Tue, 16 Nov 2010 12:11:29 -0500 |
Dan Fuhry |
SECURITY: Fix SQL injection in banlist check
|
file |
diff |
annotate
|
Fri, 20 Aug 2010 01:36:44 -0400 |
Dan Fuhry |
Fixed some ACL scope warnings
|
file |
diff |
annotate
|
Thu, 29 Jul 2010 19:30:11 -0400 |
Dan |
Pending group memberships no longer alter result in rank alterations
|
file |
diff |
annotate
|
Mon, 26 Jul 2010 20:10:01 -0400 |
Dan |
Improved captcha word generation; fixed duplicate auth parameter in Special:Login privileged login; improved search indexer performance on websites with lots of words
|
file |
diff |
annotate
|
Sun, 25 Jul 2010 11:15:53 -0400 |
Dan Fuhry |
Made login window focus the controls earlier if animations are disabled.
|
file |
diff |
annotate
|
Thu, 01 Jul 2010 20:51:53 -0400 |
Dan Fuhry |
Fixed the (rather expected) 1.0.x migration issues db revision system
|
file |
diff |
annotate
|
Mon, 28 Jun 2010 10:43:04 -0400 |
Dan Fuhry |
SECURITY: Multiple XSS in Special:ChangeStyle. Reported by Mesut Timur of Mavituna Security - thanks! Also removed my stand-in for ucfirst().
|
file |
diff |
annotate
|
Wed, 02 Jun 2010 21:58:26 -0400 |
Dan |
Rewrote category editor. This breaks the JSON API. Also fixed a few bugs with how Wiki Mode is set in $paths. (Hopefully that doesn't cause infinite loops, heh). Fixes issue 20.
|
file |
diff |
annotate
|
Sat, 17 Apr 2010 03:33:14 -0400 |
Dan |
Made separate methods in sessionManager for static and non-static generate_aes_form(), because PHP (erroneously) always calls that method statically.
|
file |
diff |
annotate
|
Tue, 06 Apr 2010 15:54:45 -0400 |
Dan |
Added Diffie-Hellman crypto support into the installer. Fixes issue 13.
|
file |
diff |
annotate
|
Tue, 30 Mar 2010 11:37:00 -0400 |
Dan |
Added selection and popup for <pre> tags within wikitext. Also fixed more bugs found in the HTML paragraph parser (mostly self-closing tags e.g. <hr />).
|
file |
diff |
annotate
|
Sun, 28 Mar 2010 23:10:46 -0400 |
Dan |
Going ahead with the switch to tabs. This is a major coding standards change! If any unusual parser bugs show up, check this changeset. Converted all .php, .js, .tpl, .css, and .json files and did basic testing.
|
file |
diff |
annotate
|
Mon, 01 Feb 2010 02:15:04 -0500 |
Dan |
Fixed more places where author_uid wasn't right.
|
file |
diff |
annotate
|
Sun, 10 Jan 2010 17:13:03 -0500 |
Dan |
Fixed author_uid in activation request insertion
|
file |
diff |
annotate
|
Wed, 06 Jan 2010 02:02:51 -0500 |
Dan |
Fixed some bugs with account activation, especially if you're a half-logged-in vegetable.
|
file |
diff |
annotate
|
Wed, 06 Jan 2010 01:18:19 -0500 |
Dan |
Sessions: fixed on_critical_page(), it referenced the wrong global; enabled better extensible behavior in the account_active column
|
file |
diff |
annotate
|
Fri, 18 Dec 2009 19:17:18 -0500 |
Dan |
AJAX login: Fixed error box failure to destroy upon cancel. Fixes issue 8.
|
file |
diff |
annotate
|
Fri, 18 Dec 2009 19:06:49 -0500 |
Dan |
Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
|
file |
diff |
annotate
|
Fri, 18 Dec 2009 05:12:02 -0500 |
Dan |
Comments (AJAX): Now paginated server side. Fixes issue 2.
|
file |
diff |
annotate
|
Thu, 17 Dec 2009 04:31:55 -0500 |
Dan |
ACP: Added lockout management feature
|
file |
diff |
annotate
|
Sat, 12 Dec 2009 15:44:36 -0500 |
Dan |
Re-merge changes from a2hosting dev
|
file |
diff |
annotate
|
Sat, 12 Dec 2009 15:39:36 -0500 |
Dan |
CAPTCHA: Added smart autosubmit for registration page. Usability testing was so-so, may back out later.
