| Mon, 28 Jun 2010 10:43:04 -0400 |
Dan Fuhry |
SECURITY: Multiple XSS in Special:ChangeStyle. Reported by Mesut Timur of Mavituna Security - thanks! Also removed my stand-in for ucfirst().
|
file |
diff |
annotate
|
| Sun, 16 May 2010 21:35:43 -0400 |
Dan |
Added the ability to trust XFF (X-Forwarded-For) headers.
|
file |
diff |
annotate
|
| Sun, 02 May 2010 23:15:18 -0400 |
Dan |
Added a box on Admin:UploadConfig showing the value of upload_max_filesize.
|
file |
diff |
annotate
|
| Sun, 28 Mar 2010 23:10:46 -0400 |
Dan |
Going ahead with the switch to tabs. This is a major coding standards change! If any unusual parser bugs show up, check this changeset. Converted all .php, .js, .tpl, .css, and .json files and did basic testing.
|
file |
diff |
annotate
|
| Sun, 28 Mar 2010 21:49:26 -0400 |
Dan |
Introduced configurability for gzip compression. Fixes issue 18.
|
file |
diff |
annotate
|
| Sat, 20 Mar 2010 16:05:38 -0400 |
Dan |
Fixed "unapproved" status taking precedence over "spam" flag in comment submit and some display related bugs in comments.js
|
file |
diff |
annotate
|
| Sun, 07 Feb 2010 17:07:42 -0500 |
Dan |
URL sanitizer: disabled uppercase letters in URL hex character codes (it was causing conflicts with the Windows/Apache 2.2 alt namespace separator). Thanks Techokami for finding and reporting this bug.
|
file |
diff |
annotate
|
| Wed, 06 Jan 2010 02:02:51 -0500 |
Dan |
Fixed some bugs with account activation, especially if you're a half-logged-in vegetable.
|
file |
diff |
annotate
|
| Tue, 05 Jan 2010 09:56:00 -0500 |
Dan |
Fixed ENANO_VERSION under databaseless template class
|
file |
diff |
annotate
|
| Mon, 28 Dec 2009 16:53:19 -0500 |
Dan |
Fixed oversanitation of multiple XHTML closing tags in a row
|
file |
diff |
annotate
|
| Fri, 18 Dec 2009 21:21:59 -0500 |
Dan |
OK screw that, put the crypto backend check in functions.
|
file |
diff |
annotate
|
| Thu, 17 Dec 2009 04:26:21 -0500 |
Dan |
JSON preparser: fixed corruption of strings that include the exact pattern word, comma, space, word, colon
|
file |
diff |
annotate
|
| Sat, 12 Dec 2009 15:43:23 -0500 |
Dan |
Set up more sensible defaults (UTC, DST off) for timezone preferences. Also modified enano_date() to properly include GMT offsets when timezone characters are used. Fixes issue 4.
|
file |
diff |
annotate
|
| Mon, 09 Nov 2009 09:18:29 -0500 |
Dan |
which(): added silencer to shut up errors on servers with open_basedir restriction
|
file |
diff |
annotate
|
| Sat, 26 Sep 2009 15:21:51 -0400 |
Dan |
More blank-urlname bugfixes, this time involving internal links
|
file |
diff |
annotate
|
| Sun, 20 Sep 2009 02:51:54 -0400 |
Dan |
Functions: fixed HTML sanitizer to properly preprocess <code> one-liners
|
file |
diff |
annotate
|
| Fri, 11 Sep 2009 09:55:24 -0400 |
Dan |
Damn it! gzip_output() was not checking for gzip support in the browser, fixed.
|
file |
diff |
annotate
|
| Fri, 21 Aug 2009 20:37:18 -0400 |
Dan |
A bit of shuffling around code related to determining the page title from the URL. It's done in common now, and $paths becomes more of an information repository rather than an information gatherer. Note: This BREAKS $paths->fullpage/$paths->getParam() in *_preloader!
