Changes in Ariadne 2.7.9
Features:- added muze dialog loader to create crossbrowser dialogs as replacement of showmodeldialog
- added '//' crossprotocol option to psite and make_*_url()
- updated pinp function list
- Updated gzip
Bugfixes
- Fixed bug in the backend, shortcuts now point in the right direction
- Fixed some XSS bugs
- Fixed the MySQL store installer, it now correctly works with MySQL 5.5 and newer
- Fixed writing cache images, from Ariadne perspective it is now an atomic operation
- Fixed some javascript problems in muze.js
- Fixed the php version dependency in the installer, the minimum php version is 5.3.0
- Fixed the read modifier option in pphoto, frame 0 is now also valid
- Fixed the rcas module include code
- Fixed multiple bugs in ar/html/form.html
Changes in Ariadne 2.7.8
- taint() and untaint() now return their values
- many updates and additions to the ar modules.
- new version of ace, straight from git, less buggy though no official release
- added option to puser to set login independant of filename
- added diff-tool to ar/beta/
- added cookieconsent feature
- added reference and url rewrites to bin/import.
- added mod_ZipArchive which is a wrapper to ZipArchive
- added rewrite URL and references dialog
- added mod_rcas (remote authentication)
Bugfixes
- many XSS failures in templates fixed.
- puser subtypes addable to groups
- enabled local profiles
- external authentication now also works with ARUserDirs
- mod_keepurl() now handles unreadable shortcuts properly
- keep_url redirects do now pass original callargs instead of the arguments given to user.notfound.html
-
fixed generation of last-modified en expire headers to use the gmdate
function because strftime's output changes with the locale; Updated
gmdate usage to use the defined DATE_RFC1123 format
- htmlcleaner now correctly handles embedded script tags
- removed ARCrypt(); puser now has its own hashPassword() function
- added subtype support to the axstore; fixes axstore updates containing subtypes.
- mimetype in wizard is now editable again
- added content-type check to ldRegisterFile() (for eg docx formats)
- fixed mysql precendence using commas and parentheses
- fixed problem with checklogin calling things on non existing paths, when using user.notfound.html constructs
- fixed many eventHandling routines like onmove() oncopy()
- added support for relative shortcuts
- fixed grants textarea dialog
-
fixed {x:id} handling, now works with {id} and {10:id}; will also
continue beyond maximum size. e.g. {1:id} will work when last id was 10,
will then return 11, etc.
Changes in Ariadne 2.7.7
- added getAttribute() method in ar/xml and ar/html.
- added maxlength attribute in ar/html/form for textarea type.
- added support for multiple select in ar/html/form.
- added images or dir:images support to getSetting() method. This returns the globally configured ariadne images directory.
Changes to existing features:
- removed require_once() calls in all ar library files, this is now handled by ar::autoload.
- improved the grants checks when copying objects, now correctly requires add grants on the target object.
- improved delete dialog so the object to delete is not abbreviated for longer paths.
- improved performance of ar/xml and ar/html, they now only try to parse input if the input possibly contains xml or html.
Bugfixes:
- fixed problem in the Ariadne user interface, now all objects are listed, regardless of the languages set in the objects.
- fixed problem with set_admin_password.php, now works again.
- fixed problem with scripts in bin/ directory, they now all use the same set of includes, including ar.php.
- onbeforeview now only fires for templates that can be overridden
by pinp templates. This prevents an error in a onbeforeview handler from
killing Ariadne.
- fixed bug in ar/xml and ar/html, they now handle utf-8 input correctly.
- fixed bug in ar/html/form, now correctly sets id attributes
- fixed bug in ar/html/form, the regular expression for URL's was incorrect.
- fixed bug in ar/connect/soap, now handles exceptions correctly.
- fixed bug in onbeforeview, now won't recurse infinitely
- fixed bug in ar/http::client, GET arguments are no longer dupicated.
Changes in Ariadne 2.7.6
New features:
- Added new dynamic form functionality. See www/js/form.js.
- Added the option to post the Ariadne session check key when cookies are not
available (in flash applications).
- Experimental template editor with syntax highlighting: ace. Configurable
through preferences dialog.
- New demo project (optional install).
- Try/catch now supported in pinp templates.
- Added support for debugging with firePHP.
- Added mod_recaptcha module.
