1 Geeklog History/Changes:
5 Changes since 1.6.1rc1:
6 - Updated the age-old help texts and added help files for comment and user
7 submissions as well as the draft stories list [Dirk]
8 - The success message at the end of the install recommended setting
9 db-config.php and siteconfig.php to 755. These files don't need to be
10 executable, so recommend 644 instead (bug #0001036) [Dirk]
12 - Updated Estonian language file, provided by Artur Räpp
16 - Added missing code to handle $_SP_CONF['includesearchcenterblocks'] and
17 $_SP_CONF['includesearchphp'] options that was accidentally left out when
18 merging Tom's patch [Dirk]
19 - Removed reference to undeclared variable in SP_render_content (bug #0001032)
23 Nov 8, 2009 (1.6.1rc1)
26 Changes since 1.6.1b1:
27 - Moved hard coded green color for the search result byline (when using "Google"
28 style) to the stylesheet (new class "searchresult-byline") [Dirk]
29 - "Refine search" lost the status of the "Titles Only" checkbox [Dirk]
30 Note: This fix requires a change in search/searchform.thtml
31 - Improved display of the "Sort by" and "Show n results" dropdowns on the
32 search results page (feature request #0000910) [Sami, LWC]
33 - The search results page used HTML <br> tags even when XHTML was requested
34 (bug #0001022, patch provided by taca)
35 - Fixed wrong path reported in case of a missing 'data' directory (reported by
36 Markus Wollschläger) [Dirk]
37 - When a plugin returns 0 items for its entry in the Admins Block, don't display
38 that as 'N/A' (bug #0001025) [Dirk]
39 - Fixed a bug in the Group Editor that didn't let you add groups to other groups
40 unless your $_TABLES['groups'] happened to be called "groups" (bug #0000998)
43 - Updated Hebrew language files, provided by LWC
47 - When URL rewriting is enabled, return rewritten URLs for search results [Dirk]
51 - Fixed use of wrong CSS class for the entries for the What's New block [Tom]
57 - The user's time zone selection (from My Account) is actually used now [Dirk]
58 - Modernized the "timezone hack", made the config option a dropdown, and moved
59 all timezone-related code into a new TimeZoneConfig class [Dirk]
60 - Fixed an old bug that could cause SQL errors when a user changed their "Show
61 & hide boxes" settings [Dirk]
62 - Searching by author threw an error on PHP 4 (bug #0001008) [Dirk]
63 - Moved the functionality of the toinnodb.php script into the Database Backups
65 - Added an option to optimze tables to the Database Backups admin panel [Dirk]
66 - Added a notice about the expiry time for the security token (and the potential
67 loss of changes) to most editors. This is meant as an intermediate step
68 until we get around to updating the editors and provide a more user friendly
70 - Fixed display of text excerpt for search results on PHP 4 (bug #0001004)
72 - The comment speed limit was being ignored (bug #0001003) [Dirk]
73 - Added an icon to make the plugin update option somewhat more obvious [Dirk]
74 (icon "stock_update-data.png" taken from Gnome 2.18 icon theme set by
75 AMAZIGH Aneglus, released under the GPL)
76 - Allow bigger values for a topic's Sort Order field (feature request #0001011)
78 - When a Story Admin did not have permission to edit a story, Geeklog threw a
79 "call to a member function on a non-object" error when trying to display a
80 proper "access denied" message (reported by Chase and Cesar) [Dirk]
81 - Allow external apps to contribute to search results (feature request #0000985)
83 - Remember current sort/limit in search results (bug #0001007) [Sami]
84 - Don't display the comment form for a story when comments aren't enabled for it
86 - Fixed a long-standing quirk of the submission handling where the "Submissions"
87 entry in the Admins Block wasn't updated after accepting / rejecting a
89 - Fixed creation of multiple plugin groups in plugin autoinstall [Randy, Dirk]
90 - Added new option $_CONF['article_comment_close_enabled'] to enable/disable
91 automatically closing stories for comments after a certain amount of days
92 (bug #0000959). Changed handling of comment_expire field in gl_stories such
93 that 0 means the story is always open for comments [Dirk]
94 - The "Admin Group" checkbox in the Group Editor didn't work (bug #0000995,
95 reported & fix provided by Tsuchi)
96 - Setting $_CONF['article_comment_close_days'] to a high value (to work around
97 bugs with the "Disable Comments" option in 1.6.0) may result in values outside
98 of the range of the year dropdown for that option, in which case it reverted
99 to the previous(!) year and caused comments to be closed immediately [Dirk]
100 - When viewing your own profile page, you now get an "edit" link that take you
101 to "My Account" [Dirk]
102 - Additional checks in "Mail Story to a Friend", "Send mail to user", and
103 "Mail Users" dialogs to make sure users don't enter email addresses into the
104 name fields (bug #0000992) [Dirk]
105 - Added an option to send a copy to self to the "Mail Story to a Friend" dialog
106 and made the look of this and the "Send mail to user" dialogs more consistent
108 - Display the number of stories in the current topic in the Topic Editor
109 (feature request #0000806) [Dirk]
110 - Call CUSTOM_userCheck from admin/user.php (bug #0000925) [Dirk]
111 - You can now have one featured story per topic (feature request #0000750,
112 patch provided by Tom Homer)
113 - Changing the Post Mode in Advanced Editor mode selected the wrong tab
114 (bug #0000980, patch provided by dengen)
115 - Made the former $cc parameter for COM_mail an optional array of additional
116 email headers (using a string for that parameter still works as CC:) [Dirk]
117 - Fixed reply notification for the very first comment (bug #0000973)
119 - When an anonymous commenter left a name, use it in the comment notification
120 email (bug #0000960) [Dirk]
121 - Removed the CSRF token from all links to edit a comment. We only need it in
122 the actual comment editor and it caused problems on the moderation page [Dirk]
123 - For anonymous comments, use the anonymous user's name from the database, not
124 from the language file (cf. bug #0000960) [Dirk]
125 - The session and password cookies are now created with the HttpOnly flag set
126 to make it somewhat harder to read them from JavaScript (requires browser
128 - Fixed visibility of the "Send Ping" links in the Story Admin's list of stories
129 and the Story Options block [Dirk]
130 - The install script was switching back to English in some upgrade scenarios
131 (bug #0000969, patch provided by taca)
132 - Added a workaround to not lose the XMLSitemap priorities for Locales where
133 the comma is used as the decimal separator [Dirk]
134 - Keep track of actual upper/lowercase spelling of plugin names in the
135 XMLSitemap plugin [mystral-kk, Dirk]
136 - Added support for a CUSTOM_renderMenu function when rendering the top menu
137 (feature request #0000845) [Dirk]
138 - In the install script, always open db-config.php and siteconfig.php in
139 binary mode to avoid EOL character mixup on Windows (bug #0000730) [Dirk]
140 - Avoid SQL error with certain db dumps during migration (bug #0000955) [Dirk]
141 - Plugin migration was only called when the plugin also needed an upgrade
142 (bug #0000947) [Dirk]
143 - The Migrate option in the install script now also works on an existing
144 database (feature request #0000945) [Dirk]
145 - Comment notifications used the phrase "Read the full article" when pointing
146 to the new comment post (bug #0000940) [Dirk]
147 - Send correct content type and character set header in the install script
148 (bug #0000964, patch provided by taca)
149 - The "Remember Me For" option under My Account did not recognize the "(don't)"
150 option any more (bug #0000961) [Dirk]
151 - Send a notification when a comment goes into the submission queue [Dirk]
152 - Added a link back to the story to the "Mail Story to a Friend" form [Dirk]
153 - Only list [code], [raw] tags when story.* permissions are required [Dirk]
154 - [page_break] was not listed when all HTML was allowed for Root users [Dirk]
155 - Added support for meta tags and meta keywords, provided by Tom Homer
156 - When an error occurs in bigdump.php (during migration) keep the selected
157 language when sending the user back to migrate.php (bug #0000943) [Dirk]
158 - Use COM_getUserDateTimeFormat, i.e. the user's preferred format, for
159 displaying the date and time in search results [Dirk]
160 - When disabling a feed, delete the feed file [Dirk]
161 - Moved leftover hard-coded text from admin/sectest.php to the language files
163 - When creating Pingback excerpts, convert the other site's content to our
164 site's character set, when necessary [Dirk]
165 - New function COM_getTextContent converts HTML into continuous text. Used for
166 a more accurate "read more" count for articles and to improve the text
167 excerpts for search results and pingbacks [Dirk]
168 - Use COM_numberFormat to format the number of registered and anonymous users
169 displayed in the Who's Online block [Dirk]
170 - Use $LANG_ADMIN['na'] instead of hard-coding 'N/A' in several places [Dirk]
171 - For Remote Users, display their service name in the User Editor [Dirk]
173 Calendar Plugin 1.1.1
175 - Keep track of the user id for submitted events (bug #0000993) [Dirk]
176 - Reintroduced {event_begin_anchortag} and {event_end_anchortag} variables
178 - The number of hits for an event was reset when editing the event [Dirk]
179 - When cloning an event, the number of hits for the clone should be 0 [Dirk]
180 - Avoid triggering a false spam report when submitting an event with the default
181 "http://" entry for the link still in place (bug #0000946) [Dirk]
185 - Display the number of links in the current category in the Category Editor.
