typo 3.99.1 → 3.99.2

data/app/controllers/articles_controller.rb

@@ -22,7 +22,7 @@ class ArticlesController < ContentController
                :conditions =>
                  ['published = ? AND contents.created_at < ? AND blog_id = ?',
                              true,            Time.now,     this_blog.id],
-               :order_by => "contents.created_at DESC",
+               :order_by => "contents.published_at DESC",
                :include => [:categories, :tags])
   end
 
@@ -200,6 +200,7 @@ class ArticlesController < ContentController
   def render_grouping(klass)
     return list_groupings(klass) unless params[:id]
 
+    @page_title = "#{this_blog.blog_name} - #{klass.to_s.underscore} #{params[:id]}"
     @articles = klass.find_by_permalink(params[:id]).articles.find_already_published rescue []
     auto_discovery_feed :type => klass.to_s.underscore, :id => params[:id]
     render_paginated_index("Can't find posts with #{klass.to_prefix} '#{h(params[:id])}'")

data/app/models/blog.rb

@@ -138,9 +138,9 @@ class Blog < ActiveRecord::Base
   end
 
   def article_url(article, only_path = true, anchor = nil)
-    url_for(:year => article.created_at.year,
-            :month => sprintf("%.2d", article.created_at.month),
-            :day => sprintf("%.2d", article.created_at.day),
+		url_for(:year => article.published_at.year,
+            :month => sprintf("%.2d", article.published_at.month),
+            :day => sprintf("%.2d", article.published_at.day),
             :title => article.permalink, :anchor => anchor,
             :only_path => only_path)
   end

data/app/models/comment.rb

@@ -1,4 +1,5 @@
 require_dependency 'spam_protection'
+require 'sanitize'
 
 class Comment < Content
   include TypoGuid
@@ -48,10 +49,8 @@ class Comment < Content
     end
   end
 
-
-
   def body_html_postprocess(value, controller)
-    controller.send(:sanitize, controller.send(:auto_link, value))
+    sanitize(controller.send(:auto_link, value),'a href, b, br, i, p, em, strong, pre, code')
   end
 
   def default_text_filter_config_key

data/app/models/content_observer.rb

@@ -1,5 +1,5 @@
 class ContentObserver < ActiveRecord::Observer
   def before_save(content)
-    content.populate_html_fields
+#    content.populate_html_fields
   end
 end

data/bin/typo

@@ -1,6 +1,41 @@
 #!/usr/bin/env ruby
 
-require 'installer/typo-installer'
+require 'installer/rails-installer'
+
+class TypoInstaller < RailsInstaller
+  application_name 'typo'
+  support_location 'the Typo mailing list'
+  rails_version '1.1.4'
+  
+  def install_sequence
+    stop
+    
+    backup_database
+    pre_migrate_database
+    copy_files
+    freeze_rails
+    create_default_config_files
+    create_directories
+    create_initial_database
+    set_initial_port_number
+    expand_template_files
+    
+    migrate
+    sweep_cache
+    save
+    
+    run_rails_tests
+    
+    start
+  end
+  
+  # Sweep the cache
+  def sweep_cache
+    Dir.chdir(install_directory)
+    message "Cleaning out #{@@app_name.capitalize}'s cache"
+    status = system("rake -s sweep_cache > /dev/null 2> /dev/null")
+  end
+end
 
 # Installer program
 directory = ARGV[1]

data/components/plugins/textfilters/flickr_controller.rb

@@ -55,7 +55,7 @@ This macro takes a number of parameters:
       imageurl    = details['source']
       imagelink   = flickrimage.url
 
