled). Changed display.php and edit.php to call this function. Added new global configuration option (cm_text_icons) to disable the navigation icons and use only text options. Modified fcm_title_nav2 function in cm_lib.inc.php to support this option. Modified fcm_bread_crumbs function in cm_lib.inc.php to get a new parameter to enable or disable the links of the bread crumbs. (Enabled to use them as navigation control, disabled to use them only as navigation hints). Fixed fcm_bread_crumbs function in cm_lib.inc.php to truncate the aux title text of each bread crumb to 70 characters. The aux. title text is the abstract content of each target document. Modified fcm_articlelist_box and fcm_echo_articlelist_box to get a new parameter to display the bread crumbs to the target document. Fixed fcm_articlelist_box and fcm_echo_articlelist_box so that the logo image is a link. Previously the logo image was not linked to the document. Fixed fcm_gzip_file and fcm_gunzip_file functions in fileman.php to call set_time_limit to extend the execution time limit to prevent the script to be aborted when compressing/decompressing large files. Added new global variable cm_safemode to store true if the PHP setup is in safe mode or false if it isn't. Modified fcm_conv_album, fcm_storerdf (in cm_lib.inc.php), fcm_gzip_file and fcm_gunzip_file (in fileman.php) to call set_time_limit only if cm_safemode is false. Modified fileman.php to add links to the files. Previously, the files could be manipulated but could not be downloaded directly. 0.6.0b9: Added verification to editorm.php to check if the browser has the Midas extension enabled. If not, then it displays an error message and exits. Updated all language files with contributed updates. Fixed all language files, which had two extra newlines appended to the end, causing errors in some PHP configurations. Modified adm_config.php so that the target version is taken from cm_codebaseversion and not from cm_currentversion (which gets overwritten in several places and may potentially lead to coding errors). Modified listing.php to display details in a cleaner way. Now details are aligned within a table. Added function fcm_diffdate_days to cm_lib.inc.php, which returns the difference between today an a given date. The returned value is expressed in days. Fixed adm_config.php so the setting "convert emoticons" can be selected with a drop-down menu. Also, modified the default value of cm_oldestallowedleaf from 10 to 60 days. Fixed display.php and print.php to respect the cm_home_maxleafs, cm_home_minleafs and cm_home_oldestleafallowed configuration settings. Disabled error reporting for fsocketopen in function fcm_store_rdf in cm_lib.inc.php because in recent versions of PHP it display errors to the user if cannot find the target host. 0.6.0b10: Disabled error reporting for a couple of set_time_limit function calls in cm_lib.inc.php. Deleted some quotes from the German localization file which caused the whole module to crash if the user is using German as Phprojekt language. Thanks to Sean Goldin for reporting this bug. Fixed functions fcm_conv_album and fcm_storerdf in cm_lib.inc.php to get the variable cm_safemode from global. Now the construction of the user-agent string is done with information from SERVER_SOFTWARE and from php_uname. Added small translation corrections to French language file. Thanks to Emile Simonnet. Fixed fcm_conv_index so that it will search for announces directories which father dir is like fatherdir% (not fatherdir/%). This bug was hidding the immediate lower announces. Thanks to anonymous/guest for reporting this bug. Created cm_summary.inc.php script to be included in summary/summary.php Phprojekt file to list recent articles in the Summary page. Added new function fcm_articlelist_nostyle to cm_lib.inc.php to create the article listings for the summary page (this listing is style-less, it uses the colors of the current Phprojekt theme to render uniform appearance). Modified adm_config.php to create a new configuration variable: cm_sum_oldestleafeallowed, to define how recent (in days) should an article be to be displayed in the summary page. This feature based on patch and concept by Psymon (Mark Coudriet, ipsymon@yahoo.com). Fixed cm_mainindex.inc.php so that the CMS module can be called thru the main Phprojekt page (index.php?module=cms) specifying a directory to display. (Previously, only the root CMS page could be rendered when calling thru the index.php of Phprojekt). 