Sessions: fixed logout() destroying normal session (instead of elevated) if $level = USER_LEVEL_CHPREF. Possible very minor security concern: elevated sessions were not fully destroyed, so if a normal session is opened from the same IP, the elevated one may be reusable for 15 minutes.
<!-- Enano CMS - IIS7 Rewrite support (installer's test scenario) -->
<configuration>
<configSections>
<sectionGroup name="rewriteRules">
<section name="rules" overrideModeDefault="Allow" />
</sectionGroup>
</configSections>
<system.webServer>
<rewrite>
<rules>
<rule name="Installation - test requests from installer UI">
<match url="(.*)" ignoreCase="false" />
<conditions>
<add input="{REQUEST_FILENAME}" matchType="IsFile" ignoreCase="false" negate="true" />
<add input="{REQUEST_FILENAME}" matchType="IsDirectory" ignoreCase="false" negate="true" />
</conditions>
<action type="Rewrite" url="install.php?do=modrewrite_test&str={R:1}" appendQueryString="false" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>