Dan Fuhry <dan@enanocms.org> [Tue, 12 Jul 2011 22:37:21 -0400] rev 344
Release prep 1.0.6pl4
Dan Fuhry <dan@enanocms.org> [Tue, 12 Jul 2011 22:13:37 -0400] rev 343
SECURITY: Fixed several XSS vulns reported by Secunia, mostly in Private Messaging. Also backported CSRF protection API from 1.1.x, and protected Private Messaging and logout functions.
Dan Fuhry <dan@enanocms.org> [Tue, 16 Nov 2010 12:44:22 -0500] rev 342
Retagged current-stable
Dan Fuhry <dan@enanocms.org> [Tue, 16 Nov 2010 12:43:24 -0500] rev 341
Tagged release: 1.0.6pl3
Dan Fuhry <dan@enanocms.org> [Tue, 16 Nov 2010 12:42:36 -0500] rev 340
Version bump to 1.0.6pl3 (the real release number)
Dan Fuhry <dan@enanocms.org> [Tue, 16 Nov 2010 12:20:50 -0500] rev 339
Version bump to 1.0.6pl2
Dan Fuhry <dan@enanocms.org> [Tue, 16 Nov 2010 12:19:13 -0500] rev 338
SECURITY: Fix SQL injection in banlist check
Dan Fuhry <dan@enanocms.org> [Mon, 28 Jun 2010 11:11:09 -0400] rev 337
Tagged release: 1.0.6pl2
Dan Fuhry <dan@enanocms.org> [Mon, 28 Jun 2010 11:00:51 -0400] rev 336
SECURITY: Multiple XSS in Special:ChangeStyle. Reported by Mesut Timur of Mavituna Security - thanks!
Dan [Mon, 28 Dec 2009 16:52:41 -0500] rev 335
Fixed a couple non-security sanitizer and editor bugs
Dan [Mon, 28 Dec 2009 12:19:47 -0500] rev 334
Updated current-stable tag
Dan [Mon, 24 Aug 2009 12:33:36 -0400] rev 333
Stable release: Enano CMS 1.0.6pl1
Dan [Sat, 22 Aug 2009 13:31:09 -0400] rev 332
Fixed lockup on unclosed HTML tags in wikiformat_process_block()
Dan [Sat, 22 Aug 2009 13:30:39 -0400] rev 331
Version bumped to v1.0.6pl1
Dan [Fri, 21 Aug 2009 11:50:22 -0400] rev 330
SECURITY: Comments: fix poor sanitization of subject on initial submit
Dan [Sat, 21 Mar 2009 18:58:41 -0400] rev 329
Merging nighthawk and scribus branches
Dan [Sat, 21 Mar 2009 18:57:34 -0400] rev 328
Fixed typo in function call to check for apache 2.2
Dan [Sun, 18 Jan 2009 18:59:29 -0500] rev 327
Added license block to AmigaLink captcha engine and set this engine as the default; clarified licensing situation for this module in licenses/index.html
Dan [Sun, 18 Jan 2009 18:13:48 -0500] rev 326
Updated current-stable tag
Dan [Sun, 18 Jan 2009 18:11:42 -0500] rev 325
Re-merged 1.0.6 tag
Dan [Sun, 18 Jan 2009 18:10:48 -0500] rev 324
Continuation of previous commit in admin CP; EditSidebar: updated strings to be more accurate (thanks again Vadi)
Dan [Sun, 18 Jan 2009 18:10:21 -0500] rev 323
Pageutils: Also delete page-specific ACL rules when deleting a page (thanks Vadi)
Dan [Sun, 18 Jan 2009 18:09:55 -0500] rev 322
SECURITY: Enforce denied history_view on previous revisions
Dan [Sun, 18 Jan 2009 18:09:08 -0500] rev 321
Removed some crufty CSS classes in enano-shared (thanks Vadi)
Dan [Sat, 17 Jan 2009 12:08:28 -0500] rev 320
Stable release: Enano CMS 1.0.6 (Roane)
Dan [Sat, 17 Jan 2009 11:57:02 -0500] rev 319
Updated readme for Roane
Dan [Sat, 17 Jan 2009 11:51:17 -0500] rev 318
Rebrand as v1.0.6 (Roane)
Dan [Sat, 17 Jan 2009 11:32:52 -0500] rev 317
Merging branches
Dan [Sat, 17 Jan 2009 11:32:18 -0500] rev 316
SECURITY: Fix XSS under IE in closing tags (shared sanitizer)
Dan [Sat, 17 Jan 2009 11:31:45 -0500] rev 315
Minor fix to OS detection in install
Dan [Sat, 29 Nov 2008 22:50:19 -0500] rev 314
Plugins can now register their own custom actions for $_GET["do"]. (Backport from unstable)
Dan [Thu, 27 Nov 2008 10:57:50 -0500] rev 313
Stable release: Enano CMS 1.0.5 (Ferrishyn)
Dan [Thu, 27 Nov 2008 10:38:00 -0500] rev 312
Remove some unused/obsolete release tags
Dan [Thu, 27 Nov 2008 10:26:49 -0500] rev 311
[cosmetic only] lowercase release name in installer splash
Dan [Thu, 27 Nov 2008 10:21:58 -0500] rev 310
Made UX for Windows patch more pleasant including external documentation. Breaking change to dynamic download script.