0.6.0b11: Fixed adm_applog.php script file, in the drop-down menu the strings were hard-coded in English, not referencing the localized strings in the language files. Thanks to Emile Simonnet for the bug report. Fixed cm_lib.inc.php to define the variables cm_php_self, cm_http_useragent and cm_server_name using alternative methods (_SERVER, HTTP_SERVER_VARS, _ENV and getenv) until a valid value can be obtained. Thanks to anonymous/guest for reporting and helping to debug this bug. Changed cm-style.css to fix some errors in the styles of the buttons of the WYSIWYG editors (IE & Mozilla). Added icon to color picker of editor.php. Based on code and concept by Psymon (Mark Coudriet, ipsymon@yahoo.com). Added function fcm_chk_cfgval to adm_config.php configuration script to check for missing or type-invalid values in the configuration file. After upgrading, if there were new configuration options and the user only regenerated the configuration file without entering the new values, the generated config file was invalid. Fixed function fcm_show_usercomments in display.php and fcm_show_txtusercomments in print.php. Before this fix, if global historical comments were disabled, all comments were disabled from all documents. Thanks to Psymon (Mark Coudriet, ipsymon@yahoo.com) for the bug report Fixed usercomment.php to disable HTML tags when previewing. Before this fix, when previewing the comment, HTML tags were rendered as normal HTML (not disabled). Currently, HTML is not allowed in user comments (to be enabled in a later release). Fixed fcm_conv_links in cm_lib.inc.php to url-encode the rendered URLs. Added new option to adm_config.php to set if the PNG-fix behavior (to fix the lack of support in IE for alpha-transparency) is going to be used or not. Previously, the main CSS file should be edited to enable/disable the fix. Modified cm_lib.inc.php to support this setting. Created pngbehavior.css to call the behavior (now when rendering the page, two CSSs are referenced, the main CSS and optionally the one for the fix). Modified all PNG images included with the CMS module so they have the background/matte color set to white (except those used in the WYSIWYG editor). In this way, if the PNG fix is disabled, the icons will be still readable. Previously, some icons had black or other colors as background, making them hard to see. Added TITLE description to table cells of the adm_config.php configuration page, so a tooltip with the option short-name is displayed when the mouse is on the input field. Fixed cm_summary.inc.php to allow for cases when cm_sum_oldestleafallowed is set to zero and to improve the rendering when there is nothing to show. Thanks to Psymon (Mark Coudriet, ipsymon@yahoo.com) for bug report and patch. 0.6.0b12: Fixed cm-style.css and cm-styletxt.css files deleting the comments tag enclosing the style block content and deleting the STYLE tag as it is not needed (because the files are referenced externally by LINK tags). This also solved the "first-style ignored" problem. Added function fcm_unhtmlentities_l to adm_config.php (similar to fcm_unhtmlentities in cm_lib.inc.php) to convert character entities back to its original representation so the comments written in the CMS config file are readable. The fcm_unhtmlentities in cm_lib.inc.php cannot be used as that file is not included in adm_config.php. Added missing verification step in editorup.php to check if file uploads are enabled in the server. This is similar to the check in fileman.php. Modified search.php so previous forbidden words now are allowed (some SQL instructions). Now, some characters are deleted (to disable any attemp to poison the search query with SQL instructions). Also, we space-trim the string before searching. Added support for the database prefix of Phprojekt 4.1. Modified the files adm_applog.php, adm_chkdata.php, adm_createdb.php, adm_syndman.php, cm_constraints.inc.php, cm_lib.inc.php, cm_mainindex.inc.php, cm_navigation-33.inc.php, cm_navigation.inc.php, cm_summary.inc.php, create.php, delete.php, display.php, edit.php, fileman.php, getfile.php, listing.php, print.php, search.php, statshits.php and usercomment.php to use the global variable cm_db_prefix, extracted in cm_lib.inc.php from the constant DB_PREFIX (if available). Deleted content of cm_filetypes.inc.php and cm_images.inc.php. Moved some code from cm_filetypes.inc.php to cm_mimetypes.inc.php (for banned file types). Created new global variable cm_mod_id in cm_lib.inc.php to hold a string similar to cm_mod_useragent (without the "User-Agent:" string) to be used as generator metatag on the header of generated pages. Modified console.php to use cm_mod_id now (previously, it used cm_mod_useragent). New skin control (the CMS will follow the global skin