|
file |
diff |
annotate
|
| Fri, 21 Aug 2009 15:37:23 -0400 |
Dan |
Functions: silenced PHP warnings on ob_* functions
|
file |
diff |
annotate
|
| Thu, 20 Aug 2009 20:01:55 -0400 |
Dan |
Fixed some upgrade bugs; added support for choosing one's own date/time formats; rebrand as 1.1.7
|
file |
diff |
annotate
|
| Wed, 29 Jul 2009 11:48:54 -0400 |
Dan |
Tweaked URL sanitizing a bit to make Enanium work better.
|
file |
diff |
annotate
|
| Mon, 06 Jul 2009 11:26:21 -0400 |
Dan |
Fixed decode_unicode_url() trying to parse non-hex %uXXXX sequences
|
file |
diff |
annotate
|
| Sun, 21 Jun 2009 00:20:32 -0400 |
Dan |
First implementation of new parser; Text_Wiki is now gone. VERY BETA! WiP.
|
file |
diff |
annotate
|
| Thu, 14 May 2009 11:34:24 -0400 |
Dan |
A few safety changes to tolerate no $session when it's not available
|
file |
diff |
annotate
|
| Sun, 10 May 2009 15:52:53 -0400 |
Dan |
Wikitext redirects should work again + get_redirect() added to Namespace_* to allow plugins to extend
|
file |
diff |
annotate
|
| Tue, 05 May 2009 00:10:26 -0400 |
Dan |
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
|
file |
diff |
annotate
|
| Wed, 15 Apr 2009 19:44:47 -0400 |
Dan |
New, beautiful, rethought Admin:Home. No, really, you'll like it.
|
file |
diff |
annotate
|
| Tue, 14 Apr 2009 21:02:13 -0400 |
Dan |
Finished core of log display interface including filter management. There is still a bit of a to-do list, especially regarding rollbacks and reuploads.
|
file |
diff |
annotate
|
| Mon, 13 Apr 2009 14:43:28 -0400 |
Dan |
New page protection UI. Both miniPrompt and failsafe HTML.
|
file |
diff |
annotate
|
| Sat, 11 Apr 2009 22:32:45 -0400 |
Dan |
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
|
file |
diff |
annotate
|
| Sat, 21 Mar 2009 14:33:22 -0400 |
Dan |
Some fixes to paginator (pagination control code moved to separate function)
|
file |
diff |
annotate
|
| Sat, 14 Mar 2009 14:06:02 -0400 |
Dan |
Added support for alternate port numbers on database servers. Also in install-cli, merged in new sysreqs functionality.
|
file |
diff |
annotate
|
| Mon, 02 Mar 2009 16:46:10 -0500 |
Dan |
Redesigned installer sysreqs page to cover more features, be more comprehensive, and look better
|
file |
diff |
annotate
|
| Thu, 26 Feb 2009 01:06:58 -0500 |
Dan |
setConfig() will now delete config values if the second parameter is explicitly set to false
|
file |
diff |
annotate
|
| Mon, 16 Feb 2009 16:17:25 -0500 |
Dan |
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
|
file |
diff |
annotate
|
| Sun, 25 Jan 2009 21:18:05 -0500 |
Dan |
Added (very basic) spam filtering plugin support. Plugins can mark a message as spam by hooking into the spam check API, which is documented in functions.php. No spam checking functionality is built-in.
|
file |
diff |
annotate
|
| Sat, 17 Jan 2009 15:16:36 -0500 |
Dan |
SECURITY: Fix XSS under IE in closing tags (shared sanitizer)
|
file |
diff |
annotate
|
| Sun, 04 Jan 2009 00:55:40 -0500 |
Dan |
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
|
file |
diff |
annotate
|
| Sat, 03 Jan 2009 18:11:18 -0500 |
Dan |
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
|
file |
diff |
annotate
|
| Wed, 31 Dec 2008 08:40:38 -0500 |
Dan |
Redid error handler (it was causing some problems with gzip enabled)
|
file |
diff |
annotate
|
| Sun, 21 Dec 2008 04:26:56 -0500 |
Dan |
Fixed timezone preference setting not fully implemented; added ability for users to select their own rank from a list of possible ranks based on group membership and user level
|
file |
diff |
annotate
|
| Fri, 19 Dec 2008 21:27:51 -0500 |
Dan |
Added support for IPv6 IP ranges... ehh, not easy.
