setConfig() will now delete config values if the second parameter is explicitly set to false

HMAC functions are now standards-compliant (not a security issue). This BREAKS 1.1.6-hg passwords!

Added a basic plugin/hook framework for Javascript

[minor] changed heading format in mainpage-default

Fixed default ACLs

Added color specifications on input fields for admin and oxygen

Blah. Wrong type for those getConfig values.

Fixed: no default values in for avatar upload settings

[Oops] removed debug message in install-cli

Damn, forgot to add the version insertion back into schema

Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) - Pages are now stored with an extra metadata field called page_format which is "wikitext" or "xhtml" - New $flags parameter + RENDER_* constants added that control RenderMan::render() behavior - Several other changes: * Added a sprite API for Javascript and made editor use sprites when possible * Removed a number of config options from the default install schema, replaced with second parameter to getConfig() calls * MessageBox in editor mostly replaced with miniPrompt * A few bugfixes related to password changes (registration didn't even work) * Rewrote the bitfield compression algorithm used to serialize allowed MIME types * Fixed some typos in language files and strings * Fixed a Text_Wiki bug in Heading parser

Made all page_id and namespace columns consistent

Added Unicode support for usernames and passwords (this is probably best considered a JS crypto bug)

Fixed https urls not allowed in user_extra CPs; fixed nonworking password reset in admin CP

Added a few hooks to Admin:GeneralConfig (didn't I do this already?)

Merging Nighthawk (anti-spam work) and Scribus (AJAX work + debugging + CLI installer) branches

Replaced integer checks that used preg_match() to use ctype_digit() instead

Added (very basic) spam filtering plugin support. Plugins can mark a message as spam by hooking into the spam check API, which is documented in functions.php. No spam checking functionality is built-in.

Login: reauth: window.location.hash is now updated to include the new SID so that page reloads will use it

AJAX core library: possible breaking change, readystatechange functions are now called with the XHR instance as the first parameter, to allow requests to run in parallel. This means much better stability but may break some applets (compatibility hack is included)

Oxygen: synced mint style

PageProcessor: fix not setting page_exists to true after create_page() success (todo: move to Namespace_*?); add $visible parameter to create_page()

Change config.new.php and .htaccess.new to have a single newline according to Fedora project guidelines

Installer: add RewriteBase to .htaccess to work properly under aliased Apache setups (generated 404s in QA)

A few bugfixes in CLI installer related to interactivity

SECURITY: Fix XSS under IE in closing tags (shared sanitizer)

Fixed login form being focused too early (caused page to scroll up)

Deprecated old grab_password_hash() functions in session

Whoops! Fixed an SQL injection vulnerability in the CLI installer. (Not like it's a huge deal because the vulnerability was only introduced last commit and if you make it to that stage you already know the database password)

Added already-installed check to cli-core

Added CLI installer. Supports interactive, command-line, and internal-call installation. Fixed a few bugs related to anti-SQL injection parser and plugin installation.

Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.

JS core: whiteOutReportSuccess now has a sister whiteOutReportFailure(); both abstracted to function whiteOutDestroyWithImage(whitey, image_url)

DBAL: Fixed issues with die_json() and multiline responses from {mysql,pg_last}_error()

Plugin manager: added support for having specific install and uninstall blocks per DBMS

Special:Administration: fixed 404 on several Tigra tree menu images

jBox: When an anchor in a menu is clicked, menu is now hidden

Fix undefined variable in special namespace missing function handler

If there's an onlineupgrade.php, installer index.php will link to that instead of upgrade.php (future readiness ;))

Fix version number warning in installer common

Upgrades should work now.

Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.

Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].

Added a couple of hooks for the registration form.

Redid error handler (it was causing some problems with gzip enabled)

Small speed optimization to admin panel loader

Revamped main page default content

Several thematic enhancements to Oxygen including making the main page title an h1

Added support for re-auth on submit to rank manager when session goes bad; still more to come

Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.

Updated URLs and strings to point to the new server (ktulu)

Fixed a few bugs with plugin management and importing of old plugin metadata

Added support for upgrades from Ferrishyn

Added paginator_goto() to function reverse map; fixed some missing component loads in pagination code

When will that stupid user -> user_id bug stop REARING ITS UGLY HEAD. DIE! DIE! DIE! DIE! DIE!

Fixed: autocomplete got broken somehow

Unstable alpha release: 1.1.5 (Caoineag alpha 5)

Added ajaxReverseDNS to function-to-script map.

Added spell-checking support for TinyMCE on user request (see: http://forum.enanocms.org/topic/11/)

Minor cosmetic change to installer: bumped down Continue button on payload page by 12px