/* 0.5.1 Beta */ - 04.07.06 - Fixed URL redirect problem in &redirect_header - 04.07.06 - Added 'defined' tests to assumed $ENV variables throughout the PPA. - 04.07.06 - Added -w pragma (no longer necessarily left off for strict mode) - 04.07.06 - Switched all local vars to _PTMLOCAL_ format to avoid any potential shared use / trickling down effect of commonly used var names. All internal local var names are now prefixed with _PTMLOCAL_. Though only generally necessary within functions containing content-related 'eval' statements it was best to implement a standard -- also useful for reading debugging information. - 04.07.06 - Added noted $_PTMLOCAL_CHAR definition to &session_id(). - 04.07.06 - Setup non-breaking DO, PREPROCESS, and REQUIRE tags. These tags no longer take their own line in output unless, of course, there are other contents on the line with them. - 04.10.06 - Reimplemented the $_PTM_PREPROCESS variable to allow for the displaying of PREPROCESS tag code. Generated REQUIRE tag code has also been inserted into the $_PTM_PREPROCESS contents where applicable so it may be seen in display statements as well. - 04.10.06 - Due to the method of reimplementation used to reintegrate $_PTM_PREPROCESS, variables can now be carried over from PREPROCESS tags to all other tags in strict mode. This is due to the linear eval integration used, as opposed to the previous execute-on-encouter PREPROCESS and REQUIRE tag processing format. - 04.10.06 - Fixed &start_session() shift (@_) - 04.10.06 - PTM is now fully pragma -w and strict mode compliant/functional. strict mode (use strict;) is still disabled (commented) by default, though it is highly recommended that strict be used in all possible instances. It may be enabled, of course, on a document-by-document basis by placing "use strict;" at the beginning of the first PREPROCESS or DO tag of your PTM document, or enforced across all PTM documents by uncommenting it in the PPA (ptm.cgi). - 04.16.06 - HTTPS definition method changed from existence of HTTPS environment variable to port 443. - 04.16.06 - Added vars $_HTTP_SCHEMA, $_HTTP_HOST, $_HTTP_REQUEST, and $_HTTP_PATH to provide sectional access and to simplify global var definition. - 04.16.06 - Direct PPA Access Forbidden page DTD header changed to HTML 4.01 Transitional DTD header. - 04.16.06 - Optimized $_SCRIPT definition and start of file processing. - 04.16.06 - "PTM_SCRIPT" is no longer loaded into %_GET when using insecure script passing. This is not to say, of course, that it is no longer used. It is still used necessarily when using insecure script passing -- it's just not loaded into the hash. This makes it easier to loop through the keys of the %_GET variable. - 04.24.06 - TEMPLATE, FILE, and NOHTML tags are now processed from within the final evaluated &_PTM() return string instead of being preprocessed and stored in @_PTM. This means that PREPROCESS and REQUIRE tags within TEMPLATE loaded files will be ignored; the loading file must premanage, or in its own way recreate the PREPROCESS and REQUIRE sections of any TEMPLATE loaded documents. This was a hard decision, but, as dynamically loaded TEMPLATE tag files could potentially contain malicious code, in the interest of security we found this to be the safest default alternative. - 04.24.06 - New function &get_file_text_array() added. /* 0.5.0 Beta */ - 11.10.05 - set_cookies() and delete_cookies() functions adjusted to specify a path of '/' when no path is given for servers that do not have this set as the default. - 11.14.05 - REQUIRE and PREPROCESS tags changed to run immediately upon encounter. This allows primarily for use of preprocessed variables in TEMPLATE, FILE, and NOHTML tags. This has eliminated the @_REQUIRE and $_PTM_PREPROCESS variables. This also means variables can now be carried over from PREPROCESS to standard DO/DISPLAY/etc. tags. Remember to use REQUIRE and PREPROCESS tags ONLY at the top of your documents unless you fully comprehend the processing order, otherwise you may get unintended results. - 11.14.05 - Function get_dir_list() added, which returns a directory listing. - 11.14.05 - is_session() function modified to return whether or not $_SESSION{'ID'} is defined instead of whether or not there is a session ID cookie in place, because sometimes a session must be noted as open or closed on the same page in which the cookie is defined (and therefore not yet set). - 11.14.05 - "our" global var declarations