Phorum 5 Changelog -------------------------------------------------------------------------------- Fri Aug 24 15:20:02 2012 +0200: Thomas Seifert * Correction phrase search in non-fulltext mode ( fixes #880 ) Fri Aug 24 15:08:24 2012 +0200: Thomas Seifert * Removed TYPE= create table options. Default table types should be used wherever possible. Fri Aug 24 14:59:19 2012 +0200: Thomas Seifert * # set version number to 5.2.19 Fri Aug 24 14:37:09 2012 +0200: Thomas Seifert * fixed possible XSS reported by High-Tech Bridge Security Research Lab Fri May 25 08:57:17 2012 +0200: Thomas Seifert * Fix moderator list retrieval Sun Mar 11 03:51:56 2012 -0700: Thomas Seifert * Merge pull request #882 from GroM/phorum_5_2 Performance improvements for moderator list (version for 5.2, by GroM) Thu Mar 8 15:04:14 2012 +0100: GroM * Performance fix for moderator list (exclude inactive) - DB Mon Dec 19 15:05:43 2011 +0100: Thomas Seifert * Merge branch 'phorum_5_2' of github.com:Phorum/Core into phorum_5_2 Mon Dec 19 15:01:21 2011 +0100: Thomas Seifert * # init array on messagetree delete Mon Dec 19 14:59:53 2011 +0100: Thomas Seifert * # fixed a fatal error in moderation actions when the message cache is enabled (thanks for the patch to Jurij Kovacic) Mon Dec 19 14:56:12 2011 +0100: Thomas Seifert * # fixed even logging logviewer Fri Oct 7 16:28:51 2011 -0500: Brian Moon * Merge branch 'phorum_5_2' of github.com:Phorum/Core into phorum_5_2 Fri Oct 7 16:28:33 2011 -0500: Brian Moon * don't include PATH_INFO in the current URL. Tue Oct 4 00:57:03 2011 +0200: Maurice Makaay * Fixes for XSS issues in admin interface URLs. Fri Sep 9 10:11:49 2011 -0500: Brian Moon * version bump for release Fri Sep 9 09:51:02 2011 -0500: Brian Moon * Fix for XSS vulnerability as reported by Paul Davis Fri Aug 26 13:09:10 2011 +0200: Thomas Seifert * # fixing doc generation issues and updated year Thu Aug 25 16:43:10 2011 +0200: Thomas Seifert * # set correct version number for git downloads Thu Aug 25 16:22:59 2011 +0200: Thomas Seifert * fixed XSS reported by Russ McRee @ holisticinfosec Sun Jul 31 12:46:18 2011 +0200: Maurice Makaay * Fixed a Safari prompt() issue for the editor tools. Wed Jul 13 07:03:51 2011 +0200: Thomas Seifert * # fixed possible warning in the file db functions when used in 3rd party code Fri Jul 8 15:15:16 2011 +0200: Thomas Seifert * fixing thread title in first merge thread screen (thanks to vrtisworks, fixes #868) Fri Jul 8 10:54:49 2011 +0200: Thomas Seifert * first part of "Make Ajax calls without enabled cookies work". Server-side work is done with this commit. Now only the JS-part in the phorum ajax lib is missing (related to #816) Fri Jul 8 10:38:16 2011 +0200: Thomas Seifert * # fixing undefined variables Fri Jul 8 10:22:10 2011 +0200: Thomas Seifert * fixed "multibyte chop corruption" (fixes #865, thanks to Phorum user glen!) Fri Jul 8 10:10:15 2011 +0200: Thomas Seifert * fixed "Follow mode is not kept when quoting" (fixes #869, thanks to mariusmuja) Tue Jul 5 12:17:27 2011 +0200: Thomas Seifert * getting rid of warning when uploading zero sized file in controlcenter. Thanks to hsn! (fixes #859). Tue Jul 5 12:12:50 2011 +0200: Thomas Seifert * fixing "invalid" sql. Thanks to hsn. (fixes #858) Tue Jul 5 11:58:27 2011 +0200: Thomas Seifert * unified the webserver check in console scripts and added shebang-line. Thanks to glen! (fixing #866) Tue Jul 5 11:42:59 2011 +0200: Thomas Seifert * fixing invalid message but upon splitting threads. Thanks to rfc! (Fixing #870) Tue Jul 5 11:38:55 2011 +0200: Thomas Seifert * fixing php warning when Phorum is set to Read-Only. Thanks to rfc! (fixes #871) Fri Jul 1 11:24:16 2011 +0200: Thomas Seifert * # checking for sapi instead of remote_addr as there are some systems where the ip address is set on cli too, depending on the environment Tue May 10 03:37:34 2011 +0000: brian * if the current running script has defined PHORUM_ADMIN, we don't need to check file access permissions Sun Apr 17 17:10:06 2011 +0000: mmakaay * MFT # Upgraded bgiframe jquery plugin to 2.1.2 to fix an MSIE9 issue. Tue Apr 12 10:23:04 2011 +0000: ts77 * better message cache invalidation on moderation actions. now using the correct forum_id for messages moderated in a different forum than the current one and invalidation just once for each forum. Fri Apr 8 15:29:42 2011 +0000: mmakaay * MFT: # skip over the editor tool buttons on the first tab run (usability fix) Thu Apr 7 23:46:17 2011 +0000: mmakaay * # Prevent undefined index warning in the newflags API. Tue Mar 29 20:29:23 2011 +0000: mmakaay * # Made it possible to add spam hurldes specific hooks to the templates, # for cases where the template author does not want to use the standard # hooks for some reason (tpl_* -> sh_*) Tue Mar 29 19:15:56 2011 +0000: mmakaay * # Do not edit code while watching a move ;-) Tue Mar 29 18:56:47 2011 +0000: mmakaay * # Fixed undefined index warning in the classic templates. Tue Mar 29 11:40:36 2011 +0000: mmakaay * # Applied the same kind of fix for one-group-user-searching as I did in trunk. Mon Mar 28 23:02:58 2011 +0000: mmakaay * # Smoothing out upgrade warnings. Mon Mar 28 21:06:40 2011 +0000: mmakaay * MFT: # Updated MySQL update to use the new ENGINE=... syntax Tue Mar 15 15:08:57 2011 +0000: ts77 * # performance enhancements in user admin pages by only retrieving a count of matching rows and not all matching user_ids anymore Sun Mar 13 22:22:30 2011 +0000: ts77 * # fix quoting again Sun Mar 13 10:10:47 2011 +0000: ts77 * added option to phorum_strip_body to skip stripping tags - and use that for the plain text quoting to avoid missing data in the quotes. Sat Mar 12 13:16:20 2011 +0000: ts77 * # really fixed now Sat Mar 12 13:06:45 2011 +0000: ts77 * # refix ;) Sat Mar 12 13:02:27 2011 +0000: ts77 * # fix for single group in phorum when searching for users Sun Feb 27 22:18:19 2011 +0000: mmakaay * # Removed stale comment. Tue Feb 8 05:05:47 2011 +0000: brian * Adding a new hook to allow for alternate methods of retrieving private messages. e.g. for doing a module that pages the results. Fri Feb 4 11:28:43 2011 +0000: ts77 * # moved the pm_before_editor hook some lines down to be able to modify the user dropdown list. Thu Feb 3 14:27:32 2011 +0000: mmakaay * # eol-style to native for svn # fixed some inconsitencies in line-endings (^M and \n mixed in one file) Mon Jan 24 06:43:45 2011 +0000: mmakaay * # Removed duplicate definition for phorum_page. Mon Jan 24 05:27:29 2011 +0000: mmakaay * Added Brazillian Portuguese translation for Spam Hurdles. Sat Jan 22 17:28:47 2011 +0000: ts77 * # precaution against a race condition when two messages are posted at the same second. Phorum 5 Changelog (Up to Version 5.2.16 - pre-GIT) -------------------------------------------------------------------------------- 2011-01-18 19:58 mmakaay * Upgraded the jQuery library from 1.4.2 to 1.4.4. Note: when using the Embed Images module with the FancyBox viewer, then this module must be upgraded to version 1.1.3 or higher to be compatible with the new jQuery library. 2010-11-29 17:08 ts77 * show the current controlcenter panel also in the breadcrumbs and the page title 2010-11-16 18:51 mmakaay * Load defaults.php file, so an unconfigured username restrictions module will not trigger PHP warnings because of undefined settings. 2010-11-16 11:58 mmakaay * Added an API function phorum_api_user_get_active_user(), which can be used to retrieve the data for the currently active (i.e. logged in) Phorum user. When no user is logged in, then the function will return NULL. 2010-11-12 07:43 mmakaay * When passing $return_threads = TRUE to phorum_db_search() while searching for messages posted by a given user ($match_type = USER_ID), the function will now only return the thread starter messages that were posted by the user that is being searched on. 2010-11-06 22:57 ts77 * added bbcode option to add nofollow only to external urls. 2010-11-02 10:17 ts77 * added new hook user_save_groups 2010-10-28 21:14 mmakaay * Added overflow: hidden to the generic div, so floated content inside these divs will be correctly wrapped by the div. 2010-10-28 21:08 mmakaay * The Phorum JavaScript library (jQuery + the Phorum javascript code) is now available from within the admin interface as well. Template specific javascript code and javascript code that is supplied by modules are not included in the package that is loaded by the admin interface (to prevent loading code that might be assuming to be run in the Phorum front end.) 2010-10-26 13:58 mmakaay * Added a hook "after_post_redirect" that can be used to tweak the redirect URL that is used for redirecting the user after posting a forum message. 2010-10-22 09:43 mmakaay * Implemented phorum_api_image_supported() and phorum_api_http_get_supported() which can be used to check if the hosting platform supports the respective Phorum API layers. 