typo 5.4.1 → 5.4.2

data/CHANGELOG

@@ -1,37 +1,23 @@
-Only 1 week after releasing Typo 5.4, we're back with another cool Typo release. Since it was fixing a major security breach, Typo 5.4 was released a bit too quickly, and we left some bugs here and there we promptly fixed. So don't expect any new feature here, it's only about bug fixing and refactoring. Apparently, Matijs and Cyril had great fun doing this. I started to work on the first Typo user's guide as in our documentation effort. The 0.1 version is provided in Typo 5.4.1. We've also upgraded every theme at Typogarden to make them 5.4.1 compliant.
+3 weeks after releasing Typo 5.4.1, and only 1 month after releasing Typo 5.4, we're happy to release Typo 5.4.2, an important bugfix release. Don't expect many feature here, even though we thought about some of them, it's really a bugfix, and nothing else.
 
-Since we're still working on what we want to see in the next Typo, don't mind opening a ticket to ask for something you want.
+** Features
 
-[#68] Atom feed has duplicated content
-There was a duplicate content in atom feed because of the use of atom:summary with extended content. Since summary is not mandatory, and it should not duplicate content, we've decided to remove it one from the feed. 
+We've split the attachments between images and non images assets. Provided you're using the simple editor, you can now use a fancy images carousel and insert your images in your text within a single click. This comes with a nice set of thumbnails.
 
-[#75] <typo:code> textfilter need change all < by &lt; in atom feed
+Finally, the long awaited "forgot my password" link is here. It will send you a new password whenever you lose yours. Cool isn't it?
 
-[#86] Migrations out of necessary sequence
+We've also done some optimization in the way Typo sends assets and manages cache. CSS and Javascript are now sent into 1 file, making them faster to load. RSS generation has also been fastened up.
 
-[#124] &gt; and &lt; entities are decoded in the atom feed
+** Bugs
 
-[#126] Previews give an application error 
+A bug screwing up the editor when switching from simple to visual, causing users to lose their content when switching. Fixing that is a good reason to release today in itself.
 
-[#127] Changing post's title changes the permalink slug
+A bug preventing your registration email to go when creating your account, making you lose your password unless you change it manually before logging out.
 
-[#128] Fix typogarden themes
-Seems obvious isn't it?
+Fixed a security issue making the user passwords to be logged in clear in the application logs.
 
-[#130] Theme editor textbox is too small
-There was actually wet paint in our new admin. We fixed that quickly.
+Fixed a bug causing CKEditor to crash under MS Windows due to the lack of symlinks on windows.
 
-[#131] New Tags are created two times
-The way autosave on new / saved articles worked was quite complicated and ended with strange behavior.
-
-[#132] Categories are brocken
-A typo in the category views.
-
-[#133] Installer parameter database=sqlite3 doesn't work
-Awated parameter was database=sqlite, but since this could be confusing, we've made sqlite3 avaliable as well.
-
-[#134] "Continue reading ..." link appears for posts that do not have additional content. 
-This one was actually the tree hiding the forest of all our themes being brocken because it constant renaming of the read controller and action name.
 
 
 

data/app/controllers/accounts_controller.rb

@@ -1,6 +1,7 @@
 class AccountsController < ApplicationController
 
-  before_filter :verify_users, :only => [:login]
+  before_filter :verify_users, :only => [:login, :recover_password]
+  filter_parameter_logging "password"
 
   def login 
     if session[:user_id] && session[:user_id] == self.current_user.id
@@ -65,6 +66,22 @@ class AccountsController < ApplicationController
       end
     end
   end
+  
+  def recover_password
+    @page_title = "#{this_blog.blog_name} - #{_('Recover your password')}"
+    if request.post?
+      @user = User.find(:first, :conditions => ["login = ? or email = ?", params[:user][:login], params[:user][:login]])
+      
+      if @user
+        @user.password = generate_password
+        @user.save
+        flash[:notice] = _("An email has been successfully sent to your address with your new password")
+        redirect_to :action => 'login'
+      else
+        flash[:error] = _("Oops, something wrong just happened")
+      end
+    end
+  end
 
   def logout
     flash[:notice]  = _("Successfully logged out")

data/app/controllers/admin/content_controller.rb

@@ -147,6 +147,7 @@ class Admin::ContentController < Admin::BaseController
     params[:article] ||= {}
 
