[geeklog-cvs] geeklog-1.3/docs history,1.198,1.199
dhaun at iowaoutdoors.org
dhaun at iowaoutdoors.org
Thu Jun 17 15:43:54 EDT 2004
Update of /var/cvs/geeklog-1.3/docs
In directory www:/tmp/cvs-serv21584
Modified Files:
history
Log Message:
Updated list of changes (and synched with the 1.3.9sr1 / 1.3.8sr5 releases).
Index: history
===================================================================
RCS file: /var/cvs/geeklog-1.3/docs/history,v
retrieving revision 1.198
retrieving revision 1.199
diff -C2 -d -r1.198 -r1.199
*** history 31 May 2004 19:41:14 -0000 1.198
--- history 17 Jun 2004 19:43:52 -0000 1.199
***************
*** 4,9 ****
------------
! - Introduced function COM_getTopicSQL which returns part of an SQL request to
! check for a user's topic access [Dirk]
- Escape all PCRE special characters in the code to highlight search query
words (bug #200). Also moved the code to its own function, COM_highlightQuery,
--- 4,19 ----
------------
! - Added a printable version for static pages (based on a concept by
! Jannetta S Lewis). Requires a new template file, printable.thtml, located
! in the static pages' template directory [Dirk]
! - Added {article_url} variable for article/printable.thtml so that we can
! print the proper URL to the article if URL rewriting is on [Dirk]
! - Added filtering for the $order parameter in article.php [Dirk]
! - Added {link_actual_url} variable in links.php, holding the actual URL of
! a link (not Geeklog's redirect URL via portal.php). Updated template
! file links/linkdetails.thtml in all default themes to use {link_actual_url}
! in a title attribute for the links [Dirk]
! - The event description now honors linefeeds to allow some basic text
! formatting [Dirk]
- Escape all PCRE special characters in the code to highlight search query
words (bug #200). Also moved the code to its own function, COM_highlightQuery,
***************
*** 16,23 ****
- Use an UPDATE request when increasing the number of times a story has been
emailed [Dirk]
- - Fixed sporadic "Duplicate entry '...' for key 1." messages in error.log,
- which were caused by collisions of the pseudo-session ids for anonymous
- users. Geeklog actually handled the problem already - it shouldn't have been
- logged in the first place [Dirk]
- When an error occurs while creating a backup, the complete command line
used to call mysqldump is now added to error.log [Dirk]
--- 26,29 ----
***************
*** 47,54 ****
- Added an option to look up IP addresses (new variable $_CONF['ip_lookup'] in
config.php, pointing to a service that does IP address lookups) [Dirk]
- - In a user's profile, don't display story or comment titles if the user
- looking at the profile page doesn't have permissions to view the topic those
- stories or comments were posted under (bug #208) [Dirk]
- - Fixed incorrect author names in Daily Digest (bug #207) [Dirk]
- Fixed problems with the database backup when there were spaces in the path to
the backups directory (bug #185).
--- 53,56 ----
***************
*** 61,72 ****
- Fixed SEC_inGroup not using $_GROUPS cache in several instances. [Vinny]
- mysql.class.php now only runs mysql_connect once per page load. [Vinny]
- - Fixed Bug #183: COM_extractLinks will now ignore anchor tags that do not
- contain "href". [Vinny]
- The "Google paging" now has additional links to jump to the first and last
page (patch provided by Niels Leenheer). [Dirk]
- Introduced function COM_makeClickableLinks to turn URLs in text-only posts
into clickable links (i.e. it's adding <a> tags around URLs). [Dirk]
- - Added check of "speed limit" when saving a comment (savecomment()), and
- submitting items (stories, links, etc). [Vinny]
- Changed the comment insert, delete, display algorithms for improved
efficiency. They now use a modified preorder tree traversal method. [Vinny]
--- 63,70 ----
***************
*** 75,80 ****
- Added pagination ability to comments ({pagenav} template variable in
startcomment.thtml). [Vinny]
- - Fixed minor security issue with the Daily Digest, where users still got
- digests for topics from which they have been removed (bug #178) [Dirk]
- Fixed typo in timer.class.php that broke the ->restart() function. [Vinny]
- Make sure the database backup files are always sorted by (last modified) date
--- 73,76 ----
***************
*** 101,109 ****
- Removed extra quotes in SQL statements in admin/block.php to ensure
compatibility with old MySQL versions (reported by Elmer Masters). [Dirk]
- - Fixed SQL error in COM_showTopics when users tried to exclude topics in their
- preferences (reported by Rob Young). [Dirk]
- In admin/database.php, if the is_executable function is not available (e.g.
on Windows), do at least a file_exists to check if the mysqldump executable
exists in the path given in config.php. [Dirk]
--- 97,140 ----
- Removed extra quotes in SQL statements in admin/block.php to ensure
compatibility with old MySQL versions (reported by Elmer Masters). [Dirk]
- In admin/database.php, if the is_executable function is not available (e.g.
on Windows), do at least a file_exists to check if the mysqldump executable
exists in the path given in config.php. [Dirk]
+ - Introduced function COM_getTopicSQL which returns part of an SQL request to
+ check for a user's topic access [Dirk]
+ (This was actually introduced in 1.3.9sr1 but missing from the changelog)
+
+
+ Jun 1, 2004 (1.3.9sr1)
+ -----------
+
+ This release addresses the following security issues:
+
+ - It was possible to post anonymous comments, even when anonymous comment
+ posting had been switched off in config.php [Vinny, Dirk]
+ - Added additional speed limit checks for comments and submissions [Vinny]
+ - It was still possible to read the comments to stories, even when the user
+ didn't have access to the story's topic (provided they knew the story id)
+ [Vinny, Dirk]
+ - If none of the topics were visible for anonymous users, the site's index
+ page may still have displayed some stories for anonymous users, depending on
+ the stories' permissions [Vinny, Dirk]
+ - Users still got Daily Digest emails for topics from which they had been
+ removed (bug #178) [Dirk]
+ - It was possible to subscribe to the Daily Digest for all topics, even if the
+ user did not have access to certain topics [Dirk]
+ - Don't list stories or comments in the user profile if the current user isn't
+ allowed to see the topics they were posted under (bug #208) [Dirk]
+
+ Non-security related fixes:
+
+ - Fixed an SQL error in COM_showTopics if users excluded topics in their
+ preferences (reported by Rob Young) [Dirk]
+ - Fixed sporadic "Duplicate entry '...' for key 1." messages in error.log
+ (caused by the handling of pseudo-session ids for anonymous users) [Dirk]
+ - Fixed incorrect author names in Daily Digest (bug #207) [Dirk]
+ - The plugin_profileblocksedit_<plugin-name> Plugin API function wasn't working
+ due to a missing piece of code in usersettings.php [Dirk]
+ - COM_extractLinks will now ignore anchor tags that do not contain "href"
+ (bug #183) [Vinny]
***************
*** 409,412 ****
--- 440,454 ----
+ Jun 1, 2004 (1.3.8-1sr5)
+ -----------
+
+ This release fixes a bug due to which it was possible to post anonymous
+ comments even when anonymous comment posting had been switched off in
+ config.php.
+
+ To upgrade from Geeklog 1.3.8-1sr4 to 1.3.8-1sr5, simply upload the included
+ comment.php, replacing the file of the same name on your webserver.
+
+
January 26, 2004 (1.3.8-1sr4)
----------------
More information about the geeklog-cvs
mailing list