BSE - an engine for simple magazine style WWW sites.
BSE is an engine for creating simple magazine type web sites.
Maybe I'll add some other bits here.
generate the search base page using absolute urls
the images iterator will no longer prevent automatic image insertion by itself, there must be an actual image tag replaced.
the capitalize tag now lowercases anything it doesn't uppercase
the link[] body text tag can now be configured to redirect via a disclaimer page. See [html].redirect_links in config.pod.
filelink[] tags weren't being replaced correctly in search results excerpts
added the ability to confirm user email addresses from the admin side.
This requires that the user have the bse_members_confirm right and
access control must be enabled. Note that confirming a user's email
address may result in them receiving subscriptions from your site - if
they haven't given permission you may be in violation of the spam act.
correctly unescape the link text for use on the redirect page
allow the redirect page to work as a form
fix handling of the user not being logged on for add.pl
more consistent terminology in error messages (adriann)
made the message tag available on the lostemailsent template (adriann)
test updates to handle the change in the way we do browser redirects
some article iterators now allow their results to be filtered: allkids_of, allkids_of2, allkids_of3, all dynamic article iterators.
split BSE::Request into a base and live version, and added a test derived class.
filelink[] markup now includes a class and title attribute (adriann)
the shop cart action now accepts an embed parameter to specify an alternate template, this can be used for ajax, though there's no template support provided in the base template set (adriann)
fixed some typos in error messages
add the [basic].cookie_domain configuration parameter
better speed for ajax implementations (not in the base template set), including a fast CGI version of the shop script.
updated the embedded copy of prototype.js
the search template was being generated as a static template, changed to generate as a dynamic template.
fast CGI version of the search script
the style parameter was being ignored for the gimage[] body text tag
use the faster scaling parameter in Imager for thumbnails, if available
allow uploading replacement files for article images and files
you can now specify sort orders for (un-embedded) reports
added support for global files (just like we have global images)
change the article summary to text instead of varchar().
include highlight keywords for product field search matches
transfer the description instead of the summary to the line items
the order_save() custom callback was being called twice on the same
order data
display the order_save modified total on the payment page
added SQL to replace order items (used by update_title_summary.pl)
Example script: getpcode.pl - extracts a product code from the body of a product and sets the products product_code.
Example script: update_title_summary.pl - updates old order items with the title and description (previously summary) from their associated products.
orders now have a purchase_order field.
products now have a product_code field. This is transferred to order items when they are ordered.
added a summary field to articles. The old product summary field is now known as description, though the in database name of the column hasn't changed.
search indexing of the product_code, summary and description fields are controllable by the config file, as for the indexable article fields.
the ajax tags can be enabled for static pages
we now set ansi_quote mode when connecting to a mysql database, so we can use portal identifier quoting in queries.
the handling of column defaults has changed for upgrade_mysql.pl to deal with some mysql 5 issues. Be aware of this and backup your database before upgrading.
the product title and description (previously summary) fields are now editable on products that have been ordered previously
most dynamic output now has a ``Cache-Control: no-cache'' header, which should prevent caching by over-zealous UAs.
added new targets to cgi-bin/admin/add.pl to support ajax.
parsing of [] constructs in tags has changed to require spaces around subsidiary []. If you have strings containing [] characters as arguments you will need to add ``'' around them.
work around an ExtUtils::Manifest bug
add extra ofchild iterators (variation on patch from Adrian)
allow the archive flag on the send form to override the newsletter's setting
improve messages for bad image names
avoid infinite redirects on the admin side when the configured admin base URL doesn't match the name the server reports
modification to the session summary lists (date/location display) for seminars (from Adrian)
the order detail display was incorrectly displaying the order date
tags using the cgi or config values weren't displaying correctly on the error page.
fill in more user fields for test newsletters (patch from Adrian)
correctly fill in old alt/url/name values on a failed save of image properties
added a custom hook to the saveopts target in user.pl. You need to set [custom].saveopts=1 for this hook to be called.
various minor hacks to try and get utf8 output in some cases.
undefined <:param name:> tags are now returned as empty strings
There are additions to [pregenerate] in bse.cfg in this release.
the bookings/booking iterator has been added to the userpage, this can be used to list bookings for the current user.
the article edit pages had doubled _t suffixes, but it fell back to the original names, simply causing noise in the error log.
nuser.pl/user has the following new targets: bookinglist, bookingdetail, cancelbookingconfirm, cancelbooking, editbooking, savebooking. This implements Member Seminar Management for AZA.
This release involves some large potentially destabilizing changes, especially in newsletter administration, shop administration and the reports script.
a template set can now be selected for admin groups, the list of template sets is configured via:
[admin group template sets] setid=set description
a template set is a subdirectory of the local and normal template directories.
modified BSE::Request::dyn_response() to supply any template sets set by the admin user's groups as part of the search path for templates, this means that an admin user will use templates from those subdirectories before the main directories if they're in the right group.
modified nearly all admin code to do display via dyn_response() so
that they use the new template sets (and support _t for that matter)
The exceptions are dynamic output, like the newletter progress display and some embedding like in the shop admin catalog tree.
added a formatting code z, that un-html escapes the provided value.
the location display in the shop code only accepted single digit location ids.
added search functionality for the siteusers list.
added rough ajax support to the site users search
stopped an undefined value warning from the ajax tag
logon.pl now uses the common response output code, to make sure it's working the same way everything else does.
renamed the article parameter supplied to tag_url in BSE::Dynamic::Article to prevent a warning.
the session_popup tag on the edit booking page now uses a different date format. This can also be configured with [seminars].popup_date_format
BSE::Edit::Seminar wasn't importing tag_hash_plain, this caused some errors in emails sent when cancelling a session for example.
deleting a seminar session was calling a class method on the wrong class.
the admin logon form target now accept the t template selection option
the t paremeter is now recognized for the addattendee1 and addattendee2 templates
a new user side action dispatching mechanism is in place, all new user side functionality will be going via cgi-bin/nuser.pl. This splits the requests it takes into 2 parts, one is a controller id and the second is the action to take on that controller. These can either be supplied as part of the path if your web server supports PATH_INFO or in parameters. Eg. to use the bookseminar target of the user controller you can either request:
/cgi-bin/nuser.pl/user/bookseminar?id=50
or
/cgi-bin/nuser.pl?_p=user&a_bookseminar=1&id=50
a user can now book seminar sessions without going via the shop if they're free. The script is /cgi-bin/nuser.pl/user - if your server doesn't support PATH_INFO then you can use /cgi-bin/nuser.pl and set _p to user. The targets under this script are: bookseminar, bookconfirm, book, and bookcomplete.
You will need to drop or manually alter the bse_seminar_bookings table for this release.
the bse_seminar_bookings schema has changed in a way incompatible with the update tool. Previously it was just a relation with some extra attributes, it's now treated as a first class table.
a new session can now be selected when the admin edits a user's seminar booking.
the siteuser tag in the emails sent when the admin adds/edits/cancels a booking is now the user tag, for consistency with older emails.
there was a bug in handling some types of tag definitions in [...] lists
the parameters passed to the a_cancelbookingconfirm, a_cancelbooking, a_editbooking and a_savebooking targets in admin_seminar.pl have changed. These now take an id parameter to identify the booking.
the purchase process was broken by the config file product options changes, fixed.
send a booking notification email to the user when the admin books them for a session.
an admin user can now cancel bookings. An email is sent to the member.
an admin user can now edit bookings. An email is sent to the member.
Note: you need to cd to the util directory and run:
perl loaddata.pl ../data/db
from this release onwards.
partial implementation of non-shop seminar booking (database changes, modifying the shop to fill in the new booking fields)
partial implementation of Seminar Administration (access checks, extra fields on the booking form, view member detail, display of booked seminars for a user)
added view location target (a_locview) to admin_seminar.pl
added session list for a given location (available to all location displays, including edit, view, implemented as a_locview with _t=sessions)
new shop product options can now be configured in bse.cfg, so you don't need to touch bse.cfg. I'll document this later, see modules/BSE/CfgInfo.pm to see the code that does the work
various changes to make URLs more context sensitive:
the link fields for dyncart and the normal cart page are now always generated as absolute URLs
the shop base pages are now always pregenerated as if the shop article had an absolute URL, even when it doesn't.
the dynamic version of the url tag will now generate absolute URLs when there is no article context and use the article link to decide whether to generate absolute URLs in article context.
adding an item to an empty cart now causing the current session cookie to be set on the non-secure side as well, to ensure that the cart state is in sync on both secure and non-secure URLs
bump to 0.15_44
don't HTML encode values by default in emails sent by fmail.pl
don't call article methods for the ifStepAncestor tag when working with a fake article.
added addsingle\d+ target to shop.pl to allowing individual items from the catalog page.
bump to 0.15_43
reload the article earlier when updating dynamic status on descendants. The cached dynamic status was being lost when the article was reloaded later.
the shop now refreshes to the cart display instead of displaying the cart in the same request. The change in add adding to the quantities in the cart meant that a reload by the client would modify the cart.
The refresh location can be overridden with the r parameter.
the catalog url tag override wasn't passing through ``null'' replacements correctly, producing multiple site URLs at the front of url tags that were finally processed at dynamic replacement time.
implement a ifStepAncestor tag which checks if a given article or article id is the current article or a step/normal ancestor of the current article. This is limited to searching to 10 levels of ancestry.
