Dan [Thu, 26 Feb 2009 01:07:32 -0500] rev 843
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan [Thu, 26 Feb 2009 01:06:58 -0500] rev 842
setConfig() will now delete config values if the second parameter is explicitly set to false
Dan [Thu, 26 Feb 2009 01:04:27 -0500] rev 841
HMAC functions are now standards-compliant (not a security issue). This BREAKS 1.1.6-hg passwords!
Dan [Thu, 26 Feb 2009 01:03:22 -0500] rev 840
Added a basic plugin/hook framework for Javascript
Dan [Thu, 26 Feb 2009 01:02:50 -0500] rev 839
[minor] changed heading format in mainpage-default
Dan [Thu, 26 Feb 2009 01:02:33 -0500] rev 838
Fixed default ACLs
Dan [Thu, 26 Feb 2009 01:02:00 -0500] rev 837
Added color specifications on input fields for admin and oxygen
Dan [Wed, 25 Feb 2009 13:39:49 -0500] rev 836
Blah. Wrong type for those getConfig values.
Dan [Wed, 25 Feb 2009 13:38:21 -0500] rev 835
Fixed: no default values in for avatar upload settings
Dan [Mon, 16 Feb 2009 17:12:02 -0500] rev 834
[Oops] removed debug message in install-cli
Dan [Mon, 16 Feb 2009 17:01:56 -0500] rev 833
Damn, forgot to add the version insertion back into schema
Dan [Mon, 16 Feb 2009 16:17:25 -0500] rev 832
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
- Pages are now stored with an extra metadata field called page_format which is "wikitext" or "xhtml"
- New $flags parameter + RENDER_* constants added that control RenderMan::render() behavior
- Several other changes:
* Added a sprite API for Javascript and made editor use sprites when possible
* Removed a number of config options from the default install schema, replaced with second parameter to getConfig() calls
* MessageBox in editor mostly replaced with miniPrompt
* A few bugfixes related to password changes (registration didn't even work)
* Rewrote the bitfield compression algorithm used to serialize allowed MIME types
* Fixed some typos in language files and strings
* Fixed a Text_Wiki bug in Heading parser
Dan [Mon, 16 Feb 2009 16:04:54 -0500] rev 831
Made all page_id and namespace columns consistent
Dan [Mon, 16 Feb 2009 16:04:31 -0500] rev 830
Added Unicode support for usernames and passwords (this is probably best considered a JS crypto bug)
Dan [Mon, 16 Feb 2009 13:01:35 -0500] rev 829
Fixed https urls not allowed in user_extra CPs; fixed nonworking password reset in admin CP
Dan [Mon, 26 Jan 2009 11:45:48 -0500] rev 828
Added a few hooks to Admin:GeneralConfig (didn't I do this already?)
Dan [Sun, 25 Jan 2009 21:21:07 -0500] rev 827
Merging Nighthawk (anti-spam work) and Scribus (AJAX work + debugging + CLI installer) branches
Dan [Sun, 25 Jan 2009 21:20:14 -0500] rev 826
Replaced integer checks that used preg_match() to use ctype_digit() instead
Dan [Sun, 25 Jan 2009 21:18:05 -0500] rev 825
Added (very basic) spam filtering plugin support. Plugins can mark a message as spam by hooking into the spam check API, which is documented in functions.php. No spam checking functionality is built-in.
Dan [Sun, 25 Jan 2009 20:35:32 -0500] rev 824
Login: reauth: window.location.hash is now updated to include the new SID so that page reloads will use it
Dan [Sun, 25 Jan 2009 20:35:06 -0500] rev 823
AJAX core library: possible breaking change, readystatechange functions are now called with the XHR instance as the first parameter, to allow requests to run in parallel. This means much better stability but may break some applets (compatibility hack is included)
Dan [Sun, 25 Jan 2009 20:27:14 -0500] rev 822
Oxygen: synced mint style
Dan [Sun, 25 Jan 2009 20:26:50 -0500] rev 821
PageProcessor: fix not setting page_exists to true after create_page() success (todo: move to Namespace_*?); add $visible parameter to create_page()
Dan [Sun, 25 Jan 2009 20:24:38 -0500] rev 820
Change config.new.php and .htaccess.new to have a single newline according to Fedora project guidelines
Dan [Fri, 23 Jan 2009 22:03:39 -0500] rev 819
Installer: add RewriteBase to .htaccess to work properly under aliased Apache setups (generated 404s in QA)
Dan [Fri, 23 Jan 2009 21:59:03 -0500] rev 818
A few bugfixes in CLI installer related to interactivity
Dan [Sat, 17 Jan 2009 15:16:36 -0500] rev 817
SECURITY: Fix XSS under IE in closing tags (shared sanitizer)
Dan [Fri, 16 Jan 2009 13:14:08 -0500] rev 816
Fixed login form being focused too early (caused page to scroll up)
Dan [Fri, 16 Jan 2009 13:13:37 -0500] rev 815
Deprecated old grab_password_hash() functions in session
Dan [Fri, 16 Jan 2009 13:13:03 -0500] rev 814
Whoops! Fixed an SQL injection vulnerability in the CLI installer. (Not like it's a huge deal because the vulnerability was only introduced last commit and if you make it to that stage you already know the database password)
Dan [Wed, 14 Jan 2009 23:29:14 -0500] rev 813
Added already-installed check to cli-core
Dan [Wed, 14 Jan 2009 20:33:05 -0500] rev 812
Added CLI installer. Supports interactive, command-line, and internal-call installation. Fixed a few bugs related to anti-SQL injection parser and plugin installation.