     @resources = Resource.find(:all, :order => 'filename')
+    @images = Resource.paginate :page => params[:page], :conditions => "mime LIKE '%image%'", :order => 'created_at DESC', :per_page => 10
     @article.attributes = params[:article]
 
 

data/app/controllers/admin/resources_controller.rb

@@ -16,7 +16,8 @@ class Admin::ResourcesController < Admin::BaseController
           @up = Resource.create(:filename => file.original_filename, :mime => mime, :created_at => Time.now)
 
           @up.write_to_disk(file)
-
+          @up.create_thumbnail
+          
           @message = _('File uploaded: ')+ file.size.to_s
           finish_upload_status "'#{@message}'"
       end
@@ -78,9 +79,22 @@ class Admin::ResourcesController < Admin::BaseController
   def index
     @r = Resource.new
     @itunes_category_list = @r.get_itunes_categories
-    @resources = Resource.paginate :page => params[:page], :conditions => @conditions, :order => 'created_at DESC', :per_page => this_blog.admin_display_elements
+    @resources = Resource.paginate :page => params[:page], :conditions => "mime NOT LIKE '%image%'", :order => 'created_at DESC', :per_page => this_blog.admin_display_elements
   end
-
+  
+  def images
+    @resources = Resource.paginate :page => params[:page], :conditions => "mime LIKE '%image%'", :order => 'created_at DESC', :per_page => this_blog.admin_display_elements
+  end
+  
+  def get_thumbnails
+    position = params[:position].to_i
+    
+    @resources = Resource.find(:all, :conditions => "mime LIKE '%image%'", :order => 'created_at DESC', :limit => "#{position}, 10")
+    
+    render 'get_thumbnails', :layout => false
+    
+  end
+  
   def destroy
     begin
       @file = Resource.find(params[:id])

data/app/controllers/application_controller.rb

@@ -52,9 +52,7 @@ class ApplicationController < ActionController::Base
     @current_user = nil
   end
 
-  # The Blog object for the blog that matches the current request.  This is looked
-  # up using Blog.find_blog and cached for the lifetime of the controller instance;
-  # generally one request.
+  # Helper method to get the blog object.
   def this_blog
     @blog ||= Blog.default
   end
@@ -62,8 +60,7 @@ class ApplicationController < ActionController::Base
   helper_method :this_blog
 
   # The base URL for this request, calculated by looking up the URL for the main
-  # blog index page.  This is matched with Blog#base_url to determine which Blog
-  # is supposed to handle this URL
+  # blog index page.
   def blog_base_url
     url_for(:controller => '/articles').gsub(%r{/$},'')
   end

data/app/helpers/admin/base_helper.rb

@@ -132,12 +132,6 @@ module Admin::BaseHelper
     controller.controller_name  =~ /profiles/ ? "current right" : "right"
   end
   
-
-  def t_textarea(object_name, method, options)
-    return ckeditor_textarea(object_name, method, options) if current_user.editor == 'visual'
-    text_area(object_name, method, options)
-  end
-
   def alternate_editor
     return 'visual' if current_user.editor == 'simple'
     return 'simple'
@@ -221,4 +215,20 @@ module Admin::BaseHelper
       return "<tr><td colspan=#{cols} class='paginate'>#{will_paginate(collection)}</td></tr>"
     end
   end 
+  
+  def show_thumbnail_for_editor(image)
+    thumb = "#{RAILS_ROOT}/public/files/thumb_#{image.filename}"
+    picture = "#{this_blog.base_url}/files/#{image.filename}"
+    
+    image.create_thumbnail unless File.exists? thumb
+    
+    # If something went wrong with thumbnail generation, we just display a place holder
+    thumbnail = (File.exists? thumb) ? "#{this_blog.base_url}/files/thumb_#{image.filename}" : "#{this_blog.base_url}/images/thumb_blank.jpg" 
+    
+    picture = "<img class='tumb' src='#{thumbnail}' "
+    picture << "alt='#{this_blog.base_url}/files/#{image.filename}' "
+    picture << " onclick=\"edInsertImageFromCarousel('article_body_and_extended', '#{this_blog.base_url}/files/#{image.filename}');\" />"
+    return picture
+  end
+  
 end

