Geeklog History/Changes:

 May ??, 2009 (1.6.0b2)

 ------------

 Geeklog 1.6.0 incorporates the following projects implemented during

 the 2008 Google Summer of Code:

 + Site migration support and easier plugin installation, by Matt West

 + Improved search, by Sami Barakat

 + Comment moderation and editable comments, by Jared Wenerd

 Changes since 1.6.0b1:

 - All bundled plugins now include a check to see if they support the DBMS the

   site is running on [Dirk]

 - A fresh install didn't check if the bundled plugins are compatible with the

   Geeklog version about to be installed [Dirk]

 - Users couldn't change their password or delete their account (reported by

   Tom Homer) [Dirk]

 - Fixed plugin postinstall from the install script [Dirk]

 - Made COM_createImage recognize https:// URLs (bug #0000881) [Dirk]

 - Fixed notices in the config class (reported by tgc and others) [Dirk]

 - Fixed empty entries in the "Type" dropdown on the Advanced Search page.

   Requires an updated search/searchform.thtml template (part of bug #0000874)

 - Ensure PLG_templateSetVars (and therefore CUSTOM_templateSetVars) is called

   properly when the "Skip Preview" option is disabled (bug #0000880) [Dirk]

 - Fixed handling of multi-byte encoded texts when limiting the content of feed

   entries to a certain amount of characters (reported by alank) [Dirk]

 - Added a verbose logging option to the search class and make it default to off

   [Dirk]

 Static Pages plugin

 -------------------

 - Fixed handling of "entire page" centerblocks in a multi-language environment:

   Need to allow one per language (reported by Norbert Ortmann) [Dirk]

 - Fixed a typo that prevented the [staticpage:] autotag from working [Dirk]

 XMLSitemap plugin

 -----------------

 - Don't include Links in the sitemap.xml automatically [Dirk]

 - Fixed "missing argument 2" error when changing config options (reported by

   Markus Wollschläger) [Dirk]

 May 1, 2009 (1.6.0b1)

 -----------

 - New XMLSitemap plugin that creates a XML sitemaps file as supported by all

   major search engines, provided by mystral-kk

 - Don't allow to add/remove users to/from the All Users and Logged-in Users

   groups via the group editor (bugs #0000863 and #0000864) [Dirk]

 - Cosmetic changes to the form to add/remove users to/from groups, for

   consistency with the other admin panels [Dirk]

 - Document where CUSTOM_templateSetVars is actually called from (bug #0000862)

   [Dirk]

 - Added option to search by titles only (feature request #0000840) [Sami]

 - Added a config option to enable/disable automatically turning URLs in text

   postings into clickable URLs [Dirk]

 - Changed some default settings [Dirk]:

   * Webservices are now disabled

   * Cronjob emulation is off

   * Default sort for topics is alphabetically

   * Default comment mode is nested

   These settings are _not_ changed when upgrading from an earlier version.

 - Experimental: Compress HTML output before sending it to the browser (disabled

   by default; has to be supported by both the browser and the webserver) [Dirk]

 - Moved hard-coded texts from admin/sectest.php to the language files (bug

   #0000716) [Dirk]

 - Added an option to send a copy of the email to a user to self (feature request

   #0000771, based on a patch by Roshan Singh)

 - COM_checkList would use the table name for the name of the checkbox array in

   the HTML(!). Added a new parameter for the name (pointed out by Bookoo in

   the exploit for usersettings.php, cf. Geeklog 1.5.2sr4) [Dirk]

 - Fixed wrong use of COM_allowedHTML and COM_checkHTML in plugins: Functions

   were called without specific permissions, so they defaulted to 'story.edit'.

   I.e. as a Story Admin, you could use the admin_html set in events, but as a

   Calendar admin, you could not ... (bug #0000785) [Dirk]

 - Added missing finish() calls for some templates, e.g. header.thtml

   (bug #0000855) [Dirk]

 - Moved documentation to docs/english so that it can be translated

   (feature request #0000770) [Dirk]

 - New plugin API function PLG_pluginStateChange [Dirk]

 - Fixed dropdown for the "censor mode", which has more than the two options

   offered previously (bug #0000692) [Mike, Maciej Cupial]

 - Slightly faster template class (feature request #0000760, patches provided

   by dengen and mystral-kk)

 - Use a more efficient implementation of Story::hasContent (bug #0000858, patch

   provided by Maciej Cupial)

 - Make sure formerly optional config items can be disabled (bug #0000846) [Dirk]

 - New plugin API function PLG_getDocumentationUrl (feature request #0000848)

   [Dirk]

 - Fresh installs + MySQL only: Changed some tinyint fields that are only used

   as flags to tinyint(1) from tinyint(3) (bug #0000857)

 - Fixed one of the predefined date format strings (bug #0000854)

 - Replace Wiki-style formatting in the Daily Digest and when emailing a story

   to a friend (bug #0000837, patch provided by Pawel Szczur)

 - New plugin API function PLG_configChange (feature request #0000694) [Dirk]

 - Fixed layout of Batch Add and Batch Admin options of the User Manager [Dirk]

 - On a login failure, the user registration form showed up even when new user

   registration was disabled (bug #0000843)

 - The Wiki-style format broke national special characters, e.g. Japanese and

   German umlauts (bug #0000823) [Dirk]

 - Introduced new plugin API function PLG_migrate [Dirk]

 - Allow switching the DOCTYPE from the Configuration. Requires a theme that

   uses {doctype} instead of a hard-coded DOCTYPE declaration (feature request

   #0000745) [Dirk]

 - The notification email about new user submissions didn't include information

   about the remote service used (if any) [Dirk]

 - Define {xmlns} when using XHTML for XHTML compliance. Updated header.thtml

   and article/printable.thtml template files to include that variable [Dirk]

 - Fixed wrong use of '&' when sending a trackback (bug #0000825)

 - Removed incomplete PDF generator (never enabled in any shipped version) [Dirk]

 - Fixed a problem with words being merged together in newsfeeds when the article

   was written with CR as the line separator [Dirk]

 - Made url rewriting work on setups that only set $_SERVER['ORIG_PATH_INFO']

   (bug #0000816)

 - Fixed duplicate plugin entries when a plugin has more than one entry for the

   admin or user menu (bug #0000820)

 - {contributedby_user} and {contributedby_fullname} weren't set in the story

   templates (bug #0000821) [Dirk]

 - Reinstated old definitions of the {start_contributedby_anchortag},

   {end_contributedby_anchortag}, and {contributedby_author} variables, i.e. the

   two anchortag variables are set again and _author contains the name only (bug

   #0000821) [Dirk]

 - Auto-deleting a story didn't delete trackbacks for that story [Dirk]

 - Ensure consistent template variable names for the Permission Editor [Dirk]

 - Added new permission 'group.assign', now required to be able to assign a user

   to a group. Part of the Group Admin (not User Admin) permissions by default

   (feature request #0000190) [Dirk]

 - Raised minimum required PHP version to PHP 4.3.0 and removed all workarounds

   that ensured compatibility with PHP 4.1.0 [Dirk]

 - Added a filename mask config option for the names of the database backups

   [Dirk]

 - Removed $_CONF['pagetitle'] hack. Use COM_siteHeader('menu', $pagetitle)

   instead [Dirk]

 - Added canonical link for articles [Dirk]

 - Moved hard-coded "Reminders" column title to the language file (bug #0000817)

 - Hide archive option radiobutton from the story editor when no archive topic

   is defined (feature request #0000807) [Dirk]

 - Display group names with an uppercase first letter everywhere [Dirk]

 - Added an ISO 8601-ish format to the gl_dateformats table [Dirk]

 - Let users with user.mail permissions only email groups that they are in

   themselves [Dirk]

 - Gave the Groups and User editors a facelift. Requires a new template file,

   admin/lists/inline.thtml [Dirk]

 - Add new permissions plugin.install and plugin.upload for more fine-grained

   control to the plugin admin panel (bug #0000637) [Dirk]

 - Introduced new plugin API function PLG_itemDeleted [Dirk]

 - Changed API for PLG_itemSaved to make it simpler and easier to use [Dirk]

 - Updated FCKeditor to version 2.6.4 [Blaine]

 - Usersettings.php - can not change password when custom membership is enabled.

   Modified CUSTOM_userCheck to return both a error message string and Error

   code. Updated users.php and usersettings,php  (bug #0000776) [Blaine]

 - Implemented extended API for PLG_getItemInfo [mystral-kk, Dirk]

 - Fixed inconsistencies and various small mistakes when displaying "Access

   denied" messages on the admin pages [Dirk]

 - Added a print.css stylesheet to be used by the printable template files

   (feature request #0000766) [Dirk]

 - Re-introduced the path hints in the install script when it can't find

   db-config.php [Dirk]

 - Added a note about the max. dimensions of a userphoto in the About You pane

   of a user's My Account page (feature request #0000629) [Dirk]

 - Display a message when no topics exist and don't let the user enter the story

   editors (bug #0000738) [Dirk]

 - Added a configuration option to control the JPEG quality (Feature request

   #0000720) [Dirk]

 - Updated Hebrew language file for the install script, provided by LWC

 - New Serbian (Latin) language files, provided by Aleksandar Scepanovic

 Calendar plugin

 ---------------

 - Added migration support [Dirk]

 - Removed extra double quote from upcoming events block (bug #0000827)

 - Added auto installation support [Dirk]

 - Added support for PLG_getItemInfo, PLG_itemSaved, PLG_itemDeleted [Dirk]

 Links plugin

 ------------

 - Added migration support [Dirk]

 - Added category default permissions [Dirk]

 - Added auto installation support [Dirk]

 - Added support for PLG_getItemInfo, PLG_itemSaved, PLG_itemDeleted [Dirk]

 - Introduced function LINKS_getCategorySQL and fixed visibility of link

   categories in the Top 10 Links list and site statistics [Dirk]

 - Added an option to allow opening external links in a new window (feature

   request #0000693). Use with care, please [Dirk]

 - Only external links are marked with class="ext-link" [Dirk]

 Polls plugin

 ------------

 - Added migration support [Dirk]

 - Set the page title when viewing a poll [Dirk]

 - Added auto installation support [Dirk]

 - Added support for PLG_getItemInfo, PLG_itemSaved, PLG_itemDeleted [Dirk]

 - Extended length of poll IDs to 40 characters (feature request #0000754) [Dirk]

 Spam-X

 ------

 - Added migration support [Dirk]

 - Added auto installation support [Dirk]

 Static Pages plugin

 -------------------

 - Added migration support [Dirk]

 - The printable.thtml template file now uses the {xmlns} variable [Dirk]

 - Added canonical link [Dirk]

 - Added auto installation support [Dirk]

 - Added support for PLG_getItemInfo, PLG_itemSaved, PLG_itemDeleted [Dirk]

 - The printable.thtml template file uses the HTML Strict doctype and print.css

   now [Dirk]

 - Display "successfully saved" and "successfully deleted" messages, just like

   every other plugin and built-in function does (bug #0000644) [Dirk]

 Apr 18, 2009 (1.5.2sr4)

 ------------

 This release addresses the following security issue:

 Bookoo of the Nine Situations Group posted another SQL injection exploit,

 targetting an old bug in usersettings.php. As with the previous issues, this

 allowed an attacker to extract the password hash for any account and is fixed

 with this release.

 Apr 13, 2009 (1.5.2sr3)

 ------------

 This release addresses the following security issue:

 Bookoo of the Nine Situations Group posted another SQL injection exploit, this

 time targetting the webservices API. As with the previous issue, this allowed

 an attacker to extract the password hash for any account and is fixed with this

 release.

 Not security-related:

 - Re-introduced function get_SPX_Ver in the install script, which is still

   needed when upgrading from old Geeklog releases (reported by Sheila) [Dirk]

 Apr 4, 2009 (1.5.2sr2)

 -----------

 This release addresses the following security issue:

 Bookoo of the Nine Situations Group posted an SQL injection exploit for glFusion

 that also works with Geeklog. This issue allowed an attacker to extract the

 password hash for any account and is fixed with this release.

 Mar 30, 2009 (1.5.2sr1)

 ------------

 This release addresses the following security issue:

 Fernando Munoz reported a possible XSS in the query form on most admin panels

 that we are fixing with this release (bug #0000841).

 Feb 8, 2009 (1.5.2)

 -----------

 - The default replacement text for censored text was supposed to read

   "censored", not "censormode" [Dirk]

 - Fixed problem with extra backslashes appearing in a story's title during the

   story preview when magic_quotes_gpc = On (bug #0000790) [Mike, Dirk]

 - Added missing page title when viewing a single comment [Dirk]

 - Sort groups in the group dropdowns non-case sensitive [Dirk]

 - Display a message when sending the email to report an abusive comment failed

   [Dirk]

 - Display a message when sending the email for a new password failed [Dirk]

 - Updated Estonian language file for the Calendar plugin, provided by Artur Räpp

 - Updated Japanese language file, provided by the Geeklog.jp group

 Static Pages plugin

 -------------------

 - Fixed parse error when saving a static page (reported by greenteagod). This

   problem was only introduced in 1.5.2rc1 [Dirk]

 Jan 24, 2009 (1.5.2rc1)

 ------------

 - Fixed various issues with COM_makeClickableLinks (bug #0000767, #0000793,

   #0000796) [Sami]

 - The comment submission form didn't show the user's full name when

   $_CONF['show_fullname'] was enabled [Dirk]

 - Comments were always showing the username, even when $_CONF['show_fullname']

   was enabled (reported and patch provided by mystral-kk, bug #0000800)

 - Fixed story preview losing the story when the sid already existed (bug

   #0000789) [Dirk]

 - Fixed wrong use of str_replace in STORY_extractLinks (bug #0000794) [Dirk]

 - Added "Send Pings" to the Story Options block (if enabled and allowed for the

   current user) [Dirk]

 - Don't let the user enable plugins when there's no functions.inc for the

   plugin [Dirk]

 - When the install script can't find db-config.php, that message was always

   displayed in English, i.e. you could not change the language for that screen

   [Dirk]

 - When upgrading from a Geeklog version prior to 1.5.0, the plugin config.php

   files are no longer renamed [Dirk]

 - Admin lists allowed non-sortable columns to be sortable (reported and patch

   provided by hiroron, bug #0000791)

 - Fixed STORY_getItemInfo - need to check the draft flag and for a publish date

   in the future [mystral-kk, Dirk]

 - Fixed wrong use of COM_isAnonUser in COM_getPermSQL (since 1.5.0) [Dirk]

 - When calling COM_getYearFormOptions with a $startoffset parameter, the list

   of years was off by one (bug #0000783; patch provided by hiroron)

 - Fixed updating feeds after changing topic permissions (bug #0000779) [Dirk]

 - The security token was missing from the trackback editor template file

   (reported and patch provided by hiroron, bug #0000778)

 - Removed rel="tag" from topic links in lib-story.php as that would indicate a

   Microformat with a slightly different meaning [Dirk]

 - Don't include X-Originating-IP header in emails sent from the site's admin

   area (bug #0000701) [Dirk]

 - Check if COM_errorLog exists before using it in the config class (for possible

   problems during installation, bug #0000768) [Dirk]

 - Fixed filling out the Site Email / No-Reply Email fields in the install

   script, which was overwriting the correct values from config.php during

   upgrades (bug #0000759) [Dirk]

 - Set language direction in templates for printable versions of articles and

   static pages. Also set $LANG_DIRECTION to 'ltr' now if the language file does

   not already define it (bug #0000762) [Dirk]

 - Removing an element from the middle of the censorlist caused the censoring

   to act up (bug #0000763) [Dirk]

 - Saving a story tried to update a feed of type 'geeklog' instead of 'article'

   (reported by Tom Homer)

 - Delete a feed's file when deleting a feed (bug #0000758) [Dirk]

 - When using gdlib, use imagecopyresampled instead or imagecopyresized to scale

   images. This should result in better image quality (part of Feature request

   #0000720) [Dirk]

 - The {start_storylink_anchortag} variable in the story templates was missing

   a '>' (reported by Michael Brusletten) [Dirk]

 - Display a "Service" column in the Admin's list of users when remote auth is

   activated [Dirk]

 - Introduced new function COM_showMessageText to display a free-form text in a

   "System Message" box (feature request #0000676) [Dirk]

 - Introduced new function COM_showMessageFromParameter for easy and consistent

   display of messages passed in the URL, including plugin messages (second

   attempt to fix bug #0000618) [Dirk]

 - Display confirmation message when emailing a story (feature request #0000689)

   [Dirk]

 - Implemented new function COM_renderWikiText to convert wiki-formatted text

   to (X)HTML (feature request #0000643) [Dirk]

 - Added support for CUSTOM_formatEmailAddress and CUSTOM_emailEscape functions

   (feature request #0000727) [Dirk]

 - Fixed 'cookiedomain' being reported as changed in the Configuration

   (bug #0000638) [Dirk]

 - Reverted fix for bug #0000618 (COM_showMessage automatically picking up a

   'plugin' parameter) as it's causing problems when displaying more than one

   message on the same page [Dirk]

 - Added missing check for allowed IP addresses in downloader class

   (bug #0000709) [Dirk]