if possible, or defaults to one predefined skin): Discontinued configuration option cm_icon_set. Modified adm_config.php to support the new option cm_default_skin. Added function fcm_skin_menu to adm_config.php to create a drop-down menu with available CMS skins. Added new global variable cm_skinpath to cm_lib.inc.php to hold the path for the CMS skins (cm/layout). Added temporary override for cm_icon_set variable (as too much code relies on this variable and now is discontinued). Added selection code for CSS files, searching first in the global skins (of Phprojekt), then in the local skins directory, and finally in the default location. Added selection code for cm_filetypes.inc.php and cm_images.inc.php, depending on the current selected skin. Deleted all icon sets in cm/img. Now images will be stored in skin directories (cm/layout). Only Gnome and AquaFusion images were moved to cm/layout/cm_gnome and cm/layout/aqua_fusion directories with their matching cm_filetypes.inc.php and cm_images.inc.php. (KMess icons and support for IcOsX were removed). Changed variable cm_db_prefix. Now we store the database table prefix in a constant (CM_DB_PREFIX), to ease its usage within functions. Added install.txt to distribution, containing installation directions and requirements. Modified copyright notices to add 2004 year. Added new configuration option to cm_enable_dbprefix to adm_config.php to enable the usage of the DB prefix of Phprojekt by the CMS module. If disabled, the CMS will not use the DB table prefix even if Phprojekt is using one. Modified cm_lib.inc.php and cm_mainindex.inc.php to support this option. Added new configuration option to cm_force_skin to adm_config.php to force the CMS skin even if the user has selected a different one for Phprojekt. Modified cm_lib.inc.php to support this option. Added basic skin files for the CMS module following merkur and neptun Phprojekt skins in cm/layout/neptun and cm/layout/merkur directories. Added testing file for CSS in each local skin directory. Added new constant CM_PP_PREFIX to be used with all calls to Phprojekt tables (with calls to CMS tables we will use CM_DB_PREFIX). The config option cm_enable_dbprefix only affect CM_DB_PREFIX. This allow the CMS module to use non-prefixed tables with Phprojekt prefixed tables. 0.6.0final: Added German translation of wikimarkup-help file courtesy of Christian Hartnick (cis@hartnick.de). Fixed minor bugs in layout/xxx/cm_images.inc.php reported by Psymon (Mark Coudriet, ipsymon@yahoo.com). Fixed minor bug in editor.php reported by Psymon (Mark Coudriet, ipsymon@yahoo.com). Added Brazilian Portuguese language file lang/br.inc.php courtesy of Eduardo Gobbo Ferreira (eduardo_gobbo@hotmail.com). Modified adm_config.php, cm_lib.inc.php and setup.php to load the new Brazilian Portuguese language file and created dummy doc/br.edithelp.php file. Added function fcm_getmicrotime to get the microtime of the start of any script using cm_lib.inc.php (currently all CMS scripts). Added function fcm_dbglog to append a log line to a text file (by default cms.log), useful for debuging. Added cached-version expiration header to getfile.php and display.php, however, this feature is currently unused. To be used for images included in the body of the page to speed up loading times. (If enabled, file-downloading breaks, so is disabled now). Updated URLs in console.php and setup.php of web forums. Fixed editor.php, editorm.php and editorup.php to build cm_http_base and cm_https_base variables using the global variable cm_php_self and not PHP_SELF, which is not always available. Included Compact skin files contributed by Mark Coudriet (ipsymon@yahoo.com). %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 0.5.1: Added compatibility code for Phprojekt 4.0 to cm_mainindex.inc.php and cm_navigation.inc.php. This was back-ported from the next 0.6.0 code. Moved old code to cm_mainindex-33.inc.php and cm_navigation-33.inc.php to be used as compatibility script files for future releases (so the module can work with old 3.3 setups). %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 0.5.0: Added partial German string translation, contributed by Dominik Gamperl (dog@dominikdesigned.net). Change in fcm_process_markup so that when GD support is disabled, the album generation is replaced by file list generation, so full-size images are available anyway. Added a file with the description of the database tables to the design documentation directory. Created redir.php to redirect to any external URL. This script file is going to be called from pages with external links and from syndication news link