From: Sylvie G. <sgr...@gm...> - 2009-09-14 16:13:23
|
+1 (even if I do not like the database change) - it is useful now in 3 not later On Mon, 2009-09-14 at 13:01 +0000, ri...@us... wrote: > Revision: 21474 > http://tikiwiki.svn.sourceforge.net/tikiwiki/?rev=21474&view=rev > Author: ricks99 > Date: 2009-09-14 13:01:10 +0000 (Mon, 14 Sep 2009) > > Log Message: > ----------- > [ENH]better ui layout for plugin approval. allow admin to approve/clear selected plugins, or *all* pending plugins at once. use anchor to link to specific plugin location in wiki page. show who (user) added plugin. will be *very* helpful for admins upgrading from 2.x -> 3.x. in trunk as #21409 > > Modified Paths: > -------------- > branches/proposed/lib/tikilib.php > branches/proposed/templates/tiki-plugin_blocked.tpl > branches/proposed/templates/tiki-plugins.tpl > branches/proposed/tiki-plugins.php > > Modified: branches/proposed/lib/tikilib.php > =================================================================== > --- branches/proposed/lib/tikilib.php 2009-09-14 12:32:41 UTC (rev 21473) > +++ branches/proposed/lib/tikilib.php 2009-09-14 13:01:10 UTC (rev 21474) > @@ -5883,6 +5883,7 @@ > } > > function plugin_fingerprint_check( $fp ) { > + global $user; > $limit = date( 'Y-m-d H:i:s', time() - 15*24*3600 ); > $result = $this->query( "SELECT status, IF(status='pending' AND last_update < ?, 'old', '') flag FROM tiki_plugin_security WHERE fingerprint = ?", > array( $limit, $fp ) ); > @@ -5912,9 +5913,12 @@ > $objectId = ''; > } > > + if (!$user) { > + $user = tra('Anonymous'); > + } > $this->query( "DELETE FROM tiki_plugin_security WHERE fingerprint = ?", array( $fp ) ); > - $this->query( "INSERT INTO tiki_plugin_security (fingerprint, status, last_objectType, last_objectId) VALUES(?, ?, ?, ?)", > - array( $fp, 'pending', $objectType, $objectId ) ); > + $this->query( "INSERT INTO tiki_plugin_security (fingerprint, status, added_by, last_objectType, last_objectId) VALUES(?, ?, ?, ?, ?)", > + array( $fp, 'pending', $user, $objectType, $objectId ) ); > } > > return ''; > @@ -5940,7 +5944,7 @@ > } > > function list_plugins_pending_approval() { > - $result = $this->query("SELECT fingerprint, last_update, last_objectType, last_objectId FROM tiki_plugin_security WHERE status = 'pending' ORDER BY last_update DESC"); > + $result = $this->query("SELECT fingerprint, added_by, last_update, last_objectType, last_objectId FROM tiki_plugin_security WHERE status = 'pending' ORDER BY last_update DESC"); > > $list = array(); > while( $row = $result->fetchRow() ) > @@ -5949,6 +5953,16 @@ > return $list; > } > > + function approve_all_pending_plugins() { > + // Update all pending plugins to accept > + $this->query("UPDATE tiki_plugin_security SET status='accept', approval_by='admin' WHERE status='pending'"); > + } > + > + function approve_selected_pending_plugings($fp) { > + // Update selected pending plugins to accept > + $this->query("UPDATE tiki_plugin_security SET status='accept', approval_by='admin' WHERE fingerprint = ?", array( $fp )); > + } > + > function plugin_fingerprint( $name, $meta, $data, $args ) { > $validate = $meta['validate']; > if( $validate == 'all' || $validate == 'body' ) > > Modified: branches/proposed/templates/tiki-plugin_blocked.tpl > =================================================================== > --- branches/proposed/templates/tiki-plugin_blocked.tpl 2009-09-14 12:32:41 UTC (rev 21473) > +++ branches/proposed/templates/tiki-plugin_blocked.tpl 2009-09-14 13:01:10 UTC (rev 21474) > @@ -1,4 +1,4 @@ > -<div class="cbox"> > +<div class="cbox" id="{$plugin_fingerprint|escape}"> > <div class="cbox-title"> > {icon _id=error style="vertical-align:middle"} > {if $plugin_status eq 