Fix new-reference behavior in diff renderer

Rename constructors named from class name to __construct

Fix https url generation

GMP compatibility with PHP 5.6

Installer dev, everything is working now, so far as I can tell

Add transparent support for PDO into installer; further integration of PDO

Removed unused/seldom-used DBAL functions that weren't entirely supported in PDO

Merged

Add PDO support for MySQL

Fixed undefined $errors in mass e-mail function

Merged

Fix double negative in avatar language string ("Don't block animated images" -> "Allow animated images")

Add Output class for Comet (HTTP incremental streams) -- experimental and not working with every browser/apache configuration.

Make redirects send 302 Found instead of 307 to suppress "confirm POST resend" dialog in firefox

DBAL: Persistent connections; also explicitly commit and unlock tables when shutting down

Plugins: support closures

Fixed a few bugs/display issues in search

Fixed minor display issue in login.js

Cacher: Add XCache support (partial)

Merged

Added template context API and render_getpage_norender hook. This allows variable sets to be pushed and popped from $template, so that variables in a template inclusion can be accessed and pre-processed by plugins.

firebugx was breaking things

Small change to generation time formatting to make all pages the same time. Makes apachebench not screw up.

Image scaling: Fixed a bug where (height > width) images would be scaled to the wrong dimensions (GD). Added PNG/GIF transparency support to GD image resizer. Added a cache bypass option to SpecialUpDownload.

Disable output gzipping during file download... it negates the memory usage controls

Typo

Fixed PHP-based JSON decode to output arrays, not objects

AjaxUpload: fixed handling of upload completion

Conditionally declare hex2bin() due to a function of the same name being introduced in PHP 5.4

Improvements and updates to tutorial

Improved vimperator compatibility in jBox

SECURITY: Various security enhancements to password resets. They are now rate-limited by username and IP, and it is possible to disable username autofill for guests.

Fixed CLI installer failing to set the DB version

Release: 1.1.8pl1

Release prep 1.1.8pl1

SECURITY: CSRF protection in Private Messaging, which is a really broken feature and should get the TinyMCE treatment. *sigh* Reported by Secunia.

SECURITY: Fixed XSS in post-login page redirection. Reported by Secunia.

Fixed installer (DB revision was wrong); make editor load jQuery, as the editor requires it now

Removed TinyMCE from licenses page

Removed TinyMCE.

Removed explicit TinyMCE support, replaced with support for arbitrary page_formats. The TinyMCE files will be removed in an upcoming commit.

Added database transaction API. (Untested with Postgres)

Fixed a typo in which()

ajax get_styles is now case insensitive with the theme_id

functions: HTML compressor: fixed handling of <script> blocks which consist only of whitespace

More comments in enanium header

Fixed some variable issues in emailer

ACL permissions viewer has better formatting now

Corrected a link

Added another AJAX editor hook after init is pretty much done

Added set_post() in Request_HTTP

Added some more hooks to the page editing pipeline. It should now be possible to add controls to the page editor, send the data from them out to the server, and process them on the server side.

Fixed a postgresql bug in the File namespace (reported by phirox - thanks)

AES: Fixed wrongfully hardcoded $return_format/$input_format (non-security)

Added conflict resolution for wikitext heading names

Some enhancements to the error handler. It replaces out ENANO_ROOT for security, and if the warning is from dbal.php and ENANO_DEBUG is set, prints out a much more verbose message.

Changed var_export() calls to use "true" as second parameter. Not sure which PHP version it was added in, but I could have sworn it wasn't there last time I checked.

Fixed syntax error in plugins/admin/PageManager.php

Fixed some rather severe issues when changing the urlname of uploaded files

Added FLAC to list of file types. (In other news: I'm an audiophile)

Updated tags

Fixed title[]= too.

Tagged 1.1.8 as current-unstable

Tagged release: 1.1.8

Added a notice to re-import language on 1.1.8 upgrade

Tagged release: 1.1.7pl2

SECURITY: Fix SQL injection in banlist check (1.1.7 branch)

editor: removed extraneous debug info; changed around the order by which the textarea is created and appended to the DOM

Fixed bad language installation docs in common

SECURITY: Fix SQL injection in banlist check

SECURITY: Fix path disclosure in Special:Captcha

common: log Enano upgrades

Added a new "hide-with-mce" CSS class in Dynano; all elements which have it will be hidden when TinyMCE is activated, and re-shown when it is destroyed.