lists. The redirector creates/updates a record in the hit counter database table for a given URL. Modified cm_lib.inc.php to: include new CM_HITTYPE_ELINK constant, modified fcm_conv_links to call redir.php for external links, modified fcm_display_rdfbox and fcm_display_txtrdfbox to call redir.php for their generated links. Edited statshits.php to include external links statistics. Created new logging facility: Modified cm_dbcreate.php to create cmapplog3 database table. Modified cm_lib.inc.php to set several operation IDs for the log records. Modified several scripts to add logging records: checker.php, create.php, delete.php, display.php, edit.php, fileman.php, getfile.php, usercomments.php and userrating.php. Corrected error message in fileman.php. Modified getfile.php to display error message if file is not found or the user has not enough permissions (previously the script failed silently). Modified listing.php to use fcm_check_constraints function (previously it was using older functions and displaying wrong listings). Corrected language string files for the entry "directory". Corrected some backslashes in URL paths in the cm_dbcreate.php, editsec.php and setup.php script files. Thanks to Michael Mauch for the bug report. Modified editsec.php to avoid the use of the shortcut syntax so it doesn't fail in settings where the PHP configuration option short_open_tag is set to Off. Thanks to Christian Schaden for the bug report and code. Changes in lib.inc.php to change the charset in certain languages (Chinese, Czech, etc). Thanks to Iztok Zajc and Kin for the bug report. New language file (French), courtesy of Alain J. Godbout (alain@gmgconseil.com). Included dummies files for the help files of Dutch and German help files (cm/doc/xx.edithelp.php). New markup for ordered and unordered lists (included nested ones). The original concept and code for this feature courtesy of Stephen Reindl (sreindl@stephenreindl.de). Fixed the fcm_storerdf function so it doesn't expect an IMAGE element in the RSS/RDF newsfeed. Without this change, some newsfeeds were not properly processed and their links could not be extracted. Thanks to Uffe Lund for the bug report. Fixed a bug in edit.php. When selecting preview, the new updated and creation date were not being displayed. Added new fields to the content3 table: cmdb_rated (rating enabled or not for this page), cmdb_commented (user comments enabled or not for this page), cmdb_short_title (alternative title for navigation), cmdb_logo (filename of local image to use as logo), cmdb_version (currently unused), cmdb_sign (currently unused). Added supporting code for new fields (content3 table) in the scripts cm_lib.inc.php, create.php, edit.php, cm_dbcreate.php. Created functions fcm_can_berated and fcm_can_becommented in cm_lib.inc.php. Fixed a bug in search.php. Now the stats (visits, rating, total comments) of the resulting entries are displayed correctly. Created fcm_get_totalcomments in cm_lib.inc.php to get total comments for a given page. This is to simplify code in other scripts. Created fcm_bread_crumbs function to generate the breadcrumbs navigation links. This functions uses the new short_title property of the page, if available. Also, the TITLE help text is the abstract of the target link. Added new field to content3 table: cmdb_enable_html, when 1 identify the content as HTML, otherwise is wiki-derived markup. Added supporting code for the cmdb_enable_html field. Modifications in cm_dbcreate.php, create.php, display.php, edit.php and print.php. New functions in cm_lib.inc.php: fcm_can_usehtml, to check if a page has html enabled. fcm_recode_html, to convert tags to special storage format. fcm_decode_html, to convert tags back to html. fcm_decode_htmlfull, to convert tags back to html and special chars to normal chars. fcm_secure_html, to disable some dangerous or useless tags. Added new parameter to fcm_process_markup to disable the character and paragraph formating, as well as link and image tag generations when the content is html-enabled. Small corrections to design docs. Created editor.php, which is our old WYSIWYG DHTML client-side editor. New support images from the AquaFusion icon set (the other sets don't have required icons) and new definitions in cm_images.inc.php. New support strings in the lang/??.inc.php files for the HTML editor. Added of integration code for old WYSIWYG DHTML client-side editor with create.php and edit.php. It works only with Internet Explorer 4.0 or higher (only tested with IE 6). Added fcm_call_htmleditor function in cm_lib.inc.php, which insert the Javascript code and HTML tags to