Note: if you have many step parent links on your site then this tag can be very slow, since a large number of articles will be loaded searching for stepparents.
bump to 0.15_42
We were always setting the too big message for files rather than allowing the admin to configure the message.
add a new shop.pl action a_addmultiple which accepts multiple quantities and adds them to the cart.
modify the shop add action to add items to the cart rather than replacing them. So if product A is in the cart at 10 units and it added with 1 unit it will become 11 units instead of 1.
add tags to display the cart on any dynamic page
files now have a flag to hide them from the files iterator. This will require a change to the admin/filelist.tmpl template in custom template sets.
fixed a repeated ``the'' in the message from attempting to delete the store.
added dynmoveallkid tag for use on dynamic pages.
bump to 0.15_41
correct the closing search highlight to </b> instead of <b>
forms will now process file upload fields and send the files as attachments to the email. The attachments are not encrypted if the form has encryption enabled. Upload fields are not supportted for sending to the database.
forms now only have 3 encryption settings, encrypt, crypt_passphrase and crypt_signing_id. All other values are now set from the BSE shop defaults.
form emails now use BSE::ComposeMail, which will be extended to support HTML emails one day. BSE::ComposeMail was extended to support encryption and attachments.
bump to 0.15_40
added bse_timeout.pl test script. This can be used to test if a hosting provider sets time limits on requests. This script should be removed in production.
fix dynamic tags on some user.pl generated pages
doclink[] tag was causing a 500 error.
the ifCurrentPage tag on the search results templae is not ifCurrentSearchPage, due to a conflict with ifCurrentPage on article templates.
basic ajax support on the search page. This has some known problems. To enable set [basic].ajax to 1. This is experimental.
ability to highlight any result article field with highlight_result tag.
excerpting of search result file notes
customization of search result term highlighting
added fieldname_matched field to the matchfile tag to be able to detect if a given file field matched the search terms.
bump to 0.15_39
remove comment about fixed tiff.c in thumbnails.pod, this has been fixed
add registration notifications emails feature, enable by setting [site users].notify_register to some true value (like 1)
added site/docs/siteusers.pod with a more introductory documentation of the registration emails.
bump to 0.15_38
add match all option to searching
sort articles with the same search score by title
accept an r parameter for fmail.pl form submission to refresh to a page other than the default done page.
fix the default template name for the embedded report tags.
added dynamic tag ifUserMemberOf which checks if the current user is a member of the named group. Supply a leading * to name query groups.
added a name or identifier field to the article_files table, and administration tools to manage it.
re-worked the formatting API for easier extension
added filelink[] body text tag
removed some old commented code from Generate.pm
bump to 0.15_37
add search scores to the result tag
add the ability to require terms to match for a search
add the ability to exclude results that match a term
add bonuses to scores for results where the term matches more than one field.
searching and indexing processing have been moved into configurable modules, so we can add other search engines (a swish-e engine would be nice)
bump to 0.15_36 for release
in some cases the Articles module wasn't being loaded as needed
access checks are no longer done on iterators when an article is displayed in admin mode.
prevent undefined value warnings from fmail.pl when no validation rules are set for a field.
prevent undefined value warnings from validation when no rules are set for a field.
add userupdate.pl for uploading member updates as text files
bump to 0.15_35
added dynamic iterators, listed each here as iterator name/item name.
Global: dynlevel1s/dynlevel1, dynlevel2s/dynlevel2, dynlevel3s/dynlevel3, dynallkids_of/dynofallkid, dynchildren_of/dynofchild.
Article pages: dynallkids/dynallkid, dynchildren/dynchild, dynstepparents/dynstepparent.
added cgi-bin/admin/bse_modules.pl script to check that modules used by BSE are installed. This should probably be removed once BSE is installed and running.
search results now only include accessible articles by default.
the product tag no long warns when you attempt to use an undef (NULL) value from the product.
removed method=post from some display forms used to simply display data.
fill in the ccNumberHash when not doing online processing (this was lost when online processing was added)
fill in ccTranId with an empty string if the cc provider doesn't give us one.
add SecurePay XML credit card driver
briefly document the credit card driver interface.
the stepparents iterator now only lists ``visible'' articles.
userlist.pl now does logon and access checks - make sure bse_siteuser_dump is allowed for appropriate users.
userlist.pl now replaces newlines in the member data with spaces to prevent problems importing the data.
changed userlist.pl to check for bse_siteuser_export instead of bse_siteuser_dump.
userlist.pl can now dump a range of logons, specified with minlogon and maxlogon. If the field is missing or empty then the range includes the first or last by logon as appropriate.
added periodic API to DevHelp::Payments::SecurePayXML. This API isn't used by BSE.
modified userlist.pl so it can search for id or userId (logon)
changed the attributes of the dummy user for subscriptions (from Adrian Oldham)
menu.pl was using the wrong help icon
the report tag used by BSE itself conflicts with the report informational tag used in reports themselves. Added the subreport tag so you can embed reports into other reports in the context of BSE.
added gimages iterator
you can now use the [tag parms] syntax in the imagen tag
check user has access to an article before allowing file downloads. (#531)
shop emailed order encryption options can now all be set in the configuration file.
the credit card owner and type were not being stored in the order record. (#533)
optionally request the card type when requesting credit card information.
the affiliate.pl a_set action now allows you to configure extra cookies to be set.
prevent a 500 error when the user doesn't have access to create articles at a given level.
apply Adrian's set_errors_to_from patch
handle div/blockquote/address blocks a bit better.
ported the OO validation changes across
allow image[...|padding] to format padding as padding when there's no spaces in padding.
have bse_permission permission non-rights checks (eg. checking for no children on edit_delete_article) do the same checks as for permission
added some debugging output to the ifUserCan tag handler
patch from Adrian Oldham: add metaDescription and metaKeywords article fields.
patch from Adrian Oldham: fix quotes around template tag attributes, and valueless tags.
update t/t20gen.t and t/t21gencat.t to allow for the new fields
fix shell syntax problem in Makefile
implement popimage[] tag.
patch from Adrian Oldham: add missing documentation for article fields in Generate::Article.
word-wrap some lines added by above
copy same field documentation to templates.pod
enable admin security tags when pages are displayed in admin mode (ie. by admin.pl)
stop BSE::Session from keeping a reference to the session hash so it can be cleaned up properly.
parent validation for catalogs now correctly uses eq instead of == when testing the generator type.
the apache page handler now preloads more modules.
fmail.pl can now be configured to send form data to a database table as well as or instead of sending an email.
improved mod_perl compatibility - note: you cannot run more than one instance of BSE under mod_perl, and most scripts shouldn't be expected to work.
added page.fcgi, a FastCGI version of page.pl. See dynamic.pod for information on configuring this.
added BSE::Handler::Page, a mod_perl handler for page.pl. This should have lower initial request times than using page.pl under Apache::Registry.
we no longer attempt to regenerate articles with an empty link
poplink[], link[], doclink[], popdoclink[] now have the class attribute set based on the type of link. By default this class is the same as the name of the tag, but can be configured in [body class].
body text generated HTML now has the class of generated p tags set based on the [body class] config section. By default no class is set.
added formlink[] and popformlink[] tags to link to fmail.pl forms. You can set the title attribute in the config file for the form to set the default text. The class attribute for these can be configured in [body class].
deleting an article now deletes the generated page or cached page, depending on the article type.
changing an article from dynamic to static now deletes the cached page. (going the other way deletes since 0.15_27.)
deleting an article with files attached now deletes the file records and file content.
code processing the deletion of an article has been slightly reorganized. (moved from the edit code to the article object code)
code processing the deletion of an article file has been slightly reorganized. (moved from the edit code to the article file code)
the done template for fmail.pl can now iterate over the selected values as the email template does.
added site/docs/dynamic.(pod|html), which documents BSE's dynamic page generation.
documented [template types] bse.cfg section
the article link column has been expanded to 255 characters
children are no longer always dynamic if their parent is. They must now either inherit access controls or have the force_dynamic flag set in the article or in the config file to become dynamic (but see below.)
added the ``Descendants inherit Always Dynamic'' flag. If this and the ``Always dynamic'' flag is set for an article then all descendants will be dynamic.
the doclink[] and popdoclink[] body text tags now include a HTML title attribute in the <a ...> tag.
children are now correctly regenerated when their dynamic parent is saved.
when an article turns from static to dynamic the static content is now removed.
added a session bookings page
the url generated by the doclink[] and popdoclink[] body text tags are now properly HTML escaped
the cached dynamic status of a newly created article is now set correctly.
fmail.pl forms now collect field defaults by, urr, default.
the ifValueSet fmail.pl tag now checks the field default for the initial display of a form.
the shop now skips the payment page if the order total is 0.
ordering a non-seminar product no longer causes a 500 error on final processing of the order.
the final order page wasn't processing dynamic page tags
if a conditional tag isn't defined when during tag replacement, previously defined tags in the true and false parts of the tag were not replaced. They are now.
page.pl now accepts the article id via the page parameter instead of id. You will need to edit and save any existing articles to update their link fields with the new URL.
added bseaddimages.pl, a tool for adding image to an article on a remote BSE. The -u and -p options are currently untested. YMMV.
the ofchild, ofallkid, and inline tags now perform HTML escaping.
many BSE::UserReg error handlers were calling the display functions with the old argument list, cause 500 errors when attempting to display errors.