|
file |
diff |
annotate
|
| Sat, 29 Nov 2008 00:20:57 -0500 |
Dan |
Added a new search API that allows much easier registration of search results. Basically you give the engine a table, a few columns to look at, and tell it how to format the results and you're done.
|
file |
diff |
annotate
|
| Sat, 15 Nov 2008 18:23:25 -0500 |
Dan |
Added ability to have alternate main page for members
|
file |
diff |
annotate
|
| Sat, 08 Nov 2008 22:32:43 -0500 |
Dan |
Fixed attempt at gzip compression after headers sent; hopefully safely escape args to scale_image() instead of erroring out
|
file |
diff |
annotate
|
| Sun, 21 Sep 2008 09:01:27 -0400 |
Dan |
Added initial support for DST. Rules are defined in constants.php and are extensible.
|
file |
diff |
annotate
|
| Tue, 16 Sep 2008 08:22:47 -0400 |
Dan |
Fixed IPv6 address match (the one from phpBB3 did not work)
|
file |
diff |
annotate
|
| Mon, 11 Aug 2008 22:31:04 -0400 |
Dan |
Rebranded as 1.1.5 (Caoineag alpha 5) and fixed a couple bugs related to CDN support in template_nodb and installerUI. Updated readme.
|
file |
diff |
annotate
|
| Mon, 28 Jul 2008 13:06:36 -0600 |
Dan |
Fixed improperly set up gzencode() replacement; fixed bad regexp in scale_image() security check
|
file |
diff |
annotate
|
| Wed, 23 Jul 2008 11:02:29 -0500 |
Dan |
Made grinding_halt() exit with status 1 for POSIX compatibility; jscompress.php utility now accepts non-CDN websites
|
file |
diff |
annotate
|
| Wed, 09 Jul 2008 22:40:41 -0400 |
Dan |
Added Gravatar support! And it's really configurable too.
|
file |
diff |
annotate
|
| Wed, 09 Jul 2008 21:04:51 -0400 |
Dan |
Added "default" option for getConfig() and made setConfig() only set if the new value is different
|
file |
diff |
annotate
|
| Wed, 09 Jul 2008 17:47:57 -0400 |
Dan |
Completed work (we hope) on CacheManager admin page
|
file |
diff |
annotate
|
| Wed, 09 Jul 2008 13:20:49 -0400 |
Dan |
Fixed gzip output - no longer depends on ob_gzhandler(), uses gzencode() now with a failsafe available if gzencode() is not available. Public function gzip_output() remains unchanged.
|
file |
diff |
annotate
|
| Mon, 07 Jul 2008 03:52:16 -0400 |
Dan |
Moved enano_safe_array_merge() to functions.php as comment.php depends on it
|
file |
diff |
annotate
|
| Mon, 07 Jul 2008 02:46:44 -0400 |
Dan |
Added purge_all_caches() routine to functions.php. Temporary, will be discarded once the new cache code is implemented
|
file |
diff |
annotate
|
| Wed, 02 Jul 2008 22:15:55 -0400 |
Dan |
More optimization work. Moved special page init functions to common instead of common_post hook. Allowed paths to cache page metadata on filesystem. Phased out the redundancy in $paths->pages that paired a number with every urlname as foreach loops are allowed now (and have been for some time). Fixed missing includes for several functions. Rewrote str_replace_once to be a lot more efficient.
|
file |
diff |
annotate
|
| Wed, 02 Jul 2008 19:36:44 -0400 |
Dan |
Another sweep from the optimization monster.
|
file |
diff |
annotate
|
| Tue, 24 Jun 2008 23:37:23 -0400 |
Dan |
Majorly reworked Javascript runtime stuff to use on-demand loading.
|
file |
diff |
annotate
|
| Sun, 22 Jun 2008 18:13:59 -0400 |
Dan |
Initial progress towards converting auto-completion framework to Spry. Not currently in a very working state.
|
file |
diff |
annotate
|