typo 3.99.3 → 3.99.4

data/README

@@ -24,45 +24,7 @@ Currently you need all of those things to get typo to run:
 Installation
 ============
 
-Unpack the tgz or zip in some directory.
-
-Decide which database to use. We support Sqlite, MySQL, and Postgres,
-but Sqlite doesn't have full support for database migrations in Rails
-0.13.1.
-
-  * Create a database for typo. You can find schemas in the db/ folder. 
-  * Create config/database.yml using database.yml.example to reflect your
-    newly created database configuration  
-  * Run script/server -e production and see if it works  
-  * Point your browser to http://your.domain.com:3000/ and follow the
-    install process
-
-Typo, like all Rails apps, doesn't work well as a CGI. Seriously consider
-using FastCGI instead. To deploy on FastCGI you will need to follow the setup
-instructions on the typo page at http://www.typosphere.org/trac/wiki/FastCgi
-
-By default, Typo runs in *development* mode. This is very useful for
-developers, but it can cause horrible performance for users who aren't
-changing Typo's code. Production mode can easily be 20x as fast as development
-mode. To change the default, edit the second line of config/environment.rb and
-change 'development' to 'production', or follow the directions on the FastCGI
-configuration page on the Typo wiki.
-
-Permissions
-===========
-
-Typo needs write access to several directories in order to function
-correctly. These need to be writable by the user that runs the Typo
-process--in a hosted environment this may be your user; on dedicated
-systems it may be something like 'httpd' or 'www-data'.
-
-The specific directories in question are 'log/' (and everything underneath
-it), 'cache/', and 'public/'. Strictly speaking, Rails will continue to work
-if public isn't writable, but Typo's page caching code will work properly and
-this will cause Typo to be slower and use much more CPU time. For the security
-conscious, Rails really only needs the ability to change a half-dozen files
-and subdirectories under public/, ask on the Typo mailing list for more
-details.
+See doc/Installer.text and doc/typo-4.0-release-notes.txt.
 
 Usage
 ======

data/app/controllers/admin/feedback_controller.rb

@@ -0,0 +1,71 @@
+class Admin::FeedbackController < Admin::BaseController
+  def index
+    conditions = ["(contents.type = 'Comment' or contents.type = 'Trackback')"]
+
+    if params[:search]
+      search_sql = "%#{params[:search]}%"
+      conditions.first << ' and (url like ? or author like ? or title like ? or ip like ? or email like ?)'
+      5.times { conditions.push search_sql }
+    end
+
+    if params[:published] == 'f'
+      conditions.first << ' and (published = ?)'
+      conditions.push false
+    end
+
+    @pages, @feedback = paginate(:contents, 
+      :order => 'contents.created_at desc', 
+      :conditions => conditions,
+      :per_page => 40)
+    
+    render_action 'list'
+  end
+  
+  def delete
+    if request.post?
+      feedback = Content.find(params[:id])
+      if feedback.kind_of? Comment or feedback.kind_of? Trackback
+        feedback.destroy
+        flash[:notice] = "Deleted"
+      else
+        flash[:notice] = "Not found"
+      end
+    end
+    redirect_to :action => 'index', :page => params[:page], :search => params[:search]
+  end
+  
+  def bulkops
+    STDERR.puts "Bulkops: #{params.inspect}"
+    
+    ids = (params[:feedback_check]||{}).keys.map(&:to_i)
+    
+    case params[:commit]
+    when 'Delete Checked Items'
+      count = 0
+      ids.each do |id|
+        count += Content.delete(id)
+      end
+      flash[:notice] = "Deleted #{count} item(s)"
+    when 'Publish Checked Items'
+      ids.each do |id|
+        feedback = Content.find(id)
+        feedback.attributes[:published] = true
+        feedback.set_spam(false)
+        feedback.save
+      end
+      flash[:notice]= "Published #{ids.size} item(s)"
+    when 'Unpublish Checked Items'
+      ids.each do |id|
+        feedback = Content.find(id)
+        feedback.withdraw!
+        feedback.set_spam(true)
+        feedback.save
+      end
+      flash[:notice]= "Unpublished #{ids.size} item(s)"
+    else
+      flash[:notice] = "Not implemented"
+    end
+
+    redirect_to :action => 'index', :page => params[:page], :search => params[:search]
+  end
+end