added ifAccessControlled static article tag
if you did a search in a selected section, the search results page would leave the sections drop down back on ``All Sections''. It now correctly uses the previous section.
added a notes field to files attached to articles. This is indexed by the search engine. Note that the indexing of the description is split into the indexing of the displayName and description.
admin.pl now applies the dynamic page tags for dynamic articles.
fmail.pl's a_done target now uses the dynamic page tags.
search.pl now displays matching files (with the same limitations as current match displays)
removed from debug output
added [shop].secureurl_articles option. Patch by Adrian Oldham (http://www.visualthought.com.au/)
pregenerated templates used by various scripts are now generated as if they were dynamic articles, and the various scripts now make the dynamic article tags available. This is a complex change, so it may have introduced some problems.
the sidebar logon panel has been updated to generate serverside when the containing page is dynamic.
the t21gencat.t test script wasn't cleaning up properly after itself, leaving the database in an inconsistent state.
fmail.pl forms are now filled from the currently logged on siteuser by default. The field names must correspond to the siteuser field named for this to happen. Note: custom defquery_base variants will need to be updated to support this.
user.pl now attempts to display the userpage by default, instead of the logon form.
the images iterator (on articles) now accepts various options to filter the images iterated over. See templates.pod for details.
the ifImages conditions (on articles) now accepts various options to filter the images tested for. See templates.pod for details.
if siteuser groups were required on a non-top level article, and the user was not logged on, a 500 error would occur, instead of displaying the logon page.
you can now set require_logon to non-zero for an fmail.pl form to require the user to logon before displaying/submitting the form. The message displayed on the logon form can be customized, see formmail.pod for details.
the submit button on the defquery_base page had an empty value unless the submit text was configured
moved the security check code out of BSE::UI::Page to BSE::Request to make it more generally available.
image.pl now checks the user has access to the article before displaying the image
saving a dynamic catalog would cause a 500 error.
added image.pl, intended for image display popups, accepts article id parameter as id and either an image id as imid or an image name as imname.
you can now add siteuser groups required to view an article. Adding such access requirements forces an article to be generated dynamically.
added sql_statements table, used for BSE extensions.
error.tmpl is now generated correctly from error_base.tmpl
siteuser group management actions now correctly refresh to the URL supplied in the r parameter, if any.
minor patch to fix the error message displayed when attempting to save over a modified article (midnight to 1am times now displayed correctly) (supplied by Adrian Oldham)
added image_index tag to the display article tags
Applied a patch from Adrian Oldham:
date fields in the articles created by initial.pl are now set to the date initial.pl is run rather than some date in the past.
simple (optional) protection against saving over pages modified by someone else.
the search engine now indexs the author and pageTitle fields. The file_description is now indexed by default (previously you needed to configure it)
added: document [editor].check_modified in config.pod.
Minor release so I can patch some other things.
renamed the new level1_col tag to level1_byname to prevent a conflict with the older level1_col tag from the level1_cols iterator.
pages can now be generated dynamically, though I'm still working on the UI side of making them flagged dynamic. Structure exists to make it possible to add extra dynamic tags on per article type basis, but isn't used yet.
you can create site user groups, and put users in them, and delete them.
added loaddata.pl tool to util directory for use in loading up tables with data
full_access permission now includes all bse_ permissions
config file entries can now use ``here-docs'', for example:
[some section] key=<<EOD some data EOD
this is especially useful for sql statements for reports
fixed the dynreport tag, a parameter wasn't being passed to the handler.
added level1_col and level1_sum tags to the report tool.
<:level1_col column_name:>
will extract the column of the given name.
<:level1_sum column_name:>
will return the sum of that column for the result set.
you can now set a debug flag for a report. This doesn't produce much information yet.
added builtin pastdate rule to the validation module.
Iterim release with subscriptions work.
added newsletter subscription filters to subs.pl.
admin/users/edit.tmpl now has an optional include so we can use custom fields without modifying it.
Adds the report changes except for control-break reports.
I'm going to workaround control-break reports for now, it was taking way too long. I'll implement them at a future date when there's no time pressure.
implemented the <:report ...:> and <:dynreport ...:> tags
added access controls to reports
seminars can now be added to orders (if the user is logged on and isn't already booked)
added a_location target to shop.pl to display location information to end-users (intended for use as a pop-up)
removed old commented code from shop.pl
subs.pl now has normal admin tags on the newsletter list, including correcting the help tag.
the validation of the article parent id was incorrect, causing problems when saving existing articles. Corrected the validation.
parsing and handling of the default value for the release and expire fields were reversed.
seminar display templates are now under the seminars directory
seminar display templates now have access to locations, location sessions and sessions iterators.
cart, checkoutnew and checkoutfinal templates now have access to per-item session and location tags
you can now add a user as a seminar attendee, without them having made an order.
DevHelp::Date had been changed to try to import its import method from Exporter, but this doesn't work on older perls. Reverted to subclass Exporter.
upgrade_mysql.pl wasn't correctly checking the entered number, and would perform the upgrade even if the incorrect value was entered.
upgrade_mysql.pl now treats varchar(...) binary as if it were
varbinary(...) and no longer treats this as a column type change
(unless the size changes)
This is a development release, not intended for production.
site/htdocs/images/trans_pixel.gif is now transparent again
search.pl would produce a 500 error if the search string contained regexp metacharacters (#502)
search.pl was only searching for the first search term
the shopadmin.pl product list wasn't listing seminars
field configuration for the location pages was being ignored
add.pl now generally accepts m or message for the message parameter, and can accept multiple messages.
functionality added to add, edit, delete, and take roll for sessions
This is a development release, not intended for production.
location maintenance at the basic level is in, accessible via http://example.com/cgi-bin/admin/admin_seminar.pl
you can create seminars, though there's no sessions or related data yet.
the generator field in articles has been expanded in size, so BSE::Generate::Whatever will fit in.
orders now accept delivery and billing organization names, and a second street line for the delivery and billing addresses
members can now have a second street address line in their billing and delivery addresses. They can also have a billing organization.
the release and expiry dates for articles when creating a new article seem to have been handled incorrectly for a long time. We now properly parse them when adding a new article (or product, etc)
in some cases the date tage %z value would be omitted under Linux. I'm not sure why this was happening, and the fix is pretty empirical.
we now attempt to handle nested non-tag [] when removing tags from body text.
t/t40images.t now uses the links() method instead of the internal
extract_links() method. (this is part of the test suite and doesn't
have an effect on most users)
articles now store their creation date, the user who created them the user who last modified them. (implemented by Adrian Oldham)
articles now have author and pageTitle attributes. The pageTitle attribute overrides the value of the title field in the HTML header title tag. Currently these are not indexed or searched by the search engine. (implemented by Adrian Oldham)
error messages for invalid image identifiers have been changed (implemented by Adrian Oldham)
previously the parentid wasn't being properly validated when adding a new article, possible causing a 500 error. We validate the value and report an error on invalid values now.
affiliate.pl can now set a configured cookie to the value of the affiliate id. See [affiliate].set_cookie in config.pod.
added template sidebar/afflink.tmpl that can use such a cookie
fmail.pl's values_select tag now sets the id attribute to the name of the field.
famil.pl now has the remote_addr tag available when composing the email
the capitalise tag now attempts to capitalize words like ``don't'' correctly.
a validation rule of:
nomatch=0
would be ignored
fmail.pl added to the smoke test script
the pgp content type header for encrypted fmail emails is now added only if configured to do so with the crypt_content_type option.
the required_if validation option can now be used from the validation configuration.
empty values when specifying values in the form:
fieldname_values=value1=name1;value2=name2
can now be specified
you can now specify a prefix for values specified via section name, for example:
fieldname_values=some section:prefix
[some section] prefix=None Selected prefix1=One prefix2=Two
where the values/names for the select will be:
"" None selected "1" One "2" Two
added formcfg tag to the fmail templates, this tag allows access to other values in the form's configuration file section.
added field_config to the fmail form configuration file section. This can list extra values to be retrieved from the config file for each field.
DevHelp::Validate depends on DevHelp::Date, which wasn't included.
BSE::UI::Formmail now loads the form specific field configuration rather than expecting DevHelp::Validate to do it (which shouldn't really have been modified to handle it)
using custom validation rules would cause a 500 error.
subscription calculations no longer include incomplete orders.
the user and ifUser tags are now available on the user/lostpassword template.
localinst.perl (used by make test, make testinst, make testfiles) no longer ignores empty config values.
the article keyword field now defaults to empty rather than NULL.
fmail.pl forms can now be select, multiselect, radio or check button fields. The values can be specified in the config file. See docs/formmail.pod for details.
the emails sent by fmail.pl can be sent encrypted or encrypted and signed. See docs/formmail.pod for details.
This release adds a new column to the orders table. You will need to run the upgrade_mysql.pl script on existing installations.
product information is now available from the item tag on the final checkout page
another field has been added to the orders table to track the difference between an order that's been created for payment processing, and an order where it's been completed.
The existing order lists filter out the incomplete orders.
if a user attempts and fails online credit card processing on an order, that order record (and hence number) is now re-used for the next attempt. Note: if a user abandons an order after a failed attempt at online credit card processing then an incomplete order is left in the database.
added an order_list_incomplete target which lists only incomplete orders (for completeness...)
the order_detail template now flags incomplete orders and attempts to display credit card processing information.
the embed tag and embed[] markup didn't support newer style tags
Interim release with some minor fixes while I fiddle with trying to re-use the same order after a CC processing failure.