|
file |
diff |
annotate
|
Fri, 11 Dec 2009 17:11:47 -0500 |
Dan |
A couple fixes to permission out-of-scope errors.
|
file |
diff |
annotate
|
Mon, 07 Dec 2009 15:21:47 -0500 |
Dan |
Sessions: Made acl_check_deps() verify scope, so that all of an action's dependencies must apply to the namespace of the given action.
|
file |
diff |
annotate
|
Sun, 06 Dec 2009 21:51:55 -0500 |
Dan |
PostgreSQL: Fixed $session->create_user()
|
file |
diff |
annotate
|
Tue, 03 Nov 2009 22:08:48 -0500 |
Dan |
Logins: reorganized data structures a bit. WiP - needs test routine done.
|
file |
diff |
annotate
|
Fri, 21 Aug 2009 20:41:38 -0400 |
Dan |
Sessions: Improved inactive account UX; shuffled around a bit of code so that whitelist checks are shared; fixed a bunch of bugs related to ban code and IPv6 addresses
|
file |
diff |
annotate
|
Fri, 21 Aug 2009 13:49:45 -0400 |
Dan |
User ACP: redirect to Special:Login on own account deletion
|
file |
diff |
annotate
|
Thu, 20 Aug 2009 21:15:19 -0400 |
Dan |
Sessions: whoops, left a debug message in by accident, broke a few redirects
|
file |
diff |
annotate
|
Thu, 20 Aug 2009 20:01:55 -0400 |
Dan |
Fixed some upgrade bugs; added support for choosing one's own date/time formats; rebrand as 1.1.7
|
file |
diff |
annotate
|
Mon, 10 Aug 2009 22:43:26 -0400 |
Dan |
Added ability for authentication plugins to modify session keys (to allow invalidation when their own authentication data is changed) as well as the ability to disable the built-in password change facility
|
file |
diff |
annotate
|
Mon, 03 Aug 2009 02:58:43 -0400 |
Dan |
Sessions: fixed logout() destroying normal session (instead of elevated) if $level = USER_LEVEL_CHPREF. Possible very minor security concern: elevated sessions were not fully destroyed, so if a normal session is opened from the same IP, the elevated one may be reusable for 15 minutes.
|
file |
diff |
annotate
|
Fri, 31 Jul 2009 19:15:48 -0400 |
Dan |
Merged development from Scribus and Charlie
|
file |
diff |
annotate
|
Fri, 17 Jul 2009 17:11:09 -0400 |
Dan |
AJAX Login: Fixed all known issues with lockout (and some unknown ones)
|
file |
diff |
annotate
|
Wed, 29 Jul 2009 11:49:30 -0400 |
Dan |
Fixed logins with usernames containing Unicode characters
|
file |
diff |
annotate
|
Thu, 02 Jul 2009 09:01:29 -0400 |
Dan |
Login and sessions: fixed some improper handling of the config for lockout logic
|
file |
diff |
annotate
|
Sun, 21 Jun 2009 00:16:21 -0400 |
Dan |
AJAX login: fixed improper run of login_submit_early; fixed failure to redirect if main_page_members == current page
|
file |
diff |
annotate
|
Fri, 22 May 2009 13:49:02 -0400 |
Dan |
Sped up AJAX de-auth a little; added a little extra info to login_success JSON responses
|
file |
diff |
annotate
|
Fri, 15 May 2009 15:56:10 -0400 |
Dan |
Fixed undefined indices for user_extra in various places
|
file |
diff |
annotate
|
Tue, 05 May 2009 00:10:26 -0400 |
Dan |
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
|
file |
diff |
annotate
|
Sun, 19 Apr 2009 19:01:08 -0400 |
Dan |
Upgrader: UX: Added welcome page, different between Caoineag and Banshee
|
file |
diff |
annotate
|
Wed, 15 Apr 2009 19:44:47 -0400 |
Dan |
New, beautiful, rethought Admin:Home. No, really, you'll like it.