Changes to existing features:
- Removed most of the ereg calls, replaced with preg.
- Added NOFOLLOW meta tags for the default ariadne view.
- Updated the portuguese, french and dutch translations.
- Improved the installer, removed all warnings.
- Made the mod_captcha module more robust.
- Caching will be disabled when debuging is on.
- Allow shortcuts to users/groups to be selected from the grants dialog.
- Added 'delete_empty_containers' option to htmlcleaner which removes empty
container tags.
- More robust htmlcleaner (attributes).
- Improved handling within the management view for large object sets.
- count_find() has now its own store handling for better performance.
- Improved the ariadne error handler. It will only display errors in the page
when display_errors(php.ini) is set to on.
- ar/xml and ar/html have been made more robust and consistent.
- Numerous bugfixes in ar/connect/ftp.
- ar/html/menu has been refactored to be more consistent and flexible.
- Added ar/html/form::findField.
- Improved ar/events performance, added the event name in the event object.
- Added a large number of events to ariadne, see ar/events documentation.
Bugfixes:
- ar/form: password fields no longer shows passwords value in the input.
- Fixed upgrade from 2.4rc2 (ariadne base package was renamed).
- Non-default templates are not saved within the unnamed library cache anymore.
- Fixed ar\http\client get requests with form data. Parameters are now encoded
in the url.
- Chrome is no longer too eager in caching ariadne pages.
- Fixed an allnls bug; templates will not be shown anymore when allnls is not
set and the object doesn't have the requested language.
- We now skip language check for config.ini.
- Fixed named library lookup for non-existing libraries.
- Fixed several browsing bugs within the ariadne backend.
- Fixed the user-account disable option.
- Fulltext properties will not get imported via ax files.
Changes in Ariadne 2.7.5
New features:
- Added get_content_type function to mod_mimemagic
- Added upgrade script for newer myqsl database which adds defaults to table fields
- Mod_htmlcleaner now has the option to remove empty tags
- Added error reporting support for Fatal errors
- Added ar/connect/multigate, a connector to Multigate to allow easy messaging from Ariadne. Only supports IRC for now but multigate will allow a broad choice in messaging protocols.
- Users no longer require hardlinks in groups, but can be shortcut items now.
Changes to existing features:
- rewrote the mysqlstore to do all query's with the internal store_run_query function, and replaced mysql_db_query because it is deprecated
- Fixed iterator support for ARnls
- Changed arSuperContext from a switch to an array which keeps score of seen templates. This resolves conflicts created by loading the same unnamed library on multiple paths.
- Index.html now also allowed on ppage
- Added default setting for ARBasedir in ariadne config to prevent problems with symlinks
- Refactored the database init code;
- Upgraded YUI to version 2.8.2
- Fixes in the whole codebase to use $AR instead of $ariadne
- sgBegin can be used in php-based scripts without a key to make it easier to get the correct grants.
- Improved error reporting
- Added wrappers for the store upgrade functions
- Showing all types now uses the names in arTypeNames (all available types) instead of the ones used in the typetree
- Compiled PINP templates no longer contain comments, resulting in a speedup.
- Added specific dialog for customdata on shortcuts
- ar/html/form: Added getNameValue and validate to fieldset class
- call_super() will now also follow shortcut redirects
Bugfixes:
- fixed NLS problem with file uploads
- removed some unused code
- FTP filenames now get the correct data for name info
- Added missing case for Ariadne upgrade scripts
- Fixes in mod_keepurl: make_real_path and get()
- Removed magic marker that detected .pps and .xls files as msword
- Fixed copy functions to check for illegal filenames
- Fixed caching of library templates
- Fixed endless loop when call_super()ing on an baseType::function.html call
- ar/html/menu: fixed root() to return the correct value
- ar/connect/soap: Fixed header instantiation and __soapCall methods
- ar/xml: Fixed indenting when a nodelist contains another nodelist
- Fixed config handling
- Fixed saving grants on groups
- Added correct use of htmlentities in user.notfound
- Fixed owners on shortcuts
- Saving grants on groups/users now works
- Fixed sgEnd() to release the grants
Change in Ariadne 2.7.4
This release has a number of small improvements and fixes, as well as a greatly expanded and improved version of the new API. We added a new object type, pproject, which is intended to ease management of projects with their sites, users and libraries. This will be expanded with a number of user interface improvements in Ariadne 2.8.