call the HTML editor. Fixed bug when previewing in create.php and edit.php, where escaping-slashes were not striped properly. Changes in the CSS cm-style.css for the HTML editor. Added icon to nav icons in function fcm_title_nav2 to rate the current document. Now generated index pages display the rating, comments and visits of pages. Added global config variable $cm_enable_htmledit to enable/disable the HTML processing functions. Changes in all code using htmlentities. Since this version, no content will be converted. We will rely on the browser selecting the right charset. Creation of the function fcm_htmlentity, to substitute htmlentities. By now, this version calls htmlspecialchar only. The current content stored in the content table is converted properly, and if resaved, is saved without the html entities converted by htmlentities. Creation of applog.php to display the records in the applog. Modifications and renaming of several administrative scripts: setup.php, adm_applog.php, adm_chkdata.php, adm_config.php, adm_createdb.php, adm_editsec.php, and adm_mkroot.php. Creation of console.php as main page for maintenance scripts. Added icon to nav icons in function fcm_title_nav2 to go to the administrative console if user is the adminuser. Fixed some images references in cm_images.inc.php. New language file (Catalan), courtesy of Albert Alcaine (http://www.alcaine.info). Creation of fcm_truncate_string function that truncates a string taking care of not spliting double-byte characters. Added max-length truncation to some fields entered by users in create.php, edit.php, usercomments.php and in the function fcm_add_logentry. Creation of fcm_remove_accents (based on code posted in php.net by "hotmail-marksteward") to convert extended characters to a ascii-7 letters. This function is used to filter characters in the directory names when creating new pages (create.php). Modified the code that cleans the directory name in create.php. Now it tries to convert the user-typed dirname to ascii-7 characters and then deletes any non-alphanumerica character. More changes in fcm_storerdf from cm_lib.inc.php to parse some bad-formed RDF/RSS content and to fcm_display_rdfbox to keep the box size fixed even if there is no content. Deleted some RSS/RDF sources that don't work anymore from display.php. Changes in function fcm_title_nav2 to use TITLE arguments as well as ALT for its icons. More changes in fcm_storerdf from cm_lib.inc.php to identify when the content was not found in the remote server or when the answer contains no data. Deleted some RSS/RDF sources that don't work anymore from dlsynd.php and reordered those found in display.php. Deleted redundant error_reporting sentence in dlsynd.php Added definitions of MS Office files in cm_mimetypes.inc.php to open them inline. Added optional (disabled by default) Pragma declarations in getfile.php to test problems of IE with SSL. Fixed fcm_conv_images in cm_lib.inc.php to use getfile.php with local image files and redir.php for external images. Thanks to Psymon (Mark Coudriet, ipsymon@yahoo.com) for the bug report and patch suggestions. %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 0.4.8: Added some of the design diagrams in the cm/doc/design directory for those trying to customize the CM module. Added checking of post_max_size PHP variable and compare it with upload_max_filesize. The smaller one will be the limit of the upload. Previously only upload_max_filesize was checked. Added rating system: Created userrating.php script to enable users to post their rating for a document. Added supporting functions to cm_lib.inc.php; fcm_show_userratings, fcm_set_rating, fcm_get_rating, fcm_getaverage_rating, fcm_delete_rating. Added supporting code for ratings to fmds_doc_summary, fcm_doc_txtsummary and fcm_articlelist_box in cm_lib.inc.php. Modified scripts to leverage rating functions; display.php, delete.php, print.php, search.php. Added styles to CSS files for colors of rating box. Added star graphics to cm/img/ directory. Defined constants with min and max rating values in cm_lib.inc.php. Added option to setup.php to enable or disable the re-rating of an already rated document. Modifications in cm_dbcreate.php to create the cmratings3 table. Added language dependent string (Spanish and English). Added permission/restriction matrix editor: Created editsec.php to enable the superuser to edit the permission/restriction matrix without editing the code. Created supporting functions in cm_constraints.inc.php to load the permission/restriction matrix from the database; fcm_load_defsec, fcm_load_secdb, fcm_save_secdb. Modifications