ImageMagick check now notes that only directories in the PATH are checked.

Fixed a table_prefix omission in File namespace code.

Parser updates. Added the "styled" keyword to wikitables to allow them to be styled using the current theme's standard table skinning, and changes to how the image tag parser decides how to display an image (framed, inline or raw).

Added an editor hook that allows plugins to insert their own content right before the editor box.

Fixed a rather major bug with the external link parser: two links in one line now handled gracefully.

Fixed check for iPhone OS 3 - it now returns true on 3.0 or any later version including 4.x

Merged

Fixed password field in HTML login not being focused during >USER_LEVEL_MEMBER auth

Hide the "Create an account" button if registration is disabled (Enanium only, but there is a template boolean called "registration_disabled" so other themes can use it too)

Merged (again)

Converted inlinerename.js in enanium to tabs

So, grinding_halt() now finally uses the new default theme in template_nodb.

Fixed display of username in comments (ranks enabled)

Fixed typo in string acl_inherit_pg_everyone. Fixes issue 22.

Merged from accidental split

Added an API for AJAX file uploads and the monitoring thereof. This is to be used in Snapr and soon core (Special:UploadFile).

Fixed broken handling of password reset response in AJAX login

Fixed some bugs with the change password form when pw_strength_enable is 0.

Fixed some ACL scope warnings

Visual refresh on the textarea in the enanium page editor. Also fixed missing image on the Save Draft button.

Javascript maintenance. Upgraded jQuery; fixed some gzip bugs; added JavascriptCompressor usage to licenses/.

Fixed PHP warning with empty search results

Fixed no plugins showing up in sidebar create block page

Enanium: Link blocks now render properly on the right sidebar, and textual blocks now look good on the left.

Got live reauth working again in the admin cp

Added an icon for Edit Sidebar admin page.

Plugin manager: fixed duplicate removal of whiteout

Experimentally changing how content-length works.

Fixed theme not being loaded in Admin:EditSidebar

Disabled Javascript debugging. That thing has a nasty habit of getting enabled when it shouldn't.

Improved display of comments from foes, and fixed some general issues with the friend and foe lists

Enabled content-length in Special:DownloadFile even when gzip is on. Should probably check the http spec to see if Content-Length should match the decoded or encoded length

Fixed redlinks to special pages + parameters

Files now list what pages use them

ajax.php getpage now cals $template->set_page() so that templates that depend on PAGE_URLNAME etc. will not show errors

Lockouts were displaying separately when they should have been displayed together (incorrect grouping). Possibly breaks Postgres - needs re-test in that environment

Moved sidebar editor into the admin CP. Icon still needs to be added, no Internet right now to go find one. Also fixed a few template related things.

Updated README and KNOWN_BUGS for 1.1.8

jBox now works when horizontally scrolled; fixed case matching inconsistency in autofill

Pending group memberships no longer alter result in rank alterations

Some fixes to autofill with Unicode usernames; fixed a few end user experience pieces of the group CP. Users are now allowed to freely leave GROUP_OPEN and GROUP_REQUEST groups, and must be removed by a group mod for GROUP_CLOSED and GROUP_HIDDEN.

Added template hooks in the JS template compiler. Attach to thook_<template hook name>. Use Echo() to echo HTML; access compiler instance with Template.tpl_{strings,bool}, etc.

Database revision is now shown in ACP home

Added ability for plugins to hook into admin user manager

Improved captcha word generation; fixed duplicate auth parameter in Special:Login privileged login; improved search indexer performance on websites with lots of words

Fixed direction related regression in drop down code

Made login window focus the controls earlier if animations are disabled.

Clean up that GLOBALS silliness.

Default theme can no longer be changed in demo mode

DiffieHellman: gracefully handle platforms that fail the sha256 self test, currently only known to be PowerPC. Added support for PHP's built-in hash functions (they were added in 5.1.2) and use them in lieu of the built-in sha256 implementation when available.

Fixed the (rather expected) 1.0.x migration issues db revision system

First shot at switching to database revision numbers separate from release version number. There are probably bugs, especially related to migration.