'rejected'} > > Modified: branches/proposed/templates/tiki-plugins.tpl > =================================================================== > --- branches/proposed/templates/tiki-plugins.tpl 2009-09-14 12:32:41 UTC (rev 21473) > +++ branches/proposed/templates/tiki-plugins.tpl 2009-09-14 13:01:10 UTC (rev 21474) > @@ -1,34 +1,67 @@ > {title url="tiki-plugins.php" help="Wiki+Plugins"}{tr}Plugin Approval{/tr}{/title} > > {remarksbox type="tip" title="{tr}Tip{/tr}"} > -{tr}About WikiPlugins and security: Make sure to only grant the "tiki_p_plugin_approve" permission to trusted editors.{/tr} {tr}You can deactivate risky plugins at (<a href="tiki-admin.php?page=textarea">tiki-admin.php?page=textarea</a>).{/tr} > +{tr}For security, grant the <strong>tiki_p_plugin_approve</strong> permission only to trusted user groups{/tr}. {tr}Use the <a href="tiki-admin.php?page=textarea">Admin: Text Area page</a> to deactivate potentially risky plugins{/tr}. > {/remarksbox} > - > - > + <p> > + {tr}This page lists the plugins that require validation, the first time they are encountered{/tr}. {tr}Each plugin contains a unique <em>signature</em> that is preserved{/tr}.</p> > {if $plugin_list} > + <p>{tr}If a plugin is no longer in use (for example, it has been removed from the wiki page), use <strong>Clear</strong> to remove it from this list{/tr}. {tr}The plugin will automatically be added if it is encountered{/tr}. > + </p> > + <p>{tr}Plugins can be individually previewed, approved, or rejected from the particular location that contains the plugin{/tr}. {tr}For security, you should review each plugin to ensure it is safe to approve{/tr}.</p> > <form method="post" action=""> > +{cycle values="even,odd" print=false} > + <table class="normal"> > + <tr> > + <th>{select_all checkbox_names='clear[]'}</th> > + <th>{tr}Plugin{/tr} </th> > + <th>{tr}Location{/tr} </th> > + <th>{tr}Added By{/tr} </th> > + <th>{tr}Actions{/tr} </th> > + </tr> > +{foreach name=foo from=$plugin_list item=plugin} > + <tr class="{cycle}"> > + <td style="text-align:center"><input type="checkbox" name="clear[]" value="{$plugin.fingerprint|escape}" id="{$plugin.fingerprint|escape}"/></td> > + <td><label for="{$plugin.fingerprint|escape}"><strong>{$plugin.fingerprint|substring:0:20|escape|replace:"-":"</strong> <br />{tr}Signature{/tr}: "}...</label> > + <td>{if $plugin.last_objectType eq 'wiki page'} > + {tr 0=$plugin.last_objectId|sefurl:'wiki page' 1=$plugin.last_objectId|escape }Wiki page: <a href="%0#{$plugin.fingerprint}" title="{tr}View this page{/tr}.">%1</a>{/tr} > + {else} > + {tr}Unknown{/tr} > + {/if} > + </td> > + <td>{if $plugin.added_by}{$plugin.added_by|userlink}{else}{tr}Unknown{/tr}{/if} > + </td> > + <td> > + <a href="tiki-plugins.php?approveone={$plugin.fingerprint}">{icon _id='accept' alt='{tr}Approve{/tr}'}</a> > + <a href="tiki-plugins.php?clearone={$plugin.fingerprint}">{icon _id='delete' alt='{tr}Clear{/tr}'}</a> > +{if $plugin.last_objectType eq 'wiki page'} > +{tr 0=$plugin.last_objectId|sefurl:'wiki page' 1=$plugin.last_objectId|escape }<a href="%0#{$plugin.fingerprint}" title="{tr}View this page{/tr}.">{icon _id='page'}</a>{/tr} > +{/if} > +{/foreach} > + </tr> > + </table> > <p> > - {tr}Plugins pending validation are added to this list the first time they are encountered. Only their <em>signature</em> is preserved. Some of the plugins listed here may no longer be in use in the page originally using them. In this case, it's safe to clear them from this list. They will be added back next time they are encountered. Plugins can be approved or rejected from the page containing them.{/tr} > + <label for="submit_mult">{tr}Perform action with checked{/tr}:</label> > + <select name="submit_mult" id="submit_mult" onchange="this.form.submit();"> > + <option value="" selected="selected">...