Dan [Tue, 25 Nov 2008 22:08:00 -0500] rev 309
Updated readme for Ferrishyn
Dan [Fri, 07 Nov 2008 08:56:53 -0500] rev 308
Fixed sanitization of full page IDs with accidental parse of escaped hex character in dirtify_page_id(). Thanks Asterion; see http://forum.enanocms.org/post/20/
Dan [Tue, 16 Sep 2008 08:20:14 -0400] rev 307
Fixed IPv6 address match (the one from phpBB3 did not work)
Dan [Wed, 10 Sep 2008 06:57:54 -0400] rev 306
Fixed SQL parse errors caused by conversion to \r\n by some FTP/zip clients (hackish workaround that isn't Enano's fault)
Dan [Fri, 22 Aug 2008 01:05:42 -0400] rev 305
Forgot to update, merging heads from nighthawk and scribus
Dan [Fri, 22 Aug 2008 01:04:20 -0400] rev 304
Redid tags to match version numbers; only latest release will be tagged as such from now on. Hopefully Mercurial registers this.
Dan [Sun, 17 Aug 2008 08:38:15 -0400] rev 303
Upgrade from 1.0.4 -> 1.0.5 now tolerates errors in user -> user_id transition in tags table
Dan [Tue, 05 Aug 2008 14:02:26 -0400] rev 302
Tagging revision 290 (72ecb951b313) as release, it was never done before.
Dan [Tue, 05 Aug 2008 14:02:18 -0400] rev 301
Backported customizable 404 page from unstable (thanks Vadi); made customizable 404 page have a {STANDARD404} variable available to allow embedding the "default" 404 content.
Dan [Mon, 04 Aug 2008 11:44:20 -0400] rev 300
RNG now uses /dev/urandom instead of /dev/random to fix slowdowns during login. Potentially not as secure, but speed problems on some servers were of blocker severity.
Dan [Thu, 26 Jun 2008 21:00:25 -0400] rev 299
Merging scribus and nighthawk branches
Dan [Thu, 26 Jun 2008 20:59:57 -0400] rev 298
Fixed jBox hover event reference to undefined object
Dan [Thu, 26 Jun 2008 20:59:23 -0400] rev 297
Fixed E_STRICT under PHP 5 and 6 (reference operator in instanciation)
Dan [Thu, 12 Jun 2008 10:58:48 -0400] rev 296
Merging in page['visible'] patch from unstable, pages marked as invisible should now be omitted from searches
Dan [Fri, 09 May 2008 23:33:11 -0400] rev 295
Tagging latest revision as rebrand
Dan [Fri, 09 May 2008 23:32:51 -0400] rev 294
Rebrand as 1.0.5 (Ferrishyn)
Dan [Fri, 09 May 2008 23:32:00 -0400] rev 293
Fixed (again) the user -> user_id transition in enano_tags table
Dan [Sun, 13 Apr 2008 17:03:15 -0400] rev 292
Fixed aclScopeSel control in Safari/KHTML
Dan [Sun, 13 Apr 2008 17:02:42 -0400] rev 291
Added enforced warning about PHP4
Dan [Sun, 16 Mar 2008 21:08:37 -0400] rev 290
Filled and updated out the README for 1.0.4
Dan [Sat, 15 Mar 2008 16:34:28 -0400] rev 289
Backporting cron fixes from unstable
Dan [Sun, 02 Mar 2008 21:34:56 -0500] rev 288
Allowed uppercase characters to be used in the database name (thanks Andrew)
Dan [Sun, 02 Mar 2008 14:52:08 -0500] rev 287
Fixed PHP warning in Rijndael RNG code when open_basedir restriction in effect
Dan [Thu, 28 Feb 2008 12:33:25 -0500] rev 286
Tagging latest revision as rebrand
Dan [Thu, 28 Feb 2008 12:33:01 -0500] rev 285
Rebrand as 1.0.4 (Ellyyllon)
Dan [Fri, 22 Feb 2008 12:46:51 -0500] rev 284
Fixed: RenderMan::getPage() failing with access denial when fetching template and view_source results in deny
Dan [Fri, 01 Feb 2008 22:31:57 -0500] rev 283
Made all captcha fields case-insensitive (thanks pkeating)
Dan [Thu, 31 Jan 2008 22:28:40 -0500] rev 282
Merging scribus and nighthawk branches
Dan [Thu, 31 Jan 2008 22:28:12 -0500] rev 281
Fixed jBox menus failing to appear when window scrolled down
Dan [Thu, 31 Jan 2008 21:52:39 -0500] rev 280
Fixed special pages being returned with subpage information inappropriately from $paths->get_pageid_from_url()
Dan [Mon, 28 Jan 2008 23:07:32 -0500] rev 279
Fixed case where HTML comments were getting stripped when opening tag not followed by whitespace (<!--foo--> was stripped, <!-- foo --> was not, neither is stripped now)
Dan [Mon, 28 Jan 2008 23:06:38 -0500] rev 278
Re-applying the revision with the comment fix (bad merge a couple revs back)
Dan [Sun, 27 Jan 2008 23:43:24 -0500] rev 277