186 Note: Does not (yet) count links in sub-categories [Dirk]
187 - Link titles in autotags showed up with backslashes before quotes (bug
192 - Fixed display of the Polls block when it only contained polls not visible
193 for anonymous visitors (bug #0000996) [Dirk]
194 - When upgrading from Geeklog 1.5.2, the length of the poll IDs was not extended
195 to 40 characters - only fresh installs of Geeklog 1.6.0 and upgrades from
196 older versions worked correctly (cf. feature request #0000754) [Dirk]
197 - Added support for meta tags and meta keywords, provided by Tom Homer
198 - Introduced [poll:], [poll_vote:], and [poll_result:] autotags, allowing to
199 embed polls where autotags are allowed, provided by Tom Homer
201 Static Pages Plugin 1.6.1
203 - Certain types or all Static Pages can now be excluded from the search results
204 (feature request #0000979, provided by Tom Homer)
205 - New and updated Static Pages are now listed in the What's New block
206 (feature request #0000908, provided by Tom Homer)
207 - Fresh installs of the plugin in Geeklog 1.6.0 accidentally used a wrong name
208 for the plugin's admin group. Silently fix that during the upgrade [Dirk]
209 - Made the list of pages sortable by author (feature request #0000978) [Dirk]
210 - List available autotags in the static pages editor [Dirk]
211 - Added support for meta tags and meta keywords, provided by Tom Homer
214 Aug 30, 2009 (1.6.0sr2)
217 This release addresses the following security issue:
218 - Unauthorized file uploads were possible through FCKeditor.
219 Uploaded files still had to go through FCKeditor's filter, so it was not
220 possible to upload scripts (and the integrity of the Geeklog site as such was
221 not in danger). There were, however, reports that this was used to host
223 This update prevents use of the upload feature when FCKeditor is disabled and
224 disables it for anonymous users. It also doesn't allow uploading of archive
225 files any more. Furthermore, you need some sort of "edit" permission now to
226 be able to upload files through FCKeditor (this is meant as an interim
227 measure - we will probably introduce a separate "upload" permission in future
230 Not security-related:
231 - Fixed installation using InnoDB tables [Dirk]
232 - Links plugin: Fixed wrong function name in the autoinstall.php file
234 - Fixed an SQL error (due to a missing global declaration; not exploitable) when
235 the commentcode field was auto-updated (reported by Jokke_K) [Dirk]
237 This release also includes updated Hebrew (provided by LWC) and German language
241 Jul 30, 2009 (1.6.0sr1)
244 This release addresses the following security issues:
245 - Gerendi Sandor Attila reported an XSS in the forms to email a user and to
246 email a story to a friend.
247 - The "Mail Story to a Friend" function didn't check story permissions, so that
248 it was possible to email a story even if you didn't have the permissions to
251 Not security-related:
252 - Fixed an SQL error (due to a non-initialized variable; not exploitable) when
253 the story submission queue was off (reported by Dieter Thomas) [Dirk]
254 - Fixed calls to a nonexistent function COM_outputMessageAndAbort (should have
255 been COM_displayMessageAndAbort) [Dirk]
261 Geeklog 1.6.0 incorporates the following projects implemented during
262 the 2008 Google Summer of Code:
264 + Site migration support and easier plugin installation, by Matt West
265 + Improved search, by Sami Barakat
266 + Comment moderation and editable comments, by Jared Wenerd
268 Changes since 1.6.0rc2:
269 - Updated language file for formal German, provided by Markus Wollschläger
270 - Updated Japanese language file and documentation, provided by the
274 Jul 12, 2009 (1.6.0rc2)
277 Changes since 1.6.0rc1:
278 - Updated FCKeditor to version 2.6.4.1 [Dirk]
279 - Fixed advanced search not using start and end dates (bug #0000924, patch
281 - Fixed auto-detection of table prefix during migration when the SQL dump
282 contained CREATE TABLE IF NOT EXISTS requests (bug #0000922) [Dirk]
283 - When an error occurs in bigdump.php (during migration) send the user back to
284 migrate.php (bug #0000919) [Dirk]
285 - Fixed warning in migration script when no backups are available (bug #0000918,
286 patch provided by hiroron)
288 - Updated Estonian language files, provided by Artur Räpp
289 - Updated Hebrew language files, provided by LWC
290 - Updated Japanese language files and documentation, provided by the
294 Jun 28, 2009 (1.6.0rc1)
297 Changes since 1.6.0b3:
298 - Fixed include path for db-config.php in bigdump.php (bug #0000915) [Dirk]
299 - Improved detection of UTF-8 database dumps in migration (bug #0000916) [Dirk]
300 - Fixed typos in the install script (bugs #0000913 and #0000914) [Dirk]
303 Jun 21, 2009 (1.6.0b3)
306 Changes since 1.6.0b2:
307 - Fixed IE6 and Safari compatibility issue with sort and limit combo boxes in
308 search results (part of bug #0000874) [Sami]
309 - Fixed HTML in the Configuration (bug #0000907) [Dirk]
310 - Added a more prominent reminder to remove the install script [Dirk]
311 - Made the link to a comment's parent object from the comment bar work properly
313 - Allow searching by topic (without a query string) again (reported by Markus
315 - Fixed handling of $_CONF['comment_close_rec_stories'] (bug #0000899) [Dirk]
316 - Improved selection of text portion displayed in search results [Dirk]
317 - Fixed an error that occured after deleting a trackback [Dirk]
318 - Replace autotags in search results (bug #0000887) [Dirk]
319 - Don't insist on an email address when editing a Remote User (bug #0000885)
321 - Added a config option to send an X-FRAME-OPTIONS HTTP header to prevent
322 "clickjacking" (requires browser support) [Dirk]
323 - Prevent XSS in the install script (reported independently by Nemesis and MaXe)
325 - Removed old plugin API function plugin_commentsupport from the Calendar,
326 Polls, and Static Pages plugins [Dirk]
328 - Updated Japanese language files and Japanese documentation,
329 provided by the Geeklog.jp group
333 - Fixed leap year check [Sean Clark]
337 - Implemented PLG_getCommentUrlId [Dirk]
338 - Update polls comments when changing a poll's ID so the comments don't become
339 orphaned (part of bug #0000901) [Dirk]
343 - Another attempt to fix a compatibility issue with PHP 4 (parse error)
345 - Implemented PLG_getCommentUrlId [Dirk]
346 - Update static pages comments when changing a page's ID so the comments don't
347 become orphaned (part of bug #0000901) [Dirk]
348 - When deleting a static page, also delete its comments (bug #0000901) [Dirk]
352 - Add the Polls plugin to the sitemap by default (part of bug #0000898) [Dirk]
353 - When manually adding or removing plugins, automatically add/remove
354 corresponding entries for priority and frequency (part of bug #0000898) [Dirk]
357 May 31, 2009 (1.6.0b2)
360 Changes since 1.6.0b1:
361 - Various fixes to the new search (work in progress) [Sami]
362 - The list of Comment Submissions now tries to provide a link to a comment's
363 parent object (article, poll, ...). If not available, it displays an excerpt
364 from the comment [Dirk]
365 - Plugin comments lost their type when being saved in the comment submission
366 queue (they were treated as comments on stories) [Dirk]
367 - SQL errors now trigger the standard error handler ("Unfortunately, an error
368 has occurred ..."). Details are available in error.log, as usual [Tony, Dirk]
369 - Removed the $_CONF['search_no_data'] config option and moved the text to the
370 language files (bug #0000873) [Dirk]
371 - All bundled plugins now include a check to see if they support the DBMS the
372 site is running on [Dirk]
373 - A fresh install didn't check if the bundled plugins are compatible with the
374 Geeklog version about to be installed [Dirk]
375 - Users couldn't change their password or delete their account (reported by
377 - Fixed plugin postinstall from the install script [Dirk]
378 - Made COM_createImage recognize https:// URLs (bug #0000881) [Dirk]
379 - Fixed notices in the config class (reported by tgc and others) [Dirk]
380 - Fixed empty entries in the "Type" dropdown on the Advanced Search page.