2010-10-22 08:18 mmakaay * MFT # backported API method phorum_api_http_get_supported() 2010-10-22 00:35 mmakaay * Changes in the BBcode callback handling, to provide callback handlers with the message that is being parsed. This way, the callback code can perform actions that need to be context-aware. Also, deprecated the use of dl() calls in the http_get and image APIs. This is done because of the following warning on the PHP site: "This function has been removed from some SAPI's in PHP 5.3" 2010-10-16 22:32 mmakaay * Modified placement of the #REPLY anchor in the templates (moved from the start of posting.tpl to the end of read.tpl). This takes care of letting the page jump down when the user click "Reply" and the "Sorry, only registered users may post in this forum" message is showing down there. 2010-10-15 21:20 mmakaay * Feeds were not disabled when disabling them from the admin interface settings. They were only hidden from the templates. Therefore calling the feed script to load feed data still worked. This bug is fixed by this release. When disabling the feed option, the feed.php script will block access to the feeds too now. 2010-10-15 16:09 mmakaay * MFT # Fixed to improve the Modified-Since handling. 2010-10-14 21:56 mmakaay * Fixed a problem with CSS and JavaScript caching not automatically refreshing. Because the the cache key was not MD5'ed, the cache key could grow too large for the memcached caching layer. 2010-10-11 23:44 mmakaay * Added a work-around for the Spam Hurdles ASCII art CAPTCHA in combination with browsers in which the monospace font was set to a proportional font. The font now is configured as Courier New and Courier, before falling back to the monospace option that is controlled by the browser. 2010-10-11 23:28 mmakaay * Release Spam Hurdles version 2.0.2 as the default version for both Phorum 5.2 and the Phorum development trunk. 2010-07-16 12:02 ts77 * added attachments as input to the send_email hook (thanks to Oliver Riesen) 2010-07-04 20:45 ts77 * invalidate message cache on approval, thanks to Markus Fischer (#961) 2010-07-04 20:07 ts77 * applied patches from Joe Curia for enhanced Edit User Panel 2010-06-30 14:18 ts77 * formatting and escaping announcements correctly now (closing a possible security issue), thanks to Patrick Kaiser 2010-06-30 14:00 ts77 * checking correctly for jpeg support in php 5.3 too, thanks to phorum user nedanko in #948 for the report. 2010-06-30 13:52 ts77 * New hooks: admin_forum_delete, posting_action_cancel_post, posting_action_edit_post, thanks to Markus Fischer (closing #949) 2010-06-30 13:43 ts77 * added new admin menu hook, thanks for the thorough implementation to Markus Fischer (#945) 2010-06-30 13:27 ts77 * User deletion - clearing recent message data, thanks to Markus Fischer (closing #946) 2010-06-30 13:24 ts77 * event_logging: hook to intercept $loginfo, thanks to Markus Fischer (closing #947) 2010-06-30 13:20 ts77 * Add "message" and "details" filter capability to mod event_logging, thanks to Markus Fischer (closing #942) 2010-06-30 13:15 ts77 * phorum_cache_put() verify fopen() call, thanks to Markus Fischer (closing #943) 2010-06-10 13:16 mmakaay * Added the jQuery library to 5.2 and the $PJ compatbility wrapper to prevent collissions with possible other js frameworks that might be using $ already. 2010-06-10 12:53 mmakaay * Fixing editor tools popups in a page that uses relative and/or absolute CSS positioning for layout. 2010-05-23 21:00 mmakaay * Fix for #952: Malformed javascript in form_objects.js.php 2010-05-20 09:46 ts77 * fixed timezone setting in forum settings panel. it got off with dst enabled (closing #950, thanks to Phorum user Skye for the notice) 2010-04-23 22:45 mmakaay * Added extra hooks in the phorum_output() code to provide extra and more fine grained control to modules that want to hook into the output phase. New hooks: output_templates, output_templates_, start_output_, after_header_, before_footer_, end_output_. 2010-04-19 15:20 ts77 * added two new template hooks: tpl_profile and tpl_cc_start in the relevant templates 2010-04-16 14:32 mmakaay * Added missing language strings to BBcode mod. 2010-04-01 21:52 mmakaay * Fixed some hook documentation issues. 2010-03-31 13:13 mmakaay * Bug fix: do not update the last_post_time of a forum in case a message is approved that was posted before the active last_post_time of that forum. 2010-03-26 12:55 ts77 * fixed pm_send_init hook, thanks to Charlie Brown (in #941) 2010-03-18 12:20 mmakaay * Fix for #938: client.js.php steps on javascript Phorum object The way in which existence of the Phorum object was checked was wrong because of some legacy code in the Ajax js lib. This change should fix the issue. 2010-03-17 12:50 ts77 * added original message to after_edit / before_edit hooks (fixing #803, thanks to Alexey Torkhov) 2010-03-17 12:23 ts77 * added message_id to the read hook (fixing #934, thanks to Markus Fischer) 2010-03-16 23:16 mmakaay * Fixed bug: when changing the password twice in a row from the control center, the second password change triggered the CSRF protection error ("Possible hack attempt detected. The posted form data was rejected.") 2010-03-16 22:51 mmakaay * Various fixes for (minor) security related issues. * Fixed the possibility of bypassing the email address validation checks and confirmation code via email for email address changes through the control center. Risk: the user could change his own email address to some fake address, because the email validation step was skipped. (thanks to Carlos Ghan for pointing out this issue) * XSS issue for the email address change panel in the control center fixed. The previous fix already prevents this, because the user can no longer inject a false email address with HTML code in it. The email settings panel prevents that. Still, we added an extra layer of XSS protection to the control center code. Risk: the XSS issue was only triggered for the user himself, within his own control center. The email address in the public user profile was already XSS-protected. (thanks to Carlos Ghan for pointing out this issue) * Fixed the possibility of bypassing the original password check when changing the password through the control center. Risk: this might be used by a malicious user to change the password for a user that is logged into Phorum on a computer that the malicious user has direct access to (e.g. a computer in a library or internet cafe, where the user forgot to logout). * Fixed an XSS issue in the personal file management panel in the control center. By uploading a file with a specially crafted filename, HTML code could be injected in the file management page. Risk: the XSS issue was only triggered for the user himself, within his own control center. 2010-02-26 18:48 ts77 * fixed warning on logout in rare cases (fixing #920, thanks to Markus Fischer, Regexp provided by Brian) 2010-02-26 17:20 ts77 * added setting define for number of search paging links shown (as requested in #932, thanks to Thomas Subera) 2010-02-22 15:57 ts77 * use the correct variable in controlcenter/summary.php to allow overriding for module developers. fixing #928, thanks to Azumandias 2010-02-22 15:52 ts77 * avoid trying to retrieve users with user_id 0 in read.php with some conditionals, saving on db calls, fixing #929, thanks to Markus Fischer 2010-02-16 19:22 brian * Fix for issue where fast running searches could report a database error 2010-02-16 16:01 ts77 * added force_{okmsg|error} to hook_info in control.php to allow overriding the messages without fully overriding the panel. Thanks to Phorum user Phil Connolly for the idea. 2010-02-12 15:36 ts77 * added json2.js json parser for decoding json (could be used for encoding too) as requested in #923 for added security and performance (Firefox 3.5 and IE8 should have a native JSON parser which is API compatible with this script and therefore automatically used), added phorum_textarea and phorum_subject manipulation javascript into core (see #914 for the reasoning, thanks to "mrboson") 2010-02-12 14:16 ts77 * backported phorum_api_url_no_uri_auth to allow easier generation of URLs without uri-authentication. (patch from Markus Fischer in #921) 2010-02-12 14:04 ts77 * added left/right bbcode tags and editor tools 2010-02-06 12:38 ts77 * fixing css caching which could lead to mixed up css-caches like including the css_print instead of the full one. (fixing #913) 2010-02-06 12:32 ts77 * adding new hook "admin_editforum_form_save_after_defaults" as proposed in #916, thanks to Markus Fischer. ATTENTION: not added in trunk (aka 5.3) as the whole handling has changed there. 