New features:
- Added first version of pproject (beta)
- Createsymlinks now has a configuration file.
Additions to existing features:
- SHA1 had been added to pinp-safe functions
- Backend now has more fallback fonts in the CSS (Ubuntu has no Verdana by default)
- Install help links now open in a new window
- Added a hint about case-sensitivity in the installer help
- Made the queue-mechanism for image magick a bit more resource-friendly.
AR: Ariadne General API: Additions and changes
The next generation Ariadne API has been extensively tested and expanded. It is now complete enough to build entire projects with. The API has been checked for consistency, correctness, ease-of-use and expandibility. We've added a lot of features which will make working with Ariadne much more simple.
Additions:
- Added ar::url
- Added XML and HTML parsing to ar/xml and ar/html
- Added easy XML data binding
- Added ar/connect/oauth
- Added ar/connect/rss
- Added ar/connect/soap
- Added ar/connect/twitter
- Added ar/events
Changes
- all static options in modules can now be set directly in pinp, no need to call configure(), you can access them as if they weren't static.
- made ar_http::$tainting public so other components can read it.
- ar_xml::tag and ar_html::tag have been deprecated in favour of ar_xml::el and ar_html::el
- ar::xml: Added noveValue support for elements and nodelists.
- Added getElementById to ar_xmlNodes
- Added preserveWhiteSpace configuration option.
- Added get and post methods to ar_http as shortcuts to the client methods.
- set default root in ar/html/menu.php to the current site instead of current path
- Added __get and __get in ar/content/html
- Added ar::callSuper();
- Added ar::acquire to get user config settings
- Improved XML error handling in ar/xml
- ar/connect/ftp: added get and set for configure options
- ar/connect/xmlrpc: renamed xmlrpcServerWraper to xmlrpcServer
- ar/connect/db: renamed dbWrapper to dbClient. Renamed connect() to client(), connect() is now deprecated.
- ar/connect/http: made the definition of send() more in line with the rest of ar/connect
- improved constructor in ar/css
- ar/loader: added get and set for configure options
- ar/nls now has support for baseDir
Bugfixes:
- Added search results for shortcuts in the Ariadne search dialog
- Fixed a problem with aspect ratio calculation when scaling a pphoto
- muze/event.js: Fix for keyboard, mouse and key events in Firefox.
- Added full path information stores.
- mod_page: make_path is run on show instead of compile, which means objects with - - content containing template calls can be renamed.
- Added newlines to SVN error messages
- Sorting in details view now works for numeric values
- Grants dialog now shows the types ordered alphabetically
- Cleaned up some disabled CSS rules for the backend.
- Properties are now only saved for NLS values that are available
- Installer now detects supported binaries better
- Fixed missing version numbers in upgrade script.
- Fixed the cookie check in muze.js which triggered a security violation error when used inside a modal dialog.
- Fixed ordering in ar::find
- fixed headers in ar/code/loader/http.php
- fixed bug in ar::xml mergeArguments, now ignores inputs which parse to false/NULL
- fixed ar_error::raiseError arguments, 3rd argument is now optional.
- YUI HTML editor no longer removes "dangerous" tags like form and input, we allow them in Ariadne.
- mod_mimemagic now tries the php internal functions first before trying to detect it self, this should improve mimetype detection without breaking backwards compatibility
- Owner dialog now checks for layout grant instead of both layout and config.
- Added missing compression config option in installation config.
- Fixed installation directory detection which was off in some cases.
- Replaced include_once with require_once for ariadne objects. Removed dependancy to be in object scope when the include happens.
Changes in Ariadne 2.7.3
Changes:- ar
- empty strings are nolonger tainted
- ar_html_form
- Labels in forms are now optional, set the label to false to skip the label.
- Return errors with the name of the fields as the key instead of the label,
this makes it easier to show the correct error messages in multilingual
forms.
- Added getHTML() method, which returns the ar_html dom object, allowing you
to manipulate the form output.
- muze javascript libraries updated
- added capabilities checking, with muze.env
- muze.event no longer automatically attaches a cleanup routine onunload. It
no longer needs it. The event library doesn't generate circular references.
With this change browser fast history navigation feature works again.