data/app/controllers/articles_controller.rb

@@ -99,6 +99,17 @@ class ArticlesController < ContentController
         @article = this_blog.published_articles.find(params[:id])
         @comment = @article.comments.build(params[:comment])
         @comment.user = session[:user]
+        
+        spam_options = {
+          :user_agent => request.env['HTTP_USER_AGENT'], 
+          :referrer => request.env['HTTP_REFERER'], 
+          :permalink => this_blog.article_url(@article, false)}
+          
+        if @comment.is_spam? spam_options
+          STDERR.puts "Moderating comment as spam!"
+          @comment.withdraw
+        end
+        
         @comment.save!
         add_to_cookies(:author, @comment.author)
         add_to_cookies(:url, @comment.url)

data/app/helpers/admin/feedback_helper.rb

@@ -0,0 +1,9 @@
+module Admin::FeedbackHelper
+  def link_to_article_edit(article)
+    link_to truncate(article.title, 60), :controller => 'content', :action => 'edit', :id => article.id
+  end
+  
+  def task_showmod(title)
+    content_tag :li, link_to(title, :published => 'f', :search => params[:search])
+  end  
+end

data/app/helpers/application_helper.rb

@@ -93,6 +93,10 @@ module ApplicationHelper
   end
     
   def markup_help_popup(markup, text)
-    "<a href=\"#{url_for :controller => '/articles', :action => 'markup_help', :id => markup.id}\" onClick=\"return popup(this, 'Typo Markup Help')\">#{text}</a>"
+    if markup and markup.commenthelp.size > 1
+      "<a href=\"#{url_for :controller => '/articles', :action => 'markup_help', :id => markup.id}\" onClick=\"return popup(this, 'Typo Markup Help')\">#{text}</a>"
+    else
+      ''
+    end
   end
 end

data/app/models/article.rb

@@ -120,7 +120,7 @@ class Article < Content
   def keywords_to_tags
     Article.transaction do
       tags.clear
-      keywords.to_s.scan(/((['"]).*?\2|\w+)/).collect do |x|
+      keywords.to_s.scan(/((['"]).*?\2|[\.\w]+)/).collect do |x|
         x.first.tr("\"'", '')
       end.uniq.each do |tagword|
         tags << Tag.get(tagword)
@@ -146,15 +146,34 @@ class Article < Content
     end
   end
 
+  def comments_closed?
+    if self.allow_comments?
+      if !self.blog.sp_article_auto_close.zero? and self.created_at.to_i < self.blog.sp_article_auto_close.days.ago.to_i
+        return true
+      else
+        return false
+      end
+    else
+      return true
+    end
+  end
+
   protected
 
   before_create :set_defaults, :create_guid, :add_notifications
+  before_save :set_published_at
   after_save :keywords_to_tags
 
   def correct_counts
     self.comments_count = self.comments_count
     self.trackbacks_count = self.trackbacks_count
   end
+  
+  def set_published_at
+    if self.published and self[:published_at].nil?
+      self[:published_at] = self.created_at || Time.now
+    end
+  end
 
   def set_defaults
     if self.attributes.include?("permalink") and self.permalink.blank?
@@ -168,6 +187,7 @@ class Article < Content
     if blog && self.allow_pings.nil?
       self.allow_pings = blog.default_allow_pings
     end
+    
     true
   end
 

data/app/models/blog.rb

@@ -1,3 +1,17 @@
+# BlogRequest is a fake Request object, created so blog.url_for will work.
+# This isn't enabled yet, but it will be soon...
+class BlogRequest
+  include Reloadable
+  
+  attr_accessor :protocol, :host_with_port, :path, :symbolized_path_parameters, :relative_url_root
+  
+  def initialize(root)
+    @protocol = @host_with_port = @path = ''
+    @symbolized_path_parameters = {}
+    @relative_url_root = root.gsub(%r{/^},'')
+  end
+end
+
 class Blog < ActiveRecord::Base
   include ConfigManager
 