data/app/helpers/admin/resources_helper.rb

@@ -1,2 +1,8 @@
 module Admin::ResourcesHelper
+  def show_thumbnail(image)
+    image.create_thumbnail unless File.exists? "#{RAILS_ROOT}/public/files/thumb_#{image.filename}"
+      
+    "<img class='tumb' src='#{this_blog.base_url}/files/thumb_#{image.filename}' alt='#{this_blog.base_url}/files/#{image.filename}' />"  
+  end
+    
 end

data/app/helpers/application_helper.rb

@@ -136,6 +136,10 @@ module ApplicationHelper
     end
   end
 
+  def javascript_include_lang
+    javascript_include_tag "lang/#{Localization.lang.to_s}" if File.exists? File.join(RAILS_ROOT, 'public', 'lang', Localization.lang.to_s)    
+  end
+
   def page_header
     page_header_includes = contents.collect { |c| c.whiteboard }.collect do |w|
       w.select {|k,v| k =~ /^page_header_/}.collect do |(k,v)|
@@ -157,15 +161,10 @@ module ApplicationHelper
   <link rel="EditURI" type="application/rsd+xml" title="RSD" href="#{ url_for :controller => '/xml', :action => 'rsd' }" />
   <link rel="alternate" type="application/atom+xml" title="Atom" href="#{ feed_atom }" />
   <link rel="alternate" type="application/rss+xml" title="RSS" href="#{ feed_rss }" />
-  #{ stylesheet_link_tag 'coderay.css', :media => 'all' }
-  #{ stylesheet_link_tag 'user-styles.css', :media => 'all' }
-  #{ javascript_include_tag "lang/" + Localization.lang.to_s }
-  #{ javascript_include_tag "cookies" }
+  #{ javascript_include_tag 'cookies', 'prototype', 'effects', 'builder', 'typo', :cache => true }
+  #{ stylesheet_link_tag 'coderay', 'user-styles', :cache => true }
+  #{ javascript_include_lang }
   #{ javascript_tag "window._token = '#{form_authenticity_token}'"}
-  #{ javascript_include_tag "prototype" }
-  #{ javascript_include_tag "effects" }
-  #{ javascript_include_tag "builder" }
-  #{ javascript_include_tag "typo" }
   #{ page_header_includes.join("\n") }
   <script type="text/javascript">#{ @content_for_script }</script>
   #{ google_analytics }

data/app/models/article.rb

@@ -156,7 +156,7 @@ class Article < Content
     end
   end
 
-  def permalink_url(anchor=nil, only_path=true)
+  def permalink_url(anchor=nil, only_path=false)
     @cached_permalink_url ||= {}
 
     @cached_permalink_url["#{anchor}#{only_path}"] ||= \
@@ -181,7 +181,7 @@ class Article < Content
   end
 
   def trackback_url
-    blog.url_for("trackbacks?article_id=#{self.id}", :only_path => true)
+    blog.url_for("trackbacks?article_id=#{self.id}", :only_path => false)
   end
 
   def permalink_by_format(format=nil)
@@ -197,11 +197,11 @@ class Article < Content
   end
 
   def comment_url
-    blog.url_for("comments?article_id=#{self.id}", :only_path => true)
+    blog.url_for("comments?article_id=#{self.id}", :only_path => false)
   end
 
   def preview_comment_url
-    blog.url_for("comments/preview?article_id=#{self.id}", :only_path => true)
+    blog.url_for("comments/preview?article_id=#{self.id}", :only_path => false)
   end
 
   def feed_url(format = :rss20)
@@ -219,9 +219,9 @@ class Article < Content
 
   def html_urls
     urls = Array.new
-    html.gsub(/<a [^>]*>/) do |tag|
-      if(tag =~ /href="([^"]+)"/)
-        urls.push($1)
+    html.gsub(/<a\s+[^>]*>/) do |tag|
+      if(tag =~ /\bhref=(["']?)([^ >"]+)\1/)
+        urls.push($2)
       end
     end
 
