Dan [Mon, 02 Mar 2009 16:46:10 -0500] rev 851
Redesigned installer sysreqs page to cover more features, be more comprehensive, and look better
Dan [Mon, 02 Mar 2009 16:45:28 -0500] rev 850
Installer: fixed load of lang_js on finish
Dan [Sun, 01 Mar 2009 22:52:31 -0500] rev 849
jQuery: updated to latest jQuery + jQuery UI
Dan [Sun, 01 Mar 2009 22:52:20 -0500] rev 848
Template: addslashes() around wiki_edit_notice_text (whoops)
Dan [Sat, 28 Feb 2009 14:38:10 -0500] rev 847
http: minor fix to tolerate missing SERVER_SOFTWARE
Dan [Thu, 26 Feb 2009 01:28:18 -0500] rev 846
Plugin backend: bugfix: installing a plugin should now properly import its strings
Dan [Thu, 26 Feb 2009 01:27:56 -0500] rev 845
Set password in userinfo to allow auth plugins to see it (some really do need it)
Dan [Thu, 26 Feb 2009 01:27:23 -0500] rev 844
Plugin manager: system plugins now sorted to last
Dan [Thu, 26 Feb 2009 01:07:32 -0500] rev 843
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan [Thu, 26 Feb 2009 01:06:58 -0500] rev 842
setConfig() will now delete config values if the second parameter is explicitly set to false
Dan [Thu, 26 Feb 2009 01:04:27 -0500] rev 841
HMAC functions are now standards-compliant (not a security issue). This BREAKS 1.1.6-hg passwords!
Dan [Thu, 26 Feb 2009 01:03:22 -0500] rev 840
Added a basic plugin/hook framework for Javascript
Dan [Thu, 26 Feb 2009 01:02:50 -0500] rev 839
[minor] changed heading format in mainpage-default
Dan [Thu, 26 Feb 2009 01:02:33 -0500] rev 838
Fixed default ACLs
Dan [Thu, 26 Feb 2009 01:02:00 -0500] rev 837
Added color specifications on input fields for admin and oxygen
Dan [Wed, 25 Feb 2009 13:39:49 -0500] rev 836
Blah. Wrong type for those getConfig values.
Dan [Wed, 25 Feb 2009 13:38:21 -0500] rev 835
Fixed: no default values in for avatar upload settings
Dan [Mon, 16 Feb 2009 17:12:02 -0500] rev 834
[Oops] removed debug message in install-cli
Dan [Mon, 16 Feb 2009 17:01:56 -0500] rev 833
Damn, forgot to add the version insertion back into schema
Dan [Mon, 16 Feb 2009 16:17:25 -0500] rev 832
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
- Pages are now stored with an extra metadata field called page_format which is "wikitext" or "xhtml"
- New $flags parameter + RENDER_* constants added that control RenderMan::render() behavior
- Several other changes:
* Added a sprite API for Javascript and made editor use sprites when possible
* Removed a number of config options from the default install schema, replaced with second parameter to getConfig() calls
* MessageBox in editor mostly replaced with miniPrompt
* A few bugfixes related to password changes (registration didn't even work)
* Rewrote the bitfield compression algorithm used to serialize allowed MIME types
* Fixed some typos in language files and strings
* Fixed a Text_Wiki bug in Heading parser
Dan [Mon, 16 Feb 2009 16:04:54 -0500] rev 831
Made all page_id and namespace columns consistent
Dan [Mon, 16 Feb 2009 16:04:31 -0500] rev 830
Added Unicode support for usernames and passwords (this is probably best considered a JS crypto bug)
Dan [Mon, 16 Feb 2009 13:01:35 -0500] rev 829
Fixed https urls not allowed in user_extra CPs; fixed nonworking password reset in admin CP
Dan [Mon, 26 Jan 2009 11:45:48 -0500] rev 828
Added a few hooks to Admin:GeneralConfig (didn't I do this already?)
Dan [Sun, 25 Jan 2009 21:21:07 -0500] rev 827
Merging Nighthawk (anti-spam work) and Scribus (AJAX work + debugging + CLI installer) branches
Dan [Sun, 25 Jan 2009 21:20:14 -0500] rev 826
Replaced integer checks that used preg_match() to use ctype_digit() instead
Dan [Sun, 25 Jan 2009 21:18:05 -0500] rev 825
Added (very basic) spam filtering plugin support. Plugins can mark a message as spam by hooking into the spam check API, which is documented in functions.php. No spam checking functionality is built-in.