2010-02-06 12:25 ts77 * added new hook "feed_sent" (fixing #917, thanks to Markus Fischer) 2010-02-06 12:17 ts77 * selecting only active users for subscription notifications (fixing #919, thanks to Markus Fischer for the patch) 2010-01-12 09:34 ts77 * update the forum status on editing if the sort order of the thread has been changed (fixing #911) 2009-12-27 11:25 ts77 * killing some warnings when calling moderation.php without arguments (fixing #905, thanks to Markus Fischer) 2009-12-09 14:05 ts77 * added additional "raw_data" flag to phorum_api_user_get for usage in saving to avoid storing html escaped versions of custom profile fields. Thanks to Joe Curia for the report. 2009-12-09 08:04 mmakaay * Fix for correctly blocking posts to closed topics, in case the reply message was started before the topic was closed. Thanks to Phorum user cactux for the problem report. 2009-12-04 21:10 mmakaay * Added a new hook "pm_before_editor" to the PM script, as requested by Phil Connolly. 2009-11-30 09:13 mmakaay * Required changes in templates for Spam Hurdles v2. 2009-11-30 01:41 mmakaay * Some new hooks and a template hook to make protecting the PM interface with Spam Hurdles (version 2) possible. 2009-11-20 08:52 mmakaay * Another try at fixing the vroot issue for root level RSS feeds. 2009-11-18 14:57 ts77 * fixed vroot feeds 2009-10-18 10:26 ts77 * fix profile url of the author in the unapproved message panel (template change, fixing #897) 2009-10-18 10:13 ts77 * suppress notices from connect calls, as it would break redirection to a down page and errors itself are handled later in the code (thanks to CBill for noticing that issue) 2009-10-17 11:02 ts77 * fixing unsubscribe handling while replying (fixed #884, thanks to Thomas Subera) 2009-10-17 10:52 ts77 * added two new admin hooks as provided by Markus Fischer in #895. ATTENTION: no support in 5.3 for these as the handling in newforum.php is totally different there! 2009-10-17 10:38 ts77 * rebuild search data only when "empty_search_table" is not set (fixing #883, thanks to Markus Fischer) 2009-10-17 10:30 ts77 * using the default template when creating new folders (patch from Markus Fischer in #886, thanks) 2009-10-16 22:22 ts77 * added ability to log user deletion to Event Logging through patch from Markus Fischer (fixing #893) 2009-10-16 22:11 ts77 * only accepting css templates as arguments for css.php and check for empty param (fixing #887) 2009-10-14 13:52 ts77 * turning TYPE=MyISAM into ENGINE=MyISAM to make Phorum compatible with more recent MySQL versions. This effectively makes Phorum incompatible with MySQL4 which is therefore stated in the install docs. 2009-09-29 22:39 mmakaay * MFT: # Fix for #891: version parsing problem in the modules API. 2009-09-29 20:00 mmakaay * Added a sanity check to see if the version of PHP is 5.0.0 or higher. When the version is lower, then a critical error is returned. Effectively, people that are running PHP4 won't be able to install Phorum anymore, unless they upgrade to PHP5. 2009-09-29 06:41 mmakaay * Moved the hard-coded max message length to a definition in constants.php. 2009-09-13 10:20 mmakaay * Fixed bug: the recently added anti-XSS code for the font size BBcode did not accept x-large and x-small as valid sizes. Thanks to Robert Angle for the heads up! 2009-08-25 22:59 ts77 * fixed last-modified header for css.php/javascript.php (closing #881, thanks to Markus Fischer) 2009-08-25 19:38 mmakaay * Make sure that the doomed "magic_quotes_runtime" setting is disabled in PHP. Otherwise, data that is retrieved from the database could be crippled by the magic quote handling. 2009-08-16 23:33 mmakaay * Added a "no longer bundled" list to the Modules API. Modules that are no longer included in the Phorum distro can be registered in this list. If Phorum finds an enabled module that is no longer bundled with Phorum and that has a version that is lower than the version as configured in the list, it will suggest the admin to upgrade the module to the separately distributed version. This feature was added for informing admins about the HTML module that recently was removed from the distro. 2009-08-16 23:31 mmakaay * Removed the HTML module from the core distribution. Administrators that want to enable HTML code in the forum messages will have to download the HTML module from now on. URL: http://www.phorum.org/phorum5/read.php?62,140066 2009-08-16 22:27 ts77 * moved css.php and javascript.php to use the phorum_cache instead of their own file-based approach (closing #878, thanks to Markus Fischer for the notice) 2009-08-16 15:38 ts77 * added okmsg for the general settings page, still with reload to reinit the settings (fixing #861, thanks to Markus Fischer) 2009-08-15 22:22 mmakaay * Fixed a bug in the bbcode tokenizer code that could lead to unexpected parsing results. 2009-08-15 16:50 ts77 * adding hooks for pm_delete, pm_delete_folder (fixing #871, thanks to Markus Fischer) 2009-08-15 16:33 ts77 * fixing some warnings in stress_test script (fixing #872,#873, thanks to Markus Fischer) 2009-08-15 16:27 ts77 * added name attribute to module settings links for better testability (fixing #875, thanks to Markus Fischer) 2009-08-01 11:03 mmakaay * Added a new event to the Event Logging module: User sends a private message. 2009-07-28 10:48 mmakaay * Fixed bug #865: Don't log errors if the silence operator @ is used. Thanks to Markus for both the bug report and the patch that fixes the issue. 2009-07-27 15:42 mmakaay * - Added a new logged event: User requests a new password. Thanks to CBiLL for the idea. This feature requires a new hook that is only available in Phorum 5.2.13 and up. - Modified the failed login event: if the username that was used is known to Phorum, then the user_id is set for the event. This way, failed login events can be filtered by the username as long as an existing username was used. Thanks to CBiLL for the idea. - Fixed a bug: with event logging programmatically suspended, not all hooks returned the correct data. This feature is not widely used (if at all), so there is no real user impact. 2009-07-27 14:24 mmakaay * Added a new hook (for logging purposes): password_reset. 2009-07-27 10:39 mmakaay * Fixed #864: the HTML feed always showed "(-1 replies)" at the end of the feed page. 2009-07-25 18:15 mmakaay * Fixed #866: fixed an accidental introduction of a trunk-only API call in the 5.2 tree, causing the message prune screen to fail. Thanks to Markus for notifying us about the problem. 2009-07-22 17:54 ts77 * fixed event logging download issue (fixing #862, thanks to Markus Fischer) 2009-07-22 17:44 mmakaay * Fixed #858: we now use a more forgiving match algorithm for determining the running MySQL server version. 2009-07-22 17:21 mmakaay * Fixed #863: Prevent a PHP NOTICE in when running a CLI script. Thanks to Markus for the problem report. 2009-07-22 11:58 ts77 * added code to have the admin stylesheet external with a hook to override the url (closing #860, though I don't see it as a final solution yet with its relative image urls). 2009-07-22 11:49 ts77 * add E_USER_ERROR to error reporting in admin (fixing #859, thanks to Markus Fischer) 2009-07-20 11:46 ts77 * Preliminary fix for XSS in size and color bbcode tags. Thanks to Paolo Pinto from SYSDREAM 2009-07-04 00:38 mmakaay * Work-around when there is no "&" in the php.ini arg_separator.input option. It that happens, then PHP won't correctly fill the $_GET array. E.g. "arg1=val1&arg2=val2" will end up as array('arg1' => 'val1&arg2=val2'). 2009-07-03 11:45 mmakaay * A fix for hosting providers that manage to provide a SCRIPT_URI that does not contain the actually requested HTTP_HOST, probably due to some mass virtual hosting rewrite rules. 2009-07-01 10:35 mmakaay * Fixed #853: A bbcode tag like [url=http://www.phorum.org ] (note the space in front of the "]" character) caused the bbcode formatting to trip. Thanks to Serdar for the bug report! 2009-07-01 09:05 mmakaay * The event logging module is now used for logging blocked form posts. Also, a bugfix was done on the iscramble code. In some cases, there were duplicate id's in use for the blocks that hold the scrambled js code, causing the js md5 signing feature to fail. 2009-06-30 14:49 mmakaay * Fixed the forum picker list for the advanced search page in a vroot environment. Before this change, the list of searchable forums was empty. 2009-06-09 06:22 brian * Added hook to allow overriding of the maximum upload file size. 2009-05-29 17:29 mmakaay * Fixed a permission checking issue for the file.php script. Read access for the forum in which the file is stored was not correctly checked. Thanks to Phorum user "FF" for finding the bug. 2009-05-18 23:54 mmakaay * Logs can now be downloaded from the even viewer settings page (thanks toe Joe Curia for providing the page). Logs are now automatically cleaned up when the total number of logs exceeds the configured maximum. This is done by mean of a garbage collector that is run in 5% of the page requests. 