Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Added a patch(not a complete one and also not for commit).
Comment | File | Size | Author |
---|---|---|---|
#20 | StatusesTokens.png | 19.71 KB | DrupalDesigner-1 |
#20 | PathAutoTokens.png | 23.51 KB | DrupalDesigner-1 |
#16 | statuses-token-integration-1531976-15.patch | 9.58 KB | mathankumarc |
#16 | statuses-token-integration-file-1531976-15.patch | 12.12 KB | mathankumarc |
#12 | statuses-token-integration-1531976-12.patch | 9.58 KB | mathankumarc |
Comments
Comment #1
mathankumarc CreditAttribution: mathankumarc commentedForget to set the proper status.
Comment #2
mathankumarc CreditAttribution: mathankumarc commentedHere is the patch for token integration. Apply both patches.
Created a new file for token integration in includes/statuses.tokens.inc
Comment #3
IceCreamYou CreditAttribution: IceCreamYou commentedI am not a fan of putting hook implementations in separate include files, especially for core hooks (unless the module automatically looks for those include files, like Views) because it's one more thing you have to know to understand how the module works. Looking at any random module you could reasonably expect to find the hook_token_info() implementation in the .module file. The only way to know how hook_token_info() is discovered, if it is placed in another file, is to look at statuses_init(). Everywhere else where Statuses has split functionality into include files, those files are explicitly included where the files need to be used, so the flow is easy to understand.
One pattern I have used in other projects is to implement hooks like this:
That way the "real" hook implementation is in the location you expect to find it, while the "actual" implementation is in a separate file. A good rule of thumb to determine whether it's worth doing this is whether the code you want to move into a separate file is over 50 lines long.
Use module_load_include() instead of include_once().
This is an unrelated change -- let's address this in a separate issue, and while we're at it, add a space between the strings and concatenation operators.
I find this logic kind of hard to follow. It would be easier to build an array of replacement values like in D6, then build the array to return by iterating over $tokens and doing something like
$replacements[$original] = $values[$name];
The comments submodule has its own Token integration. These tokens were part of the core module's Token integration because they are more relevant to statuses than status comments. They should not be implemented separately, and in fact this would break the token integration of the comments submodule.
Comment #4
mathankumarc CreditAttribution: mathankumarc commentedWill revise the patch.
Comment #5
mathankumarc CreditAttribution: mathankumarc commentedModified the patch as per the comments in #3
.tokens.inc files will be automatically loaded, if its present in module folder(not in any sub-folder of that module)
All the modules are implemented in this way only. Dunno the reason behind it.
Isaac could you please clarify on this. which way we need to follow?
IRC is really helped me a lot on this. @Isaac: when I can catch you on IRC(if possible)
Comment #6
mathankumarc CreditAttribution: mathankumarc commentedcreated a new issue(#1543032: Cleanup theme_fbss_comments_items_email) and committed the changes
Comment #7
IceCreamYou CreditAttribution: IceCreamYou commentedI'm really busy this week and next week so I probably won't be able to be on IRC, though I'll have more time the following week. The patches in #5 look fine to me though.
Comment #8
mathankumarc CreditAttribution: mathankumarc commentedThese descriptions are wrong and needs to be backported.
Now token integration is working fine. if someone confirms it then its RTBC.
Comment #9
mathankumarc CreditAttribution: mathankumarc commentedComment #10
Dave ReidNote: You should no longer have -raw tokens in D7 as you should be providing different token values back if $options['sanitize'] is TRUE or FALSE. Please look at the core token integrations on how they are doing that.
This screams to me that it should be just one $tokens['statuses']['sender'] token of type 'user' so that you can use tokens like [statuses:sender:uid] instead of having to write your own tokens for all the user properties.
Comment #11
mathankumarc CreditAttribution: mathankumarc commentedThanks for your review Dave Reid. Will explore more into core token integration.