|
file |
diff |
annotate
|
Sat, 11 Apr 2009 16:58:32 -0400 |
Dan |
session: login_process_userdata_json hook should work with more than one installed auth plugin now
|
file |
diff |
annotate
|
Sat, 04 Apr 2009 22:35:44 -0400 |
Dan |
Session: additional metadata passed back from auth plugins is passed through to client for optional further parsing
|
file |
diff |
annotate
|
Sat, 14 Mar 2009 14:06:02 -0400 |
Dan |
Added support for alternate port numbers on database servers. Also in install-cli, merged in new sysreqs functionality.
|
file |
diff |
annotate
|
Thu, 26 Feb 2009 01:07:32 -0500 |
Dan |
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
|
file |
diff |
annotate
|
Mon, 16 Feb 2009 16:17:25 -0500 |
Dan |
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
|
file |
diff |
annotate
|
Sun, 25 Jan 2009 21:20:14 -0500 |
Dan |
Replaced integer checks that used preg_match() to use ctype_digit() instead
|
file |
diff |
annotate
|
Fri, 16 Jan 2009 13:13:37 -0500 |
Dan |
Deprecated old grab_password_hash() functions in session
|
file |
diff |
annotate
|
Sun, 11 Jan 2009 21:37:49 -0500 |
Dan |
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
|
file |
diff |
annotate
|
Sun, 04 Jan 2009 01:43:16 -0500 |
Dan |
Upgrades should work now.
|
file |
diff |
annotate
|
Sun, 04 Jan 2009 00:55:40 -0500 |
Dan |
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
|
file |
diff |
annotate
|
Sun, 21 Dec 2008 17:25:28 -0500 |
Dan |
Corrected a few issues with languages and client-side code
|
file |
diff |
annotate
|
Sun, 21 Dec 2008 07:07:21 -0500 |
Dan |
Fixed a couple PostgreSQL bugs.
|
file |
diff |
annotate
|
Sun, 21 Dec 2008 04:26:56 -0500 |
Dan |
Fixed timezone preference setting not fully implemented; added ability for users to select their own rank from a list of possible ranks based on group membership and user level
|
file |
diff |
annotate
|
Thu, 20 Nov 2008 22:59:25 -0500 |
Dan |
Added dependency checking in ACL tracer
|
file |
diff |
annotate
|
Sun, 09 Nov 2008 14:22:41 -0500 |
Dan |
Merging with upstream
|
file |
diff |
annotate
|
Mon, 03 Nov 2008 08:56:44 -0500 |
Dan |
Fixed error-out when DiffieHellman not supported and respawn requested (part of OS X QA process)
|
file |
diff |
annotate
|
Sun, 09 Nov 2008 09:03:10 -0500 |
Dan |
Added config option to grant userpage rights to new users (defaults to on, as it was hardcoded on before)
|
file |
diff |
annotate
|
Sat, 08 Nov 2008 22:35:59 -0500 |
Dan |
Fixed DiffieHellman being included twice when not supported and login fails
|
file |
diff |
annotate
|
Sun, 21 Sep 2008 09:01:27 -0400 |
Dan |
Added initial support for DST. Rules are defined in constants.php and are extensible.
|
file |
diff |
annotate
|
Tue, 19 Aug 2008 20:57:17 -0400 |
Dan |
Made upgrades from 1.1.4 -> 1.1.5 work if keyhash is not present
|
file |
diff |
annotate
|
Wed, 13 Aug 2008 08:48:03 -0400 |
Dan |
Made login forms that use $session->aes_javascript() use new whiteOutForm() function
|
file |
diff |
annotate
|
Tue, 12 Aug 2008 00:06:35 -0400 |
Dan |
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
|
file |
diff |
annotate
|
Mon, 11 Aug 2008 22:31:04 -0400 |
Dan |
Rebranded as 1.1.5 (Caoineag alpha 5) and fixed a couple bugs related to CDN support in template_nodb and installerUI. Updated readme.
|
file |
diff |
annotate
|
Sat, 12 Jul 2008 03:55:14 -0400 |
Dan |
Added Gravatar support in UserManager in admin panel
|
file |
diff |
annotate
|
Wed, 09 Jul 2008 21:02:28 -0400 |
Dan |
Fixed undefined group_rank_id in sessions
|
file |
diff |
annotate
|
Mon, 07 Jul 2008 02:49:26 -0400 |
Dan |
Moved all account deactivation notice presentation code to its own method in sessions
|
file |
diff |
annotate
|
Thu, 03 Jul 2008 15:34:09 -0400 |
Dan |
As promised, dropped in the new librijndael. Benchmarks say about 3 times faster, but more performance testing will be done.