replaced with "use vars" declarations to further system compatibility amongst pre-5.6 perl distros. - 11.29.05 - Changed location of working directory in @INC from the end of the list to the beginning, so as to allow any local modules to override standard Perl modules when necessary. - 12.02.05 - Fixed "count" input bug in the PTMDB module for the following functions: db_get_rows(), db_get_rows_like(), db_get_rows_where() - 12.04.05 - Added the function nohtml() to allow NOHTML tag formatting on in-code text strings. - 12.05.05 - Emulated Integration no longer uses a "?ptm=index.ptm" GET method HTTP query string. Instead, for added security, the new .htaccess redirect now creates a temporary environment variable named PTM -- which, due to the redirection, becomes REDIRECT_PTM -- which stores the requested PTM script name to be read and parsed. This, along with prior security measures, also prevents all means of end users accessing the PPA script directly. - 12.07.05 - As noted in testing, not all Apache hosts support the new mod_rewrite temporary environment variable creation security feature used for Emulated Integration Mode. In light of this, both methods of script name passing have been enabled and a method similar to the original method (example: "?PTM_SCRIPT=index.ptm") has been implemented and set to the default. A new variable, $_USE_SECURE_SCRIPT_PASSING, has been added which can be enabled in cases where the new secure method is supported (set to 1, defaults to 0). Additionally, to circumvent any potential security threats posed by using the old method, any direct access from the end user to the PPA (ptm.cgi) has been completely rerouted to a "Forbidden" page, so there is no security threat posed by using either method. With the provided Emulated Integration Mode .htaccess file both methods are enabled, so either method may be used using the same standard .htaccess file. Servers that do not support the new secure method simply ignore it's integration in the .htaccess file. - 12.12.05 - Removed the variable $_DEFAULT_PTM_FILE, as it has become obsolete. Due to this change, a file name must be given to run PTM in console mode, whereas before it could assume the default file if none was given. - 12.12.05 - Fixed the $_SCRIPT variable in Standalone Install Mode, to return just the requested PTM script's file name instead of its entire path. - 12.12.05 - Adjusted $_DOCUMENT_ROOT and $_PATH to always use forward slashes. - 12.13.05 - Added an RSS20 module to the PTM module set. This new module allows for the importation of RSS 2.0 compatible XML data feeds from either local files or from web accessible internet feeds. - 12.17.05 - Reimplemented the @_REQUIRE variable for legacy purposes. /* 0.4.1 Beta */ - 10.09.05 - Standalone Mode Security Hole Patched A security hole, potentially allowing access to other files within the cgi-bin when installed in Standalone Mode was patched. - 10.09.05 - @_KEYWORDS variable fixed to properly store GET 'keywords' input when installed in Standalone Mode. - 10.09.05 - New function is_secure() added which returns whether or not an HTTPS connection is in use. /* 0.4 Beta */ - 10.01.05 - MySQL database functions added: mysql_connect, mysql_disconnect, mysql_fetch_column_headers, mysql_fetch_column_count, mysql_fetch_row_count, mysql_fetch_row_count_like, mysql_fetch_row_count_where, mysql_fetch_rows, mysql_fetch_rows_like, mysql_fetch_rows_where, mysql_fetch_row, mysql_fetch_row_like, mysql_fetch_row_where, mysql_fetch_row_hashes, mysql_fetch_row_hashes_like, mysql_fetch_row_hashes_where, mysql_fetch_row_hash, mysql_fetch_row_hash_like, mysql_fetch_row_hash_where, mysql_add_row, mysql_add_row_hash, mysql_delete_row, mysql_delete_row_like, mysql_delete_row_where, mysql_update_row, mysql_update_row_like, mysql_update_row_where, mysql_update_row_hash, mysql_update_row_hash_like, mysql_update_row_hash_where - 10.03.05 - New tag type, PREPROCESS (value pairs) the end-user's site related cookies. %_SET_COOKIES stores full "Set-Cookie:" HTTP header cookie strings to be passed into the HTTP headers when the page is written, thereby setting the cookies. %_COOKIES stores all cookies (session and non-session) except those created specifically for PTM SESSIONS (see below). To accompany these new globals, the functions set_cookie() and delete_cookie() have been added which allow for the creation and removal of both session and time-based cookies. As cookies are written