in setup.php to call editsec.php. Modifications in cm_dbcreate.php to create the cmrestrict3 table. Added language dependent string (Spanish and English). Changes in all scripts to call the fcm_load_secdb function to load the permission/restriction matrix from the database (cm_dbcreate.php call fcm_load_defsec because there is no table yet). Changes on some script to leverage the function fcm_get_totalhits. This should be done several releases ago. Added option to setup.php to disable GDlib support at all. Changes in several dependant functions. Useful when installing in a server without GDlib. Tests and some changes to make the CM module to work in a groupless Phprojekt setup. Changes in listing.php that called the obsolete function fcm_user_is_ingroup (now it calls fcm_user_is_ingroup2). Deletion of obsolete function fcm_user_is_ingroup. Changes in graphpie.php that now includes the lib.inc.php file to be able to use the database functions of Phprojekt needed for the permission verification functions. Added username to generated page footer. Small coding style change: change from using += to use ++ operator. Deletion of syndication function calls in print.php. %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 0.4.7.1 Added the license notices for the PNG behavior. Included selected icons from the AquaFusion 0.4 iconset, now that the author clarified the DSL license. Included a file with the GPL license. Minor fixes: the condition in a FOR loop was selecting an out-of-bounds array index in the conv_emoticon function, missing array declarations for cm_sorteddir in two functions. Fixed problem with fcm_conv_images which deleted the last character of the URL part. This problem is similar to that fixed in fcm_conv_links on 0.4.7. Fixed fcm_conv_images and fcm_conv_links that ignored that ignored the comma separating the URL and Title. The original specification defined the use of a blank and not a comma, but the documentation was not changed. Because of the bugs fixed at fcm_conv_images and fcm_conv_links regarding the missing last character of the URL part, now the comman (if used) was not deleted. This fix enable those functions to use a blank or a comma followed by a blank. %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 0.4.7 Added more informative messages in setup.php and cm_dbcreate.php scripts, because many people get confused when logged with a different user than root and ended locked out during the setup process. New security modifications. Now permissions are based on a restriction lookup table. This table is encoded in cm_constraints.inc.php. The table is an array with three dimensions: operation, location, user status (or role). Since one user can have several roles/status, each role have also a weight. Only the heavier role is considered in the current operation. We use two functions to check the permissions: fcm_check_constraints which return true or false according to the given operation, location and status (this function is mainly a weighting function) and, fcm_check_validops which returns an array with a true/false for each operation (this is mainly to pass the data to the navigation bar function). Moved functions fcm_user_is_admin, fcm_user_is_owner and fcm_user_is_ingroup2 to cm_constraints.inc.php, because these functions must no longer be called directly (we rely now on fcm_check_constraints and fcm_check_validops). Deleted the second parameter from fcm_access_sqldef function as it was no really used. Deleted fcm_title_nav function and created fcm_title_nav2. This new function takes advantage of the data returned by fcm_check_validops. Changed error reporting line in cm_lib.inc.php from E_ALL to E_ALL & ~E_NOTICE. The script getfile.php was broken during the last (unreleased) release because an empty line after the closing PHP delimiter. New print.php script. Now when displaying a "printable version" the new window uses a minimal CSS sheet, without backgrounds and colors, a simpler formatting of the document information and a time/path header. Added three text-only functions (fcm_doc_txtsummary, fcm_display_txtrdfbox, fcm_show_txtusercomments) and text-only HTML header/footer variables to use with print.php. Created a simpler style sheet (cm-styletxt.css) to use with print.php. Finished testing with GD library 1.8.4 as this is more common than GD 2.0. Added code to graphpie.php to generate the pie graphs using the old GD functions, in case you are not using GD library 2.0. Previously, if you were not using GD 2.0, the stats graphs were not generated properly. Minor cosmetic changes to the album generation function