[geeklog-cvs] geeklog: Merged changes from geeklog_1_8_0_1 branch

geeklog-cvs at lists.geeklog.net geeklog-cvs at lists.geeklog.net
Mon Oct 3 03:08:02 EDT 2011 

changeset 8435:afff23bbbc48
url:  http://project.geeklog.net/cgi-bin/hgwebdir.cgi/geeklog/rev/afff23bbbc48
user: Dirk Haun <dirk at haun-online.de>
date: Mon Oct 03 09:06:32 2011 +0200
description:
Merged changes from geeklog_1_8_0_1 branch

diffstat:

 public_html/docs/english/changes.html |  11 +++++++++++
 public_html/docs/history              |   4 +++-
 2 files changed, 14 insertions(+), 1 deletions(-)

diffs (39 lines):

diff -r 58b419c9867c -r afff23bbbc48 public_html/docs/english/changes.html
--- a/public_html/docs/english/changes.html	Mon Oct 03 08:44:25 2011 +0200
+++ b/public_html/docs/english/changes.html	Mon Oct 03 09:06:32 2011 +0200
@@ -28,8 +28,19 @@
 <h3>Bugfixes</h3>
 
 <ul>
+<li>Fixed information leakage:
+<ul>
+    <li>The "<a href="config.html#desc_rootdebug">rootdebug</a>" option,
+        when enabled, also dumped the OAuth consumer key and secret. You now
+        have to additionally set the rootdebug option to "force" to make them
+        show up in the variable dump.</li>
+    <li>The MS SQL driver was displaying detailed SQL error messages by
+        default.</li>
+</ul></li>
 <li>Fixed a regression in Geeklog 1.8.0 that made the <code>[code]</code> and
     <code>[raw]</code> tags not escape content properly.</li>
+<li>Fixed some problems with adding and removing elements to/from arrays in
+    the Configuration.</li>
 <li>The admin's User Editor no longer loses changes when an error occured.</li>
 <li>Fixed images not being displayed in the story preview (when editing an
     existing story).</li>
diff -r 58b419c9867c -r afff23bbbc48 public_html/docs/history
--- a/public_html/docs/history	Mon Oct 03 08:44:25 2011 +0200
+++ b/public_html/docs/history	Mon Oct 03 09:06:32 2011 +0200
@@ -9,9 +9,11 @@
 - mysqli class (patch #0001303) [Dirk]
 
 
-Sep ??, 2011 (1.8.1)
+Oct ??, 2011 (1.8.1)
 ------------
 
+- Fixed adding elements to empty Configuration arrays (bug #0001396) [Tom]
+- Blank out OAuth consumer key and secret in rootdebug dumps [Dirk]
 - Fixed deleting elements from Configuration arrays (bug #0001394, patch
   provided by dengen)
 - Avoid censoring in What's Related block (bug #0001393) [Tom, Dirk]

More information about the geeklog-cvs mailing list