381 Requires an updated search/searchform.thtml template (part of bug #0000874)
382 - Ensure PLG_templateSetVars (and therefore CUSTOM_templateSetVars) is called
383 properly when the "Skip Preview" option is disabled (bug #0000880) [Dirk]
384 - Fixed handling of multi-byte encoded texts when limiting the content of feed
385 entries to a certain amount of characters (reported by alank) [Dirk]
386 - Added a verbose logging option to the search class and make it default to off
388 - lib-custom.php was missing from the 1.6.0b1 tarball
390 - Updated Spanish language file, provided by Juan Pablo Novillo
394 - Display a message when a plugin comment is queued [Dirk]
395 - If you knew a poll's ID, you could find out the poll's title even if you did
396 not have access to the poll [Dirk]
397 - Fixed (mostly) blank page when calling up a non-existing poll ID (reported
402 - Display a message when a plugin comment is queued [Dirk]
403 - Fixed handling of "entire page" centerblocks in a multi-language environment:
404 Need to allow one per language (reported by Norbert Ortmann) [Dirk]
405 - Fixed a typo that prevented the [staticpage:] autotag from working [Dirk]
409 - Added an option to exclude plugins from inclusion in the sitemap. Defaults
410 to the Links plugin [Dirk]
411 - Remove sitemap files when uninstalling the plugin [Dirk]
412 - Don't include Links in the sitemap.xml automatically [Dirk]
413 - Fixed "missing argument 2" error when changing config options (reported by
414 Markus Wollschläger) [Dirk]
417 May 1, 2009 (1.6.0b1)
420 - New XMLSitemap plugin that creates a XML sitemaps file as supported by all
421 major search engines, provided by mystral-kk
422 - Don't allow to add/remove users to/from the All Users and Logged-in Users
423 groups via the group editor (bugs #0000863 and #0000864) [Dirk]
424 - Cosmetic changes to the form to add/remove users to/from groups, for
425 consistency with the other admin panels [Dirk]
426 - Document where CUSTOM_templateSetVars is actually called from (bug #0000862)
428 - Added option to search by titles only (feature request #0000840) [Sami]
429 - The "Plugins" entry in the Admins Block now displays the number of enabled
430 plugins (previously included the disabled plugins) [Dirk]
431 - Added a config option to enable/disable automatically turning URLs in text
432 postings into clickable URLs [Dirk]
433 - Changed some default settings [Dirk]:
434 * Webservices are now disabled
435 * Cronjob emulation is off
436 * Default sort for topics is alphabetically
437 * Default comment mode is nested
438 These settings are _not_ changed when upgrading from an earlier version.
439 - Experimental: Compress HTML output before sending it to the browser (disabled
440 by default; has to be supported by both the browser and the webserver) [Dirk]
441 - Added canonical link for article directory [Dirk]
442 - Moved hard-coded texts from admin/sectest.php to the language files (bug
444 - Added an option to send a copy of the email to a user to self (feature request
445 #0000771, based on a patch by Roshan Singh)
446 - COM_checkList would use the table name for the name of the checkbox array in
447 the HTML(!). Added a new parameter for the name (pointed out by Bookoo in
448 the exploit for usersettings.php, cf. Geeklog 1.5.2sr4) [Dirk]
449 - Fixed wrong use of COM_allowedHTML and COM_checkHTML in plugins: Functions
450 were called without specific permissions, so they defaulted to 'story.edit'.
451 I.e. as a Story Admin, you could use the admin_html set in events, but as a
452 Calendar admin, you could not ... (bug #0000785) [Dirk]
453 - Added missing finish() calls for some templates, e.g. header.thtml
454 (bug #0000855) [Dirk]
455 - Moved documentation to docs/english so that it can be translated
456 (feature request #0000770) [Dirk]
457 - New plugin API function PLG_pluginStateChange [Dirk]
458 - Fixed dropdown for the "censor mode", which has more than the two options
459 offered previously (bug #0000692) [Mike, Maciej Cupial]
460 - Slightly faster template class (feature request #0000760, patches provided
461 by dengen and mystral-kk)
462 - Use a more efficient implementation of Story::hasContent (bug #0000858, patch
463 provided by Maciej Cupial)
464 - Make sure formerly optional config items can be disabled (bug #0000846) [Dirk]
465 - New plugin API function PLG_getDocumentationUrl (feature request #0000848)
467 - Fresh installs + MySQL only: Changed some tinyint fields that are only used
468 as flags to tinyint(1) from tinyint(3) (bug #0000857)
469 - Fixed one of the predefined date format strings (bug #0000854)
470 - Replace Wiki-style formatting in the Daily Digest and when emailing a story
471 to a friend (bug #0000837, patch provided by Pawel Szczur)
472 - New plugin API function PLG_configChange (feature request #0000694) [Dirk]
473 - Fixed layout of Batch Add and Batch Admin options of the User Manager [Dirk]
474 - On a login failure, the user registration form showed up even when new user
475 registration was disabled (bug #0000843)
476 - The Wiki-style format broke national special characters, e.g. Japanese and
477 German umlauts (bug #0000823) [Dirk]
478 - Introduced new plugin API function PLG_migrate [Dirk]
479 - Allow switching the DOCTYPE from the Configuration. Requires a theme that
480 uses {doctype} instead of a hard-coded DOCTYPE declaration (feature request
482 - The notification email about new user submissions didn't include information
483 about the remote service used (if any) [Dirk]
484 - Define {xmlns} when using XHTML for XHTML compliance. Updated header.thtml
485 and article/printable.thtml template files to include that variable [Dirk]
486 - Fixed wrong use of '&' when sending a trackback (bug #0000825)
487 - Removed incomplete PDF generator (never enabled in any shipped version) [Dirk]
488 - Fixed a problem with words being merged together in newsfeeds when the article
489 was written with CR as the line separator [Dirk]
490 - Made url rewriting work on setups that only set $_SERVER['ORIG_PATH_INFO']
492 - Fixed duplicate plugin entries when a plugin has more than one entry for the
493 admin or user menu (bug #0000820)
494 - {contributedby_user} and {contributedby_fullname} weren't set in the story
495 templates (bug #0000821) [Dirk]
496 - Reinstated old definitions of the {start_contributedby_anchortag},
497 {end_contributedby_anchortag}, and {contributedby_author} variables, i.e. the
498 two anchortag variables are set again and _author contains the name only (bug
500 - Auto-deleting a story didn't delete trackbacks for that story [Dirk]
501 - Ensure consistent template variable names for the Permission Editor [Dirk]
502 - Added new permission 'group.assign', now required to be able to assign a user
503 to a group. Part of the Group Admin (not User Admin) permissions by default
504 (feature request #0000190) [Dirk]
505 - Raised minimum required PHP version to PHP 4.3.0 and removed all workarounds
506 that ensured compatibility with PHP 4.1.0 [Dirk]
507 - Added a filename mask config option for the names of the database backups
509 - Removed $_CONF['pagetitle'] hack. Use COM_siteHeader('menu', $pagetitle)
511 - Added canonical link for articles [Dirk]
512 - Moved hard-coded "Reminders" column title to the language file (bug #0000817)
513 - Hide archive option radiobutton from the story editor when no archive topic
514 is defined (feature request #0000807) [Dirk]
515 - Display group names with an uppercase first letter everywhere [Dirk]
516 - Added an ISO 8601-ish format to the gl_dateformats table [Dirk]
517 - Let users with user.mail permissions only email groups that they are in
519 - Gave the Groups and User editors a facelift. Requires a new template file,
520 admin/lists/inline.thtml [Dirk]
521 - Introduced list of "advanced HTML" tags that are allowed when FCKeditor is
522 enabled. Needed for images (bug #0000757) [Blaine]
523 - Add new permissions plugin.install and plugin.upload for more fine-grained
524 control to the plugin admin panel (bug #0000637) [Dirk]
525 - Introduced new plugin API function PLG_itemDeleted [Dirk]
526 - Changed API for PLG_itemSaved to make it simpler and easier to use [Dirk]
527 - Updated FCKeditor to version 2.6.4 [Blaine]
528 - Usersettings.php - can not change password when custom membership is enabled.
529 Modified CUSTOM_userCheck to return both a error message string and Error
530 code. Updated users.php and usersettings,php (bug #0000776) [Blaine]
531 - Implemented extended API for PLG_getItemInfo [mystral-kk, Dirk]
532 - Fixed inconsistencies and various small mistakes when displaying "Access
533 denied" messages on the admin pages [Dirk]
534 - Added a print.css stylesheet to be used by the printable template files
535 (feature request #0000766) [Dirk]
536 - Re-introduced the path hints in the install script when it can't find
538 - Added a note about the max. dimensions of a userphoto in the About You pane
539 of a user's My Account page (feature request #0000629) [Dirk]
540 - Display a message when no topics exist and don't let the user enter the story
541 editors (bug #0000738) [Dirk]
542 - Added a configuration option to control the JPEG quality (Feature request
545 - Updated Hebrew language file for the install script, provided by LWC
546 - New Serbian (Latin) language files, provided by Aleksandar Scepanovic
550 - Added migration support [Dirk]
551 - Removed extra double quote from upcoming events block (bug #0000827)
552 - Added auto installation support [Dirk]
553 - Added support for PLG_getItemInfo, PLG_itemSaved, PLG_itemDeleted [Dirk]
557 - Added migration support [Dirk]
558 - Added category default permissions [Dirk]
559 - Added auto installation support [Dirk]
560 - Added support for PLG_getItemInfo, PLG_itemSaved, PLG_itemDeleted [Dirk]
561 - Introduced function LINKS_getCategorySQL and fixed visibility of link
562 categories in the Top 10 Links list and site statistics [Dirk]
563 - Added an option to allow opening external links in a new window (feature
564 request #0000693). Use with care, please [Dirk]
565 - Only external links are marked with class="ext-link" [Dirk]
569 - Added migration support [Dirk]
570 - Set the page title when viewing a poll [Dirk]
571 - Added auto installation support [Dirk]
572 - Added support for PLG_getItemInfo, PLG_itemSaved, PLG_itemDeleted [Dirk]
573 - Extended length of poll IDs to 40 characters (feature request #0000754) [Dirk]
577 - Added migration support [Dirk]
578 - Added auto installation support [Dirk]
582 - Added migration support [Dirk]
583 - The printable.thtml template file now uses the {xmlns} variable [Dirk]
584 - Added canonical link [Dirk]
585 - Added auto installation support [Dirk]
586 - Added support for PLG_getItemInfo, PLG_itemSaved, PLG_itemDeleted [Dirk]
587 - The printable.thtml template file uses the HTML Strict doctype and print.css
589 - Display "successfully saved" and "successfully deleted" messages, just like
590 every other plugin and built-in function does (bug #0000644) [Dirk]
593 Jul 30, 2009 (1.5.2sr5)
596 This release addresses the following security issues:
597 - Gerendi Sandor Attila reported an XSS in the forms to email a user and to
598 email a story to a friend.