|
file |
diff |
annotate
|
Wed, 02 Jul 2008 22:15:55 -0400 |
Dan |
More optimization work. Moved special page init functions to common instead of common_post hook. Allowed paths to cache page metadata on filesystem. Phased out the redundancy in $paths->pages that paired a number with every urlname as foreach loops are allowed now (and have been for some time). Fixed missing includes for several functions. Rewrote str_replace_once to be a lot more efficient.
|
file |
diff |
annotate
|
Wed, 02 Jul 2008 19:36:44 -0400 |
Dan |
Another sweep from the optimization monster.
|
file |
diff |
annotate
|
Mon, 30 Jun 2008 17:22:29 -0400 |
Dan |
Made $session->private_key protected and added pk_{en,de}crypt methods for encrypting and decrypting data using the private key
|
file |
diff |
annotate
|
Mon, 30 Jun 2008 17:20:02 -0400 |
Dan |
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
|
file |
diff |
annotate
|
Thu, 26 Jun 2008 18:03:04 -0400 |
Dan |
Made encryption work in form-based logon again; modified load_component() to fetch compressed versions when possible
|
file |
diff |
annotate
|
Thu, 26 Jun 2008 17:01:42 -0400 |
Dan |
Fixed missing table_prefix in generate_rank_sql()
|
file |
diff |
annotate
|
Wed, 18 Jun 2008 22:43:16 -0400 |
Dan |
Fixed SQL syntax error thrown during rank data fetch
|
file |
diff |
annotate
|
Mon, 16 Jun 2008 19:05:16 -0400 |
Dan |
Fixed undefined index left over from scope system rewrite a few days ago
|
file |
diff |
annotate
|
Sun, 15 Jun 2008 01:30:00 -0400 |
Dan |
Renamed some functions (that were new in this release anyway) due to compatibility broken with PunBB bridge
|
file |
diff |
annotate
|
Sun, 15 Jun 2008 00:59:37 -0400 |
Dan |
Got ACL scope logic working again and began enforcing it. Breaking API change: assigning page title with $template->tpl_strings['PAGE_NAME'] will no longer work, use $template->assign_vars(). Workaround may be added later. Test for assign_vars method if compatibility needed. Added namespace processor API (non-breaking change). Several other things tweaked around as well.
|
file |
diff |
annotate
|
Sat, 14 Jun 2008 22:01:24 -0400 |
Dan |
Fixed some plugin compatibility issues seen in Nuggie
|
file |
diff |
annotate
|
Tue, 10 Jun 2008 00:21:34 -0400 |
Dan |
A bit of UX improvement to upgrade UI; updated readme for 1.1.4
|
file |
diff |
annotate
|
Sat, 07 Jun 2008 12:39:24 -0400 |
Dan |
Modified $template->init_vars() to pivot to local page metadata and permissions from a PageProcessor object instead of global data from $paths and permissions from $session to allow redirects to affect on-page controls as well as the actual content (only partially complete, protection and several other elements still need to be localized)
|
file |
diff |
annotate
|
Sat, 24 May 2008 23:40:42 -0400 |
Dan |
More work done on effective permissions API, namely reporting of page group and usergroup names
|
file |
diff |
annotate
|
Fri, 16 May 2008 12:22:26 -0400 |
Dan |
Added user preference for disabling visual effects in Javascript applets; added re-import button to installed plugins
|
file |
diff |
annotate
|
Mon, 12 May 2008 00:59:46 -0400 |
Dan |
Revamped some ACL code and added effective permissions calculation code into session manager
|
file |
diff |
annotate
|
Mon, 05 May 2008 20:06:37 -0400 |
Dan |
Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
|
file |
diff |
annotate
|
Sun, 04 May 2008 21:57:48 -0400 |
Dan |
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
|
file |
diff |
annotate
|