cm_lib.inc.php. Added an option in setup.php to go to the CM homepage (which was the real purpose of the miscoded Go To Homepage button). Added new function fcm_check_anyglobal to cm_constraints.inc.php. This function get an operation, an username and a generic location and checks if the user has permissions for any of its global (not location dependent) roles. Added new constraints table (not default) to emulate the old behavior in which Admins could do anything. Fixed fcm_access_sqldef so now generate sql conditions only if the user's global roles don't let it have free access (it calls fcm_check_anyglobal). Fixed display.php that when called with a cm_path=/ failed with a dir_not_found error. Created fcm_curdate_string to return the current date in the usual YMD-HMS format used in several scripts. Created cm_anon.inc.php include file. This file contains a commented line with an user name and password. If you want to enable access without login, uncomment this line, add the username and password and now any user can use the CM module autologged in as this user. Take note that this also enable access to all other functions in Phprojekt. Created fcm_unspecialchars function in cm_lib.inc.php. This function apply the htmlentities to a string, then reconvert the special chars (ampersand, quotes, greater than, lesser than) back to its normal representation. Used when displaying text that may or may not be already converted. Created three new functions fcm_user_names, fcm_group_names and fcm_default_group in cm_lib.inc.php. Used in several scripts to retrieve long username, long groupname and default group. Fixed a call to fcm_delete_hitrecord from delete.php, the second argument was missing. Fixed fcm_access_sqldef so now generate sql conditions also for groups without defined viewer group. Fixed fcm_conv_album and fcm_conv_fileindex, don't try to read the current dir if it doesn't exist. This can happens when previewing a page that has not been created yet. Fixed fcm_conv_images, it was not generating the right URL when including an alternative text (it was adding the comma to the URL string). Fixed fcm_urlencode, to reconvert also the ":". New language file (Dutch), courtesy of Dennis Janssen (Dennis@fourstar.nl). Modified code in setup.php and cm_lib.inc.php to select language file. Fixed problem in cm_lib.inc.php with conv_links that deleted the last character of the URL if using a title string. %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 0.4.6: When you tried to enter the CM module directly, the logon page appears, but after that you were redirected to a non-existing page (to cm/.php). This has been fixed. cm_filetypes.inc.php has been split in cm_filetypes.inc.php and cm_mimetypes.inc.php. Now, file icon definitions are stored in a bidimensional array. This will let us to change "themes". Creation of cm_images.inc.php. It contains image names to be used by the CM module. This will allow us to select on the fly among several icons sets (very basic themes). Changes in several files to support the image definitions. Changes in fileman.php and cm_lib.inc.php to use isset to find out if there is an icon definition for a given extension. Previously we used array_key_exists, but because now the array is bidimensional, is easier to use isset. Added two new variables to setup.php to be used in config file. These variables are the dimensions of dir listing images, which were previously fixed. In order to keep the package size small, most images (unused by default) from the gnome set were deleted. Moved images from the gnome set to img/set01 directory. Included new images in img/set02 from the AquaFusion theme for KDE. Later I removed the icons because I'm not sure if the license let me just include some icons or if I have to distribute the whole set. However I left the definitions intact, so you can just unpack the AquaFusion set and it will work. Included new emoticons images in img/set03 from the KMess application. Evaluated the inclusion of icons from iKons, Dave's Sky, Win2K and IcOsX icons sets for KDE, but they were incomplete or the licences were not clear or not OSI-approved. Added definitions to be able to use IcOsX icons set for KDE as a source of icons. (I cannot distribute the icons due to the license of IcOsX). Added option to setup.php to set a new variable in the config file. This variable is an index number to choose an icon set. Added integrity verification script (checker.php) to verify the content of the tables. Useful if you edited manually the database and to detect other inconsistencies that may arise with the normal use of the CM