599 - The "Mail Story to a Friend" function didn't check story permissions, so that
600 it was possible to email a story even if you didn't have the permissions to
604 Apr 18, 2009 (1.5.2sr4)
607 This release addresses the following security issue:
609 Bookoo of the Nine Situations Group posted another SQL injection exploit,
610 targetting an old bug in usersettings.php. As with the previous issues, this
611 allowed an attacker to extract the password hash for any account and is fixed
615 Apr 13, 2009 (1.5.2sr3)
618 This release addresses the following security issue:
620 Bookoo of the Nine Situations Group posted another SQL injection exploit, this
621 time targetting the webservices API. As with the previous issue, this allowed
622 an attacker to extract the password hash for any account and is fixed with this
625 Not security-related:
626 - Re-introduced function get_SPX_Ver in the install script, which is still
627 needed when upgrading from old Geeklog releases (reported by Sheila) [Dirk]
630 Apr 4, 2009 (1.5.2sr2)
633 This release addresses the following security issue:
635 Bookoo of the Nine Situations Group posted an SQL injection exploit for glFusion
636 that also works with Geeklog. This issue allowed an attacker to extract the
637 password hash for any account and is fixed with this release.
640 Mar 30, 2009 (1.5.2sr1)
643 This release addresses the following security issue:
645 Fernando Munoz reported a possible XSS in the query form on most admin panels
646 that we are fixing with this release (bug #0000841).
652 - The default replacement text for censored text was supposed to read
653 "censored", not "censormode" [Dirk]
654 - Fixed problem with extra backslashes appearing in a story's title during the
655 story preview when magic_quotes_gpc = On (bug #0000790) [Mike, Dirk]
656 - Added missing page title when viewing a single comment [Dirk]
657 - Sort groups in the group dropdowns non-case sensitive [Dirk]
658 - Display a message when sending the email to report an abusive comment failed
660 - Display a message when sending the email for a new password failed [Dirk]
662 - Updated Estonian language file for the Calendar plugin, provided by Artur Räpp
663 - Updated Japanese language file, provided by the Geeklog.jp group
667 - Fixed parse error when saving a static page (reported by greenteagod). This
668 problem was only introduced in 1.5.2rc1 [Dirk]
671 Jan 24, 2009 (1.5.2rc1)
674 - Fixed various issues with COM_makeClickableLinks (bug #0000767, #0000793,
676 - The comment submission form didn't show the user's full name when
677 $_CONF['show_fullname'] was enabled [Dirk]
678 - Comments were always showing the username, even when $_CONF['show_fullname']
679 was enabled (reported and patch provided by mystral-kk, bug #0000800)
680 - Fixed story preview losing the story when the sid already existed (bug
682 - Fixed wrong use of str_replace in STORY_extractLinks (bug #0000794) [Dirk]
683 - Added "Send Pings" to the Story Options block (if enabled and allowed for the
685 - Don't let the user enable plugins when there's no functions.inc for the
687 - When the install script can't find db-config.php, that message was always
688 displayed in English, i.e. you could not change the language for that screen
690 - When upgrading from a Geeklog version prior to 1.5.0, the plugin config.php
691 files are no longer renamed [Dirk]
692 - Admin lists allowed non-sortable columns to be sortable (reported and patch
693 provided by hiroron, bug #0000791)
694 - Fixed STORY_getItemInfo - need to check the draft flag and for a publish date
695 in the future [mystral-kk, Dirk]
696 - Fixed wrong use of COM_isAnonUser in COM_getPermSQL (since 1.5.0) [Dirk]
697 - When calling COM_getYearFormOptions with a $startoffset parameter, the list
698 of years was off by one (bug #0000783; patch provided by hiroron)
699 - Fixed updating feeds after changing topic permissions (bug #0000779) [Dirk]
700 - The security token was missing from the trackback editor template file
701 (reported and patch provided by hiroron, bug #0000778)
702 - Removed rel="tag" from topic links in lib-story.php as that would indicate a
703 Microformat with a slightly different meaning [Dirk]
704 - Don't include X-Originating-IP header in emails sent from the site's admin
705 area (bug #0000701) [Dirk]
706 - Check if COM_errorLog exists before using it in the config class (for possible
707 problems during installation, bug #0000768) [Dirk]
708 - Fixed filling out the Site Email / No-Reply Email fields in the install
709 script, which was overwriting the correct values from config.php during
710 upgrades (bug #0000759) [Dirk]
711 - Set language direction in templates for printable versions of articles and
712 static pages. Also set $LANG_DIRECTION to 'ltr' now if the language file does
713 not already define it (bug #0000762) [Dirk]
714 - Removing an element from the middle of the censorlist caused the censoring
715 to act up (bug #0000763) [Dirk]
716 - Saving a story tried to update a feed of type 'geeklog' instead of 'article'
717 (reported by Tom Homer)
718 - Delete a feed's file when deleting a feed (bug #0000758) [Dirk]
719 - When using gdlib, use imagecopyresampled instead or imagecopyresized to scale
720 images. This should result in better image quality (part of Feature request
722 - The {start_storylink_anchortag} variable in the story templates was missing
723 a '>' (reported by Michael Brusletten) [Dirk]
724 - Display a "Service" column in the Admin's list of users when remote auth is
726 - Introduced new function COM_showMessageText to display a free-form text in a
727 "System Message" box (feature request #0000676) [Dirk]
728 - Introduced new function COM_showMessageFromParameter for easy and consistent
729 display of messages passed in the URL, including plugin messages (second
730 attempt to fix bug #0000618) [Dirk]
731 - Display confirmation message when emailing a story (feature request #0000689)
733 - Implemented new function COM_renderWikiText to convert wiki-formatted text
734 to (X)HTML (feature request #0000643) [Dirk]
735 - Added support for CUSTOM_formatEmailAddress and CUSTOM_emailEscape functions
736 (feature request #0000727) [Dirk]
737 - Fixed 'cookiedomain' being reported as changed in the Configuration
738 (bug #0000638) [Dirk]
739 - Reverted fix for bug #0000618 (COM_showMessage automatically picking up a
740 'plugin' parameter) as it's causing problems when displaying more than one
741 message on the same page [Dirk]
742 - Added missing check for allowed IP addresses in downloader class
743 (bug #0000709) [Dirk]
744 - Force a refresh after uninstalling a plugin so that the plugin's entry
745 disappears from the Admins block [Dirk]
746 - Fixed an issue with story expiry dates on PHP 4/Windows (reported by zeb)
749 - Updated Hebrew language file for the install script and Spam-X plugin,
751 - Updated Japanese language files, provided by the Geeklog.jp group
752 - Updated Polish language files, provided by Robert Stadnik
753 - Updated Slovenian language file for the Links plugin, provided by gape
757 - Fix for calendar plugin - unable to add personal event [Blaine]
758 - Make {event_url} available in eventdetails.thtml [Dirk]
762 - Missing parentheses my have resulted in incorrect search results [Dirk]
763 - Added urlencoded versions of {link_actual_url} and {link_name} [Dirk]
764 - Prevent overwriting existing links when changing the link ID [Dirk]
768 - Lowered the default number of questions per poll to 5 and the number of
769 answers per question to 8 to avoid running into Suhosin's default
770 post.max_vars limit (for new installs only) [Dirk]
771 - Fixed SQL error when poll questions contained single quotes (bug #0000756)
773 - Fixed handling of poll IDs in Polls editor (bug #0000753) [Dirk]
777 - The owner of a static page changed to the user who last edited it
778 (bug #0000777) [Dirk]
779 - Fixed call to WS_makeId when sp_id was longer than STATICPAGE_MAX_ID_LENGTH
780 (found by Marc Maier) [Dirk]
787 - Fixed protection against direct execution in various include files which may
788 have failed on non-case sensitive file systems (reported by Mark Evans) [Dirk]
789 - Saving a story as someone other than the owner will revert the story to your
790 ownership. (bug #0000742) [Mike]
791 - Fixed searching for non-installed plugins when open_basedir restrictions are
792 in effect (bug #0000741)
793 - Fix for first change of password issue (bug #0000724) [Mike]
794 - Fixed failure to switch language with new query highlighting URLs
795 (bug #0000733) [Dirk]
796 - Fixed bug with HTML Encoding of default comment title for articles
797 (bug #0000737) [Mike]
798 - Fixed another case where a duplicate of a story submission was left in the
799 submission queue after approving the story [Mike]
800 - Fixed problem with the MySQL class not recognizing UTF-8 when the character
801 set name was written in uppercase (bug #0000731) [Dirk]
803 - Updated Hebrew language files, provided by LWC
804 - Updated Estonian language files, provided by Artur Räpp
805 - Updated Japanese language files, provided by the Geeklog.jp group
806 - Updated Slovenian language files, provided by gape
809 Sep 7, 2008 (1.5.1rc1)
812 - Added missing slash in the install script (bug #0000715) [Dirk]
813 - CSRF token not passed to draft list (bug #0000726) [Ted Powell]
814 - If root debugging is enabled, hide anything in the array stack that has a key
815 containing 'cookie' or 'pass'. And added option to override this.
