Tue, 12 Jul 2011 22:15:18 -0400 |
Dan Fuhry |
SECURITY: Fixed XSS in post-login page redirection. Reported by Secunia.
|
file |
diff |
annotate
|
Sat, 29 Jan 2011 15:22:06 -0500 |
Dan Fuhry |
Corrected a link
|
file |
diff |
annotate
|
Tue, 16 Nov 2010 12:10:24 -0500 |
Dan Fuhry |
SECURITY: Fix path disclosure in Special:Captcha
|
file |
diff |
annotate
|
Tue, 21 Sep 2010 14:14:55 -0400 |
Dan Fuhry |
Fixed password field in HTML login not being focused during >USER_LEVEL_MEMBER auth
|
file |
diff |
annotate
|
Sat, 21 Aug 2010 23:29:54 -0400 |
Dan Fuhry |
Fixed some bugs with the change password form when pw_strength_enable is 0.
|
file |
diff |
annotate
|
Fri, 30 Jul 2010 21:32:05 -0400 |
Dan Fuhry |
Improved display of comments from foes, and fixed some general issues with the friend and foe lists
|
file |
diff |
annotate
|
Mon, 26 Jul 2010 20:10:01 -0400 |
Dan |
Improved captcha word generation; fixed duplicate auth parameter in Special:Login privileged login; improved search indexer performance on websites with lots of words
|
file |
diff |
annotate
|
Thu, 01 Jul 2010 18:24:11 -0400 |
Dan Fuhry |
Integrated XSS patch for 1.1.7 maintenance branch
1.1.7-maintenance 1.1.7pl1
|
file |
diff |
annotate
|
Mon, 28 Jun 2010 10:43:04 -0400 |
Dan Fuhry |
SECURITY: Multiple XSS in Special:ChangeStyle. Reported by Mesut Timur of Mavituna Security - thanks! Also removed my stand-in for ucfirst().
|
file |
diff |
annotate
|
Mon, 19 Apr 2010 18:07:43 -0400 |
Dan |
Fixed registration admin override with account_activation set to disable.
|
file |
diff |
annotate
|
Sun, 28 Mar 2010 23:10:46 -0400 |
Dan |
Going ahead with the switch to tabs. This is a major coding standards change! If any unusual parser bugs show up, check this changeset. Converted all .php, .js, .tpl, .css, and .json files and did basic testing.
|
file |
diff |
annotate
|
Wed, 17 Mar 2010 14:21:46 -0400 |
Dan |
Fixed username not being decoded in Special:ActivateAccount
|
file |
diff |
annotate
|
Wed, 06 Jan 2010 02:02:51 -0500 |
Dan |
Fixed some bugs with account activation, especially if you're a half-logged-in vegetable.
|
file |
diff |
annotate
|
Sat, 12 Dec 2009 15:39:36 -0500 |
Dan |
CAPTCHA: Added smart autosubmit for registration page. Usability testing was so-so, may back out later.
|
file |
diff |
annotate
|
Tue, 03 Nov 2009 22:08:48 -0500 |
Dan |
Logins: reorganized data structures a bit. WiP - needs test routine done.
|
file |
diff |
annotate
|
Fri, 25 Sep 2009 14:18:20 -0400 |
Dan |
HTML login: fixed bad submit under IE
|
file |
diff |
annotate
|
Sun, 20 Sep 2009 03:59:36 -0400 |
Dan |
Login: if return-to specified and already logged in, jump to return-to instead of main page.
|
file |
diff |
annotate
|
Fri, 11 Sep 2009 09:54:32 -0400 |
Dan |
Common: renamed global $title to $urlname (it broke the API from non-plugin Enano scripts)
|
file |
diff |
annotate
|
Fri, 21 Aug 2009 20:41:38 -0400 |
Dan |
Sessions: Improved inactive account UX; shuffled around a bit of code so that whitelist checks are shared; fixed a bunch of bugs related to ban code and IPv6 addresses
|
file |
diff |
annotate
|
Thu, 20 Aug 2009 20:01:55 -0400 |
Dan |
Fixed some upgrade bugs; added support for choosing one's own date/time formats; rebrand as 1.1.7
|
file |
diff |
annotate
|
Thu, 02 Jul 2009 09:01:29 -0400 |
Dan |
Login and sessions: fixed some improper handling of the config for lockout logic
|
file |
diff |
annotate
|
Fri, 15 May 2009 19:52:12 -0400 |
Dan |
Added another word to the CAPTCHA blacklist (thanks Neal).