0.15_05 field name changes meant that values from the logged on user record weren't used for delivery fields. The checkout page now adapts for that.
previously if you submitted the checkout page, then went back to it, it would use the defaults from the logged on user (or empty fields). Now it uses those saved values as defaults.
the cardType field is no longer required, or processed.
the extended cart fields are now available on the cart and checkout pages, since it isn't used anywhere anyway.
WARNING: this release makes major changes to the way the shop works. Make sure you test BEFORE you deploy.
This release may introduce incompatibilities with older BSE::Custom modules, if you come across any of these, please let me know.
To deploy this with a custom template set the following templates will need to be updated:
- checkoutnew_base.tmpl - new checkout page - checkoutpay_base.tmpl - new payment page - mailconfirm.tmpl - handle CC processing - mailorder.tmpl - handle CC processing - checkoutfinal_base.tmpl - display credit card receipt number
This is primarily intended as a test release, currently it has three known problems:
the checkout page won't load the saved order values if you go back to it after having gone through it without finishing the order.
each failed online credit card transaction results in a new order in the database (marked as failed)
some admin side templates still need updating
The changes:
major changes to the structure of the shop, There is no longer a purchase action, this has been split into an order action, which saves user information, and a payment action, which attempts to process a payment.
The initial checkout page now uses the checkoutnew template rather than the checkout template. The payment page uses the checkoutpay template.
the final order display is now a separate request from the purchase/payment action, you can now make changes to the template and test them without having to create a new order each time. The final order display page will only display the last successful order for 5 minutes.
the shop can now process credit card transactions online through the Inpho credit card gateway. There is also a also a ``test'' gateway module that allows for offline testing. See [shop].cardprocessor in config.pod
the shop (and other scripts that use the general dispatcher, like affiliate.pl and fmail.pl) should now work with image buttons submitting the form.
conditions to check for payments types on the shop pages that accepted a payment type name (like <:ifPayments Name:>) would always return value for the CC type, even when it was enabled.
fields that were marked as required previously are now actually required, this most likely a problem for the cardType field. I may end up marking this as not required.
a new credit card field value is accepted and passed to the online credit card processor, the cardVerify field.
fields on the checkout page now must use the name defined in the order record. The older names are no longer usable, except in the required method of BSE::Custom.
the error_img tag is now available on the checkout and payment pages
the allkids iterator no longer lists unlisted stepkids
added the [article defaults], [product defaults] and [catalog defaults] configuration file sections, see config.pod for details.
generate.pl would refresh to the wrong place when secure admin was configured, causing the logon page to be displayed.
reorder.pl had a syntax error which didn't show in the test suite. The test suite has been updated to catch similar errors in reorder.pl
the low level body text formatter now includes <p></p> around its results. Many other minor changes were made to hopefully improve the output from the formatter.
the level2 tag now HTML escapes its results
the old tag is now more backward compatible.
changed the search index primary key from ``varchar(200) binary'' to ``varbinary(200)''. Unfortunately mysql 3 reports this type as ``varchar(200) binary'' so the tool we use to build mysql.str has been mangled to convert that type to varbinary.
the article table included a default value declaration in the column spec for the primary key. This conflicts with the auto_increment on mysql 4 and has been removed.
the makefile now checks for .pl files that still include the option to start the debugger in their #! lines before building a dist. This will prevent releasing a dist that tries to start the debugger when you call a script.
the search results page now has access to the basic dynamic tags
added the fmail.pl script, see formmail.pod for information on using this.
reorder.pl now accepts a type parameter to sort only those children that have the appropriate generator.
catalogs now use the standard iterator tags for products, allprods, stepprods, and adds an allcats iterator.
shopadmin.pl now supports the shop article being a catalog, adding the shop tag and products iterator for the base product_list template.
the summary and thumbnail tags didn't work with newer style article tags
the drop-down parent list for catalogs no longer includes the current catalog or its children.
you can now parent products to the shop article if it's a catalog.
the dynamic old tag can now accept the field name as a [] parameter.
body text is now generated with surrounding <p> and </p> tags.
added the div[class|text...] formatting tag
formatted lists where there was no other text between the lists would produce mis-formatted lists.
the tt[] and pre[] tags were not removed from search result except text. (#460)
creating a new user with subscriptions enabled could sometimes cause a
500 server error. This was due to calling escape_url() instead of
escape_uri(). Thanks to Piers Johnson from Might Media for reporting
and patching this.
added the billMobile and delivMobile fields to the orders and site users tables
the user tag in user.pl could sometimes produce undefined value warnings in the error log.
search excerpt text is now correctly HTML escaped
added the strepeats iterator for use on all pages (resolved on the first build when pre-building templates for dynamic pages)
added the ddigits prefix to the arithmetic tag, which rounds the result, so for example:
<:arithmetic d2:1.234:>
results in:
1.23
img elements produced by the thumbnail tag now include an empty alt
parameter.
the tt[...] tag is now removed from body text in those cases where we're removing other tags
added the delivMobile and billMobile columns to the site_user and orders tables. These are saved and transferred in the appropriate places. The core templates have been changed to display or edit them where appropriate.
No changes since 0.14_37, no issues reported with 0.14_37.
This will become 0.15 on Friday unless a major problem is reported.
The ifRemovable tag on the subscription list should no longer produce undefined value messages.
you can now configure a site user (member) flag that must be set for the affiliate page to be displayed for that user.
documented the [site user flags] configuration file section
Trying again for a release candidate for 0.15.
the <:money ...:> when used on static pages, or when resolved when pregenerating base pages, would ignore the third and subsequent arguments.
the checkupdate target for the checkout page would crash if there was no custom session data defined.
the final purchase page did not have access to the normal BSE static tags
the switch tag didn't handle the protocol used to handle unimplemented subtags.
This is a release candidate for 0.15.
you can now use the |x flag on a tag to re-encode the value suitably for XML (to avoid HTML entities like é). Note: since most BSE tags already HTML escape their data, this tag will convert HTML entities to characters before re-encoding as XML.
the allkids_of, kids_of and inlines iterators now support the [tag ...] syntax for their arguments. Any values returned by the [...] constructs are further split on spaces, so you can have a single tag return more than one value here. This is convenient if you want to use the cfg tag to specify article numbers from bse.cfg.
the <:date ...:> tag now presents the correct day of week. (#450)
added a new tag nobodytext which strips all bodytext markup from
its argument.
subadmin.pl now uses the bse_subscr_* prefix for it's various security checks
thumbnails weren't implemented for the site view/global image manager, they are now available there
you can now supply a new date selection code to the search engine, 'mnumber' will now only list articles that have been modified within the last number days. The supplied search_base.tmpl has been modified to include this. (#136)
updated internal file extension to MIME types based on a list from
Adrian, types which are basicly text files (like
text/x-script.bash) have been changed to text/plain so browsers
don't need to know about obscure aliases for text file types.
doing a refresh due to failure in adding a product to the cart (due to subscription restrictions for example) when the product had options would cause a 500 error (#438)
the arithmetic tag should handle double generated pages where tags needed on the second generation are used in the expression.
we now URI escape apostrophe ' when we're URI escaping in general,
since a trailing unescaped ' could confuse some browsers in a
Refresh header.
cgi-bin/admin/admin.pl now refreshes to the menu with an error message
rather than causing a 500 error if it cannot find the article
specified by id. (#424)
saving a disabled user from the member admin page will no longer send the user a confirmation message if they are unconfirmed and have subscriptions selected. (#393)
a change not listed for 0.14_05 - the delivery instructions entered during checkout are now included on the encrypted order emailed to the site admin. (#354)
the validation error icon image can now be configured, see [error_img] in config.pod. (#230)
user.pl now has an a_orderdetail target which accepts the order
number in id. The order must belong to the currently logged on
user to be displayed.
affiliate.pl will no longer display pages for disabled users (#437)
the image manager will now display images as thumbnails if configured to do so.
Currently the only imaging tool that can be used for the thumbnailing process is Imager.
This adds the thumbimage, ifThumbs and ifCanThumbs tags to the article editor pages.
See thumbnails.pod for more information.
localinst.perl (run with make testfiles) no longer deletes the content of your htdocs/images directory.
logging out now clears the shopping cart
after logging in when you failed to add an item requiring logon now refreshes back to adding the item again (#434)
setting [affiliate].subscription_required to an affiliate text id should now work
trying to add a subscription product while not logged in now refreshes more appropriately after you logon.
checks for renew/start only subscription products are now done when you attempt to add the product to your cart.