Tagged release: 1.1.7pl1

Integrated XSS patch for 1.1.7 maintenance branch

Enanium: Added directionality to simple-header

Oops, maybe I could set English back to LTR :)

Added basic support for right-to-left languages. Set meta_direction to "rtl" in core.json.

SECURITY: Multiple XSS in Special:ChangeStyle. Reported by Mesut Timur of Mavituna Security - thanks! Also removed my stand-in for ucfirst().

Rewrote category editor. This breaks the JSON API. Also fixed a few bugs with how Wiki Mode is set in $paths. (Hopefully that doesn't cause infinite loops, heh). Fixes issue 20.

Added the ability to trust XFF (X-Forwarded-For) headers.

Test commit to verify that ktulu auto sync works properly

Added a box on Admin:UploadConfig showing the value of upload_max_filesize.

Merged (accidental split)

Fixed typo in that, the parameter that was supposed to go to getConfig was going to htmlspecialchars()

Added an ajax auto check for the path to ImageMagick in Admin:UploadConfig

Reordered wiki render stages so images happen before external links. Fixes a parser bug seen, among other places, on the Donation page.

Fixed some cosmetic bugs in Special:AllPages

Fixed registration admin override with account_activation set to disable.

Made separate methods in sessionManager for static and non-static generate_aes_form(), because PHP (erroneously) always calls that method statically.

Merged

Added Diffie-Hellman crypto support into the installer. Fixes issue 13.

Clarified some edit conflict related strings

Fixed lockout list in ACP under PostgreSQL

Merge in changes about legal marks

Fixed various legal marks in the strings of the English language pack

Fixed Gravatars not showing up immediately after save in Avatar UCP

Fixed fread() usage in Request_HTTP not properly handling incomplete responses

Fixed typo in install.json in pgsql "no php extension" error string

Fixed password_score_field onload in Admin:UserManager

Added selection and popup for <pre> tags within wikitext. Also fixed more bugs found in the HTML paragraph parser (mostly self-closing tags e.g. <hr />).

Renderer: fixed the regex that looks for h-tags in reverse_process_headings so it looks forthe new format #head: IDs.

Fixed "waiting for l10n init" and js error in Admin:UserManager

Search: strip HTML tags from result text (DB pages only). Fixes issue 17.

Going ahead with the switch to tabs. This is a major coding standards change! If any unusual parser bugs show up, check this changeset. Converted all .php, .js, .tpl, .css, and .json files and did basic testing.

Introduced configurability for gzip compression. Fixes issue 18.

Replaced (most of) the mini box icons with famfamfam silk icons, they're better looking.

Added https support in Request_HTTP

Fixed "unapproved" status taking precedence over "spam" flag in comment submit and some display related bugs in comments.js

Fixed username not being decoded in Special:ActivateAccount

Merged braches from accidental split

Fixed unescaped ampersands in "&enano_version" cache breaking

URL sanitizer: disabled uppercase letters in URL hex character codes (it was causing conflicts with the Windows/Apache 2.2 alt namespace separator). Thanks Techokami for finding and reporting this bug.

Added var enano_version to installer JS header

Modified paragraph rule to not use recursive parsing; made parsing of code and pre tags much more reliable. Fixes issue 1 (QA: RE-TEST).

Fixed more places where author_uid wasn't right.

Added "days ago" to the Site Started field on admin home

Fixed an example url in install.json pophelp (which may be removed momentarily)

Renamed 1.0.6 -> 1.0.6pl1 upgrade script, migrations from 1.0.6pl1 were broken

Fix: add author_uid in GROUP BY in LogDisplay for PostgreSQL compatibility

Fixed author_uid in activation request insertion

Logins: if the error message string doesn't look like a langstring id, don't prepend "user_err_" to it (some auth plugins are not localized at all, this lets them be without ugly cosmetic bugs)

Somehow I broke automatic localization of special page titles.

End year on Enano copyright dates is dynamic now

DBAL: readded sql_affectedrows(), some plugins were using it

Fixed some bugs with account activation, especially if you're a half-logged-in vegetable.