 - Force a refresh after uninstalling a plugin so that the plugin's entry

   disappears from the Admins block [Dirk]

 - Fixed an issue with story expiry dates on PHP 4/Windows (reported by zeb)

   [Mike]

 - Updated Hebrew language file for the install script and Spam-X plugin,

   provided by LWC

 - Updated Japanese language files, provided by the Geeklog.jp group

 - Updated Polish language files, provided by Robert Stadnik

 - Updated Slovenian language file for the Links plugin, provided by gape

 Calendar plugin

 ---------------

 - Fix for calendar plugin - unable to add personal event [Blaine]

 - Make {event_url} available in eventdetails.thtml [Dirk]

 Links plugin

 ------------

 - Missing parentheses my have resulted in incorrect search results [Dirk]

 - Added urlencoded versions of {link_actual_url} and {link_name} [Dirk]

 - Prevent overwriting existing links when changing the link ID [Dirk]

 Polls plugin

 ------------

 - Lowered the default number of questions per poll to 5 and the number of

   answers per question to 8 to avoid running into Suhosin's default

   post.max_vars limit (for new installs only) [Dirk]

 - Fixed SQL error when poll questions contained single quotes (bug #0000756)

   [Dirk]

 - Fixed handling of poll IDs in Polls editor (bug #0000753) [Dirk]

 Static Pages plugin

 -------------------

 - The owner of a static page changed to the user who last edited it

   (bug #0000777) [Dirk]

 - Fixed call to WS_makeId when sp_id was longer than STATICPAGE_MAX_ID_LENGTH

   (found by Marc Maier) [Dirk]

 Sep 22, 2008 (1.5.1)

 ------------

 - Fixed protection against direct execution in various include files which may

   have failed on non-case sensitive file systems (reported by Mark Evans) [Dirk]

 - Saving a story as someone other than the owner will revert the story to your

   ownership. (bug #0000742) [Mike]

 - Fixed searching for non-installed plugins when open_basedir restrictions are

   in effect (bug #0000741)

 - Fix for first change of password issue (bug #0000724) [Mike]

 - Fixed failure to switch language with new query highlighting URLs

   (bug #0000733) [Dirk]

 - Fixed bug with HTML Encoding of default comment title for articles

   (bug #0000737) [Mike]

 - Fixed another case where a duplicate of a story submission was left in the

   submission queue after approving the story [Mike]

 - Fixed problem with the MySQL class not recognizing UTF-8 when the character

   set name was written in uppercase (bug #0000731) [Dirk]

 - Updated Hebrew language files, provided by LWC

 - Updated Estonian language files, provided by Artur Räpp

 - Updated Japanese language files, provided by the Geeklog.jp group

 - Updated Slovenian language files, provided by gape

 Sep 7, 2008 (1.5.1rc1)

 -----------

 - Added missing slash in the install script (bug #0000715) [Dirk]

 - CSRF token not passed to draft list (bug #0000726) [Ted Powell]

 - If root debugging is enabled, hide anything in the array stack that has a key

   containing 'cookie' or 'pass'. And added option to override this.

   (bug #0000722) [Mike]

 - Prevent direct execution of the FCKeditor upload script (reported by t0pP8uZz)  [Dirk]

 - Renamed the "Restore" option in the Configuration to "Enable" [Dirk]

 - Provided better error handling for database backups (bug #0000714) [Mike]

 - Provided auto-detection of -left and -right overrides for any given block

   template. This allows any block to auto-style to left and right for themes

   without the need for the theme to work it out, or talk to the database.

   ("Bug" #0000684) [Mike]

 - Fixed handling of corrupted config value db entries, e.g. after importing

   Calendar event_types with the wrong character set (bug #0000690) [Dirk]

 - Fixed handling of HTML entities in the Configuration (bug #0000710)

   [Sami, Dirk]

 - Story image upload: Only add a link to the unscaled image if such an image

   actually exists [Dirk]

 - Removed unused code from lib-story.php [Dirk]

 - COM_siteFooter no-longer creates two sets of right blocks. (bug #0000698)

   [Mike]

 - Microsummaries work in topics, reported by Joe. [Mike]

 - Added DB_checkTableExists and changed INST_checkTableExists to use it. [Mike]

 - Changed REPLACE INTO for DB_save for MSSQL compat [Mike]

 - Re-introduced function get_SP_Ver in the install script, which is still needed

   when upgrading from old Geeklog releases (reported by libexec) [Dirk]

 - Fixed issue where you can post a comment to an unpublished story (bug

   #0000705) [mystral-kk/Mike]

 - Fixed make clickable links with quotes (bug #0000691) plus truncated long

   urls. [Sami]

 - Fixed table prefix issues with constraints (bug #0000702) [Mike/Sami]

 - Fixed error when attempting to highlight a search query that contained a

   slash [Dirk]

 - Updated FCKeditor to v2.6.3 [Blaine]

 - Moved remove() (config JavaScript) to gl_cfg_remove (bug #0000681) [Mike]

 - Change for CUSTOM_usercreate to support passing in $batchimport, 

   set true if called via the Admin->Users Batch_Add [Blaine]

 - Fix for date formatting in RSS fields (bug #0000696) [mystral-kk]

 - A small tweak to the Professional theme's commentbar to make the "Post a

   comment" option easier to find [Dirk]

 - Renamed the syndication feed type "geeklog" to "article" since that's what

   they are nowadays [Dirk]

 - New option "All Frontpage Stories" for article feeds: skip stories that have

   the "Show only in topic" option set (feature request #0000652) [Dirk]

 - If there is a feed for a topic, there will now be a "Subscribe to ..." option

   in the Story Options block for every story for that topic (feature request

   #0000154) [Dirk]

 - Cop-out fix for bug #0000671: Don't display the icon for external links when

   the text direction is 'rtl' (e.g. Hebrew) [Dirk, Mike]

 - Keep letter case intact when highlighting a search query string (patch

   provided by Sami Barakat)

 - Provide nicer URLs to story search results when URL rewriting is enabled

   (bug #0000665, based on a patch by Sami Barakat) [Dirk]

 - Better support for plugin messages (bug #0000618) [Blaine]

 - Introduced new variable {page_title_and_site_name} for header.thtml so that

   we can have "Site Name - Site Slogan" in the frontpage's title again [Dirk]

 - Fixed SQL error(s) for story submissions by users with story.submit but no

   further Story Admin permissions (reported by Orion) [Dirk]

 - End a user's session when they are being banned [Dirk]

 - Signatures in HTML-formatted comments weren't XHTML compliant [Dirk]

 - Minor cleanups in style.css - no actual layout changes (bug #0000683) [Dirk]

 - Allow creation of banned users, i.e. ban the user on account creation [Dirk]

 - Minor improvements in the error handling, e.g. preventing Geeklog from

   creating error.log files outside the logs directory [Dirk]

 - Send a HTTP status code 503 "Service Unavailable" when the site is disabled

   [Dirk]

 - Hide the database password when the database backup failed and we're logging

   the mysqldump command [Dirk]

 - Disable OpenID login when new registrations are disabled [Dirk]

 - Allow to unset Configuration options again after they have been "restored",

   i.e. enabled (bug #0000664) [Dirk]

 - Adopted hack to allow multilingual blocks (bug #0000626) [Dirk]

 - Fixed SQL error in story submissions (reported by Chase) [Mike]

 - Stories with a publishing date in the future and stories with the draft flag

   set were accessible if you knew their story id (bug #0000678) [Mike]

 - Enabled siteconfig.php to override database config in core, primarily for

   rootdebug. [bug 0000673] [Mike]

 - Allow remote users to use the webservices (bug #0000640). Due to the

   authentication method it is not possible for OpenID users to use the

   webservices. Other remote users will have to use username@servicename for

   their username when logging in through the webservices [Dirk]

 - Fix to template.class to better handle full path being passed in [Blaine]

 - Updated PLG_uninstall to supress errors for table drop. [bug 0000668] [Mike]

 - Fixed INST_checkTableExists for MS SQL Support. [bug 0000668] [Mike]

 - Hardcode an ltr div around HTML tags in the allowed html tag list. Plus minor

   HTML compliance issues. [bug  0000669] [Mike]

 - Plaintext stories have nl2br applied in syndication feeds to provide correct

   formatting in feed readers. [bug 0000662] [Mike]

 - Changed SEC_createToken so that it will only return one token per page

   (effectively making it a singleton). This fixes the problem of not being able

   to delete comments when you also have trackbacks for the same article

   [Mike, Dirk]

 - Approving a story submission by saving it from the Admin's story editor left

   a duplicate in the submission queue, unless you changed the story ID at the

   same time [Dirk, Mark Evans]

 - Fixed user submission queue (reported by greenteagod) [Dirk]

 - Updated Hebrew language files, provided by LWC

 Calendar plugin

 ---------------

 - Fixed <brXHTML> tags in the German language files for the Calendar [Dirk]

 - Fixed date comparison ("End date is before start date.", bug #0000703) [Dirk]

 - Fixed Admin delete links in day and week view (bug #0000680) [Dirk]

 - Search for an event's "author" didn't work [Dirk]

 - Calendar block now includes events from the current day (in progress or all

   day events, bug 0000604, patch from forums) (really) [Mike]

 Links plugin

 ------------

 - Fixed passing the category on multi-page link lists [Dirk]

 - Fixed new category silently overwriting an existing category if they had the

   same id (part 2 of bug #0000659) [Dirk]

 - Fixed SQL error when trying to change a category id to an already existing id

   (part 1 of bug #0000659) [Dirk]

 Polls plugin

 ------------

 - For multi-question polls, make the "Vote" button read "Start Poll" in the

   polls block (bug #0000633) [Dirk]

 - Fixed display of "Results" link while a poll is open [Dirk]

 Static Pages plugin

 -------------------

 - Menu entries were not language-aware (in multi-language setups), i.e. all the

   menu entries were always displayed (bug #0000713) [Dirk]

 - Removed unused 'config_data' entry from the plugin uninstall function

   (bug #0000666) [Dirk]

 - Fixed printer friendly version of a static page not working when url_rewrite

   is enabled (bug #0000661) [Dirk]

 June 15, 2008 (1.5.0)

 -------------

 Geeklog 1.5.0 incorporates the following projects implemented during

 the 2007 Google Summer of Code:

 + New user-friendly install script by Matt West

 + New Configuration GUI (replacing config.php) by Aaron Blankstein

 + New Webservices API based on the Atom Publishing Protocol by Ramnath R. Iyer

 Changes since 1.5.0rc2:

 - Users that used a different theme than the site default would see the site

   switch temporarily back to the site's default theme when changing a config

   option. This was a side effect of the fix for bug #0000648 [Dirk]

 - In a tradeoff between security and convenience, we decided to go with

   security: The install script will no longer display the database credentials

   from db-config.php. The downside is that you will have to enter them again

   when doing a database upgrade or re-running the install (reported by Mark

   Evans) [Dirk]

 - Links plugin: The word "Root" wasn't taken from the language file for the page

   title of the public list of links (reported by Markus Wollschläger) [Dirk]

 - Fixed remaining places where the Admin panels had inconsistent layouts:

   Calendar list of events, Polls editor (bug #0000650) [Dirk]

 - Updated Hebrew language file, provided by LWC

 - Updated German language files, provided by Markus Wollschläger

 - Some Korean language files had a mixture of CR/LF and LF as line separators

   (bug #0000655) [Dirk]

 June 8, 2008 (1.5.0rc2)

 ------------

 Changes since 1.5.0rc1:

 - Hide the | separator for static pages with page format "blank page" (reported

   by Tetsuko Komma) [Dirk]

 - Hardcoded all URL entry fields in the templates and the date selection in the

   calendar plugin to dir="ltr" (reported by LWC) [Dirk]

 - Fixed handling of UTF-8 languages in the install script (reported by Tetsuko

   Komma) [Dirk]

 - Ensure consistent display of the admin lists (bug #0000650) [Dirk]

 - Sanitize the language in the install help (reported by Mark Evans) [Dirk]

 - Moved the hard-coded CSS for the System Message to the stylesheet [Dirk]

 - Added a workaround for the Yulup Atompub client that sometimes sends Text

   nodes within XHTML nodes [Dirk]

 - Made the Install / Upgrade buttons in the install script a bit wider to

   provide more space for the Japanese and German translations [Dirk]

 - Fixed bug #0000647: All modifications of usersettings should go through

   CUSTOM_usercheck [Blaine]

 - Removed hard-coded <ul> tags from the functions for the Admin, User, and

   Topics blocks. Added new blockheader-list.thtml, blockfooter-list.thtml

   template files for those blocks [Blaine]

 - Removed the fake {blockid} for the block templates as it was actually derived

   from the block title, resulting in layout changes when you changed the block

   title. It also didn't work properly with non-ASCII languages. Updated

   style.css and the block templates accordingly [Blaine]

 - Fixed setting the site's default language and default theme (bugs #0000646

   and #0000648) [Aaron, Dirk]

 - The bundled plugins don't need to read their config.php any more. This also

   avoids confusion if renaming the old config.php failed during the upgrade

   [Dirk]

 - Fixed SQL error in the Mail Utility when using the option to override user

   settings (reported by Michael Brusletten) [Dirk]

 - Fixed problems with the text direction in the install script (reported by LWC)

   [Dirk]

 - Updated Estonian language files, provided by Artur Räpp

 - Updated Hebrew language files, provided by LWC

 - Updated Japanese language files, provided by Takahiro Kambe, Tetsuko Komma,

   and the Geeklog.jp group

   Note: Only the UTF-8 versions of the Japanese language files are supported

   from now on. The euc-jp versions have been removed from the distribution.

 - Updated Polish language files, provided by Robert Stadnik

 - Updated Slovenian language file, provided by gape

 May 25, 2008 (1.5.0rc1)

 ------------

 Changes since 1.5.0b2:

 - Fixed story date/time when using the timezone hack (bug #0000639) [Dirk]

 - Fixed MS SQL upgrade [Mike]

 - Added code to beautify the language names in the install script [Dirk]

 - Ensure the "After Saving ..." options work as advertised [Dirk]

 - Fixed handling of empty form submission and display of error messages in the

   batch user import [Dirk]

 - Fixed text for the account reminder emails [Dirk]

 - Display value in the "Months since registration" column on the Batch User

   Admin screen without decimals again (as in 1.4.1) [Dirk]

 - Removed unused poll-vote, poll-vote-results classes from the Professional

   theme's stylesheet; added empty required-field, missing-field classes for

   future use (cf. bug #0000635) [Dirk]

 - Updated Chinese language files, provided by Samuel M. Stone

 - Updated Estonian language files, provided by Artur Räpp

 - Updated Slovenian language file, provided by gape

 Calendar plugin

 ---------------

 - Fixed missing ] in the headline of the day and week view [Dirk]

 - Fixed the template for the personal event editor (extra <td> tag) [Dirk]

 - Bugfix: In some cases, personal events would end up in the submission queue

   for site events [Dirk]

 - Fixed "Delete old entries" option (delete checkboxes were missing) [Dirk]

 May 20, 2008 (1.5.0b2)

 ------------

 Changes since 1.5.0b1:

 - {story_title} is now available in the article.thtml template file [Dirk]

 - Bugfix: When saving a (new) topic with one or more required fields missing,

   don't go back into the topic editor as that would cause a confusing "access

   denied" message [Dirk]

 - Hard-coded the text direction as "ltr" for some input fields and the date/time

   selection in the story editor (bug #0000150). Also removed "text-align:left"

   for the HTML body from the Professional theme's style sheet as it interferes

   with the ability to switch the text direction (reported by LWC) [Dirk]

 - Removed references to config.php from the documentation, some READMEs, and

   some source files (bug #0000627) [Dirk]

 - Don't include the (internal) 'subgroup' and 'fieldset' entries in the $_CONF

   arrays [Dirk]

 - COM_numberFormat wouldn't handle decimals correctly (bug #0000624) [Dirk]

 - Make sure the XHTML constant is defined if the theme doesn't already define

   it (bug #0000622) [Dirk]

 - Fixed invalid <brXHTML> tags in some language files (bug #0000621) [Dirk]

 - The URL sent in a user registration notification contained an & where it

   should have been a simple & [Dirk]

 - Updated German language files, provided by Markus Wollschläger

 Links plugin

 ------------

 - Fixed the "Validate Links" link from the list of categories [Dirk]

 Polls plugin

 ------------

 - Bugfix: When saving a (new) poll with one or more required fields missing,

   don't go back into the polls editor as that would cause a confusing "access

   denied" message [Dirk]

 - Renamed 'open' column in the gl_polltopics table to 'is_open' as "open" is

   a reserved keyword in MS SQL server [Matt]

 - Fixed duplicate sort_order value in the Polls config [Dirk]

 - Cosmetic changes in the Polls topic and results (bug #0000625) [Dirk]

 Static Pages plugin

 -------------------

 - Moved the print and edit icons to the bottom of a static page in the default

   staticpage.thtml template file. Also removed the icons from the default

   centerblock.thtml template file and defined the {lastupdate} and {hits}

   variables there (bug #0000628) [Dirk]

 - Removed an extra } from the Static Pages staticpage.thtml template file

   (reported by Markus Wollschläger) [Dirk]

 May 5, 2008 (1.5.0b1)

 -----------

 - Updated FCKeditor to v2.6 [Blaine]

 - LDAP remote authentication module, provided by Jessica Blank / MTV Networks

 - The {lang_attribute} can only properly be set in a multi-language setup

   (bug #0000616) [Dirk]

 - Removed Blogger remote authentication option. Blogger.com have changed their

   authentication process, so this module no longer works.