- muze.js base lib has been updated:
- the namespace() method now has an optional function argument, the return
value of this method will be stored as the namespace object.
- the require() method also has an optional function argument. This method
will only be called if the requirements are met.
- include() and load() return a loader object, which allows you to set
callback methods using loader.onload() and load.ontimeout(). You can clear
these method using loader.clear().
- pphoto
- Added a new shadow() method.
Bugfixes:
- ar_connect_ftp
- Fixed a bug in the handling of pfile objects, you can now put() an ariadne
pfile object.
- pasv() now returns an error if switching to or from passive mode fails.
- Fixed parsing of the url in ar_connect_ftpClient::__construct, now parses
paths not ending on a '/' correctly.
- ar_html_form
- Fixed form validation: empty strings are now also flagged as incorrect for
required fields.
- Fixed the html input type, was broken in previous release
- ar_nls
- Fixed autoloading sections that do not exist, they are now flagged as
missing instead of trying to load them every time.
- Fixed file downloads for internet explorer. Cache-control is now set to
private, which fixes intermittent problems with downloading.
- Fixed a bug which made it impossible to save a template through the ftp
loader.
- Fixed opacity in IE8 so the fades on the sidebar of the yui interface work.
- Fix the installer to properly set the ariadne webroot
- Fixed the old install script to set the admin password since the base.ax
no longer has an admin password.
- Fixed locking when starting the edit dialog
- Fixed a problem in the sql compiler (used by find()) which broke multiline
queries.
- Fixed a javascript error in the template editor when restoring the cursor
position.
- Fixed the mogrify feature to set the correct vtype for subtypes (e.g.
ppage.subtype now sets the vtype correctly to ppage).
- Fixed the pinp interface for mod_page:compile - added a missing language
option
- Fixes in the authentication system
- it now properly initializes Ariadne with the public user before trying to
authenticate the given user account.
- Logging into an active session with another user now works with custom
user folders.
- The loader now automatically redirects to a url with a sesssion id after
a user logs in on a page
- Fix the grants dialog textmode button to be clickable in internet explorer
- Copying an object will now set the owner of the copied object to the user
doing the copying
- Fixed a problem with custom data fields in the edit object dialog when the
custom data contains the </script> tag.
- Fixed workflows (user.workflow.pre.html and user.workflow.post.html) so they
are now always executed even when the requested language is not set on that
object.
- Guard against errors reading captcha files that no longer exist.
- Minor cosmetic changes to the yui interface
Changes in Ariadne 2.7.2
New features:- more speed, less CPU time needed.
- added image-magick queue to prevent denial of service through lots of image magick calls
- groups are now allowed outside /system/groups/
- added ftp client to ar
- added runtime test for config.ini before saving
- reinstated editor selection (YUI or Toolbar)
- reworked gettext/loadtext nls
- Added option to delete a file for a specific language
- recursive SVN checkout and update now allow a specific revision number
- removed lots of debug statements to speed things up
- speedups in editor.ini, typetree aanroep
- reworked compression support
- import/export skips compression of files/templates folders to speed things up
- speedups in SVN support, reuse the SVN instance
- typetree nls moved to typetree.ini, deprecates ariadne object-based typetree
- speedups in icon fetching
- reworked mysql query compiler
- added visual queue for uploaded files in file/photo dialogs
- explorer/user interface language is now treated seperate from the data language
- User interface now updates to the new language after changing the users language.
- explorer tree now also updates when a node is changed
- explorer now re-selects an item after an object is added
- 0 values can now be displayed using ar_html and ar_xml
- fixed calendar call for articles
- several fixes in the nls/language support
- several fixes to better support website speed profiling
- fixed backend to use backend-urls instead of frontend urls
- fix in HTML toolbar editor to allow classes on editable divs
- fixes in ar/html/menu
- lots of code cleanup
- fix post/get/callargs after failed logins
- fix in customdata dialog to prevent arrays/objects being destroyed when using this dialog
- bugfix in SVN resolved, conflicts can now be resolved correctly from within Ariadne
- bugfix in the installer for SVN support, removed trailing slash.
- Fixed broken owner grants to work again
- fixes in manual mimetype setting for pfiles
- fix for 'crop' to make sure the result is the requested size.