Sessions: fixed on_critical_page(), it referenced the wrong global; enabled better extensible behavior in the account_active column

Merging scribus and charlie repos

Fixed ENANO_VERSION under databaseless template class

common_cli: Fixed warning with $paths->init() (kind of a hack)

Search: some refinements to algorithm, introduced score promotion for phrase matches and Levenshtein distance based score manipulation

Fixed a bug in getHighestZ() that broke login boxes

Fixed Special:AllPages under PostgreSQL. Thanks phirox from IRC.

Fixed oversanitation of multiple XHTML closing tags in a row

Tagged 1.1.7 as current-unstable

All javascript and css requests now append the version number to the URL to break browser caches and prevent from having to clear the cache upon upgrade

Version bump to 1.1.8

Fixed phrase search, it got really broken somehow

TinyMCE: Bumped to v3.2.7

Fixed two "declaration should be compatible" errors encountered by the BitNami folks. Thanks Neal for reporting.

Beta release: Enano CMS 1.1.7 (Caoineag beta 2) (retag #2)

Detagged 1.1.7

Upgrade: added 1.0.6pl1 migration support, tarball repository will need to be updated

Beta release: Enano CMS 1.1.7 (Caoineag beta 2)

Last minute fix to wikitext code tag

Backout from 1.1.7 due to upgrade issue, fixed and retagging

Beta release: Enano CMS 1.1.7 (Caoineag beta 2)

Backed out of ENANO_INSTALLED check in DBAL, it broke CLI installs badly

OK screw that, put the crypto backend check in functions.

Fixed libenanoinstall/CLI double declaration of run_installer_stage()

Forgot table_prefix in the logs table migrator

Fixed no author_uid in PageProcessor::rename_page()

Added an upgrade hook to populate the author_uid column in logs, pending test by Neal

Added ajaxLoginInit to JS load stub list

Added a graceful dead-end for the tutorial; removed the hash symbols from IRC links per a heads-up from Neal.

AJAX login: Fixed error box failure to destroy upon cancel. Fixes issue 8.

Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.

Wikitext parer: re-added the <code> tag thing

Comments (AJAX): Now paginated server side. Fixes issue 2.

Mod extras: Changed string for RDNS generic failure error

Fixed php_in_pages out-of-scope error in Special:UploadFile; modified RenderMan::preprocess_text() to take a permissions object for any page

ACP: Added lockout management feature

Fixed undefined $score_min in password change. Potential security concern?

Namespace_Default: added a workaround for an inconsistency in SQL. Basically, if you join the same table multiple times under multiple aliases, COUNT() always uses the first instance. Was affecting the comment counter in the "discussion" button.

JSON preparser: fixed corruption of strings that include the exact pattern word, comma, space, word, colon

Merge from accidental split

DBAL: Majorly cleaned up and improved coding standards/documentation

Installer: cleaned up CSS header; updated comments in config.php to not say that passwords are stored with AES (as they are now stored with HMAC-SHA1)

Updated KNOWN_BUGS to point to our issue tracker

Crap, broke page editing. Fixed it.

Drafts saved on nonexistent pages now show up. Fixes issue 7.

Re-merge changes from a2hosting dev

Set up more sensible defaults (UTC, DST off) for timezone preferences. Also modified enano_date() to properly include GMT offsets when timezone characters are used. Fixes issue 4.

CAPTCHA: Added smart autosubmit for registration page. Usability testing was so-so, may back out later.

A couple fixes to permission out-of-scope errors.

Wikitext parser: re-added mailto support

Sessions: Made acl_check_deps() verify scope, so that all of an action's dependencies must apply to the namespace of the given action.

Removed history_rollback_extra action from scope of Special pages, as it's unneeded

PostgreSQL: bugfix in ACL related SQL query

PostgreSQL: Fixed another bug, this time in the log fetch code

Fixed ranks table under PostgreSQL. FIXME, only affects new installations and upgrades, if this bug is encountered in the wild we might want to look at auto-integrating a fix.

Updated default main page with links to the Google Code issue tracker

Improved language for static HTML page delete interface

PostgreSQL: Fixed $session->create_user()

PostgreSQL: Fixed user pages. Also added a columns_in() method to the DBAL to list columns in a table

PostgreSQL: fixed Admin:SecurityLog database error

Plugin block parser: Fixed plugin block parsing for plugin files in CRLF format

Installer sysreqs: Merged all the crypto extensions into one check; altered warnings. Strings are hopefully cleaned up.

common_cli and dbal: Fixed lack of ENANO_INSTALLED check in determining config path

Merge from accidental split

Admin User Manager: When a user with a DB-driven user page is renamed, also change urlname of their user page. Fixes issue 3.