816 (bug #0000722) [Mike]
817 - Prevent direct execution of the FCKeditor upload script (reported by t0pP8uZz) [Dirk]
818 - Renamed the "Restore" option in the Configuration to "Enable" [Dirk]
819 - Provided better error handling for database backups (bug #0000714) [Mike]
820 - Provided auto-detection of -left and -right overrides for any given block
821 template. This allows any block to auto-style to left and right for themes
822 without the need for the theme to work it out, or talk to the database.
823 ("Bug" #0000684) [Mike]
824 - Fixed handling of corrupted config value db entries, e.g. after importing
825 Calendar event_types with the wrong character set (bug #0000690) [Dirk]
826 - Fixed handling of HTML entities in the Configuration (bug #0000710)
828 - Story image upload: Only add a link to the unscaled image if such an image
829 actually exists [Dirk]
830 - Removed unused code from lib-story.php [Dirk]
831 - COM_siteFooter no-longer creates two sets of right blocks. (bug #0000698)
833 - Microsummaries work in topics, reported by Joe. [Mike]
834 - Added DB_checkTableExists and changed INST_checkTableExists to use it. [Mike]
835 - Changed REPLACE INTO for DB_save for MSSQL compat [Mike]
836 - Re-introduced function get_SP_Ver in the install script, which is still needed
837 when upgrading from old Geeklog releases (reported by libexec) [Dirk]
838 - Fixed issue where you can post a comment to an unpublished story (bug
839 #0000705) [mystral-kk/Mike]
840 - Fixed make clickable links with quotes (bug #0000691) plus truncated long
842 - Fixed table prefix issues with constraints (bug #0000702) [Mike/Sami]
843 - Fixed error when attempting to highlight a search query that contained a
845 - Updated FCKeditor to v2.6.3 [Blaine]
846 - Moved remove() (config JavaScript) to gl_cfg_remove (bug #0000681) [Mike]
847 - Change for CUSTOM_usercreate to support passing in $batchimport,
848 set true if called via the Admin->Users Batch_Add [Blaine]
849 - Fix for date formatting in RSS fields (bug #0000696) [mystral-kk]
850 - A small tweak to the Professional theme's commentbar to make the "Post a
851 comment" option easier to find [Dirk]
852 - Renamed the syndication feed type "geeklog" to "article" since that's what
853 they are nowadays [Dirk]
854 - New option "All Frontpage Stories" for article feeds: skip stories that have
855 the "Show only in topic" option set (feature request #0000652) [Dirk]
856 - If there is a feed for a topic, there will now be a "Subscribe to ..." option
857 in the Story Options block for every story for that topic (feature request
859 - Cop-out fix for bug #0000671: Don't display the icon for external links when
860 the text direction is 'rtl' (e.g. Hebrew) [Dirk, Mike]
861 - Keep letter case intact when highlighting a search query string (patch
862 provided by Sami Barakat)
863 - Provide nicer URLs to story search results when URL rewriting is enabled
864 (bug #0000665, based on a patch by Sami Barakat) [Dirk]
865 - Better support for plugin messages (bug #0000618) [Blaine]
866 - Introduced new variable {page_title_and_site_name} for header.thtml so that
867 we can have "Site Name - Site Slogan" in the frontpage's title again [Dirk]
868 - Fixed SQL error(s) for story submissions by users with story.submit but no
869 further Story Admin permissions (reported by Orion) [Dirk]
870 - End a user's session when they are being banned [Dirk]
871 - Signatures in HTML-formatted comments weren't XHTML compliant [Dirk]
872 - Minor cleanups in style.css - no actual layout changes (bug #0000683) [Dirk]
873 - Allow creation of banned users, i.e. ban the user on account creation [Dirk]
874 - Minor improvements in the error handling, e.g. preventing Geeklog from
875 creating error.log files outside the logs directory [Dirk]
876 - Send a HTTP status code 503 "Service Unavailable" when the site is disabled
878 - Hide the database password when the database backup failed and we're logging
879 the mysqldump command [Dirk]
880 - Disable OpenID login when new registrations are disabled [Dirk]
881 - Allow to unset Configuration options again after they have been "restored",
882 i.e. enabled (bug #0000664) [Dirk]
883 - Adopted hack to allow multilingual blocks (bug #0000626) [Dirk]
884 - Fixed SQL error in story submissions (reported by Chase) [Mike]
885 - Stories with a publishing date in the future and stories with the draft flag
886 set were accessible if you knew their story id (bug #0000678) [Mike]
887 - Enabled siteconfig.php to override database config in core, primarily for
888 rootdebug. [bug 0000673] [Mike]
889 - Allow remote users to use the webservices (bug #0000640). Due to the
890 authentication method it is not possible for OpenID users to use the
891 webservices. Other remote users will have to use username@servicename for
892 their username when logging in through the webservices [Dirk]
893 - Fix to template.class to better handle full path being passed in [Blaine]
894 - Updated PLG_uninstall to supress errors for table drop. [bug 0000668] [Mike]
895 - Fixed INST_checkTableExists for MS SQL Support. [bug 0000668] [Mike]
896 - Hardcode an ltr div around HTML tags in the allowed html tag list. Plus minor
897 HTML compliance issues. [bug 0000669] [Mike]
898 - Plaintext stories have nl2br applied in syndication feeds to provide correct
899 formatting in feed readers. [bug 0000662] [Mike]
900 - Changed SEC_createToken so that it will only return one token per page
901 (effectively making it a singleton). This fixes the problem of not being able
902 to delete comments when you also have trackbacks for the same article
904 - Approving a story submission by saving it from the Admin's story editor left
905 a duplicate in the submission queue, unless you changed the story ID at the
906 same time [Dirk, Mark Evans]
907 - Fixed user submission queue (reported by greenteagod) [Dirk]
909 - Updated Hebrew language files, provided by LWC
913 - Fixed <brXHTML> tags in the German language files for the Calendar [Dirk]
914 - Fixed date comparison ("End date is before start date.", bug #0000703) [Dirk]
915 - Fixed Admin delete links in day and week view (bug #0000680) [Dirk]
916 - Search for an event's "author" didn't work [Dirk]
917 - Calendar block now includes events from the current day (in progress or all
918 day events, bug 0000604, patch from forums) (really) [Mike]
922 - Fixed passing the category on multi-page link lists [Dirk]
923 - Fixed new category silently overwriting an existing category if they had the
924 same id (part 2 of bug #0000659) [Dirk]
925 - Fixed SQL error when trying to change a category id to an already existing id
926 (part 1 of bug #0000659) [Dirk]
930 - For multi-question polls, make the "Vote" button read "Start Poll" in the
931 polls block (bug #0000633) [Dirk]
932 - Fixed display of "Results" link while a poll is open [Dirk]
936 - Menu entries were not language-aware (in multi-language setups), i.e. all the
937 menu entries were always displayed (bug #0000713) [Dirk]
938 - Removed unused 'config_data' entry from the plugin uninstall function
939 (bug #0000666) [Dirk]
940 - Fixed printer friendly version of a static page not working when url_rewrite
941 is enabled (bug #0000661) [Dirk]
944 June 15, 2008 (1.5.0)
947 Geeklog 1.5.0 incorporates the following projects implemented during
948 the 2007 Google Summer of Code:
950 + New user-friendly install script by Matt West
951 + New Configuration GUI (replacing config.php) by Aaron Blankstein
952 + New Webservices API based on the Atom Publishing Protocol by Ramnath R. Iyer
954 Changes since 1.5.0rc2:
955 - Users that used a different theme than the site default would see the site
956 switch temporarily back to the site's default theme when changing a config
957 option. This was a side effect of the fix for bug #0000648 [Dirk]
958 - In a tradeoff between security and convenience, we decided to go with
959 security: The install script will no longer display the database credentials
960 from db-config.php. The downside is that you will have to enter them again
961 when doing a database upgrade or re-running the install (reported by Mark
963 - Links plugin: The word "Root" wasn't taken from the language file for the page
964 title of the public list of links (reported by Markus Wollschläger) [Dirk]
965 - Fixed remaining places where the Admin panels had inconsistent layouts:
966 Calendar list of events, Polls editor (bug #0000650) [Dirk]
968 - Updated Hebrew language file, provided by LWC
969 - Updated German language files, provided by Markus Wollschläger
970 - Some Korean language files had a mixture of CR/LF and LF as line separators
971 (bug #0000655) [Dirk]
974 June 8, 2008 (1.5.0rc2)
977 Changes since 1.5.0rc1:
978 - Hide the | separator for static pages with page format "blank page" (reported
979 by Tetsuko Komma) [Dirk]
980 - Hardcoded all URL entry fields in the templates and the date selection in the
981 calendar plugin to dir="ltr" (reported by LWC) [Dirk]
982 - Fixed handling of UTF-8 languages in the install script (reported by Tetsuko
984 - Ensure consistent display of the admin lists (bug #0000650) [Dirk]
985 - Sanitize the language in the install help (reported by Mark Evans) [Dirk]
986 - Moved the hard-coded CSS for the System Message to the stylesheet [Dirk]
987 - Added a workaround for the Yulup Atompub client that sometimes sends Text
988 nodes within XHTML nodes [Dirk]
989 - Made the Install / Upgrade buttons in the install script a bit wider to
990 provide more space for the Japanese and German translations [Dirk]
991 - Fixed bug #0000647: All modifications of usersettings should go through
992 CUSTOM_usercheck [Blaine]
993 - Removed hard-coded <ul> tags from the functions for the Admin, User, and
994 Topics blocks. Added new blockheader-list.thtml, blockfooter-list.thtml
995 template files for those blocks [Blaine]
996 - Removed the fake {blockid} for the block templates as it was actually derived
997 from the block title, resulting in layout changes when you changed the block
998 title. It also didn't work properly with non-ASCII languages. Updated
999 style.css and the block templates accordingly [Blaine]
1000 - Fixed setting the site's default language and default theme (bugs #0000646
1001 and #0000648) [Aaron, Dirk]
1002 - The bundled plugins don't need to read their config.php any more. This also
1003 avoids confusion if renaming the old config.php failed during the upgrade
1005 - Fixed SQL error in the Mail Utility when using the option to override user
1006 settings (reported by Michael Brusletten) [Dirk]
1007 - Fixed problems with the text direction in the install script (reported by LWC)
1010 - Updated Estonian language files, provided by Artur Räpp
1011 - Updated Hebrew language files, provided by LWC
1012 - Updated Japanese language files, provided by Takahiro Kambe, Tetsuko Komma,
1013 and the Geeklog.jp group
1014 Note: Only the UTF-8 versions of the Japanese language files are supported
1015 from now on. The euc-jp versions have been removed from the distribution.