- fixed windowsizes and window dialog names
- allow logoff from any object
- language list sorted to be more consistent
- added new 404 page styling
- fixed mogrify window and options, vtype is removed since it is overwritten
- layout improvements in the lock dialog
- bugfixes in grants dialog
- SVN dialogs now requires a repository to be entered
- Added Ariadne API (read all about it!): basic HTML, CSS, menu, forms and lots of other coolness.
- Added 'mogrify' function that allows morphing object types. Admin only, can break stuff.
- Experimental: Added option that allows users and groups to be created outside /system/users/, thus providing users-per-site options
- Experimental: Zen style dom creation
Additions to existing features:
- Rework of the core loader.php to make use of the new Ariadne API
- Rewritten most of the explore view to make use of the new Ariadne API and HTML generation
- Links to help pages in the Ariadne installer when a check fails
- Extra checks in the Ariadne installer
- Speedup in backend loading
- Grantkey system has extended to allow grants to work on childobjects.
- Extended mod_geo with Exif Lat/Long support (thanks Gerhard!)
- Captcha does not show similar characters for better usability.
- Added option to tag a custom field as containing HTML.
- Added a default nextid length of 5 when no length is given, ie: {id}.
- Added 'check all' option to the unlock window.
- Specific templates for password changes on users
- Improved handling of file uploads and replacement
- Improved memory used for file uploads
- Progress bars for import/export dialogs
- Lock-removal dialog is now in the new style
- All JS files for the backend now use their local minified versions for faster loading
- Big speedups in the backend loading and browsing
- Less memory usage for debugging statements
- Removed some less important debug statements for better performance
- Typetree is now read from the disk-template 'typetree.ini' and no longer uses the information within Ariadne.
- Added html_entity* to the allowed functions list
- Added getLibraries function to list active libraries on a given path
Removed features:
- WDDX export has been removed from the export dialog, since it has no import counterpart. This option is still available from the commandline.
Bugfixes:
- SVN dialog fixes
- Fixes to the caching system to only cache GET requests
- Fixes in the PINP compiler
- Bugfix for missing mimetypes after saving files and images.
- Bugfixes in the explore view (ariadne backend): up button, menu position
- Bugfix in language-enabled SVN icons in template overview
- Bugfix in required grants in hyperlink and image dialogs
- Bugfix in SVN delete, now it also removes the templates in PINP when they are deleted in the repo.
- Bugfix in psearch to make it possible to delete it (thanks Gerhard!)
- Bugfix in template editor to make undo/redo work in IE
- Bugfix in the display of the tree, fixed icon positioning
- Fixed Toolbar editor to work in IE8.
- Fixed problem with disappearing config data when calling other templates from the config (a relatively new feature)
- Improved the config.ini workings, now the arConfig is passed as argument and the result value is set to the changed arConfig
- Improved the config.ini handling, now uses the php stack so you can use get() in a config.ini template.
- Added security check in getvar
- Fixed line counting in pinp
- Labelspans added to list, icon and details view in the Ariadne backend to prevent ugly views.
- Fixed the display of the image browse dialog, buttons are now placed correctly
- HTML editor now resizes with the window it is in
- SVN handling with large directories (>100) now works correctly for unsvn, commit, revert
- Grouping for SVN update messages
Changes in Ariadne 2.7
Changes:
Major work (more about this below):
- All new user interface
- New installer
- New naming scheme on disk
- Templates can have SU-style abilities
- Muze Javascript library
- Changes in multi-language support
Improvements in:
- SVN support
- Library support
- Third party authentication
- PINP functionality
Bugfixes:
- Native language support
- TinyMCE editor handling
- lots of others minor bugfixes!
----------------------
All new user interface
----------------------
Based on the Yahoo User Interface and the Nuvola icon pack, the whole user interface driving Ariadne has been given a huge facelift - some screenshots have been published earlier, but this release contains all of the new eyecandy. Not only does it look prettier, the new interface works under all major browsertypes (and even on some not-so-major browsers).
----------------------------------------
New installer with a lot nicer interface
----------------------------------------
A new installation procedure has been added to Ariadne - instead of the old text-based installation, Ariadne now has a nice step-by-step installation wizard. It does a lot of the checks for you before the actual installation is run, so installing Ariadne will be faster and easier than ever.