|
file |
diff |
annotate
|
Fri, 15 May 2009 17:24:12 -0400 |
Dan |
Added protection against obscene words in CAPTCHAs
|
file |
diff |
annotate
|
Wed, 13 May 2009 09:43:00 -0400 |
Dan |
Comment UI / Special:Memberlist: UI consistency for Send PM/Add Buddy links in Memberlist and comment display UI
|
file |
diff |
annotate
|
Sun, 10 May 2009 14:44:37 -0400 |
Dan |
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
|
file |
diff |
annotate
|
Tue, 05 May 2009 00:10:26 -0400 |
Dan |
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
|
file |
diff |
annotate
|
Wed, 15 Apr 2009 16:20:33 -0400 |
Dan |
File rollbacks should be all up to date now.
|
file |
diff |
annotate
|
Tue, 14 Apr 2009 21:02:13 -0400 |
Dan |
Finished core of log display interface including filter management. There is still a bit of a to-do list, especially regarding rollbacks and reuploads.
|
file |
diff |
annotate
|
Mon, 13 Apr 2009 17:28:24 -0400 |
Dan |
Memberlist now shows rank instead of user level in "Title" column. (thanks mm3)
|
file |
diff |
annotate
|
Mon, 13 Apr 2009 16:57:20 -0400 |
Dan |
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
|
file |
diff |
annotate
|
Thu, 26 Feb 2009 01:27:56 -0500 |
Dan |
Set password in userinfo to allow auth plugins to see it (some really do need it)
|
file |
diff |
annotate
|
Thu, 26 Feb 2009 01:07:32 -0500 |
Dan |
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
|
file |
diff |
annotate
|
Mon, 16 Feb 2009 16:17:25 -0500 |
Dan |
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
|
file |
diff |
annotate
|
Sun, 04 Jan 2009 00:55:40 -0500 |
Dan |
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
|
file |
diff |
annotate
|
Sat, 03 Jan 2009 17:54:26 -0500 |
Dan |
Added a couple of hooks for the registration form.
|
file |
diff |
annotate
|
Sun, 21 Dec 2008 17:25:28 -0500 |
Dan |
Corrected a few issues with languages and client-side code
|
file |
diff |
annotate
|
Wed, 19 Nov 2008 11:37:10 -0500 |
Dan |
Fixed: Special:Memberlist still used SpryEffects
|
file |
diff |
annotate
|
Sat, 15 Nov 2008 18:23:25 -0500 |
Dan |
Added ability to have alternate main page for members
|
file |
diff |
annotate
|
Thu, 21 Aug 2008 11:24:56 -0400 |
Dan |
Autocomplete further stabilized. Made Special:PasswordReset and Special:Register prevent use if logged in.
|
file |
diff |
annotate
|
Tue, 12 Aug 2008 00:06:35 -0400 |
Dan |
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
|
file |
diff |
annotate
|
Mon, 11 Aug 2008 22:31:04 -0400 |
Dan |
Rebranded as 1.1.5 (Caoineag alpha 5) and fixed a couple bugs related to CDN support in template_nodb and installerUI. Updated readme.
|
file |
diff |
annotate
|
Mon, 11 Aug 2008 21:43:04 -0400 |
Dan |
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
|
file |
diff |
annotate
|
Wed, 09 Jul 2008 22:40:41 -0400 |
Dan |
Added Gravatar support! And it's really configurable too.