2009-05-15 12:21 mmakaay * Implemented a check to see if an unsafe attachment is downloaded in MSIE6-. If this is the case, then anti-caching headers are sent. This is done, because a quirck in MSIE6 (and maybe lower) could interpret a file from cache, even if we send headers to specifically force a download. 2009-05-15 10:02 mmakaay * Updated the MIME sniffing code (for checking if a browser might see a certain file as HTML code) to be more specific. This is done to minimize the number of false positives that we see. For example "]" to make it match either "" or " tag was not having newlines trimmed after it 2008-11-23 23:22 brian * Fix for #808, rebuild script not rebuilding all the threads 2008-11-23 19:04 brian * Fixes for ticket #791, phorum 3 upgrade issues with character set 2008-11-23 15:55 brian * Fix for ticket #766, Group moderation bug 2008-11-19 15:05 mmakaay * Improved the JSON handling using the PEAR library on systems that do not implement json_encode() and/or json_decode(). Thanks to Phorum user "rasta" for the coding idea. 2008-11-13 09:05 mmakaay * Reverted [3700]: allow_email_notify is a per-forum setting and not a global settin. Therefore, the control center should not hide the "follow+mail" option if email_notify is not enabled when loading the control center page. 2008-11-13 08:59 mmakaay * Hide the "follow + email" option from default follow mode configuration in the user control center when email notifications are disabled by the admin. 2008-11-12 19:26 mmakaay * Removed content-type header from the smileys javascript code. It is no longer needed now the javascript is incorporated from javascript.php. 2008-11-12 16:35 mmakaay * Suppress possible warnings from a file_exists() call in the Spam Hurdles module. 2008-11-07 12:39 ts77 * ignore some more settings on inheritance (fixing #809, thanks to _noe_ ) ... 2008-11-07 12:29 ts77 * fixed db-upgrade scripts for replicated setups (fixing #813, thanks to Mathias) 2008-11-07 12:23 ts77 * added masterquery-flags to event-logging module (fixing #814, thanks to Mathias for reporting and providing a patch) 2008-11-07 12:03 ts77 * removed the message about the closed thread in the read page in case "reply on separate page" and added an error message in the posting form instead of just redirecting (closing #817) 2008-11-07 00:54 mmakaay * Obfuscate mail addresses that are displayed by the bbcode module. 2008-11-06 21:50 mmakaay * Fixed the fallback-to-pear-json option in the JSON API code. 2008-11-03 05:50 brian * Fix for #805 2008-10-31 19:33 mmakaay * Fixed the PHP json extension detection code in case the json API code was loaded from within a function. The fallback PEAR JSON library would not be triggered if the json extension was missing in the PHP setup. 2008-10-26 16:08 brian * Added ability to add a user from the admin. Thanks to Azumandias for the initial patch 2008-10-14 07:40 mmakaay * Fixed a problem in the phorum_api_file_store() function call, which could cause storing a file with a message or user to fail. This had no effect on the existing core Phorum code by sheer luck, but when using the API call, things might go wrong, depending on the order in which the file info fields were stored in the $file argument. 2008-10-13 07:24 mmakaay * Fixed a problem in the BBcode module, which could cause the "Activation of bbcode tags" section of the module's settings screen to be empty. 2008-10-06 10:13 ts77 * removed "SET CHARACTER SET" query to solve some mysteries in charset support (thanks to Chris who brought this up http://www.phorum.org/phorum5/read.php?61,132926,132926 ) 2008-10-06 10:03 mmakaay * Fixed #806: possible XSS leak plugged. This was reported as a security vulnerability, however we were never able to produce anything more than broken HTML code. Since broken HTML code is not good and because we are rather safe than sorry, this fix was implemented. 2008-10-04 08:55 mmakaay * Fixed "AND" based queries for phorum_api_user_search_custom_profile_field(). Thanks to Phorum user jjarvis98 for noticing the bug and to Azumandias for providing the fix. 2008-09-21 10:10 ts77 * transferring template-arg through the urls (fixing #792), doesn't work with search - essentially breaks search and needs checking therefore 2008-09-21 09:56 ts77 * give a message about this being a moderated forum before redirecting after posting (fixing #775) 2008-09-02 12:13 mmakaay * Fixed the new release detection code. In the admin interface, new releases were not detected by the "Check For New Version" function. 2008-09-01 09:55 mmakaay * Fixed #797: Undefined offset: 0 in api.php in case the message started with a stale BBcode close tag. Thanks to Alexey Torkhov for the problem report. 2008-09-01 09:37 mmakaay * Fixed #796: Undefined index "mod_bbcode_tags" in BBcode module. Thanks to Alexey Torkhov for the heads up. 2008-09-01 07:41 mmakaay * Fixed the classic index style (directory browsing mode) for the classic 0.4 template. It did not yet reflect a change in the datastructures that we use for the index page in Phorum 5.2, causing folders to not show up in that view. 2008-09-01 06:33 mmakaay * Fix for #795: BBcode module needs to explicitly include api.php to define the constants that are used in the settings page. Thanks to Alexey Torkhov for the heads up. 2008-08-27 12:57 ts77 * building the list of forums to move a thread to in the same way as the list of forums in the search form (fixing #729, thx to Oliver Riesen) 2008-08-27 10:09 mmakaay * Fixed #784: missing terminating ] for character class in http_get.php. 2008-08-23 18:31 mmakaay * Fixed #776: phorum_api_user_save() sets the password to "*NO PASSWORD SET*" when calling the function twice (first time to create a user, second time to update, both calls without using a password in the user data). Thanks to Alexey Torkhov for finding and reporting the issue. 2008-08-22 22:55 mmakaay * Fixed #787: BBcode module: end of message end tags for some bbcode tags were not processed correctly. The tag and the text that came before the tag were duplicated at the end of the rendered message. 2008-08-22 21:21 mmakaay * Added "@" as a safe character for the quoted printable encoding requirement check. Otherwise, every mail address will be quoted printable encoded, even if there are no special characters in it. 2008-08-04 17:57 mmakaay * Phorum3 script updated for the new phorum_db_file_save() call in Phorum 5.2. Thanks to Simon King who posted the patch in our support forums. 2008-07-22 07:23 mmakaay * Suppress output from the memcache cache layer for cases where connecting to the memcached server fails. This prevents memcached problems from breaking the page ("headers already sent".) Additionally, the inline documentation was updated. 2008-07-18 13:28 mmakaay * Fixed #772: possible corruption of serialized custom field data (reported by Jonhoo). 2008-07-15 18:11 brian * Fix for #731. Strip DESCRIPTION for search page 2008-07-04 16:48 ts77 * use display_name for reporter as suggested by Oliver Riesen (fixing #761) 2008-07-04 15:49 ts77 * same date formatting in read templates as suggested by Oliver Riesen (#749) 2008-07-02 18:39 mmakaay * Fixed an incompatibility between file downloads with the "only from this forum" restriction, in combination with URI authentication. Before this fix, access for downloading the image would be denied, even though the file was downloaded directly from the forum. # Also a typo-fix-of-the-day change (learned that it is "existent" :-). 2008-07-01 14:30 mmakaay * Fixed a compatibility problem between the new BBcode module and PHP versions prior to 5.1.0. The PHP function htmlspecialchars_decode() is not available for those versions of PHP. Thanks to Adam for noticing the problem and for providing a work-around! 2008-06-25 21:14 ts77 * fixed undefined index in event_logger module (#748, reported by Oliver Riesen) 2008-06-25 21:07 ts77 * stripped quotes from plain-text forum description as suggested by Oliver Riesen (#743) 2008-06-25 20:53 ts77 * added line-height for thread options as suggested by Oliver Riesen (#730) 2008-06-25 20:20 ts77 * made users tz_offset a float value for non-integer timezones 2008-06-17 11:19 mmakaay * The "Force hiding of email addresses" option is now only applicable to regular forum users. Administrators and moderators can always see the email addresses of the users. For moderators, this can be restricted by setting the PHORUM_MOD_EMAIL_VIEW constant to false in include/constants.php. Some more fine grained control for email address displaying will be added to Phorum 5.3. 