Dan [Thu, 26 Feb 2009 01:02:33 -0500] rev 838
Fixed default ACLs
Dan [Thu, 26 Feb 2009 01:02:00 -0500] rev 837
Added color specifications on input fields for admin and oxygen
Dan [Wed, 25 Feb 2009 13:39:49 -0500] rev 836
Blah. Wrong type for those getConfig values.
Dan [Wed, 25 Feb 2009 13:38:21 -0500] rev 835
Fixed: no default values in for avatar upload settings
Dan [Mon, 16 Feb 2009 17:12:02 -0500] rev 834
[Oops] removed debug message in install-cli
Dan [Mon, 16 Feb 2009 17:01:56 -0500] rev 833
Damn, forgot to add the version insertion back into schema
Dan [Mon, 16 Feb 2009 16:17:25 -0500] rev 832
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
- Pages are now stored with an extra metadata field called page_format which is "wikitext" or "xhtml"
- New $flags parameter + RENDER_* constants added that control RenderMan::render() behavior
- Several other changes:
* Added a sprite API for Javascript and made editor use sprites when possible
* Removed a number of config options from the default install schema, replaced with second parameter to getConfig() calls
* MessageBox in editor mostly replaced with miniPrompt
* A few bugfixes related to password changes (registration didn't even work)
* Rewrote the bitfield compression algorithm used to serialize allowed MIME types
* Fixed some typos in language files and strings
* Fixed a Text_Wiki bug in Heading parser
Dan [Mon, 16 Feb 2009 16:04:54 -0500] rev 831
Made all page_id and namespace columns consistent
Dan [Mon, 16 Feb 2009 16:04:31 -0500] rev 830
Added Unicode support for usernames and passwords (this is probably best considered a JS crypto bug)
Dan [Mon, 16 Feb 2009 13:01:35 -0500] rev 829
Fixed https urls not allowed in user_extra CPs; fixed nonworking password reset in admin CP
Dan [Mon, 26 Jan 2009 11:45:48 -0500] rev 828
Added a few hooks to Admin:GeneralConfig (didn't I do this already?)
Dan [Sun, 25 Jan 2009 21:21:07 -0500] rev 827
Merging Nighthawk (anti-spam work) and Scribus (AJAX work + debugging + CLI installer) branches
Dan [Sun, 25 Jan 2009 21:20:14 -0500] rev 826
Replaced integer checks that used preg_match() to use ctype_digit() instead
Dan [Sun, 25 Jan 2009 21:18:05 -0500] rev 825
Added (very basic) spam filtering plugin support. Plugins can mark a message as spam by hooking into the spam check API, which is documented in functions.php. No spam checking functionality is built-in.
Dan [Sun, 25 Jan 2009 20:35:32 -0500] rev 824
Login: reauth: window.location.hash is now updated to include the new SID so that page reloads will use it
Dan [Sun, 25 Jan 2009 20:35:06 -0500] rev 823
AJAX core library: possible breaking change, readystatechange functions are now called with the XHR instance as the first parameter, to allow requests to run in parallel. This means much better stability but may break some applets (compatibility hack is included)
Dan [Sun, 25 Jan 2009 20:27:14 -0500] rev 822
Oxygen: synced mint style
Dan [Sun, 25 Jan 2009 20:26:50 -0500] rev 821
PageProcessor: fix not setting page_exists to true after create_page() success (todo: move to Namespace_*?); add $visible parameter to create_page()
Dan [Sun, 25 Jan 2009 20:24:38 -0500] rev 820
Change config.new.php and .htaccess.new to have a single newline according to Fedora project guidelines
Dan [Fri, 23 Jan 2009 22:03:39 -0500] rev 819
Installer: add RewriteBase to .htaccess to work properly under aliased Apache setups (generated 404s in QA)
Dan [Fri, 23 Jan 2009 21:59:03 -0500] rev 818
A few bugfixes in CLI installer related to interactivity
Dan [Sat, 17 Jan 2009 15:16:36 -0500] rev 817
SECURITY: Fix XSS under IE in closing tags (shared sanitizer)
Dan [Fri, 16 Jan 2009 13:14:08 -0500] rev 816
Fixed login form being focused too early (caused page to scroll up)
Dan [Fri, 16 Jan 2009 13:13:37 -0500] rev 815
Deprecated old grab_password_hash() functions in session
Dan [Fri, 16 Jan 2009 13:13:03 -0500] rev 814
Whoops! Fixed an SQL injection vulnerability in the CLI installer. (Not like it's a huge deal because the vulnerability was only introduced last commit and if you make it to that stage you already know the database password)
Dan [Wed, 14 Jan 2009 23:29:14 -0500] rev 813
Added already-installed check to cli-core
Dan [Wed, 14 Jan 2009 20:33:05 -0500] rev 812
Added CLI installer. Supports interactive, command-line, and internal-call installation. Fixed a few bugs related to anti-SQL injection parser and plugin installation.
Dan [Sun, 11 Jan 2009 21:37:49 -0500] rev 811
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan [Sun, 11 Jan 2009 21:37:39 -0500] rev 810
JS core: whiteOutReportSuccess now has a sister whiteOutReportFailure(); both abstracted to function whiteOutDestroyWithImage(whitey, image_url)
Dan [Sun, 11 Jan 2009 21:36:36 -0500] rev 809
DBAL: Fixed issues with die_json() and multiline responses from {mysql,pg_last}_error()
Dan [Sun, 11 Jan 2009 21:35:39 -0500] rev 808
Plugin manager: added support for having specific install and uninstall blocks per DBMS
Dan [Sun, 11 Jan 2009 21:35:03 -0500] rev 807
Special:Administration: fixed 404 on several Tigra tree menu images