Admin Home: fixed undefined %num_users% in string acphome_msg_inactive_users_plural

Language update for About Enano page ("help achieve" sentence added)

parse_mediawiki: Marked the paragraph bug as non-blocker, delayed until RC1. I have higher priorities than a minor win32 only parsing issue.

Fixed some open_basedir errors in SpecialPageFuncs

Login: Fixed typo that prevented non-DH crypto from working (thanks Keith Schmader)

Added a switch to disable following redirects in Request_HTTP

Hack: temporarily disabled PCRE recursion for Win32 in the paragraph block tag parser until a better parser can be written/adapted

which(): added silencer to shut up errors on servers with open_basedir restriction

Logins: reorganized data structures a bit. WiP - needs test routine done.

Another fix to paragraph bypass behavior, for when the same substring appears more than once in the text

OK, I'm done with the preg_replace() in the paragraph parser. It's too buggy. Replaced with preg_match_all()/str_replace_once().

MiniPrompt: [minor] Added short delay before destruction in whiteOutDestroyWithImage().

Merged from accidental split

More parser work: fixed a few bugs with [[intlinks]] in headers, a bug that caused the paragraph parser to return an empty string, and added a warning/backup-and-restore for when a render stage returns an empty string.

Fixed (more) output buffering bugs in Special:EditSidebar

Javascript lib: UX: When whiteOutReportSuccess() is called on a whiteout over a miniPrompt, the miniPrompt and whiteout are now flown out together. Also, a bit of improvement to message box DOM object destruction code; this fixes problems with message boxes appearing below the shade when ajax auth is done 3 or more times in one page load.

Same issue, was doing an empty() check on $page_urlname in Admin:PageManager and not taking both main pages into account

More blank-urlname bugfixes, this time involving internal links

A bit of refinement and consistency to "Powered by Enano" link and associated documentation

Fixed handling of blank urlname as guest main page / other main page for members

Whoops, it's setHook(), not getHook() (Special:Administration JS core)

HTML login: fixed bad submit under IE

Admin panel: added collapsible tables under GeneralConfig, with room for support on other pages.

Login: if return-to specified and already logged in, jump to return-to instead of main page.

Installer: Fixed "RewriteBase /" bug and some improper Dynano use in formutils.js

Functions: fixed HTML sanitizer to properly preprocess <code> one-liners

Fixed (well, implemented) log clearing functionality on uploaded files.

Request_HTTP: Fixed get_response_body(), added HTTP redirect support, and added support for Content-Length.

Scribus <--> Charlie merge

json2: fixed order of exception classes, it threw fits about missing Zend_Exception in ubuntu's latest PHP 5.2.6

Damn it! gzip_output() was not checking for gzip support in the browser, fixed.

Common: renamed global $title to $urlname (it broke the API from non-plugin Enano scripts)

Removed the $userpage parameter from Namespace_Default::error_404(). It screwed up a couple plugins. (Thanks Mazza for discovering the issue)

Enanium: fixed background in tinymce

Wikitext: added horizontal rule support

Fixed RenderMan::render() flags in default namespace XHTML formatter

Tutorial: improved Creating & Editing page a little bit with respect to wiki formatting stuff

Merging in work done on Charlie with upstream

Fixed a couple bugs with read-only mode and protected pages in the AJAX editor

Sessions: Improved inactive account UX; shuffled around a bit of code so that whitelist checks are shared; fixed a bunch of bugs related to ban code and IPv6 addresses

Enanium: custom header now has an <a> floating above it that links to the main page.

A bit of shuffling around code related to determining the page title from the URL. It's done in common now, and $paths becomes more of an information repository rather than an information gatherer. Note: This BREAKS $paths->fullpage/$paths->getParam() in *_preloader!

Made internal links to the Admin namespace much smarter. (They do the login box and stuff.)

A bit of work on tutorial content, more still needed

Wiki formatter: heading IDs are now name based ("head:" . sanitize_page_id($text)) instead of tocN.