</option> > + <option value="clear" >Clear</option> > + <option value="approve">Approve</option> > + </select> {tr}or{/tr} > + <input type="submit" name="approveall" value="{tr}Approve all pending plugins{/tr}"/> > </p> > - <ul> > - {foreach from=$plugin_list item=plugin} > - <li> > - <input type="checkbox" name="clear[]" value="{$plugin.fingerprint|escape}" id="{$plugin.fingerprint|escape}"/> > - <label for="{$plugin.fingerprint|escape}">{$plugin.fingerprint|substring:0:20|escape}...</label> > - <p> > - {if $plugin.last_objectType eq 'wiki page'} > - {tr 0=$plugin.last_objectId|sefurl:'wiki page' 1=$plugin.last_objectId|escape }Last seen in wiki page <a href="%0">%1</a>{/tr} > - {else} > - {tr}Seen in unknown object{/tr} > - {/if} > - </p> > - </li> > - {/foreach} > - </ul> > - <p> > - <input type="submit" class="submit" value="{tr}Clear checked items{/tr}"/> > - </p> > - </form> > +{remarksbox type="warning" title="{tr}Warning{/tr}"} > +{tr}Using <strong>Approve</strong> or <strong>Approve All</strong> will approve and activate the pending plugins{/tr}. {tr}Use this feature <strong>only</strong> if you have verified that all the pending plugins are safe{/tr}. > +{/remarksbox} > + > + <script type='text/javascript'> > + <!-- > + // Fake js to allow the use of the <noscript> tag (so non-js-users can still submit) > + //--> > + </script> > + <noscript> > + <input type="submit" value="{tr}OK{/tr}" /> > + </noscript> > + > {else} > - <p>{tr}No plugin pending approval.{/tr}</p> > + <p>{tr}No plugins pending approval.{/tr}</p> > {/if} > > Modified: branches/proposed/tiki-plugins.php > =================================================================== > --- branches/proposed/tiki-plugins.php 2009-09-14 12:32:41 UTC (rev 21473) > +++ branches/proposed/tiki-plugins.php 2009-09-14 13:01:10 UTC (rev 21474) > @@ -9,14 +9,37 @@ > > $access->check_feature('wiki_validate_plugin'); > $access->check_permission('tiki_p_plugin_approve'); > +$smarty->assign('headtitle', tra('Plugin Approval')); > > -if( isset( $_POST['clear'] ) && is_array( $_POST['clear'] ) ) { > - foreach( $_POST['clear'] as $fp ) > - $tikilib->plugin_clear_fingerprint( $fp ); > +if (($_POST['submit_mult'] == 'clear') & is_array($_POST['clear'])) { > + foreach($_POST['clear'] as $fp) { > + $tikilib->plugin_clear_fingerprint($fp); > + } > } > > -$smarty->assign( 'plugin_list', $tikilib->list_plugins_pending_approval() ); > +if (($_POST['submit_mult'] == 'approve') & is_array($_POST['clear'])) { > + foreach($_POST['clear'] as $fp) { > + $tikilib->approve_selected_pending_plugings($fp); > + } > +} > > +if (isset($_REQUEST['approveone'])) { > + $tikilib->approve_selected_pending_plugings($_REQUEST['approveone']); > +} > + > +if (isset($_REQUEST['clearone'])) { > + $tikilib->plugin_clear_fingerprint($_REQUEST['clearone']); > +} > + > + > + > + > + > +if (isset($_POST['approveall'])) { > + $tikilib->approve_all_pending_plugins(); > +} > + > +$smarty->assign('plugin_list', $tikilib->list_plugins_pending_approval()); > $smarty->assign('mid','tiki-plugins.tpl'); > $smarty->display("tiki.tpl"); > > > > This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. > > ------------------------------------------------------------------------------ > Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day > trial. Simplify your report design, integration and deployment - and focus on > what you do best, core application coding. Discover what's new with > Crystal Reports now. http://p.sf.net/sfu/bobj-july > _______________________________________________ > Tikiwiki-cvs mailing list > Tik...@li... > https://lists.sourceforge.net/lists/listinfo/tikiwiki-cvs |