thomshouse-escher / escher Goto Github PK

Steps to reproduce:

1. using tinyMCE insert image
2. Browse for image
3. Upload image

The following error occurs:
Fatal error: Call to undefined method Model_upload::saveUploadedFile() in /var/escher/controllers/uploads/controller.uploads.php on line 13

HTML filter is not setting defaults, example, when it filters a link, rel="nofollow" does not get set.

helper.headers.php

Line 121-124

if (in_array('theme',$this->jquery)) { $response .= '<link rel="stylesheet" href="' . $CFG['wwwroot'] . '/public/jquery/css/escher/jquery-ui.css" />' . "\n"; }

Invalid authentication request occurs when signing up for a new account when using Facebook and Twitter. (The Account gets created in the DB, but Invalid authentication request occurs every time you try to log in).

For users who already had a Facebook or Twitter account, logging in via Twitter or Facebook works.

Edit

To clarify, the user gets an entry in the user table, but not in user_metadata or user_content

Add the following methods to the $router class:

getPathByInstance($controller,$id=NULL,$absolute=TRUE)
Returns the URL string of the path corresponding to the given controller/id.

getRoute()
Returns the $route model

resolvePath($url,$absolute=TRUE)
resolves a relative path optionally containing shorthand notation to an absolute path (or, if $absolute==FALSE, a path relative to the root of the Escher installation)

Input status will allow the ability to set the callback information on input fields returning a JSON reponse. This method will have name, type, and message.

Name will be the field name and type will be (error, success). Getting the input status will simply return the JSON response for the field names that are set using the set method.

This logic will be contained in the UI helper.

$UI->setInputStatus('name','type','message');
$UI->getInputStatus([$fieldnames=array]);

in Controller_Series.php

action_index($args) { if (empty($this->id)) { Load::Error('500'); } }

$this->id is not set and returns a 500 error.

config.php has the following value
$CFG['root'] = array('controller' => 'blog','id' => 1,'title'=>'Blog');

MySQL
| id | title | permalink_format | mtime | mtype | mid | 1 | Blog | | 2011-12-14 00:43:39 | user | 1

But id is never being transferred to Controller_Blog::id

Provide a way to set the return path after successful authentication using Facebook, Twitter and Google Plugins or a way to return to the current page.

A use case would be if a login action was called from a page or modal and upon successful login, it would return to that page that initiated the login.

The format of model input names, instead of page_123_title, can be model[page][123][title].

New model inputs can be model[page][new][uniqid][title].

Perhaps $model->parseFormData() can be renamed to $model->parseInput().

Also, model views with fields need to conform to some structural standards (to make them compatible-ish with Bootstrap). Ideally using $HTML, $UI, or some other helper.

Metadata and content values are currently stored as EAVs in unstructured tables. This is an anti-pattern that imposes severe limitations on the ability to access and manipulate these fields at an SQL level.

Propose to instead move to a consistent, one-model-per-row approach for metadata and content tables just as it is for a model's primary table. Storage location for a field will be determined by the schema:

• TEXT/BLOB and related fields will always go into model_content.
• Fields flagged as "metadata" => TRUE will be stored in model_metadata.
• All other fields defined in the model schema will simply go into the main model table.

This behavior will be partially reversed for fields registered via plugin hooks:

• Fields must be explicitly flagged as "metadata" => FALSE in ordered to be stored in model; by default, they will be stored in model_metadata.
• Additionally, hooked fields will not be able to override/alter a default model schema field, to preserve the default data and functionality of the model.

We devised a shorthand notation for using getPathByInstance as part of $router->resolvePath(). Shorthand is as follows:

@controller/123 => controller ; instance_id
@controller/action => controller ; action
@controller => controller

We can also attach it to getPathById():

@123 => (route) id

Load::PersistentHelper($definition,array($type[0],'datasource'),$type,$settings);

should be:

return Load::PersistentHelper($definition,array($type[0],'datasource'),$type[1],$settings);

Code in the Escher core currently depends on $router->getPath(), either directly or indirectly (e.g. $this->path inside a controller). This should be revised to use the new functions.

Additionally, $header->redirect() should be modified to use the $router->resolvePath() function.