SiteUser.pm was missing an import of sql_add_date_days(), which caused a 500 error.
the subscription expiry date functions were checking the wrong field name for the expiry date. This caused problems when trying to add a renewal product to the cart, amongst other things (#435)
the userpage now has access to a subscriptions iterator, includes access to the subscription fields, and the ends_at, started_at and max_lapsed status fields. This only shows subscriptions the user is subscribed to. (#436)
the options page now has a ifSubscribedTo tag. This accepts one parameter which is the text id of the subscription.
the subscription order summary on the subscription detail page now multiplies the period by the number of units bought
you can now configure a required subscription for affiliates, see the
documentation for subscription_required in the config manpage.
the product tag on the checkoutfinal page now accounts for database NULL values
the subscription detail template didn't display the usage field correctly
the delete subscription link was incorrect
the delete subscription confirmation template wasn't supplied
the subscription edit/add templates were missing a closing </tr>
removed debug code from Squirrel::Row that was sending
addclassname to the error log.
the test for whether a user was subscribed was incorrect.
the number of units of a product bought for a subscription product was ignored, now 2 units of a 2 month sub product will act as 4 months.
it is now possible to include other config files from bse.cfg, see
[includes] in config.pod for more information.
the doclink[] and popdoclink[] tags would not be removed from the search page excerpts if the second parameter was present but empty.
more recent code using the m parameter could crash if the script was passed two m parameters.
a method rename during development meant that some code was calling a method that didn't exist, causing a 500 error.
if you supply an 'r' parameter that defines an 'm' parameter to subadmin targets the code will no longer add it's own 'm' parameter.
DevHelp::Validate now includes some documentation of its built-in rules.
The basic processing for subscriptions is now done.
added max_lapsed to the order_item table, to make sure subscription expiries remain consistent.
the bse_subscriptions table was commented out for the last release (it worked here because the table was created before I commented it out <sigh>)
ordering items with a subscription now results in the bse_user_subscribed table being updated, and hence most of the code which checks if a user has subscribed now has something to check
the users iterator on the subscription details page now works
subadmin.pl now has a target to update all users subscription expiry dates from their orders.
messages usually weren't displayed from a refresh by subadmin.pl, when they should have been
modern iterators could cause 500 errors (bad parameter list internally)
modern iterators could generated undefined value warning in the logs
switched off debugging for Squirrel::Template, which should reduce log pollution considerably.
I'm planning on making all base BSE permission checks use a ``bse_'' prefix to avoid conflicts with add ons like nPort. The permission checks should all now allow checks against bse_foo when only the foo permission has been granted.
This should allow templates to be updated to use the bse_ prefix.
Note that the permission sets in bse.cfg must continue to use the
non-bse_ names for now.
most of the structure of subscriptions has been done, provided for templating and testing.
Note in particular that the users iterator on the subscription details page will return an empty list for now.
0.14_24 added ``.html'' to the end of ``link title'' links, this broke regeneration. This release changes that to ``_html'' at the end of the links, which shouldn't break regeneration and will hopefully still allow google to index them.
I'll probably preserve the current behaviour if we add a mechanism for setting the content filenames, since unlike filename changes this preserves the link, so a title change won't break links from external sites.
added site/docs/future_plans.pod to the distribution
Release in preparation for subscriptions implementation
deleting site user images didn't work - the SQL used to remove the record was incorrect
it's now possible to associate images with a site user (member), these are editable both by the admin and the user themselves.
They work the same as the nport member images.
By default they are stored in the same location as uploaded files (defaulted in the config file.)
Don't forget to change your custom admin edit site user template to use the right enctype for the form.
you can now use siteuser images on the affiliate page.
SiteUser.pm was still using Orders rather than BSE::TB::Orders <sigh>
affiliate_name can now be set during registration or during addition in the admin interface.
the require_affiliate_name flag in the config file is now supported (it wasn't necessary for the original application)
[site users].display_affiliate_name is now used in validation errors for the affiliate name field.
the referer checks for affiliate.pl extracted the Referer header domain incorrectly.
the order affiliate_code is now accepted as a CGI parameter during purchase if it isn't set in the session.
the order siteuser_id field wasn't being set
added an affiliate_name column to the siteusers table. This value is required to be unique if non-empty and may only contain alphanumeric characters. You will need to add this to any custom templates.
affiliate.pl now accepts alternatives to the id parameter:
lo - the logon name of the user
co - the affiliate name of the user
some prep work for site user images
a few modules were still using Orders/OrderItems instead of BSE::TB::...
work around a discrepancy in the way mysql handles dates, step child records marked to be released on a given date should now be released on that date rather than the next day
added affiliate.pl, which can display an affiliate page or set the saved affiliate code.
extra fields have been added to the site users table to allow for custom data on the affiliate page.
a new debug flag dump_session has been added. if this is true then a data dump of the session hash is performed after it is retrieved from the database.
some of the order processing code checked incorrectly for subscriptions (which don't exist yet anyway).
This release includes some structural changes to article editing, please test before deploying it.
doing a sort of all children wouldn't include the unreleased (step)childen in the sort (#389)
with access control enabled, using the reorder.pl script while not logged (including due to a cookie timeout) on would produce a server error (#419)
the Orders / Order / OrderItems / OrderItem classes are now BSE::TB::Orders / BSE::TB::Order / BSE::TB::OrderItems / BSE::TB::OrderItem, to try to use a more consistent naming system and clean up the top level namespace
the prePurchase target has been disabled in shop.pl, since it's effectively unmaintained, and probably completely broken
updated the document list of session values in BSE::Session.
defaults (both internal and configured) are now used to set article/product fields on creation, this should allow simplified creation templates to omit fields that don't need to be explicitly set
the warning about $Text::Wrap::columns only appearing once should disappear
a shipping_cost column has been added to the order table. This is not set by BSE at all yet, but is available for use by custom order save code.
some fields and code have been added to support subscriptions (no, not the newsletter stuff)
removed some debug dump code from the shop
``link title'' links now include ``.html'' at the end to allow Google to index them
some preperatory work has been done to handle affiliates and subscriptions
differences in whether CR chars are passed in line separators could cause formatting problems with ##/**/%% lists in body formatted text
a ##, %% or ** which wasn't at the beginning of a line could be treated as part of a formatted list
the logon page used the user side help icons (#371)
the admin user and admin site user pages used the user side help icons (#373)
the change password page used user side help icons (#378)
the admin logon page now accepts an m parameter
in general, moved the common admin tags call after the common basic tags call so that admin tags (like the admin help icon) replaces the basic help icon.
remove blank lines from the error messages produced on the admin user administration pages (#382)
a very rough attempt at changes to support UTF-8 content has been made.
Don't rely on this.
previously, if an error occured in producing a template that wasn't a template not found error, while using an alternate template, a 500 error would be produced with no message in the error_log. Now an error page is produced, with the message sent to STDERR (and hence to the error_log).
BSE::DB::Mysql no longer reports that it found SQL in the database.
when link titles were enabled they were being produced twice.
added the <:today:> tag - returns the current date, by default formatted as ``dd-mm-yyyy'', but can be reformatted as per the <:date ...:> tag, for example <:today ``%d/%b/%Y'':>
added the <:arithmetic ...:> tag. Any text [word ...] text in the argument is replaced with the corresponding tag value and the final result is then evalled. Do not ever use [cgi ...] values or any other unvalidated data with this tag, to avoid security issues.
the <:sorthelp ...:> tag now seperates the returned URL arguments with & instead of just & to produce correct HTML.
the url tag now generated absolute URLs in subscriptions
non-lower-case link[] commands in subscription body text was causing 500 errors, (doclink[] with unknown article names/ids could cause the same issue)
the <:help file entry:> tag can now be used in all templates, and optionally takes a style argument, with the default style depending on context. This tag is replaced as pregeneration time for pregenerated pages.
In user pages (including the admin version of article pages) the style defaults to ``user''.
In admin pages the style defaults to ``admin''.
The style chosen can select a template, and change icons and path depending on the configuration file, see [help style ...] in config.pod.
BSE::Mail::* now accept a bcc address parameter. This is intended for use by nPort.
image[...|url] was HTML encoding the url twice.
added an output_result() method to BSE::Request. This is currently a
shim around BSE::Request->output_result(), but it may change in the
future.
added the <:oldi ...:> tag, for use on any dynamic page
<:oldi fieldname index func funcargs:>
This is used for extracting the correct previously entered value for a multi-value field.
the default <:old ...:> tag was ignoring the fourth and subsequent parameters, for example, if the tag was:
<:old fieldx taga arg1 arg2:>
only arg1 was being passed to taga.
site/util/mysql.str hadn't been updated to the new format
added some support code for use in nPort.
makeIndex.pl was passing in incorrect parameters in a few places to do with article formatting
added the poplink[] and popdoclink[] a body text tags
the link[] tag now uses the URL as the link title if no title is provided
the show_register target of user.pl now accepts a _t argument as a
template selector.
upgrade_mysql.pl now takes a -i filename for the extra table structures to be installed. A -h for help option was added too.
the format of the database structure file for upgrade_mysql.pl has changed, to allow for column types containing commas (like decimal(9,2)).
tbe table[htmloption=``value'' ... ] form of the table body tag no longer HTML escapes the options. (#348)
one of the changes to use the new formatter for summaries mixed up an argument order, breaking the <:summary ... :> tag (#347)
fixed some problems with the new sorting features in reorder.pl.
BSE::DB::Mysql will now attempt to search the sql_statements table for any SQL needed that isn't found in its internal table. This is intended for use by external applications using BSE's database support tools, specifically for the nport project.
