Re: [PHP-DOC] #28519 [NEW]: TASK: identify orphan user notes and mass assign
Jakub, I have committed your patch. It would be good if you could review your code and fix the same errors you have fixed in the previous magic_quotes/register_globals patch - since you submitted this patch before the cleanup. Here it is. Thanks, committed. Goba
Re: [PHP-DOC] #28519 [NEW]: TASK: identify orphan user notes and mass assign
Gabor Hojtsy wrote:
> Jakub, I have committed your patch. It would be good if you could review
> your code and fix the same errors you have fixed in the previous
> magic_quotes/register_globals patch - since you submitted this patch
> before the cleanup.
Here it is.
Jakub VranaIndex: user-notes.php
===
RCS file: /repository/php-master-web/manage/user-notes.php,v
retrieving revision 1.47
diff -u -r1.47 user-notes.php
--- user-notes.php 25 Jun 2004 15:01:10 - 1.47
+++ user-notes.php 25 Jun 2004 15:33:16 -
@@ -121,45 +121,52 @@
case 'mass':
if (!allow_mass_change($user)) { die("You are not allowed to take this action!"); }
head();
+ $step = (isset($_REQUEST["step"]) ? $_REQUEST["step"] : 0);
$where = array();
- if ($old_sect)
-$where[] = "sect = '$old_sect'";
- if ($ids)
-$where[] = "id IN ($ids)";
+ if (!empty($_REQUEST["old_sect"])) {
+$where[] = "sect = '". escape($_REQUEST["old_sect"]) ."'";
+ }
+ if (!empty($_REQUEST["ids"])) {
+if (preg_match('~^([0-9]+, *)*[0-9]+$~i', $_REQUEST["ids"])) {
+ $where[] = "id IN ($_REQUEST[ids])";
+} else {
+ echo "Incorrect format of notes IDs.\n";
+ $step = 0;
+}
+ }
if ($step == 2) {
-if (!mysql_query("UPDATE note SET sect = '$new_sect' WHERE " . implode(" AND ",
$where)))
- echo "Mass change failed: " . mysql_error() . "\n";
-else
- echo "Mass change succeeded.\n";
+db_query("UPDATE note SET sect = '". escape($_REQUEST["new_sect"]) ."' WHERE " .
implode(" AND ", $where));
+echo "Mass change succeeded.\n";
} elseif ($step == 1) {
-if ($new_sect && ($ids || $old_sect)) {
- if (!($result = mysql_query("SELECT COUNT(*) FROM note WHERE " . implode(" AND
", $where
-echo "SQL error: " . mysql_error() . "\n";
- elseif (!($count = mysql_result($result, 0, 0)))
+if (!empty($_REQUEST["new_sect"]) && $where) {
+ db_query("SELECT COUNT(*) FROM note WHERE " . implode(" AND ", $where));
+ if (!($count = mysql_result($result, 0, 0))) {
echo "There are no such notes.\n";
- else {
+ } else {
$step = 2;
$msg = "Are you sure to change section of $count note(s)";
-$msg .= ($ids ? " with IDs $ids" : "");
-$msg .= ($old_sect ? " from section $old_sect" : "");
-$msg .= " to section $new_sect?";
+$msg .= (!empty($_REQUEST["ids"]) ? " with IDs $_REQUEST[ids]" : "");
+$msg .= (!empty($_REQUEST["old_sect"]) ? " from section
$_REQUEST[old_sect]" : "");
+$msg .= " to section $_REQUEST[new_sect]?";
echo "$msg\n";
?>
-
-
-
+">
+">
+">
You have to fill-in new section.\n";
- if (!$ids && !$old_sect)
+ }
+ if (!$where) {
echo "You have to fill-in curent section or notes IDs (or
both).\n";
+ }
}
}
if ($step < 2) {
@@ -170,15 +177,15 @@
Current section:
- (filename without extension)
+ "
size="30" maxlength="80" /> (filename without extension)
Notes IDs:
- (comma separated list)
+ " size="30"
maxlength="80" /> (comma separated list)
Move to section:
-
+ "
size="30" maxlength="80" />
Re: [PHP-DOC] #28519 [NEW]: TASK: identify orphan user notes and mass assign
Here is the second step. It is the form to mass change sections of
notes. I think that moving Nuno's script to the server is not necessary.
It can be easily run locally and through the web interface only changes
can be done.
Then do a select on the notes db and check for non-valid IDs and do a
foreach{} to print a html form to allow us to change the IDs.