Avatars: fixed animated avatars rejected even when allowed in ACP

Sidebar editor: fixed ob_end_clean() warning

Wiki engine: optimization for empty-text case

Functions: silenced PHP warnings on ob_* functions

JS: MessageBox: Fixed z-index calc

Autofill: fixed missing parameter to $db->fetchrow()

User ACP: redirect to Special:Login on own account deletion

Common: removed cookie_destroy hack

Updated readme for 1.1.7/1.2 series in general

Avatar UCP and ACP: Ported Dynano -> jQuery; merged POST processing code. Added support for IPv6 URLs (avatar UCP and RequestHTTP).

SECURITY: Comments: fix poor sanitization of subject on initial submit

Sessions: whoops, left a debug message in by accident, broke a few redirects

SECURITY: UCP: Added CSRF protection on Profile (unneeded on EmailPassword due to USER_LEVEL_CHPREF requirement)

index: removed that annoying 2-space indent

Fixed some upgrade bugs; added support for choosing one's own date/time formats; rebrand as 1.1.7

Minor fix to SHA256: some indices were not being initted under some circumstances

Added ability for authentication plugins to modify session keys (to allow invalidation when their own authentication data is changed) as well as the ability to disable the built-in password change facility

Blockquote functionality in wikitext parser now allows rendering of other block level elements properly

Login: enabled DiffieHellman on IE8

Login: visual: fixed separator being displayed with only one of 2 checkboxes

Some changes to AJAX login interface, made it a bit more compact with less language, with some Enanium specific modifications to the same.

Made index.php bootstrap smarter and better commented.

More work on rendering engine. Fixed some bugs with paragraph skipping and added (incomplete) support for blockquotes.

Fixed some "declaration should be compatible" errors that showed up under WinXP QA

Sessions: fixed logout() destroying normal session (instead of elevated) if $level = USER_LEVEL_CHPREF. Possible very minor security concern: elevated sessions were not fully destroyed, so if a normal session is opened from the same IP, the elevated one may be reusable for 15 minutes.

Login: Enabled DiffieHellman for iPhone OS 3.0 (it passes unit tests now)

Merged development from Scribus and Charlie

Editor: completely moved wiki edit notice to AJAX fetch, so it's not shipped with the page anymore.

Admin: query string is now preserved on redirect to login

Fixed some formatter engine errors that were exposed through the wiki edit notice

AJAX Login: Fixed all known issues with lockout (and some unknown ones)

Moved User CP profile settings to front page of CP, and changed associated language

Fixed logins with usernames containing Unicode characters

Fixed title formatting in user pages

Tweaked URL sanitizing a bit to make Enanium work better.

Added method add_header_js() to template to allow insertion of code to be run immediately after JS init

Added ability to specify PNG or JPEG as the format of thumbnails/scaled images in Special:DownloadFile

ACL manager: started on IE support; button clicking not working. Other compatibility improvements and bugfixes.

Userpage: rewrite of many CSS rules for better scaling behavior

ACL editor: finally fixed that annoying blank-window bug on rule deletion

Here we go, preload_js() officially added to admin panel. Pray with me.

Renderer: added "smart paragraphs" for templates. <p><b>Foo</b> {bar}</p> where bar is multiline is basically turned into proper XHTML paragraphs.

One word: Internet Explorer 6. This includes a rewrite of $paths->parseAdminTree() that encodes to JSON instead of manually generating JS, so good-bye to stupid parser problems I hope.

AJAX login: fixed lockout string being displayed where it shouldn't be

Enanium: Added some IE6 fixes

Enanium: consolidated jBox and toolbar CSS. Firefox 3.5 did a double-request and it was slowing things down. Thanks YSlow.

Admin theme: fixed onload behavior of collapsible menu

OK, JS preloading on a CDN works perfectly now. I'm sure of it.

