Commit e158f48c authored by Eric Rasmussen's avatar Eric Rasmussen
Browse files

[gh-484] Ctools module security update to 7.x-1.2

parent 26746157
......@@ -3,6 +3,10 @@ Current API Version: 2.0.5
Please note that the API version is an internal number and does not match release numbers. It is entirely possible that releases will not increase the API version number, and increasing this number too often would burden contrib module maintainers who need to keep up with API changes.
This file contains a log of changes to the API.
API Version 2.0.7
All ctools object cache database functions can now accept session_id as an optional
argument to facilitate using non-session id keys.
API Version 2.0.6
Introduce a hook to alter the implementors of a certain api via hook_[ctools_api_hook]_alter.
......
......@@ -4,9 +4,9 @@ core = 7.x
dependencies[] = ctools
package = Chaos tool suite
; Information added by drupal.org packaging script on 2012-03-28
version = "7.x-1.0"
; Information added by drupal.org packaging script on 2012-08-18
version = "7.x-1.2"
core = "7.x"
project = "ctools"
datestamp = "1332962446"
datestamp = "1345319204"
......@@ -23,7 +23,6 @@ div.ctools-modal-content .modal-header {
div.ctools-modal-content .modal-header a {
color: white;
float: right;
}
div.ctools-modal-content .modal-content {
......@@ -37,6 +36,7 @@ div.ctools-modal-content .modal-form {
div.ctools-modal-content a.close {
color: white;
float: right;
}
div.ctools-modal-content a.close:hover {
......
......@@ -6,9 +6,9 @@ files[] = includes/context.inc
files[] = includes/math-expr.inc
files[] = includes/stylizer.inc
; Information added by drupal.org packaging script on 2012-03-28
version = "7.x-1.0"
; Information added by drupal.org packaging script on 2012-08-18
version = "7.x-1.2"
core = "7.x"
project = "ctools"
datestamp = "1332962446"
datestamp = "1345319204"
......@@ -9,7 +9,7 @@
* must be implemented in the module file.
*/
define('CTOOLS_API_VERSION', '2.0.6');
define('CTOOLS_API_VERSION', '2.0.7');
/**
* Test the CTools API version.
......
......@@ -4,9 +4,9 @@ core = 7.x
package = Chaos tool suite
dependencies[] = ctools
; Information added by drupal.org packaging script on 2012-03-28
version = "7.x-1.0"
; Information added by drupal.org packaging script on 2012-08-18
version = "7.x-1.2"
core = "7.x"
project = "ctools"
datestamp = "1332962446"
datestamp = "1345319204"
......@@ -99,7 +99,7 @@ function ctools_ruleset_ctools_access_check($conf, $context, $plugin) {
* Provide a summary description based upon the checked roles.
*/
function ctools_ruleset_ctools_access_summary($conf, $context, $plugin) {
if (!empty($form_state['plugin']['ruleset']->admin_description)) {
if (!empty($plugin['ruleset']->admin_description)) {
return check_plain($plugin['ruleset']->admin_description);
}
else {
......
......@@ -4,9 +4,9 @@ package = Chaos tool suite
dependencies[] = ctools
core = 7.x
; Information added by drupal.org packaging script on 2012-03-28
version = "7.x-1.0"
; Information added by drupal.org packaging script on 2012-08-18
version = "7.x-1.2"
core = "7.x"
project = "ctools"
datestamp = "1332962446"
datestamp = "1345319204"
......@@ -4,9 +4,9 @@ core = 7.x
package = Chaos tool suite
dependencies[] = ctools
; Information added by drupal.org packaging script on 2012-03-28
version = "7.x-1.0"
; Information added by drupal.org packaging script on 2012-08-18
version = "7.x-1.2"
core = "7.x"
project = "ctools"
datestamp = "1332962446"
datestamp = "1345319204"
......@@ -17,7 +17,7 @@ function ctools_custom_content_schema_1() {
'bulk export' => TRUE,
'primary key' => 'cid',
'api' => array(
'owner' => 'ctools',
'owner' => 'ctools_custom_content',
'api' => 'ctools_content',
'minimum_version' => 1,
'current_version' => 1,
......