The interface should be more universal to allow changes of notes in e.g.
split sections.
Jakub, I have committed your patch. It would be good if you could review
your code and fix the same errors you have fixed in the previous
magic_quotes/register_globals patch - since you submitted this patch
before the cleanup.
Thanks,
Goba
Re: [PHP-DOC] #28519 [NEW]: TASK: identify orphan user notes and mass assign
Well, how should I interpret this? How can we move forward? I wrote my code in the style of rest of the file. I think you can commit it and nothing will brake. Then I (or someone else) can fix the file to not rely on register_globals and good intentions of all users with CVS account ;-). OK, I am on fixing the stuff in the master include files and on the user notes page. But the master site does not seem to be updating again... Goba
Re: [PHP-DOC] #28519 [NEW]: TASK: identify orphan user notes and mass assign
Gabor Hojtsy wrote: > Well, how should I interpret this? How can we move forward? I wrote my code in the style of rest of the file. I think you can commit it and nothing will brake. Then I (or someone else) can fix the file to not rely on register_globals and good intentions of all users with CVS account ;-). Jakub Vrana
Re: [PHP-DOC] #28519 [NEW]: TASK: identify orphan user notes and mass assign
Then still I am conserned about the vulnerability of this code against SQL injection in case magic_quotes is turned off, but AFAIK some other code in the master module also relies on that setting. I would like to ask the system guys first if we still should rely on it? Relying on magic_quotes is not the biggest problem. E.g. this line makes me scared: DELETE FROM note WHERE id=$id Well, how should I interpret this? How can we move forward? Goba
Re: [PHP-DOC] #28519 [NEW]: TASK: identify orphan user notes and mass assign
Gabor Hojtsy wrote: > Then still I am conserned about the vulnerability of this code against > SQL injection in case magic_quotes is turned off, but AFAIK some other > code in the master module also relies on that setting. I would like to > ask the system guys first if we still should rely on it? Relying on magic_quotes is not the biggest problem. E.g. this line makes me scared: > DELETE FROM note WHERE id=$id Jakub Vrana
Re: [PHP-DOC] #28519 [NEW]: TASK: identify orphan user notes and mass assign
Here is the second step. It is the form to mass change sections of
notes. I think that moving Nuno's script to the server is not necessary.
It can be easily run locally and through the web interface only changes
can be done.
Then do a select on the notes db and check for non-valid IDs and do a
foreach{} to print a html form to allow us to change the IDs.
The interface should be more universal to allow changes of notes in e.g.
split sections.
Yep. I am trying to get master.php.net updated again from CVS regularly.
Then still I am conserned about the vulnerability of this code against
SQL injection in case magic_quotes is turned off, but AFAIK some other
code in the master module also relies on that setting. I would like to
ask the system guys first if we still should rely on it?
Goba
Re: [PHP-DOC] #28519 [NEW]: TASK: identify orphan user notes and mass assign
Gabor Hojtsy wrote: > It should have been updated already, but it has not done so, as it > seems... I don't know what might be the problem. There was some DNS change. Cannot be this caused by it? Jakub Vrana
Re: [PHP-DOC] #28519 [NEW]: TASK: identify orphan user notes and mass assign
Here is the second step. It is the form to mass change sections of notes. I think that moving Nuno's script to the server is not necessary. It can be easily run locally and through the web interface only changes can be done. It seems good to me! And what about a mail to the notes mailling list? I think that would be good if the notes ML received a mail saying that the note with id xxx, and with text "blah blah blah" has been moved to $newid. A mail would probably be nice, although not one for every note. P.S.: How many time takes the master server to update the php-master-web checkout? The latest Jakub's changes aren't on-line, are they? It should have been updated already, but it has not done so, as it seems... I don't know what might be the problem. Goba
Re: [PHP-DOC] #28519 [NEW]: TASK: identify orphan user notes and mass assign
> Here is the second step. It is the form to mass change sections of > notes. I think that moving Nuno's script to the server is not necessary. > It can be easily run locally and through the web interface only changes > can be done. > > Jakub Vrana It seems good to me! And what about a mail to the notes mailling list? I think that would be good if the notes ML received a mail saying that the note with id xxx, and with text "blah blah blah" has been moved to $newid. Nuno P.S.: How many time takes the master server to update the php-master-web checkout? The latest Jakub's changes aren't on-line, are they?
Re: [PHP-DOC] #28519 [NEW]: TASK: identify orphan user notes and mass assign
Here is the second step. It is the form to mass change sections of
notes. I think that moving Nuno's script to the server is not necessary.
