2010-06-28 |
Dan Fuhry |
SECURITY: Multiple XSS in Special:ChangeStyle. Reported by Mesut Timur of Mavituna Security - thanks! Also removed my stand-in for ucfirst().
|
file |
diff |
annotate
|
2010-06-03 |
Dan |
Rewrote category editor. This breaks the JSON API. Also fixed a few bugs with how Wiki Mode is set in $paths. (Hopefully that doesn't cause infinite loops, heh). Fixes issue 20.
|
file |
diff |
annotate
|
2010-04-17 |
Dan |
Made separate methods in sessionManager for static and non-static generate_aes_form(), because PHP (erroneously) always calls that method statically.
|
file |
diff |
annotate
|
2010-04-06 |
Dan |
Added Diffie-Hellman crypto support into the installer. Fixes issue 13.
|
file |
diff |
annotate
|
2010-03-30 |
Dan |
Added selection and popup for <pre> tags within wikitext. Also fixed more bugs found in the HTML paragraph parser (mostly self-closing tags e.g. <hr />).
|
file |
diff |
annotate
|
2010-03-29 |
Dan |
Going ahead with the switch to tabs. This is a major coding standards change! If any unusual parser bugs show up, check this changeset. Converted all .php, .js, .tpl, .css, and .json files and did basic testing.
|
file |
diff |
annotate
|
2010-02-01 |
Dan |
Fixed more places where author_uid wasn't right.
|
file |
diff |
annotate
|
2010-01-10 |
Dan |
Fixed author_uid in activation request insertion
|
file |
diff |
annotate
|
2010-01-06 |
Dan |
Fixed some bugs with account activation, especially if you're a half-logged-in vegetable.
|
file |
diff |
annotate
|
2010-01-06 |
Dan |
Sessions: fixed on_critical_page(), it referenced the wrong global; enabled better extensible behavior in the account_active column
|
file |
diff |
annotate
|
2009-12-19 |
Dan |
AJAX login: Fixed error box failure to destroy upon cancel. Fixes issue 8.
|
file |
diff |
annotate
|
2009-12-19 |
Dan |
Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
|
file |
diff |
annotate
|
2009-12-18 |
Dan |
Comments (AJAX): Now paginated server side. Fixes issue 2.
|
file |
diff |
annotate
|
2009-12-17 |
Dan |
ACP: Added lockout management feature
|
file |
diff |
annotate
|
2009-12-12 |
Dan |
Re-merge changes from a2hosting dev
|
file |
diff |
annotate
|
2009-12-12 |
Dan |
CAPTCHA: Added smart autosubmit for registration page. Usability testing was so-so, may back out later.
|
file |
diff |
annotate
|
2009-12-11 |
Dan |
A couple fixes to permission out-of-scope errors.
|
file |
diff |
annotate
|
2009-12-07 |
Dan |
Sessions: Made acl_check_deps() verify scope, so that all of an action's dependencies must apply to the namespace of the given action.
|
file |
diff |
annotate
|
2009-12-07 |
Dan |
PostgreSQL: Fixed $session->create_user()
|
file |
diff |
annotate
|
2009-11-04 |
Dan |
Logins: reorganized data structures a bit. WiP - needs test routine done.
|
file |
diff |
annotate
|
2009-08-22 |
Dan |
Sessions: Improved inactive account UX; shuffled around a bit of code so that whitelist checks are shared; fixed a bunch of bugs related to ban code and IPv6 addresses
|
file |
diff |
annotate
|
2009-08-21 |
Dan |
User ACP: redirect to Special:Login on own account deletion
|
file |
diff |
annotate
|
2009-08-21 |
Dan |
Sessions: whoops, left a debug message in by accident, broke a few redirects
|
file |
diff |
annotate
|
2009-08-21 |
Dan |
Fixed some upgrade bugs; added support for choosing one's own date/time formats; rebrand as 1.1.7
|
file |
diff |
annotate
|
2009-08-11 |
Dan |
Added ability for authentication plugins to modify session keys (to allow invalidation when their own authentication data is changed) as well as the ability to disable the built-in password change facility
|
file |
diff |
annotate
|
2009-08-03 |
Dan |
Sessions: fixed logout() destroying normal session (instead of elevated) if $level = USER_LEVEL_CHPREF. Possible very minor security concern: elevated sessions were not fully destroyed, so if a normal session is opened from the same IP, the elevated one may be reusable for 15 minutes.