Mon, 14 Apr 2008 12:13:12 -0400 |
Dan |
Rebrand as 1.1.4 (Caoineag alpha 4)
|
file |
diff |
annotate
|
Tue, 08 Apr 2008 20:32:30 -0400 |
Dan |
Merging nighthawk and scribus branches
|
file |
diff |
annotate
|
Tue, 08 Apr 2008 20:30:05 -0400 |
Dan |
Implemented the password-reset redirect _properly_ instead of the hackish direct header() call in sessions.php
|
file |
diff |
annotate
|
Sun, 06 Apr 2008 14:02:20 -0400 |
Dan |
SECURITY: Disabled caching of decrypted DiffieHellman login requests
|
file |
diff |
annotate
|
Wed, 26 Mar 2008 20:20:22 -0400 |
Dan |
Made some improvements to ACL system including: warning on setting Deny for Everyone on the entire site, added ACL_ALWAYS_ALLOW_ADMIN_EDIT_ACL, and changed behavior as noted in the docs so that Deny for Everyone is no longer able to be overridden
|
file |
diff |
annotate
|
Tue, 18 Mar 2008 14:32:40 -0400 |
Dan |
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
|
file |
diff |
annotate
|
Sun, 16 Mar 2008 16:06:59 -0400 |
Dan |
Added support for embedding language data into plugins; updated all version numbers on plugin files
|
file |
diff |
annotate
|
Sat, 15 Mar 2008 00:08:01 -0400 |
Dan |
Fixed some bugs with PostgreSQL and added a word_lcase column to the search_index table because collation is not working under MySQL. TODO: Trigger search index rebuild on upgrade to 1.1.4.
|
file |
diff |
annotate
|
Sat, 08 Mar 2008 12:13:23 -0500 |
Dan |
Fixed undefined variable ($row['is_regex'] instead of $is_regex) in sessions.php
|
file |
diff |
annotate
|
Thu, 06 Mar 2008 23:31:28 -0500 |
Dan |
[Security] made session manager have some degree of IP validation for session keys and upgrades
|
file |
diff |
annotate
|
Thu, 06 Mar 2008 23:27:50 -0500 |
Dan |
Fixed session validation bug in upgrade script; fixed non-object reference in template_nodb
|
file |
diff |
annotate
|
Thu, 06 Mar 2008 20:53:26 -0500 |
Dan |
Added a cron task to sessions.php that deletes old admin keys once a week
|
file |
diff |
annotate
|
Sun, 02 Mar 2008 19:32:19 -0500 |
Dan |
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
|
file |
diff |
annotate
|
Sat, 01 Mar 2008 23:02:05 -0500 |
Dan |
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
|
file |
diff |
annotate
|
Sat, 01 Mar 2008 18:55:54 -0500 |
Dan |
Fixed improper serializing of IP that could allow reusing of key from multiple IP addresses.
|
file |
diff |
annotate
|
Sun, 24 Feb 2008 12:52:07 -0500 |
Dan |
Merging in changes from Nighthawk
|
file |
diff |
annotate
|
Fri, 22 Feb 2008 12:51:53 -0500 |
Dan |
Merging fixes and updates from stable branch
|
file |
diff |
annotate
|
Mon, 31 Dec 2007 21:16:27 -0500 |
Dan |
Integrating patch for PHP 6.0-dev compatibility
|
file |
diff |
annotate
|
Wed, 20 Feb 2008 14:38:39 -0500 |
Dan |
Added support for Diffie-Hellman key exchange during login. w00t!
|
file |
diff |
annotate
|
Mon, 18 Feb 2008 16:13:56 -0500 |
Dan |
Fixed typo in ban logic
|
file |
diff |
annotate
|
Mon, 11 Feb 2008 14:33:31 -0500 |
Dan |
Rebrand as 1.1.2; made upgrade framework functional
|
file |
diff |
annotate
|
Fri, 08 Feb 2008 23:20:20 -0500 |
Dan |
Added some basic timezone support; DST support is still to come.
|
file |
diff |
annotate
|
Wed, 06 Feb 2008 19:27:43 -0500 |
Dan |
Fixed some captcha bugs and made all captcha fields case-insensitive
|
file |
diff |
annotate
|
Wed, 06 Feb 2008 18:41:47 -0500 |
Dan |
Implemented a new CAPTCHA API; the frontend ($session->{make,get}_captcha) is API-compatible but the backend (the captcha class) is deprecated.