 - Emails sent from Geeklog now have an X-Originating-IP header to help track

   spam or abuse [Dirk]

 - The topic editor allowed you to enter topic IDs with more than 20 characters

   (reported by Markus Wollschläger) [Dirk]

 - Ease restriction that email addresses have to be unique: Remote accounts can

   have non-unique addresses, on-site accounts can't [Dirk]

 - Bug: Email user form doesn't display correctly with " in subject when sending

   is failed due to incomplete fields. [Mike]

 - Bugs: Ensure that site_url, site_admin_url, layout_url and xhtml available to

   all templates. [Mike]

 - Support for [raw][/raw] tag in HTML post mode. All the benefits of code and

   pre, with none of the ugly styling. [Mike]

 - Added an Atom self-link to RSS feeds. Sounds odd, but it is recommended by

   <http://feedvalidator.org/docs/warning/MissingAtomSelfLink.html> [Mike]

 - Improved support for podcasts in portal blocks and fixed an error where REALLY

   long syndication feeds could blow portal blocks up. [Mike]

 - Only use the multi-byte string functions when the current character set is

   UTF-8 (reported by Rick78) [Dirk]

 - COM_hit() is now called from COM_siteFooter() instead of doing the UPDATE SQL

   directly (reported by Joe Mucchiello) [Dirk]

 - New function SEC_encryptPassword() to be used when we have to encrypt a

   password. This is only a wrapper for md5() for now but should it make easier

   for us to use some other method in the future [Dirk]

 - Incorporated patches by Joe Mucchiello for places in the code where the

   template library was used incorrectly.

 - By defining the constant XHTML as ' /', themes can now be XHTML compliant

   (patches provided by dengen from geeklog.jp)

 - Added batch admin feature to send out account reminders [Blaine]

 - Hide "Create Account" link in the story submission form when new account

   registration has been disabled (reported by Markus Wollschläger) [Dirk]

 - Updated COM_startBlock to set a unique {blockid} template variable [Blaine]

 - Fixed checking of "Show Admin lists" in Group Admin when going to 2nd page of

   results [Oliver]

 - Created new function for Admin-Menu display and removed that functionality

   from ADMIN_list-functions. [Oliver]

 - Fixed missing N/A display when no plugin version number was available

   (reported by Machinari) [Dirk]

 - Avoid division by zero error when $_CONF['limitnews'] == 0

   (reported by Samuel M. Stone) [Dirk]

 - Bugfix: Atom always assumes 0.3 and doesn't handle article dates. (Reported by

   mystral-kk on the forums). [Mike]

 - Added OpenID 1.1 support, provided by Choplair

 - Pass site_name into story templates so advanced linking to items like digg.com

   can be templated cross-site. [Mike]

 - Revamped DB Backups option. It now lists all backups (all .sql files), and

   lets you download and delete backups from there [Dirk]

 - Fixed checking for errors when sending Pingbacks or Pings [Mike, Dirk]

 - When receiving a Pingback, optionally create an excerpt from the text of the

   site that sent the Pingback [Dirk]

 - Portal blocks now use the HTTP Last-Modified and ETag headers to only request

   feeds when they have changed [Dirk]

 - The {read_more_class} variable now contains class="story-read-more-link" (if

   defined) for consistency with the class name used in {readmore_link} [Dirk]

 - Changed the Security Check to only check if any Root users have their password

   as "password" [Dirk]

 - Made admin/sectest.php recognize 403 status codes (reported by THX100) [Dirk]

 - All plugin API's, where not doing very, very plugin specific activities now

   call a matching CUSTOM_ function. [Mike]

 - Integrated support for passing parameters to phpblock functions (Patch #643 by

   Joe Mucchiello) [Mike]

 - Fixed numerous HTML errors in admin pages [Oliver]

 - Added a missing blank between the day's name and the date in the Older Stories

   block (reported by Jeruvy's girlfriend, via IRC) [Dirk]

 - fixed bug [#648] sending new password email returns "Ok" message although

   it fails when SMTP Server cannot be reached [Oliver]

 - Need to include parameters in the URL when sending Pingbacks, e.g. to

   Serendipity [Dirk]

 - When sending Pingbacks, also search for <link rel="pingback"> if the linked

   site does not send an X-Pingback header [Dirk]

 - When sending Pingbacks for a story that had identical link texts for different

   URLs, only the last of those links was pinged [Dirk]

 - Implemented new Autouninstall for plugins. Plugins runs a function that passes

   a specific array to a core function that removes all given element of the

   plugin.  The function inside the plugin can handle aditional removals that

   the core code cannot [Oliver]

 - Fixed search by date in Calendar (reported and patch provided by Jeffrey Hare)

 - Only allow autotags in normal blocks (bug #653) [Dirk]

 - Added {story_topic_image_no_align} and {story_anchortag_and_image_no_align}

   in stories so that you have access to the topic image without the alignment

   (feature request #410) [Dirk]

 - Show autotags in story editor to Admin even if all HTML is allowed [Oliver]

 - Allow comments to be closed, i.e. display the existing comments but don't

   accept any new ones [Dirk]

 - Introduced COM_getCharset which returns the currently used character set (to

   avoid code duplication). It should be save to simply use $LANG_CHARSET in

   most cases, though [Dirk]

 - Added optional Wikitext postmode for stories [Oliver]

 - Added optional noreply-email address option to config.php to prevent

   spammers retrieving the admin's email address from registering online [Oliver]

 - Added support for "Microsummaries" to index.php.

   See (http://wiki.mozilla.org/Microsummaries) [Mike]

 - Story "Rewrite" - significant re-structure of story code to fix all issues

   with posting HTML special characters etc. [Mike]

 - Added ability to have Body Text in user submitted stories. To deactivate,

   edit layout\theme\submit\submitstory.thtml and submitstory_advanced.thtml

     [Mike]

 - fixing the dimension-resizing of uploaded images. If an image would be within

   the max width after resizing, the max height might still be off. This is

   solved with the new code. [Oliver]

 - Removed tzcode table and started using PEAR::Date instead since all timezone

   information is stored in there. [Oliver]

 - Added timezone selector to preferences page [Oliver]

 - Fixed COM_getLangSQL() to escape the underscore character '_' which happens

   to be a wildcard character when used with LIKE. In a multi-language setup,

   this may accidentally display unwanted items (reported by Kenji Ito) [Dirk]

 - Addressed problems with the text direction (ltr/rtl) and the hard-coded

   English text in admin/sectest.php (reported by LWC) [Dirk]

 - Due to a language file change, the login form in users.php ("Try Logging in

   Again") now asked for a "new password" (reported by Laugh) [Dirk]

 - Remove the "Are you secure?" (getBent) block from the database as its

   functionality has been moved to admin/sectest.php (reported by LWC) [Dirk]

 - Added config option what should be displayed after user saving [Oliver]

 - Added config option what should be displayed after story saving [Oliver]

 - Images in articles (inc. topic icon) aligned with float [Oliver]

 - New Czech language file for the Calendar and Links plugins, provided

   by Ondrej Rusek

 - New Danish language file for the Calendar plugin, provided by dirtyjensen

 - Updated Dutch language files, provided by Ronald Edelschaap

 - New Dutch language file for the Calendar plugin, provided by John van Gaal

 - Updated French Canadian language files for Geeklog and the Static Pages plugin

   and new language files for the Calendar, Links, and Polls plugins, provided

   by Jean-Francois Allard

 - Updated Hebrew language file, provided by LWC

 - Updated Japanese language files for Geeklog and all the plugins, provided

   by the Geeklog Japanese group

 - New Korean language files for Geeklog and most of the plugins, provided

   by Tetsuko Komma and Kim Younghie

 - Updated Spanish (UTF-8) language file and new Spanish (UTF-8) language files

   for all the plugins, provided by Jose R. Valverde

 Calendar plugin (1.0.2)

 ---------------

 - Calendar block now includes events from the current day (in progress or all

   day events, bug 0000604, patch from forums)

 - Fixed deleting events submissions from the Events editor [Dirk]

 - The global $_STATES has been removed from Geeklog. The state in an event's

   details is now a simple text entry field.

 - The form to add an event to the personal calendar was missing the site footer

   (reported by Mark Evans) [Dirk]

 - Fixed Calendar feeds: The first parameter to the getFeedContent function is

   the feed's ID, not the feed limit (bug #659) [Dirk]

 - Highlight search queries [Dirk]

 - Autouninstall implemented [Oliver]

 - Added Batch-Delete functionality [Oliver]

 - Added config option what should be displayed after event saving [Oliver]

 Links plugin (2.0.0)

 ------------

 - Fixed deleting link submissions from the Links editor (didn't work in at least

   all 1.4.x versions) [Dirk]

 - Added owner_id field to submissions to record submitter and align with

   stories behavior [Oliver]

 - Autouninstall implemented [Oliver]

 - Added "Report Broken Link" function [Oliver]

 - Added Link Verification to Link Admin [Oliver]

 - Added config option what should be displayed after link saving [Oliver]

 - Added Link sub-category options [Euan]

 Polls plugin (2.0.1)

 ------------

 - Autouninstall implemented [Oliver]

 - Added Support for multiple questions grouped into a survey [Oliver]

 - Added Support for closing polls [Oliver]

 - Added Support for hiding poll results of open polls [Oliver]

 - Added config option what should be displayed after event poll [Oliver]

 Spam-X plugin (1.1.1)

 -------------

 - Fixed the "edit" modules not working with the French language files (reported

   bye Joe) [Dirk]

 - Autouninstall implemented [Oliver]

 - Fixed an error with the SLV module when $_CONF['site_url'] was empty

   (reported by AA6QN) [Dirk]

 - Added support for blocking entire IP ranges, using either CIDR notation or

   simple x.x.x.x-y.y.y.y ranges [Dirk]

 Static Pages plugin (1.5.0)

 -------------------

 - Bugfix: In a multi-language setup, we need to be able to see all topics for

   the centerblock option [Dirk]

 - Bugfix: Allow the static pages "page format" setting to override

   $_CONF['show_right_blocks'] (reported by Simon Lord) [Dirk]

 - New Static pages Autotag: staticpage_content to return the contents of a

   static page instead of a link to a static page [Oliver]

 - Now using a template to display static pages [Oliver]

 - Autouninstall implemented [Oliver]

 - The static pages editor was looking for the advanced editor template in the

   wrong place, due to an uninitialized variable (reported by k74) [Dirk]

 - Allow static pages to replace tags also on PHP-generated content [Oliver]

 - Added config option what should be displayed after page saving [Oliver]

 - Added comments feature [Oliver]

 Dec 31, 2006 (1.4.1)

 ------------

 - Changed the default character set in config.php back to iso-8859-1 [Dirk]

 - Removed display of the site URL from admin/sectest.php. On sites not installed

   in the webroot, it did not display the site's actual URL, which only causes

   confusion (reported by Dazzy) [Dirk]

 - Fixed conflict between the Spam-X DeleteComment and SLVreport action

   modules which prevented the count of deleted spams from being incremented

   [Dirk]

 - Fixed max. allowed length for a user's homepage (128) and location (96) in the

   preferences/profile.thtml template file (reported by burjans) [Dirk]

 - Fixed page title after a successful batch import of users (which read "Error")

   [Dirk]

 - Back in Geeklog 1.4.0, a counter was added to the Spam-X plugin to count all

   deleted spam posts. The counter was only added in fresh installs of 1.4.0,

   though, but not when upgrading from an earlier version. Fixed that [Dirk]

 - In lists created from the Links and Calendar plugins, use "links-new-plugin"

   as the CSS class name [Oliver]

 - Updated Estonian language file, provided by Artur Räpp

 - Updated Russian language file, provided by Alexander Yurchenko

 - New Russian language file for the Calendar plugin, provided by Alexander

   Yurchenko

 - Updated Turkish language file, provided by Kemal Cellat

 Dec 17, 2006 (1.4.1rc1)

 ------------

 - Improved handling of UTF-8 feeds (feature request #631) [Mike, Dirk]

 - Fixes for the remaining MS SQL issues (bugs #620, #621, #622, #624)

   [Randy Kolenko, Dirk]

 - Initialize SQL request arrays to prevent PHP errors (e.g. with static pages),

   reported by ldfoo [Dirk]

 - Escape the '#' sign in spam checks since we're using it as the separator

   character for the regexp [Dirk]

 - Mark Evans provided a set of patches that let plugins hook into the user

   registration, story and comment submission as well as the contact user and

   email story forms. These hooks can be used to add CAPTCHAs to those forms,

   but may also come in handy for other plugin applications.

   Also modified several template files to include a {captcha} variable to ease

   installation of Mark's CAPTCHA plugin.

 - Update the timestamp for the last run of PLG_runScheduledTask before calling

   the function to minimize the risk of the call being triggered more than once

   (bug #628) [Dirk]

 - In a multi-language setup, allow one static page per language to take over

   the index page (bug #625) [Dirk]

 - sectest.php didn't perform the test for the install script and default

   passwords on some setups (reported by Christian Weiske) [Dirk]

 - Fixed "delete account" option (reported by Paul Lelgemann) [Dirk]

 - Fixed counting of comments in several places where comments were counted

   without taking the type of the parent object into account (e.g. when a story

   and a poll happened to use the same id, their comment counts would have been

   messed up) [Dirk]

 - Editing a story did reset the trackback count (reported by T. Marquez) [Dirk]

 - In the admin's story editor, set the debug option for the image upload only

   when $_CONF['debug_image_upload']  = true (thus avoiding the "Warning: File #x

   on the HTML form was empty" messages in error.log) [Dirk]

 - Renamed [calendar:] autotag back to [event:] for backward compatibility. It

   also makes more sense this way, since it does provide a link to an event, not

   a link to a calendar (bug #619) [Dirk]

 - Need to check if field 'etids' is NULL (for MySQL 4) for the Daily Digest

   (bug #595) [Dirk]

 - Removed the outer table from the layout and merged several style declarations

   into the body-tag declaration [Oliver]

 - The spam check for comment posts did not include the comment title (reported

   by Laugh) [Dirk]

 - When multi-language support is enabled, allow language-specific overrides

   of the locale settings, e.g. $_CONF['date_en'] and $_CONF['date_de'] to

   overwrite $_CONF['date'] depending on the current language [Dirk]

 - When installing the Geeklog database using InnoDB tables, create a

   'database_engine' entry in gl_vars, so that plugins know to use InnoDB for

   their tables. Updated the bundled plugins to act accordingly [Dirk]

 - DB_query will now (optionally) accept an array of SQL request strings from

   which it will pick the one applicable for the currently used database type

   [Vinny, Dirk]

 - Provide some more meta information in header.thtml [Dirk]

   + added optional {lang_id} variable and lang attribute

   + added a hreflang attribute to the feed links

   + added <link rel="home">, <link rel="search">, <link rel="contents"> links

     (via the {rel_links} variable)

 - COM_isFrontpage has been deprecated, as it had its return values inverted

   (returns false when on the site's index page). Use COM_onFrontpage instead

   from now on [Dirk]

 - Fixed check for new stories from archive topic [Dirk]

 - Call PLG_templateSetVars() from STORY_renderArticle() so we can have custom

   variables in the story templates [Dirk]

 - Updated Chinese language files (traditional and simplified), provided by

   Samuel M. Stone

 - Updated Japanese language files for Geeklog and all the plugins, provided

   by the Geeklog Japanese group

 - Updated Ukrainian language files (Windows-1251, KOI8-U, and UTF-8 encoding)

   for Geeklog and all the plugins, provided by Vitaliy Biliyenko

 Nov 5, 2006 (1.4.1b2)

 -----------

 - Fixed potential SQL injection in the story editor preview (required Story

   Admin permissions) [Dirk]

 - Added multi-language support in static pages centerblocks and search [Dirk]

 - When cloning a static page, keep the original's "wrap in a block" setting

   [Dirk]

 - Spam-X stats: Removed MT-Blacklist entry, added SLV whitelist entry [Dirk]

 - Don't add empty "No Title" links in portal blocks when the feed has less than

   the configured max. number of entries (bug #610) [Dirk]

 - Added support for COM_mail to use a parm for a CC: distribution list [Blaine]

 - Fixed bug #603, hardcoded mysql_error() [Oliver]

 - Fixed bug #604, delete trackbacks of a story when story is deleted [Oliver]

 - Allow users to switch the language again, even when the default character set

   is not UTF-8. It is, however, not possible to mix UTF-8 and other charsets.