Default password encryption is the password encryption currently used by the auth type. (i.e., sha1 or md5)
Preferred password encryption is what the passwords will be converted to if not using this encryption type.

Filter removes content if <br> is detected as opposed to <br />

Filter rule //img[ssrc should be //img[src

$router->getPath() returns an array consisting of the current and parent paths... This is awkward.

Replace with component functions, as well as additional functions for related path (URL strings).

getCurrentPath($absolute=TRUE,$args=FALSE)
getParentPath($absolute=TRUE)
getSitePath(...)
getRootPath(...)

In many cases, getSitePath() and getRootPath() will return the same result. However, if a self-contained site has been declared in the routing structure of the installation, getSitePath() will refer to the root of the declared site, not the root of the Escher installation.

Have Facebook and Twitter Plugins use the reserved usernames.

Warning: array_merge(): Argument #1 is not an array in escher/escher/helpers/form/helper.form.php on line 363

Purpose changing this:

$attrs['class'] = array_merge($attrs['class'],$status['status']);

To:

$attrs['class'] = array($attrs['class']); array_unshift($attrs['class'],$status['status']);

Notice: Use of undefined constant ESCHER_DOCUMENT_ROOT - assumed 'ESCHER_DOCUMENT_ROOT'

in escher/index.php line 47:
$this->fileroot = ESCHER_DOCUMENT_ROOT;

should this become
$this->fileroot = ESCHER_FILE_PATH;

or am I missing a reference somewhere?

Add to controllers a protected function $this->dispatch() that will route subrequests to another controller. Arguments could take the following format:

function dispatch(
    string $subcontroller,
    array $args = array(),
    array $options = array(),
    bool $display = FALSE
);

if ($arg[1]=='comments') {
    $this->dispatch(
        'comments',
        array_slice($args,2),
        array('content' => $entry),
        TRUE
    );
}

$this->data['comments'] = $this->dispatch(
    'comments',
    array('page','1'),
    array('content' => $entry)
);

Models used to only check for metadata (or content) if $m->_metadata/$m->_content were TRUE or non-empty arrays. This was changed to accommodate metadata that might exist for disabled plugins. However, I think this can be handled more efficiently without risk of losing "disabled" data:

• Only check for metadata/content if $m->_metadata/$m->_content are non-empty.
• Append "living" schema with metadata/content fieldnames. This will prevent content from being deleted on next save.
• Only set metadata/content if $m->_metadata/$m->_content are non-empty.

The relationship between controller properties and router properties is a mess. Dispatching needs to assign options straight to a controller, but in "regular" requests, the controller tries using properties from the router.

Also, id vs. instance_id vs. model_type and model_id need to be reconciled.

Possible todo: add $router->getController() method for doing the handshake (escher/index.php:67)? Or should this just remain in EscherInit::main()?

Right now, it's a bit cumbersome to implement HMVC. Specifying subcontrollers that can be dealt with directly by the execute() function would be a nice addition.

class Controller_blog extends Controller {
    protected $subcontrollers = array(
        'comments' => 'comments',
        'ratings' => array('plugin','ratings'),
    );

Facebook & Twitter plugins onLogin() methods do not account for local auth

Example:

`if(empty($USER->facebook_uid)) { return; }``

should become

if(empty($USER->facebook_uid) || $USER->auth != 'facebook') { return; }

This is to account for Linking Facebook and Twitter accounts on the local auth type.

Page title should be page_title instead of title.

'facebook_display_name' => string should instead be 'facebook_display_name' => 'string'

Add the ability to access $CFG in a controller:

$this->CFG

And in a view:

$CFG

It would be awesome to create the ability for views to be "extended" along with controller classes.

Example: I want to create a modified version of the "blog" controller.

• The new "myblog" controller would extend the "blog" controller.
• I might modify an action or create a new action, but most functionality would remain the same.
• Similarly, most views could remain the same.

However, because views are physical files, at present they must be copied into the views folder of the new controller.

The process of "extending" views can be done at the object level by tracing its own class inheritance until it finds the requested view (or hits a stop).

while (!exists($file) && $class_name != "Controller") {
    $class_name = getParentClass();
    $file = getFilePath($class_name,$plugin_name);
}```

I have have a small success rate, it works one time, then it just stops working.