......@@ -7,9 +7,9 @@ dependencies[] = page_manager
dependencies[] = advanced_help
core = 7.x
; Information added by drupal.org packaging script on 2012-03-28
version = "7.x-1.0"
; Information added by drupal.org packaging script on 2012-08-18
version = "7.x-1.2"
core = "7.x"
project = "ctools"
datestamp = "1332962446"
datestamp = "1345319204"
<p>The Chaos Tool Suite is a series of tools for developers to make code that I've found to be very useful to Views and Panels more readily available. Certain methods of doing things, particularly with AJAX, exportable objects, and a plugin system are proving to be ideas that are useful outside of just Views and Panels. This module does not offer much directly ot the end user, but instead creates a library for other modules to use. If you are an end user and some module asked you to install the CTools suite, then this is far as you really need to go. If you're a developer and are interested in these tools, read on!</p>
<p>The Chaos Tool Suite is a series of tools for developers to make code that I've found to be very useful to Views and Panels more readily available. Certain methods of doing things, particularly with AJAX, exportable objects and a plugin system, are proving to be ideas that are useful outside of just Views and Panels. This module does not offer much directly to the end user, but instead, creates a library for other modules to use. If you are an end user and some module asked you to install the CTools suite, then this is far as you really need to go. If you're a developer and are interested in these tools, read on!</p>
<h2>Tools provided by CTools</h2>
<dl>
<dt><a href="&topic:ctools/plugins&">Plugins</a></dt>
<dd>The plugins tool allows a module to allow <b>other</b> modules (and themes!) to provide plugins which provide some kind of functionality or some kind of task. For example, in Panels there are several types of plugins: Content types (which are like blocks), layouts (which are page layouts) and styles (which can be used to style a panel). Each plugin is represented by a .inc file, and the functionaly they offer can differ wildly.
<dd>The plugins tool allows a module to allow <b>other</b> modules (and themes!) to provide plugins which provide some kind of functionality or some kind of task. For example, in Panels there are several types of plugins: Content types (which are like blocks), layouts (which are page layouts) and styles (which can be used to style a panel). Each plugin is represented by a .inc file, and the functionality they offer can differ wildly.</dd>
<dt><a href="&topic:ctools/context&">Context</a></dt>
<dd>Context is the idea that the objects that are used in page generation have more value than simply creating a single piece of output. Instead, contexts can be used to create multiple pieces of content that can all be put onto the page. Additionally, contexts can be used to derive other contexts via relationships, such as determining the node author and displaying data about the new context.</dd>
<dt><a href="&topic:ctools/ajax&">AJAX Tools</a></dt>
<dd>AJAX (also known as AHAH) is a method of allowing the browser and the server to communicate without requiring a page refresh. It can be used to create complicated interactive forms, but it is somewhat difficult to integrate into Drupal's Form API. These tools make it easier to accomplish this goal. In addition, CTools provides a few other javascript helpers, such as a modal dialog, a collapsible div, a simple dropdown and dependent checkboxes.
<dd>AJAX (also known as AHAH) is a method of allowing the browser and the server to communicate without requiring a page refresh. It can be used to create complicated interactive forms, but it is somewhat difficult to integrate into Drupal's Form API. These tools make it easier to accomplish this goal. In addition, CTools provides a few other javascript helpers, such as a modal dialog, a collapsible div, a simple dropdown and dependent checkboxes.</dd>
<dt><a href="&topic:ctools/css&">CSS scrubbing and caching</a></dt>
<dd>Drupal comes with a fantastic array of tools to ensure HTML is safe to output, but does not contain any similar tools for CSS. CTools provides a small tool to sanitize CSS so that user-input CSS code can still be safely used. It also provides a method for caching CSS for better performance.</dd>
<dd>Drupal comes with a fantastic array of tools to ensure HTML is safe to output but does not contain any similar tools for CSS. CTools provides a small tool to sanitize CSS, so user-input CSS code can still be safely used. It also provides a method for caching CSS for better performance.</dd>
<dt><a href="&topic:ctools/export&">Exportable objects</a></dt>
<dd>Views and Panels both use objects that can either be in code or in the database, and the object can be exported into a piece of PHP code so that it can be moved from site to site or out of the database entirely. This library abstracts that so that other modules can use this same concept for their data.</dd>
<dd>Views and Panels both use objects that can either be in code or in the database, and the objects can be exported into a piece of PHP code, so they can be moved from site to site or out of the database entirely. This library abstracts that functionality, so other modules can use this same concept for their data.</dd>
