includes/template.php
2011-09-04 Dan Fuhry SECURITY: Various security enhancements to password resets. They are now rate-limited by username and IP, and it is possible to disable username autofill for guests.
2011-06-02 Dan Fuhry Removed TinyMCE.
2010-09-19 Dan Fuhry Hide the "Create an account" button if registration is disabled (Enanium only, but there is a template boolean called "registration_disabled" so other themes can use it too)
2010-07-30 Dan Moved sidebar editor into the admin CP. Icon still needs to be added, no Internet right now to go find one. Also fixed a few template related things.
2010-03-29 Dan Going ahead with the switch to tabs. This is a major coding standards change! If any unusual parser bugs show up, check this changeset. Converted all .php, .js, .tpl, .css, and .json files and did basic testing.
2010-02-08 Dan Fixed unescaped ampersands in "&enano_version" cache breaking
2010-01-05 Dan Fixed ENANO_VERSION under databaseless template class
2009-12-27 Dan All javascript and css requests now append the version number to the URL to break browser caches and prevent from having to clear the cache upon upgrade
2009-12-21 Dan Fixed two "declaration should be compatible" errors encountered by the BitNami folks. Thanks Neal for reporting.
2009-12-18 Dan Comments (AJAX): Now paginated server side. Fixes issue 2.
2009-11-04 Dan Logins: reorganized data structures a bit. WiP - needs test routine done.
2009-08-22 Dan Sessions: Improved inactive account UX; shuffled around a bit of code so that whitelist checks are shared; fixed a bunch of bugs related to ban code and IPv6 addresses
2009-08-21 Dan Fixed some upgrade bugs; added support for choosing one's own date/time formats; rebrand as 1.1.7
2009-08-04 Dan Fixed some "declaration should be compatible" errors that showed up under WinXP QA
2009-07-31 Dan Merged development from Scribus and Charlie
2009-07-18 Dan Editor: completely moved wiki edit notice to AJAX fetch, so it's not shipped with the page anymore.
2009-07-18 Dan Fixed some formatter engine errors that were exposed through the wiki edit notice
2009-07-29 Dan Tweaked URL sanitizing a bit to make Enanium work better.
2009-07-29 Dan Added method add_header_js() to template to allow insertion of code to be run immediately after JS init
2009-07-12 Dan One word: Internet Explorer 6. This includes a rewrite of $paths->parseAdminTree() that encodes to JSON instead of manually generating JS, so good-bye to stupid parser problems I hope.
2009-07-09 Dan OK, JS preloading on a CDN works perfectly now. I'm sure of it.
2009-07-09 Dan Fixed inconsistency in JS component load order between CDN sites and non-CDN sites
2009-07-09 Dan Fixed a series of infinite loops with preloading components and placeholders
2009-07-08 Dan Template: minor: documented sidebar_widget()
2009-06-16 Dan Added support for preloading javascript libs ($template->preload_js()). Updated admin theme and Tigra Tree Menu to support this + JS_{HEADER,FOOTER} variables.
2009-05-27 Dan Class "currentpage" is now added to all internal links, including sidebar buttons, if the link points to the current page.
2009-05-14 Dan A few safety changes to tolerate no $session when it's not available
2009-05-13 Dan Render / Template: No longer does exist checks for wikilinks on sidebar
2009-05-10 Dan Fixed a couple bugs with protection UI; fixed stray <enano:no-opt> in Special:CSS (do people still use that?)
2009-05-05 Dan Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
2009-04-17 Dan Made handling of $perms being non-object work properly in template
2009-04-17 Dan Cleared up a few discrepancies in page handling, template var init, and how NewsBoy works.
2009-04-15 Dan New, beautiful, rethought Admin:Home. No, really, you'll like it.
2009-04-13 Dan New page protection UI. Both miniPrompt and failsafe HTML.
2009-04-05 Dan Oxygen (and general): cleaned up sidebar CSS, wikitext blocks are now sent through alternate block
2009-03-15 Dan New template feature: template hooks (<!-- HOOK foo -->)
2009-03-06 Dan template: added ability for themes to hide user, tools, and search sidebar blocks
2009-03-02 Dan Template: addslashes() around wiki_edit_notice_text (whoops)
2009-02-26 Dan Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
2009-02-16 Dan Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
2009-01-26 Dan Added (very basic) spam filtering plugin support. Plugins can mark a message as spam by hooking into the spam check API, which is documented in functions.php. No spam checking functionality is built-in.
