includes/template.php
Tue, 12 Jul 2011 22:13:37 -0400 Dan Fuhry SECURITY: Fixed several XSS vulns reported by Secunia, mostly in Private Messaging. Also backported CSRF protection API from 1.1.x, and protected Private Messaging and logout functions.
Sat, 17 Jan 2009 11:51:17 -0500 Dan Rebrand as v1.0.6 (Roane)
Fri, 09 May 2008 23:32:51 -0400 Dan Rebrand as 1.0.5 (Ferrishyn)
Thu, 28 Feb 2008 12:33:01 -0500 Dan Rebrand as 1.0.4 (Ellyyllon)
Mon, 28 Jan 2008 23:07:32 -0500 Dan Fixed case where HTML comments were getting stripped when opening tag not followed by whitespace (<!--foo--> was stripped, <!-- foo --> was not, neither is stripped now)
Fri, 18 Jan 2008 10:35:33 -0500 Dan Removed all PostgreSQL support from the installer as per http://enanocms.org/News:1200114064; installer support for Postgres is available in the 1.1 branch now
Wed, 09 Jan 2008 22:23:09 -0500 Dan PHP4 fix: sidebar missing in installer UI: problem was wrongly named constructor for templateIndividualSafe
Mon, 31 Dec 2007 21:16:27 -0500 Dan Integrating patch for PHP 6.0-dev compatibility
Tue, 18 Dec 2007 23:44:55 -0500 Dan Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Sat, 15 Dec 2007 18:10:14 -0500 Dan SURPRISE! Preliminary PostgreSQL support added. The required schema file is not present in this commit and will be included at a later date. No installer support is implemented. Also in this commit: several fixes including <!-- SYSMSG ... --> was broken in template compiler; set fixed width on included images to prevent the thumbnail box from getting huge; added a much more friendly interface to AJAX responses that are invalid JSON
Wed, 12 Dec 2007 21:37:23 -0500 Dan Rebrand as 1.0.3 (Dyrad)
Tue, 11 Dec 2007 19:15:26 -0500 Dan Fixed focus of AJAX login form fields in IE; removed stale/unused call to $template->makeParserText() in paginate_array(); added hook page_create_request to possibly help control creation of pages of certain namespaces from plugins; fixed critical bug in user CP that prevented plugins from adding custom CP modules
Mon, 03 Dec 2007 18:45:37 -0500 Dan Improved physical pages: they support comments and have their own dedicated namespace now. Still some consistency fixes to make.
Mon, 03 Dec 2007 17:36:25 -0500 Dan Deprecated debugConsole and removed all calls to it. Added a lot of comments to common.php. Added support for "anonymous pages" that are created when the Enano API is loaded from an external script. Fixed missing border-bottom on Type 2 sidebar blocks in Oxygen.
Sat, 24 Nov 2007 01:02:55 -0500 Dan Fix missing REPORT_URI variable in template_nodb
Sat, 24 Nov 2007 00:53:23 -0500 Dan Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Wed, 21 Nov 2007 20:14:14 -0500 Dan Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Wed, 21 Nov 2007 15:10:57 -0500 Dan Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Thu, 15 Nov 2007 18:00:39 -0500 Dan Merging in all changes from revision 185 (90b7a52bea45)
Fri, 09 Nov 2007 11:14:20 -0500 Dan Cleaned up some HTML in the installer; corrected some phpDoc syntax errors
Sat, 03 Nov 2007 14:15:14 -0400 Dan Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Tue, 23 Oct 2007 12:30:08 -0400 Dan Slight HTTPS compatibility improvements
Sun, 21 Oct 2007 02:33:25 -0400 Dan [minor] added bottom margin for enanocms.org fading button
Sat, 20 Oct 2007 21:51:26 -0400 Dan Merging in changes from db8a849ad4c9
Wed, 17 Oct 2007 21:54:11 -0400 Dan Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Fri, 12 Oct 2007 14:41:51 -0400 Dan Replaced autocompleting username with a much more efficient algorithm and caching system
Sun, 07 Oct 2007 08:39:40 -0400 Dan SECURITY: remove debug message in session manager; implemented alternate MediaWiki syntax for template embedding; added Adobe Spry for "shake" effect on unsuccessful login
Sat, 06 Oct 2007 20:36:40 -0400 Dan Rebrand as 1.1.1; everything should now be bumped to "unstable" status
Sat, 06 Oct 2007 14:45:00 -0400 Dan Fixed external links in tplWikiFormat to use my monster HTTP request regex
Sat, 06 Oct 2007 13:01:46 -0400 Dan Improvements and fixes (hacks?) for HTML sanitization
Fri, 05 Oct 2007 01:57:00 -0400 Dan Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Sun, 23 Sep 2007 23:21:10 -0400 Dan Rebrand as 1.0.2 (Coblynau); internal links are now parsed by RenderMan::parse_internal_links()
Tue, 18 Sep 2007 00:30:43 -0400 Dan Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Sat, 08 Sep 2007 22:58:38 -0400 Dan Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Sat, 08 Sep 2007 14:02:19 -0400 Dan Fixed some rather major bugs in the registration system, this will need a release followup
Fri, 07 Sep 2007 16:25:16 -0400 Dan Added keep-alive function to admin panel (had been planned for some time) and a new hook, template_var_init_end
Tue, 04 Sep 2007 12:52:23 -0400 Dan Fixed the obnoxious issue with forms using GET and index.php?title=Foo URL scheme (this works a whole lot better than MediaWiki now
Tue, 04 Sep 2007 08:25:48 -0400 Dan Nothing special, just syncing to Scribus, several bugs have been found with GET forms and a fix is in the works
Sun, 26 Aug 2007 16:48:15 -0400 Dan [comments] fixed edit button (source wasn't getting filled)
Sat, 25 Aug 2007 12:11:31 -0400 Dan Fixed non-object reference in databaseless template, added locking for Javascript paginator, made comments on AES key size more clear in constants, and disallowed "anonymous" and IP addresses for admin username in install.php; Loch Ness release candidate
Tue, 14 Aug 2007 15:13:40 -0400 Dan Added ability to detag deleted pages
Sun, 12 Aug 2007 13:11:16 -0400 Dan Redid stupid fading button code and fixed several RC2 bugs in the upgrade schema; 1.0.1 release candidate
Fri, 10 Aug 2007 15:57:22 -0400 Dan Finished pagination code (was incomplete in previous revision) and added a few hacks for an upcoming theme
Thu, 09 Aug 2007 12:26:16 -0400 Dan AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Sat, 21 Jul 2007 18:12:10 -0400 Dan Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Sun, 15 Jul 2007 11:41:06 -0400 Dan Pseudo-commit: Merging Scribus and Nighthawk repos 1.0
Thu, 12 Jul 2007 15:30:26 -0400 Dan Fixed stupid typo in template.php that made the fading button not work...
Tue, 10 Jul 2007 11:59:02 -0400 Dan Changed administration login request to use the AJAX login form; made high-level authentication more apparent in the AJAX box; recompiled Oxygen Mint
less more (0) -48 tip