2008-06-16 10:15 ts77 * quote anonymous authors with their name (fixing #744) 2008-06-16 09:59 ts77 * sort strictly by datestamp to get the recent_post (fixing #755) 2008-06-16 09:32 ts77 * added user's posts to edit screen (readonly), fixing #759 2008-06-16 09:06 mmakaay * Another fix for #765: UTF-8 byte order markers at the start of template files are now stripped by include/templates.php. 2008-06-16 08:20 mmakaay * Fix for #765: catch the output of include files (include/db/config.php, include/lang/* and templates/*/settings.tpl) to prevent extra output like UTF-8 byte order markers from breaking the pages. 2008-06-13 18:28 ts77 * case insensitive search for block tags in html module (fixing #760) 2008-06-05 00:21 mmakaay * Implemented some improvements for the Editor Tools module as suggested by David King (phorum.org user "Optimal") and Oliver Riesen. The behavior when adding tags using the buttons is now much better. The textarea won't scroll up anymore if it is scrolled downwards a bit and the text that was selected previously to adding the tag will be reselected after adding the tag. 2008-06-03 09:41 mmakaay * Fixed a bug in handling stale close tags that directly follow another open or close tag. Thanks to CBiLL for the problem report. The related error message was: Unsupported operand types in [..]/bbcode/api.php 2008-06-02 08:09 mmakaay * Fix for #762: moved pm_sent hook to always trigger the hook after a sent PM. Before, it would not trigger if the PM mail notification was disabled. 2008-05-27 20:34 mmakaay * Improved handling of stale close tags in the text and fixed a PHP undefined index warning along with it. Thanks to CBiLL for the problem report. 2008-05-25 22:58 mmakaay * MFT: # Undefined indexes fixed. 2008-05-25 11:57 mmakaay * Added the conference 2008 rewrite release of the BBcode module to the tree. 2008-05-25 09:35 mmakaay * Added javascript_filter hook (for things like javascript compression). Added a refresh=1 parameter for javascript.php to let it ignore the cache. 2008-05-19 15:51 mmakaay * The javascript.php script automatically loads the Ajax client code, so modules can be sure that they can make use of it and don't have to load it specifically. Templates can now contain a "javascript.tpl", which is loaded in by the javascript.php code automatically. This corresponds to the way that the CSS code works (where you can create a "css.tpl"). 2008-05-13 03:51 ataylor * Added File Path block 2008-05-08 15:00 mmakaay * Added a new API layer for handling JSON data (final goal: Ajax layer) 2008-05-08 14:56 mmakaay * Added a new API layer for newflags handling. 2008-05-03 13:53 mmakaay * Backported the phorum_switch_template() function from trunk to 5.2. This new function makes it possible to switch the active Phorum template to a template that is stored in any directory. This is for example useful if a module includes a full Phorum template, where the template is packaged with the module code. With this new function, the Phorum can activate the module's template without the need for the admin to copy the template to the main templates directory. 2008-04-29 16:41 mmakaay * Fixed #740: Mark read in folder (classic index) goes back to root (thanks Oliver!) 2008-04-29 16:03 mmakaay * Fixed #754: Display name filter was not included in pagination (thanks Oliver!) 2008-04-29 16:01 mmakaay * Fixed #738: problems with German help file for smileys module (thanks Oliver!) 2008-04-29 15:54 mmakaay * Fixed #757: Fixed typo in hook call for "posting_permissions" (thanks Alexey) 2008-04-17 15:24 ts77 * use the correct default language for announcement conversion (fixing #734) 2008-04-03 08:42 mmakaay * Fixed #735: Added missing backslash in JavaScript code (thanks to Oliver Riesen) 2008-03-23 00:24 mmakaay * Fixed spam flagging by SpamAssassin for rule SUBJECT_NEEDS_ENCODING. This prevents spam flagging of mail in case the admin uses a name that contains special characters in the "System Emails From Name" field. Encoding was implemented using the Quoted-Printable description from RFC 2045. 2008-03-21 11:25 mmakaay * Fixed spam flagging by SpamAssassin for rule FROM_BLANK_NAME (From: contains empty name). This prevents spam flagging of mail in case the admin did not fill in the "System Emails From Name" field. This resulted in a header like: From: "" 2008-03-21 11:16 mmakaay * Fixed spam flagging by SpamAssassin for rule MSGID_FROM_MTA_HEADER (Message-Id was added by a relay). This prevents spam flagging of mail messages that are not sent for new message notification (for those we already generated a Message-Id header). 2008-03-19 19:24 ts77 * clear html-description for profile page (fixing #723) 2008-03-10 15:33 mmakaay * Fix for #712: Quote tag removes newline after first line. Thanks to Alexey Torkhov for the bug report. 2008-03-10 08:52 mmakaay * Fixed #717: User data doesn't get reloaded after profile edit. Thanks to Alexey Torkhov for the bug report. 2008-03-09 19:14 mmakaay * Fix for #716: Typo in the forums API code. 2008-03-08 20:18 mmakaay * Fix for #715: Warning spamhurdles/settings.php:106: "Undefined variable: warn" 2008-03-08 20:15 mmakaay * Fix for #714: SQL error "Column 'user_id' in where clause is ambiguous" in the Event Logging module, when filtering by user_id. 2008-03-04 11:45 mmakaay * Fix for #709": PHP warning for undefined index "thread" in event logging module (thanks to Alexey Torkhov) 2008-03-03 21:35 mmakaay * Fix for #708: Dates in the admin interface were not shown in a consistent way, because sometimes hard-coded date formats were used. 2008-03-03 03:50 mmakaay * Fix for #650: Make [url=mailto:...]...[/url] work in the bbcode module 2008-03-03 03:37 mmakaay * Fix for #704: phorum_relative_date() doesn't honor the timezone settings 2008-03-03 01:25 mmakaay * The Image API thumbnail code now generates JPEG thumbnails instead of PNG. JPEG allows for better compression, resulting in smaller images. When using PNG, the thumbnails are sometimes bigger in filesize than the original images. 2008-03-03 00:46 mmakaay * New hooks for the private message system: buddy_list, pm_list, pm_read. 2008-03-02 19:26 mmakaay * Fixed #706: Editor Tools module doesn't use constants for default icon size. Thanks to Alexey Torkhov for the bug report. 2008-03-02 19:20 mmakaay * Automatic processing of bare URLs and email addresses is made optional through two new BBcode module settings (ticket #696, thanks for the suggestion Alexey Torkhov). 2008-03-02 17:29 mmakaay * Fixed #690: Harmless warnings from file cache layer should now be suppressed. 2008-02-29 14:35 mmakaay * Fixed a bug in the username restrictions module. It was not possible to set a minimum length in combination with no maximum length. The maximum length was set to the minimum length in this case. Thanks to Lammi41 for the bug report and the patch. 2008-02-28 14:30 mmakaay * Implemented a hook call "page_" that can be used to run a "common" hook for specific pages only (e.g. "page_index", "page_pm", etc.) 2008-02-25 12:16 ts77 * fixed double escaping of the excerpt in search results 2008-02-24 19:18 ts77 * applied change from [2827] to atom feed and fixing double escaping of subject (fixing #686, thanks to Alexey Torkhov) 2008-02-19 11:57 mmakaay * Fixed #692: the control center and private message pages no longer show the forum descriptions (thanks to James Revillini for the bug report). Additionally, the heading for the private messages pages was set to a better value. 2008-02-19 08:53 mmakaay * Added a comments field to the banlist items, based on a patch that was provided by James Revillini. Thanks James! 2008-02-18 13:06 ts77 * added options for port and socket to database configuration and the appropriate layers and documentation (#683, thanks to Alexey Torkhov) 2008-02-18 11:46 ts77 * fixed layout for pm_list_incoming.tpl, (#699, thanks to Alexey Torkhov) 2008-02-17 14:04 ts77 * added page argument to print view link so that it shows the page you are at in print view (fixing #695, thanks to Alexey Torkhov) 2008-02-16 17:07 ts77 * only allow template selection through url if not set to fixed view (fixing #693, thanks to Alexey Torkhov) 2008-02-16 16:50 ts77 * added format_fixup hook to announcements module too (fixing #694, thanks to Alexey Torkhov) 2008-02-11 22:23 mmakaay * Added a fix for making the database install code work for the Spam Hurdles module work in MySQL strict mode. Thanks to phorum.org user "shaneshack" for finding and reporting the problem! 2008-02-09 23:28 mmakaay * Fixed #688: Changed {URL->MARKREAD} to {URL->MARK_READ} in the classic template (thanks to Alexey Torkov). 2008-02-06 01:18 mmakaay * Fixed the subject bad word censoring checks. The checks were run, but the outcome was stored in the wrong variable. 