   Also, "UTF-8" is not displayed in the language dropdown any more [Dirk]

 - Corrected SQL for group counting in Admin menu for root admin to fix bug #573

   [Oliver]

 - Properly encode non-ASCII characters in email headers (subject, names),

   loosely based on patch #489 and code from Cal Henderson's book [Dirk]

 - Removed the Calendar styles and moved them to a dedicated file in the

   plugin's directory [Oliver]

 - Sorted all stylesheet definitions alphabetically and split semantics and

   classes [Oliver]

 - When making a topic the archive topic, update all existing stories in that

   topic to "archived" status (and likewise revert that status if the topic

   loses its archive topic status) [Dirk]

 - Don't count archived stories as new stories in the What's New block [Dirk]

 - Moved the defines for STORY_ARCHIVE_ON_EXPIRE and STORY_DELETE_ON_EXPIRE to

   lib-story.php (from config.php) where they make more sense [Dirk]

 - COM_getPermSQL was using the current user's group information when called for

   another user. In Geeklog, this only happens for the Daily Digest, though

   (bug #594) [Dirk]

 - When comments are disabled for a story, don't show any existing comments in

   the What's New block, in search results or via comment.php (bug #597) [Dirk]

 - When trackbacks are disabled for a story, don't list any existing trackbacks

   in the What's New block [Dirk]

 - In the Admin's User Editor, disabled the checkboxes for the All Users,

   Logged-in Users, and Remote Users groups to prevent accidental change of

   group membership [Dirk]

 - When deleting a topic, also delete all Trackbacks attached to stories in that

   topic and update the Older Stories block and the feeds [Dirk]

 - Fixed approve / delete of draft stories from moderation.php [Dirk]

 - Strip blanks from the name of a PHP block function when saving a PHP block

   [Dirk]

 - Fixed / added multi-language support in the article directory, What's New

   block, and the search for stories and comments [Dirk]

 - Fixed an SQL error when changing a story's ID [Dirk]

 - Call SET NAMES 'utf8' when using UTF-8 as the site's character set (with

   MySQL), as pointed out by several people [Dirk]

 - Removed wrong parameter when calling up the comment form again when the

   comment's title was missing. This bug existed for both story and polls

   comments. (bug #591) [Dirk]

 - Users who were only in the Syndication Admin group didn't have access to

   Command and Control (moderation.php) [Dirk]

 - For Block, Group, Polls, Story and Topic Admins only display the number of

   the respective entries they can actually see (instead of the number of all

   entries, e.g. topics, in the system) [Dirk]

 - Fixed highlighting parse error when the search term contained an apostrophe

   (bug #590) [Dirk]

 - Improved (and subsequently fixed) Pingback spam detection which now also uses

   the $_CONF['check_trackback_link'] settings [Dirk]

 - directory.php was still using $LANG30 instead of $LANG_MONTH (bug #583) [Dirk]

 - When upgrading the database from 1.4.0, only update those plugins that are

   actually installed (disabled or not) [Dirk]

 - CSS Changes to support better scaling of Font size - using browser Text-Size

   adjustment. Removed many extra font-size declarations. [Blaine]

 - Don't allow viewing of a Banned user profile unless user admin [Blaine]

 - Only call CUSTOM_loginErrorHandler when custom_registration is enabled

   (bug #584) [Blaine]

 - Fixed SQL error with some older MySQL versions when calling up the Batch User

   Delete option [Oliver]

 - Comments always displayed the comment author's full name, even when

   $_CONF['show_fullname'] was set to 0 [Dirk]

 - Fixed 404 (caused by a request for a file named '(none)') in the user profile

   display when a user doesn't have a userphoto [Dirk]

 - New Estonian language files for Geeklog and most of the plugins, provided

   by Artur Räpp

 - Updated Hebrew language file, provided by LWC

 - Updated Japanese language files for Geeklog and all the plugins, provided

   by the Geeklog Japanese group

 - New Russian language files for the Spam-X plugin, provided by Pavel Kovalenko

 - Updated Slovenian language files for Geeklog and all the plugins, provided

   by gape

 Calendar plugin

 ---------------

 - Created a dedicated stylesheet file and include the file only if the URL

   contains the word 'calendar' [Oliver]

 - Tweaked the Calendar search result listing: Removed the Event Description

   (usually too long for the result listing), replaced Location (which is only a

   part of the address and not very helpful) with Event Type, minimized Date &

   Time display for events lasting only one day (don't list date twice) [Dirk]

 Links plugin

 ------------

 - Renamed classes block-vote-results to poll-vote-results and block-vote to

   poll-vote [Oliver]

 - Removed duplicate "Other" entry from the Link submission form [Dirk]

 - In the Admin's list of links, only display an edit icon for links that the

   current user can actually edit (they did get a proper error message when

   trying to edit such a link, though) [Dirk]

 - Don't return the number of links in the links submission queue if the

   current user does not have links.moderate permissions [Dirk]

 - Filter out special characters from link IDs. They were properly escaped

   before storing them in the database but caused problems when using them

   (bug #565) [Dirk]

 Sep 17, 2006 (1.4.1b1)

 ------------

 - Changes to templates and CSS to remove deprecated HTML (align= and valign=)

   Removed un-used CSS declarations, redundant font-family declarations

   Removed use of font-size percentage and used more acceptable EM units [Blaine]

 - Don't display an "edit" link in a story if the current user doesn't have

   edit permissions for the story's topic (bug #558) [Dirk]

 - Added a new script to check the site's security (admin/sectest.php). This

   replaces the "get bent" PHP block, but also performs additional checks [Dirk]

 - Created a Batch Delete function for users that easily identifies inactive or

   old users and allows mass-deletion of those [Oliver]

 - Updated FCKeditor to version 2.3.1 [Blaine]

 - Added ability to filter out Admin related groups on the Group Admin page

   Allows users to easily see only user groups. When editing non-core groups,

   You can select if this group is an Admin Group [Blaine]

 - Added ability to multi-select submission queue items on the moderation page

   and delete them all at once [Blaine]

 - Always make "Submissions" the first entry in the Admins Only block to keep

   the correspondence between the other entries and the icons on the moderation

   page undisturbed (and because it's an important entry) [Dirk]

 - Fixed 'emailstoriesperdefault' config option (bug #553) [Dirk]

 - Added support for Microsoft SQL Server, provided by Randy Kolenko

 - Introduced $_CONF['disallow_domains'] as a blacklist of domain names that are

   not allowed for new users during signup. Both 'disallow_domains' and

   'allow_domains' can also contain regular expressions [Dirk]

 - Introduced DB_lockTable / DB_unlockTable to encapsulate the LOCK / UNLOCK

   requests when updating the comments table [Dirk]

 - Fixed bug: [#540] Blocking the last Root user or yourself should not be

   possible [Oliver]

 - Fixed bug: [#546] The phrase "Story Stats" is hardcoded [Oliver]

 - Added a spam check to the email user form [Dirk]

 - Use the same piece of code to compare plugin version numbers in lib-admin.php

   and admin/plugins.php to avoid the "update" button not appearing for some

   version numbers (bug #542) [Dirk]

 - Re-implemented $_CONF['allow_domains'] whitelist (when the user submission

   queue is enabled) that was inexplicably missing from 1.4.0 [Dirk]

 - Merged User Preferences and Account information into one page, like the

   Story editor with tabs etc. [Blaine, Oliver]

 - Tried to make "3 new stories in the last 1 day" sound less awkward by going

   back one unit, i.e. "3 new stories in the last 24 hours", in the What's New

   block (likewise for 1 week, 1 month, etc.) [Dirk]

 - Introduced config options to set the default for the story's draft flag

   and frontpage option (feature request #163) [Dirk]

 - Introduced $_CONF['hide_main_page_navigation'] to hide the "Google paging"

   from index.php (may be useful for some layouts) [Dirk]

 - Allow (optional) usage of autotags in "normal" blocks (can be enabled /

   disabled per block) [Dirk]

 - Introduced a {story_counter} variable in the story templates. It's 0 on the

   article page and in previews, but 1 for the first story, 2 for the second,

   etc. on the index page (per page, i.e. starts with 1 again on the second page)

   [Dirk]

 - Require that users enter their current password when changing their password,

   email address or "Remember me for" setting. Redesigned the Account Information

   page and added a note about this requirement. [Dirk]

 - Prevent accidental banning of users when the Admin edits a user's information

   using a theme that wasn't updated for Geeklog 1.4.0+ [Dirk]

 - $_CONF['show_fullname'] now works as expected, i.e. when setting it to = 1,

   a user's full name will be displayed everywhere in Geeklog instead of the

   username (assuming the users entered their full name) [Dirk]

 - Fixed a bug in the article directory where December was not listed when no

   stories had been posted in that month (reported by Kino and Ivy of geeklog.jp)

 - Replace Geeklog's [imageX] tags before extracting the What's Related links

   from a story to prevent the (verbatim) tag to show up in the block [Dirk]

 - Update story ids in the gl_trackback table when a story's id is changed [Mike]

 - Implemented new plugin API function, PLG_spamAction, to perform the spam

   actions in case spam has been detected through some other means (e.g.

   trackbacks from sites that don't link back to us) [Dirk]

 - Implemented new plugin API function, plugin_enablestatechange_, to inform

   plugins when they are about to be enabled / disabled (Patch #405) [Dirk]

 - Support backslashes in comment and submissions in HTML mode [Mike]

 - Added breadcrumb functionality to the navbar class (v1.1) [Blaine]

 - Enhancements to navbar templates and CSS for a more 3D TAB'ed look [Blaine]

 - Changed several <table>s to <div>s + CSS in the Professional theme [Oliver]

 - Introduced generic function to delete a user's photo to avoid code

   duplication and slightly different error handling in various places [Dirk]

 - Made the new user registration form remember the user's input so that they

   don't have to retype everything in case of an error [Dirk]

 - In the Admin's user list, banned users are indicated by striked-through

   entries (based on a hack by Andy Maloney) [Dirk]

 - Added new setting $_CONF['onlyrootfeatures']. This is for sites where two or

   more story admins can feature stories that the other admins cannot see. The

   setting prevents that one admin does not see that there is another recent

   story featured and sets one by himself, "stealing" the feature from the other.

 - Changed "Reply"-button to "Post a comment" [Oliver]

 - Implemented an error handler to supress all PHP level errors and display a

   much more userfriendly error text to the end user. Prevents all path exposure,

   prevents "white error page" mystery debugging fun. [Mike]

 - Full sweep of all code for $_REQUEST/$_GET/$_POST and $_COOKIE use. Made sure

   that COM_applyFilter, or other safe usage is made of the variables. [Mike]

 - Added an option to hide the "No News To Display" message on the index page

   (new config option $_CONF['hide_no_news_msg']) [Dirk]

 - Added an option to check if the sites sending trackbacks are actually linking

   to our site (see $_CONF['check_trackback_link'] in config.php) [Dirk]

 - Made it impossible to save two syndication feeds with identical filenames

   [Oliver]

 - Stories with comments/trackbacks disabled, do not show comment/trackback

   url in RSS feeds [Mike]

 - Added email confirmation fields for new user and usersettings [Oliver]

 - Allow changing of group ownership for "gldefault" blocks. Requires a change

   in admin/block/defaultblockeditor.thtml to enable the group dropdown. On a

   fresh install, all the blocks (with the exception of "Are you secure?") are

   now owned by the Block Admin group [Dirk]

 - Users created by a User Admin should not be queued for approval, even when

   $_CONF['usersubmission'] = 1 [Dirk]

 - Introduced 'syndication.edit' permission and 'Syndication Admin' group so

   that access to the Content Syndication panel no longer requires 'Root'

   permissions [Dirk]

 - For the "Submissions" entry in the Admins Only block, only count story and

   event submissions when the current user has story.moderate or event.moderate

   permissions, respectively [Dirk]

 - On admin/moderation.php, list the stories that have their draft flag set only

   when the current user has story.edit permission [Dirk]

 - Fixed empty lines in a Group Admin's list of groups when that Group Admin

   was not a member of all groups [Dirk]

 - Renamed the misnamed CUSTOM_runSheduledTask function (in lib-custom.php) to

   CUSTOM_runScheduledTask. Don't forget to make that change in your copy of

   lib-custom.php if you're using that functionality! [Dirk]

 - Improved error log contents when unable to acquire a feed reader for a portal

   block. [Mike]

 - Extended plugin API for feed extensions to include feed id and the topic (for

   adding topic/feed specific data) [Mike]

 - Don't attempt to rename a non-existing user photo when

   $_CONF['allow_username_change'] is enabled (reported and fix suggested by

   Yusuke Sakata) [Dirk]

 - Made changes to ensure compatibility with MS SQL, as suggested by

   Randy Kolenko [Dirk]

 - The "last login date" column in the Admin's list of users now uses

   $_CONF['shortdate'] so that it includes the year [Dirk]

 - Fixed batch user import (which set all imported users to status "Awaiting

   Authorization" instead of "Awaiting Activation") [Mike]

 - Fixed admin lists google paging for use in static pages etc. [Oliver]

 - Added support for a custom login error handler function,

   CUSTOM_loginErrorHandler [Blaine]

 - Format the user agent string according to the RFCs 1945 / 2068 / 2616, i.e.

   "Geeklog/1.4.1" when trying to detect a Trackback URL [Dirk]

 - Made the search option on the Admin pages behave like the site search, i.e.

   it doesn't require you to pad queries with '*' any longer [Dirk]

 - In story search results, show/hide the "Author" and "Views" columns based on

   the $_CONF['contributedbyline'] and $_CONF['hideviewscount'] settings [Dirk]

 - Introduced $_CONF['title_trim_length'] to make the max. title length of items

   in the What's New block configurable (feature request #525). Also implemented

   a new function COM_truncate (based on a patch by Yusuke Sakata) that properly

   handles truncation of multi-byte text strings if the mb_ functions are

   available [Dirk]

 - Added a JavaScript confirmation box to most delete buttons/links. If you'd

   rather not have such a confirmation, use {delete_option_no_confirmation}

   instead of {delete_option} in the admin templates [Dirk]

 - Fixed RSS Feed parser to create RFC 822 dates in en_GB or en_US locale as per

   the RFC spec [Mike]

 - Removed obsolete "do not use spaces" warning from user editor (bug #530)

   [Dirk]

 - Show fullname/username according to config.php settings in stories [Oliver]

 - Added possibility to change the css-class for admin list headers and fields

   [Oliver]

 - Added unified new style class to stats.php/style.css to have all lists on

   the page look the same [Oliver]

 - Added multi-language support, based on earlier works by Euan McKay and LWC.

   Also see http://wiki.geeklog.net/wiki/index.php/Multi-Language_Support

 - Changed the default path for topic icons to /images/topics [Dirk]

 - Fixed an SQL error when calling up the Admin's list of stories without any

   topics [Dirk]

 - Removed the public_html/portal.php script, as it is no longer needed [Dirk]

 - Remove uninstalled plugins from the global $_PLUGINS array immediately

   (just in case the array would be used to trigger any actions) [Dirk]

 - The "Topic" column in the list of feeds was empty for feeds that are only

   linked from a topic page [Dirk]

 - Only use the mb_substr workaround in the calendar when the current character

   set is UTF-8 (bug #524) [Dirk]

 - Fixed SQL error on MySQL 5 when listing the members of a group (bug #527)

   [Dirk]

 - When emailing a story, don't include the text "Comment on this story at ..."

   when comments have been switched off for that story [Dirk]

 - Fixed wrong wording of some of the "access denied" messages when trying to

   access Admin panels without proper privileges [Dirk]

 - Fixed display of Admin block for users that only had certain Admin privileges

   [Dirk]

 - New Afrikaans language file, provided by Renier Maritz

 - Updated Hebrew language file, provided by LWC

   The Hebrew language file was also renamed to hebrew_utf-8.php for consistency

   with the other UTF-8 language files.