Dan [Sun, 11 Jan 2009 21:37:49 -0500] rev 811
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan [Sun, 11 Jan 2009 21:37:39 -0500] rev 810
JS core: whiteOutReportSuccess now has a sister whiteOutReportFailure(); both abstracted to function whiteOutDestroyWithImage(whitey, image_url)
Dan [Sun, 11 Jan 2009 21:36:36 -0500] rev 809
DBAL: Fixed issues with die_json() and multiline responses from {mysql,pg_last}_error()
Dan [Sun, 11 Jan 2009 21:35:39 -0500] rev 808
Plugin manager: added support for having specific install and uninstall blocks per DBMS
Dan [Sun, 11 Jan 2009 21:35:03 -0500] rev 807
Special:Administration: fixed 404 on several Tigra tree menu images
Dan [Sun, 11 Jan 2009 21:34:27 -0500] rev 806
jBox: When an anchor in a menu is clicked, menu is now hidden
Dan [Sun, 11 Jan 2009 21:32:24 -0500] rev 805
Fix undefined variable in special namespace missing function handler
Dan [Sun, 11 Jan 2009 21:31:27 -0500] rev 804
If there's an onlineupgrade.php, installer index.php will link to that instead of upgrade.php (future readiness ;))
Dan [Sun, 11 Jan 2009 21:30:46 -0500] rev 803
Fix version number warning in installer common
Dan [Sun, 04 Jan 2009 01:43:16 -0500] rev 802
Upgrades should work now.
Dan [Sun, 04 Jan 2009 00:55:40 -0500] rev 801
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan [Sat, 03 Jan 2009 18:11:18 -0500] rev 800
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan [Sat, 03 Jan 2009 17:54:26 -0500] rev 799
Added a couple of hooks for the registration form.
Dan [Wed, 31 Dec 2008 08:40:38 -0500] rev 798
Redid error handler (it was causing some problems with gzip enabled)
Dan [Wed, 24 Dec 2008 10:04:48 -0500] rev 797
Small speed optimization to admin panel loader
Dan [Wed, 24 Dec 2008 10:04:37 -0500] rev 796
Revamped main page default content
Dan [Wed, 24 Dec 2008 10:04:19 -0500] rev 795
Several thematic enhancements to Oxygen including making the main page title an h1
Dan [Mon, 22 Dec 2008 21:54:30 -0500] rev 794
Added support for re-auth on submit to rank manager when session goes bad; still more to come
Dan [Mon, 22 Dec 2008 21:26:19 -0500] rev 793
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan [Mon, 22 Dec 2008 21:25:14 -0500] rev 792
Updated URLs and strings to point to the new server (ktulu)
Dan [Mon, 22 Dec 2008 18:51:05 -0500] rev 791
Fixed a few bugs with plugin management and importing of old plugin metadata
Dan [Mon, 22 Dec 2008 13:31:07 -0500] rev 790
Added support for upgrades from Ferrishyn
Dan [Mon, 22 Dec 2008 13:30:49 -0500] rev 789
Added paginator_goto() to function reverse map; fixed some missing component loads in pagination code
Dan [Mon, 22 Dec 2008 13:30:00 -0500] rev 788
When will that stupid user -> user_id bug stop REARING ITS UGLY HEAD. DIE! DIE! DIE! DIE! DIE!
Dan [Sun, 21 Dec 2008 22:06:25 -0500] rev 787
Fixed: autocomplete got broken somehow
Dan [Sun, 21 Dec 2008 20:47:32 -0500] rev 786
Unstable alpha release: 1.1.5 (Caoineag alpha 5)
Dan [Sun, 21 Dec 2008 18:02:55 -0500] rev 785
Added ajaxReverseDNS to function-to-script map.
Dan [Sun, 21 Dec 2008 17:56:32 -0500] rev 784
Added spell-checking support for TinyMCE on user request (see: http://forum.enanocms.org/topic/11/)