Sat, 19 Jan 2008 00:47:52 -0500 Not sure if $taboo was getting sanitized or not. Possibly an SQL injection vulnerability that allows maliciously crafted group names to inject SQL at a later date when the group CP is loaded. Unconfirmed, theoretical fix.
Dan [Sat, 19 Jan 2008 00:47:52 -0500] rev 273
Not sure if $taboo was getting sanitized or not. Possibly an SQL injection vulnerability that allows maliciously crafted group names to inject SQL at a later date when the group CP is loaded. Unconfirmed, theoretical fix.
Fri, 18 Jan 2008 10:35:33 -0500 Removed all PostgreSQL support from the installer as per http://enanocms.org/News:1200114064; installer support for Postgres is available in the 1.1 branch now
Dan [Fri, 18 Jan 2008 10:35:33 -0500] rev 272
Removed all PostgreSQL support from the installer as per http://enanocms.org/News:1200114064; installer support for Postgres is available in the 1.1 branch now
Wed, 09 Jan 2008 22:23:09 -0500 PHP4 fix: sidebar missing in installer UI: problem was wrongly named constructor for templateIndividualSafe
Dan [Wed, 09 Jan 2008 22:23:09 -0500] rev 271
PHP4 fix: sidebar missing in installer UI: problem was wrongly named constructor for templateIndividualSafe
Wed, 09 Jan 2008 22:13:42 -0500 Fix undefined E_STRICT under PHP 4; add PHP 4 deprecation notice in admin panel
Dan [Wed, 09 Jan 2008 22:13:42 -0500] rev 270
Fix undefined E_STRICT under PHP 4; add PHP 4 deprecation notice in admin panel
Tue, 01 Jan 2008 22:50:49 -0500 Installer works again now (for MySQL only)
Dan [Tue, 01 Jan 2008 22:50:49 -0500] rev 269
Installer works again now (for MySQL only)
Tue, 01 Jan 2008 22:30:53 -0500 Adding a few stray files and removing the no-longer-needed Creative Commons Attribution 2.0 license (no more libraries under that license are included with Enano); adding hooks pageprocess_render_{head,tail} to be run before and after the final page render, respectively.
Dan [Tue, 01 Jan 2008 22:30:53 -0500] rev 268
Adding a few stray files and removing the no-longer-needed Creative Commons Attribution 2.0 license (no more libraries under that license are included with Enano); adding hooks pageprocess_render_{head,tail} to be run before and after the final page render, respectively.
Mon, 31 Dec 2007 21:16:27 -0500 Integrating patch for PHP 6.0-dev compatibility
Dan [Mon, 31 Dec 2007 21:16:27 -0500] rev 267
Integrating patch for PHP 6.0-dev compatibility
Thu, 27 Dec 2007 11:35:00 -0500 Fixed search indexer causing duplicate keys when two "words" of 64+ characters encountered and first 64 characters are the same (thanks Vadi); attempt to fix onunload confirmation during page editing
Dan [Thu, 27 Dec 2007 11:35:00 -0500] rev 266
Fixed search indexer causing duplicate keys when two "words" of 64+ characters encountered and first 64 characters are the same (thanks Vadi); attempt to fix onunload confirmation during page editing
Sun, 23 Dec 2007 17:58:21 -0500 Corrected licensing issue on YoungPup's DOM-Drag (it is now public domain -> GPLv2+ for Enano); fixed wrongful access denial under specific circumstances (fetch_page_acl() on nonexistent page + wiki mode)
Dan [Sun, 23 Dec 2007 17:58:21 -0500] rev 265
Corrected licensing issue on YoungPup's DOM-Drag (it is now public domain -> GPLv2+ for Enano); fixed wrongful access denial under specific circumstances (fetch_page_acl() on nonexistent page + wiki mode)
Wed, 19 Dec 2007 17:15:48 -0500 Fixed: $paths->page_id not set when the page doesn't exist; finally fixed garbled page names for IP addresses
Dan [Wed, 19 Dec 2007 17:15:48 -0500] rev 264
Fixed: $paths->page_id not set when the page doesn't exist; finally fixed garbled page names for IP addresses
Tue, 18 Dec 2007 23:47:33 -0500 Merging in a few stray changes from the MySQL branch
Dan [Tue, 18 Dec 2007 23:47:33 -0500] rev 263
Merging in a few stray changes from the MySQL branch
Tue, 18 Dec 2007 23:45:43 -0500 A number of updates to the graphing code (it should actually work now)
Dan [Tue, 18 Dec 2007 23:45:43 -0500] rev 262
A number of updates to the graphing code (it should actually work now)
Tue, 18 Dec 2007 23:44:55 -0500 Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan [Tue, 18 Dec 2007 23:44:55 -0500] rev 261
Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Sat, 15 Dec 2007 18:11:59 -0500 Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan [Sat, 15 Dec 2007 18:11:59 -0500] rev 260
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
(0) -100 -14 +14 tip