 - Updated Turkish language file, provided by Kemal Cellat

 Calendar plugin (1.0.0)

 ---------------

 - Bugfix: Replace autotags in the event description [Dirk]

 - Added an option to switch between 24 hour and 12 hour am/pm mode for entering

   and editing events [Dirk]

 - Implemented plugin_enablestatechange API function to enable/disable plugin

   feeds and blocks when the plugin is enabled/disabled [Dirk]

 - Added calendar plugin initial version [Oliver]

 Links plugin (1.0.1)

 ------------

 - Implemented plugin_enablestatechange API function to enable/disable plugin

   feeds when the plugin is enabled/disabled [Dirk]

 - Changed the english language file from "Web Resources" to "Links"

 - Fixed hard-coded link to the "admin" directory when editing a link (reported

   by Ronnie Rigl) [Dirk]

 - Optimized SQL requests for the plugin's What's New section [Dirk]

 - Re-introduced {button_links} header variable [Dirk]

 - Added an option to hide the Top Ten Links on the first page [Dirk]

 - Made the page title on the Web Resources page more informative by adding the

   category and page number [Dirk]

 - The edit icon (only visible for Links Admins) now uses the same image type

   as the current theme (was previously hardcoded to "edit.gif") [Dirk]

 - Hide the "Web Resources" link from the menu when login is required to see

   the links (for consistency with the Polls plugin) [Dirk]

 - Added a title attribute to the links on the site stats page that contains

   the link's actual URL [Dirk]

 - Fixed site link in search results which wasn't using portal.php [Dirk]

 - The Admin's search option now also searches the link description [Dirk]

 - Removed extra <small> tags from the What's New section (bug #526) [Dirk]

 Polls plugin (1.1.0)

 ------------

 - Fixed call to undefined function polllist when calling up a non-existing

   poll [Dirk]

 - Implemented plugin_enablestatechange API function to enable/disable the poll

   block when the plugin is enabled/disabled [Dirk]

 - Fixed search [Dirk]

 - Added a remark field for polls answers [Oliver]

 - Re-introduced {button_polls} header variable [Dirk]

 - Added an option to hide the link to the polls from the menu (for consistency

   with the Links plugin) [Dirk]

 - Fixed poll URLs on the site stats page [Dirk]

 - Remove the polls block when uninstalling the Polls plugin (another part of

   bug #520) [Dirk]

 Spam-X plugin (1.1.0)

 -------------

 - Added SLV (Spam Link Verification) modules [Dirk]

 - The MT-Blacklist modules are not being shipped with Geeklog any longer. The

   MT-Blacklist entries are removed from the database during the upgrade [Dirk]

 - Allow special characters (e.g. backslashes) in the Admin modules (e.g. the

   Personal Blacklist module) [Dirk]

 - Moved spam actions to plugin_spamaction_spamx API function [Dirk]

 - Fixed potential problems with the checkforSpam function's return code in case

   of unusual configurations (e.g. $_CONF['spamx'] = 0) [Dirk, Tom Willet]

 - Made the plugin's internal log flag a proper config option. So you can now

   disable logging to spamx.log from the plugin's config.php [Dirk]

 - Mass delete by IP now uses stored IP address [Mike]

 Static Pages plugin (1.4.3)

 -------------------

 - Make sure autotags are replaced even when execution of PHP code is disabled

   (reported by LWC) [Dirk]

 - Added a help URL for the block display of static pages [Oliver]

 - Added ability in staticpage editor to enable/disable Advanced Editor mode

   so you can use FCKeditor and then if need basic html edit mode [Blaine]

 - Fixed default sorting order for the list of static pages [Dirk]

 - Allow to show/hide update date/time and hits [Oliver]

 - When creating a new page, don't set the default group ownership to the Static

   Page Admin group if the current user is not a member of that group. Instead,

   pick a group with staticpages.edit permission that the user is a member of

   [Dirk]

 - Fixed paging for the list of static pages (bug #528) [Dirk]

 January 8, 2008 (1.4.0sr6)

 ---------------

 MustLive pointed out a possible XSS in the form to email an article to a

 friend that we're fixing with this release.

 July 23, 2006 (1.4.0sr5-1)

 -------------

 This release fixes display problems in the comment preview that were only

 introduced in Geeklog 1.4.0sr5 (as a result of the fix for the XSS).

 The complete 1.4.0sr5-1 tarball also includes the following language files:

 - New Afrikaans language file, provided by Renier Maritz

 - Updated Hebrew language file, provided by LWC

 - Updated Turkish language file, provided by Kemal Cellat

 July 16, 2006 (1.4.0sr5)

 -------------

 JPCERT/CC informed us about a possible XSS in the comment handling that we're

 fixing with this release.

 June 30, 2006 (1.4.0sr4)

 -------------

 Two exploits have been released by "rgod" for insecure Geeklog installations

 and for a bug in the "mcpuk" file manager that we've been shipping as part of

 FCKeditor in all 1.4.0 releases.

 - Some of the files outside of the public_html directory were not protected

   against direct execution. If Geeklog was installed such that those files were

   accessible from a URL (which has always been strongly discouraged in the

   installation instructions) then those files could be used to load and

   execute malicious code from a remote server.

   More information: http://www.geeklog.net/article.php/so-called-exploit

   In this release, we've added the missing execution prevention for all files

   outside of public_html. We would still, however, suggest that you fix your

   Geeklog install if the files outside of public_html are accessible from a URL.

 - The "mcpuk" file manager that we've integrated into FCKeditor allowed the

   upload of arbitrary PHP code (even if FCKeditor was disabled in Geeklog's

   config.php). Depending on your webserver's configuration, it was then possible

   to execute that uploaded code.

   More information:

   http://www.geeklog.net/article.php/exploit-for-fckeditor-filemanager

   The file manager has been removed from this release. You will therefore no

   longer be able to upload files, e.g. images, through FCKeditor. Future

   versions of Geeklog will ship with an updated version of FCKeditor and its

   included file manager.

 May 28, 2006 (1.4.0sr3)

 ------------

 The Security Science Researchers Institute Of Iran reported the following

 security issues:

 - Possible SQL injection and authentication bypass in auth.inc.php

 - Possible XSS in getimage.php

 - Path disclosure in getimage.php and the functions.php of some themes,

   e.g. the Professional theme

 An internal code review also revealed a possible SQL injection in story

 submissions.

 Mar 5, 2006 (1.4.0sr2)

 -----------

 Security issues:

 - Konstantin Dyakoff found an old bug in the session handling that would allow

   anyone to log in as any user.

 - HTML was not stripped from the Location field in a user's profile.

 Feb 19, 2006 (1.4.0sr1)

 ------------

 Security issues:

 - James Bercegay of GulfTech Security Research reported several issues with

   Geeklog's cookie handling that made it vulnerable to SQL injections, arbitrary

   file access, and even injection and execution of arbitrary code.

 Bugfixes:

 - Fixed bug in page-break combined with url rewrite (bug #521) [Oliver]

 - Fixed Story [page_break] showing only intro on first page [Oliver]

 - Fixed install script for the Spam-X plugin which was trying to include an SQL

   file that doesn't exist - and wasn't needed (part of bug #520) [Dirk]

 - Updated Hebrew language file, provided by LWC

 - New Russian language files for the Links and Polls plugins, provided by

   Volodymyr V. Prokurashko

 - Fixed Static pages dutch language file [Oliver]

 - New Polish language file for the Links plugin, provided by Robert Stadnik

 - Added UTF-8 English versions of the Links, Polls, Static Pages, and Spam-X

   language files [Dirk]

 - Added all UTF-8 Language files for core [Oliver]

 Feb 5, 2006 (1.4.0)

 ------------

 - Prevent execution of PHP code in "normal" blocks [Dirk]

 - Added missing navbar images - used for CSS based buttons as part of the

   standard Plugin CSS [Blaine]

 - Set options in FCKConfig to have Firefox browsers by default not using the

   <span> and font tags to format Bold and Italic [Blaine]

 - Fixed another bug in google pagination of admin-lists [Oliver]

 - Fixed "wrap static page in a block" and "exit type" options in the static

   page editor. Also link to the "rewritten" URL from the list of static pages

   when URL rewriting is on [Dirk]

 - Fixed JavaScript error in the Admin's story editor (bug #479) [Dirk]

 - Fixed hard-coded paths in the check.php script and added tests for missing

   directories (reported by Markus Wollschlaeger) [Dirk]

 - A humble attempt to add some semantics [Dirk]

   + Added rel="category tag" to a story's topic link

   + Added rel="self bookmark" for a comment's permalink

 - Cosmetics: Moved the number of links per category out of the actual link to

   the category [Dirk]

 - On MySQL 5, the drop-down list of link categories presented to a user when

   submitting a new link came out wrong (while the one in the Admin's link

   editor worked just fine). Moved the working code into a new function in the

   plugin's functions.inc and changed the code to use it in both cases now [Dirk]

 - Fixed an SQL error when the "length of entries" field in the Feed Editor was

   left empty [Dirk]

 - Fixed date and time defaulting to the current date and time when creating

   a new event as an Admin user (adding a workaround for changes of strtotime()

   behavior in PHP 5) [Dirk]

 - Fixed SQL error on MySQL 5 when creating a new topic (bug #517) [Dirk]

 - In HTTP requests, format the user agent string according to the RFCs 1945 /

   2068 / 2616, i.e. "Geeklog/1.4.0" [Dirk]

 - Updated Japanese language files, provided by Yusuke Sakata

 - Updated Ukrainian (Windows-1251) language file, provided by Vitaliy Biliyenko

 Jan 22, 2006 (1.4.0rc2)

 ------------

 - header.thtml now specifies the CSS Class Declaration to use for the body.

   This addresses the issue with FCKeditor when displayed, its CSS was

   over-riding the main site <body> tag and the site margin padding was being

   affected [Blaine]

 - Removed CSS for the Forum plugin from style.css [Blaine]

 - Fixed "Cannot modify header ..." message when logging in from the admin

   pages (reported by Samuel M. Stone). This also fixes confusing intermittent

   displays during the login (e.g. only some of the "Command and Control" icons

   showing up, messages about missing permissions flashing up) [Dirk]

 - Removed Geeklog version number from feed files due to security concerns

   (pointed out by Samuel M. Stone) [Dirk]

 - Login through the admin pages didn't work with register_globals=off [Dirk]

 - Fixed admin lists so pagination works also in static pages [Oliver]

 - Pass GeekLog as user agent when fetching RSS feeds [Mike]

 - Made the image upload work with out-of-the-box PHP 5 configurations [Dirk]

 - Fixed handling of HTML entities in Pingbacks [Dirk]

 - Fixed Spam-X Mass Delete Trackback Spam module to update the story's trackback

   count when deleting trackbacks [Dirk]

 - Fixed a possible SQL error when saving a block (reported by BDUB) [Dirk]

 - Fixed story titles in the What's New block when they contained HTML entities

   (entities where sometimes cut off and/or encoded twice) [Dirk]

 - Fixed a typo in all the plugin install script which set the group description

   to "grp_desc" instead of $grp_desc (found by Ingo Schaefer) [Dirk]

 - Improved autodetect of Trackback URLs [Dirk]

 - The submit story form was not selecting the advanced Editor if user was not

   logged in or did not have Story Editor permissions [Blaine]

 - Added missing CSS class name "list-feed" for portal blocks [Dirk]

 - Fixed user submission queue (reported by Andrew Lawlor) [Dirk]

 - Fixed handling of integer fields in the Admin's story editor (reported by

   Ron Ackerman) [Dirk]

 - Fixed handling of checkboxes in the static pages editor (reported by

   Ron Ackerman) [Dirk]

 - Fixed SQL error when saving a static page that had had more than 1000 hits

   (reported by Euan McKay) [Dirk]

 - Removed visible table border from advanced comment editor form [Blaine]

 - Moved some hard-coded text strings from the advanced editor into the

   language files [Blaine]

 - Updated Chinese language files, provided by Samuel M. Stone

 - Updated Japanese language files, provided by Yusuke Sakate

 Dec 31, 2005 (1.4.0rc1)

 ------------

 - Added support for Advanced Editor in the Add Comment Feature [Blaine]

 - Fixed SQL error in search on MySQL 5 (fix suggested by dariball) [Dirk]

 - Added trackback.php and pingback.php to the included robots.txt [Dirk]

 - Added a few more calls to COM_numberFormat all over the place (links and polls

   plugins, Admins Only block, ...) [Dirk]

 - Fixed test for a Geeklog 1.3.9 database in the install script [Dirk]

 - When emailing a story, make sure all fields are filled in [Dirk]

 - Don't lose the current topic selection when a Story Admin uses the Contribute

   link [Dirk]

 - Fixed highlighting of search query in comments when register_globals = off

   [Dirk]

 - When the entries in the Admin's block are not sorted, make sure the icons in

   Command and Control are in the same order as the block entries [Dirk]

 - Allow topic icons to be uploaded to and retrieved from a 'topics' directory

   outside of the document root [Dirk]

 - Added a workaround to produce abbreviated day names in the calendar for UTF-8

   language files (reported by Euan McKay) [Dirk]

 - The Spam-X plugin now uses the same "universal" install script as the other

   three preinstalled plugins [Dirk]

 - Added more allowable HTML tags and attributes if Advanced_Editor enabled

   config.php setting [Blaine]

 - Added logic to detect if Javascript was not enabled and Advanced Editor was

   enabled.

   User will be prompted with alert and able to use the default editor [Blaine]

 - Changed spam handling for Trackbacks and Pingbacks to check for spam on the

   unfiltered Trackback/Pingback content [Dirk]

 - When editing a link submission with a new link category (i.e. the submitter

   selected "other" and entered a non-existing category), make sure that new

   category actually shows up in the links editor [Dirk]

 - In the Admin's list of stories, show the display name of the topic (i.e. the

   same as in the Topics block) instead of the topic ID [Dirk]

 - Hide the edit icon in the Admin's list of stories when the current user

   doesn't have edit access to a story (since they only got a note saying they

   can't edit that story anyway) [Dirk]

 - Fixed alternating row colors in admin lists if one row has no data [Oliver]

 - Made it impossible to switch off blocks if there is no access [Oliver]

 - Fixed handling of items in the submission queues (it was only possible to

   approve / delete the first item in a queue) [Dirk]

 - Grant users with 'plugin.edit' permission access to the plugin editor [Dirk]

 - Changed admin-lists 'default-filter' to require 'AND' [Oliver]

 - Fixed admin lists for events & static pages for non-root users [Oliver]

 - Fixed invalid language string in submit.php [Oliver]

 - Fixed problems with the query highlighting code escaping double quotes [Dirk]

 - In the list of plugins, display only the plugin's current version number as

   long as it's in sync with the code version or the plugin hasn't implemented

   the chkVersion API function [Dirk]

 - Limit length of a new user's username to 16 characters in the

   admin/user/edituser.thtml template file [Dirk]

 - Don't display the current user's userphoto when creating a new user in

   admin/user.php [Dirk]

 - Fixed sanity checks in USER_addGroup and USER_delGroup [Trinity, Dirk]

 - Allowed the Links-entry from the top menu to be hidden by config.php in links

   [Oliver]

 - Fixed small HTML validation issues with adv. editor and admin lists [Oliver]

 - Fixed comment bug that allowed comments to be saved even when user did not

   have the correct story/topic permissions. [Vinny]

 - Send the character set as an HTTP header from COM_siteHeader now [Oliver]

 - Fixed updating Links feeds [Mike]

 - Corrected RSS handling of GUID or LINK [Mike]

 - Fixed date format in Atom feeds [Mike]

 - Fixed loss of sort setting when browsing the user list [Oliver]

 - Fixed block title of the site stats (reported by Tom Willet) [Dirk]

 - Fixed an SQL error when approving the default story submission ("Are you

   secure?") after a fresh install (reported by suvi) [Dirk]

 - Fixed warnings that exposed the full path to Geeklog when attempting SQL

   injections on the advanced search [Mike]

 - The "Mail Users" icon was missing from Command and Control [Dirk]

 - In Command and Control, show the Trackback icon only when at least one of the

   Trackback, Pingback, or Ping features is enabled (in addition to 'story.ping'

   permissions for the current user) [Dirk]

 - Replaced the delete_event.gif icon (in layout/professional/images/icons) with

   a PNG, since the Professional theme uses PNGs now and the icon wouldn't show

   up otherwise [Dirk]

 - The block around the list of backups was missing the title [Dirk]

 - Don't emit the Trackback and Pingback headers when trackbacks have been

   disabled for a story [Dirk]

 - Introduced {lang_trackback_comments_no_link} (in trackback/trackback.thtml)

   so that you can have an article page entirely without links back to itself

   (for picky spiders such as the one for Google News) [Dirk]

 - Call COM_refresh when creating a user with usersubmission = 1 [Mike]

 - Fixed sorting of Trackbacks in the What's New block [Dirk]

 - The search by author or by date switched to searching for everything on

   page 2 of the results [Dirk]

 - For the Links plugin, the "last x days" text in the What's New block was

   missing [Dirk]

 - Fixed an SQL error when creating new blocks [Mike]

 - The feed reader will now also follow redirects [Mike]

 - Updated Chinese traditional and simplified language files, and new Chinese

   language files for the Links, Polls, and Static Pages plugins, provided by

   Samuel M. Stone

 - German language files now exist in 4 combinations (formal / informal German,

   ISO-8859-15 / UTF-8 encoding) for Geeklog, the Links, Polls and Static Pages

   plugins [Dirk]

 - Updated Japanese language files, provided by Yusuke Sakate

 - New Ukrainian language files (Windows-1251) for Geeklog and all four plugins,

   provided by Vitaliy Biliyenko

 - New Ukrainian language files (UTF-8 and KOI8-U encoding) for Geeklog, the

   Spam-X, and Static Pages plugins, provided by Yaroslav Fedevych

 Nov 20, 2005 (1.4.0b1)

 ------------

 - Introduced {start_storylink_anchortag} and {end_storylink_anchortag} template

   variables in the story and commentbar template files which only produce a

   link to the story when not on article.php, thus avoiding links back to the

   article page itself, which the spider for Google News doesn't seem to like

   (feature request #486) [Dirk]

 - Added a workaround for image uploads using GD when ImageCreateTrueColor is

   not available (patch #468) [Dirk]

 - Allow a subject to be passed as a parameter for the "contact user" form

   (based on patch #497) [Dirk]

 - Added support for right-to-left languages (based on patch #488) [Dirk]

 - Update Feeds and Older Stories block when changing topic settings [Dirk]

 - Added a hits counter to events and added a Top Ten Events section to the

   site stats [Dirk]

 - Introduced $_CONF['show_topic_icon'], i.e. the default setting whether to

   show topic icons or not [Dirk]

 - The "Older Stories" block now only lists articles that appeared on the

   frontpage (i.e. have not been set to "Show only in topic", bug #408) [Dirk]

 - Fixed problems with query highlighting in stories scrambling links in

   autotags (bug #492) [Dirk]

 - Group names are now unique (as they should have been from the beginning). The

   install script takes care of existing duplicate group names when upgrading

   to 1.4.0 (bug #367) [Dirk]

 - Allow for more topic IDs in the user's preferences (bug #490) [Dirk]

 - Replace autotags in the Daily Digest (bug #484) [Dirk]

 - Explicitly link to /docs/index.html for the documentation link in the Admin's

   block (bug #504) [Dirk]

 - Added an option to enable / disable trackbacks per story (just like you can

   enable / disable comments per story) [Dirk]

 - Changed COM_optionList to check for language arrays which override the text

   strings that are embedded in the database (for comment mode, featured story,

   post mode, etc.) Bug #227 [Dirk]

 - Fixed Bug #174 -- quotes in titles are no longer double htmlentized [Vinny]

 - The default permissions for new objects (stories, topics, blocks, etc.) can

   now be set in config.php (feature request #90) [Dirk]

 - Added an "Active users" entry to the site statistics. If Geeklog is configured

   to track a user's last login, this will display the number of users who

   logged into the site during the last 4 weeks. Otherwise, it displays the

   number of user accounts with status = 3 (i.e. have logged into their account

   at least once and haven't been banned) [Dirk]

 - Introduced a new plugin API function so that the plugin's summary (e.g.

   number of items) can be properly integrated with the "Site Stats" section.