2008-02-05 19:37 mmakaay * Fix for the database layer to correctly process MySQL error code 1582, which was temporarily implemented in the MySQL server (versions 5.1.15 up to 5.1.20). This error code has been reverted to the original error code 1062 in the fix for MySQL bug report #28842. Unfortunately we have to add this work around to Phorum for this now. References: - http://dev.mysql.com/doc/refman/5.1/en/news-5-1-20.html - http://bugs.mysql.com/bug.php?id=28842 2008-01-25 17:37 brian * Added the direct link to the message for each message in flat and hybrid view for easy copy and paste. 2008-01-18 12:31 mmakaay * Fix for #675: Wrong variable use for "place it in ...." text. 2008-01-18 12:28 mmakaay * Fix for #675: "Post" and "SaveChanges" not recognized by language admin tool. 2008-01-18 12:11 mmakaay * Change "onchange" event for "Follow topic" checkbox to "onclick" to work around a problem with MSIE7 not visibly acting on checkbox changes (event bubbling seems to be halted for "onchange" in MSIE7, thanks MS!) 2008-01-18 11:20 mmakaay * Fixed a bug that was reported by charliemc86: enabling the option "Ignore Admin for moderator-emails" had no effect. Administrators would still get moderation email messages. Thanks Charlie! 2008-01-07 21:28 ts77 * MFH: fixed possible sql-injection in non-fulltext search (not enabled by default) 2007-12-30 11:07 ts77 * made breadcrumbs urls default to index-url instead of list and added option for rebuilding forum-paths to the admin (thanks to Berti) 2007-12-24 13:26 mmakaay * Fix for #640: Suppress some more possible error messages from file cache layer. 2007-12-24 11:21 mmakaay * Fix for #634: Descriptions in the header were HTML stripped, but that is only needed for the meta description. A new template variable {HTML_DESCRIPTION} was introduced, which contains the unstripped version of the description. 2007-12-24 10:43 ts77 * adding parameter to avoid populating the search table (e.g. in case an alternate backend is used), thanks jefft, closing #667 2007-12-24 10:31 mmakaay * Fix for #649: An empty feed is now provided if no forums are readable. # In 5.2, an empty valid feed was already provided if there were no messages # in a forum, but an empty document was returned if no forums were readable. # Since the recent messages code does handle permission checking, we can # safely remove the read permission checks from the start of the feed.php code. 2007-12-24 09:55 mmakaay * Fixed #669: Strip illegal ASCII control characters from XML feed. 2007-12-15 17:39 ts77 * breadcrumbs in template are now generated from the forum-path stored and not hacked together 2007-12-15 16:24 ts77 * fixed classic-template search 2007-12-14 11:01 mmakaay * Implemented a template define {DEFINE tidy_template }. This variable determines whether tidying has to be done on the compiled template code. The can be one of: 0 - Apply no compression at all. 1 - Remove leading and trailing white space and fully delete empty lines. 2 - Additionally, remove some extra unneeded white space and HTML comments. # This option is implemented as a template setting and not as a global # configuration setting, to prevent broken templates if for some reason # the tidying process cripples the template code. This way, the settings # can be different per template. 2007-12-12 23:14 mmakaay * Added an option "Disable automatic displaying of the announcements?" to the announcement module. With that option enabled, the admin can determine for himself at what exact spot in the templates the announcements are visible by adding the {MOD_ANNOUNCEMENTS} template code to them. 2007-12-11 19:08 ts77 * fixed attachments in read_threads.tpl (fixing #663, thx to stevehealy) 2007-12-08 13:57 mmakaay * MFT: # Some small fixes for correctly falling back to the default template. 2007-12-06 11:12 ts77 * added charset definition to create-table statements and connections 2007-11-30 00:08 mmakaay * MFH # Documentation navigation for phorum.org online documentation. 2007-11-25 17:46 mmakaay * MFT: # Make floating objects in a quote work correctly. Also only style the MFT: # direct child of a bbcode quote div, so divs within quote aren't mangled. 2007-11-17 11:54 ts77 * localized smileys-help button (fixing #655, thx Regdos) 2007-11-02 16:28 mmakaay * Fixed css code. 2007-11-02 12:36 mmakaay * Modules can now register for adding additional CSS code to the base Phorum CSS code using the module system. This way, we can prevent the need to either add additional s for CSS to the pages (more file downloads per page) or add additional CSS code to the section of the pages (more data to download per page). The resulting CSS code is cached and the last modified functionality is used to not let browsers download the CSS code if nothing changed. 2007-10-29 04:35 brian * fixed mod_tidy to not step on pre and xmp tags 2007-10-28 22:30 mmakaay * Implemented multiple RSS links in the page headers, to provide RSS links for both feeds containing topics and feeds containing topics + replies. 2007-10-22 17:02 mmakaay * Added Turkish language file. 2007-10-19 17:13 ts77 * added first shot of a master/slave layer (experimental) 2007-10-11 21:48 mmakaay * Speed improvements for phorum_db_get_recent_messages(). 2007-10-08 15:15 mmakaay * Added a new forum option "Count views per thread for non-threaded list views". This feature can be used to keep track of a global view counter for each thread. If enabled, the flat message list view will show that global thread view counter instead of the view counter for the first message of the thread. Note that this requires an extra database update for each view, so you might now want to enable this on very busy forums. 2007-09-25 23:27 mmakaay * Improved handling of followed threads in case email notification is disallowed for a forum. 2007-09-25 21:00 mmakaay * Reduce redir time. 2007-09-25 20:51 mmakaay * Fixes. 2007-09-20 14:07 mmakaay * Fixes #640: @ in front of rmdir/unlink to prevent warnings on race conditions. 2007-09-15 23:39 mmakaay * Fixed a local file inclusion security hole as reported by kernelnewbies.org. Also went over the full code and added strict inclusion prevention code for all include statements. 2007-09-13 09:15 mmakaay * Partly fixed #625: "Undefined offset: 1" warnings should no longer occur now. 2007-09-12 07:40 mmakaay * Fixed #626: undefined index warning in versioncheck.php 2007-09-10 23:49 brian * Working solution for faster new indicators and counts on index. Includes new moved field in messages table instead of old methods for marking move notices. 2007-09-08 12:48 mmakaay * Fix for #602 : make displaying of newflags conditional 2007-09-03 14:29 mmakaay * Implemented a new hook "cc_panel", which can be used to build extra cc panels from a module, without having to copy script files into the Phorum tree. This one goes along nicely with the tpl_cc_menu_options_hook and tpl_cc_menu_moderator_hook hooks. 2007-08-23 09:01 mmakaay * Fixed #618: recovering password didn't work: used a deprecated function call 2007-08-18 12:31 ts77 * removed meta-description in search-pages (#616) 2007-08-18 12:28 ts77 * fixing phorum_check_read_common for global handling of OKMSG (#613) 2007-08-18 12:24 ts77 * fixed the bbcode feature-names so that they can be really enabled (#614) 2007-08-17 12:36 mmakaay * Implemented new CAPTCHA type: reCAPTCHA (http://www.recaptcha.net/). # Checking of the captcha answer is now done from the captcha objects # (new method check_answer()). Before, we had a generic piece of code # in the spamhurdles.php module script. This is done to be able to # implement the non-standard answer check that is needed for reCAPTCHA. 2007-08-10 04:02 brian * fixed notice about $_POST["username"] 2007-08-09 07:00 mmakaay * Fixed problem with losing the forum_id when searching. 2007-08-05 04:49 brian * Added new option for a new message indicator on index page. Its much faster than new counts 2007-08-04 18:37 brian * New hook after_message_save 2007-07-26 18:07 ts77 * take "Allow Template Selection" into account while choosing the template to use (fixing #603) 2007-07-21 21:08 brian * Fixed IE issue in ticket #594 2007-07-21 21:03 brian * Fix for ticket #591 2007-07-21 20:58 brian * Fix for ticket #597 2007-07-21 20:50 brian * adding start of lightweight template 2007-07-21 20:49 brian * adding start of lightweight template 2007-07-16 11:16 ts77 * moved to swiftmailer for mail-sending by SMTP also through SSL/TLS. Requirement is PHP5 now. 2007-07-16 11:10 mmakaay * Allow for email notification enabled as default install option. 2007-07-13 20:46 ts77 * added option to mark-thread-read from list (through patch from Mathias in #579) 2007-07-10 17:44 mmakaay * Fix for #583: pointy brackets were accidentally added twice in the msgid header 2007-07-10 02:02 brian * New, faster phorum_get_url function and URL fixes 2007-07-09 23:51 brian * fixed sorting threads with missing nodes 2007-07-07 20:38 mmakaay * Fix for #580: $PHORUM['SETTINGS'] is filled but (almost) not used in the core. We removed references to $PHORUM['SETTINGS'] and do not fill it anymore from the database layer. 