Fixed case where HTML comments were getting stripped when opening tag not followed by whitespace (<!--foo--> was stripped, <!-- foo --> was not, neither is stripped now)
Dan [Wed, 23 Jan 2008 19:36:42 -0500] rev 276
Merging in a couple revisions from Nighthawk
Dan [Wed, 23 Jan 2008 19:36:16 -0500] rev 275
Fixed case-sensitive file extensions
Dan [Sun, 20 Jan 2008 23:18:03 -0500] rev 274
Fixed broken regenCaptcha() in Special:Register
Dan [Sat, 19 Jan 2008 00:47:52 -0500] rev 273
Not sure if $taboo was getting sanitized or not. Possibly an SQL injection vulnerability that allows maliciously crafted group names to inject SQL at a later date when the group CP is loaded. Unconfirmed, theoretical fix.
Dan [Fri, 18 Jan 2008 10:35:33 -0500] rev 272
Removed all PostgreSQL support from the installer as per http://enanocms.org/News:1200114064; installer support for Postgres is available in the 1.1 branch now
Dan [Wed, 09 Jan 2008 22:23:09 -0500] rev 271
PHP4 fix: sidebar missing in installer UI: problem was wrongly named constructor for templateIndividualSafe
Dan [Wed, 09 Jan 2008 22:13:42 -0500] rev 270
Fix undefined E_STRICT under PHP 4; add PHP 4 deprecation notice in admin panel
Dan [Tue, 01 Jan 2008 22:50:49 -0500] rev 269
Installer works again now (for MySQL only)
Dan [Tue, 01 Jan 2008 22:30:53 -0500] rev 268
Adding a few stray files and removing the no-longer-needed Creative Commons Attribution 2.0 license (no more libraries under that license are included with Enano); adding hooks pageprocess_render_{head,tail} to be run before and after the final page render, respectively.
Dan [Mon, 31 Dec 2007 21:16:27 -0500] rev 267
Integrating patch for PHP 6.0-dev compatibility
Dan [Thu, 27 Dec 2007 11:35:00 -0500] rev 266
Fixed search indexer causing duplicate keys when two "words" of 64+ characters encountered and first 64 characters are the same (thanks Vadi); attempt to fix onunload confirmation during page editing
Dan [Sun, 23 Dec 2007 17:58:21 -0500] rev 265
Corrected licensing issue on YoungPup's DOM-Drag (it is now public domain -> GPLv2+ for Enano); fixed wrongful access denial under specific circumstances (fetch_page_acl() on nonexistent page + wiki mode)
Dan [Wed, 19 Dec 2007 17:15:48 -0500] rev 264
Fixed: $paths->page_id not set when the page doesn't exist; finally fixed garbled page names for IP addresses
Dan [Tue, 18 Dec 2007 23:47:33 -0500] rev 263
Merging in a few stray changes from the MySQL branch
Dan [Tue, 18 Dec 2007 23:45:43 -0500] rev 262
A number of updates to the graphing code (it should actually work now)
Dan [Tue, 18 Dec 2007 23:44:55 -0500] rev 261
Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan [Sat, 15 Dec 2007 18:11:59 -0500] rev 260
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan [Sat, 15 Dec 2007 18:10:14 -0500] rev 259
SURPRISE! Preliminary PostgreSQL support added. The required schema file is not present in this commit and will be included at a later date. No installer support is implemented. Also in this commit: several fixes including <!-- SYSMSG ... --> was broken in template compiler; set fixed width on included images to prevent the thumbnail box from getting huge; added a much more friendly interface to AJAX responses that are invalid JSON
Dan [Wed, 12 Dec 2007 21:46:28 -0500] rev 258
Stable release: Enano CMS 1.0.3 (Dyrad)
Dan [Wed, 12 Dec 2007 21:37:40 -0500] rev 257
Tagging latest revision for rebrand
Dan [Wed, 12 Dec 2007 21:37:23 -0500] rev 256
Rebrand as 1.0.3 (Dyrad)
Dan [Wed, 12 Dec 2007 21:04:20 -0500] rev 255
SECURITY: CRITICAL: Fix SQL injection in admin CP page editor
Dan [Tue, 11 Dec 2007 19:15:26 -0500] rev 254
Fixed focus of AJAX login form fields in IE; removed stale/unused call to $template->makeParserText() in paginate_array(); added hook page_create_request to possibly help control creation of pages of certain namespaces from plugins; fixed critical bug in user CP that prevented plugins from adding custom CP modules
Dan [Mon, 03 Dec 2007 18:45:37 -0500] rev 253
Improved physical pages: they support comments and have their own dedicated namespace now. Still some consistency fixes to make.
