site:
- watchdog (rewrite):
+ the collected information provides more details and insights
for post-mortem research
+ input limitation
- database abstraction layer:
+ mysql errors are now verbose and is no longer displayed in a
browser - fixes a possible security risk
- admin.php:
+ updated watchdog page
+ fixed security flaw
- diary.php:
+ fixed nl2br problem
- themes:
+ fixed comment bug in all 3 themes.
- misc:
+ renamed some global variables for sake of consistency:
$sitename --> $site_name
$siteurl --> $site_url
+ added input check where (a) exploitable and (b) possible
+ added input size check
+ various small improvements
+ fixed various typoes
... and much, much more in fact.
- fixed bug in discussion.php
- theme update: comment() now takes 3 arguments:
$comment - an object with comment data
$link - a link to the reply form of that particular
comment
$thread - the subthread of that particular comment
- theme 'marvin' and theme 'zaphod' are updated, theme
'unconed' is left to be done
(suggestion UnConeD)
- Added anchors to comment links to easy comment navigation.
(suggestion UnConeD)
- Fixed duplicate `you voted' after moderating a story.
(suggestion UnConeD)
- Fixed quote bug in administration center.
- Expanded user administration with timezone information.
- Improved the theme system by eliminating the "preview" function.
Let's not make the system more complex then it ought to be.
- Refined watchdog administration.
- ...
- fixed a bug in account.php: the confirmation url is now correct.
- improved error checking + security in diary.php.
- fixed a bug in the html code of theme zaphod.
- improved the date handling: always call format_date().
- expanded account information in administration pages.
- added a new variable $siteurl to ./includes/config.inc.
- added comment moderation to theme zaphod.
- "alter table users add timezone varchar(8);"
- !!! added new timezone feature !!! :o)
UnConeD: will you add the nl2br()'s to your theme or do you want
me to do so? Remark that it will look screwed up (too
many <br>'s) with the current stories but it won't with
new entries ...
visual changes:
- removed redundant files user.class.php, calendar.class.php
and backend.class.php.
- converted *all* mysql queries to queries supported by the
database abstraction layer.
- expanded the watchdog to record more information on what
actually happened.
- bugfix: anonymous readers where not able to view comments.
- bugfix: anonymous readers could gain read-only access to
the submission queue.
- bugfix: invalid includes in backend.php
- bugfix: invalid use of '$user->block'
and last but not least:
- redid 50% of the user account system
---------
- improved the user information page.
- improved the story submission page.
- fixed comments score bug: '.00' --> 'x.00'
- tried fixing the calendar wrapping - UnConeD, is it fixed now?
- provided a link back to the submission queue after having voted
for a story.
- fixed comment subject bug (and security flaw) by replacing
quotes by ".
- updated theme 'zaphod': fixed 2 bugs.
- updated theme 'marvin': fixed 1 bug and improved the layout so
things wrap (hopefully) better in Windows.
- comments have by default no subject pre-set - if no subject is
provided, the user is warned and when a comment eventually got
submitted without a subject, a subject is composed using the x
first characters of the comment's body.
- improved comments on submit.php
- corrected a typo in the FAQ.
UnConeD
-------
- replace 'article.php' by 'discussion.php'
- comment() still uses old references to account.php: the
parameters you supply to account.php does no longer hold.
You have to update those links to the new syntax.
- commentcontrol() is outdated - copy paste the one of
theme 'marvin' and adjust it to your likings.
- Added a basic implementation of comment moderation
- Updated and renamed my 2 themes: I removed redundant boxes and tried to
work towards simplicity.
- Disabled the other themes as they are broken (I gave you sufficent time
to update them).
- Removed redundant files.
- Added security checks with regard to the usage of HTML tags.
Dries Buytaert