|
file |
diff |
annotate
|
Tue, 29 Jan 2008 23:15:44 -0500 |
Dan |
Localization is FINISHED, DAMN IT HELLAH YEAH! OVER WITH! Man, it feels to get that off my chest. Release is in under 48 hours, folks. And we're ready for it.
|
file |
diff |
annotate
|
Tue, 29 Jan 2008 16:19:51 -0500 |
Dan |
Rebranded source code as 1.1.1; added TinyMCE ACL rule as per Vadi's request: http://forum.enanocms.org/viewtopic.php?f=7&t=54
|
file |
diff |
annotate
|
Sun, 27 Jan 2008 22:57:40 -0500 |
Dan |
Got Enano to load even if there are no plugins; added caching for decrypted session keys to significantly improve performance (in theory at least)
|
file |
diff |
annotate
|
Sat, 26 Jan 2008 15:42:32 -0500 |
Dan |
Removed stray debugging info from ACL editor success notification; added ability for guests to set language on URI (?lang=eng); added html_in_pages ACL type and separated from php_in_pages so HTML can be embedded but not PHP; rewote portions of the path manager to better abstract URL input; added Zend Framework into list of BSD-licensed libraries; localized some remaining strings; got the migration script working, but just barely; fixed display bug in Special:Contributions; localized Main Page button in admin panel
|
file |
diff |
annotate
|
Thu, 24 Jan 2008 22:14:40 -0500 |
Dan |
[minor] Trying to be a little more careful with values from users_extra in validate_session()
|
file |
diff |
annotate
|
Thu, 24 Jan 2008 22:06:09 -0500 |
Dan |
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
|
file |
diff |
annotate
|
Wed, 23 Jan 2008 12:48:22 -0500 |
Dan |
Improved compatibility with PostgreSQL and fixed a number of installer bugs; fixed missing "meta" category declaration in language files
|
file |
diff |
annotate
|
Tue, 22 Jan 2008 01:08:15 -0500 |
Dan |
Localized registration errors and activation/COPPA e-mails
|
file |
diff |
annotate
|
Mon, 21 Jan 2008 10:09:48 -0500 |
Dan |
Implemented IP logging for comments and registration
|
file |
diff |
annotate
|
Thu, 03 Jan 2008 00:53:33 -0500 |
Dan |
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
|
file |
diff |
annotate
|
Fri, 28 Dec 2007 00:07:53 -0500 |
Dan |
Merging in the last couple of revisions from stable
|
file |
diff |
annotate
|
Sun, 23 Dec 2007 17:58:21 -0500 |
Dan |
Corrected licensing issue on YoungPup's DOM-Drag (it is now public domain -> GPLv2+ for Enano); fixed wrongful access denial under specific circumstances (fetch_page_acl() on nonexistent page + wiki mode)
|
file |
diff |
annotate
|
Thu, 27 Dec 2007 22:09:33 -0500 |
Dan |
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
|
file |
diff |
annotate
|
Wed, 19 Dec 2007 22:55:40 -0500 |
Dan |
Redid merge, the previous one had a few problems
|
file |
diff |
annotate
|
Tue, 18 Dec 2007 23:44:55 -0500 |
Dan |
Many changes. Installer with PostgreSQL is broken badly and will be for some time.
|
file |
diff |
annotate
|
Sat, 15 Dec 2007 18:10:14 -0500 |
Dan |
SURPRISE! Preliminary PostgreSQL support added. The required schema file is not present in this commit and will be included at a later date. No installer support is implemented. Also in this commit: several fixes including <!-- SYSMSG ... --> was broken in template compiler; set fixed width on included images to prevent the thumbnail box from getting huge; added a much more friendly interface to AJAX responses that are invalid JSON
|
file |
diff |
annotate
|
Wed, 12 Dec 2007 21:37:23 -0500 |
Dan |
Rebrand as 1.0.3 (Dyrad)
|
file |
diff |
annotate
|
Fri, 07 Dec 2007 16:42:22 -0500 |
Dan |
Merging in changes from stable
|
file |
diff |
annotate
|
Mon, 03 Dec 2007 17:36:25 -0500 |
Dan |
Deprecated debugConsole and removed all calls to it. Added a lot of comments to common.php. Added support for "anonymous pages" that are created when the Enano API is loaded from an external script. Fixed missing border-bottom on Type 2 sidebar blocks in Oxygen.