@@ -451,9 +451,7 @@ class Article < Content
   end
 
   def rss_comments(xml)
-    iri = permalink_url
-    uri = Addressable::URI.parse(iri).normalize
-    xml.comments(uri + "#comments")
+    xml.comments(normalized_permalink_url + "#comments")
   end
 
   def link_to_author?

data/app/models/blog.rb

@@ -4,17 +4,24 @@ class BlogRequest
   attr_accessor :protocol, :host_with_port, :path, :symbolized_path_parameters, :relative_url_root
 
   def initialize(root)
-    @protocol = @host_with_port = @path = ''
+    unless root =~ /(https?):\/\/([^\/]*)(.*)/
+      raise "Invalid root argument: #{root}"
+    end
+    @protocol = $1
+    @host_with_port = $2
+    @relative_url_root = $3.gsub(%r{/$},'')
+    @path = ''
     @symbolized_path_parameters = {}
-    @relative_url_root = root.gsub(%r{/$},'')
   end
 end
 
-# The Blog class represents one blog.  It stores most configuration settings
-# and is linked to most of the assorted content classes via has_many.
+# The Blog class represents the one and only blog.  It stores most
+# configuration settings and is linked to most of the assorted content
+# classes via has_many.
+#
+# Once upon a time, there were plans to make typo handle multiple blogs,
+# but it never happened and typo is now firmly single-blog.
 #
-# Typo decides which Blog object to use by searching for a Blog base_url that
-# matches the base_url computed for each request.
 class Blog < ActiveRecord::Base
   include ConfigManager
   extend ActiveSupport::Memoizable
@@ -98,14 +105,8 @@ class Blog < ActiveRecord::Base
     end
   end
 
-  # Find the Blog that matches a specific base URL.  If no Blog object is found
-  # that matches, then grab the default blog.  If *that* fails, then create a new
-  # Blog.  The last case should only be used when Typo is first installed.
-  def self.find_blog(base_url)
-    Blog.default || Blog.create
-  end
-
-  # The default Blog.  This is the lowest-numbered blog, almost always id==1.
+  # The default Blog. This is the lowest-numbered blog, almost always
+  # id==1. This should be the only blog as well.
   def self.default
     find(:first, :order => 'id')
   rescue
@@ -145,30 +146,31 @@ class Blog < ActiveRecord::Base
   # without needing a controller handy, so we can produce URLs from within models
   # where appropriate.
   #
-  # It also uses our new RouteCache, so repeated URL generation requests should be
-  # fast, as they bypass all of Rails' route logic.
+  # It also caches the result in the RouteCache, so repeated URL generation
+  # requests should be fast, as they bypass all of Rails' route logic.
   def url_for(options = {}, extra_params = {})
+    @request ||= BlogRequest.new(self.base_url)
     case options
     when String
-      url_generated = ''
-      url_generated = self.base_url if extra_params[:only_path]
+      if extra_params[:only_path]
+        url_generated = @request.relative_url_root
+      else
+        url_generated = self.base_url
+      end
       url_generated += "/#{options}" # They asked for 'url_for "/some/path"', so return it unedited.
       url_generated += "##{extra_params[:anchor]}" if extra_params[:anchor]
       url_generated
     when Hash
       unless RouteCache[options]
-        options.reverse_merge!(:only_path => true, :controller => '',
+        options.reverse_merge!(:only_path => false, :controller => '',
                                :action => 'permalink')
-        # In Rails > 2.2 the rewrite method use
-        # ActionController::Base.relative_url_root instead of
-        # @request.relative_url_root
+        @url ||= ActionController::UrlRewriter.new(@request, {})
         if ActionController::Base.relative_url_root.nil?
           old_relative_url = nil
         else
           old_relative_url = ActionController::Base.relative_url_root.dup
         end
-        ActionController::Base.relative_url_root = self.base_url
-        @url ||= ActionController::UrlRewriter.new(BlogRequest.new(self.base_url), {})
+        ActionController::Base.relative_url_root = @request.relative_url_root
         RouteCache[options] = @url.rewrite(options)
         ActionController::Base.relative_url_root = old_relative_url
       end