It can be easily run locally and through the web interface only changes
can be done.
> Then do a select on the notes db and check for non-valid IDs and do a
> foreach{} to print a html form to allow us to change the IDs.
The interface should be more universal to allow changes of notes in e.g.
split sections.
Jakub VranaIndex: user-notes.php
===
RCS file: /repository/php-master-web/manage/user-notes.php,v
retrieving revision 1.39
diff -u -r1.39 user-notes.php
--- user-notes.php 26 May 2004 10:15:09 - 1.39
+++ user-notes.php 28 May 2004 15:42:39 -
@@ -152,6 +152,8 @@
+
+Mass change of sections
Mass change failed: " . mysql_error() . "\n";
+else
+ echo "Mass change succeeded.\n";
+ } elseif ($step == 1) {
+if ($new_sect && ($ids || $old_sect)) {
+ if (!($result = mysql_query("SELECT COUNT(*) FROM note WHERE " . implode(" AND
", $where
+echo "SQL error: " . mysql_error() . "\n";
+ elseif (!($count = mysql_result($result, 0, 0)))
+echo "There are no such notes.\n";
+ else {
+$step = 2;
+$msg = "Are you sure to change section of $count note(s)";
+$msg .= ($ids ? " with IDs $ids" : "");
+$msg .= ($old_sect ? " from section $old_sect" : "");
+$msg .= " to section $new_sect?";
+echo "$msg\n";
+?>
+
+
+
+
+
+
+
+You have to fill-in new section.\n";
+ if (!$ids && !$old_sect)
+echo "You have to fill-in curent section or notes IDs (or
both).\n";
+}
+ }
+ if ($step < 2) {
+?>
+
+
+Change section of notes which fit these criteria:
+
+
+ Current section:
+ (filename without extension)
+
+
+ Notes IDs:
+ (comma separated list)
+
+
+ Move to section:
+
+
+
+
+
+
+
+
+
+Back to notes index\n";
+ foot();
+ exit;
case 'approve':
if ($id) {
if ($result = mysql_query("SELECT * FROM note WHERE id=$id")) {
Re: [PHP-DOC] #28519 [NEW]: TASK: identify orphan user notes and mass assign
> Nuno, thanks for the script. It can be run locally and there will be
> only mass reassignment part on the server. My original idea was to
> have both parts on the server but it would be a bit harder as the list
> of IDs has to be readable on master.php.net somehow.
>
> Jakub Vrana
I think the most simpler ways to get the manual ID are:
* use the first part of my program (need a phpweb/manual/en rsync) (much
faster option)
* use a livedocs DB (need phpdoc checkout)
Then do a select on the notes db and check for non-valid IDs and do a
foreach{} to print a html form to allow us to change the IDs.
Jakub, if you need some help, just mail me!
Nuno
Re: [PHP-DOC] #28519 [NEW]: TASK: identify orphan user notes and mass assign
> Jakub probably already has better experience with this, since he > provided patches for php-master-web before. The code is in > php-master-web/manage/user-notes.php, and that should be extended to > offer an option to mass modify manual IDs (or sections are they are stored). > UPDATE notes SET section = %newsection WHERE section = %oldsection > should be parameterized from the web interface (with appropriate table > and column names of course :). I will take care of this. Nuno, thanks for the script. It can be run locally and there will be only mass reassignment part on the server. My original idea was to have both parts on the server but it would be a bit harder as the list of IDs has to be readable on master.php.net somehow. Jakub Vrana
Re: [PHP-DOC] #28519 [NEW]: TASK: identify orphan user notes and mass assign
Now it would be nice if the person who gets on implementing the mass manual ID reassigment in manage/user-notes.php would speak out, so no more than one guy would be involved with this. What do we need to do here? Do you want a program to go to the master server, so that you type the old ID and a new one, and it will automatically copy the notes? How the notes are stored? Is it in a mysql table?? Jakub probably already has better experience with this, since he provided patches for php-master-web before. The code is in php-master-web/manage/user-notes.php, and that should be extended to offer an option to mass modify manual IDs (or sections are they are stored). UPDATE notes SET section = %newsection WHERE section = %oldsection should be parameterized from the web interface (with appropriate table and column names of course :). Goba
Re: [PHP-DOC] #28519 [NEW]: TASK: identify orphan user notes and mass assign