Dan [Mon, 03 Dec 2007 17:36:25 -0500] rev 252
Deprecated debugConsole and removed all calls to it. Added a lot of comments to common.php. Added support for "anonymous pages" that are created when the Enano API is loaded from an external script. Fixed missing border-bottom on Type 2 sidebar blocks in Oxygen.
Dan [Sat, 01 Dec 2007 02:39:49 -0500] rev 251
Fixed: sanitation loop on ampersands in encodeAttribute() (this was MediaWiki's fault)
Dan [Sat, 01 Dec 2007 00:35:42 -0500] rev 250
Stable release: Enano CMS 1.0.2 (Coblynau)
Dan [Sat, 01 Dec 2007 00:35:15 -0500] rev 249
Dummy revision to artificially increment build number
Dan [Sat, 01 Dec 2007 00:34:03 -0500] rev 248
Fix missing dependency on search.php in upgrade script
Dan [Sat, 01 Dec 2007 00:32:58 -0500] rev 247
Detagging release due to stupid upgrade fix
Dan [Fri, 30 Nov 2007 23:09:44 -0500] rev 246
Stable release: Enano CMS 1.0.2 (Coblynau)
Dan [Fri, 30 Nov 2007 22:16:26 -0500] rev 245
How could I forget the TRADEMARK SIGN?
Dan [Fri, 30 Nov 2007 22:13:03 -0500] rev 244
Updated artwork with finalized new/revised logo; finalized upgrade schema
Dan [Wed, 28 Nov 2007 15:24:23 -0500] rev 243
Add installer pop-help topic for URL scheme, in response to http://forum.enanocms.org/viewtopic.php?f=5&t=19
Dan [Wed, 28 Nov 2007 14:47:42 -0500] rev 242
Oops, never merged in updates from ee1fc84f12a8 (240)
Dan [Wed, 28 Nov 2007 14:46:03 -0500] rev 241
Hopefully now all calls to escape() are replaced with ajaxEscape() in response to Tomasz's forum post; remove deprecated version of show_category_info() from functions.php
Dan [Sun, 25 Nov 2007 21:40:42 -0500] rev 240
SECURITY: Tighten default allowed file types; make sure search index rebuild is performed on upgrade
Dan [Sun, 25 Nov 2007 21:18:52 -0500] rev 239
Final development freeze for release: 1.0.2 (Coblynau); only critical bugs fixed until GA
Dan [Sun, 25 Nov 2007 20:24:16 -0500] rev 238
Add warning in installer for PHP < 5.2.0; hopefully fix validation of e-mail addresses with dashes
Dan [Sun, 25 Nov 2007 19:23:50 -0500] rev 237
Nothing special. ksort()ing list of allowed filetypes in the admin panel to make editing the list marginally easier
Dan [Sun, 25 Nov 2007 19:03:50 -0500] rev 236
Added OpenDocument MIME types and extensions; make sql_report page show total time taken for SQL queries
Dan [Sun, 25 Nov 2007 17:53:03 -0500] rev 235
Fixed highlighting in search results; changed search algorithm to give more score for terms found in page title; hopefully (hackishly) fixed login_key_cache getting too long
Dan [Sat, 24 Nov 2007 13:16:20 -0500] rev 234
A couple of minor tweaks to the upgrade schema; tests pending
Dan [Sat, 24 Nov 2007 02:11:43 -0500] rev 233
The template-cache incompatibility bug has finally been isolated, so a function to clear the template cache was added into the upgrade script for 1.0.2