[geeklog-cvs] geeklog-1.3/docs changes.html,1.24,1.24.2.1 history,1.168.2.1,1.168.2.2

Mon May 31 14:20:07 EDT 2004

Update of /var/cvs/geeklog-1.3/docs
In directory www:/tmp/cvs-serv1421/docs

Modified Files:
      Tag: geeklog_1_3_9_1
	changes.html history 
Log Message:
Updated documentation


Index: changes.html
===================================================================
RCS file: /var/cvs/geeklog-1.3/docs/changes.html,v
retrieving revision 1.24
retrieving revision 1.24.2.1
diff -C2 -d -r1.24 -r1.24.2.1
*** changes.html	15 Feb 2004 16:31:39 -0000	1.24
--- changes.html	31 May 2004 18:20:05 -0000	1.24.2.1
***************
*** 23,26 ****
--- 23,62 ----
  of files that have been changed since the last release.</p>
  
+ <h2><a name="changes139sr1">Geeklog 1.3.9sr1</a></h2>
+ <p>This release addresses the following security issues:</p>
+ 
+ <ol>
+ <li>It was possible to post anonymous comments, even when anonymous comment
+     posting had been switched off in config.php.<br>
+     This bug was apparently exploited by spammers to send hundreds of spam
+     posts to certain Geeklog sites.</li>
+ <li>An additional check for the comment speed limit was missing from
+     comment.php.</li>
+ <li>If none of the topics were visible for anonymous users, the site's index
+     page may still have displayed some stories for anonymous users, depending
+     on the stories' permissions.</li>
+ <li>Users still got Daily Digest emails for topics from which they had been
+     removed (bug #178).</li>
+ <li>It was possible to subscribe to the Daily Digest for all topics, even if
+     the user did not have access to certain topics.</li>
+ <li>Comments to stories were sometimes listed in a user's profile, even if the
+     user viewing the profile didn't have permissions to access the story the
+     comments belonged to.</li>
+ </ol>
+ 
+ <h3>Other fixes</h3>
+ <ul>
+ <li>Fixed an SQL error in <code>COM_showTopics</code> if users excluded topics
+     from their preferences.</li>
+ <li>Fixed sporadic "Duplicate entry '...' for key 1." messages in error.log,
+     caused by the handling of pseudo-session ids for anonymous users.</li>
+ <li>Fixed incorrect author names in Daily Digest (bug #207).</li>
+ <li>The <code>plugin_profileblocksedit_<i>plugin-name</i> Plugin API function
+     wasn't working due to a missing piece of code in usersettings.php.</li>
+ <li><code>COM_extractLinks</code> will now ignore anchor tags that do not
+     contain "<code>href</code>" (bug #183).</li>
+ </ul>
+ 
+ 
  <h2><a name="changes139">Geeklog 1.3.9</a></h2>
  

Index: history
===================================================================
RCS file: /var/cvs/geeklog-1.3/docs/history,v
retrieving revision 1.168.2.1
retrieving revision 1.168.2.2
diff -C2 -d -r1.168.2.1 -r1.168.2.2
*** history	31 May 2004 10:52:16 -0000	1.168.2.1
--- history	31 May 2004 18:20:05 -0000	1.168.2.2
***************
*** 24,29 ****
  Non-security related fixes:
  
! - Fixed an SQL error in COM_showTopics if users excluded topics (in their
!   preferences) [Dirk]
  - Fixed sporadic "Duplicate entry '...' for key 1." messages in error.log
    (caused by the handling of pseudo-session ids for anonymous users) [Dirk]
--- 24,29 ----
  Non-security related fixes:
  
! - Fixed an SQL error in COM_showTopics if users excluded topics in their
!   preferences (reported by Rob Young) [Dirk]
  - Fixed sporadic "Duplicate entry '...' for key 1." messages in error.log
    (caused by the handling of pseudo-session ids for anonymous users) [Dirk]
***************
*** 31,34 ****
--- 31,36 ----
  - The plugin_profileblocksedit_<plugin-name> Plugin API function wasn't working
    due to a missing piece of code in usersettings.php [Dirk]
+ - COM_extractLinks will now ignore anchor tags that do not contain "href"
+   (bug #183) [Vinny]