|
file |
diff |
annotate
|
Wed, 09 Jul 2008 18:02:32 -0400 |
Dan |
Got user registration working with the new componentized JS framework
|
file |
diff |
annotate
|
Mon, 07 Jul 2008 02:49:54 -0400 |
Dan |
Fixed missing require() on math.php in SpecialUserFuncs
|
file |
diff |
annotate
|
Wed, 02 Jul 2008 22:15:55 -0400 |
Dan |
More optimization work. Moved special page init functions to common instead of common_post hook. Allowed paths to cache page metadata on filesystem. Phased out the redundancy in $paths->pages that paired a number with every urlname as foreach loops are allowed now (and have been for some time). Fixed missing includes for several functions. Rewrote str_replace_once to be a lot more efficient.
|
file |
diff |
annotate
|
Mon, 30 Jun 2008 17:22:29 -0400 |
Dan |
Made $session->private_key protected and added pk_{en,de}crypt methods for encrypting and decrypting data using the private key
|
file |
diff |
annotate
|
Mon, 30 Jun 2008 17:20:02 -0400 |
Dan |
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
|
file |
diff |
annotate
|
Thu, 26 Jun 2008 18:03:04 -0400 |
Dan |
Made encryption work in form-based logon again; modified load_component() to fetch compressed versions when possible
|
file |
diff |
annotate
|
Sun, 15 Jun 2008 01:30:00 -0400 |
Dan |
Renamed some functions (that were new in this release anyway) due to compatibility broken with PunBB bridge
|
file |
diff |
annotate
|
Sat, 07 Jun 2008 12:46:18 -0400 |
Dan |
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
|
file |
diff |
annotate
|
Fri, 16 May 2008 12:22:26 -0400 |
Dan |
Added user preference for disabling visual effects in Javascript applets; added re-import button to installed plugins
|
file |
diff |
annotate
|
Mon, 05 May 2008 20:06:37 -0400 |
Dan |
Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
|
file |
diff |
annotate
|
Sun, 04 May 2008 21:57:48 -0400 |
Dan |
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
|
file |
diff |
annotate
|
Mon, 14 Apr 2008 12:13:12 -0400 |
Dan |
Rebrand as 1.1.4 (Caoineag alpha 4)
|
file |
diff |
annotate
|
Tue, 08 Apr 2008 20:32:30 -0400 |
Dan |
Merging nighthawk and scribus branches
|
file |
diff |
annotate
|
Tue, 08 Apr 2008 20:30:05 -0400 |
Dan |
Implemented the password-reset redirect _properly_ instead of the hackish direct header() call in sessions.php
|
file |
diff |
annotate
|
Sun, 06 Apr 2008 15:30:39 -0400 |
Dan |
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
|
file |
diff |
annotate
|
Tue, 01 Apr 2008 01:26:22 -0400 |
Dan |
Fixed bad captcha refresh code on registration page
|
file |
diff |
annotate
|
Tue, 18 Mar 2008 14:32:40 -0400 |
Dan |
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
|
file |
diff |
annotate
|
Sun, 16 Mar 2008 16:06:59 -0400 |
Dan |
Added support for embedding language data into plugins; updated all version numbers on plugin files
|
file |
diff |
annotate
|
Sun, 02 Mar 2008 19:32:19 -0500 |
Dan |
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
|
file |
diff |
annotate
|
Sun, 24 Feb 2008 12:50:52 -0500 |
Dan |
Upgraded tinyMCE to 3.0.1 in hopes of fixing IE race conditions. Fixed a couple minor syntax errors in Javascript objects declared in various places.
|
file |
diff |
annotate
|
Fri, 22 Feb 2008 12:51:53 -0500 |
Dan |
Merging fixes and updates from stable branch
|
file |
diff |
annotate
|
Fri, 01 Feb 2008 22:31:57 -0500 |
Dan |
Made all captcha fields case-insensitive (thanks pkeating)
|
file |
diff |
annotate
|
Sun, 20 Jan 2008 23:18:03 -0500 |
Dan |
Fixed broken regenCaptcha() in Special:Register
|
file |
diff |
annotate
|
Wed, 20 Feb 2008 14:38:39 -0500 |
Dan |
Added support for Diffie-Hellman key exchange during login. w00t!