@@ -31,6 +45,7 @@ class Blog < ActiveRecord::Base
   setting :sp_article_auto_close,      :integer, 0
   setting :sp_allow_non_ajax_comments, :boolean, true
   setting :sp_url_limit,               :integer, 0
+  setting :sp_akismet_key,             :string, ''
 
   # Podcasting
   setting :itunes_explicit,            :boolean, false
@@ -53,6 +68,7 @@ class Blog < ActiveRecord::Base
   setting :show_extended_on_rss,       :boolean, true
   setting :theme,                      :string, 'azure'
   setting :use_gravatar,               :boolean, false
+  setting :global_pings_disable,       :boolean, false
   setting :ping_urls,                  :string, "http://rpc.technorati.com/rpc/ping\nhttp://ping.blo.gs/\nhttp://rpc.weblogs.com/RPC2"
   setting :send_outbound_pings,        :boolean, true
   setting :email_from,                 :string, 'typo@example.com'
@@ -69,7 +85,14 @@ class Blog < ActiveRecord::Base
     settings[:blog_id] = self.id
     article_id = settings[:id]
     settings.delete(:id)
-    published_articles.find(article_id).trackbacks.create!(settings)
+    trackback = published_articles.find(article_id).trackbacks.create!(settings)
+
+    if trackback.is_spam?
+      STDERR.puts "Moderating trackback as spam!"
+      trackback.withdraw!
+    end
+    
+    trackback
   end
 
 
@@ -156,6 +179,7 @@ class Blog < ActiveRecord::Base
   private
 
   def request
+    #BlogRequest.new(self.canonical_server_url)
     controller.request rescue ActionController::TestRequest.new
   end
 end

data/app/models/comment.rb

@@ -1,5 +1,6 @@
 require_dependency 'spam_protection'
 require 'sanitize'
+require 'timeout'
 
 class Comment < Content
   include TypoGuid
@@ -10,10 +11,10 @@ class Comment < Content
   belongs_to :user
 
   validates_presence_of :author, :body
-  validates_against_spamdb :body, :url, :ip
   validates_age_of :article_id
   validate_on_create :check_article_is_open_to_comments
 
+
   def self.default_order
     'created_at ASC'
   end
@@ -50,7 +51,7 @@ class Comment < Content
   end
 
   def body_html_postprocess(value, controller)
-    sanitize(controller.send(:auto_link, value),'a href, b, br, i, p, em, strong, pre, code')
+    sanitize(controller.send(:auto_link, value),'a href, b, br, i, p, em, strong, pre, code, ol, ul, li')
   end
 
   def default_text_filter_config_key
@@ -72,4 +73,13 @@ class Comment < Content
     self.author    = author.nofollowify
     self.body_html = body_html.to_s.nofollowify
   end
+  
+  def akismet_options
+    {:user_ip => ip, :comment_type => 'comment', :comment_author => author, :comment_author_email => email,
+      :comment_author_url => url, :comment_content => body}
+  end
+  
+  def spam_fields
+    [:body, :url, :ip]
+  end
 end

data/app/models/content.rb

@@ -1,5 +1,7 @@
 require 'observer'
 require 'set'
+require 'Akismet'
+
 class Content < ActiveRecord::Base
   include Observable
 
@@ -20,11 +22,11 @@ class Content < ActiveRecord::Base
 
   @@content_fields = Hash.new
   @@html_map       = Hash.new
-  
+
   def initialize(*args)
     super(*args)
-    
-    # 
+
+    #
     if self.blog_id == nil or self.blog_id == 0
       self.blog_id = Blog.default
     end
@@ -170,7 +172,7 @@ class Content < ActiveRecord::Base
   end
 
   def text_filter=(filter)
-    self[:text_filter] = filter.to_text_filter
+    self[:text_filter_id] = filter.to_text_filter.id
   end
 
   def blog
@@ -182,6 +184,16 @@ class Content < ActiveRecord::Base
     self.save!
   end
 