Fixed inconsistency in JS component load order between CDN sites and non-CDN sites

Fixed a series of infinite loops with preloading components and placeholders

Enanium: <pre> elements under div.content are now indented

Wiki engine: improved behavior in block level element finding/wrapping algorithm

Template: minor: documented sidebar_widget()

Namespace_Default::bake_cdata() now guesses values for anything missing

jQuery: UI: Upgraded to 1.7.2

Dynano: finally deprecated $() syntax due to jQuery

Fixed one unlocalized string in sidebar editor; fixed sidebar editor jQuery init race condition seen under Firefox and Chromium on 64-bit

SECURITY: Fixed potential XSS in $output->set_title() (introduced: 1.1.6)

History: Fixed missing $q in fetchrow()

Language: fixed improper null return in add_filter()

Fixed decode_unicode_url() trying to parse non-hex %uXXXX sequences

Fixed onload_hooks[] being initted to null after runOnloadHooks() called (should now be initted to an array)

Fixed makeUrl() Javascript version not calling append_sid()

Login and sessions: fixed some improper handling of the config for lockout logic

Wiki formatting: Headings: tolerate spaces after line; added disable_rule method (required for rev. 1029)

SHA256: Fixed broken hashes on 64-bit PHP

Installer: now compatible with new rendering engine

Removed Text_Wiki and Firebug Lite from 3rd party code list

First implementation of new parser; Text_Wiki is now gone. VERY BETA! WiP.

AJAX login: fixed improper run of login_submit_early; fixed failure to redirect if main_page_members == current page

Fixed improper usage of function_exists() in captcha

Merging branches. Revision 2^10! :D

Added support for preloading javascript libs ($template->preload_js()). Updated admin theme and Tigra Tree Menu to support this + JS_{HEADER,FOOTER} variables.

Install: fixed a few bugs that showed up under IE8

Fixed broken javascript magic on Admin:PageGroups

Enabled tiny URL scheme support in installer cli-core

Whoops, plugin upgrades got broken

Minor plugin compatibility fix to Special:Search

Theme selector: fixed disabled themes being displayed

Comments: SECURITY: Fixed IP not recorded in non-JSON submit and a few other non-security issues

Removed Firebug Lite - unused, outdated, and potential licensing issue. All licensing issues should be resolved now.

Fixed missing global $cache; in $plugins->upgrade_plugin();

Set a few queries to buffered due to intermediate queries during fetching

Stats: fixed missing $q in $db->fetchrow()

Comments: fixed failure to supply $q to fetchrow() in JSON fetcher

Clarified some licensing issues from the Fedora project's preliminary review.

Fixed lack of default value in main page field on admin panel

Fixed a PHP warning in Admin:GeneralConfig default theme selection

Disabled Connection: close in AJAX lib (throws error under Chrome 2.0)

JS core: allow setting loaded_components in other scripts

AJAX rdns call now calls is_valid_ip() (security?)

Enanium: bumped top heading down a few px

Class "currentpage" is now added to all internal links, including sidebar buttons, if the link points to the current page.

Whoa! I broke Live Re-Auth, fortunately after the 1.1.6 release.

Sped up AJAX de-auth a little; added a little extra info to login_success JSON responses

Fixed: cache was being used during plugin fetch, so newly placed plugin files were not listed

Fixed two bugs: PluginManager: forgot to import cache; PageManager: now queries pages with buffered query (temporary fix)

Unstable beta release: 1.1.6 (Caoineag beta 1)

Fixed category display not listing entirely

Unstable beta release: 1.1.6 (Caoineag beta 1)

Merged accidental split, we should be ready to push out 1.1.6

Merging from accidental branch split

Plugins: fixed a final system plugin bug

Plugins: fixed a final system plugin bug

Detagged 1.1.6 release - upgrader bug found

Unstable beta release: 1.1.6 (Caoineag beta 1)

Added another word to the CAPTCHA blacklist (thanks Neal).

Updated KNOWN_BUGS

Added protection against obscene words in CAPTCHAs

User homepage/URL is now displayed on user pages

Fixed undefined indices for user_extra in various places

Installer: payload: fixed two minor PHP errors with .htaccess.new and wrong form field name

GeneralConfig: Fixed failure to import $cache during save

Fixed some PHP warnings with API pages

Added minor edit filter to Special:Log

Fixed some bugs with history viewing and log display (wrong row counts, failing to provide result resource, etc.); added "view" button to edits in log display; fixed underscores in auto generated titles

Fixed redirects before $session init not working; fixed failure to load system plugins

A few safety changes to tolerate no $session when it's not available

Enanium: fixed visited wikilink-nonexistent links

Added cache for installed themes

Cut out two queries per page with plugin loader routine

Paths: System messages are cached in RAM now

Replaced the USE with a mysql_select_db() to cut out one query

Band-Aided user_homepage undefined index error in comments.