-      caption   ||= flickrimage.description
+      caption   ||= sanitize(CGI.unescapeHTML(flickrimage.description))
       title     ||= flickrimage.title
       alt       ||= title
 

data/components/plugins/textfilters/textile_and_markdown_controller.rb

@@ -0,0 +1,8 @@
+class Plugins::Textfilters::TextileAndMarkdownController < TextFilterPlugin::Markup
+  plugin_display_name "Textile with Markdown"
+  plugin_description 'Textile and Markdown markup languages'
+
+  def self.filtertext(controller,content,text,params)
+    RedCloth.new(text).to_html
+  end
+end

data/components/plugins/textfilters/textile_controller.rb

@@ -3,6 +3,6 @@ class Plugins::Textfilters::TextileController < TextFilterPlugin::Markup
   plugin_description 'Textile markup language'
 
   def self.filtertext(controller,content,text,params)
-    RedCloth.new(text).to_html
+    RedCloth.new(text).to_html(:textile)
   end
 end

data/doc/Installer.txt

@@ -24,6 +24,7 @@ You'll need the following software installed on your system:
 
 Most modern Unix systems should have all four of these easily available in pre-built form.
 
+
 Installing Typo
 ---------------
 
@@ -46,6 +47,14 @@ Installing Typo
    installer/apache.conf.example to run your Typo installation under Apache.
 
 
+Starting and Stopping Typo
+--------------------------
+
+To stop Typo from running, run `typo stop /path/to/typo`. To restart it, run
+`typo start /path/to/typo`. Since this Typo install uses Mongrel, not FastCGI,
+you can't depend on your web server restarting it automatically on reboot.  You'll need to either create an init script or cron reboot entry to restart it, depending on your host and/or privilege level.
+
+
 TODO
 ----
 

data/installer/apache13.conf.example.template

@@ -0,0 +1,33 @@
+# Apache 1.3 HTTP proxy example for Typo with Mongrel
+#
+# Before any of this will work, you need to make sure that the mod_proxy 
+# modules are loaded.  For shared hosting, your provider will have do this 
+# globally.  The line required looks like this, although the exact path may 
+# vary:
+#
+#   LoadModule proxy_module /usr/lib/apache/modules/mod_proxy.so                   
+#
+# Then you'll want a VirtualHost section that looks about like this:
+
+<VirtualHost blog.example.com>
+  ServerName blog.example.com
+  ServerAlias www.blog.example.com
+
+  # Change this to your email address
+  ServerAdmin webmaster@localhost
+
+  # Change these to be valid paths for your host.  The DocumentRoot path
+  # isn't very important because we don't actually use it for anything.
+  # For security's sake, it's best that it points to an empty directory,
+  # but that's not critical.
+  DocumentRoot /var/www/blog
+  ErrorLog /var/log/apache2/blog_error.log
+  CustomLog /var/log/apache2/blog_access.log combined
+
+  ServerSignature On
+
+  # This is the important part--it sets up proxying.
+  ProxyRequests Off
+  ProxyPass / $RAILS_URL
+  ProxyPassReverse / $RAILS_URL
+</VirtualHost>

data/installer/apache20.conf.example.template

@@ -0,0 +1,40 @@
+# Apache 2.0/2.2 HTTP proxy example for Typo with Mongrel
+#
+# Before any of this will work, you need to make sure that the mod_proxy and 
+# mod_proxy_http modules are loaded.  For shared hosting, your provider will 
+# have do this globally.  The two lines required look like this, although the 
+# exact path may vary:
+#
+#   LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so                   
+#   LoadModule proxy_http_module /usr/lib/apache2/modules/mod_proxy_http.so 
+#
+# Then you'll want a VirtualHost section that looks about like this:
+
+<VirtualHost blog.example.com>
+  ServerName blog.example.com
+  ServerAlias www.blog.example.com
+
+  # Change this to your email address
+  ServerAdmin webmaster@localhost
+
+  # Change these to be valid paths for your host.  The DocumentRoot path
+  # isn't very important because we don't actually use it for anything.
+  # For security's sake, it's best that it points to an empty directory,
+  # but that's not critical.
+  DocumentRoot /var/www/blog
+  ErrorLog /var/log/apache2/blog_error.log
+  CustomLog /var/log/apache2/blog_access.log combined
+
+  ServerSignature On
+
+  # This is the important part--it sets up proxying.
+  ProxyRequests Off
+  <Proxy *>
+    Order deny,allow
+    Allow from all
+  </Proxy>
+
+  ProxyPass / $RAILS_URL
+  ProxyPassReverse / $RAILS_URL
+  ProxyPreserveHost On
+</VirtualHost>

