1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Roadmap Version 1.8

Discussion in 'RoadMap' started by shibuya246, Dec 11, 2014.

  1. valMETNG

    valMETNG Administrator Staff Member Admin

    A small suggestion: remove function hotaru_announcements from plugins/messaging/messaging.php (don't forget hooks) and replace it with something like the following code at or around line 95 of content/themes/default/navigation.php:
    Code:
    <?php
                if ($h->currentUser->getPermission('can_do_messaging') != 'no' && isset($h->vars['messages_waiting']) && $h->vars['messages_waiting'] > 0)
                   {
                     $inbox_link = "<span class='pull-right' style='margin-top:-12px;'><a href='" . $h->url(array('page'=>'inbox', 'user'=>$h->currentUser->name)) . "' title='" . $h->lang['messaging_unread_messages_announcement'] . "'>";
                     $inbox_link .= "<i style='color:#F0AD4E;margin-top:-12px;' class='fa fa-envelope pull-right'></i></a></span>";
                    echo $inbox_link;
                   }
    ?>
    This will remove the large "you have unread messages" bar and just put a small orange envelope indicator above your username. I find it a bit more subtle.
     
    shibuya246 likes this.
  2. valMETNG

    valMETNG Administrator Staff Member Admin

    I believe lines 444 and 446 of plugins/messaging/messaging.php are missing a closing > before the ending double-quote:
    Code:
      if ($h->vars['theme_settings']['userProfile_tabs']) {
      echo '<a href=' . $h->url(array('user' => $h->currentUser->name . '#inbox')) . '"';
      } else {
      echo '<a href="' . $h->url(array('page' => 'inbox', 'user' => $h->currentUser->name)) . '"';
      }
     
    shibuya246 likes this.
  3. shibuya246

    shibuya246 Hotaru Developer Staff Member Admin

    thanks. i modified this very slightly and will include in next version default template
     
  4. shibuya246

    shibuya246 Hotaru Developer Staff Member Admin

    its funny how things sometimes work when they are broken
    fixed this one up now
     
  5. valMETNG

    valMETNG Administrator Staff Member Admin

    On line 44 of content/themes/default/index.php, I believe you have an unnecessary semi-colon at the end:
    Code:
    if ($h->pluginHook('theme_index_top')) { return false; };
     
    shibuya246 likes this.
  6. valMETNG

    valMETNG Administrator Staff Member Admin

    I'm curious about something - I notice that 15 files have echo $h->showMessages(). However, looking at the actual function in libs/Messages.php, the echo already occurs on lines 109-111. Shouldn't these files not need the echo?
     
    shibuya246 likes this.
  7. shibuya246

    shibuya246 Hotaru Developer Staff Member Admin

    I agree
    Those files shouldn't need the echo
     
  8. valMETNG

    valMETNG Administrator Staff Member Admin

    shibuya246 likes this.
  9. shibuya246

    shibuya246 Hotaru Developer Staff Member Admin

    valMETNG likes this.
  10. valMETNG

    valMETNG Administrator Staff Member Admin

    I'm pretty sure this is a problem specific to my bastardized code, but wanted to mention it. On line 665 of /libs/extensions/ezSQL/ez_sql_core.php, we have this:
    Code:
    return @vsprintf($query, $args);
    If a query has urlencoded text that includes a % sign, it may cause an empty string to be returned for the query. Here's an example you can replicate:
    Code:
    $OR_statement = '(category_safe_name = "%d9%85%d8%af%d9%84-%d9%84%d8%a8%d8%a7%d8%b3-%d9%81%d8%b4%d9%86-%d8%b2%d9%85%d8%b3%d8%aa%d8%a7%d9%86%d9%87-%d9%85%d8%b1%d8%af%d8%a7%d9%86%d9%87-2015-%d9%88-1394-%da%a9%d8%aa-%d9%88-%d9%be%d8%a7%d9%84")';
    $sql = "SELECT * FROM " . TABLE_CATEGORIES . " WHERE " . $OR_statement . " ORDER BY category_id DESC";
    $categories = $h->db->get_results($h->db->prepare($sql));
    I noticed it while considering this problem that @linkbaz identified and looking at how my build would handle a category name in Arabic (if you decode the $OR_statement, you'll see the Arabic). If you replace the $OR_statement with the Arabic, the query is properly returned:
    Code:
    $OR_statement = '(category_safe_name = "???-????-???-???????-??????-2015-?-1394-??-?-???")';
    The problem occurs because vsprintf assumes the % signs are arguments (and, because a @ is used, we never see the error - it just returns empty). To fix the problem, the $OR_statement has to first have the % double-escaped as such:
    Code:
    $OR_statement = str_replace('%', '%%', $OR_statement);
    That's a long way of saying it might be important in some cases to double-escape % at the beginning of function prepare.
     
