Wed, 13 Mar 2013 00:18:23 -0400 Dan Fuhry Compatibility band-aids default tip
Tue, 12 Jul 2011 22:49:29 -0400 Dan Fuhry Release: 1.0.6pl4
Tue, 12 Jul 2011 22:37:21 -0400 Dan Fuhry Release prep 1.0.6pl4 1.0.6pl4
Tue, 12 Jul 2011 22:13:37 -0400 Dan Fuhry SECURITY: Fixed several XSS vulns reported by Secunia, mostly in Private Messaging. Also backported CSRF protection API from 1.1.x, and protected Private Messaging and logout functions.
Tue, 16 Nov 2010 12:44:22 -0500 Dan Fuhry Retagged current-stable
Tue, 16 Nov 2010 12:43:24 -0500 Dan Fuhry Tagged release: 1.0.6pl3
Tue, 16 Nov 2010 12:42:36 -0500 Dan Fuhry Version bump to 1.0.6pl3 (the real release number) 1.0.6pl3 current-stable
Tue, 16 Nov 2010 12:20:50 -0500 Dan Fuhry Version bump to 1.0.6pl2
Tue, 16 Nov 2010 12:19:13 -0500 Dan Fuhry SECURITY: Fix SQL injection in banlist check
Mon, 28 Jun 2010 11:11:09 -0400 Dan Fuhry Tagged release: 1.0.6pl2
Mon, 28 Jun 2010 11:00:51 -0400 Dan Fuhry SECURITY: Multiple XSS in Special:ChangeStyle. Reported by Mesut Timur of Mavituna Security - thanks! 1.0.6pl2
Mon, 28 Dec 2009 16:52:41 -0500 Dan Fixed a couple non-security sanitizer and editor bugs
Mon, 28 Dec 2009 12:19:47 -0500 Dan Updated current-stable tag
Mon, 24 Aug 2009 12:33:36 -0400 Dan Stable release: Enano CMS 1.0.6pl1
Sat, 22 Aug 2009 13:31:09 -0400 Dan Fixed lockup on unclosed HTML tags in wikiformat_process_block() 1.0.6pl1
Sat, 22 Aug 2009 13:30:39 -0400 Dan Version bumped to v1.0.6pl1
Fri, 21 Aug 2009 11:50:22 -0400 Dan SECURITY: Comments: fix poor sanitization of subject on initial submit
Sat, 21 Mar 2009 18:58:41 -0400 Dan Merging nighthawk and scribus branches
Sat, 21 Mar 2009 18:57:34 -0400 Dan Fixed typo in function call to check for apache 2.2
Sun, 18 Jan 2009 18:59:29 -0500 Dan Added license block to AmigaLink captcha engine and set this engine as the default; clarified licensing situation for this module in licenses/index.html
Sun, 18 Jan 2009 18:13:48 -0500 Dan Updated current-stable tag
Sun, 18 Jan 2009 18:11:42 -0500 Dan Re-merged 1.0.6 tag
Sun, 18 Jan 2009 18:10:48 -0500 Dan Continuation of previous commit in admin CP; EditSidebar: updated strings to be more accurate (thanks again Vadi)
Sun, 18 Jan 2009 18:10:21 -0500 Dan Pageutils: Also delete page-specific ACL rules when deleting a page (thanks Vadi)
Sun, 18 Jan 2009 18:09:55 -0500 Dan SECURITY: Enforce denied history_view on previous revisions
Sun, 18 Jan 2009 18:09:08 -0500 Dan Removed some crufty CSS classes in enano-shared (thanks Vadi)
Sat, 17 Jan 2009 12:08:28 -0500 Dan Stable release: Enano CMS 1.0.6 (Roane)
Sat, 17 Jan 2009 11:57:02 -0500 Dan Updated readme for Roane 1.0.6
Sat, 17 Jan 2009 11:51:17 -0500 Dan Rebrand as v1.0.6 (Roane)
Sat, 17 Jan 2009 11:32:52 -0500 Dan Merging branches
Sat, 17 Jan 2009 11:32:18 -0500 Dan SECURITY: Fix XSS under IE in closing tags (shared sanitizer)
Sat, 17 Jan 2009 11:31:45 -0500 Dan Minor fix to OS detection in install
Sat, 29 Nov 2008 22:50:19 -0500 Dan Plugins can now register their own custom actions for $_GET["do"]. (Backport from unstable)
Thu, 27 Nov 2008 10:57:50 -0500 Dan Stable release: Enano CMS 1.0.5 (Ferrishyn)
Thu, 27 Nov 2008 10:38:00 -0500 Dan Remove some unused/obsolete release tags 1.0.5
Thu, 27 Nov 2008 10:26:49 -0500 Dan [cosmetic only] lowercase release name in installer splash
Thu, 27 Nov 2008 10:21:58 -0500 Dan Made UX for Windows patch more pleasant including external documentation. Breaking change to dynamic download script.