1016 - Updated Polish language files, provided by Robert Stadnik
1017 - Updated Slovenian language file, provided by gape
1020 May 25, 2008 (1.5.0rc1)
1023 Changes since 1.5.0b2:
1024 - Fixed story date/time when using the timezone hack (bug #0000639) [Dirk]
1025 - Fixed MS SQL upgrade [Mike]
1026 - Added code to beautify the language names in the install script [Dirk]
1027 - Ensure the "After Saving ..." options work as advertised [Dirk]
1028 - Fixed handling of empty form submission and display of error messages in the
1029 batch user import [Dirk]
1030 - Fixed text for the account reminder emails [Dirk]
1031 - Display value in the "Months since registration" column on the Batch User
1032 Admin screen without decimals again (as in 1.4.1) [Dirk]
1033 - Removed unused poll-vote, poll-vote-results classes from the Professional
1034 theme's stylesheet; added empty required-field, missing-field classes for
1035 future use (cf. bug #0000635) [Dirk]
1037 - Updated Chinese language files, provided by Samuel M. Stone
1038 - Updated Estonian language files, provided by Artur Räpp
1039 - Updated Slovenian language file, provided by gape
1043 - Fixed missing ] in the headline of the day and week view [Dirk]
1044 - Fixed the template for the personal event editor (extra <td> tag) [Dirk]
1045 - Bugfix: In some cases, personal events would end up in the submission queue
1046 for site events [Dirk]
1047 - Fixed "Delete old entries" option (delete checkboxes were missing) [Dirk]
1050 May 20, 2008 (1.5.0b2)
1053 Changes since 1.5.0b1:
1054 - {story_title} is now available in the article.thtml template file [Dirk]
1055 - Bugfix: When saving a (new) topic with one or more required fields missing,
1056 don't go back into the topic editor as that would cause a confusing "access
1057 denied" message [Dirk]
1058 - Hard-coded the text direction as "ltr" for some input fields and the date/time
1059 selection in the story editor (bug #0000150). Also removed "text-align:left"
1060 for the HTML body from the Professional theme's style sheet as it interferes
1061 with the ability to switch the text direction (reported by LWC) [Dirk]
1062 - Removed references to config.php from the documentation, some READMEs, and
1063 some source files (bug #0000627) [Dirk]
1064 - Don't include the (internal) 'subgroup' and 'fieldset' entries in the $_CONF
1066 - COM_numberFormat wouldn't handle decimals correctly (bug #0000624) [Dirk]
1067 - Make sure the XHTML constant is defined if the theme doesn't already define
1068 it (bug #0000622) [Dirk]
1069 - Fixed invalid <brXHTML> tags in some language files (bug #0000621) [Dirk]
1070 - The URL sent in a user registration notification contained an & where it
1071 should have been a simple & [Dirk]
1073 - Updated German language files, provided by Markus Wollschläger
1077 - Fixed the "Validate Links" link from the list of categories [Dirk]
1081 - Bugfix: When saving a (new) poll with one or more required fields missing,
1082 don't go back into the polls editor as that would cause a confusing "access
1083 denied" message [Dirk]
1084 - Renamed 'open' column in the gl_polltopics table to 'is_open' as "open" is
1085 a reserved keyword in MS SQL server [Matt]
1086 - Fixed duplicate sort_order value in the Polls config [Dirk]
1087 - Cosmetic changes in the Polls topic and results (bug #0000625) [Dirk]
1091 - Moved the print and edit icons to the bottom of a static page in the default
1092 staticpage.thtml template file. Also removed the icons from the default
1093 centerblock.thtml template file and defined the {lastupdate} and {hits}
1094 variables there (bug #0000628) [Dirk]
1095 - Removed an extra } from the Static Pages staticpage.thtml template file
1096 (reported by Markus Wollschläger) [Dirk]
1100 May 5, 2008 (1.5.0b1)
1103 - Updated FCKeditor to v2.6 [Blaine]
1104 - LDAP remote authentication module, provided by Jessica Blank / MTV Networks
1105 - The {lang_attribute} can only properly be set in a multi-language setup
1106 (bug #0000616) [Dirk]
1107 - Removed Blogger remote authentication option. Blogger.com have changed their
1108 authentication process, so this module no longer works.
1109 - Emails sent from Geeklog now have an X-Originating-IP header to help track
1110 spam or abuse [Dirk]
1111 - The topic editor allowed you to enter topic IDs with more than 20 characters
1112 (reported by Markus Wollschläger) [Dirk]
1113 - Ease restriction that email addresses have to be unique: Remote accounts can
1114 have non-unique addresses, on-site accounts can't [Dirk]
1115 - Bug: Email user form doesn't display correctly with " in subject when sending
1116 is failed due to incomplete fields. [Mike]
1117 - Bugs: Ensure that site_url, site_admin_url, layout_url and xhtml available to
1118 all templates. [Mike]
1119 - Support for [raw][/raw] tag in HTML post mode. All the benefits of code and
1120 pre, with none of the ugly styling. [Mike]
1121 - Added an Atom self-link to RSS feeds. Sounds odd, but it is recommended by
1122 <http://feedvalidator.org/docs/warning/MissingAtomSelfLink.html> [Mike]
1123 - Improved support for podcasts in portal blocks and fixed an error where REALLY
1124 long syndication feeds could blow portal blocks up. [Mike]
1125 - Only use the multi-byte string functions when the current character set is
1126 UTF-8 (reported by Rick78) [Dirk]
1127 - COM_hit() is now called from COM_siteFooter() instead of doing the UPDATE SQL
1128 directly (reported by Joe Mucchiello) [Dirk]
1129 - New function SEC_encryptPassword() to be used when we have to encrypt a
1130 password. This is only a wrapper for md5() for now but should it make easier
1131 for us to use some other method in the future [Dirk]
1132 - Incorporated patches by Joe Mucchiello for places in the code where the
1133 template library was used incorrectly.
