WordPress.org

Plugin Directory

Changeset 397918


Ignore:
Timestamp:
06/16/11 11:29:37 (3 years ago)
Author:
neoxx
Message:

2.40

  • revised the security model (replaced option Allow anonymous Ajax Refresh Requests with All users can view timezones and added the option Capability to view timezones to define the capability of a certain user to access the timezones)
  • de-coupling of Ajax-refresh-functions and output of wp_localize_script (TimeZoneCalculator is now compatible with [WP Minify](http://wordpress.org/extend/plugins/wp-minify/))
  • small enhancements
Location:
timezonecalculator/trunk
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • timezonecalculator/trunk/js/refresh_jquery.js

    r324398 r397918  
    173173var timezonecalculator_params = new Hashtable(); 
    174174 
    175 timezonecalculator_params.put('compare_string', '<div class="timezonecalculator-refreshable-output"'); 
    176  
    177 timezonecalculator_params.put('fields', 'div.timezonecalculator-refreshable-output'); 
    178  
    179175var timezonecalculator_query_params = new Hashtable(); 
    180176 
    181 timezonecalculator_query_params.put('action', 'timezonecalculator_output'); 
     177jQuery(window).load(function(){ 
     178    if (jQuery('div.timezonecalculator-refreshable-output').length>0) { 
     179        timezonecalculator_params.put('compare_string', '<div class="timezonecalculator-refreshable-output"'); 
    182180 
    183 timezonecalculator_query_params.put('_ajax_nonce', timezonecalculator_refresh_settings._ajax_nonce); 
     181        timezonecalculator_params.put('fields', 'div.timezonecalculator-refreshable-output'); 
    184182 
    185 jQuery(window).load(function(){ 
    186     if (jQuery('div.timezonecalculator-refreshable-output').length>0) 
    187             timezonecalculator_register_refresh(timezonecalculator_params, timezonecalculator_query_params); 
     183        timezonecalculator_query_params.put('action', 'timezonecalculator_output'); 
     184 
     185        timezonecalculator_query_params.put('_ajax_nonce', timezonecalculator_refresh_settings._ajax_nonce); 
     186 
     187        timezonecalculator_register_refresh(timezonecalculator_params, timezonecalculator_query_params); 
     188    } 
    188189}); 
  • timezonecalculator/trunk/js/refresh_prototype.js

    r324398 r397918  
    146146var timezonecalculator_params = new Hash(); 
    147147 
    148 timezonecalculator_params.set('compare_string', '<div class="timezonecalculator-refreshable-output"'); 
    149  
    150 timezonecalculator_params.set('fields', 'div.timezonecalculator-refreshable-output'); 
    151  
    152148var timezonecalculator_query_params = new Hash(); 
    153149 
    154 timezonecalculator_query_params.set('action', 'timezonecalculator_output'); 
     150Event.observe(window, 'load', function(e){ 
     151    if ($$('div.timezonecalculator-refreshable-output').length>0) { 
    155152 
    156 timezonecalculator_query_params.set('_ajax_nonce', timezonecalculator_refresh_settings._ajax_nonce); 
     153            timezonecalculator_params.set('compare_string', '<div class="timezonecalculator-refreshable-output"'); 
    157154 
    158 Event.observe(window, 'load', function(e){ 
    159     if ($$('div.timezonecalculator-refreshable-output').length>0) 
     155            timezonecalculator_params.set('fields', 'div.timezonecalculator-refreshable-output'); 
     156 
     157            timezonecalculator_query_params.set('action', 'timezonecalculator_output'); 
     158 
     159            timezonecalculator_query_params.set('_ajax_nonce', timezonecalculator_refresh_settings._ajax_nonce); 
     160 
    160161            timezonecalculator_register_refresh(timezonecalculator_params, timezonecalculator_query_params); 
     162    } 
    161163}); 
  • timezonecalculator/trunk/readme.txt

    r326361 r397918  
    44Tags: time, date, timezone, calendar, world clock, clock, travel, widget, sidebar, dashboard, shortcode, multisite, multi-site, ajax, javascript, jquery, prototype, bar, admin bar 
    55Requires at least: 2.8 
    6 Tested up to: 3.2 
     6Tested up to: 3.3 
    77Stable tag: trunk 
    88 
     
    261261 
    262262== Changelog == 
     263 
     264= 2.40 = 
     265 
     266* revised the security model (replaced option `Allow anonymous Ajax Refresh Requests` with `All users can view timezones` and added the option `Capability to view timezones` to define the capability of a certain user to access the timezones) 
     267* de-coupling of Ajax-refresh-functions and output of `wp_localize_script` (TimeZoneCalculator is now compatible with [WP Minify](http://wordpress.org/extend/plugins/wp-minify/)) 
     268* small enhancements 
    263269 
    264270= 2.31 = 
  • timezonecalculator/trunk/timezonecalculator.php

    r324421 r397918  
    66Description: Calculates, displays and automatically updates times and dates in different timezones with respect to daylight saving. 
    77Author: Dr. Bernhard Riedl 
    8 Version: 2.31 
     8Version: 2.40 
    99Author URI: http://www.bernhard.riedl.name/ 
    1010*/ 
    1111 
    1212/* 
    13 Copyright 2005-2010 Dr. Bernhard Riedl 
    14  
    15 Inspirations & Proof-Reading 2007-2010 
     13Copyright 2005-2011 Dr. Bernhard Riedl 
     14 
     15Inspirations & Proof-Reading 2007-2011 
    1616by Veronika Grascher 
    1717 
     
    112112        'ajax_refresh_time' => 30, 
    113113        'renew_nonce' => false, 
    114         'anonymous_ajax_refresh' => true, 
    115114        'ajax_refresh_lib' => 'jquery', 
    116115 
     
    127126 
    128127        'include_wordpress_clock_admin_head' => false, 
     128 
     129        'all_users_can_view_timezones' => true, 
     130        'view_timezones_capability' => 'read', 
    129131 
    130132        'view_other_users_timezones_capability' => 'edit_users', 
     
    193195                'ajax_refresh_time' => 'Ajax Refresh Time', 
    194196                'renew_nonce' => 'Renew nonce to assure continous updates', 
    195                 'anonymous_ajax_refresh' => 'Allow anonymous Ajax Refresh Requests', 
    196197                'ajax_refresh_lib' => 'Ajax Refresh Library in Front-End' 
    197198                ) 
     
    229230                'prefer_user_timezones' => 'Prefer User TimeZones', 
    230231                'include_wordpress_clock_admin_head' => 'Display WordPress Clock in Admin Header', 
     232                'all_users_can_view_timezones' => 'All users can view timezones', 
     233                'view_timezones_capability' => 'Capability to view timezones', 
    231234                'view_other_users_timezones_capability' => 'Capability to view timezones-selection of other users', 
    232235                'debug_mode' => 'Enable Debug-Mode' 
     
    301304        */ 
    302305 
    303         wp_register_script($this->get_prefix().'refresh_prototype', $this->get_plugin_url().'js/refresh_prototype.js', array('prototype'), '2.30'); 
    304  
    305         wp_register_script($this->get_prefix().'refresh_jquery', $this->get_plugin_url().'js/refresh_jquery.js', array('jquery', 'jshashtable'), '2.30'); 
     306        wp_register_script($this->get_prefix().'refresh_prototype', $this->get_plugin_url().'js/refresh_prototype.js', array('prototype'), '2.40'); 
     307 
     308        wp_register_script($this->get_prefix().'refresh_jquery', $this->get_plugin_url().'js/refresh_jquery.js', array('jquery', 'jshashtable'), '2.40'); 
    306309 
    307310        wp_register_script($this->get_prefix().'utils', $this->get_plugin_url().'js/utils.js', array('prototype'), '2.10'); 
     
    376379            */ 
    377380 
    378             if ($this->get_option('anonymous_ajax_refresh')) 
     381            if ($this->get_option('all_users_can_view_timezones')) 
    379382                add_action('wp_ajax_nopriv_'.$this->get_prefix().'output', array(&$this, 'wp_ajax_refresh')); 
    380383        } 
     
    637640        } 
    638641 
     642        /* 
     643        maybe upgrade to v2.40? 
     644        */ 
     645 
     646        if (array_key_exists('anonymous_ajax_refresh', $this->options)) 
     647            $this->upgrade_v24(); 
     648 
    639649        $this->log('setting options to '.var_export($this->options, true)); 
    640650 
     
    669679            'use_ajax_refresh', 
    670680            'renew_nonce', 
    671             'anonymous_ajax_refresh', 
    672681            'dashboard_widget', 
    673682            'dashboard_right_now', 
     
    676685            'prefer_user_timezones', 
    677686            'include_wordpress_clock_admin_head', 
     687            'all_users_can_view_timezones', 
    678688            'debug_mode' 
    679689        ); 
    680690 
    681691        foreach ($check_fields as $check_field) { 
    682             $input[$check_field] = ($input[$check_field] == 1 ? true : false); 
     692            $input[$check_field] = (isset($input[$check_field]) && $input[$check_field] == 1 ? true : false); 
    683693        } 
    684694 
     
    709719            'calculator', 
    710720            'world_clock_tools_page', 
     721            'view_timezones', 
    711722            'view_other_users_timezones' 
    712723        ); 
     
    715726 
    716727        foreach ($capability_fields as $capability_field) { 
    717             if (!in_array($input[$capability_field.'_capability'], $capabilities)) 
     728            if (isset($input[$capability_field.'_capability']) && !in_array($input[$capability_field.'_capability'], $capabilities)) 
    718729                unset($input[$capability_field.'_capability']); 
    719730        } 
     
    907918        $settings['use_container']='1'; 
    908919        $settings['display']='1'; 
    909         $settings['anonymous_ajax_refresh']='1'; 
     920        $settings['all_users_can_view_timezones']='1'; 
    910921 
    911922        /* 
     
    914925 
    915926        $settings=$this->settings_validate($settings); 
     927 
     928        /* 
     929        store new settings 
     930        */ 
     931 
     932        update_option($this->get_prefix(false), $settings); 
     933 
     934        $this->log('upgrade finished. - retrieved options are: '.var_export($settings, true)); 
     935    } 
     936 
     937    /* 
     938    upgrade options to TimeZoneCalculator v2.40 
     939    */ 
     940 
     941    private function upgrade_v24() { 
     942  
     943        $this->log('upgrade options to '.$this->get_nicename().' v2.40'); 
     944 
     945        /* 
     946        rename setting 
     947        */ 
     948 
     949        $this->options['all_users_can_access_timezones']=$this->options['anonymous_ajax_refresh']; 
     950 
     951        unset($this->options['anonymous_ajax_refresh']); 
     952 
     953        $settings=array(); 
     954 
     955        $settings['defaults']=$this->defaults; 
     956        $settings['options']=$this->options; 
    916957 
    917958        /* 
     
    10511092        */ 
    10521093 
     1094        if (!$this->get_option('all_users_can_view_timezones') && !current_user_can($this->get_option('view_timezones_capability'))) 
     1095            die('-1'); 
     1096 
    10531097        $security_string.=$action.str_replace(array('\n', "\n"), '', $query_string); 
    10541098 
     
    11111155 
    11121156        /* 
    1113         call function output/count 
     1157        call function output 
    11141158        */ 
    11151159 
     
    13941438    */ 
    13951439 
    1396     function calculate_date($query_time, $query_timezone, $current_utc=TIMEZONECALCULATOR_CURRENTGMDATE) { 
     1440    function calculate_date($query_time, $query_timezone=null, $current_utc=TIMEZONECALCULATOR_CURRENTGMDATE) { 
    13971441        $ret_val=false; 
    13981442 
     
    18151859 
    18161860    function head_meta() { 
    1817         echo("<meta name=\"".$this->get_nicename()."\" content=\"2.31\"/>\n"); 
     1861        echo("<meta name=\"".$this->get_nicename()."\" content=\"2.40\"/>\n"); 
    18181862    } 
    18191863 
     
    19782022 
    19792023        global $wp_admin_bar; 
    1980         $wp_admin_bar->add_menu(array( 'id' => $this->get_prefix(false), 'title' => $wordpress_clock_span, 'href' => $clock_href)); 
     2024 
     2025        if (!is_object($wp_admin_bar)) 
     2026            return false; 
     2027 
     2028        $wp_admin_bar->add_menu( 
     2029            array( 
     2030                'id' => $this->get_prefix(false), 
     2031                'title' => $wordpress_clock_span, 
     2032                'href' => $clock_href 
     2033            ) 
     2034        ); 
    19812035    } 
    19822036 
     
    20032057 
    20042058    function refresh_print_scripts() { 
     2059 
     2060        /* 
     2061        security check 
     2062        */ 
     2063 
     2064        if (!$this->get_option('all_users_can_view_timezones') && !current_user_can($this->get_option('view_timezones_capability'))) 
     2065            return; 
     2066 
    20052067        $ajax_refresh_lib=$this->get_option('ajax_refresh_lib'); 
    20062068 
     
    20172079        */ 
    20182080 
    2019         if (defined('WP_ADMIN') && WP_ADMIN) { 
     2081        if (is_admin()) { 
    20202082            $ajax_refresh_lib='jquery'; 
    20212083 
     
    20332095        $_ajax_nonce=wp_create_nonce($security_string); 
    20342096 
    2035         wp_localize_script($this->get_prefix().'refresh'.$ajax_refresh_lib, $this->get_prefix().'refresh_settings', array('ajax_url' => admin_url('admin-ajax.php'), 
    2036 '_ajax_nonce' => $_ajax_nonce, 'refresh_time' => $this->get_option('ajax_refresh_time'))); 
     2097        wp_localize_script( 
     2098            $this->get_prefix().'refresh'.$ajax_refresh_lib, 
     2099            $this->get_prefix().'refresh_settings', 
     2100            array( 
     2101                'ajax_url' => admin_url('admin-ajax.php'), 
     2102                '_ajax_nonce' => $_ajax_nonce, 
     2103                'refresh_time' => $this->get_option('ajax_refresh_time') 
     2104            ) 
     2105        ); 
    20372106    } 
    20382107 
     
    22522321 
    22532322        /* 
     2323        security check 
     2324        */ 
     2325 
     2326        if (!$this->get_option('all_users_can_view_timezones') && !current_user_can($this->get_option('view_timezones_capability'))) 
     2327            throw new Exception('You are not authorized to view timezones!'); 
     2328 
     2329        /* 
    22542330        fill params with default-values 
    22552331        */ 
     
    28462922        </ul></div> 
    28472923 
    2848         <div class="<?php echo($this->get_prefix()); ?>wrap"> 
     2924        <div id="<?php echo($this->get_prefix()); ?>content" class="<?php echo($this->get_prefix()); ?>wrap"> 
     2925 
     2926        <script type="text/javascript"> 
     2927 
     2928        /* <![CDATA[ */ 
     2929 
     2930        if ($('<?php echo($this->get_prefix()); ?>content')) 
     2931            $('<?php echo($this->get_prefix()); ?>content').style.display="none"; 
     2932 
     2933        /* ]]> */ 
     2934 
     2935        </script> 
    28492936 
    28502937        <?php if ($is_wp_options) { ?> 
     
    29233010 
    29243011    /* 
    2925     display js-menu 
     3012    display js-menu and content-block 
    29263013    if js has been disabled, 
    29273014    the menu will not be visible 
     
    29293016 
    29303017    $('<?php echo($this->get_prefix()); ?>menu').style.display="block"; 
     3018 
     3019    $('<?php echo($this->get_prefix()); ?>content').style.display="block"; 
    29313020 
    29323021    /* ]]> */ 
     
    33153404    */ 
    33163405 
    3317     private function neotrinity_support() { ?> 
     3406    private function neotrinity_support() { 
     3407        global $user_identity; ?> 
    33183408        <h3>Support</h3> 
    3319         If you like to support the development of <?php echo($this->get_nicename()); ?>, you can invite me for a <a target="_blank" href="https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&amp;business=bernhard%40riedl%2ename&amp;item_name=Donation%20for%20TimeZoneCalculator&amp;no_shipping=1&amp;no_note=1&amp;tax=0&amp;currency_code=EUR&amp;bn=PP%2dDonationsBF&amp;charset=UTF%2d8">virtual pizza</a> for my work. <?php echo(convert_smilies(':)')); ?><br /><br /> 
     3409        <?php echo($user_identity); ?>, if you would like to support the development of <?php echo($this->get_nicename()); ?>, you can invite me for a <a target="_blank" href="https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&amp;business=bernhard%40riedl%2ename&amp;item_name=Donation%20for%20TimeZoneCalculator&amp;no_shipping=1&amp;no_note=1&amp;tax=0&amp;currency_code=EUR&amp;bn=PP%2dDonationsBF&amp;charset=UTF%2d8">virtual pizza</a> for my work. <?php echo(convert_smilies(':)')); ?><br /><br /> 
    33203410 
    33213411        <form action="https://www.paypal.com/cgi-bin/webscr" method="post"><input type="hidden" name="cmd" value="_xclick" /><input type="hidden" name="business" value="&#110;&#101;&#111;&#64;&#x6E;&#x65;&#x6F;&#x74;&#x72;&#105;&#110;&#x69;&#x74;&#x79;&#x2E;&#x61;t" /><input type="hidden" name="item_name" value="Donation for TimeZoneCalculator" /><input type="hidden" name="no_shipping" value="2" /><input type="hidden" name="no_note" value="1" /><input type="hidden" name="currency_code" value="EUR" /><input type="hidden" name="tax" value="0" /><input type="hidden" name="bn" value="PP-DonationsBF" /><input type="image" src="https://www.paypal.com/en_US/i/btn/x-click-but04.gif" style="border:0" name="submit" alt="Make payments with PayPal - it's fast, free and secure!" /><img alt="if you like to, you can support me" src="https://www.paypal.com/en_US/i/scr/pixel.gif" width="1" height="1" /></form><br /> 
     
    37193809            <li>Due to security reasons, the time for <abbr title="asynchronous JavaScript and XML">Ajax</abbr> updates will be limited by default. WordPress normally defines this time to be 24 hours. If you activate <em>Renew nonce to assure continous updates</em> you override this security feature but provide unlimited time for <abbr title="asynchronous JavaScript and XML">Ajax</abbr> updates of your timezones.</li> 
    37203810 
    3721             <li>You can also choose to allow only logged in users to execute <abbr title="asynchronous JavaScript and XML">Ajax</abbr> refresh operations if you deactivate the option <em>Allow anonymous Ajax Refresh Requests</em>.</li> 
    3722  
    37233811            <li>In the last option, <em>Ajax Refresh Library in Front-End</em>, you can choose whether to use <a target="_blank" href="http://jquery.com/">jQuery</a> or <a target="_blank" href="http://www.prototypejs.org/">Prototype</a> for the Ajax Refresh in your theme.</li> 
    37243812        </ul> 
     
    37263814 
    37273815    function setting_use_ajax_refresh($params=array()) { 
    3728         $this->setting_checkfield('use_ajax_refresh', 'options', array('ajax_refresh_time', 'renew_nonce', 'anonymous_ajax_refresh', 'ajax_refresh_lib')); 
     3816        $this->setting_checkfield('use_ajax_refresh', 'options', array('ajax_refresh_time', 'renew_nonce', 'ajax_refresh_lib')); 
    37293817    } 
    37303818 
     
    37353823    function setting_renew_nonce($params=array()) { 
    37363824        $this->setting_checkfield('renew_nonce', 'options'); 
    3737     } 
    3738  
    3739     function setting_anonymous_ajax_refresh($params=array()) { 
    3740         $this->setting_checkfield('anonymous_ajax_refresh', 'options'); 
    37413825    } 
    37423826 
     
    38283912            <li><a href="options-general.php">Your local WordPress Date/Time</a> can be displayed in the <?php if ($this->has_wp_admin_bar()) echo('Admin Bar'); else echo('header of the Admin Menu'); ?> if you enable <em>Display WordPress Clock in Admin <?php if ($this->has_wp_admin_bar()) echo('Bar'); else echo('Header'); ?></em>.</li> 
    38293913 
    3830             <li>As it may be a privacy invasion to provide someone with access to a certain user's timezones-selection, you can define the <em><a target="_blank" href="http://codex.wordpress.org/Roles_and_Capabilities">Capability</a> to view timezones-selection of other users</em>.</li> 
     3914            <li>If you want to keep the timezones as a secret, you can deactivate <em>All users can view timezones</em>. In that case, only users with the <em><a target="_blank" href="http://codex.wordpress.org/Roles_and_Capabilities">Capability</a> to view timezones</em> can access this information.</li> 
     3915 
     3916            <li>As it may be a privacy invasion to provide someone with access to a certain user's timezones-selection, you can define in addition the <em><a target="_blank" href="http://codex.wordpress.org/Roles_and_Capabilities">Capability</a> to view timezones-selection of other users</em>. In others words, if Alice wants to access Bob's timezones-selection, she needs to have both of the mentioned capabilities.</li> 
    38313917 
    38323918            <li>The <em>Debug Mode</em> can be used to have a look on the actions undertaken by <?php echo($this->get_nicename()); ?> and to investigate unexpected behaviour.</li> 
     
    38423928    function setting_include_wordpress_clock_admin_head($params=array()) { 
    38433929        $this->setting_checkfield('include_wordpress_clock_admin_head', 'options'); 
     3930    } 
     3931 
     3932    function setting_all_users_can_view_timezones($params=array()) { 
     3933        $this->setting_checkfield('all_users_can_view_timezones', 'options', array('view_timezones_capability'), false); 
     3934    } 
     3935 
     3936    function setting_view_timezones_capability($params=array()) { 
     3937        $this->setting_capability('view_timezones', 'options'); 
    38443938    } 
    38453939 
     
    40444138    - `prefer_user_timezones`: prefer user set timezones - if they exist - to global or function call timezones; default is `false` 
    40454139 
    4046     - `use_container`: if set to `true` (default value), the current UTC is used as `query_time` and the same selected stats and format is used as set in the admin menu, TimeZoneCalculator wraps the output in a html div with the class `timezonecalculator-refreshable-output` - the class `timezonecalculator-output` will be used for all other output; if you set `use_container` to `false`, no container div will be generated 
     4140    - `use_container`: if set to `true` (default value), the current UTC is used as `query_time` and the same selected timezones and format is used as set in the admin menu, TimeZoneCalculator wraps the output in a html div with the class `timezonecalculator-refreshable-output` - the class `timezonecalculator-output` will be used for all other output; if you set `use_container` to `false`, no container div will be generated 
    40474141 
    40484142    - `display`: if you want to return the timezone-information (e.g. for storing in a variable) instead of echoing it with this function-call, set this to `false`; default setting is `true` 
     
    44824576            $prefer_user_timezones=$instance['prefer_user_timezones']; 
    44834577 
     4578        $params=array( 
     4579            'use_container' => true, 
     4580            'display' => false, 
     4581            'prefer_user_timezones' => $prefer_user_timezones 
     4582        ); 
     4583 
     4584        $timezones=$timezonecalculator->output($params); 
     4585 
     4586        if (empty($timezones)) 
     4587            return; 
     4588 
    44844589        echo $before_widget; 
    44854590        echo $before_title . $title . $after_title; 
    44864591 
    4487         $params=array( 
    4488             'use_container' => true, 
    4489             'display' => true, 
    4490             'prefer_user_timezones' => $prefer_user_timezones 
    4491         ); 
    4492  
    4493         $timezonecalculator->output($params); 
    4494  
    4495             echo $after_widget; 
     4592        echo $timezones; 
     4593 
     4594        echo $after_widget; 
    44964595    } 
    44974596 
Note: See TracChangeset for help on using the changeset viewer.