Dan [Sun, 25 Jan 2009 20:35:32 -0500] rev 824
Login: reauth: window.location.hash is now updated to include the new SID so that page reloads will use it
Dan [Sun, 25 Jan 2009 20:35:06 -0500] rev 823
AJAX core library: possible breaking change, readystatechange functions are now called with the XHR instance as the first parameter, to allow requests to run in parallel. This means much better stability but may break some applets (compatibility hack is included)
Dan [Sun, 25 Jan 2009 20:27:14 -0500] rev 822
Oxygen: synced mint style
Dan [Sun, 25 Jan 2009 20:26:50 -0500] rev 821
PageProcessor: fix not setting page_exists to true after create_page() success (todo: move to Namespace_*?); add $visible parameter to create_page()
Dan [Sun, 25 Jan 2009 20:24:38 -0500] rev 820
Change config.new.php and .htaccess.new to have a single newline according to Fedora project guidelines
Dan [Fri, 23 Jan 2009 22:03:39 -0500] rev 819
Installer: add RewriteBase to .htaccess to work properly under aliased Apache setups (generated 404s in QA)
Dan [Fri, 23 Jan 2009 21:59:03 -0500] rev 818
A few bugfixes in CLI installer related to interactivity
Dan [Sat, 17 Jan 2009 15:16:36 -0500] rev 817
SECURITY: Fix XSS under IE in closing tags (shared sanitizer)
Dan [Fri, 16 Jan 2009 13:14:08 -0500] rev 816
Fixed login form being focused too early (caused page to scroll up)
Dan [Fri, 16 Jan 2009 13:13:37 -0500] rev 815
Deprecated old grab_password_hash() functions in session
Dan [Fri, 16 Jan 2009 13:13:03 -0500] rev 814
Whoops! Fixed an SQL injection vulnerability in the CLI installer. (Not like it's a huge deal because the vulnerability was only introduced last commit and if you make it to that stage you already know the database password)
Dan [Wed, 14 Jan 2009 23:29:14 -0500] rev 813
Added already-installed check to cli-core
Dan [Wed, 14 Jan 2009 20:33:05 -0500] rev 812
Added CLI installer. Supports interactive, command-line, and internal-call installation. Fixed a few bugs related to anti-SQL injection parser and plugin installation.
Dan [Sun, 11 Jan 2009 21:37:49 -0500] rev 811
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan [Sun, 11 Jan 2009 21:37:39 -0500] rev 810
JS core: whiteOutReportSuccess now has a sister whiteOutReportFailure(); both abstracted to function whiteOutDestroyWithImage(whitey, image_url)
Dan [Sun, 11 Jan 2009 21:36:36 -0500] rev 809
DBAL: Fixed issues with die_json() and multiline responses from {mysql,pg_last}_error()
Dan [Sun, 11 Jan 2009 21:35:39 -0500] rev 808
Plugin manager: added support for having specific install and uninstall blocks per DBMS
Dan [Sun, 11 Jan 2009 21:35:03 -0500] rev 807
Special:Administration: fixed 404 on several Tigra tree menu images
Dan [Sun, 11 Jan 2009 21:34:27 -0500] rev 806
jBox: When an anchor in a menu is clicked, menu is now hidden
Dan [Sun, 11 Jan 2009 21:32:24 -0500] rev 805
Fix undefined variable in special namespace missing function handler
Dan [Sun, 11 Jan 2009 21:31:27 -0500] rev 804
If there's an onlineupgrade.php, installer index.php will link to that instead of upgrade.php (future readiness ;))
Dan [Sun, 11 Jan 2009 21:30:46 -0500] rev 803
Fix version number warning in installer common
Dan [Sun, 04 Jan 2009 01:43:16 -0500] rev 802
Upgrades should work now.
Dan [Sun, 04 Jan 2009 00:55:40 -0500] rev 801
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan [Sat, 03 Jan 2009 18:11:18 -0500] rev 800
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan [Sat, 03 Jan 2009 17:54:26 -0500] rev 799
Added a couple of hooks for the registration form.
Dan [Wed, 31 Dec 2008 08:40:38 -0500] rev 798
Redid error handler (it was causing some problems with gzip enabled)
Dan [Wed, 24 Dec 2008 10:04:48 -0500] rev 797
Small speed optimization to admin panel loader
Dan [Wed, 24 Dec 2008 10:04:37 -0500] rev 796
Revamped main page default content
Dan [Wed, 24 Dec 2008 10:04:19 -0500] rev 795
Several thematic enhancements to Oxygen including making the main page title an h1
Dan [Mon, 22 Dec 2008 21:54:30 -0500] rev 794
Added support for re-auth on submit to rank manager when session goes bad; still more to come
Dan [Mon, 22 Dec 2008 21:26:19 -0500] rev 793
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan [Mon, 22 Dec 2008 21:25:14 -0500] rev 792
Updated URLs and strings to point to the new server (ktulu)