   Modified stats/sitestatistics.thtml, removed stats/stats.thtml, added

   stats/singlesummary.thtml template files [Dirk]

 - Introduced a generic function, USER_getPhoto, which provides the user's photo,

   if available. The function also supports getting the user's avatar from

   gravatar.com (if enabled in config.php) [Dirk]

 - The texts in the What's New block ("x new stories in the last y hours",

   "last 2 weeks", etc.) now properly reflect the actual settings of the

   $_CONF['newXXXinterval'] variables (bug #390) [Oliver, Dirk]

 - Introduced a method to signal a forced update for feeds in case the content

   of one of the feed entries has changed  - so far, we only checked if entries

   had been added or removed (bug #277) [Dirk]

 - Added $_CONF['show_right_blocks'] option which, if set = true, will display

   right-side blocks on all pages (also addresses feature request #31) [Dirk]

 - Fixed bug #454, SQL error when reading comments. [Vinny]

 - Leave off the "page=1" parameter on the "Google paging" navigation bar for

   links that point back to the first page [Dirk]

 - The default feed for a new site is now in RSS 2.0 format and named

   "geeklog.rss" [Mike, Dirk]

 - Added time of the day to the name of the database backups to allow several

   backups a day [Oliver]

 - When the search returns no results, the search form is now pre-populated

   with the last search query, so that it can be changed easily. On successful

   searches, a "refine search" link will appear that also takes you back to a

   pre-populated search form (to refine your search, obviously) [Dirk]

 - Changed search to only return a certain amount of hits per page, thus

   avoiding timeouts on servers where the script execution time is limited

   (bug #274) [Dirk]

   A new config variable, $_CONF['num_search_results'], defines the number of

   search results to be returned per page (and per type). The search form also

   includes a drop-down menu where this can be changed for every search.

   Plugins will have to indicate if they support this "paged" search. Otherwise,

   Geeklog will fake the paging for the plugin, so that the plugin does a full

   search for every page, but Geeklog will only display the hits for the current

   page (such a plugin can therefore still cause a timeout until it is changed

   to support "paged" searching).

 - Added a permanent link to comments (in the professional theme) [Vinny]

 - Added new icons for the admin sections and made sure each admin section

   now has an icon in admin/moderation.php [Dirk]

   The new icons have been taken from the Gnome project (some of them modified

   by Jakub Steiner). They are released under the GPL.

 - Introduced global variable $_IMAGE_TYPE that specifies the image type to

   use. Defaults to 'gif'. Themes can override it to use other images types,

   e.g. PNG, for all images [Dirk]

 - Added option to upload topic icons (Feature Request #415, Patch #423),

   provided by Alford Deeley (machinari)

 - Changed the Admin's "Command and Control" center such that there is an icon

   for every entry in the Admin's block [Dirk]

 - Removed duplicate code for creating a "topic SQL" query in moderation.php

   (use COM_getTopicSQL instead) [Dirk]

 - Added the ability to allow users to login via defined remote services (ships

   with Blogger and LiveJournal support) [Mike]

 - Added the ability to ban users, and to tell when a user has logged in at least

   once [Mike]

 - Added edit-icon, List-Sorting, searching, Limits & alternating row colors

   in admin menus for groups, syndication, staticpages, trackback

   (where not yet done) [Oliver]

 - Added function to allow user-defined scaling of images in articles by using

   [unscaledX] instead of [imageX] [Oliver]

 - Removed $_CONF['whosonline_fullname'] option - use $_CONF['show_fullname']

   instead [Dirk]

 - Fixed bug where extra slashes appeared when previewing comments [Vinny]

 - Removed the "lastvisit" cookies, as they are obviously not used [Dirk]

 - Removed redundant changepwd-button & code from /admin/user.php (Bug #9)

   [Oliver]

 - Added new feature to insert a feed-links into header depending on topic, to

   be chosen from /admin/syndication.php in the form of

   <link rel="alternate" type="application/{format}+xml" ....> [Oliver]

 - Added options to google-Navigation so it can be used by plugins and work with

   url-rewriting (feature request #315). [Oliver]

 - Userlist now also shows Registration Date and if $_CONF['lastlogin']= true it

   shows the last login date instead. [Oliver]

 - Added option in config.php to hide "Viewed: x" line with

   $_CONF['viewscountline'] just as the $_CONF['contributedbyline'] [Oliver]

 - Added function COM_numberFormat to format displayed numbers with custom

   decimal & thousand - separators and fixed decimal places if necessary

   Includes the respecitve 3 new config.php values in locale section.

   (Feature Request #298) [Oliver]

 - Default Blocks showed always in all Topics before. Now you can choose to show

   them in All/only one topic/only on homepage like other blocks (feature #326)

   [Oliver]

 - A Story can now break over several pages in the body-text. The tag

   [page_break] will split the bodytext in pieces that can be opened with the

   std. COM_printPageNavigation. Introtext is removed for pages>1 [Oliver]

 - Added field for old password check in /usersettings.php (bug #230) [Oliver]

 - Added password confirmation to /admin/user.php and /usersettings.php

   (bug #230) [Oliver]

 - Made the alternating row colors in the Admin's trackback functions compatible

   with the scheme used in other places (list of users, etc.). Also changed the

   list of weblog directory services so that editing is now done by clicking on

   the number of the service [Dirk]

 - Stories are no longer forced to be featured _and_ on frontpage (bug #362)

   [Oliver]

 - Changed links locations in User-list, added user-photo indicator [Oliver]

 - Don't update a story's date any more when unchecking the 'draft' flag

   (bug #400) [Dirk]

 - Don't use "rewritten" URLs in the static pages editor any more (bug #403).

   Also updated the list of static pages to use alternating colors for the

   rows [Dirk]

 - Use "\r\n" when sending trackback pings (bug #407) [Dirk]

 - Allow autotags to optionally have a space after the tag name [Blaine]

   Valid tags are:

   [story:20040101093000103 here] or [story: 20040101093000103 here]

 - Fixed inconsistent use of {site_url} and {layout_url} in some of the

   professional theme's admin template files - using {layout_url} everywhere

   now when referring to icons (bug #395) [Dirk]

 - Event titles containing quotes were cut off at the first quote in the event

   editor, i.e. both the admin's event editor and the editor for personal events.

   (bug #399) [Dirk]

 - Modified PLG_templateSetVars API to also check for a custom function [Blaine]

   Users can now set header template using CUSTOM_templatesetvars()

 - Added new CSS declarations as recommened CSS for plugins   [Blaine]

 - Added a basic scheduler Plugin API plugin_runScheduledTask  [Blaine]

   Interval is set in config.php - $_CONF['cron_schedule_interval']

 - Enhanced the Group Admin interface display [Blaine]

 - Enhanced the User Admin display and made the headings sortable [Blaine]

 - Geeklog will now properly handle html special characters (such as quotes and

   ampersands) in comment titles (bug #174) [Vinny]

 - Hide 'edit' option for articles in preview (bug #347) [Dirk]

 - Changed admin/user.php to use file() for the batch import [Dirk]

 - Implemented pinging weblog directory services like blo.gs and weblogs.com

   (Feature Request #35). By default, we ping pingomatic.com [Dirk]

 - Complete overhaul of the Plugin Comment API to reduce the likelyhood of

   plugins introducing security problems.  Older plugins that use the comment

   API will no longer work. [Vinny]

 - Refactored Comment code out of lib-common.php and into lib-comment.php, also

   some changes to comment.php [Vinny]

 - Introduced a 'story.ping' permission that enables users to send Pings,

   Pingbacks, and Trackbacks for a story (or plugin item). Members of the Story

   Admin group have that permission by default.

 - Overhauled install script: It will now abort the installation if the minumum

   requirements (PHP 4.1.0, MySQL 3.23.2) are not met. It also displays a warning

   message if register_long_arrays is off (PHP 5 only, bug #360). Another

   warning message is displayed if "public_html" is part of the URL.

   When upgrading, it now tries to identify the Geeklog version that was used

   previously (only really works for versions 1.3.8 - 1.3.11) [Dirk]

 - Fixed date in comment preview (bug #370) [Dirk]

 - Incorporated the new syndication framework for reading and writing feeds of

   different formats (RSS, RDF, Atom), provided by Michael Jervis (patch #352).

   This contribution also addresses Task #19 ("RSS import class") and Feature

   Request #67 ("Limiting number of entries in RSS feeds").

   Please note that the feed writer classes, system/classes/*.feed.class.php,

   are now obsolete and can be removed. Please also note this adds new PEAR

   package requirements for Net_URL and HTTP_Request.

 - Added support for sending and receiving trackback comments (Feature Request

   #34) Also implemented Pingback support in pretty much the same way. Once

   received, Geeklog treats Trackbacks and Pingbacks the same and stores them

   in the gl_trackback table. [Dirk]

   Both can be switched off in config.php: $_CONF['trackback_enabled'] = false;

   and $_CONF['pingback_enabled'] = false;

 - Added a new script, directory.php, that implements a date-based listing of

   all the stories on a site [Dirk]

   A link to the directory is available as a new option, 'directory', for the

   $_CONF['menu_elements'] config variable, so that it can be added to the menu.

 - The column headline for event search results was not displayed [Dirk]

 - Added logos to syndication feeds. [Mike]

 - Added config option to disable new accounts (Patch #426 from Alford Deeley)

   [Mike]

 - Alphabet Sort on Admin Menu and C&C Block [Mike]

 - New Farsi (Persian) language file, provided by Hesam.H

 - Updated Japanese language file, provided by Yusuke Sakata

 - New Farsi (Persian) language file for the static pages plugin,

   provided by Hesam.H

 Links plugin 1.0.0

 ------------

 - Added ID-editor and Autotags-feature [link: ... ] [Oliver]

 - Added Category-Specific Feeds [Oliver]

 - Added Edit-Icon, List-Sorting, searching, Limits & etc for admin menu [Oliver]

 - Moved links functionality into a plugin [Trinity, Oliver]

 Polls plugin 1.0.0

 ------------

 - Polls moved to a plugin [Trinity]

 Spam-X plugin 1.0.3

 -------------

 - The LogView module now automatically truncates the Spam-X logfile to 100KB

   [Tom Willet]

 - The IP Blacklist module now supports regular expressions [Mike]

 - Added a Mass Delete module for Trackback comments [Dirk]

 - Added an "admin override" option, so that postings by members of the 'spamx

   Admin' group will not be checked for spam [Dirk]

 July 16, 2006 (1.3.11sr7)

 -------------

 JPCERT/CC informed us about a possible XSS in the comment handling that we're

 fixing with this release.

 May 28, 2006 (1.3.11sr6)

 ------------

 The Security Science Researchers Institute Of Iran reported the following

 security issues:

 - Possible SQL injection and authentication bypass in auth.inc.php

 - Possible XSS in getimage.php

 - Path disclosure in getimage.php and the functions.php of some themes,

   e.g. the Professional theme

 An internal code review also revealed a possible SQL injection in story

 submissions.

 Mar 5, 2006 (1.3.11sr5)

 -----------

 Security issue:

 - Konstantin Dyakoff found an old bug in the session handling that would allow

   anyone to log in as any user.

 Feb 19, 2006 (1.3.11sr4)

 ------------

 Security issues:

 - James Bercegay of GulfTech Security Research reported several issues with

   Geeklog's cookie handling that made it vulnerable to SQL injections, arbitrary

   file access, and even injection and execution of arbitrary code.

 - Prevent execution of PHP code in "normal" blocks

 Dec 12, 2005 (1.3.11sr3)

 ------------

 Security issues:

 - Fixed comment bug that allowed comments to be saved even when user did not

   have the correct story/topic permissions (reported by LWC) [Vinny]

 - Fixed a path disclosure in case someone tampered with the start date or end

   date in advanced search (reported by r0t3d3Vil) [Mike]

   Feeding malformed dates to the search caused a warning message to be displayed

   that disclosed the path to the Geeklog install on the server. It was NOT

   possible to use this for SQL injections.

 Bugfixes:

 - Fixed the problems (introduced in 1.3.11sr2) editing static pages when

   $_CONF['url_rewrite'] = true (bug #491) [Dirk]

 - The "Reply" button didn't work when viewing individual comments [Vinny]

 - Fixed the definition of the 'expire' field (in table gl_stories), which

   caused an SQL error when doing a fresh install on MySQL 5

   (reported by Johannes) [Dirk]

 - Fixed and updated the Hebrew language file [LWC, Dirk]

 - New Ukrainian language file (Windows-1251), provided by Vitaliy Biliyenko

 - New Ukrainian language files (UTF-8 and KOI8-U encoding) for Geeklog, the

   Spam-X, and Static Pages plugins, provided by Yaroslav Fedevych

 Oct 9, 2005 (1.3.11sr2)

 -----------

 This release provides security enhancements and better spam protection

 originally developed for Geeklog 1.3.12. It also addresses a few bugs where

 the bugfix could be integrated with a reasonable amount of work (other bugfixes

 will have to wait for the 1.3.12 release).

 Security and Spam protection:

 - Added speedlimit to login attempts, defaults to allowing three tries in a

   five minute period.  [Vinny]

   See new config options $_CONF['login_attempts'] and $_CONF['login_speedlimit']

 - Changed the spam handling to update the speed limit when spam is detected

   (i.e. handle spam posts as if they were successful posts and make the

   submitter wait for the speed limit to expire). Also send a 403 "Forbidden"

   HTTP response code when displaying the "spam detected" message [Dirk]

   To quote RFC2616: "403 Forbidden: The server understood the request, but is

   refusing to fulfill it. Authorization will not help and the request SHOULD

   NOT be repeated."

 - Filter linefeeds in the To:, From:, and Subject: fields of an email in

   COM_mail [Dirk]

 - When a new user account is created and the user submission queue is enabled

   in config.php, ensure that the user is properly "queued" even in the

   unlikely event that the account creation fails halfway through (reported by

   LWC) [Dirk]

 - When $_CONF['emailstoryloginrequired'] = 1, hide the links to the "email

   story" form from anonymous users [Dirk]

 - When emailing a story, check the user's message that is sent with the story

   for spam [Dirk]

 - Added a robots.txt file to the distribution. By default, it excludes

   comment.php, submit.php, and the docs directory from being spidered [Dirk]

 - Added a spam check to the user profile [Dirk]

 - Story, event, and link submissions are now also checked for spam [Dirk]

 - This release also includes the Spam-X plugin version 1.0.2

 Please note that MT-Blacklist (used by Spam-X) has recently been discontinued.