Tue, 25 Nov 2008 22:08:00 -0500 Dan Updated readme for Ferrishyn
Fri, 07 Nov 2008 08:56:53 -0500 Dan Fixed sanitization of full page IDs with accidental parse of escaped hex character in dirtify_page_id(). Thanks Asterion; see http://forum.enanocms.org/post/20/
Tue, 16 Sep 2008 08:20:14 -0400 Dan Fixed IPv6 address match (the one from phpBB3 did not work)
Wed, 10 Sep 2008 06:57:54 -0400 Dan Fixed SQL parse errors caused by conversion to \r\n by some FTP/zip clients (hackish workaround that isn't Enano's fault)
Fri, 22 Aug 2008 01:05:42 -0400 Dan Forgot to update, merging heads from nighthawk and scribus
Fri, 22 Aug 2008 01:04:20 -0400 Dan Redid tags to match version numbers; only latest release will be tagged as such from now on. Hopefully Mercurial registers this.
Sun, 17 Aug 2008 08:38:15 -0400 Dan Upgrade from 1.0.4 -> 1.0.5 now tolerates errors in user -> user_id transition in tags table
Tue, 05 Aug 2008 14:02:26 -0400 Dan Tagging revision 290 (72ecb951b313) as release, it was never done before.
Tue, 05 Aug 2008 14:02:18 -0400 Dan Backported customizable 404 page from unstable (thanks Vadi); made customizable 404 page have a {STANDARD404} variable available to allow embedding the "default" 404 content.
Mon, 04 Aug 2008 11:44:20 -0400 Dan RNG now uses /dev/urandom instead of /dev/random to fix slowdowns during login. Potentially not as secure, but speed problems on some servers were of blocker severity.
Thu, 26 Jun 2008 21:00:25 -0400 Dan Merging scribus and nighthawk branches
Thu, 26 Jun 2008 20:59:57 -0400 Dan Fixed jBox hover event reference to undefined object
Thu, 26 Jun 2008 20:59:23 -0400 Dan Fixed E_STRICT under PHP 5 and 6 (reference operator in instanciation)
Thu, 12 Jun 2008 10:58:48 -0400 Dan Merging in page['visible'] patch from unstable, pages marked as invisible should now be omitted from searches
Fri, 09 May 2008 23:33:11 -0400 Dan Tagging latest revision as rebrand
Fri, 09 May 2008 23:32:51 -0400 Dan Rebrand as 1.0.5 (Ferrishyn)
Fri, 09 May 2008 23:32:00 -0400 Dan Fixed (again) the user -> user_id transition in enano_tags table
Sun, 13 Apr 2008 17:03:15 -0400 Dan Fixed aclScopeSel control in Safari/KHTML
Sun, 13 Apr 2008 17:02:42 -0400 Dan Added enforced warning about PHP4
Sun, 16 Mar 2008 21:08:37 -0400 Dan Filled and updated out the README for 1.0.4 1.0.4
Sat, 15 Mar 2008 16:34:28 -0400 Dan Backporting cron fixes from unstable
Sun, 02 Mar 2008 21:34:56 -0500 Dan Allowed uppercase characters to be used in the database name (thanks Andrew)
Sun, 02 Mar 2008 14:52:08 -0500 Dan Fixed PHP warning in Rijndael RNG code when open_basedir restriction in effect
Thu, 28 Feb 2008 12:33:25 -0500 Dan Tagging latest revision as rebrand
Thu, 28 Feb 2008 12:33:01 -0500 Dan Rebrand as 1.0.4 (Ellyyllon)
Fri, 22 Feb 2008 12:46:51 -0500 Dan Fixed: RenderMan::getPage() failing with access denial when fetching template and view_source results in deny
Fri, 01 Feb 2008 22:31:57 -0500 Dan Made all captcha fields case-insensitive (thanks pkeating)
Thu, 31 Jan 2008 22:28:40 -0500 Dan Merging scribus and nighthawk branches
Thu, 31 Jan 2008 22:28:12 -0500 Dan Fixed jBox menus failing to appear when window scrolled down
Thu, 31 Jan 2008 21:52:39 -0500 Dan Fixed special pages being returned with subpage information inappropriately from $paths->get_pageid_from_url()
Mon, 28 Jan 2008 23:07:32 -0500 Dan Fixed case where HTML comments were getting stripped when opening tag not followed by whitespace (<!--foo--> was stripped, <!-- foo --> was not, neither is stripped now)
Mon, 28 Jan 2008 23:06:38 -0500 Dan Re-applying the revision with the comment fix (bad merge a couple revs back)
Sun, 27 Jan 2008 23:43:24 -0500 Dan Fixed case where HTML comments were getting stripped when opening tag not followed by whitespace (<!--foo--> was stripped, <!-- foo --> was not, neither is stripped now)
Wed, 23 Jan 2008 19:36:42 -0500 Dan Merging in a couple revisions from Nighthawk
Wed, 23 Jan 2008 19:36:16 -0500 Dan Fixed case-sensitive file extensions
Sun, 20 Jan 2008 23:18:03 -0500 Dan Fixed broken regenCaptcha() in Special:Register
Sat, 19 Jan 2008 00:47:52 -0500 Dan Not sure if $taboo was getting sanitized or not. Possibly an SQL injection vulnerability that allows maliciously crafted group names to inject SQL at a later date when the group CP is loaded. Unconfirmed, theoretical fix.