module (for example if you deleted a user who is the owner of some pages). This is not a fixer, just a checker. Added new functions and modified others to increase security. Now only the superuser can create pages at the root level. Now only Administrators belonging to the groups of a page can view/modify that page. Now Administrators can add pages only to a directory they can view. These code changes were done everywhere: something may not work properly, I am still testing. %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 0.4.5: Added a few more file definitions in cm_filetypes.inc.php. Creation of getfile.php. This script checks the user permissions, get a file and send it to the browser. This will be used to avoid the user getting files directly without any security. Also this will enable to have the root directory out of the web tree (more flexibility, improved security). Added mime types definitions in cm_filetypes.inc.php to be used by getfile.php. Rewrite of setup.php. The setup.php script was broken, very buggy. Sometimes you couldn't change the values, or the defaults were always used, or the root user was locked out, etc. A real (i)logic mess. Fixed fcm_urlencode so it can be used with URLs (its original purpose). Now we use rawurlencode and not urlencode, so spaces are encoded with %20. Modifications in some functions that link files directly (album, file links, file listings) to use now getfile.php. Testing (ok) with the root tree out of the CM directory and out of the web tree. Now we can have the root tree in a safe place and not mixed with the CM code. Added option to setup.php to create the root content directory. To avoid IE from freezing: Simplified the pngbehavior.htc script. Modified style sheet so the png behavior won't be applied to all images. Modified several scripts to use IMG tags with a CLASS for the png behavior only where using PNG files. Added code to keep track the download hits of file sharing and image sharing (via albums). Also added code to display total downloads count in album and file listing. Added list and graph to stathits.php to display most downloaded files. %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 0.4.4: Added preview option for user comment form and fixed adding of slashes when confirming posting, in usercomments.php. Fixed access to setup.php and cm_dbcreate.php. Now user must login and the user must be "root1" (if no config file exist) or one defined in the config file. Fixed localization (Spanish and English) of some messages in setup.php. Fixed inclusion of current config file in setup.php. Previously the values shown were the defaults always. Added buttons to setup.php to restart the config form, to go to the homepage and to go to the table creation form. Disable user pages navigation icons, since this feature is not yet implemented. Added version variable to config file (and supporting code). Added version number to footer of CM pages. Translation from Spanish to English of WikiMarkup help. Fixed some errors in both versions. Added comments in cm_lib.inc.php for all functions. %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 0.4.3: Fixed syntax error in IF sentence in delete.php introduced in 0.4.2. Fixed syntax of sql queries to conform to a (non-standard) requirement of MySQL (not space before the opening parenthesis of a function call). Fixed conditions to list newest articles in homepage (the condition was (parentdir%) and now is (parentdir OR parentdir/%). Changed several sql queries to use "=" and not "like" when necessary. The "like" was an heritage from the first versions of CM when cmdb_parentdir and cmdb_directory were MEMO/TEXT fields and now they are VARCHAR/STRING. Beginning testing with MySQL (previously only tested with PostgreSQL and MS-SQL). Fixed annoying initial message in create.php about the directory already existing. (The dir of course already exists, because it is initially set to the current directory). %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 0.4.2: Fixed problem with extended characters in URLs and uploaded file's names. Created a fcm_urlencode function to "fix" the encoding of / to %2f that breaks the access to URLs with extended characters. Filemanager now is case-insensitive to file extensions. Album generation now is case-insensitive to file extensions. -----BEGIN PGP SIGNATURE----- Version: PGP 8.0 iQCVAwUBQoBffDpHuYe8JiHtAQFFtgQAvDEw168z1GU9mUDlMQVfaQeu7cJHvAp4 66E+URnsfDfInjiCxYoOQ9nHhyljwGHcl0OKVtwmlWPQ2M17gt2Bs+piW+pKBUEi BJ6O8xZ9fATtYwB9v/wZ85RspzsTT3lWbaaaNUlKaTxbqvqNG5SAMDk1vPdvdrDA PuRP0RtQpUY= =9Wx5 -----END PGP SIGNATURE-----