|
file |
diff |
annotate
|
Sun, 02 Dec 2007 16:00:10 -0500 |
Dan |
Merging in the newly stable Coblynau
|
file |
diff |
annotate
|
Sun, 25 Nov 2007 17:53:03 -0500 |
Dan |
Fixed highlighting in search results; changed search algorithm to give more score for terms found in page title; hopefully (hackishly) fixed login_key_cache getting too long
|
file |
diff |
annotate
|
Sat, 24 Nov 2007 01:35:12 -0500 |
Dan |
Fixed a few major bugs with the upgrade script and the config file not getting loaded properly due to IN_ENANO_INSTALL
|
file |
diff |
annotate
|
Sat, 24 Nov 2007 00:53:23 -0500 |
Dan |
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
|
file |
diff |
annotate
|
Sun, 18 Nov 2007 20:37:08 -0500 |
Dan |
Merging in fixes and updates from stable
|
file |
diff |
annotate
|
Sun, 18 Nov 2007 18:44:55 -0500 |
Dan |
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
|
file |
diff |
annotate
|
Sat, 17 Nov 2007 23:09:12 -0500 |
Dan |
Hopefully managed to put enough hacks in there to make renaming the config file the last step, so if it fails, it can be done manually
|
file |
diff |
annotate
|
Sat, 17 Nov 2007 22:25:37 -0500 |
Dan |
Merging in fixes from stable
|
file |
diff |
annotate
|
Sat, 17 Nov 2007 20:31:01 -0500 |
Dan |
Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
|
file |
diff |
annotate
|
Sat, 17 Nov 2007 15:02:08 -0500 |
Dan |
Fixed: secure-cookie option is no longer set if $_SERVER['HTTPS'] is set but == "off"
|
file |
diff |
annotate
|
Thu, 15 Nov 2007 18:00:39 -0500 |
Dan |
Merging in all changes from revision 185 (90b7a52bea45)
|
file |
diff |
annotate
|
Fri, 09 Nov 2007 11:18:54 -0500 |
Dan |
Merge in some minor fixes from stable
|
file |
diff |
annotate
|
Fri, 09 Nov 2007 11:14:20 -0500 |
Dan |
Cleaned up some HTML in the installer; corrected some phpDoc syntax errors
|
file |
diff |
annotate
|
Sat, 03 Nov 2007 07:40:54 -0400 |
Dan |
Merging in fixes and updates from 90b7a52bea45
|
file |
diff |
annotate
|
Sat, 03 Nov 2007 07:30:11 -0400 |
Dan |
Merging in fixes from rev. 207
|
file |
diff |
annotate
|
Fri, 02 Nov 2007 20:37:26 -0400 |
Dan |
Localized a good part, if not all, of the registration page and a couple other things.
|
file |
diff |
annotate
|
Sun, 28 Oct 2007 14:32:13 -0400 |
Dan |
Login page mostly localized
|
file |
diff |
annotate
|
Wed, 24 Oct 2007 12:45:05 -0400 |
Dan |
Merging in fixes from stable
|
file |
diff |
annotate
|
Fri, 26 Oct 2007 19:28:54 -0400 |
Dan |
You know what folks, a lot of Mercurial merges failed, and I just now figured out why. So now all changes from stable are permanently synced in.