data/app/models/content.rb

@@ -70,7 +70,7 @@ class Content < ActiveRecord::Base
   end
 
   class << self
-    # Quite a bit of this isn't needed anymore.
+    # FIXME: Quite a bit of this isn't needed anymore.
     def content_fields(*attribs)
       @@content_fields[self] = ((@@content_fields[self]||[]) + attribs).uniq
       @@html_map[self] = nil
@@ -268,7 +268,7 @@ class Content < ActiveRecord::Base
   end
 
   def blog
-    Blog.default
+    @blog ||= Blog.default
   end
 
   def publish!
@@ -318,8 +318,7 @@ class Content < ActiveRecord::Base
       rss_groupings(xml)
       rss_enclosure(xml)
       rss_trackback(xml)
-      # TODO: Perhaps permalink_url should produce valid URI's instead of IRI's
-      xml.link Addressable::URI.parse(permalink_url).normalize
+      xml.link normalized_permalink_url
     end
   end
 
@@ -327,13 +326,16 @@ class Content < ActiveRecord::Base
   end
 
   def rss_description(xml)
-    if respond_to?(:user) && self.user && self.user.name
-      rss_desc = "<hr /><p><small>#{_('Original article writen by')} #{self.user.name} #{_('and published on')} <a href='#{blog.base_url}'>#{blog.blog_name}</a> | <a href='#{self.permalink_url}'>#{_('direct link to this article')}</a> | #{_('If you are reading this article elsewhere than')} <a href='#{blog.base_url}'>#{blog.blog_name}</a>, #{_('it has been illegally reproduced and without proper authorization')}.</small></p>"
-    else
-      rss_desc = ""
-    end
     post = html(blog.show_extended_on_rss ? :all : :body)
-    xml.description(blog.rss_description ? post + rss_desc : post)
+    if blog.rss_description
+      if respond_to?(:user) && self.user && self.user.name
+        rss_desc = "<hr /><p><small>#{_('Original article writen by')} #{self.user.name} #{_('and published on')} <a href='#{blog.base_url}'>#{blog.blog_name}</a> | <a href='#{self.permalink_url}'>#{_('direct link to this article')}</a> | #{_('If you are reading this article elsewhere than')} <a href='#{blog.base_url}'>#{blog.blog_name}</a>, #{_('it has been illegally reproduced and without proper authorization')}.</small></p>"
+      else
+        rss_desc = ""
+      end
+      post = post + rss_desc
+    end
+    xml.description(post)
   end
 
   def rss_groupings(xml)
@@ -354,6 +356,11 @@ class Content < ActiveRecord::Base
   def atom_content(entry)
     entry.content(html(:all), :type => 'html')
   end
+
+  # TODO: Perhaps permalink_url should produce valid URI's instead of IRI's
+  def normalized_permalink_url
+    @normalized_permalink_url ||= Addressable::URI.parse(permalink_url).normalize
+  end
 end
 
 class Object

data/app/models/feedback.rb

@@ -35,7 +35,7 @@ class Feedback < Content
     article
   end
 
-  def permalink_url(anchor=:ignored, only_path=true)
+  def permalink_url(anchor=:ignored, only_path=false)
     article.permalink_url("#{self.class.to_s.downcase}-#{id}",only_path)
   end
 

data/app/models/page.rb

@@ -16,7 +16,7 @@ class Page < Content
     eval(list_function.join('.'))
   end
 
-  def permalink_url(anchor=nil, only_path=true)
+  def permalink_url(anchor=nil, only_path=false)
     blog.url_for(
       :controller => '/articles',
       :action => 'view_page',