--------------------------------------------------
Introduced new naming scheme in the disk templates
--------------------------------------------------
With the introduction of the new YUI interface we have begun using a new naming scheme for templates on disk. The most important change is the extension for core templates is now .php where it used to be .phtml. Another change is the prefixes of templates for the userinterface has changed from their menu location to their actual functionality. All templates having to do with the default explore view are now prefixed with explore. All dialogs are prefixed with dialog. System templates are, you guessed it, prefixed with system.
We will gradually convert the whole of Ariadne to this new naming scheme and will deprecate old templates that are renamed by keeping a wrapper in place for some time. (Time is relative and yet to be determined :)
----------------------------------------------
Ariadne now has support for SU style abilities
----------------------------------------------
As a developer of pinp templates you can programmatically give a template extra grants. This is best illustrated by an example.
A common problem within Ariadne is allowing a public user to save data in an object but not allow editting of the whole object. Since there is only the 'edit' grant for an object you can't just set 'edit' for the public user because that would mean they could spawn the edit dialog and destroy any other data in that object. For instance you want to keep track of pageviews by saving them in $this->data->pageviews through a pinp template:
-- save.pageview --
<pinp>
$data->pageviews++;
save();
</pinp>
Without edit grants this would do nothing. Now to call this template with the extra edit grant the template dialog has an extra button 'Grant key' in the menu. This will spawn a dialog asking for the grants. Fill in 'edit' in our case, and press the generate button. This will give you a SHA1 key in the dialog, for instance: 'fd3d2216fea704652ea7176f9ab419c69b245710'.
This key can then be used in the following functions:
sgBegin($grants,$key)
sgEnd()
sgCall($grants, $key, $function, $args)
In the case of our simple example we would do:
-- view.html --
<pinp>
.... somewhere near the bottom ....
sgCall('edit', 'fd3d2216fea704652ea7176f9ab419c69b245710', 'save.pageview');
....
</pinp>
This would add the 'edit' grant for the current object (and its children) and run the template 'save.pageview', and destroy the grants again. Basically doing:
sgBegin('edit', 'fd3d2216fea704652ea7176f9ab419c69b245710');
call('save.pageview');
sgEnd();
A generated key is valid for the path its created on, and grants given by the key are added similar to group grants. This means if I give edit grant in my sgCall to 'save.pageview' any calls from that template to other templates on children of the object, or the object itself would be given that grant as well.
Please note that to use the sg* functions you will need to set the $AR->sgSalt to a string in your configuration. This is automatically and randomly done for you in the new installer. Without the $AR->sgSalt the sg* functions will not work.
---------------------------
The Muze JavaScript library
---------------------------
Since Ariadne 2.7.0 we've added a simple JavaScript library to Ariadne. This library is very small and simple and only intended to make the JavaScript development for Ariadne's user interface a bit more manageable. We haven't opted to use one of the mainstream libraries, because we felt that they all are either too big and unwieldly or simply not good enough. We did not want to include the equivalent of a canon just to kill a bug.
-------------------
NLS system overhaul
-------------------
In the last few months we've fixed an impressive number of fairly low level bugs in the multi language system. This means that Ariadne now acts much more like we intended it to, but hasn't over the past few years. If you are building sites in multiple languages this means that this Ariadne update may break your site if you are not carefull. The most important change is that Ariadne no longer automatically lists all objects found with ls() or find() or parents() or even get(). Default behaviour is that if the current language is english (en) and the requested object is not available in that language, but it is language aware, this object will not be shown. This means that it is very easy for objects to go missing in your site. There are two solutions:
1) edit the object and enter a name for the missing language
2) add the following line to your calling template:
putvar('allnls', true);
In the past it was possible to get the above effect using:
putvar('nolangcheck', true);
This was a bug and no longer works. The language check is done just once per request and only on the main template, e.g. view.html. Once Ariadne starts to run a pinp template, there is no need to set this variable, since the check has been done already. The only exception is the config.ini template. If you add the above line to a config.ini template, Ariadne will never ask the user to select a different language in that part of the tree. An alternative solution is to redefine the user.languageselect.html template and redirect the browser to the default language.
The overhaul has some positive effects, it is now very easy to create a website in several languages and actually have different menu entries depending on the language. Just create a new object in e.g. dutch and english, set the configured default language to either dutch or english on this object and remove the name in the other language. Switching between languages will show or hide the menu entry.