2009-01-04 Dan Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
2008-12-31 Dan Redid error handler (it was causing some problems with gzip enabled)
2008-12-20 Dan template: Fixed undefined $from_internal in assign_bool(); theme.cfg now require()d on theme load
2008-12-03 Dan External links in sidebar now work with manual port numbers and IPv6 addresses
2008-11-15 Dan Added ability to have alternate main page for members
2008-11-09 Dan Made defectivebydesign.org image local
2008-11-09 Dan [minor] $template->footer() no longer flushes output buffers, due to headers being sent prematurely
2008-08-24 Dan Rewrote sidebar compilation code, caching is more stable now and things were cleaned up/separated into more functions/made plugin-expandable. In theory, plugins can add new sidebar block types now. I'd personally like to see a fully plugin-based sidebar editor that completely overhauls what Enano has now sometime now that this framework is in place.
2008-08-23 Dan More work on auto-completion - it auto-scrolls now and limits result divs to 300px height
2008-08-21 Dan Autocomplete further stabilized. Made Special:PasswordReset and Special:Register prevent use if logged in.
2008-08-21 Dan Removed Adobe Spry and replaced with jQuery. Please report any new bugs on the forums or via IRC. In a related note, auto-completion should work now at least for usernames. Still hacking away at page name completion...
2008-08-13 Dan Changed namespace properties (including core identifier) for external pages that load the Enano API to be a uniform "API" namespace and "SystemAPI:" prefix.
2008-08-13 Dan Fixed missing "print page" link in printable theme
2008-08-12 Dan Rebranded as 1.1.5 (Caoineag alpha 5) and fixed a couple bugs related to CDN support in template_nodb and installerUI. Updated readme.
2008-08-11 Dan Improved miniPrompt and fadefilter to properly overlap parent modal windows. MessageBox() is next. Fixed pref_disable_js_fx not working due to wrong type (number instead of boolean).
2008-08-05 Dan Fixed tooltip in Powered By Enano button on the sidebar. It called $lang->get() without checking to see if languages were initted yet.
2008-07-28 Dan Fixed undefined REQUEST_URI/HTTP_HOST in ENANO_CLI mode in template var init
2008-07-22 Dan Fixed unused $admintitle variable in $template->fading_button code generation; fixed missing CDNPATH, JS_HEADER, and JS_FOOTER in template_nodb; localized onpage_lbl_page_external
2008-07-20 Dan Added CDN support: a URL to a CDN can now be specified and Enano will load all images, CSS, and javascript (except TinyMCE) from that server
2008-07-09 Dan Fixed lack of str_replace() to runtime-patch cache_anon_sidebar
2008-07-07 Dan First stab at cache management backend. Everything seems to have been tested and working so far, but a number of things require a more specialized cache and can't go through the framework (e.g. user ranks which use references to map usernames to user IDs)
2008-07-07 Dan Added the theme_is_<themeid> template boolean value to allow conditional template code depending on theme ID (in shared templates, sidebar blocks, etc.)
2008-07-07 Dan Added ability to hide or show sidebar blocks based on a {restrict} or {hideif} conditional in the sidebar script
2008-07-03 Dan A little more optimization work, client-side this time. I lied, no librijnadel2 here, but it's about to be merged in...
2008-07-03 Dan More optimization work. Moved special page init functions to common instead of common_post hook. Allowed paths to cache page metadata on filesystem. Phased out the redundancy in $paths->pages that paired a number with every urlname as foreach loops are allowed now (and have been for some time). Fixed missing includes for several functions. Rewrote str_replace_once to be a lot more efficient.
2008-07-02 Dan Another sweep from the optimization monster.
2008-06-30 Dan Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
2008-06-26 Dan Fixed javascript ACL manager and captcha not showing on ajax login lockout_captcha event
2008-06-25 Dan Majorly reworked Javascript runtime stuff to use on-demand loading.
2008-06-22 Dan Initial progress towards converting auto-completion framework to Spry. Not currently in a very working state.