    linkbaz likes this.
  11. valMETNG

    valMETNG Administrator Staff Member Admin

    I assume lines 1366, 1368, 1398, 1400, etc. in Hotaru.php never get executed; otherwise, we'd have seen an error since they show $h-> instead of $this. Might want to do a search and replace.
     
    shibuya246 and linkbaz like this.
  12. valMETNG

    valMETNG Administrator Staff Member Admin

    To provide another example of what @linkbaz mentioned here, I started the registration process and went to another screen for a few minutes (no longer than 2) to do something else. I then submitted the registration form, only to get a CSRF error. I haven't looked at CSRF processing in Hotaru since 1.5.1, so I don't know if this is what we're using or something else. What I noticed from skimming this is:
    I sense Hotaru takes the second approach over the first, which might be why we're seeing the usability issue. Hotaru seems to be constantly generating and deleting tokens that are timing out, rather than waiting for the session to expire (putting aside for a moment the unresolved issue of the session automatically expiring after a certain timeframe before the user closes the browser or logs off).
     
  13. valMETNG

    valMETNG Administrator Staff Member Admin

    Function externalSignIn on line 251 of UserAuth.php may not be used yet, but wanted to mention that it calls on $h without bringing $h in:
    Code:
      public function externalSignIn($loginInfo, $rememberMe = false)
      {
      $user = $h->getUserBasic($loginInfo->login);
      $h->setCurrentUser($user);
     
  14. valMETNG

    valMETNG Administrator Staff Member Admin

    This error occurs upon clicking the confirmation link of a new user:
     
  15. valMETNG

    valMETNG Administrator Staff Member Admin

    I believe line 574 of Hotaru.php should be:
    Code:
    return UserBase::instance();
    ...instead of:
    Code:
    return new UserBase();
    Otherwise, it seems the object doesn't always get properly filled.
     
    shibuya246 likes this.
  16. valMETNG

    valMETNG Administrator Staff Member Admin

    I believe line 85 of EmailFunctions.php should be html instead of hmtl:
    Code:
    $this->headers['Content-Type'] = 'text/hmtl; charset=UTF-8';
     
    shibuya246 likes this.
  17. valMETNG

    valMETNG Administrator Staff Member Admin

    On line 88 of content/plugins/bookmarking/bookmarking.php, there seems to be a plug/test number of 5121. Is this supposed to be $fromId instead?
    Code:
      switch ($h->pageName) {
      case 'ajax_bookmarking':  
      $fromId = $h->cage->get->testInt('fromId');
      $csrf = $h->cage->get->testAlnum('csrf');
      
      //$act_query = $h->getLatestActivity(0, 0, 'query', $fromId);
      //echo json_encode($act_query);
      
      $sql = "SELECT post_votes_up FROM " . TABLE_POSTS . " WHERE post_id = %d";
      $items = $h->db->get_results($h->db->prepare($sql, 5121));
    I also don't see the purpose of the $csrf.

    Edit: It appears from bookmarking.js that this code isn't even used, so maybe this was for a future feature?
     
  18. valMETNG

    valMETNG Administrator Staff Member Admin

    I suggest changing $isHtml = true in line 2686 of Hotaru.php so that mail defaults to HTML:
    Code:
    public function email($to = '', $subject = '', $body = '', $headers = '', $type = 'email', $isHtml = false)
     
    shibuya246 likes this.
  19. valMETNG

    valMETNG Administrator Staff Member Admin

    Line 51 of /plugins/users/templates/user_settings.php has two classes:
    Code:
    <button class='btn btn-primary' type='submit' class='submit'><?php echo $h->lang['users_settings_update']; ?></button>
    Assumingly, you only want the first one.
     
    shibuya246 likes this.
  20. valMETNG

    valMETNG Administrator Staff Member Admin

    Lines 38 and 39 of plugins/messaging/messaging.php set the default settings for message notification to true (checked). However, a user only gets a row in usermeta for user_settings if he actually updates the settings on the user_settings page. Thus, if he hasn't updated the page, but looks to see what his settings are, he sees that message notification via email is yes. However, he will never actually get those notifications because he doesn't have a row in usermeta. So we either want to set it to no as default or give everyone a usermeta row when they signup.
     

Share This Page