<dt><a href="&topic:ctools/form&">Form tools</a></dt>
<dd>Drupal 6's FAPI really improved over Drupal 5, and made a lot of things possible. Still, it missed a few items that were needed to make form wizards and truly dynamic AJAX forms possible. CTools includes a replacement for drupal_get_form() that has a few more options and allows the caller to examine the $form_state once the form has completed.</dd>
<dt><a href="&topic:ctools/wizard&">Form wizards</a></dt>
<dd>Finally! An easy way to have form wizards, which is any 'form' which is actually a string of forms that build up to a final conclusion. The form wizard supports a single entry point, the ability to choose whether or not the user can go forward/back/up on the form and easy callbacks to handle the difficult job of dealing with data in between forms.</dd>
<dd>Finally! An easy way to have form wizards, which is any 'form' that is actually a string of forms that build up to a final conclusion. The form wizard supports a single entry point, the ability to choose whether or not the user can go forward/back/up on the form and easy callbacks to handle the difficult job of dealing with data in between forms.</dd>
<dt><a href="&topic:ctools/object-cache&">Temporary object cache</a></dt>
<dd>For normal forms, all of the data needed for an object is stored in the form so that the browser handles a lot of the work. For multi-step and ajax forms, however, this is impractical, and letting the browser store data can be insecure. The object cache provides a non-volatile location to store temporary data while the form is being worked on. This is much safer than the standard Drupal caching mechanism, which is volatile, meaning it can be cleared at any time and any system using it must be capable of recreating the data that was there. This system also allows for object locking, since any object which has an item in the cache from another person can be assumed to be 'locked for editing'.</dd>
......
......@@ -112,7 +112,7 @@ function mymodule_schema() {
<dd>Human readable title of the export key. Defaults to 'Name'. Because the schema is cached, do not translate this. It must instead be translated when used.</dd>
<dt>primary key</dt>
<dd>Objects should contain a primary key which is a database identifier primarily used to determine if an object has been written or not. This is required for the default CRUD save callback to work.</dd>
<dd>A single field within the table that is to be used as the main identifier to discern whether or not the object has been written. As the schema definition's primary key value will be used by default, it is not usually necessary to define this.</dd>
<dt>object</dt>
<dd>The class the object should be created as, if 'object factory' is not set. If this is not set either, defaults as stdClass.</dd>
......
......@@ -16,7 +16,7 @@ ctools_include('object-cache');
* will not result in multiple database reads.
*
* @param $obj
* A 32 character or less string to define what kind of object is being
* A 128 character or less string to define what kind of object is being
* stored; primarily this is used to prevent collisions.
* @param $name
* The name of the object being stored.
......@@ -34,7 +34,7 @@ function ctools_object_cache_get($obj, $name, $skip_cache = FALSE) {
* Store an object in the non-volatile ctools cache.
*
* @param $obj
* A 32 character or less string to define what kind of object is being
* A 128 character or less string to define what kind of object is being
* stored; primarily this is used to prevent collisions.
* @param $name
* The name of the object being stored.
......@@ -49,7 +49,7 @@ function ctools_object_cache_set($obj, $name, $cache) {
* Remove an object from the non-volatile ctools cache
*
* @param $obj
* A 32 character or less string to define what kind of object is being
* A 128 character or less string to define what kind of object is being
* stored; primarily this is used to prevent collisions.
* @param $name
* The name of the object being removed.
......@@ -67,7 +67,7 @@ function ctools_object_cache_clear($obj, $name) {
* modify them.
*
* @param $obj
* A 32 character or less string to define what kind of object is being
* A 128 character or less string to define what kind of object is being
* stored; primarily this is used to prevent collisions.
* @param $name
* The name of the object being removed.
......@@ -89,7 +89,7 @@ function ctools_object_cache_test($obj, $name) {
* This is useful for clearing a lock.
*
* @param $obj
* A 32 character or less string to define what kind of object is being
* A 128 character or less string to define what kind of object is being
* stored; primarily this is used to prevent collisions.
* @param $name
* The name of the object being removed.
......
There are two primary pieces to using plugins. The first is getting the data, and the second is using the data.
<h2>Defining a plugin</h2>
To define that you offer a plugin that modules can implement, you first must implement hook_ctools_plugin_type() to tell the plugin system about your plugin.
To define that you offer a plugin that modules can implement, you first must implement hook_ctools_plugin_type() to tell the plugin system about your plugin.