via the HTTP headers BEFORE the standard PTM script is run, all modification to these new variables and use of their associated functions must happen in PREPROCESS tags. - 10.03.05 - New global variable %_SESSION added. This is used to set up cookie-based PTM SESSIONS. PTM sessions work basically the same way as standard session cookies, except that specific naming conventions are used behind the scenes to keep all your related session cookies together -- in name=>value pairs in the %_SESSION hash. Additionally, PTM sessions allow for the use of a session ID which, though it can optionally be of the developer's choosing, is generally generated as a computational combination of the end-user's remote address and port, the time, Perl's process ID, and two random numbers (seeded with srand(time() ^ ($$ + ($$ << 15)))) and is no less than 60 numeric digits in length. This method should retain uniqueness among session IDs, even with multiple requests coming from the same machine, or behind the same router, at the same time. To accompany this new variable and session method the following new functions have been added: start_session, end_session, update_session, is_session, session_id, session_name, session_domain, session_path, session_secure, session_add, session_delete. As cookies are written via the HTTP headers BEFORE the standard PTM script is run, all modification to this new variable and use of its associated functions must happen in PREPROCESS tags. - 10.04.05 - All "mysql_" functions renamed to "db_" format and functions have been made to be compatible with various database formats (all SQL compatible, DBI supported databases). This includes, but is far from limited to, MySQL, MS SQL, mSQL, PostgreSQL, Sybase, Oracle, ADO, Informix, etc. - 10.04.05 - db_connect() modified to allow for general connection, and db_select_db() function added. - 10.05.05 - db_select_db() renamed to db_select_database() and db_fetch_column_headers() renamed to db_fetch_columns() (due to confusion in user testing). - 10.05.05 - Functions added: db_fetch_databases, db_fetch_tables, db_query, db_create_database, db_drop_database, db_create_table, db_drop_table, db_fetch_databases, db_fetch_table_stats, db_fetch_tables, db_fetch_process_stats, db_fetch_column_stats, db_fetch_index_stats, db_fetch_indexes. - 10.05.05 - All "db_fetch_" functions renamed to "db_get_" due to memorization potential in user testing. - 10.05.05 - _PTM_FILE() split into _PTM_FILE() and _PTM() so as to allow for seperate PTM implementation in future releases. - 10.05.05 - _PTM_GET_FILE_TEXT() renamed to get_file_text(), thereby making it more readily available to uses for file reading purposes. - 10.05.05 - Functions added: write_file_text, append_file_text - 10.05.05 - Thanks to tester requests, the new REQUIRE tag ( loads the new PTMDB module (see below) Additional Note: you can require more than one module in the same tag by seperating the module names with plain whitespace (space, tab, newline, etc.) - 10.05.05 - To take advantage of the new REQUIRE tag, all PTM database functionality has now been broken out into it's own module, PTMDB.pm. It was broken out so that database functionality need only be loaded into PTM WHEN YOU NEED IT. In other words, if you don't need it, you don't load it, and save yourself the server-side process load time -- because why load something into memory you dont need right? PTM, by default, will run light and clean with only the most necessary functionality (file handling, HTTP headers, cookies/sessions, etc.) built in and you can add in the rest when you want it. After all, why sacrifice speed for power? Don't use a chainsaw for what you can do with a butter knife =P /* 0.3 Alpha */ - Modified %_SERVER to store all environment variables instead of just the selected ones it stored previously. REQUEST_TIME is still supported. - Elimitated the $_DEFAULT_PTM_DIR variable. In it's place new $_PATH and $_DOCUMENT_ROOT global variables have been created. $_PATH automatically adjusts to the calling script's directory based on PATH_TRANSLATED (Apache install), DOCUMENT_ROOT and REQUEST_URI (standalone mode), or cwd (command line mode). Although $_DEFAULT_PTM_DIR is gone, the new variable $_DOCUMENT_ROOT must still be set when installing in standalone mode unless you wish the server's actual DocumentRoot to be used (rare unless you are on a private or 100% dedicated server). $_DOCUMENT_ROOT must be set to the full