|
file |
diff |
annotate
|
Mon, 18 Feb 2008 16:27:28 -0500 |
Dan |
Started (but disabled) work on the new theme manager, 1.1.2 is being released with this thing halfway done.
|
file |
diff |
annotate
|
Tue, 12 Feb 2008 00:42:29 -0500 |
Dan |
Added "is_draft != 1" where appropriate in SQL queries to prevent drafts from being treated as real revisions.
|
file |
diff |
annotate
|
Mon, 11 Feb 2008 14:33:31 -0500 |
Dan |
Rebrand as 1.1.2; made upgrade framework functional
|
file |
diff |
annotate
|
Sun, 10 Feb 2008 19:35:06 -0500 |
Dan |
Mass-fixed all AJAX functions to also check the HTTP status code before parsing the response
|
file |
diff |
annotate
|
Thu, 07 Feb 2008 15:45:44 -0500 |
Dan |
Made the form validation icons (check/X/?) more visually appealing. IE-friendliness is still on the TODO list.
|
file |
diff |
annotate
|
Wed, 06 Feb 2008 19:27:43 -0500 |
Dan |
Fixed some captcha bugs and made all captcha fields case-insensitive
|
file |
diff |
annotate
|
Wed, 06 Feb 2008 18:41:47 -0500 |
Dan |
Implemented a new CAPTCHA API; the frontend ($session->{make,get}_captcha) is API-compatible but the backend (the captcha class) is deprecated.
|
file |
diff |
annotate
|
Tue, 29 Jan 2008 16:19:51 -0500 |
Dan |
Rebranded source code as 1.1.1; added TinyMCE ACL rule as per Vadi's request: http://forum.enanocms.org/viewtopic.php?f=7&t=54
|
file |
diff |
annotate
|
Sat, 26 Jan 2008 15:42:32 -0500 |
Dan |
Removed stray debugging info from ACL editor success notification; added ability for guests to set language on URI (?lang=eng); added html_in_pages ACL type and separated from php_in_pages so HTML can be embedded but not PHP; rewote portions of the path manager to better abstract URL input; added Zend Framework into list of BSD-licensed libraries; localized some remaining strings; got the migration script working, but just barely; fixed display bug in Special:Contributions; localized Main Page button in admin panel
|
file |
diff |
annotate
|
Thu, 24 Jan 2008 22:06:09 -0500 |
Dan |
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
|
file |
diff |
annotate
|
Wed, 23 Jan 2008 12:48:22 -0500 |
Dan |
Improved compatibility with PostgreSQL and fixed a number of installer bugs; fixed missing "meta" category declaration in language files
|
file |
diff |
annotate
|
Mon, 21 Jan 2008 10:09:48 -0500 |
Dan |
Implemented IP logging for comments and registration
|
file |
diff |
annotate
|
Wed, 16 Jan 2008 13:55:49 -0500 |
Dan |
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
|
file |
diff |
annotate
|
Thu, 03 Jan 2008 00:53:33 -0500 |
Dan |
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
|
file |
diff |
annotate
|
Sun, 30 Dec 2007 01:13:24 -0500 |
Dan |
Localized the first parts of the admin panel. As a consequence, also wrote a brand new Admin:PageManager that doesn't suck like the old one did.
|
file |
diff |
annotate
|
Fri, 28 Dec 2007 16:52:03 -0500 |
Dan |
Finished localization of SpecialUserFuncs
|
file |
diff |
annotate
|
Thu, 27 Dec 2007 22:09:33 -0500 |
Dan |
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
|
file |
diff |
annotate
|
Wed, 26 Dec 2007 00:37:26 -0500 |
Dan |
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
|
file |
diff |
annotate
|
Wed, 19 Dec 2007 22:55:40 -0500 |
Dan |
Redid merge, the previous one had a few problems
|
file |
diff |
annotate
|
Tue, 18 Dec 2007 23:47:33 -0500 |
Dan |
Merging in a few stray changes from the MySQL branch
|
file |
diff |
annotate
|
Tue, 18 Dec 2007 23:44:55 -0500 |
Dan |
Many changes. Installer with PostgreSQL is broken badly and will be for some time.
