Dan [Fri, 21 Aug 2009 11:47:26 -0400] rev 1085
SECURITY: Comments: fix poor sanitization of subject on initial submit
Dan [Thu, 20 Aug 2009 21:15:19 -0400] rev 1084
Sessions: whoops, left a debug message in by accident, broke a few redirects
Dan [Thu, 20 Aug 2009 20:19:20 -0400] rev 1083
SECURITY: UCP: Added CSRF protection on Profile (unneeded on EmailPassword due to USER_LEVEL_CHPREF requirement)
Dan [Thu, 20 Aug 2009 20:03:31 -0400] rev 1082
index: removed that annoying 2-space indent
Dan [Thu, 20 Aug 2009 20:01:55 -0400] rev 1081
Fixed some upgrade bugs; added support for choosing one's own date/time formats; rebrand as 1.1.7
Dan [Wed, 19 Aug 2009 01:28:47 -0400] rev 1080
Minor fix to SHA256: some indices were not being initted under some circumstances
Dan [Mon, 10 Aug 2009 22:43:26 -0400] rev 1079
Added ability for authentication plugins to modify session keys (to allow invalidation when their own authentication data is changed) as well as the ability to disable the built-in password change facility
Dan [Sun, 09 Aug 2009 01:27:45 -0400] rev 1078
Blockquote functionality in wikitext parser now allows rendering of other block level elements properly
Dan [Sun, 09 Aug 2009 01:26:57 -0400] rev 1077
Login: enabled DiffieHellman on IE8
Dan [Fri, 07 Aug 2009 10:22:09 -0400] rev 1076
Login: visual: fixed separator being displayed with only one of 2 checkboxes
Dan [Tue, 04 Aug 2009 17:32:09 -0400] rev 1075
Some changes to AJAX login interface, made it a bit more compact with less language, with some Enanium specific modifications to the same.
Dan [Tue, 04 Aug 2009 15:06:50 -0400] rev 1074
Made index.php bootstrap smarter and better commented.
Dan [Tue, 04 Aug 2009 15:02:54 -0400] rev 1073
More work on rendering engine. Fixed some bugs with paragraph skipping and added (incomplete) support for blockquotes.
Dan [Tue, 04 Aug 2009 15:02:00 -0400] rev 1072
Fixed some "declaration should be compatible" errors that showed up under WinXP QA
Dan [Mon, 03 Aug 2009 02:58:43 -0400] rev 1071
Sessions: fixed logout() destroying normal session (instead of elevated) if $level = USER_LEVEL_CHPREF. Possible very minor security concern: elevated sessions were not fully destroyed, so if a normal session is opened from the same IP, the elevated one may be reusable for 15 minutes.