This adds several destabilizing changes, test before using in any production setting.
you can now specify that BSE uses the configured secure URL, the normal URL or a separate admin base URL for access to administrative functions. The action parameter on any custom admin/logon.tmpl should be changed to include the new <:adminbase:> tag.
reorder.pl now accepts a more sophisticated sort parameter, it can
now be a comma separated list of fields to sort by, most significant
at the front. Any unknown fields are ignored. You can put - in
front of any field name to sort that field in reverse.
the image[] and gimage[] tags now take a fourth parameter which can
either be a simple class name (all alphanumeric), a set of parameters
to the padding: style command, or actual CSS style commands.
lastModified is now a datetime rather than a date, be sure to run upgrade_mysql.pl
applied a change to the default table mapping from extension to MIME content type, sent in by Adrian.
added the style[] body text tag
doclink[], class[] and style[] are now removed correctly from summary and excerpt text.
the hr[] body tag now correctly uses size instead of height.
moved the custom_class() function to the new BSE::CfgInfo class.
first steps towards administration via the secure URL (or some other base URL)
the <:admin:> tag can now produce output based on a template.
<:admin:> in an article template uses admin/adminmenu/article.tmpl,
<:admin:> in a product template uses admin/adminmenu/product.tmpl,
<:admin:> in a catalog template uses admin/adminmenu/catalog.tmpl,
<:admin foo:> uses admin/adminmenu/foo.tmpl.
sorting the site user list by id should now sort numerically rather than stringwise.
You can now you %% instead of ## in body text for an alphabetical rather than numerical ordered list
reworked the doclink[] changes so an article didn't need to be supplied to the formatted. This fixed the <:bodytext ...:> tag.
word-wrapping in the text version of body text for subscriptions would move the last word of a multi-line paragraph onto its own line, whether it needed to be or not.
the way links appear in the text version of body text, and the link list at the end can now be customized through the configuration file, see the documentation on text_link_inline, text_link_list and text_link_list_prefix in config.pod for more information.
handle [] inside body text tags a little more intelligently. We assume they are balanced, so b[foo [1]] will do the right thing, but b[foo [] won't.
added doclink[] body tag
cookie generation is now centralized to prevent differences in cookie generation from causing problems. This won't help with certain configuration issues, which you'll need to fix yourself.
allow files not marked for sale, and listed in an ordered item to be downloaded by a user from the userpage.
order files listed for an order on the userpage by item and display order instead of alphabetically
filenames for uploaded files with non-alphanumeric characters are now handled a bit differently - non-alphanumerics are now replaced with '_' and then duplicate '_' are removed.
userpage base pages are now generated with an absolute link field to force absolute article URLs to be generated
the text version of emails in subscriptions now includes the URL at the bottom of the body text, with a bracketted number at the original text
the edit member page now links to a list of orders for that user (if any)
the order detail page now links to the user's order list and their edit page.
logon.pl still required mod_perl.
subscription messages were being sent to subscribed but disabled users.
the search results page tags are now XHTML compatible.
you can now set pp=-1 on the member list page to list every user.
the stepkid tag would sometimes result in a warning in the web server error log
the templater would produce a warning from a <:switch:> tag under perl 5.8.
the installer while now set the #! line of scripts based on the ``perl'' configuration option in test.cfg.
some scripts would produce compilation errors when run under a perl without mod_perl installed.
the implementation top/bottom left/right image placement has changed. When you select a ``bottom'' option the images are simply placed as if they were present in reverse order. This means that the image urls are now used to form links.
gen.pl could produce a compilation error in some circumstances.
the telephone field is now actually required on checkout.
if the user options form included the email address but not the subscriptions list and the user changed their email address, the confirmation email wasn't being sent.
the <:ifItemAvail:> tag wasn't returning true for files that don't require payment
spaces are now preserved in uploaded filenames, as underscores.
the <:switch:> template construct had required there be some text between ``<:switch:>'' and the first case, this is no longer necessary. You still might want to keep a newline there to make it easier to pick out cases
the list of possible archive parents for subscriptions is now sorted by title (#295) We now select the highest id article by default when creating a new subscription, presuming it was created to store an archive.
the <:recipient_count:> tag is now available on the subscription send form, and the Send link is now always available on the subscriptions list. (#269)
the subscription send action, if it somehow is submitted with no users subcribed, will no longer archive an article and update the most recent send date. This can happen if the last user unsubscribes while the administrator is composing their newsletter.
the class[] body text tag now nests correctly when spanning over paragraphs
If the last value of a parsed tag parameter list was an unquoted 0, the 0 was not passed to the tag for processing.
added the cfgsection iterator.
iterators that allowed sorting/filtering now actually sort on the right value
the stepkid tag on edit pages now checks the article is a stepkid before doing a hash lookup, preventing an undefined value warning
the admin/edit_steps template was using invalid article names in ifUserCan checks
the flags iterator and ifFlagSet tags weren't available on the add site user page.
saving a site user in nopassword mode would result in a validation error if the email field was present but no confirmation email field was present. The confirmation email field is now only required if the supplied email address is different from that currently stored for the user.
changing the user's email address in nopassword mode (and possibly in normal mode with subscriptions) resulted in a server error.
printable.pl wasn't looking in the printable/ directory for it's templates (#298)
printable.pl's error reporting wasn't supplying the config value to the templater
printable.pl's error page now uses the article templater rather than the base templater
added smoke test for errors from printable.pl
added smoke test for admin/siteusers.pl
trying to call ``site users'' ``site members'' now.
you can now select subscriptions for a site member with the admin tool. This still results in a confirmation email if the user hasn't been confirmed at their email address. (#293)
You will need to run upgrade_mysql.pl for this release.
checkoutfinal_base.tmpl now uses the new <:if Payment name:> tags, and includes a payments customization shim.
shop.pl now uses [shop].display_field-name to convert stored field names into display names for error messages.
cardType and cardHolder fields are now required fields for credit card payments
admin access control now requires that a configuration option to be set before it will accept admin user authentication information from the server (typically basic authentication.)
the class[classname|text] tag was lost when integrating the common tag handling code, added it back in (#284)
you can now define custom flags for site users, the flag value is a single letter or digit, case-sensitive. Add an entry like:
I<letter-or-digit>=I<description>
to the [site user flags] section of the config file. For example:
a=Access to private area of the site b=Accept orders on account
You can check this on templates where the user is visible with the <:if Match:> tag:
<:ifMatch [siteuser flags] "b":>Accept orders on account<:or:><:eif:>
the article editor was using [catalogs].template as the default template rather than the documented [products].template
added the [products].extra_templates configuation file entry. This is
a comma-separated list of extra templates that can be used for
products. You can also just put templates into the products
directory (and have been able to for a while.)
the <:include ...:> meta-tag now takes a second optional argument, if this is the word ``optional'' then no error text is inserted if the file specified is not found.
updated includes of custom shims to use the ``optional'' option
removed custom includes from the distribution that didn't have any real content
reorganized menu.tmpl a bit and added the member (``site user'') manager to the list
added <:if Payments name-of-type :> and <:checkedPayment name-of-type :> tags to the checkout page, and <:if Payment name-of-type :> to the checkoutfinal page. If name-of-type is unknown these will return false (or the empty string) to allow their use in portable templates where a specific type might not be configured.
the checkout page now uses the ifUser tag to check if there's a logged in user rather than hacking on the user cookie.
This is still a development release.
There have been database changes in this release. You will need to run upgrade_mysql.pl.
CRITICAL: nopassword wasn't checking the password at all. If you don't want to upgrade completely you can include just the three line change that checks the password.
blank lines are no longer included in the error messages on add/edit site user validation errors
the shop now uses the site user authentication hook
the domain value sent to the browser in cookies now has the port number stripped.
you can now configure new payment types through the [payment type names], [payment type descs] and [payment type required] sections of the configuration file.
various templates include custom sub-templates which can be used to add custom payment types.
new <:checkedPaymentpayment-type-name :> tag on the checkout form to make retaining the selected payment type easier.
new basic template facility, with allows sections of text to be
processed by a tag:
<:with begin I<tagname> :>
I<some text>
<:with end I<tagname :>
<:with ... wrap:> tag added to order email tag sets:
<:with begin wrap:>Special Instructions: <:order instructions:><:with end wrap:>
the site user editor would include empty lines for valid fields in error messages
cookies were being generated with the port numbers included in the domain value.
billing address fields are now included in the default checkout form, optionally
This is a development release and is not suitable for production use.
sort ordering, pagination information is now saved in the site user list
added a customization hook called when a change is made to the site users list
added a site user authentication hook. You must set user_auth=1 in the [custom] section of the config file for this to be used.
This is a development release and is not suitable for production use.
in some cases registration or saving user options wasn't outputting a page, producing a 500 error
user options templating changes:
for the textOnlyEmail option to be saved, a saveTextOnlyMail hidden field should be present with a non-zero value
for the keepAddress option to be saved, a saveKeepAddress hidden field should be present with a non-zero value
for the subscriptions to be saves, a saveSubscriptions hidden field should be present
added site user manager, this still needs some template work
user registration can be disabled with the user_register option in
the [site users] section of the config file (you can still create
users using the site user manager.)
billing information fields have been added to the site_users table.
adminNotes field has been added to the site users table (editable only by admins.)
instructions field has been added to the orders table, for shipping instructions (or any). This still needs some support on the admin templates, and the email templates.
added config option billing_on_main_opts to control whether billing
options are on the main user options page. This is managed by the
templates, not the code.
printable.pl was producing a server error (it hadn't been updated after the top tag was added.) Also added a smoke test which would have caught it.
added a few more reports to the experiemental reports system
report.pl now handles being called when the user isn't (or is no longer) logged on, correctly
added some cookie debugging code
confirmation emails weren't being sent when a user registered with subscriptions selected (with nopassword unset)
you can no longer register or save in options a blacklisted email address
email address blacklisting now works
user options can now be set during registration
you can configure which user options are required (during both registration and in user options)
the subscription boxes can individually or all be set to checked during registration by default.
the error_img tag now works on the registration and user options pages
No changes in this release, just a stable release. Enjoy.