> Seems like Nuno already completed this part. Would have been better if > he would have noted he works on this, so duplicate work would not be > possible (not that there was duplicate work in this case). Sorry here, but I wasn't planning on working this, but as it was simple to do... > Now it would > be nice if the person who gets on implementing the mass manual ID > reassigment in manage/user-notes.php would speak out, so no more than > one guy would be involved with this. > Goba What do we need to do here? Do you want a program to go to the master server, so that you type the old ID and a new one, and it will automatically copy the notes? How the notes are stored? Is it in a mysql table?? Nuno
Re: [PHP-DOC] #28519 [NEW]: TASK: identify orphan user notes and mass assign
Is there a list of existing IDs somewhere or should I extract them from manual sources? Seems like Nuno already completed this part. Would have been better if he would have noted he works on this, so duplicate work would not be possible (not that there was duplicate work in this case). Now it would be nice if the person who gets on implementing the mass manual ID reassigment in manage/user-notes.php would speak out, so no more than one guy would be involved with this. Goba
Re: [PHP-DOC] #28519 [NEW]: TASK: identify orphan user notes and mass assign
Is there a list of existing IDs somewhere or should I extract them from manual sources? Jakub Vrana
Re: [PHP-DOC] #28519 [NEW]: TASK: identify orphan user notes and mass assign
First step is attached. I checked the notes distribution system and this should not harm it. Commited, great :) Goba
Re: [PHP-DOC] #28519 [NEW]: TASK: identify orphan user notes and mass assign
First step is attached. I checked the notes distribution system and this
should not harm it.
Second step will be the mass processing - checking for orphans and
mass changing of IDs.
Jakub VranaIndex: user-notes.php
===
RCS file: /repository/php-master-web/manage/user-notes.php,v
retrieving revision 1.38
diff -u -r1.38 user-notes.php
--- user-notes.php 9 Feb 2004 16:13:59 - 1.38
+++ user-notes.php 26 May 2004 09:44:56 -
@@ -211,11 +211,7 @@
//$mailto .= get_emails_for_sect($row["sect"]);
mail($mailto,"note $row[id] ".($action == "reject" ? "rejected" :
"deleted")." from $row[sect] by $user","Note Submitter:
$row[user]\n\n\n\n".$row['note'],"From: [EMAIL PROTECTED]: <[EMAIL PROTECTED]>");
if ($action == 'reject') {
- $email = clean_antispam($row['user']);
- if (is_emailable_address($email)) {
-# use an envelope sender that lets us ignore bounces
-mail($email,"note $row[id] rejected and deleted from $row[sect] by notes
editor $user",$reject_text."\n\n- Copy of your note below
-\n\n".$row['note'],"From: [EMAIL PROTECTED]", '[EMAIL PROTECTED]');
- }
+ mail_user($row['user'], "note $row[id] rejected and deleted from $row[sect]
by notes editor $user",$reject_text."\n\n- Copy of your note below
-\n\n".$row['note']);
}
}
@@ -250,13 +246,17 @@
}
$email = isset($email) ? $email : addslashes($row['user']);
+$sect = isset($sect) ? $sect : addslashes($row['sect']);
if (isset($note) && $action == "edit") {
- if (@mysql_query("UPDATE note SET note='$note',user='$email',updated=NOW()
WHERE id=$id")) {
+ if (@mysql_query("UPDATE note SET
note='$note',user='$email',sect='$sect',updated=NOW() WHERE id=$id")) {
// ** alerts **
//$mailto .= get_emails_for_sect($row["sect"]);
mail($mailto,"note $row[id] modified in $row[sect] by
$user",stripslashes($note)."\n\n--was--\n$row[note]\n\nhttp://www.php.net/manual/en/$row[sect].php","From:
[EMAIL PROTECTED]: <[EMAIL PROTECTED]>");
+if (addslashes($row["sect"]) != $sect) {
+ mail_user($email, "note $id moved from $row[sect] to $sect by notes editor
$user", "- Copy of your note below -\n\n".stripslashes($note));
+}
header('Location: user-notes.php?id=' . $id . '&was=' . $action);
exit;
}
@@ -279,6 +279,10 @@
+ Section:
+
+
+
email:
@@ -354,3 +358,12 @@
if ($return) { return $highlighted; }
else { echo $highlighted; }
}
+
+function mail_user($email, $subject, $message)
+{
+ $email = clean_antispam($email);
+ if (is_emailable_address($email)) {
+# use an envelope sender that lets us ignore bounces
+mail($email,$subject,$message,"From: [EMAIL PROTECTED]", '[EMAIL PROTECTED]');
+ }
+}