Fri, 18 Jan 2008 10:35:33 -0500 Dan Removed all PostgreSQL support from the installer as per http://enanocms.org/News:1200114064; installer support for Postgres is available in the 1.1 branch now
Wed, 09 Jan 2008 22:23:09 -0500 Dan PHP4 fix: sidebar missing in installer UI: problem was wrongly named constructor for templateIndividualSafe
Wed, 09 Jan 2008 22:13:42 -0500 Dan Fix undefined E_STRICT under PHP 4; add PHP 4 deprecation notice in admin panel
Tue, 01 Jan 2008 22:50:49 -0500 Dan Installer works again now (for MySQL only)
Tue, 01 Jan 2008 22:30:53 -0500 Dan Adding a few stray files and removing the no-longer-needed Creative Commons Attribution 2.0 license (no more libraries under that license are included with Enano); adding hooks pageprocess_render_{head,tail} to be run before and after the final page render, respectively.
Mon, 31 Dec 2007 21:16:27 -0500 Dan Integrating patch for PHP 6.0-dev compatibility
Thu, 27 Dec 2007 11:35:00 -0500 Dan Fixed search indexer causing duplicate keys when two "words" of 64+ characters encountered and first 64 characters are the same (thanks Vadi); attempt to fix onunload confirmation during page editing
Sun, 23 Dec 2007 17:58:21 -0500 Dan Corrected licensing issue on YoungPup's DOM-Drag (it is now public domain -> GPLv2+ for Enano); fixed wrongful access denial under specific circumstances (fetch_page_acl() on nonexistent page + wiki mode)
Wed, 19 Dec 2007 17:15:48 -0500 Dan Fixed: $paths->page_id not set when the page doesn't exist; finally fixed garbled page names for IP addresses
Tue, 18 Dec 2007 23:47:33 -0500 Dan Merging in a few stray changes from the MySQL branch
Tue, 18 Dec 2007 23:45:43 -0500 Dan A number of updates to the graphing code (it should actually work now)
Tue, 18 Dec 2007 23:44:55 -0500 Dan Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Sat, 15 Dec 2007 18:11:59 -0500 Dan Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Sat, 15 Dec 2007 18:10:14 -0500 Dan SURPRISE! Preliminary PostgreSQL support added. The required schema file is not present in this commit and will be included at a later date. No installer support is implemented. Also in this commit: several fixes including <!-- SYSMSG ... --> was broken in template compiler; set fixed width on included images to prevent the thumbnail box from getting huge; added a much more friendly interface to AJAX responses that are invalid JSON
Wed, 12 Dec 2007 21:46:28 -0500 Dan Stable release: Enano CMS 1.0.3 (Dyrad) 1.0.3
Wed, 12 Dec 2007 21:37:40 -0500 Dan Tagging latest revision for rebrand
Wed, 12 Dec 2007 21:37:23 -0500 Dan Rebrand as 1.0.3 (Dyrad)
Wed, 12 Dec 2007 21:04:20 -0500 Dan SECURITY: CRITICAL: Fix SQL injection in admin CP page editor
Tue, 11 Dec 2007 19:15:26 -0500 Dan Fixed focus of AJAX login form fields in IE; removed stale/unused call to $template->makeParserText() in paginate_array(); added hook page_create_request to possibly help control creation of pages of certain namespaces from plugins; fixed critical bug in user CP that prevented plugins from adding custom CP modules
Mon, 03 Dec 2007 18:45:37 -0500 Dan Improved physical pages: they support comments and have their own dedicated namespace now. Still some consistency fixes to make.
Mon, 03 Dec 2007 17:36:25 -0500 Dan Deprecated debugConsole and removed all calls to it. Added a lot of comments to common.php. Added support for "anonymous pages" that are created when the Enano API is loaded from an external script. Fixed missing border-bottom on Type 2 sidebar blocks in Oxygen.
Sat, 01 Dec 2007 02:39:49 -0500 Dan Fixed: sanitation loop on ampersands in encodeAttribute() (this was MediaWiki's fault)
(0) -300 -100 -96 tip