This is a release candidate for 0.14, please report any problems with it as soon as possible.
Once I release 0.14 I'll start on a new round of changes
the common <:old name func args:> tag was HTML escaping the result from the <:func args:> call, which gave a double escaped result.
the test count in t/t40images.t was incorrect
even more tests have been added to t/t40images.t
URI::Escape escaped a different set of characters by default in older versions, not including &, we now supply the set of characters that is the default in modern versions.
you shouldn't be able to add an article to itself as a stepchild or stepparent
some admin forms now include name attributes, as an aid to regression testing
added some simple tests for Squirrel::Template
added some simple tests for the image manager (needs more work)
Making steps towards improved stability.
the subscriptions formatting was broken when I made arrows refresh back to their original article. D'oh.
the test text only email flag was ignored
an old problem, only products were listed as stepchildren to catalogs in the article editor
changes to the way named images interact with automatic image placement:
named images are never automatically placed
named images are not included in the list produced by the article display template images iterator
referring to a named image either with image[name] in the article body, or <:imagen name:> in the template will not suppress automated image placement
image[1] or <:image 1:> will continue to suppress automatic image placement (or <:image:> within the images iterator)
This should provide reasonable behaviour that's compatible with existing sites running 0.13 or earlier.
If you get configuration errors from this release, it probably means you've been using some of the default email addresses, which were either nonsense, or my address. Either update Constants.pm or set the appropriate value in bse.cfg.
There have been a lot of changes in this development release, so there's probably at least one bug.
removed my email address from the config files
datadump.pl now uses $DATA_EMAIL as a default for the configuration [datadump].to value, as documented. Also, aborts with a configuration error if this isn't set.
swapped the order of the parts in the multi-format emails sent by the subscriptions manager, since the old order didn't work with some mail clients.
subscription confirmations were being sent with a from derived from the [confirmation].from key instead of the [confirmations].from key in the config file.
the configured from address is now checked before attempting to send the subscription.
title and body are now validated on sending a subscription (#264, #265)
parameters supplied with the <:wrap ...:> construct now have tags of the form [tagname parameters] replaced in values.
the subscriptions send form now allows sending a test subscription message. Defaults for the email and name are controlled by the [subscriptions] section of the config file.
To use this you must be authenticated in some way, either by BSE's user logon system, or through browser authentication (.htpasswd), this is done to prevent abuse of the system by spammers.
imageclean.pl should no longer remove global images
changepw.pl now accepts the r paramater as a refresh URL on the save step
select tags generated by BSE in various places should now be XHTML compatible
most object reordering arrows are now generated using a common function
Only the <:moveUp:> and <:moveDown:> tags are excluded from this, and are now considered obsolete, please use the new <:movekid:> tag instead.
URLs in object reordering arrows included unescaped & characters
BSE generated select tags were using ``checked'' instead of ``selected'' in some places, oops.
if a user subscribes, and a confirmations from address is configured we now display an error before the attempt to send a message, and no longer record that an attempt has been made.
the subscriptions help file was missing </a> on the <a name=``...''> tags
some templates are now more XHTML compatible (if anyone know how to make http://validator.w3c.org accept wrap=``virtual'' without adding ``] >'' to the top of the displayed page, please let me know.)
arrows on the display pages should return you to your original article now
added the <:top field:> tag which allows access to the top level article being generated
the shop now complains if either shop email address is not configured when a customer attempts a purchase.
you can now disable encryption of the email order to your shop email
address, this disables credit card orders. Check the documentation on
the noencrypt option in the [shop] section of the config file in
config.pod.
you can now control whether the shop sends an email of your order to
the shop email address through bse.cfg, see email_order in the
[shop] section, documented in config.pod.
I'm still looking for feedback on article image names and the interaction with automatic image placement. See the options described under the 0.13_02 release notes.
This development release has some major changes.
the delete item handler in the shop now uses the common refresh code, preventing problems with Safari.
the <:old:> tag on the checkout page didn't work correctly in some cases
moved the response dispatch code template to BSE::Template to avoid duplication
admin/menu.tmpl now uses admin/base.tmpl
cookie handling was broken in various annoying ways:
the userid cookie didn't have a timeout
the change to the userid cookie wasn't propagated to the secure side when the user logged out (or to the non-secure side if they used a secure-side logout)
The wrong path was used when propagating the sessionid to the secure side, making it almost completely pointless
The cart is now copied from the old secure side cookie, if any.
admin users can now change their own passwords
the templater now supports a new type of conditional, a switch statement:
<:switch:> text here is ignored <:case conditional-function1 conditional-args1:> result text 1 <:case conditional-function1 conditional-args2:> result text 2 ... <:endswitch:>
Each condition is checked in order.
A special:
<:case default:>
always returns (and should always be last, since all conditions after it are ignored.)
If there is no tag for the given condition-function on the page then the text of the switch tag will be returned, hopefully to be replaced by a second pass during processing of a pre-processed page (like the checkout page.)
Hopefully this will reduce the need for nested ifs, but will probably introduce it's own problems related to partially generated pages <sigh>.
Since the code attempts to do the innermost switch first it shouldn't have nesting problems for complete pages, but may have some when a page is partially generated, like with the shop and search templates. If this becomes a problem I'll add a version with 'names' to act as a nesting aid, but it will be ugly.
you can now manage site global images, accessible with the gimage[] tag from body text, and the <:gimage name ... :> from templates
Make sure you update your config file.
custom templates may choose not to set the keywords field, this could cause makeIndex.pl to complain about undefined values. makeIndex.pl now skips indexing NULLs.
BSE::Request's url() method was HTML encoding when it should have been
URI encoding.
the distributed menu.tmpl now includes menu_custom.tmpl for local customization.
you can specify where under the site tree an article and it's children will be stored using the [article uris] section of bse.cfg
Another development release.
Please play with this and consider how named images and automatic image placement should interact. Should using a named image:
completely suppress automatic image placement?
suppress placement of just the used named images?
Or should named images never be automatically placed, with no effect on automatic placement of other images?
Changes from the last release:
0.13_01 shipped an out of date mysql.str file
the spacer <img> tag used to align arrows now has the alt value set (to the empty string, since it has no semantic meaning) (#262)
the new formatting code was missing a library include
the body image[] tag wasn't suppressing automatic image placement (due to the replacement of the body formatting code.)
adding an image was requiring an image name (it shouldn't)
the title for the image wizard help file was ``Files Wizard''.
added test script for the [] tag parameter processor
Time to get a little adventurous.
images can now have an identifier associated with them. This can be used by the body text image[] tag to reference an image by name.
the <:imagen imagename alignment rest :> tag
can be used to insert images by name.
body text formatting is now based on the DevHelp::Formatter module.
b[], i[], tt[], font[], fontcolor[] over paragraph breaks are now closed properly at the paragraph breaks.
newlines within pre[] are no-longer converted to paragraph or line breaks. As a consequence of this you can't nest character formatting within each other within pre[text], ie pre[b[foo]] is ok, but pre[b[i[foo]]] won't work.
the width and height parameters to the hr[] markup weren't handled correctly.
the row options to the table[] tag were inserted HTML escaped, so:
tr[... bgcolor="black"|col|... ]
produced a tr tag like:
<tr bgcolor="black">...
list items in ** or ## lists are now closed with </li>
we now put newlines between lines and paragraphs in the output of formatted text, hopefully this will make it easier to read the source.
<:error_img:> now accepts a [...] format expression to get the field name
the <:recipient_count:> tag is now available on the subscription listing page. This is used for display, and to hide the Send option if the subscription has no recipients.
it's now possible to format the output of the subscription send
process by changing the admin/subs/sending.tmpl template
if an article has an image with an identifier of bse_title then it
will be used as the title image for the article.
you should be able to use one level of nested [] inside [] expressions in tags now
No changes since 0.12_31.