2007-07-07 19:33 ts77 * added asking for original password on changing password in controlcenter (by patch from Edward Z. Yang in #576) 2007-07-07 16:37 brian * Added announcement conversion script for 5.2 2007-07-06 22:22 mmakaay * Improved switching between user selected templates. The new template is now displayed immediately. Also fixed a bug with handling of user templates that are set to no longer existaning templates (Phorum would fall back to the default template, but things like images and other items depending on the template name would point to the user template name). 2007-07-06 10:59 mmakaay * Made a large sweep through the code to add a charset to all appropriate htmlspecialchars() calls in the code. They now all make use of a new language file variable $PHORUM['DATA']['HCHARSET']. This one can be set different from the CHARSET, to prevent spawning of PHP warnings, because of unsupported character sets. If HCHARSET is empty, then Phorum will automatically use the standard CHARSET for htmlspecialchars(). 2007-07-03 09:13 ts77 * only invalidate newflag cache if there were really new read messages (fixing #578, reported and patch by Mathias) 2007-07-01 12:08 mmakaay * Fixed phorum.org link in the doc navigation. 2007-06-30 20:41 mmakaay * Fixed #572, reported by Edward Z. Yang. 2007-06-30 20:30 mmakaay * Fixed #572, reported by Edward Z. Yang. 2007-06-30 20:25 mmakaay * Fixed #571 (bug for cache sanity check on win2000), reported by Edward Z. Yang. 2007-06-30 20:09 mmakaay * Fixed #564 (reported by Edward Z. Yang) and a couple of other similar bugs. 2007-06-20 21:27 ts77 * adapting email-notify defaults to new posting form 2007-06-14 22:23 mmakaay * In the admin general settings, there's a new option "Put file name in pathinfo for file download URLs". If this option is enabled (disabled by default), then pathinfo will be added to file download URLs, to trick browser into using the correct filename when downloading Phorum files through file.php (normally, "Save as ..." would result in the default save file name "file.php"). Note: this feature requires a webserver which understands pathinfo in the URLs. Most webservers do as far as I know. 2007-06-08 06:40 brian * Modules can be enabled at install time now 2007-06-08 05:38 brian * Added end_output hook, documented start_output and end_output and added mod_tidy that uses those hooks 2007-06-07 13:53 ts77 * added global option to hide email-addresses (#559) 2007-06-04 23:06 mmakaay * No longer in use. 2007-05-28 13:06 mmakaay * Fix for #558: on posting and editing messages, the form now contains a "Follow thread" checkbox. If that box is checked, then a related checkbox is shown for "Email me about replies to this topic". This way, the user has full control on how to follow thread at post time and follow options do no longer get lost sometimes when editing messages. 2007-05-27 09:54 mmakaay * PM user not found message is now fixed correctly. 2007-05-27 09:16 mmakaay * Fixed a XSS bug in the user moderation script. 2007-05-26 20:25 brian * Moved all template output to common function for control. Added new start_output hook 2007-05-26 19:39 brian * must shorten author part of key for UTF8 users 2007-05-26 18:47 brian * Added shutdown function for future use and a shutdown hook 2007-05-24 19:23 mmakaay * Oops... INTs should have had a zero default, 2007-05-21 16:55 ts77 * added a new sanity check for module filenames. fixing #416 2007-05-15 21:36 mmakaay * Made the phorum_hook calls conditional, which should speed up execution time for system that do not use the hooks. Here's a quick benchmark between 1000 conditional and unconditional calls: conditional: 0.0022 sec, unconditional: 0.1079 sec. This probably won't cause a drastic speed improvement, but it's an easy way to speed up execution time for hooks that are not in use by any module. 2007-05-14 09:43 mmakaay * Cleaned up the timing code from the thread sorting code. 2007-05-08 21:50 ts77 * added hook for modifying default search settings 2007-05-08 00:36 mmakaay * First version of a Phorum C extension for speeding up tasks by means of pure C-code. The extension should never be mandatory. It should only provide fast and light weight alternatives for the pure PHP-code solutions. # The first function that is targeted by this module is # tree sorting. This isn't fully finished yet, but the basic # sorting algorithm is working by reordering a message array # in place. 2007-05-05 11:27 mmakaay * Added the "Show in user admin" option to the custom profile field admin screen and wrote some additional help for that screen. 2007-05-05 10:55 mmakaay * Moved real_name from a custom profile field to a real user table field. # Note: we have to be aware of XSS issues with this one, because it was an # auto-escaped profile field. But I think I found all (core) occurrances # in which this might be an issue. 2007-05-04 22:36 mmakaay * Created a custom profile field API. Updated the admin custom profile fields script to make use of this API. Also implemented a new way of deleting custom fields. If an admin accidentally deleted a field, then he can create a new field with the same name, which will give him the choice of restoring the deleted field or creating a fully new field. The rest of Phorum has to be investigated to see where the new delete system has impact (a couple of changes are probably needed). 2007-05-04 17:22 brian * Fixed bug #547 2007-05-02 15:22 mmakaay * Announcements module is in Phorum trunk 2007-05-02 11:37 mmakaay * Fixed search bug: when selecting specific forums to search: Fatal error: [] operator not supported for strings in search.php on line 61. 2007-05-01 13:18 mmakaay * Moved the new database layer code to be the primary database layer. The mysql.php layer now automatically detects the mysql PHP extension to use. The config.php can be used to override the automatic detection mechanism. 2007-05-01 01:59 mmakaay * Ported the new search code over to the new db layer and fixed a couple of bugs in the code. 2007-04-30 19:05 mmakaay * Created a file storage layer API, which handles storing files (personal files for users and attachments for messages). This layer should make it very easy to implement different file storage systems by means of a module. This layer is still work in progress. There are probably a few more file related functions that can go in this file storage API. I also started on an idea for providing a real Phorum API, by moving generic code from the front end scripts to API libraries. The goal that I have in mind for this is to make it possible to add additional API's (like Ajax and SOAP) to Phorum, without having to write API code that copies loads and loads of the core code from the front end scripts. A structured and documented API for Phorum should also provide better and stable support for module writers. The API code can be found in include/api/*. 2007-04-27 23:28 ts77 * added banlist-caching 2007-04-27 01:58 ts77 * added minimum required version for modules (closing #521) 2007-04-27 00:53 brian * Added edit tracking and ability to show changes to a message over time 2007-04-26 21:45 ts77 * added changes for printview closing #153 2007-04-26 15:45 mmakaay * A stress test script, which can be used to add lots of users and messages to the database for mass testing. This is a developer tool only. 2007-04-26 07:13 brian * Rewrote search engine. Added forum selection, ability to search for authors and keywords in one search and showing results as threads or messages 2007-04-25 22:18 ts77 * added possibility to delete multiple/all messages at once in the unapproved messages panel 2007-04-25 07:28 brian * Fixing #540 2007-04-25 07:00 ts77 * added building the forum-path in the admin ("fixing" #213) 2007-04-25 05:40 brian * Fixed #412 2007-04-25 05:35 brian * Fully implemented read only mode 2007-04-25 00:17 brian * Added required cookie mode 2007-04-24 22:33 brian * Fixed feed.php issues in ticket #422 2007-04-24 21:23 brian * Added connection handle to mysql_error. Ticket #542 2007-04-15 11:11 mmakaay * Implemented a new hook: failed_login. This hook can be used for tracking failed login attempts. 2007-04-13 11:18 mmakaay * Fix for #500: Get rid of die() statements, in favor of trigger_error(). 2007-04-13 10:40 mmakaay * Fix for #531: PM preview did not show message formatting. 2007-04-11 15:08 mmakaay * Allow for a button container in the template with id=editor-tools 2007-04-11 09:41 ts77 * "MFB: # initializing maildata-arr" 2007-04-10 20:44 mmakaay * Fixed the phorum_db_sanitize_mixed() function to work correctly with PHP4. 