|
file |
diff |
annotate
|
Tue, 23 Oct 2007 12:30:08 -0400 |
Dan |
Slight HTTPS compatibility improvements
|
file |
diff |
annotate
|
Sat, 20 Oct 2007 21:51:26 -0400 |
Dan |
Merging in changes from db8a849ad4c9
|
file |
diff |
annotate
|
Sat, 20 Oct 2007 21:44:13 -0400 |
Dan |
Merging in changes from stable
|
file |
diff |
annotate
|
Mon, 15 Oct 2007 00:11:51 -0400 |
Dan |
SECURITY: Fix failure to log login failure on no row match
|
file |
diff |
annotate
|
Sun, 07 Oct 2007 22:06:15 -0400 |
Dan |
Fixed the security hole (really, I'm a moron - used $failed > $threshold instead of $failed >= $threashold) and patched up some...erm... math issues
|
file |
diff |
annotate
|
Sun, 07 Oct 2007 21:41:42 -0400 |
Dan |
Upgrade UI should work now (upgrades still don't work); do not pull this revision as there is a security hole in the lockout system pending a fix
|
file |
diff |
annotate
|
Sun, 07 Oct 2007 21:28:36 -0400 |
Dan |
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
|
file |
diff |
annotate
|
Sun, 07 Oct 2007 17:28:47 -0400 |
Dan |
Merging in latest changes from stable
|
file |
diff |
annotate
|
Sun, 07 Oct 2007 08:39:40 -0400 |
Dan |
SECURITY: remove debug message in session manager; implemented alternate MediaWiki syntax for template embedding; added Adobe Spry for "shake" effect on unsuccessful login
|
file |
diff |
annotate
|
Sat, 06 Oct 2007 20:36:40 -0400 |
Dan |
Rebrand as 1.1.1; everything should now be bumped to "unstable" status
|
file |
diff |
annotate
|
Sun, 30 Sep 2007 20:20:07 -0400 |
Dan |
Feature add: new page group type: regular expression match (PCRE)
|
file |
diff |
annotate
|
Sun, 23 Sep 2007 23:21:10 -0400 |
Dan |
Rebrand as 1.0.2 (Coblynau); internal links are now parsed by RenderMan::parse_internal_links()
|
file |
diff |
annotate
|
Tue, 18 Sep 2007 16:29:26 -0400 |
Dan |
Enano should now fully support UTF-8 usernames; newly registered users are now granted automatic edit access to their user pages (admins can still use protection on the page)
|
file |
diff |
annotate
|
Tue, 18 Sep 2007 00:30:43 -0400 |
Dan |
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
|
file |
diff |
annotate
|
Thu, 13 Sep 2007 08:28:11 -0400 |
Dan |
Fix: activation e-mails were signed by Anonymous :-)
|
file |
diff |
annotate
|
Sat, 08 Sep 2007 15:06:28 -0400 |
Dan |
Vastly improved UX for a login to an inactive account
|
file |
diff |
annotate
|
Sat, 21 Jul 2007 18:12:10 -0400 |
Dan |
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
|
file |
diff |
annotate
|
Sat, 21 Jul 2007 11:28:59 -0400 |
Dan |
Fixed a few presentation bugs in installer, made installer more "legally binding", and fixed global permissions inheritance in $session->fetch_page_acl()
1.0
|
file |
diff |
annotate
|
Mon, 09 Jul 2007 22:01:27 -0400 |
Dan |
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
|
file |
diff |
annotate
|
Thu, 05 Jul 2007 10:37:36 -0400 |
Dan |
I dunno how many times I'm gonna have to fix the "problem seems to be the hex conversion" bug, but this is at least the fourth try.
|
file |
diff |
annotate
|
Sun, 01 Jul 2007 14:08:39 -0400 |
Dan |
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
|
file |
diff |
annotate
|
Thu, 28 Jun 2007 15:26:40 -0400 |
Dan |
Finished Special:Preferences/Profile page! Only the wikitext parser cleanup left, yay!
|
file |
diff |
annotate
|
Thu, 28 Jun 2007 13:49:40 -0400 |
Dan |
COPPA support added
|
file |
diff |
annotate
|
Tue, 26 Jun 2007 17:28:18 -0400 |
Dan |
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
|
file |
diff |
annotate
|
Sat, 23 Jun 2007 10:38:24 -0400 |
Dan |
Upgrades (RC2->RC3) should now work
|
file |
diff |
annotate
|
Sat, 23 Jun 2007 10:16:53 -0400 |
Dan |
Emergency version change to 1.0rc3 to fix XSS vulnerabilities
|
file |
diff |
annotate
|
Fri, 22 Jun 2007 10:31:59 -0400 |
Dan |
Installer actually works now on dev servers; minor language change in template.php; code cleanliness fix in sessions.php
|
file |
diff |
annotate
|
Wed, 13 Jun 2007 16:07:17 -0400 |
dan |
Adding /includes
|
file |
diff |
annotate
|