data/installer/lighttpd.conf.example.template

@@ -0,0 +1,6 @@
+# This is untested and incomplete.
+# See http://mongrel.rubyforge.org/docs/lighttpd.html
+# 
+proxy.balance = "fair" 
+proxy.server  = ( "/" => 
+     ( ( "host" => "$RAILS_HOST", "port" => $RAILS_PORT ) ) )

data/installer/rails-installer.rb

@@ -26,7 +26,8 @@ class RailsInstaller
   end
 
   def initialize(install_directory)
-    @install_directory = install_directory
+    # use an absolute path, not a relative path.
+    @install_directory = File.expand_path(install_directory)
     
     @config = read_yml(config_file) rescue nil
     @config ||= Hash.new
@@ -54,7 +55,7 @@ class RailsInstaller
     message ''
     message "#{@@app_name.capitalize} is now running on http://#{`hostname`.chomp}:#{config['port-number']}"
     message "Use '#{@@app_name} start #{install_directory}' to restart after boot."
-    message "Look in installer/apache.conf.example to see how to integrate with Apache."
+    message "Look in installer/*.conf.example to see how to integrate with your web server."
   end
   
   # The default install sequence.  Override this if you need to add extra
@@ -70,6 +71,7 @@ class RailsInstaller
     create_directories
     create_initial_database
     set_initial_port_number
+    expand_template_files
     
     migrate
     save
@@ -124,6 +126,8 @@ class RailsInstaller
   # Backup the database
   def backup_database
     return unless File.exists? db_file
+    Dir.chdir(install_directory)
+
     return unless config['database'] == 'sqlite'
     new_db_file = db_file+"-#{Time.now.strftime('%Y%m%d-%H%M')}.sql"
     
@@ -139,6 +143,7 @@ class RailsInstaller
     
     message "Reading files from #{source_directory}"
     new_files = sha1_hash_directory_tree(source_directory)
+    new_files.delete('/config/database.yml') # Never copy this.
     
     # Next, we compare the original install hash to the current hash.  For each
     # entry:
@@ -179,6 +184,7 @@ class RailsInstaller
     end
     
     write_yml(files_yml,new_files)
+    Dir.chdir(install_directory)
   end
 
   # Copy one file from source_directory to install_directory, creating directories as needed.
@@ -343,7 +349,6 @@ class RailsInstaller
     
     return unless old_schema_version > 0
     
-    Dir.chdir(install_directory)
     
     # Are we downgrading?
     if old_schema_version > new_schema_version
@@ -358,7 +363,6 @@ class RailsInstaller
   
   # Migrate the database
   def migrate
-    Dir.chdir(install_directory)
     message "Migrating #{@@app_name.capitalize}'s database to newest release"
     status = system("rake -s migrate")
     
@@ -369,9 +373,8 @@ class RailsInstaller
 
   # Sweep the cache
   def run_rails_tests
-    Dir.chdir(install_directory)
     message "Running tests.  This may take a minute or two"
-    status = system("rake -s test > /dev/null 2> /dev/null")
+    status = system_silently("rake -s test")
     
     if status
       message "All tests pass.  Congratulations."
@@ -433,6 +436,34 @@ class RailsInstaller
     specs.last.full_gem_path
   end
   