2007-04-10 19:21 brian * Fixed minor issue using get methods to delete items in admin. Found by Janek Vind (waraxe) 2007-04-10 18:34 brian * Fix for Opera javascript redirect issue and response splitting in IE for old versions of PHP 2007-04-07 01:24 mmakaay * Typo fixed 2007-04-07 00:54 mmakaay * New MySQL database layer. The main difference with the existing database layers is that in this layer the real database interaction functionality is limited to a single function. Porting the layer to other databases should be less work due to these changes. # Note: there are a couple of TODO: remarks in the code with some ideas # and things to look at. We should also look if we can bring the used # SQL as much as possible to ANSI SQL (unless performance would suffer # of course). 2007-04-06 11:47 ts77 * "MFB: adding htmlspecialchars to hidden fields in the admin to fix some XSS-issues in the admin reported by Janek Vind 'waraxe'" 2007-04-05 15:28 ts77 * "MFB: fixed path disclosure in admin. Reported by Janek Vind 'waraxe'" 2007-04-05 15:25 ts77 * "MFB: fixed priviledge escalation for moderators. Reported by Janek Vind 'waraxe'" 2007-03-28 19:59 brian * Fixed password changing issue reported in chat 2007-03-26 23:23 brian * Fixed sql injection that could expose user data. Reported by Janek Vind 'waraxe' 2007-03-22 10:40 mmakaay * Some extra safety in the metaquery code 2007-03-21 02:33 mmakaay * Added option for an IS (NOT) NULL query in the metaquery code 2007-03-19 03:45 brian * Updated markdown module to do its own quoting per ticket #530 2007-03-17 13:14 mmakaay * Implemented a new upgrade system, which makes use of two versions internally. One for the main database schema version and one for the database schema patch level. This system solves some problems that we have with the current upgrade system in case we are doing upgrade to both a stable and a development version of Phorum. See also phorum.org's development Wiki for more info on the design of the new upgrade system. I also put the table upgrade function inside include/version_functions.php, so both the console and the web upgrade scripts can make use of it. The console script was also updated to request user input for performing upgrade actions. This is similar to the way in which the web interface works now. This is especially good in case there are errors. # Important note for upcoming db upgrades: # Mind that for 5.2, the system will be more or less up-side-down in use, to # be able to get it bootstrapped in conjunction with 5.1. There can still # be database upgrades for 5.1. These can be put in the 5.1 tree in the same # way as we always did. We also put them in the standard schema upgrade tree # for 5.2. This way, the two trees can fully match and there's no problem # in upgrading between the versions. Changes which only go in 5.2 though, # are not allowed in the schema upgrades! These have to be put in the 5.2 # patch upgrade tree instead, so they won't collide with the standard upgrades. # Because 5.1 does not contain patches, all these 5.2 patches will be run # when upgrading to this version. # # After 5.2 goes stable and we start with 5.3 development, we can fully # follow the rules for the new schema/patch upgrade system. # # Note: # Within the rules of the upgrade system it is fine to always run all # patch level upgrades prior to the schema upgrades (because patches imply # that older versions of Phorum are patched too, which means that all # the patches should be able to run on the last schema upgrade version for # the oldest patched version of Phorum. We have to beware that with the # above up-side-down system, this might not be the case. If we ever write # a 5.1/5.2 schema upgrade which should be executed before a 5.2 patch # to work, then we have to change the logic of the upgrade system. It then # has to collect all patches + schema upgrades and sort them, so all # changes are run in upgrade version order. I don't suspect this will be # the issue though, since no large database upgrades are to be expected # for 5.1 anymore. # # Fixing the internal version: # This patch also reverts the internal version of 5022006090700, which was # set to this value as a different attempt to fix the difficulties. For 5.2 # systems that already run this internal version, the following query will # bring the system back in line (mind to use the correct table prefix): # UPDATE phorum_settings SET data='2007010000' WHERE name ='internal_version'; # This will trigger a db upgrade and after that followup upgrades must be # picked up again. # # How to test the upgrade system: # If you want to test the patch/schema upgrade system with the currently # available upgrades, then it's safe to run the above query, plus the following # one to bring the system into a patch + schema upgrade state: # DELETE FROM phorum_settings WHERE name = 'internal_patchlevel'; 2007-03-14 10:45 mmakaay * Smileys update, fixing #511 2007-03-08 17:16 ts77 * "XSS fix for target-uri" 2007-03-08 16:53 ts77 * made announcements work with vroots (#519) 2007-03-05 11:27 mmakaay * Added an extra option to the offsite linking permissions, which allows for linking uploaded files from the same web site. The admin can now choose from "Only from the forum", "From this web site" and "From any web site". 2007-02-23 02:15 mmakaay * Fixed a bbcode quote tag bug (#524). 2007-01-30 06:36 brian * Fixed non-escaped username in group moderation 2006-11-27 14:24 ts77 * added before_delete hook (fixing #490) 2006-11-27 13:44 ts77 * "using the thous_sep from lang-file for post-numbers (fixing #225)" 2006-11-26 17:00 ts77 * more clear view names for threaded/flat and index (fixing #296) 2006-11-25 23:32 ts77 * some more work on the rebuild panel, adding more rebuild functions and renaming it to database integrity 2006-11-22 16:30 brian * This is a fix for ticket #498. The initial profile fields were not getting set correctly. 2006-11-21 04:07 brian * Clarification to docs made as recommended in ticket #349. 2006-11-21 03:38 brian * This is a fix for ticket #502. 2006-11-21 03:32 brian * This is a fix for ticket #498. The initial profile fields were not getting set correctly. 2006-10-11 17:14 ts77 * rebuild panel for rebuilding forum-stats and meta-data (closing #488) 2006-10-09 15:58 mmakaay * Added a system checking step to the installation, which runs the sanity checks. Sanity checks now get an extra parameter, which tells if they are being run from the install script. Checks which do not have to be run at all at install time, can now return PHORUM_SANITY_SKIP. Doing so will keep them from being displayed in the checks overview. The installation will not continue as long as there are critical errors. The admin can choose to ignore warnings and continue installing. 2006-10-02 20:16 mmakaay * Added sanity check for checking if all important Phorum files are available 2006-10-02 15:07 ts77 * defining some fields in the forum-settings as "string only" to avoid errors, fixing #321 2006-10-02 14:43 ts77 * adding the possibility to edit module settings while they are not enabled, fixing #476 2006-10-02 14:36 ts77 * added maxlength to the text-boxes for folder/forum name - fixing #322 2006-10-01 17:03 ts77 * "MFB: # strip session-uris from report-urls" 2006-09-26 21:13 ts77 * "MFB: # move the cache-layer up for the common_pre-hook" 2006-09-13 20:11 brian * Multipe parameters can now be passed to module functions. However, on the first can be returned. The additional parameters are for information only. 2006-09-13 16:16 brian * Non-FullText searching was not using the date option. See ticket #397 2006-09-13 14:05 mmakaay * Displaying of the intermediate 'Search is running' page is now optional 2006-09-11 10:49 ts77 * added cache-panel in the admin for all cache-related settings (is still missing the settings for the selected layer) 2006-09-07 15:25 mmakaay * Purge cache added to maintenance tools for purging cache and compiled templates 2006-09-07 09:43 mmakaay * Added a meta-like field to the user for storing dynamic settings 2006-09-06 15:17 ts77 * "MFB # update only the display-order on moving around, could lead to inherit-problems otherwise" 2006-09-06 13:04 mmakaay * The followed threads in the control center display newflags too now 2006-09-06 11:59 ts77 * "MFB: # don't set the forum-id on adding a new forum" 2006-08-27 12:47 ts77 * added new hook email_user_start 2006-08-23 12:16 mmakaay * addon.php allows for addon scripts that are implemented using a module 2006-08-21 22:32 mmakaay * New feature for supporting a templates directory inside a module directory. By specifying a template name as ::, the template system will look for the template file in the following path: ./mods//templates/