physical path to your personal DocumentRoot (your base web accessable directory) or the relative path to your personal DocumentRoot from the ptm.cgi script, which is usually placed in your /cgi-bin/ directory. IMPORTANT NOTE: $_DOCUMENT_ROOT should NOT be slash terminated (do not put a slash at the end) - Based on the new $_PATH variable, PTM uses a chdir command to make the calling directory it's present working directory. This allows for the use of Perl's file handling statements (such as 'open') without needing to internally redirect to handle files. - Updated the .htaccess used in standalone mode to accomodate $_PATH method. - PTM can now be used as an Apache install and in standalone mode simultaneously. Intention here is to allow users to be able to install custom or newer versions of PTM on servers which already currently support PTM -- meaning, in the future, PTM 0.6 could be installed in standalone mode for any given user on a server that has PTM 0.5 preinstalled to Apache -- a nice way to stay ahead of hosts that don't update often enough =) - New tag type, NOHTML, created which uses the asterisk (*) as its symbol. The NOTHML tag type imports a file like the FILE tag type does, but it replaces the HTML symbols "&<> with their ordinal macros (e.g. the double quote symbol (") becomes "), thereby making these symbols appear in your HTML output as they should -- the intent here is to provide the ability to display an html file on your page in a textarea or between pre tags. - New global variable $_SCRIPT added. When running in Apache installed or standalone mode $_SCRIPT stores the name of the requested PTM script file. - Added the use of REDIRECT_URL in $_PATH creation in standalone mode in place of REQUEST_URI when htaccess redirection is in use. This allows for htaccess redirection to a script for simplification of URL's on sites that use a lot of GET data -- for example shopping sites that use an htaccess to redirect to "http://www.site.com/10/" instead of "http://www.site.com/?page=10". This makes sure that the ACTUAL script path is put into $_PATH instead of the redirected path. This is important because $_PATH is used to change the PPA script's working directory so files can be handled properly. - New global variable $_BASE added, which is the URL equivalent of $_PATH. While $_URL returns the URL requested by the end user, $_BASE gives you the actual script's directory (without the script name being appended) after any potential htaccess redirection has occured. Intended use: in HTML tags on sites which use the previously mentioned method of htaccess redirection. This ensures images directories and the like are referenced from the intended final destination of the redirections, instead of from the "virtual directories" seen by the end user in the URL. Example: if htaccess redirection is in use to redirect "http://www.site.com/pages/10/" to "http://www.site.com/pages/index.ptm?page=10", $_BASE will store "http://www.site.com/pages/" without the "10/", which would disrupt use of any images or stylesheets on the output page. /* 0.2 Alpha */ - Fixed the processing type (Apache installed, standalone, cmdline) to work with .htaccess redirects for standalone mode -- added a sample .htaccess file for servers that support it (mod_rewrite required). - The PPA hash been changed from ptm.pl to ptm.cgi as most Apache servers using Perl already have the .cgi extension mapped, whereas .pl may not be. - Added a new global variable, $_DEFAULT_PTM_DIR, which is to be set when using the PPA in standalone mode in the cgi-bin, or any directory other than the site's document root. - Tweaked the .htaccess file. By placing the .htaccess file in your web document root, placing the PPA in your cgi-bin, and setting the value of $_DEFAULT_PTM_DIR (absolute or relative system path from the cgi-bin) you can now FULLY emulate PTM having been installed to Apache -- Translation: whether your server supports PTM or not you can write the exact same code; this makes the code entirely portable even from a supported system to a non-supported system (so long as Perl is installed of course). In other words, so long as mod_rewrite is enabled it doesnt matter if your host installs PTM or not, you can still use it the EXACT same way =) - Full Windows/UNIX compatability. Seperate versions in DOS/UNIX file formats saved, packaged, and distributed accordingly. /* 0.1 Alpha */ - First release. See documentation for details.