1134 - By defining the constant XHTML as ' /', themes can now be XHTML compliant
1135 (patches provided by dengen from geeklog.jp)
1136 - Added batch admin feature to send out account reminders [Blaine]
1137 - Hide "Create Account" link in the story submission form when new account
1138 registration has been disabled (reported by Markus Wollschläger) [Dirk]
1139 - Updated COM_startBlock to set a unique {blockid} template variable [Blaine]
1140 - Fixed checking of "Show Admin lists" in Group Admin when going to 2nd page of
1142 - Created new function for Admin-Menu display and removed that functionality
1143 from ADMIN_list-functions. [Oliver]
1144 - Fixed missing N/A display when no plugin version number was available
1145 (reported by Machinari) [Dirk]
1146 - Avoid division by zero error when $_CONF['limitnews'] == 0
1147 (reported by Samuel M. Stone) [Dirk]
1148 - Bugfix: Atom always assumes 0.3 and doesn't handle article dates. (Reported by
1149 mystral-kk on the forums). [Mike]
1150 - Added OpenID 1.1 support, provided by Choplair
1151 - Pass site_name into story templates so advanced linking to items like digg.com
1152 can be templated cross-site. [Mike]
1153 - Revamped DB Backups option. It now lists all backups (all .sql files), and
1154 lets you download and delete backups from there [Dirk]
1155 - Fixed checking for errors when sending Pingbacks or Pings [Mike, Dirk]
1156 - When receiving a Pingback, optionally create an excerpt from the text of the
1157 site that sent the Pingback [Dirk]
1158 - Portal blocks now use the HTTP Last-Modified and ETag headers to only request
1159 feeds when they have changed [Dirk]
1160 - The {read_more_class} variable now contains class="story-read-more-link" (if
1161 defined) for consistency with the class name used in {readmore_link} [Dirk]
1162 - Changed the Security Check to only check if any Root users have their password
1163 as "password" [Dirk]
1164 - Made admin/sectest.php recognize 403 status codes (reported by THX100) [Dirk]
1165 - All plugin API's, where not doing very, very plugin specific activities now
1166 call a matching CUSTOM_ function. [Mike]
1167 - Integrated support for passing parameters to phpblock functions (Patch #643 by
1168 Joe Mucchiello) [Mike]
1169 - Fixed numerous HTML errors in admin pages [Oliver]
1170 - Added a missing blank between the day's name and the date in the Older Stories
1171 block (reported by Jeruvy's girlfriend, via IRC) [Dirk]
1172 - fixed bug [#648] sending new password email returns "Ok" message although
1173 it fails when SMTP Server cannot be reached [Oliver]
1174 - Need to include parameters in the URL when sending Pingbacks, e.g. to
1176 - When sending Pingbacks, also search for <link rel="pingback"> if the linked
1177 site does not send an X-Pingback header [Dirk]
1178 - When sending Pingbacks for a story that had identical link texts for different
1179 URLs, only the last of those links was pinged [Dirk]
1180 - Implemented new Autouninstall for plugins. Plugins runs a function that passes
1181 a specific array to a core function that removes all given element of the
1182 plugin. The function inside the plugin can handle aditional removals that
1183 the core code cannot [Oliver]
1184 - Fixed search by date in Calendar (reported and patch provided by Jeffrey Hare)
1185 - Only allow autotags in normal blocks (bug #653) [Dirk]
1186 - Added {story_topic_image_no_align} and {story_anchortag_and_image_no_align}
1187 in stories so that you have access to the topic image without the alignment
1188 (feature request #410) [Dirk]
1189 - Show autotags in story editor to Admin even if all HTML is allowed [Oliver]
1190 - Allow comments to be closed, i.e. display the existing comments but don't
1191 accept any new ones [Dirk]
1192 - Introduced COM_getCharset which returns the currently used character set (to
1193 avoid code duplication). It should be save to simply use $LANG_CHARSET in
1194 most cases, though [Dirk]
1195 - Added optional Wikitext postmode for stories [Oliver]
1196 - Added optional noreply-email address option to config.php to prevent
1197 spammers retrieving the admin's email address from registering online [Oliver]
1198 - Added support for "Microsummaries" to index.php.
1199 See (http://wiki.mozilla.org/Microsummaries) [Mike]
1200 - Story "Rewrite" - significant re-structure of story code to fix all issues
1201 with posting HTML special characters etc. [Mike]
1202 - Added ability to have Body Text in user submitted stories. To deactivate,
1203 edit layout\theme\submit\submitstory.thtml and submitstory_advanced.thtml
1205 - fixing the dimension-resizing of uploaded images. If an image would be within
1206 the max width after resizing, the max height might still be off. This is
1207 solved with the new code. [Oliver]
1208 - Removed tzcode table and started using PEAR::Date instead since all timezone
1209 information is stored in there. [Oliver]
1210 - Added timezone selector to preferences page [Oliver]
1211 - Fixed COM_getLangSQL() to escape the underscore character '_' which happens
1212 to be a wildcard character when used with LIKE. In a multi-language setup,
1213 this may accidentally display unwanted items (reported by Kenji Ito) [Dirk]
1214 - Addressed problems with the text direction (ltr/rtl) and the hard-coded
1215 English text in admin/sectest.php (reported by LWC) [Dirk]
1216 - Due to a language file change, the login form in users.php ("Try Logging in
1217 Again") now asked for a "new password" (reported by Laugh) [Dirk]
1218 - Remove the "Are you secure?" (getBent) block from the database as its
1219 functionality has been moved to admin/sectest.php (reported by LWC) [Dirk]
1220 - Added config option what should be displayed after user saving [Oliver]
1221 - Added config option what should be displayed after story saving [Oliver]
1222 - Images in articles (inc. topic icon) aligned with float [Oliver]
1224 - New Czech language file for the Calendar and Links plugins, provided
1226 - New Danish language file for the Calendar plugin, provided by dirtyjensen
1227 - Updated Dutch language files, provided by Ronald Edelschaap
1228 - New Dutch language file for the Calendar plugin, provided by John van Gaal
1229 - Updated French Canadian language files for Geeklog and the Static Pages plugin
1230 and new language files for the Calendar, Links, and Polls plugins, provided
1231 by Jean-Francois Allard
1232 - Updated Hebrew language file, provided by LWC
1233 - Updated Japanese language files for Geeklog and all the plugins, provided
1234 by the Geeklog Japanese group
1235 - New Korean language files for Geeklog and most of the plugins, provided
1236 by Tetsuko Komma and Kim Younghie
1237 - Updated Spanish (UTF-8) language file and new Spanish (UTF-8) language files
1238 for all the plugins, provided by Jose R. Valverde
1240 Calendar plugin (1.0.2)
1242 - Calendar block now includes events from the current day (in progress or all
1243 day events, bug 0000604, patch from forums)
1244 - Fixed deleting events submissions from the Events editor [Dirk]
1245 - The global $_STATES has been removed from Geeklog. The state in an event's
1246 details is now a simple text entry field.
1247 - The form to add an event to the personal calendar was missing the site footer
1248 (reported by Mark Evans) [Dirk]
1249 - Fixed Calendar feeds: The first parameter to the getFeedContent function is
1250 the feed's ID, not the feed limit (bug #659) [Dirk]
1251 - Highlight search queries [Dirk]
1252 - Autouninstall implemented [Oliver]
1253 - Added Batch-Delete functionality [Oliver]
1254 - Added config option what should be displayed after event saving [Oliver]
1256 Links plugin (2.0.0)
1258 - Fixed deleting link submissions from the Links editor (didn't work in at least
1259 all 1.4.x versions) [Dirk]
1260 - Added owner_id field to submissions to record submitter and align with
1261 stories behavior [Oliver]
1262 - Autouninstall implemented [Oliver]
1263 - Added "Report Broken Link" function [Oliver]
1264 - Added Link Verification to Link Admin [Oliver]
1265 - Added config option what should be displayed after link saving [Oliver]
1266 - Added Link sub-category options [Euan]
1268 Polls plugin (2.0.1)
1270 - Autouninstall implemented [Oliver]
1271 - Added Support for multiple questions grouped into a survey [Oliver]
1272 - Added Support for closing polls [Oliver]
1273 - Added Support for hiding poll results of open polls [Oliver]
1274 - Added config option what should be displayed after event poll [Oliver]
1276 Spam-X plugin (1.1.1)
1278 - Fixed the "edit" modules not working with the French language files (reported
1280 - Autouninstall implemented [Oliver]
1281 - Fixed an error with the SLV module when $_CONF['site_url'] was empty
1282 (reported by AA6QN) [Dirk]
1283 - Added support for blocking entire IP ranges, using either CIDR notation or
1284 simple x.x.x.x-y.y.y.y ranges [Dirk]
1286 Static Pages plugin (1.5.0)
1288 - Bugfix: In a multi-language setup, we need to be able to see all topics for
1289 the centerblock option [Dirk]
1290 - Bugfix: Allow the static pages "page format" setting to override
1291 $_CONF['show_right_blocks'] (reported by Simon Lord) [Dirk]
1292 - New Static pages Autotag: staticpage_content to return the contents of a
1293 static page instead of a link to a static page [Oliver]
1294 - Now using a template to display static pages [Oliver]
1295 - Autouninstall implemented [Oliver]
1296 - The static pages editor was looking for the advanced editor template in the
1297 wrong place, due to an uninitialized variable (reported by k74) [Dirk]
1298 - Allow static pages to replace tags also on PHP-generated content [Oliver]
1299 - Added config option what should be displayed after page saving [Oliver]
1300 - Added comments feature [Oliver]
1303 Dec 31, 2006 (1.4.1)
1306 - Changed the default character set in config.php back to iso-8859-1 [Dirk]
1307 - Removed display of the site URL from admin/sectest.php. On sites not installed
1308 in the webroot, it did not display the site's actual URL, which only causes
1309 confusion (reported by Dazzy) [Dirk]
1310 - Fixed conflict between the Spam-X DeleteComment and SLVreport action
1311 modules which prevented the count of deleted spams from being incremented
1313 - Fixed max. allowed length for a user's homepage (128) and location (96) in the
1314 preferences/profile.thtml template file (reported by burjans) [Dirk]
1315 - Fixed page title after a successful batch import of users (which read "Error")
1317 - Back in Geeklog 1.4.0, a counter was added to the Spam-X plugin to count all
1318 deleted spam posts. The counter was only added in fresh installs of 1.4.0,
1319 though, but not when upgrading from an earlier version. Fixed that [Dirk]
1320 - In lists created from the Links and Calendar plugins, use "links-new-plugin"
1321 as the CSS class name [Oliver]
1323 - Updated Estonian language file, provided by Artur Räpp
1324 - Updated Russian language file, provided by Alexander Yurchenko
1325 - New Russian language file for the Calendar plugin, provided by Alexander
1327 - Updated Turkish language file, provided by Kemal Cellat
1330 Dec 17, 2006 (1.4.1rc1)
1333 - Improved handling of UTF-8 feeds (feature request #631) [Mike, Dirk]
1334 - Fixes for the remaining MS SQL issues (bugs #620, #621, #622, #624)
1335 [Randy Kolenko, Dirk]
1336 - Initialize SQL request arrays to prevent PHP errors (e.g. with static pages),
1337 reported by ldfoo [Dirk]
1338 - Escape the '#' sign in spam checks since we're using it as the separator
1339 character for the regexp [Dirk]
1340 - Mark Evans provided a set of patches that let plugins hook into the user
1341 registration, story and comment submission as well as the contact user and
1342 email story forms. These hooks can be used to add CAPTCHAs to those forms,
1343 but may also come in handy for other plugin applications.