|
file |
diff |
annotate
|
Sat, 15 Dec 2007 18:11:59 -0500 |
Dan |
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
|
file |
diff |
annotate
|
Wed, 12 Dec 2007 21:37:23 -0500 |
Dan |
Rebrand as 1.0.3 (Dyrad)
|
file |
diff |
annotate
|
Sun, 02 Dec 2007 16:00:10 -0500 |
Dan |
Merging in the newly stable Coblynau
|
file |
diff |
annotate
|
Sun, 25 Nov 2007 17:53:03 -0500 |
Dan |
Fixed highlighting in search results; changed search algorithm to give more score for terms found in page title; hopefully (hackishly) fixed login_key_cache getting too long
|
file |
diff |
annotate
|
Sat, 24 Nov 2007 00:53:23 -0500 |
Dan |
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
|
file |
diff |
annotate
|
Sun, 18 Nov 2007 20:37:08 -0500 |
Dan |
Merging in fixes and updates from stable
|
file |
diff |
annotate
|
Sun, 18 Nov 2007 18:44:55 -0500 |
Dan |
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
|
file |
diff |
annotate
|
Sat, 17 Nov 2007 22:25:37 -0500 |
Dan |
Merging in fixes from stable
|
file |
diff |
annotate
|
Sat, 17 Nov 2007 20:31:01 -0500 |
Dan |
Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
|
file |
diff |
annotate
|
Sat, 03 Nov 2007 07:30:11 -0400 |
Dan |
Merging in fixes from rev. 207
|
file |
diff |
annotate
|
Fri, 02 Nov 2007 20:37:26 -0400 |
Dan |
Localized a good part, if not all, of the registration page and a couple other things.
|
file |
diff |
annotate
|
Sun, 28 Oct 2007 16:40:24 -0400 |
Dan |
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
|
file |
diff |
annotate
|
Sun, 28 Oct 2007 14:32:13 -0400 |
Dan |
Login page mostly localized
|
file |
diff |
annotate
|
Wed, 24 Oct 2007 12:45:05 -0400 |
Dan |
Merging in fixes from stable
|
file |
diff |
annotate
|
Sat, 20 Oct 2007 21:44:13 -0400 |
Dan |
Merging in changes from stable
|
file |
diff |
annotate
|
Sat, 20 Oct 2007 11:11:40 -0400 |
Dan |
Implemented cron image into Oxygen and St Patty as promised; fixed way-outdated version numbers in plugins
|
file |
diff |
annotate
|
Sun, 07 Oct 2007 22:06:15 -0400 |
Dan |
Fixed the security hole (really, I'm a moron - used $failed > $threshold instead of $failed >= $threashold) and patched up some...erm... math issues
|
file |
diff |
annotate
|
Sun, 07 Oct 2007 21:28:36 -0400 |
Dan |
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
|
file |
diff |
annotate
|
Tue, 18 Sep 2007 00:30:43 -0400 |
Dan |
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
|
file |
diff |
annotate
|
Sat, 08 Sep 2007 14:04:15 -0400 |
Dan |
Merging Nighthawk and Scribus repositories
|
file |
diff |
annotate
|
Sat, 08 Sep 2007 14:02:19 -0400 |
Dan |
Fixed some rather major bugs in the registration system, this will need a release followup
|
file |
diff |
annotate
|
Fri, 07 Sep 2007 16:27:40 -0400 |
Dan |
Merging Scribus and Nighthawk repositories
|
file |
diff |
annotate
|
Thu, 06 Sep 2007 23:03:51 -0400 |
Dan |
Made most special pages "visible"; fixup for non-existent special page redirect in paths.php; rewrote Special:AllPages to have pagination (WiP, Special:SpecialPages is possibly next, depending on whether paginate_array works or not)
|
file |
diff |
annotate
|
Tue, 04 Sep 2007 12:52:23 -0400 |
Dan |
Fixed the obnoxious issue with forms using GET and index.php?title=Foo URL scheme (this works a whole lot better than MediaWiki now
|
file |
diff |
annotate
|