 For the time being, we provide the last version of the blacklist for download

 from geeklog.net (the Spam-X plugin as included in this release is configured

 to get it from there for the initial import). There will, however, be no

 updates the blacklist. For details, please see

 http://www.geeklog.net/article.php/mt-blacklist-discontinued

 Bugfixes:

 - Fixed an error message thrown up by PHP 5.0.5 or later when viewing the

   article page (bug #483) [Dirk]

 - Fixed bug with topic-specific blocks not showing up on the article page when

   URL rewriting was enabled (bug #401) [Dirk]

 - Fixed missing site header when trying to submit an event without required

   fields. Also fixed that it would redirect you to the story submission form

   then (bug #409) [Dirk]

 - Make sure {menu_elements} is rendered using the menuitem_none.thtml template

   when no menu elements are to be displayed (bug #378) [Dirk]

 - Quote names in email addresses as soon as they contain any non-alphanumeric

   characters (apart from the blank). This also addresses bug #368 [Dirk]

 - Allow single quotes in passwords (bug #396, also previously reported as

   bug #349 / #996354) [Dirk]

 - When $_CONF['profileloginrequired'] was set to 1, the actual message that

   you have to log in before being able to see a user profile was not wrapped

   in the Geeklog framework (reported by Sean C) [Dirk]

 - Fix: Made a story's archive/expire date work with the timezone hack [Dirk]

 - COM_applyFilter will now accept negative numbers if the isnumeric parameter

   is true. Needed to fix problems with pollbooth.php (and others) [Vinny]

 - Upgraded included kses class to version 0.2.2 which fixes problems with

   Japanese and Thai characters (among other things), thus addressing bugs #94

   and #119 [Dirk]

 - Fixed SQL error when using the [staticpage:] autotag (bug #373) [Dirk]

 - Added a missing stripslashes call to remove backslashes when a topic's name

   was displayed in the index page's title (bug #369) [Dirk]

 - Link tags are now translated in printer friendly mode (Bug #411) [Mike]

 - Removed the <meta name="ROBOTS"> entry from the Professional theme's

   header.thtml as "INDEX,FOLLOW" is the default anyway. For finer control,

   we now ship a robots.txt [Dirk]

 Improvements:

 - Don't check for auto-archived stories when no archive topic has been

   defined yet [Dirk]

 - Added support for a custom_usercheck function. Custom registration code that

   requires certain information can now abort the creation of a new account if

   that information is missing. The function is called after Geeklog has checked

   that the username and email address of the new user are okay (valid and not

   in the database yet), but before the user has been added to the database

   [Dirk]

 - Saved one SQL request for a story's printable view [Dirk]

 Language files:

 - Made sure all language files refer to Geeklog's [image] tags as [imageX],

   [imageX_right], and [imageX_left] (bug #381) [Dirk]

 - New Catalan language file, provided by an anonymous user

 - New Russian (UTF-8) language file, provided by Konstantin Boyandin

 - Updated Hebrew language file, provided by LWC

 - Updated Hellenic (Greek) language file, provided by MzOzD

 - Updated Italian language file, provided by Marcello Teodori

 - Updated Japanese (UTF-8) language file, provided by Yusuke Sakata

 - Updated Portuguese (Brazil) language file, provided by Alcides Soares Filho

 - Updated Russian language file, provided by Konstantin Boyandin

 - New Japanese (UTF-8) language file for the Static Pages plugin, provided by

   Yusuke Sakata

 - Updated Italian language file for the Static Pages plugin, provided by

   Marcello Teodori

 - Updated Japanese language file for the Static Pages plugin, provided by

   Yusuke Sakata

 Aug 21, 2005 (Spam-X plugin 1.0.2)

 ------------

 - Changed the display name of the plugin to "Spam-X" to avoid potential

   confusion with the email spam filter of the same name.

   "SpamX" is a registered trademark of Hendrickson Software Components.

 - Added a new module to filter posts based on the IP address of the poster

   [Tom Willet]

 - Added  a new module to filter posts based on the IP address of the

   spamvertised site [Tom Willet]

 - Added a new module to filter posts based on characteristics of the HTTP header

   [Dirk]

 - Fixed the Mass Delete Spam Comments module [Tom Willet]

 - The Spam-X plugin's examine modules run the post through html_entity_decode()

   now in case the spammers try to obfuscate their posts by using HTML entities

   [Tom Willet, Dirk]

 - The Mail Admin action module now also reports the HTTP headers of the post

   that triggered the spam filter [Dirk]

 - Added a simple stats function (reports the number of posts deleted as spam,

   and - to the Spam-X Admin only - the number of entries for each module) [Dirk]

 - Implemented an update function for the plugin [Dirk]

 - New Farsi (Persian) language file, provided by Hesam.H

 - New Italian language file, provided by Marcello Teodori

 - New Spanish language file, provided by vivi1123

 Jul 3, 2005 (1.3.11sr1)

 -----------

 This release addresses the following security issue:

 Stefan Esser found an SQL injection that can, under certain circumstances,

 be exploited to extract user data such as the user's password hash.

 Dec 31, 2004 (1.3.11)

 ------------

 Geeklog 1.3.11 addresses the following security issues:

 1. It was possible to submit stories anonymously even if anonymous submissions

    were turned off in config.php (reported by Barry Wong).

    These stories still ended up in the submission queue, though, unless you

    disabled it in config.php.

 2. Some of the parameters in link and event submissions weren't filtered,

    leaving them open to potential SQL injections.

 3. The links for the What's Related block were created from the unfiltered story

    text, opening the possibility of XSS attacks (reported by Vincent Furia).

 Bugfixes:

 - Added a missing stripslashes() call for the topic name in the What's Related

   block (bug #351) [Dirk]

   (affected file: system/lib-story.php)

 - Fixed problems in the story editor when editing plain-text posts with

   uploaded images (bug #356) [Dirk]

   (affected file: public_html/admin/story.php)

 - When changing a story ID, update the story ID in any comments to that story,

   too (bug #357) [Dirk]

   (affected file: public_html/admin/story.php)

 - Fixed handling of autotags that started with the same substring, e.g. for

   2 tags 'mytag' and 'mytagtwo', the second tag would not be recognized

   (reported by Dr. Shakagee) [Dirk]

   (affected file: system/lib-plugins.php)

 - Fixed caching of $_GROUPS [Dirk]

   (affected files: system/lib-security.php, public_html/lib-common.php)

 - Made a minor optimization to save one SQL request when displaying the comment

   bar for anonymous users [Dirk]

   (affected file: public_html/lib-common.php)

 - Updated Slovenian language file, provided by gape.

   (affected file: language/slovenian.php)

 Dec 22, 2004 (1.3.11rc1)

 ------------

 - Fixed "archive" option being activated too early on certain non-featured

   stories (bug #345) [Blaine]

 - Added missing handling of autotags in static pages being displayed as center

   blocks (reported by Jill) [Dirk]

 - Fixed size of the 'sid' field in the gl_comments table. It should be 40

   characters, to be able to hold the long story IDs introduced in 1.3.10

   (reported by Douglas Santos) [Dirk]

 - When using mogrify (ImageMagick) to resize uploaded images, the name of the

   image is now enclosed in double quotes instead of single quotes, which

   caused the command to fail on Windows [Dirk]

 - The emails sent from the Spam-X plugin's MailAdmin action now also include

   the IP address of the spam poster [Dirk]

 - SEC_getFeatureGroup() should not overwrite $_GROUPS if not operating on the

   current user (bug #331) [Dirk]

 - Introduced a {camera_icon} variable in story and comment templates that

   displays the little camera icon if the author has uploaded a user photo, just

   like in the Who's Online block (suggested by Laurence Whitworth) [Dirk]

 - The parent link in top-level comments took the user to the homepage rather

   than to the article page (bug #346) [Vinny]

 - Stories submitted for the archive topic will automatically be saved with

   frontpage = 0 when approved, i.e. only be displayed in the topic [Dirk]

 - Avoid emitting an extra <br> tag after the last section in the What's New

   block (bug #330) [Dirk]

 - Update comment count in Older Stories block when a new comment is posted

   (bug #317). Also optimized the code to collect the contents of the Older

   Stories block [Dirk]

 - Fixed extra <br> being emitted in the calendar for events that aren't

   visible for the current user (bug #268) [Dirk]

 - (Event) Admins can now delete events directly from the calendar's day and

   week views (just like events in the personal calendar) [Dirk]

 - Fixed usersettings.php so that it displays the "benefits" message again when

   called up by an anonymous user. Also made it go to the user's preferences

   when called without a 'mode' parameter [Dirk]

 - Added {layout_url} to the available theme variables in the submission forms.

   Also added {separator} for those who prefer correct spelling ;-) [Dirk]

 - More parameter filtering and permission checks in submit.php [Dirk]

 - Fixed over-zealous parameter filtering in links.php which prevented

   categories with apostrophes from working [Dirk]

 - Fixed broken URLs when editing a plain-text story that contained uploaded

   images (reported by LWC) [Dirk]

 - The PEAR classes that ship with Geeklog actually require PHP 4.2.x now.

   However, the missing functions in older PHP versions (minimum requirement

   for Geeklog itself is now PHP 4.1.0) are provided by the PEAR PHP_Compat

   package, which we will have to ship with Geeklog from now on. Added the

   necessary code to lib-common.php to load PHP_Compat, if required [Dirk]

   Many thanks to Tom Willet for providing a test setup.

 - Fixed "quick add form" for personal events, so that it stores the new event

   directly now [Dirk]

 - Fixed handling of 12am/pm in events, event submissions, and when passing the

   time from the calendar to the event submission forms [Dirk]

 - Improved handling of personal events / personal calendar, especially for

   (Event) Admins [Dirk]

 - Fixed What's Related links when magic_quotes_qpc = on [Vinny, Dirk]

 - Fixed use of an undefined variable $U in COM_showBlocks and warning messages

   for undefined array indexes in COM_getCurrentURL (reported by irawen) [Dirk]

 - Allow empty search query strings so that the "More by <author>" and "More

   from <topic>" options work again [Dirk]

 - When deleting a poll, also delete any comments to that poll [Dirk]

 - Delete comments and story images when deleting stories from a deleted topic

   (bug #339) [Dirk]

 - When deleting a story, added an extra check for type='article' when deleting

   the story's comments [Dirk]

 - Set current user as the owner when cloning an event (bug #338) [Dirk]

 - Start time, end time, and event location weren't copied over when adding a

   site event to the personal calendar (bug #336) [Dirk]

 - Fixed wrong use of htmlentities() on comment title (bug #335) [Dirk]

 - Changed "read more" word count so that it ignores HTML tags (bug #333) [Dirk]

 - Updated Slovenian language file, provided by gape.

 - Updated Dutch language file, provided by Ko de Pree.

 - Updated Dutch language file for the Static Pages plugin,

   provided by Ko de Pree.

 - New French language files for the Spam-X plugin, provided by Alain Ponton.

 Nov 28, 2004 (1.3.10)

 ------------

 - Allow omission of the link text for the [story:], [event:], and [staticpage:]

   autotags. Geeklog will then use the title (of the story / event / static page)

   as the link text [Dirk]

   (affected files: system/lib-plugins.php, plugins/staticpages/functions.inc)

 - Updated Chinese language files (all 4 of them), provided by Samuel M. Stone

 Nov 21, 2004 (1.3.10rc3)

 ------------

 - Changed wording of the error message if the "backups" directory is not

   writable [Dirk]

 - Fixed comments for the DB_result (in lib-database.php) and dbResult

   (in mysql.class.php) functions (bug #320) [Dirk]

 - Display a success message when using the "changepw" option in admin/user.php

   [Dirk]

 - When changing a username, make sure to change the name of the user's photo,

   too (bug #321) [Dirk]

 - Links in "plain text" stories and comments are now made clickable (i.e.

   enclosed in <a> tags) when the post is saved instead of when it's displayed,

   as in the previous release candidates. This also fixes bug #308. [Dirk]

 - Added $_CONF['disable_autolinks'] config option to disable autolinks [Dirk]

 - Removed ViewBlacklist.Admin.class.php from the Spam-X plugin [Tom Willet]

 - Overhauled handling of personal events [Dirk]:

   + Fixed deleting personal events (again).

   + The upcoming events block now links to the event details of personal

     events (just like it already did for site events).

   + Added stricter checks for permissions, user IDs, and the personal calendars

     being activated in the first place.

 - Added a check for allow_url_fopen if reading a (RSS) feed fails and report it

   in error.log if it is off [Dirk]

 - When deleting a story (automatically), make sure we're only deleting comments

   belonging to that story (i.e. added a check for type = 'article') [Dirk]

 - Added {event_type}, {lang_event_type}, and {edit_icon} in all the themes'

   calendar/eventdetails.thtml template file [Dirk]

 - Fixed some URLs in the calendar (missing slash) [Dirk]

 - Comment IDs don't have to be numeric (in comment.php) [Vinny]

 - The Static Pages plugin now takes $_CONF['showfirstasfeatured'] into account

   when displaying static pages in center blocks (reported by eyecravedvd) [Dirk]

 - Forgot to declare $_CONF as global when fixing bug #301 (bug #302) [Dirk]

 - Updated Chinese language files (all 4 of them), provided by Samuel M. Stone

 - Updated Japanese language files (euc-jp and UTF-8), provided by Yusuke Sakata

 - Updated Polish language file, provided by Robert Stadnik

 - Updated Slovenian language file, provided by gape

 - Updated Spanish language file, provided by Angel Romero

 - Updated Swedish language file, provided by Markus Berg

 Oct 24, 2004 (1.3.10rc2)

 ------------

 - Fixed plugin update function [Blaine]

 - Set the target encoding in Geeklog's RSS parser (bug #301) [Dirk]

 - Set the {topic_icon} variable to an empty string for the "Home" link in the

   Topics block (reported by jhwhite) [Dirk]

 - Fixed News Box Configuration, i.e. the ability to disable blocks [Vinny]

 - In the story template files, the number of comments now only is a link when

   there actually is a comment on the story [Dirk]

 - Hard-coded the English word 'delete' in the URLs to delete a comment [Dirk]

 - For the list of a user's recent comments, use 'mode=view' to link directly

   to a comment now [Dirk]

 - Fixed comment id in comment notification emails [Dirk]

 - Fixed display of the number of static pages that the user has access to (in

   the Admin Block) [Dirk]

 - COM_makeClickableLinks did not recognize links with the 'http:' at the

   start of a line [Dirk]

 - Re-introduced <br> between plugin sections in the What's New block, pretty

   much reverting the change suggested by feature request #292 [Dirk]

 - Introduced function COM_formatEmailAddress that creates a (more or less)

   RFC(2)822 compliant email address from a name and an address [Dirk]

   This function is now used for formatting the site address, as well as for

   addresses entered by the user in profiles.php and admin/mail.php.

 - The Spam-X plugin's MailAdmin action didn't send any email notifications,

   since the call to COM_mail was commented out ... [Dirk]

 - admin/mail.php and admin/group.php use the complete URL to the script in

   the <form action="..."> now (instead of relying on PHP_SELF) [Dirk]

 - Fixed parse error in the Dutch language file (reported by NeoNecro) [Dirk]

 - Allow the dot '.' in IDs (in addition to letters, digits, the dash, and the

   underscore) [Dirk]

 Oct 17, 2004 (1.3.10rc1)

 ------------

 - Added new functionality to [autotags] - New plugin API's added  [Blaine]

 - Added [autotag] hooks for stories  [Blaine]

 - When a plugin had its icon only in the admin directoy, the plugin editor

   did not find it and displayed a generic icon instead [Dirk]

 - In admin/mail.php, apply htmlspecialchars() on the email addresses before

   displaying them, as the '<foo@example.com>' part will be interpreted as

   HTML by some browsers (pointed out by LWC) [Dirk]

 - When using gdlib for image resizing, GIF images were converted to PNG, but

   Geeklog was still trying to display the GIF (reported by Tom Willet). Since

   the LZW patent has now expired (see http://www.unisys.com/about__unisys/lzw),

   it is safe to use GIF images again, so the PNG conversion was dropped [Dirk]

 - Fixed link to the Anonymous user's profile in comment/thread.thtml [Dirk]

 - Added Location field to the user profile [Blaine]

 - In the light of bug #293, removed all variable names from the language files,

   leaving only the $_CONF config variables [Dirk]

 - Fixed an error message when plugins didn't return an array from

   plugin_getmenuitems_xxx (reported by computerade) [Dirk]

 - When sending emails from the admin/mail.php, some user's names weren't set

   in their email address (reported by LWC) [Dirk]

 - Removed an extra <br> from before and between data provided by plugins in

   the What's New block (feature request #292) [Dirk]

 - When creating a new user from admin/user.php, don't determine the uid before

   actually creating the database entries to avoid race conditions / collisions

   with other user accounts created at the same time (bug #243) [Dirk]

   Also took the opportunity to refactor and move the almost identical code

   from users.php and admin/user.php into a new function USER_createAccount in

   system/lib-user.php.

 - usersettings.php was missing a default case for unsupported values of 'mode'

   (bug #287). This only displayed a blank page and was not exploitable [Dirk]

 - Fixed hard-coded default group names in the Admin sections (e.g. when a user

   had story.edit permissions but was not in the Story Admin group, any new

   story created by that user would default to being owned by the Story Admin

   group nonetheless) [Dirk]

 - Introduced new plugin API functions plugin_user_changed_xxx and

   plugin_group_changed_xxx to inform plugins when a user's information

   (profile or settings) or a group (new, edit, delete) has been changed [Dirk]

 - COM_checkHTML and COM_allowedHTML now accept an additional parameter in form

   of a comma-separated list of permissions. If the current user has at least

   one of those permissions, they are assumed to be an "Admin" and the functions

   will use the $_CONF['admin_html'] list of HTML tags for them (bugs #114 and

   #118) [Dirk]

 - COM_allowedHTML now has an option to only return the list of allowed HTML

   tags without the "Allowed HTML" text (bug #118) [Dirk]

 - For the poll block, always use the block title stored in the database (bug

   #205) [Dirk]

 - It is now again possible to have a different number of stories per page

   for individual topics. Users have to set their preferred number of stories

   per page to 0 (zero) in their preferences, though, as the user preferences

   will always override this setting (bug #190) [Dirk]

 - The Professional theme, kindly provided by Victor B. Gonzalez, is our new

   default theme now.