|
file |
diff |
annotate
|
2009-07-31 |
Dan |
Merged development from Scribus and Charlie
|
file |
diff |
annotate
|
2009-07-17 |
Dan |
AJAX Login: Fixed all known issues with lockout (and some unknown ones)
|
file |
diff |
annotate
|
2009-07-29 |
Dan |
Fixed logins with usernames containing Unicode characters
|
file |
diff |
annotate
|
2009-07-02 |
Dan |
Login and sessions: fixed some improper handling of the config for lockout logic
|
file |
diff |
annotate
|
2009-06-21 |
Dan |
AJAX login: fixed improper run of login_submit_early; fixed failure to redirect if main_page_members == current page
|
file |
diff |
annotate
|
2009-05-22 |
Dan |
Sped up AJAX de-auth a little; added a little extra info to login_success JSON responses
|
file |
diff |
annotate
|
2009-05-15 |
Dan |
Fixed undefined indices for user_extra in various places
|
file |
diff |
annotate
|
2009-05-05 |
Dan |
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
|
file |
diff |
annotate
|
2009-04-19 |
Dan |
Upgrader: UX: Added welcome page, different between Caoineag and Banshee
|
file |
diff |
annotate
|
2009-04-15 |
Dan |
New, beautiful, rethought Admin:Home. No, really, you'll like it.
|
file |
diff |
annotate
|
2009-04-11 |
Dan |
session: login_process_userdata_json hook should work with more than one installed auth plugin now
|
file |
diff |
annotate
|
2009-04-05 |
Dan |
Session: additional metadata passed back from auth plugins is passed through to client for optional further parsing
|
file |
diff |
annotate
|
2009-03-14 |
Dan |
Added support for alternate port numbers on database servers. Also in install-cli, merged in new sysreqs functionality.
|
file |
diff |
annotate
|
2009-02-26 |
Dan |
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
|
file |
diff |
annotate
|
2009-02-16 |
Dan |
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
|
file |
diff |
annotate
|
2009-01-26 |
Dan |
Replaced integer checks that used preg_match() to use ctype_digit() instead
|
file |
diff |
annotate
|
2009-01-16 |
Dan |
Deprecated old grab_password_hash() functions in session
|
file |
diff |
annotate
|
2009-01-12 |
Dan |
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
|
file |
diff |
annotate
|
2009-01-04 |
Dan |
Upgrades should work now.
|
file |
diff |
annotate
|
2009-01-04 |
Dan |
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
|
file |
diff |
annotate
|
2008-12-21 |
Dan |
Corrected a few issues with languages and client-side code
|
file |
diff |
annotate
|
2008-12-21 |
Dan |
Fixed a couple PostgreSQL bugs.
|
file |
diff |
annotate
|
2008-12-21 |
Dan |
Fixed timezone preference setting not fully implemented; added ability for users to select their own rank from a list of possible ranks based on group membership and user level
|
file |
diff |
annotate
|
2008-11-21 |
Dan |
Added dependency checking in ACL tracer
|
file |
diff |
annotate
|
2008-11-09 |
Dan |
Merging with upstream
|
file |
diff |
annotate
|
2008-11-03 |
Dan |
Fixed error-out when DiffieHellman not supported and respawn requested (part of OS X QA process)
|
file |
diff |
annotate
|
2008-11-09 |
Dan |
Added config option to grant userpage rights to new users (defaults to on, as it was hardcoded on before)
|
file |
diff |
annotate
|
2008-11-09 |
Dan |
Fixed DiffieHellman being included twice when not supported and login fails
|
file |
diff |
annotate
|
2008-09-21 |
Dan |
Added initial support for DST. Rules are defined in constants.php and are extensible.
|
file |
diff |
annotate
|
2008-08-20 |
Dan |
Made upgrades from 1.1.4 -> 1.1.5 work if keyhash is not present
|
file |
diff |
annotate
|
2008-08-13 |
Dan |
Made login forms that use $session->aes_javascript() use new whiteOutForm() function
|
file |
diff |
annotate
|
2008-08-12 |
Dan |
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
|
file |
diff |
annotate
|
2008-08-12 |
Dan |
Rebranded as 1.1.5 (Caoineag alpha 5) and fixed a couple bugs related to CDN support in template_nodb and installerUI. Updated readme.
|
file |
diff |
annotate
|
2008-07-12 |
Dan |
Added Gravatar support in UserManager in admin panel
|
file |
diff |
annotate
|