Comment #12
mathankumarc CreditAttribution: mathankumarc commentedI'm still confused about the difference between filter_xss() and check_plain(), dunno which one to use for status message and status comment
Comment #13
IceCreamYou CreditAttribution: IceCreamYou commented(Thanks Dave.)
---
See https://drupal.org/node/28984
Basically check_plain() turns HTML markup into plain text by turning e.g. < and > into their equivalent HTML entities. filter_xss() removes malicious HTML markup but leaves the rest. Statuses generally shouldn't use either one directly -- usually status messages pass through _statuses_run_filter() which typically calls check_markup() (which runs input filters over the text).
If you haven't already, you should go to https://drupal.org/user/1315174/edit/newsletter and subscribe to security announcements. If you have other questions about security there is a whole handbook in the documentation on it at https://drupal.org/writing-secure-code
Needs a space between "type" and "(Machine name)"
Remove the word "safe" since Token should now automatically manage the difference between safe and raw tokens
Most if not all of these variables are only used for one token, so this logic can be moved into the individual cases in the switch statement below.
Node titles, usernames, taxonomy terms, etc. should be plain text, so use check_plain() instead of filter_xss().
Again, usernames should be plain text, so use check_plain(). Also, in the case when we're not sanitizing the username, my first thought would be to use theme('username') -- but we should be consistent with what other modules provide as the default.
As above, this logic can be moved into the switch statement
As above, check_plain() instead of filter_xss()
Comment #14
Dave ReidIf you're outputting a user name, it should actually use format_username($account) with a check_plain() on the result if $options['sanitize'] is TRUE.
Comment #15
IceCreamYou CreditAttribution: IceCreamYou commentedHmm. There are probably at least a few other places we should be using format_username() as well (the "user" context's recipient_name() method, the status template preprocessing...) -- let's address that as a minor follow-up to this issue. For future reference, format_username() will likely be deprecated in D8 in favor of entity_label().
Comment #16
mathankumarc CreditAttribution: mathankumarc commentedThanks Isaac and Dave.
Comment #17
IceCreamYou CreditAttribution: IceCreamYou commentedTested and it works. The "Recipient safe name" thing wasn't changed (the word "safe" should be removed) but other than that it should be ready to commit. Let's not forget to follow up with format_username() changes in a separate issue.
Comment #18
mathankumarc CreditAttribution: mathankumarc commentedCommitted to dev. Created new issue of format_username() #1567082: Use format_username() when outputting user name
Comment #20
DrupalDesigner-1 CreditAttribution: DrupalDesigner-1 commentedSorry to reopen a closed post, just want to confirm whether the above committed changes were actually implemented into the 7.x-1.0-beta1 or dev release? As I have tried both versions and am still having problems getting many of the supplied tokens to work in Heartbeat module. For example:
When using the tokens [statuses:sender:uid] and [statuses:recipient-id] respectively, instead of getting the desired usernames the result is the string "name" (not sure where this is coming from as I have 3 users, none of which are called "name") and the linked title of the node. If I try using many of the extended Statuses tokens not listed in Heartbeat Rules (eg. [statuses:sender:name], [statuses:sender:link]), they do not output correctly. I even tried applying the patches above first to the beta and then to the dev version, but this did not fix anything either.
Also when comparing the tokens available in Heartbeat to those available in PathAuto, the list is a lot smaller. Why is this?
I've attached screen grabs of Statuses Tokens in Heartbeat compared to Statuses Tokens in PathAuto. Would appreciate an update on this.
Comment #21
IceCreamYou CreditAttribution: IceCreamYou commentedHeartbeat is a pretty complicated module and may be doing things differently. Should be addressed in a new issue, probably in the heartbeat queue to start with.
Comment #22
DrupalDesigner-1 CreditAttribution: DrupalDesigner-1 commentedThere is actually already an issue in Heartbeat about Statuses integration for D7, it is marked as postponed still. Stalski (maintainer of Heartbeat module) discusses some of the reasons why Statuses is not yet ready for integration towards the bottom of the page. Perhaps you could shed some light in the queue regarding this integration as quite a few people are asking about it. Would be appreciated.