 - In the calendar's day and week view, event permissions weren't checked

   properly, so that some events were displayed to user who shouldn't have

   been able to see them (reported by Willem Jan) [Dirk]

 - Don't update a story's hit counter as long as the draft flag is set or the

   publishing date is in the future (feature request #282) [Dirk]

 - Introduced new function COM_sanitizeID() to filter special characters out of

   user-editable IDs as used for stories, polls, topics, and static pages (also

   fixes bug #181). Allowed characters are letters a-z (both upper and lower

   case), digits 0-9, the dash '-', and the underscore '_' [Dirk]

 - The Upcoming Events block didn't use the help URL, even if it was set

   (reported by Wolfgang M. Schmitt) [Dirk]

 - Geeklog now comes with Tom Willet's Spam-X plugin pre-installed. The plugin

   now stores the blacklists in the database and uses a new plugin API

   function to filter comment posts [Tom Willet, Tony, Blaine, Dirk]

 - Plugins can now offer their own tags to allow easy linking to their content.

   These tags take the form [name:id link text], where 'name' is a name

   associated with the plugin, 'id' is a unique id referring to one of the

   objects under the plugin's control, and 'link text' is text used in the <a>

   tag that Geeklog creates from these tags.

   Built-in tags are [story:] to link to a story and [event:] to link to an

   event [Blaine, Dirk]

   Example: [story:email-bug About the email bug] would be translated into

   <a href="http://example.com/article.php/email-bug">About the email bug</a>

 - portal.php now sends a 301 HTTP status code for the links instead of a 302.

   While a 302 status code would actually make more sense, Google does have a

   tendency to list search results with the URL of the portal script but with

   the content of the linked site, thus giving the impression that the content

   is actually located on another site. Sending a 301 avoids this problem [Dirk]

 - Group Admins should not even see the groups of which they are not a member

   (bug #280) [Dirk]

 - Prevent Group Admins from listing the members of a group unless they are a

   member of that group themselves [Dirk]

 - Introduced $_CONF['left_blocks_in_footer'] config option that makes the

   {left_blocks} variable available in footer.thtml (disabling it in header.thtml

   at the same time). This is really only useful for two-column layouts where

   you want the side blocks in the right column [Dirk]

 - Polls linked from the stats page now display the result of the poll instead

   of letting the user vote on them (feature request #267) [Dirk]

 - In the Admin's list of events and stories, don't list items for which the

   Admin doesn't have read access (bug #269). [Dirk]

 - Story IDs are now editable (just like the IDs of static pages). [Dirk]

   Important: Update the story editor template (admin/story/storyeditor.thtml)!

 - Fixed a bug that reset every user's password request as soon as some user

   changed their account information (bug #265) [Dirk]

 - Added support for URL rewriting to portal.php [Dirk]

 - The links for the What's Related block are stored in the 'related' field in

   the gl_stories table again. Parsing the story for links every time it is

   rendered uses too much CPU power (with apologies to groklaw.net) [Dirk]

 - Added theme variable {story_link} to commentbar.thtml to link back to original

   story the comments are derived from. [Vinny]

 - Introduced new file system/lib-story.php for story-related functions and

   moved COM_article, COM_whatsRelated, COM_extractLinks, as well as the code

   to delete article images into that file (functions were renamed accordingly:

   STORY_renderArticle, STORY_whatsRelated, STORY_extractLinks) [Dirk]

 - Fixed URLs to userphotos and story images when $_CONF['path_images'] had been

   changed (but was still inside of $_CONF['path_html']) [Dirk]

 - Added a script to convert an existing database to InnoDB tables (if the MySQL

   version supports them): admin/install/toinnodb.php [Dirk]

 - Added missing closing </a> tag in story search results (bug #260) [Dirk]

 - Added a second parameter to function COM_makeList that is used as a CSS

   class name in the list it returns (use {list_class_name} to get the actual

   class name, and {list_class} to get class="classname"). Changed the existing

   calls to COM_makeList to include class names, so that you can now use the

   following class names in your stylesheet to style lists: list-feed,

   list-new-comments, list-new-links, list-new-plugins, list-older-stories,

   list-personal-events, list-site-events, list-story-options, list-whats-related

   (the names should be self-explanatory) [Dirk]

 - Moved the docs directory to public_html/docs and added a link to it from the

   Admin's block (can be switched off in config.php by setting the new option

   $_CONF['link_documentation'] = 0) [Dirk]

 - Replaced 'ppmtojpeg' with 'pnmtojpeg' when using NetPBM for scaling

   uploaded JPEG images (bug #257) [Dirk]

 - Added a check (and a warning message) for PHP 4.1.0 to the install script,

   as that is our new minimum requirement [Dirk]

 - Rewrote install/success.php and added a link to install/check.php [Dirk]

 - Added the 'data' and 'pdfs' directory to install/check.php [Dirk]

 - Integrated the "welcome email hack": If the file 'welcome_email.txt' exists

   in the 'data' directory, the contents of that file are sent out as the

   welcome email to new users (instead of the hard-coded welcome message) [Dirk]

 - Introduced a 'data' directory ($_CONF['path_data'], defaulting to

   /path/to/geeklog/data) and use it for the batch user import, as Geeklog's

   base directory may not be writable on some setups (bug #77) [Dirk]

 - Sort list of older polls by date (newest first) and added paging [Dirk]

 - Make sure the old userphoto is deleted when uploading a new one (bug #228).

   So far, the old photo was not removed when the file type changed (e.g. from

   .gif to .jpg) [Dirk]

 - Don't assume the uploaded file in usersettings.php is always the userphoto -

   it may in fact belong to a plugin (bug #179). This bug prevented plugins from

   uploading their own files through the plugin API [Dirk]

 - Fixed repeating events in the personal calendar's day view (bug #232) [Dirk]

 - COM_siteHeader() now accepts a page title (to go between the page's

   <title>...</title> tags) as the second parameter, replacing the

   $_CONF['pagetitle'] hack (which still works but should be avoided) [Dirk]

 - In the site's page title, replace the site slogan with more meaningful

   information, where possible, e.g. "Submit a Story" on the story submission

   form, "Search Results", etc. (feature request #95) [Dirk]

 - Fixed deleting events from the personal calendar (bug #199) [Dirk]

 - Carry over the date and time from the calendar when Admins add a new event

   (bug #132) [Dirk]

 - Don't display "Site Events" headline in the Upcoming Events block when

   personal calendars are off (feature request #151) [Dirk]

 - Removed hard-coded am/pm formatted hours from the calendar's day view

   (calendar/dayview/dayview.thtml) and replaced them with {xx_hour} variables,

   where 'xx' is 0-23, which will be replaced with the hours formatted

   according to the $_CONF['timeonly'] config variable [Dirk]

 - Themes can now use a couple of CSS class names to style the small calendar (of

   the previous and next month) in month view: .smallcal, .smallcal-headline,

   .smallcal-week-even, .smallcal-week-odd, .smallcal-week-empty,

   .smallcal-day-even, .smallcal-day-odd, and .smallcal-day-empty [Dirk]

 - Improvements to the Story Archive Feature, UI tweaks, Language Extraction,

   Added new field to the topics table. Admin now sets the archive topic in

   the Topic Editor. Only one topic can be used - logic enforced. [Blaine]

 - Don't emit the <br><br> in article.php when the story's body text is empty

   (based on patch #147, provided by Andy Maloney) [Dirk]

 - Set {article_url} variable when displaying the story in article.php [Dirk]

 - Fixed missing </select> tags for the comment display mode and sort order

   drop-down menus in usersettings.php (patch #255, provided by machinari) [Dirk]

 - Hard-coded the names of the pseudo image tags in story.php, i.e. they are

   always [imageX], [imageX_left], and [imageX_right] now, independent of

   the current language file (bug #139) [Dirk]

 - Added the Auto-Archive Management feature. Optionally allows the Story Editor

   to archive or delete a story when the expire date is reached [Blaine]

 - Improved the commentbar to logically support comments viewed from comment.php

   [Vinny]

 - Removed a bug in comment.php that allowed a story/comment mismatch during

   display.  This was not exploitable.  [Vinny]

 - Integrated the timezone hack to compensate for time differences when your

   webserver is located in another timezone (original timezone hack by Yew Loong,

   with additions by "Joe" as well as several other geeklog.net users) [Dirk]

 - The calendar can now be configured so that the week starts on either a

   Sunday or a Monday - see new config variable $_CONF['week_start']

   (based on a patch by bond_anton) [Dirk]

 - Sort the admin's list of events by date (newest first). Also added paging,

   a row number and parameter filtering. Paging and the row number require

   theme changes in admin/event/eventlist.thtml and listitem.thtml [Dirk]

 - Incorporated a patch provided by Drago Goricanec to sort the Admin's user

   list by uid [Dirk]

 - Introduced 2 config options for the Who's Online block:

   - $_CONF['whosonline_fullname'] will display the user's full name,

   - $_CONF['whosonline_anonymous'] does not display the names of registered

     users to anonymous visitors of the site.

   Both options are disabled by default [Dirk]

 - Added support for single quotes and nested tags to COM_extractLinks [Vinny]

 - The admin_html and user_html are now merged recursively (bug #240) [Vinny]

 - Remove colons from email addresses, as they have a special meaning,

   according to RFC(2)822, that we didn't intend (bug #6) [Dirk]

 - Fixed compilation of regexp if the search query ended or started with a

   space (the resulting error message would also expose the path to article.php),

   (bug #251) [Dirk]

 - Sort the admin's list of polls by date (newest first). Also added paging,

   a row number and parameter filtering. Paging and the row number require

   theme changes in admin/poll/polllist.thtml and listitem.thtml [Dirk]

 - Added paging to the plugin editor (for more than 25 installed plugins).

   A {google_paging} variable is needed in admin/plugins/pluginlist.thtml for

   the paging links to show up [Dirk]

 - Emails sent from the Admin's mail form (admin/mail.php) were always sent

   with the site name and site email address, even if you entered something else

   in the form. Also made admin/mail/mailform.thtml slightly less ugly [Dirk]

 - When deleting a topic, keep the blocks assigned to that topic (bug #247).

   They're assigned to 'all topics' and disabled, but kept around now. The same

   applies for topic feeds, which weren't handled at all before [Dirk]

 - Make sure upload errors for user photos and story images are displayed in a

   Geeklog block, not on a blank screen [Dirk]

 - Fixed description of DB_insertId() in lib-database.php and dbInsertId() in

   mysql.class.php: The functions take a resource, describing the opened link to

   the database, not a record set (pointed out by lgonze on IRC). [Dirk]

 - Plugins are now getting the key type passed to their search function, so that

   they can perform a search for "exact phrase", "all of these words", or

   "any of these words" as selected from the search form. [Dirk]

 - Use URL rewriting for the link to a story's printer-friendly version, when

   activated (bug #201) [Dirk]

 - Resizing an image didn't work when the image height exceeded the max. height

   but the image width was still below the max. width (bug #242) [Dirk]

 - Keeping the unscaled image when using GDlib didn't work (bug #197) [Dirk]

 - Added a workaround for the Zeus webserver so that blocks marked "homeonly"

   properly appear there (bug #244) [Dirk]

 - Previewing a story submission from admin/story.php before saving it left the

   original story submission in the submission queue while also adding it as a

   new story. This has been fixed now [Dirk]

 - Added {article_url} variable for article/printable.thtml so that we can

   print the proper URL to the article if URL rewriting is on [Dirk]

 - Added filtering for the $order parameter in article.php [Dirk]

 - Added {link_actual_url} variable in links.php, holding the actual URL of

   a link (not Geeklog's redirect URL via portal.php). Updated template

   file links/linkdetails.thtml in all default themes to use {link_actual_url}

   in a title attribute for the links [Dirk]

 - The event description now honors linefeeds to allow some basic text

   formatting [Dirk]

 - Escape all PCRE special characters in the code to highlight search query

   words (bug #200). Also moved the code to its own function, COM_highlightQuery,

   in lib-common.php [Dirk]

 - The contents and order of the menu entries, i.e. of the {menu_elements}

   variable in header.thtml, is now configurable in config.php (new config

   variable $_CONF['menu_elements']). It also includes an option to add custom

   entries by implementing a function CUSTOM_menuEntries() that returns the

   additional entries [Dirk]

 - Use an UPDATE request when increasing the number of times a story has been

   emailed [Dirk]

 - When an error occurs while creating a backup, the complete command line

   used to call mysqldump is now added to error.log [Dirk]

 - Added 'view' mode to allow links directly to a single comment (and optionally

   its children) in comments.php.  [Vinny]

 - Added a few variables to be used in the eventdetails.thtml template file:

   {event_state_name} (full name of the state), {event_state_only} and

   {event_state_name_only} (abbreviated and full state name without the comma),

   {event_edit} (link to edit the event, if allowed for the current user),

   {edit_icon} (same, but with the edit icon instead of a text link),

   {lang_event_type} and {event_type} for the event type [Dirk]

 - Registered users can now report abusive comments to the site admin (inspired

   by Feature Request #171, which actually requested this for the forums).

   Requires new text strings in the language files and a new template file,

   comment/reportcomment.thtml [Dirk]

 - Bugfix: New users created through the batch import didn't get the email with

   their password [Dirk]

 - Moved function to create and send a password to lib-user.php to avoid having

   identical code in users.php, admin/user.php, and admin/moderation.php [Dirk]

 - Added {topic_image} variable (available in the topicoption.thtml and

   topicoption_off.thtml template files) so that you can use topic images in

   the Topics block (feature request #152) [Dirk]

 - COM_undoSpecialChars() now also handles   (bug #192) [Dirk]

 - Fixed handling of HTML entities in [code] sections (bug #159) [Dirk]

 - Added an option to look up IP addresses (new variable $_CONF['ip_lookup'] in

   config.php, pointing to a service that does IP address lookups) [Dirk]

 - Fixed problems with the database backup when there were spaces in the path to

   the backups directory (bug #185). [Dirk]

 - Added email notification for new comments (feature request #155) [Dirk]

 - Added tracking of IP addresses of comment posters (as suggested by Michael

   Jervis) [Dirk]

 - Altered COM_article to improve performance by reducing queries. [Vinny]

 - Reduced DB queries in COM_showTopics to improve performance. [Vinny]

 - Cached enabled plugins to reduce db queries and improve performance. [Vinny]

 - Fixed SEC_inGroup not using $_GROUPS cache in several instances. [Vinny]

 - mysql.class.php now only runs mysql_connect once per page load.  [Vinny]

 - The "Google paging" now has additional links to jump to the first and last

   page (patch provided by Niels Leenheer). [Dirk]

 - Introduced function COM_makeClickableLinks to turn URLs in text-only posts

   into clickable links (i.e. it's adding <a> tags around URLs). [Dirk]

 - Changed the comment insert, delete, display algorithms for improved

   efficiency. They now use a modified preorder tree traversal method. [Vinny]

 - Comment limit now applies to all the comments displayed, not just the top

   level comments. [Vinny]

 - Added pagination ability to comments ({pagenav} template variable in

   startcomment.thtml). [Vinny]

 - Fixed typo in timer.class.php that broke the ->restart() function. [Vinny]

 - Make sure the database backup files are always sorted by (last modified) date

   (found & fixed by Alexander Schmacks). [Dirk]

 - Make sure the user's preferred comment limit is used when changing the

   comment display via the comment bar (bug #176). [Vinny]

 - When URL rewriting is activated, the "rewritten" URLs are now also used

   in all (RSS) feeds containing links to articles. [Dirk]

 - Experimental: On a fresh install, use InnoDB tables (instead of MyISAM) if

   the MySQL version running on the server supports them (usually as of

   MySQL 4.0). This should avoid locks on tables where hit counters and the

   actual data are stored in the same table, e.g. stories (suggested by

   Marc Von Ahn). [Dirk]

 - Fixed bug in the install script when upgrading from 1.3.8 or earlier:

   Check to see if the static pages plugin is installed before attempting to

   update its tables (reported by Rob Griffiths). [Dirk]

 - Implemented a change to DB_fetchArray, suggested by Niels Leenheer:

   Geeklog will now, by default, only return associative array indices. In case

   the numeric indices are needed, a new (optional) second parameter for

   DB_fetchArray has to be set to "true". [Dirk]

 - Removed extra quotes in SQL statements in admin/block.php to ensure

   compatibility with old MySQL versions (reported by Elmer Masters). [Dirk]

 - In admin/database.php, if the is_executable function is not available (e.g.

   on Windows), do at least a file_exists to check if the mysqldump executable

   exists in the path given in config.php. [Dirk]

 - Introduced function COM_getTopicSQL which returns part of an SQL request to

   check for a user's topic access [Dirk]

   (This was actually introduced in 1.3.9sr1 but missing from the changelog)