2008-06-16 Dan Fixed access type warning in discussion button generation in template
2008-06-16 Dan Fixed: init_vars double-init check ignored theme changes/reloads
2008-06-16 Dan Made template parser remember last initted page_id and namespace to avoid double init; made additional_headers reassign only do so if $template->additional_headers is empty (it's being blanked somehow, need to come up with a backtrace sometime)
2008-06-15 Dan Renamed some functions (that were new in this release anyway) due to compatibility broken with PunBB bridge
2008-06-15 Dan Got ACL scope logic working again and began enforcing it. Breaking API change: assigning page title with $template->tpl_strings['PAGE_NAME'] will no longer work, use $template->assign_vars(). Workaround may be added later. Test for assign_vars method if compatibility needed. Added namespace processor API (non-breaking change). Several other things tweaked around as well.
2008-06-08 Dan Made ajaxReset() call the actual requested title instead of effective title; fixed (again) template compiler bug not matching certain tags (probably PCRE bug)
2008-06-07 Dan Modified $template->init_vars() to pivot to local page metadata and permissions from a PageProcessor object instead of global data from $paths and permissions from $session to allow redirects to affect on-page controls as well as the actual content (only partially complete, protection and several other elements still need to be localized)
2008-05-16 Dan Added user preference for disabling visual effects in Javascript applets; added re-import button to installed plugins
2008-04-15 Dan Merging changes from nighthawk
2008-04-14 Dan Rebrand as 1.1.4 (Caoineag alpha 4)
2008-04-15 Dan Added template_compile_subst hook
2008-04-12 Dan Huge improvements to the template_nodb class and surrounding code; moved template compiler core to its own non-classed function to allow code re-use
2008-04-09 Dan New plugin manager half-implemented. Most of the UI/frontend code is done. Moved sql_parse.php to /includes/ to allow use after installation - TODO: check installer, etc. for breakage
2008-03-27 Dan Made some improvements to ACL system including: warning on setting Deny for Everyone on the entire site, added ACL_ALWAYS_ALLOW_ADMIN_EDIT_ACL, and changed behavior as noted in the docs so that Deny for Everyone is no longer able to be overridden
2008-03-18 Dan Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
2008-03-07 Dan Oops: fixed broken template loader in upgrader for 1.0.x and 1.1.1
2008-03-07 Dan Fixed session validation bug in upgrade script; fixed non-object reference in template_nodb
2008-03-03 Dan Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
2008-03-02 Dan Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
2008-03-01 Dan Fixed the fact that cron just didn't work at all (brain fart that day or something)
2008-02-22 Dan Merging fixes and updates from stable branch
2008-01-29 Dan Fixed case where HTML comments were getting stripped when opening tag not followed by whitespace (<!--foo--> was stripped, <!-- foo --> was not, neither is stripped now)
2008-01-18 Dan Removed all PostgreSQL support from the installer as per http://enanocms.org/News:1200114064; installer support for Postgres is available in the 1.1 branch now
2008-01-10 Dan PHP4 fix: sidebar missing in installer UI: problem was wrongly named constructor for templateIndividualSafe
2008-01-01 Dan Integrating patch for PHP 6.0-dev compatibility
2008-02-20 Dan Added support for Diffie-Hellman key exchange during login. w00t!
2008-02-13 Dan Unsuccessful attempt at fixing "dismiss"/"close manager" buttons in ACL editor; non-breaking change to template API to allow plugins to add "normal" sidebar widgets in addition to the special "raw" block type, specified as the third parameter to $template->sidebar_widget(). Defaults to false, which is old behavior; new behavior (enabled by passing TRUE as the 3rd param) means that the content of the block is primarily block-level links.
2008-02-12 Dan Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
2008-02-11 Dan Rebrand as 1.1.2; made upgrade framework functional
2008-02-03 Dan Fixed some stray undefined-variable problems revealed as a result of testing on Windows Server '03, IIS6, PHP/FastCGI, and PostgreSQL 8.2.5.
2008-01-30 Dan Localization is FINISHED, DAMN IT HELLAH YEAH! OVER WITH! Man, it feels to get that off my chest. Release is in under 48 hours, folks. And we're ready for it.
2008-01-29 Dan Merging Nighthawk and Scribus branches (and Scribus is back, yay!)