<pre>
/**
......@@ -49,7 +49,7 @@ The following information can be specified for each plugin type:
<dd><em>Defaults to:</em> <strong>FALSE</strong></dd>
<dd>If set to TRUE, the plugin type can automatically have 'child plugins' meaning each plugin can actually provide multiple plugins. This is mostly used for plugins that store some of their information in the database, such as views, blocks or exportable custom versions of plugins.</dd>
<dd>To implement, each plugin can have a 'get child' and 'get children' callback. Both of these should be implemented for performance reasons, since it is best to avoid getting all children if necessary, but if 'get child' is not implemented, it will fall back to 'get children' if it has to.</dd>
<dd>Child plugins should be named parent:child, with the : being the separator, so that it knows which parent plugin to ask for teh child. The 'get children' method should at least return the parent plugin as part of the list, unless it wants the parent plugin itself to not be a choosable option, which is not unheard of. </dd>
<dd>Child plugins should be named parent:child, with the : being the separator, so that it knows which parent plugin to ask for the child. The 'get children' method should at least return the parent plugin as part of the list, unless it wants the parent plugin itself to not be a choosable option, which is not unheard of. </dd>
<dd>'get children' arguments are ($plugin, $parent) and 'get child' arguments are ($plugin, $parent, $child).
</dl>
......
......@@ -56,4 +56,6 @@ $plugin = array(
<p>Several values will be filled in for you automatically, but you can override them if necessary. They include 'name', 'path', 'file' and 'module'. Additionally, the plugin can owner can provide other defaults as well.</p>
<p>There are no required keys by the plugin system itself. The only requirements in the $plugin array will be defined by the plugin type.</p>
<p>After this array, if your plugin needs functions, they can be declared. Different plugin types have different needs here, so exactly what else will be needed will change from type to type.</p>
......@@ -58,10 +58,9 @@ define('CTOOLS_PREG_CLASS_ALNUM',
'\x{2ce5}-\x{2cff}\x{2d6f}\x{2e00}-\x{3005}\x{3007}-\x{303b}\x{303d}-\x{303f}' .
'\x{3099}-\x{309e}\x{30a0}\x{30fb}-\x{30fe}\x{3190}-\x{319f}\x{31c0}-\x{31cf}' .
'\x{3200}-\x{33ff}\x{4dc0}-\x{4dff}\x{a015}\x{a490}-\x{a716}\x{a802}\x{a806}' .
'\x{a80b}\x{a823}-\x{a82b}\x{f8ff}\x{fb1e}\x{fb29}\x{fd3e}\x{fd3f}\x{fdfc}-' .
'\x{fe6b}\x{feff}-\x{ff0f}\x{ff1a}-\x{ff20}\x{ff3b}-\x{ff40}\x{ff5b}-\x{ff65}' .
'\x{ff70}\x{ff9e}\x{ff9f}\x{ffe0}-\x{fffd}');
'\x{a80b}\x{a823}-\x{a82b}\x{e000}-\x{f8ff}\x{fb1e}\x{fb29}\x{fd3e}\x{fd3f}' .
'\x{fdfc}-\x{fe6b}\x{feff}-\x{ff0f}\x{ff1a}-\x{ff20}\x{ff3b}-\x{ff40}\x{ff5b}-' .
'\x{ff65}\x{ff70}\x{ff9e}\x{ff9f}\x{ffe0}-\x{fffd}');
/**
* Clean up a string value provided by a module.
......
......@@ -458,9 +458,12 @@ function ctools_content_admin_info($type, $subtype, $conf, $context = NULL) {
if ($function = ctools_plugin_get_function($plugin, 'admin info')) {
$output = $function($subtype, $conf, $context);
}
if (empty($output) || !is_object($output)) {
$output = new stdClass();
$output->title = t('No info');
// replace the _ with " " for a better output
$subtype = check_plain(str_replace("_", " ", $subtype));
$output->title = $subtype;
$output->content = t('No info available.');
}
return $output;
......
......@@ -636,8 +636,8 @@ function ctools_context_get_defaults($plugin_definition, $object, $type) {
'name' => $plugin_definition['name'],
);
if (isset($plugin['defaults'])) {
$defaults = $plugin['defaults'];
if (isset($plugin_definition['defaults'])) {
$defaults = $plugin_definition['defaults'];
}
else if (isset($subtype['defaults'])) {
$defaults = $subtype['defaults'];
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment