Rebrand as v1.0.6 (Roane)

Merging branches

SECURITY: Fix XSS under IE in closing tags (shared sanitizer)

Minor fix to OS detection in install

Plugins can now register their own custom actions for $_GET["do"]. (Backport from unstable)

Stable release: Enano CMS 1.0.5 (Ferrishyn)

Remove some unused/obsolete release tags

[cosmetic only] lowercase release name in installer splash

Made UX for Windows patch more pleasant including external documentation. Breaking change to dynamic download script.

Updated readme for Ferrishyn

Fixed sanitization of full page IDs with accidental parse of escaped hex character in dirtify_page_id(). Thanks Asterion; see http://forum.enanocms.org/post/20/

Fixed IPv6 address match (the one from phpBB3 did not work)

Fixed SQL parse errors caused by conversion to \r\n by some FTP/zip clients (hackish workaround that isn't Enano's fault)

Forgot to update, merging heads from nighthawk and scribus

Redid tags to match version numbers; only latest release will be tagged as such from now on. Hopefully Mercurial registers this.

Upgrade from 1.0.4 -> 1.0.5 now tolerates errors in user -> user_id transition in tags table

Tagging revision 290 (72ecb951b313) as release, it was never done before.

Backported customizable 404 page from unstable (thanks Vadi); made customizable 404 page have a {STANDARD404} variable available to allow embedding the "default" 404 content.

RNG now uses /dev/urandom instead of /dev/random to fix slowdowns during login. Potentially not as secure, but speed problems on some servers were of blocker severity.

Merging scribus and nighthawk branches

Fixed jBox hover event reference to undefined object

Fixed E_STRICT under PHP 5 and 6 (reference operator in instanciation)

Merging in page['visible'] patch from unstable, pages marked as invisible should now be omitted from searches

Tagging latest revision as rebrand

Rebrand as 1.0.5 (Ferrishyn)

Fixed (again) the user -> user_id transition in enano_tags table

Fixed aclScopeSel control in Safari/KHTML

Added enforced warning about PHP4

Filled and updated out the README for 1.0.4

Backporting cron fixes from unstable

Allowed uppercase characters to be used in the database name (thanks Andrew)

Fixed PHP warning in Rijndael RNG code when open_basedir restriction in effect

Tagging latest revision as rebrand

Rebrand as 1.0.4 (Ellyyllon)

Fixed: RenderMan::getPage() failing with access denial when fetching template and view_source results in deny

Made all captcha fields case-insensitive (thanks pkeating)

Merging scribus and nighthawk branches

Fixed jBox menus failing to appear when window scrolled down

Fixed special pages being returned with subpage information inappropriately from $paths->get_pageid_from_url()

Fixed case where HTML comments were getting stripped when opening tag not followed by whitespace (<!--foo--> was stripped, <!-- foo --> was not, neither is stripped now)

Re-applying the revision with the comment fix (bad merge a couple revs back)

Fixed case where HTML comments were getting stripped when opening tag not followed by whitespace (<!--foo--> was stripped, <!-- foo --> was not, neither is stripped now)

Merging in a couple revisions from Nighthawk

Fixed case-sensitive file extensions

Fixed broken regenCaptcha() in Special:Register

Not sure if $taboo was getting sanitized or not. Possibly an SQL injection vulnerability that allows maliciously crafted group names to inject SQL at a later date when the group CP is loaded. Unconfirmed, theoretical fix.

Removed all PostgreSQL support from the installer as per http://enanocms.org/News:1200114064; installer support for Postgres is available in the 1.1 branch now

PHP4 fix: sidebar missing in installer UI: problem was wrongly named constructor for templateIndividualSafe

Fix undefined E_STRICT under PHP 4; add PHP 4 deprecation notice in admin panel

Installer works again now (for MySQL only)

Adding a few stray files and removing the no-longer-needed Creative Commons Attribution 2.0 license (no more libraries under that license are included with Enano); adding hooks pageprocess_render_{head,tail} to be run before and after the final page render, respectively.

Integrating patch for PHP 6.0-dev compatibility

Fixed search indexer causing duplicate keys when two "words" of 64+ characters encountered and first 64 characters are the same (thanks Vadi); attempt to fix onunload confirmation during page editing

Corrected licensing issue on YoungPup's DOM-Drag (it is now public domain -> GPLv2+ for Enano); fixed wrongful access denial under specific circumstances (fetch_page_acl() on nonexistent page + wiki mode)

Fixed: $paths->page_id not set when the page doesn't exist; finally fixed garbled page names for IP addresses

Merging in a few stray changes from the MySQL branch

A number of updates to the graphing code (it should actually work now)

Many changes. Installer with PostgreSQL is broken badly and will be for some time.

Set Content-type on AJAX login key request to application/json to hopefully block ad injection

SURPRISE! Preliminary PostgreSQL support added. The required schema file is not present in this commit and will be included at a later date. No installer support is implemented. Also in this commit: several fixes including <!-- SYSMSG ... --> was broken in template compiler; set fixed width on included images to prevent the thumbnail box from getting huge; added a much more friendly interface to AJAX responses that are invalid JSON