2008-01-29 Dan Rebranded source code as 1.1.1; added TinyMCE ACL rule as per Vadi's request: http://forum.enanocms.org/viewtopic.php?f=7&t=54
2008-01-29 Dan Fixed SYSMSG tag in templates causing problems; commented out ENANO_DEBUG; fixed bad table prefix in installer payload logic
2008-01-26 Dan Removed stray debugging info from ACL editor success notification; added ability for guests to set language on URI (?lang=eng); added html_in_pages ACL type and separated from php_in_pages so HTML can be embedded but not PHP; rewote portions of the path manager to better abstract URL input; added Zend Framework into list of BSD-licensed libraries; localized some remaining strings; got the migration script working, but just barely; fixed display bug in Special:Contributions; localized Main Page button in admin panel
2008-01-25 Dan A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
2008-01-23 Dan Improved compatibility with PostgreSQL and fixed a number of installer bugs; fixed missing "meta" category declaration in language files
2008-01-22 Dan Localized registration errors and activation/COPPA e-mails
2008-01-19 Dan Fixed a coupla minor bugs with the template_nodb class wrongly referencing $lang
2008-01-17 Dan More progress on the installer. At this point it can install and import the language, but does not rename config files. Still much work to be done, most notably localization and creation of MySQL users and databases.
2008-01-03 Dan WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
2007-12-28 Dan Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
2007-12-20 Dan Redid merge, the previous one had a few problems
2007-12-19 Dan Many changes. Installer with PostgreSQL is broken badly and will be for some time.
2007-12-15 Dan SURPRISE! Preliminary PostgreSQL support added. The required schema file is not present in this commit and will be included at a later date. No installer support is implemented. Also in this commit: several fixes including <!-- SYSMSG ... --> was broken in template compiler; set fixed width on included images to prevent the thumbnail box from getting huge; added a much more friendly interface to AJAX responses that are invalid JSON
2007-12-13 Dan Rebrand as 1.0.3 (Dyrad)
2007-12-12 Dan Fixed focus of AJAX login form fields in IE; removed stale/unused call to $template->makeParserText() in paginate_array(); added hook page_create_request to possibly help control creation of pages of certain namespaces from plugins; fixed critical bug in user CP that prevented plugins from adding custom CP modules
2007-12-07 Dan Localized remainder of on-page tools and parts of PageProcess
2007-12-07 Dan Merging in changes from stable
2007-12-03 Dan Improved physical pages: they support comments and have their own dedicated namespace now. Still some consistency fixes to make.
2007-12-03 Dan Deprecated debugConsole and removed all calls to it. Added a lot of comments to common.php. Added support for "anonymous pages" that are created when the Enano API is loaded from an external script. Fixed missing border-bottom on Type 2 sidebar blocks in Oxygen.
2007-12-02 Dan Merging in the newly stable Coblynau
2007-11-24 Dan Fix missing REPORT_URI variable in template_nodb
2007-11-24 Dan Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
2007-11-22 Dan Merging in updates and improvements from stable
2007-11-22 Dan Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
2007-11-21 Dan Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
2007-11-18 Dan Merging in fixes from stable
2007-11-18 Dan Some (not much) progress with localizing tooltips on the pagebar. Still aways to go and committing so as to merge changes from stable
2007-11-15 Dan Merging in all changes from revision 185 (90b7a52bea45)
2007-11-09 Dan Merge in some minor fixes from stable
2007-11-09 Dan Cleaned up some HTML in the installer; corrected some phpDoc syntax errors
2007-11-07 Dan Localized installer database info page and finished localizing sysreqs page
2007-11-07 Dan Installer localization started. Welcome, License, and SysReqs pages are fully localized.
2007-11-03 Dan Merge in scaling abstraction from stable
2007-11-03 Dan Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
2007-11-03 Dan Merging in fixes and updates from 90b7a52bea45
2007-11-03 Dan Merging in fixes from rev. 207
2007-11-03 Dan Fixed the one FIXME in PageUtils regarding static HTML comment system's greeting line; fixed parsing of external links in template->tplWikiFormat
2007-10-29 Dan Localized the sidebar
2007-10-28 Dan Reworked comment system to not use HACKISH FIXES; AJAX comment framework is completely localized now
2007-10-28 Dan Completely localized admin tree menu and page toolbar
2007-10-28 Dan Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
2007-10-27 Dan Merging in some leftover changes from stable
2007-10-24 Dan Merging in fixes from stable
2007-10-27 Dan Localization low-level framework added
2007-10-26 Dan You know what folks, a lot of Mercurial merges failed, and I just now figured out why. So now all changes from stable are permanently synced in.
2007-10-23 Dan Slight HTTPS compatibility improvements
2007-10-21 Dan [minor] added bottom margin for enanocms.org fading button
2007-10-21 Dan Merging in changes from db8a849ad4c9
2007-10-21 Dan Merging in changes from stable
2007-10-18 Dan Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
2007-10-15 Dan Sync from stable
2007-10-12 Dan Replaced autocompleting username with a much more efficient algorithm and caching system
2007-10-07 Dan Merging in latest changes from stable
2007-10-07 Dan SECURITY: remove debug message in session manager; implemented alternate MediaWiki syntax for template embedding; added Adobe Spry for "shake" effect on unsuccessful login
2007-10-07 Dan Rebrand as 1.1.1; everything should now be bumped to "unstable" status
2007-10-06 Dan Fixed external links in tplWikiFormat to use my monster HTTP request regex
2007-10-06 Dan Improvements and fixes (hacks?) for HTML sanitization
2007-10-05 Dan Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
2007-09-24 Dan Rebrand as 1.0.2 (Coblynau); internal links are now parsed by RenderMan::parse_internal_links()
2007-09-18 Dan Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
2007-09-09 Dan Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
2007-09-08 Dan Fixed some rather major bugs in the registration system, this will need a release followup
2007-09-07 Dan Added keep-alive function to admin panel (had been planned for some time) and a new hook, template_var_init_end
2007-09-04 Dan Fixed the obnoxious issue with forms using GET and index.php?title=Foo URL scheme (this works a whole lot better than MediaWiki now
2007-09-04 Dan Nothing special, just syncing to Scribus, several bugs have been found with GET forms and a fix is in the works
2007-08-26 Dan [comments] fixed edit button (source wasn't getting filled)
2007-08-25 Dan Fixed non-object reference in databaseless template, added locking for Javascript paginator, made comments on AES key size more clear in constants, and disallowed "anonymous" and IP addresses for admin username in install.php; Loch Ness release candidate
2007-08-14 Dan Added ability to detag deleted pages
2007-08-12 Dan Redid stupid fading button code and fixed several RC2 bugs in the upgrade schema; 1.0.1 release candidate
2007-08-10 Dan Finished pagination code (was incomplete in previous revision) and added a few hacks for an upcoming theme
2007-08-09 Dan AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
2007-07-21 Dan Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
2007-07-15 Dan Pseudo-commit: Merging Scribus and Nighthawk repos
2007-07-12 Dan Fixed stupid typo in template.php that made the fading button not work...
2007-07-10 Dan Changed administration login request to use the AJAX login form; made high-level authentication more apparent in the AJAX box; recompiled Oxygen Mint
2007-07-10 Dan Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
2007-07-10 Dan Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
2007-07-08 Dan Bugfixes: Login system properly handles blank password situation (returns ""); fading button now works right with relative URLs
2007-07-08 Dan Enano CMS Project button can fade now
2007-07-03 Dan Fixed a lot of bugs with Safari and Konqueror; improved Opera compatibility
2007-07-01 Dan Added "page hint" on search page; deprecated "www." on EnanoCMS.org links
2007-06-28 Dan COPPA support added
2007-06-28 Dan Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
2007-06-27 Dan Converting all tables on new installations to UTF-8; this may break MySQL 4.0 compatibility; several minor cosmetic fixes; set Powered button under Links to "on" by default
2007-06-27 Dan More preliminary l10n work; userpage portal style basics implemented
2007-06-26 Dan Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
2007-06-23 Dan Emergency version change to 1.0rc3 to fix XSS vulnerabilities
2007-06-23 Dan Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
2007-06-22 Dan Installer actually works now on dev servers; minor language change in template.php; code cleanliness fix in sessions.php
2007-06-13 dan Adding /includes
less more (0) tip