includes/sessions.php
Tue, 12 Jul 2011 22:13:37 -0400 Dan Fuhry SECURITY: Fixed several XSS vulns reported by Secunia, mostly in Private Messaging. Also backported CSRF protection API from 1.1.x, and protected Private Messaging and logout functions.
Tue, 16 Nov 2010 12:19:13 -0500 Dan Fuhry SECURITY: Fix SQL injection in banlist check
Sat, 17 Jan 2009 11:51:17 -0500 Dan Rebrand as v1.0.6 (Roane)
Fri, 09 May 2008 23:32:51 -0400 Dan Rebrand as 1.0.5 (Ferrishyn)
Thu, 28 Feb 2008 12:33:01 -0500 Dan Rebrand as 1.0.4 (Ellyyllon)
Mon, 31 Dec 2007 21:16:27 -0500 Dan Integrating patch for PHP 6.0-dev compatibility
Sun, 23 Dec 2007 17:58:21 -0500 Dan Corrected licensing issue on YoungPup's DOM-Drag (it is now public domain -> GPLv2+ for Enano); fixed wrongful access denial under specific circumstances (fetch_page_acl() on nonexistent page + wiki mode)
Tue, 18 Dec 2007 23:44:55 -0500 Dan Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Sat, 15 Dec 2007 18:10:14 -0500 Dan SURPRISE! Preliminary PostgreSQL support added. The required schema file is not present in this commit and will be included at a later date. No installer support is implemented. Also in this commit: several fixes including <!-- SYSMSG ... --> was broken in template compiler; set fixed width on included images to prevent the thumbnail box from getting huge; added a much more friendly interface to AJAX responses that are invalid JSON
Wed, 12 Dec 2007 21:37:23 -0500 Dan Rebrand as 1.0.3 (Dyrad)
Mon, 03 Dec 2007 17:36:25 -0500 Dan Deprecated debugConsole and removed all calls to it. Added a lot of comments to common.php. Added support for "anonymous pages" that are created when the Enano API is loaded from an external script. Fixed missing border-bottom on Type 2 sidebar blocks in Oxygen.
Sun, 25 Nov 2007 17:53:03 -0500 Dan Fixed highlighting in search results; changed search algorithm to give more score for terms found in page title; hopefully (hackishly) fixed login_key_cache getting too long
Sat, 24 Nov 2007 01:35:12 -0500 Dan Fixed a few major bugs with the upgrade script and the config file not getting loaded properly due to IN_ENANO_INSTALL
Sat, 24 Nov 2007 00:53:23 -0500 Dan Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Sun, 18 Nov 2007 18:44:55 -0500 Dan Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Sat, 17 Nov 2007 23:09:12 -0500 Dan Hopefully managed to put enough hacks in there to make renaming the config file the last step, so if it fails, it can be done manually
Sat, 17 Nov 2007 20:31:01 -0500 Dan Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Sat, 17 Nov 2007 15:02:08 -0500 Dan Fixed: secure-cookie option is no longer set if $_SERVER['HTTPS'] is set but == "off"
Thu, 15 Nov 2007 18:00:39 -0500 Dan Merging in all changes from revision 185 (90b7a52bea45)
Fri, 09 Nov 2007 11:14:20 -0500 Dan Cleaned up some HTML in the installer; corrected some phpDoc syntax errors
Tue, 23 Oct 2007 12:30:08 -0400 Dan Slight HTTPS compatibility improvements
Sat, 20 Oct 2007 21:51:26 -0400 Dan Merging in changes from db8a849ad4c9
Mon, 15 Oct 2007 00:11:51 -0400 Dan SECURITY: Fix failure to log login failure on no row match
Sun, 07 Oct 2007 08:39:40 -0400 Dan SECURITY: remove debug message in session manager; implemented alternate MediaWiki syntax for template embedding; added Adobe Spry for "shake" effect on unsuccessful login
Sat, 06 Oct 2007 20:36:40 -0400 Dan Rebrand as 1.1.1; everything should now be bumped to "unstable" status
Sun, 30 Sep 2007 20:20:07 -0400 Dan Feature add: new page group type: regular expression match (PCRE)
Sun, 23 Sep 2007 23:21:10 -0400 Dan Rebrand as 1.0.2 (Coblynau); internal links are now parsed by RenderMan::parse_internal_links()
Tue, 18 Sep 2007 16:29:26 -0400 Dan Enano should now fully support UTF-8 usernames; newly registered users are now granted automatic edit access to their user pages (admins can still use protection on the page)
Tue, 18 Sep 2007 00:30:43 -0400 Dan Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Thu, 13 Sep 2007 08:28:11 -0400 Dan Fix: activation e-mails were signed by Anonymous :-)
Sat, 08 Sep 2007 15:06:28 -0400 Dan Vastly improved UX for a login to an inactive account
Sat, 21 Jul 2007 18:12:10 -0400 Dan Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Sat, 21 Jul 2007 11:28:59 -0400 Dan Fixed a few presentation bugs in installer, made installer more "legally binding", and fixed global permissions inheritance in $session->fetch_page_acl()
Mon, 09 Jul 2007 22:01:27 -0400 Dan Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Thu, 05 Jul 2007 10:37:36 -0400 Dan I dunno how many times I'm gonna have to fix the "problem seems to be the hex conversion" bug, but this is at least the fourth try.
Sun, 01 Jul 2007 14:08:39 -0400 Dan Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Thu, 28 Jun 2007 15:26:40 -0400 Dan Finished Special:Preferences/Profile page! Only the wikitext parser cleanup left, yay!
Thu, 28 Jun 2007 13:49:40 -0400 Dan COPPA support added
Tue, 26 Jun 2007 17:28:18 -0400 Dan Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Sat, 23 Jun 2007 10:38:24 -0400 Dan Upgrades (RC2->RC3) should now work
Sat, 23 Jun 2007 10:16:53 -0400 Dan Emergency version change to 1.0rc3 to fix XSS vulnerabilities
Fri, 22 Jun 2007 10:31:59 -0400 Dan Installer actually works now on dev servers; minor language change in template.php; code cleanliness fix in sessions.php
Wed, 13 Jun 2007 16:07:17 -0400 dan Adding /includes
less more (0) tip