Hopefully this will become 0.13.
selection of archive parents for subscriptions is now even more strict, now you can't select the shop or catalogs as archive parents
eliminated debug output from the <:include ...:> meta tag
the move.pl r parameter no longer pre-prepends the base url.
eliminated some undefined value and non-numeric value warnings
push ``Flags'' on the article edit page back into place
the top-level <:movecat:> tag in the product list now accepts the custom arrow prefix and the url suffix parameters
the refresh function for the subscriptions list wasn't including the ? when adding a message parameter
the order_detail target now accepts an m parameter to set the new
<:message:> tag (which allows <:ifMessage:> too)
each of the targets in shopadmin.pl that accepted a message for
display through the message parameter will now also accept that
message through the m parameter
the msg tag is no longer available on the report system pages. Use
the message tag instead.
move.pl now accepts the refresh URL through the r parameter as
well as through the refreshto parameter.
the list of possible parents for archiving a subscription now only includes articles the user has permission to add children to. This is also validated on saving/adding the subscription.
check that the user has rights to add children to the selected archive parent on sending the subscription
a confirmation message is supplied when refreshing after saving changes to an existing subscription, or deleting a subscription
disabled some debugging code in the subcription send code
removed old code from shopadmin.pl
you can supply a refresh to url using the r parameter to actions in
subs.pl to override the default refresh back to the subcriptions list
all generated img tags now use a XHTML closing `` />''. The space is
prevent problems with older browsers. If you find a generated img tag
I've missed, please open a ticket. img tags in template might
still not be XHTML compatible, this isn't a bug.
makeIndex.pl now redirects directly to menu.pl rather than to /admin/ after rebuilding the index
added the ``Don't index even if listed'' and ``Don't index this article or it's descendants'' flags
the custom session hash is now supplied to the order_save() custom
hook
the product tag on the cart pages now checks for undef values to prevent warnings
field names in the validation messages produced by subs.pl now have the first letter upper-cased.
creating a subscription now mentions that it's successful
the experimental report.pl compiles
added line-breaks between article flags on the edit pages
the image and file lists are now accessed using the default target in add.pl. Use _t=img and _t=file to access the lists now.
admin/edit_2.tmpl through admin/edit_5.tmpl are no longer distributed, all normal article editing now use admin/edit_1.tmpl. If you need different pages for different levels remove the mappings from the [templates] section in bse.cfg
the order_detail target in shopadmin.pl now accepts a message
parameter
the edit_add_child security check will now fail if the article is a product or if the article is too many levels deep to have a child.
the adduser and addgroup forms have been split off into their own pages
the a_saveuser and a_savegroup targets for adminusers.pl now supply the _t parameter passed to them to their default refresh targets. The _t parameter must only contain letters and digits.
the orders iterator for the order_list target in shopadmin.pl now uses a generated iterator, so tags like <:order_count:> are now available.
the page specific date and money tags (<:date order_field:> and <:money order_field:>) are no longer available on the order_list pages, use the general date and money tags (<:date tag args:> and <:money tag args:>).
added <:error_img:> support to the logon form (IRC request)
the <:childtype:> tag is now available on user/group permissions pages which control access to articles (IRC request)
new tags <:add number number...:>, <:concatenate string string ...:>, <:match string regexp output default :>, <:lc string:>, <:uc string:>, <:lcfirst string:>, <:ucfirst string:>, <:capitalize string:> and <:replace string regexp with global:> now available everywhere.
the code to parse [...] and ``...'' parameters for tags now passes through backslashes (\) not followed by `` or another \ inside ''...``. This makes it easier to enter a regular expression in ''...``.
Dynamically generated templates that don't explicitly define an <:old:> tag now have a new <:old:> tag by default. Usage:
<: old I<field> :> <: old I<field> I<func> I<args> :>
If a cgi parameter called field has been supplied it will be returned, otherwise an existing function func is called with args and that value is used as the value of the <:old:> tag.
Returns an empty string if no CGI parameter field or function func is defined. (#235)
userlist.tmpl and grouplist.tmpl now include appropriate
value="<:old I<foo>:>"
tags
the ``Your system has no groups'' message in grouplist.tmpl did not span across enough columns
the <:typename which:> and <:articleType:> tags now work on the user/group permissions pages which control access to articles. (#235)
the crumbs iterator now works on user/group permissions pages which
control access to articles (#235)
<:error_img:> is now available on the userlist/grouplist templates for displaying errors in adding a new user/group. (#235)
#235 mentions a problem with the <:cgi:> tag - could not reproduce
most save/add functions in adminusers.pl should now accept an r
parameter to override the default refresh location (#253)
a save of an empty administration user name was being ignored, the empty name is now saved (#250)
the name of a administration group can now be changed (#251)
quotes surrounding the URL in Refresh headers have been removed (#232)
the Refresh header is only briefly documented at http://wp.netscape.com/assist/net_sites/pushpull.html, and is not part of the HTTP specification, so all I can do is guess.
entry of a blank release date when editing an article now results in a validation error instead of a database error (seen as a 500 error) (#240)
template admin/subs/list.tmpl checked the subs_edit permission when
it should have checked the subs_send permission when choosing to
display the Send link.
subscriptions can now be deleted (#173)
experimental reports system added (work in progress)
admin/edit_product.tmpl had two <:error_img title:> tags
$SHOP_FROM, $SHOP_TO_NAME and $SHOP_TO_EMAIL from
Constants.pm can now be overridden in the config
file. ([shop].from, to_name and to_email)
the name of the custom class can now be specified in the config file
(defaulting to BSE::Custom) ([basic].custom_class)
you can specify an alternate library path to search for your custom
class ([paths].libraries)
the custom class can now handle validate and store extra fields for articles (and relates types, like products)
two custom date fields (customDate1 and customDate2) and two
custom string fields (customStr1 and customStr2) have been added
to the article table to allow simplfied customization.
the default article, product and catalog editing template now include
admin/custom_article.tmpl, admin/custom_product.tmpl and
admin/custom_catalog.tmpl includes to allow adding custom form
fields without having to modify the main distributed editing templates
DevHelp::HTML, used to provide HTML and URI escaping wasn't including a required module. D'oh.
the keywords tag in the search page was being overridden by a tag of
the same name in the global article tags. The old global keywords
tag wasn't very useful and has been removed.
the templates drop-down in the subscriptions system included duplicates
the crumbs iterator is now available on the article edit pages, and we now present a path on the main edit page
you can now use <:crumb fieldname:> to get to crumb article information. The current <:crumbs fieldname:> will be obsoleted at some point in the future.
the content of the help files no longer render as links in Mozilla
<:typename which:> tag added to the article editor pages
the list of articles available to page generation was in the wrong order
when access control was switched off, links were displayed to permit deletion of articles with children, when they shouldn't have. (#221)
Most article editor actions now accept an r parameter which can be used to decide what happens after the action. (#225, #226)
The save_new action adds an id parameter onto the end of the supplied url if the r parameter is supplied.
more messages are included when the article editor successfully performs an action (#225)
article editor and generator tags that generate arrows now take an image prefix parameter which can be used to select alternate arrow images. A second parameter can also be used to add onto the refresh URL to supply extra information to the refreshed to page. (#224, #225, #226)
some code in BSE::Util::Tags was calling CGI::escapeHTML() at regen time (#223)
the list of templates in the drop down on the article edit page didn't reflect the local_templates config option correctlt.
validation errors weren't always reported (or acted upon) correctly
when an invalid product options string was stored a 500 error was produced when generating the page
the image tag wasn't including a closing `` at the end of the alt attribute
the article generation code no longer relies upon CGI.pm functions for escaping HTML, URIs or producing product option popups, this should make it possible to use gen.pl from cron jobs without getting prompts for CGI parameters
catalogs had two buttons labelled ``Add product'', but one added catalogs. Relabelled the one that adds catalogs to ``Add Sub-catalog''.
the ifnew tag on edit templates is no longer available, use ifNew instead (this was true as of 0.12_22)
added a flags field to articles, this is used for both BSE internal flags and for site specific flags.
the search index builder will now only index articles that are listed, or have the ``Index even if hidden'' (I) flag set. Changed the simple search test to search for a non-hidden article.
the title field of all articles are now validated to include at least one non-space character
validation failures on images and files are now available via the error_img tag
the move image up/down action on the images manager were refreshing to the wrong page after reordering the images
changed default level names in Constants.pm and bse.cfg
changed tests to use the new level names
templates admin/subs/add.tmpl and admin/add_product.tmpl have be consolidated into their edit versions
added iterator allkids_of to iterate over the children and stepchildren of a given article.
<:iterator begin allkids_of I<parent_id1> ...:> <:ofallkid I<field>:> <:iterator end allkids_of:>
when you clicked send from the subscriptions list the archive parent field wasn't being set from the value set when adding/editing the subscription
generate_search() wasn't supplying a config object when creating the
article generator. This caused problems when some article types were
embedded within the search page.
added mailing list info
$TMPLDIR is no longer present or used in Constants.pm. Use templates in the [paths] section of the config file.
The path specified by the local_templates entry in [paths] is now searched for templates before the path specified by the templates entry in [paths]. This can be used to keep locally modified versions of templates separate from the distributed templates.
reordering arrows now display a filler image where there's a single missing arrow image (at the top and bottom of the list). No spacer is displayed if there's a single item.
added tt[text], pre[text], h1[class|text] through h6[class|text], class[class|text] tags to the body text formatter. Paragraphs are now closed by the body text formatter.
added a few more tests
template change from adrian (edit_steps.tmpl):
Finally fixed something that has bugged me for a while... I simply moved the ``if Kids'' conditional to include the note about ``Delete only removes the stepkid relationship...'' since not much point in showing that is no step kids available... the step parent panel already did this.
printable.pl now attempts to look for a content type for a given template. This can be used for different types of presentation, for example WAP.
printable.pl now uses the configured charset if set.
the change to using HTML::Entities cause CR characters to be encoded when written to the browser. This causes some browsers some confusion. The article and product tags in BSE::Edit::Article and BSE::Edit::Product now remove these before output.
if a ## or ** list didn't have a final newline the final item wasn't included in the conversion to a HTML list
some new templates from Adrian
Adrian added some more default user level permissions
article matching for global permissions was still broken. The change broke access to the descendants flag, but it all seems to be working now.
forgot to include access.pod in the MANIFEST. Added it.
added descriptions of the step child/parent permissions to access.pod
the possible stepparents drop-down checked if the possible stepparents could have children, but didn't check if the current article could have stepparents.
article and global permissions should now be listed sorted by their identifier
the not and descendants flags were being