I try doing a die_r($this->save()) on the Model_user::register() function and it is empty. I am not sure what is causing the error, I am at a loss.

This only happens on Facebook and Twitter, it does not happen with local registration. The registration vars do get assigned properly, but saving never occurs, it does fire the hook register_error, No server errors, no php errors/warnings. I turn off memcached, and it still doesn't register.

Twitter and Facebook plugins using $user->id instread of $user->user_id.
Facebook registering model plugin for facebook_full_name instead of facebook_display_name

Create a dynamic router, one that will traverse a database-driven heirarchy of route nodes in parent-child relationships (resolved by parent id and route tag).

• Attempt to find route among static routes first.
• If no static route matches, attempt to recursively load dynamic route model (based on parent/root id and next url component) until no model can be found.
• If absolutely no model can be found, return false and fall back to root functionality.

Datasources won't save if "array" schema types are used.

loadjQuery() is attempting to load content from an http address, which is considered insecure and blocks it from loading.

the CDN should load as:

//ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js

instead of

http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js

to account for http and https.

register_success and register_failure on local auth, Facebook, and Twitter.

A method in the headers helper will be able to have the ability to determine if a request is an AJAX request.

In addLink and addJS maybe have something similar to this: (the 2nd answer), or maybe you might have a better idea.

http://stackoverflow.com/questions/118884/what-is-an-elegant-way-to-force-browsers-to-reload-cached-css-js-files

findRoute() should return route info (or FALSE) instead of directly setting object properties.

It looks like Facebook changed something?

It still logs you in and/or registers to the site, but when you click Sign in using Facebook, the message "Invalid authentication request." appears.

This seems like it might be unnecesarry.

i.e.

<div class="clearfix">
    <label>Username</label>
   <div class="input">
      <input type="text" name="username" />
     <span class="help-block">Note: Username must be 5 or more characters.</span>
   </div>
</div>

Models are not being deleted when $obj->delete() is called.

Not sure if there is a way to make this configurable, but I am thinking that maybe the FB and Twitter session should persist by default?

Revamp model schemas to account for storage requirements, default values, keys, etc.

Also create DB (or datasource?) functions to convert a schema to DB statements for creating or modifying a table.

Line 76 in the Twitter Oauth helper.

$userauth = Load::Helper('userauth',array('twitter','oauth'));

should be changed to:

$userauth = Load::Helper(array('twitter','userauth'),'oauth');

Current ACL check()/req() is inefficient for contexts and entities with many ancestors (e.g. dynamic routes, users with many group memberships). Current efficiency is O(n*m).

Refactor ACL so that check() efficiency is O(n+m) or better.

Create validation logic at the model level. Validation rules & behaviors should be part of the schema.

Warning: array_merge(): Argument #2 is not an array in escher/helpers/datasource/db/helper.datasource.db.php on line 287 Warning: array_merge(): Argument #2 is not an array in escher/helpers/datasource/db/helper.datasource.db.php on line 287

(mysqli): SELECT * FROM acl_rule WHERE (resource_type = 'all' AND resource_id = '0')
AND action = 'all' AND context IN('/',0) AND ((context = '/' OR inheritable = 1)) AND
(((entity_type = 'user' AND entity_id IN(1,0)) OR ()))

Query: SELECT * FROM acl_rule WHERE (resource_type = 'all' AND resource_id = '0') AND action = 'all' AND context IN('/',0) AND ((context = '/' OR inheritable = 1)) AND (((entity_type = 'user' AND entity_id IN(1,0)) OR ())) failed. You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ')))' at line 1
1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ')))' at line 1

• File Model - Change $this->allowUpscaling to $this->_allowUpscaling.
• Database Helper - Add break; after content type array is JSON
  encoded.

If I were to go to for example:

http://mysite.com/loginkdjlaskldjaskjldakldjaskldjakljd

it would tun that as http://mysite.com/login

I noticed then when I had 2 similar actions at the root of my domain:

site.com/vote
and
site.com/voteExp

and site.com/voteExp was running it as site.com/vote/

This helper escaped the rename:

`````` escher/escher/helpers/session/datasource/Helper_session_datasource.php```

and this warning appears:
Warning: call_user_func_array() expects exactly 2 parameters, 1 given in escher/escher/helpers/hooks/helper.hooks.php on line 32