+  def system_silently(command)
+    if RUBY_PLATFORM =~ /mswin32/
+      null = 'NUL:'
+    else
+      null = '/dev/null'
+    end
+    
+    system("#{command} > #{null} 2> #{null}")
+  end
+  
+  def expand_template_files
+    rails_host = config['bind-address'] || `hostname`.chomp
+    rails_port = config['port-number'].to_s
+    rails_url = "http://#{rails_host}:#{rails_port}"
+    Dir[File.join(install_directory,'installer','*.template')].each do |template_file|
+      output_file = template_file.gsub(/\.template/,'')
+      next if File.exists?(output_file) # don't overwrite files
+
+      message "expanding #{File.basename(output_file)} template"
+      
+      text = File.read(template_file).gsub(/\$RAILS_URL/,rails_url).gsub(/\$RAILS_HOST/,rails_host).gsub(/\$RAILS_PORT/,rails_port)
+      
+      File.open(output_file,'w') do |f|
+        f.write text
+      end
+    end
+  end
+  
   # Execute a command-line command
   def execute_command(*args)
     if args.size < 2

data/lib/sanitize.rb

@@ -0,0 +1,107 @@
+#
+# $Id: sanitize.rb 3 2005-04-05 12:51:14Z dwight $
+#
+# Copyright (c) 2005 Dwight Shih
+# A derived work of the Perl version:
+# Copyright (c) 2002 Brad Choate, bradchoate.com
+# 
+# Permission is hereby granted, free of charge, to
+# any person obtaining a copy of this software and
+# associated documentation files (the "Software"), to
+# deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify,
+# merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to
+# whom the Software is furnished to do so, subject to
+# the following conditions:
+# 
+# The above copyright notice and this permission
+# notice shall be included in all copies or
+# substantial portions of the Software.
+# 
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY
+# OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
+# LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES
+# OR OTHER LIABILITY, WHETHER IN AN ACTION OF
+# CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF
+# OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+# OTHER DEALINGS IN THE SOFTWARE.
+#
+
+def sanitize( html, okTags='a href, b, br, i, p' )
+  # no closing tag necessary for these
+  soloTags = ["br","hr"]
+
+  # Build hash of allowed tags with allowed attributes
+  tags = okTags.downcase().split(',').collect!{ |s| s.split(' ') }
+  allowed = Hash.new
+  tags.each do |s|
+    key = s.shift
+    allowed[key] = s
+  end
+
+  # Analyze all <> elements
+  stack = Array.new
+  result = html.gsub( /(<.*?>)/m ) do | element |
+    if element =~ /\A<\/(\w+)/ then
+      # </tag>
+      tag = $1.downcase
+      if allowed.include?(tag) && stack.include?(tag) then
+        # If allowed and on the stack
+        # Then pop down the stack
+        top = stack.pop
+        out = "</#{top}>"
+        until top == tag do
+          top = stack.pop
+          out << "</#{top}>"
+        end
+        out
+      end
+    elsif element =~ /\A<(\w+)\s*\/>/
+      # <tag />
+      tag = $1.downcase
+      if allowed.include?(tag) then
+        "<#{tag} />"
+      end
+    elsif element =~ /\A<(\w+)/ then
+      # <tag ...>
+      tag = $1.downcase
+      if allowed.include?(tag) then
+        if ! soloTags.include?(tag) then
+          stack.push(tag)
+        end
+        if allowed[tag].length == 0 then
+          # no allowed attributes
+          "<#{tag}>"
+        else
+          # allowed attributes?
+          out = "<#{tag}"
+          while ( $' =~ /(\w+)=("[^"]+")/ )
+            attr = $1.downcase
+            valu = $2
+            if allowed[tag].include?(attr) then
+              out << " #{attr}=#{valu}"
+            end
+          end
+          out << ">"
+        end
+      end
+    end
+  end
+  
+  # eat up unmatched leading >
+  while result.sub!(/\A([^<]*)>/m) { $1 } do end
+  
+  # eat up unmatched trailing <
+  while result.sub!(/<([^>]*)\Z/m) { $1 } do end
+  
+  # clean up the stack
+  if stack.length > 0 then
+    result << "</#{stack.reverse.join('></')}>"
+  end
+
+  result
+end