+  def withdraw
+    self.published    = false
+    self.published_at = nil
+  end
+
+  def withdraw!
+    self.withdraw
+    self.save!
+  end
+
   def published=(a_boolean)
     self[:published] = a_boolean
     state.change_published_state(self, a_boolean)
@@ -219,6 +231,53 @@ class Content < ActiveRecord::Base
   def send_notifications(controller = nil)
     state.send_notifications(self, controller || blog.controller)
   end
+  
+  # is_spam? checks to see if this is spam.  This really belongs in a 'feedback' class
+  # that is the parent of Comment and Trackback, but we aren't going to build one right
+  # now.
+  # 
+  # options are passed on to Akismet.  Recommended options (when available) are:
+  #
+  #  :permalink => the article's URL
+  #  :user_agent => the poster's UserAgent string
+  #  :referer => the poster's Referer string
+  #
+  def is_spam?(options={})
+    return false unless blog.sp_global
+
+    sp = SpamProtection.new(blog)
+    spam = false
+
+    # Check fields against the blacklist.
+    spam_fields.each do |field|
+      spam ||= sp.is_spam? self[field]
+    end
+
+    # Attempt to use Akismet.  Timeout after 5 seconds if we can't contact them.
+    unless blog.sp_akismet_key.blank?
+      Timeout.timeout(5) do
+        akismet = Akismet.new(blog.sp_akismet_key,blog.canonical_server_url)
+        spam ||= akismet.commentCheck(akismet_options.merge(options))
+      end
+    end
+    
+    spam == true
+  end
+  
+  def set_spam(is_spam, options ={})
+    unless blog.sp_akismet_key.blank?
+      Timeout.timeout(5) do
+        akismet = Akismet.new(blog.sp_akismet_key,blog.canonical_server_url)
+        if is_spam
+          STDERR.puts "** submitting spam for #{id}"
+          akismet.submitSpam(akismet_options.merge(options))
+        else
+          STDERR.puts "** submitting ham for #{id}"
+          akismet.submitHam(akismet_options.merge(options))
+        end
+      end
+    end
+  end
 end
 
 class Object; def to_text_filter; TextFilter.find_by_name(self.to_s); end; end

data/app/models/ping.rb

@@ -97,10 +97,10 @@ class Ping < ActiveRecord::Base
     t = Thread.start do
       trackback_uri = URI.parse(trackback_url)
 
-      post = "title=#{URI.escape(article.title)}"
-      post << "&excerpt=#{URI.escape(article.body_html.strip_html[0..254])}"
+      post = "title=#{CGI.escape(article.title)}"
+      post << "&excerpt=#{CGI.escape(article.body_html.strip_html[0..254])}"
       post << "&url=#{origin_url}"
-      post << "&blog_name=#{URI.escape(article.blog.blog_name)}"
+      post << "&blog_name=#{CGI.escape(article.blog.blog_name)}"
 
       Net::HTTP.start(trackback_uri.host, trackback_uri.port) do |http|
         path = trackback_uri.path

data/app/models/text_filter.rb

@@ -100,7 +100,7 @@ class TextFilter < ActiveRecord::Base
 
     help_text = help.collect do |f|
       f.help_text.blank? ? '' : "#{BlueCloth.new(f.help_text).to_html}\n"
-    end
+    end.join("\n")
 
     return help_text
   end

data/app/models/trackback.rb

@@ -7,7 +7,6 @@ class Trackback < Content
   content_fields :excerpt
 
   validates_age_of :article_id
-  validates_against_spamdb :title, :excerpt, :ip, :url
   validates_presence_of :title, :excerpt, :url
   validate_on_create :article_is_pingable
 
@@ -43,9 +42,21 @@ class Trackback < Content
 
   def article_is_pingable
     return if article.nil?
+    if blog.global_pings_disable
+      errors.add(:article, "Pings are disabled")
+    end
     unless article.allow_pings?
       errors.add(:article, "Article is not pingable")
     end
   end
+
+  def akismet_options
+    {:user_ip => ip, :comment_type => 'trackback', :comment_author => blog_name, :comment_author_email => nil,
+      :comment_author_url => url, :comment_content => excerpt}
+  end
+  
+  def spam_fields
+    [:title, :excerpt, :ip, :url]
+  end
 end