Render / Template: No longer does exist checks for wikilinks on sidebar

Fixed behavior of log display and title fetch for nonexistent pages

Comment UI / Special:Memberlist: UI consistency for Send PM/Add Buddy links in Memberlist and comment display UI

ajax: theme selector: no longer lists disallowed themes

SpecialPageFuncs: Removed tag cloud sidebar in the name of cutting out an SQL query. It will go into a plugin.

Fixed a couple bugs with admin avatar settings and getConfig() return types

Enanium: left collapse button same size as jBox bars now

Enanium: fixed failure to load on template_nodb

Wikitext redirects should work again + get_redirect() added to Namespace_* to allow plugins to extend

Enanium: move new memberlist above admin buttons + only show for logged-in

Merging from accidental branch split

Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.

Added "About" sidebar block which simply shows the site description.

Enanium: added collapse for left sidebar

Fixed a couple bugs with protection UI; fixed stray <enano:no-opt> in Special:CSS (do people still use that?)

API: Properly handles $title again

Enanium: Set right sidebar as collapsible. Whether I will do the left one I do not know.

Whoops, last commit broke admin stuff.

Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.

Fixed some error display cosmetics in Request_HTTP

Admin: Home: Properly handles Request_HTTP exceptions now

Security log: fixed typo in plugin enable/disable display

Admin theme: Fixed l10n in footer

Enanium: added wikilink-nonexistent

Whoops. LogDisplay sorted by log_id, not time_id.

AJAX: Reset votes: now uses whiteOutMiniPrompt()

Removed "@" from all call_user_func() calls to make debugging special pages and such possible

Renamed smiley conversion script (more descriptive); fixed +x on cli-core.php (both rpmlint warnings, thanks Neal)

Fixed sidebar editor not closing floating windows properly when FX off

Upgrades from stable now skip langimport if it's being done later anyway. Pending testing.

Upgrader: UX: Added welcome page, different between Caoineag and Banshee

DBAL: _die() now detects installation environment and, if present, calls installer UI library for error display chrome

Fixed path to wrong line image in admin CP nav tree

Installer welcome page can tolerate 1.0.x databases again

Fixed session key clearing process, it should work right now.

Made handling of $perms being non-object work properly in template

Cleared up a few discrepancies in page handling, template var init, and how NewsBoy works.

Made upgrades from 1.0.6 work.

Installer: Whoops, moved the start of the main form on sysreqs down too far

Installer: Added recheck button to sysreqs page (thanks Nolan Rollo)

Installer: Form AJAX action no longer fades (too slow!)

Added web.config support for IIS7 URL rewriting.

QA: Schema: fixed urlname in pages was wrong size (both MySQL and PgSQL)

QA: Fixed bad update of user info when user_rank is NULL in Admin:UserManager

Added the indices to the 1.1.5 -> 1.1.6 upgrade schema

Added some more indices to speed some stuff up (MySQL only)

Added the linked-to page of the tutorial (it is, however, a stub at this point)

Installer default content is now modular, and can pivot between starting with a blank site and installing a tutorial site.

Drop-in Enanium as default theme upon install

[QA] User CP: rearranged some things to fix overly tall cells and/or sidescrolling

New primary theme: Enanium

Merging accidental branch split

Fixed log being pushed inwards due to lack of clear: both; before list

Fixed logs not working under postgresql

Removed Special:RecentChanges (phased out)

Fixed division by zero on first day installed.

New, beautiful, rethought Admin:Home. No, really, you'll like it.

Removed unused MIME magic file.

Deletion vote reset is now logged and able to be rolled back

File rollbacks should be all up to date now.

Made Special:Log tolerate literal, unescaped slashes in page names (hack of sorts, but still...)

Meh, finished my half-written-out thought in a FIXME in Special:Log code.

Finished core of log display interface including filter management. There is still a bit of a to-do list, especially regarding rollbacks and reuploads.

Memberlist now shows rank instead of user level in "Title" column. (thanks mm3)

Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.

New page protection UI. Both miniPrompt and failsafe HTML.

Log displayer should support some actions besides edit now

Whoops, page protection code didn't flush page_meta cache