1344 Also modified several template files to include a {captcha} variable to ease
1345 installation of Mark's CAPTCHA plugin.
1346 - Update the timestamp for the last run of PLG_runScheduledTask before calling
1347 the function to minimize the risk of the call being triggered more than once
1349 - In a multi-language setup, allow one static page per language to take over
1350 the index page (bug #625) [Dirk]
1351 - sectest.php didn't perform the test for the install script and default
1352 passwords on some setups (reported by Christian Weiske) [Dirk]
1353 - Fixed "delete account" option (reported by Paul Lelgemann) [Dirk]
1354 - Fixed counting of comments in several places where comments were counted
1355 without taking the type of the parent object into account (e.g. when a story
1356 and a poll happened to use the same id, their comment counts would have been
1358 - Editing a story did reset the trackback count (reported by T. Marquez) [Dirk]
1359 - In the admin's story editor, set the debug option for the image upload only
1360 when $_CONF['debug_image_upload'] = true (thus avoiding the "Warning: File #x
1361 on the HTML form was empty" messages in error.log) [Dirk]
1362 - Renamed [calendar:] autotag back to [event:] for backward compatibility. It
1363 also makes more sense this way, since it does provide a link to an event, not
1364 a link to a calendar (bug #619) [Dirk]
1365 - Need to check if field 'etids' is NULL (for MySQL 4) for the Daily Digest
1367 - Removed the outer table from the layout and merged several style declarations
1368 into the body-tag declaration [Oliver]
1369 - The spam check for comment posts did not include the comment title (reported
1371 - When multi-language support is enabled, allow language-specific overrides
1372 of the locale settings, e.g. $_CONF['date_en'] and $_CONF['date_de'] to
1373 overwrite $_CONF['date'] depending on the current language [Dirk]
1374 - When installing the Geeklog database using InnoDB tables, create a
1375 'database_engine' entry in gl_vars, so that plugins know to use InnoDB for
1376 their tables. Updated the bundled plugins to act accordingly [Dirk]
1377 - DB_query will now (optionally) accept an array of SQL request strings from
1378 which it will pick the one applicable for the currently used database type
1380 - Provide some more meta information in header.thtml [Dirk]
1381 + added optional {lang_id} variable and lang attribute
1382 + added a hreflang attribute to the feed links
1383 + added <link rel="home">, <link rel="search">, <link rel="contents"> links
1384 (via the {rel_links} variable)
1385 - COM_isFrontpage has been deprecated, as it had its return values inverted
1386 (returns false when on the site's index page). Use COM_onFrontpage instead
1388 - Fixed check for new stories from archive topic [Dirk]
1389 - Call PLG_templateSetVars() from STORY_renderArticle() so we can have custom
1390 variables in the story templates [Dirk]
1392 - Updated Chinese language files (traditional and simplified), provided by
1394 - Updated Japanese language files for Geeklog and all the plugins, provided
1395 by the Geeklog Japanese group
1396 - Updated Ukrainian language files (Windows-1251, KOI8-U, and UTF-8 encoding)
1397 for Geeklog and all the plugins, provided by Vitaliy Biliyenko
1400 Nov 5, 2006 (1.4.1b2)
1403 - Fixed potential SQL injection in the story editor preview (required Story
1404 Admin permissions) [Dirk]
1405 - Added multi-language support in static pages centerblocks and search [Dirk]
1406 - When cloning a static page, keep the original's "wrap in a block" setting
1408 - Spam-X stats: Removed MT-Blacklist entry, added SLV whitelist entry [Dirk]
1409 - Don't add empty "No Title" links in portal blocks when the feed has less than
1410 the configured max. number of entries (bug #610) [Dirk]
1411 - Added support for COM_mail to use a parm for a CC: distribution list [Blaine]
1412 - Fixed bug #603, hardcoded mysql_error() [Oliver]
1413 - Fixed bug #604, delete trackbacks of a story when story is deleted [Oliver]
1414 - Allow users to switch the language again, even when the default character set
1415 is not UTF-8. It is, however, not possible to mix UTF-8 and other charsets.
1416 Also, "UTF-8" is not displayed in the language dropdown any more [Dirk]
1417 - Corrected SQL for group counting in Admin menu for root admin to fix bug #573
1419 - Properly encode non-ASCII characters in email headers (subject, names),
1420 loosely based on patch #489 and code from Cal Henderson's book [Dirk]
1421 - Removed the Calendar styles and moved them to a dedicated file in the
1422 plugin's directory [Oliver]
1423 - Sorted all stylesheet definitions alphabetically and split semantics and
1425 - When making a topic the archive topic, update all existing stories in that
1426 topic to "archived" status (and likewise revert that status if the topic
1427 loses its archive topic status) [Dirk]
1428 - Don't count archived stories as new stories in the What's New block [Dirk]
1429 - Moved the defines for STORY_ARCHIVE_ON_EXPIRE and STORY_DELETE_ON_EXPIRE to
1430 lib-story.php (from config.php) where they make more sense [Dirk]
1431 - COM_getPermSQL was using the current user's group information when called for
1432 another user. In Geeklog, this only happens for the Daily Digest, though
1434 - When comments are disabled for a story, don't show any existing comments in
1435 the What's New block, in search results or via comment.php (bug #597) [Dirk]
1436 - When trackbacks are disabled for a story, don't list any existing trackbacks
1437 in the What's New block [Dirk]
1438 - In the Admin's User Editor, disabled the checkboxes for the All Users,
1439 Logged-in Users, and Remote Users groups to prevent accidental change of
1440 group membership [Dirk]
1441 - When deleting a topic, also delete all Trackbacks attached to stories in that
1442 topic and update the Older Stories block and the feeds [Dirk]
1443 - Fixed approve / delete of draft stories from moderation.php [Dirk]
1444 - Strip blanks from the name of a PHP block function when saving a PHP block
1446 - Fixed / added multi-language support in the article directory, What's New
1447 block, and the search for stories and comments [Dirk]
1448 - Fixed an SQL error when changing a story's ID [Dirk]
1449 - Call SET NAMES 'utf8' when using UTF-8 as the site's character set (with
1450 MySQL), as pointed out by several people [Dirk]
1451 - Removed wrong parameter when calling up the comment form again when the
1452 comment's title was missing. This bug existed for both story and polls
1453 comments. (bug #591) [Dirk]
1454 - Users who were only in the Syndication Admin group didn't have access to
1455 Command and Control (moderation.php) [Dirk]
1456 - For Block, Group, Polls, Story and Topic Admins only display the number of
1457 the respective entries they can actually see (instead of the number of all
1458 entries, e.g. topics, in the system) [Dirk]
1459 - Fixed highlighting parse error when the search term contained an apostrophe
1461 - Improved (and subsequently fixed) Pingback spam detection which now also uses
1462 the $_CONF['check_trackback_link'] settings [Dirk]
1463 - directory.php was still using $LANG30 instead of $LANG_MONTH (bug #583) [Dirk]
1464 - When upgrading the database from 1.4.0, only update those plugins that are
1465 actually installed (disabled or not) [Dirk]
1466 - CSS Changes to support better scaling of Font size - using browser Text-Size
1467 adjustment. Removed many extra font-size declarations. [Blaine]
1468 - Don't allow viewing of a Banned user profile unless user admin [Blaine]
1469 - Only call CUSTOM_loginErrorHandler when custom_registration is enabled
1471 - Fixed SQL error with some older MySQL versions when calling up the Batch User
1472 Delete option [Oliver]
1473 - Comments always displayed the comment author's full name, even when
1474 $_CONF['show_fullname'] was set to 0 [Dirk]
1475 - Fixed 404 (caused by a request for a file named '(none)') in the user profile
1476 display when a user doesn't have a userphoto [Dirk]
1478 - New Estonian language files for Geeklog and most of the plugins, provided
1480 - Updated Hebrew language file, provided by LWC
1481 - Updated Japanese language files for Geeklog and all the plugins, provided
1482 by the Geeklog Japanese group
1483 - New Russian language files for the Spam-X plugin, provided by Pavel Kovalenko
1484 - Updated Slovenian language files for Geeklog and all the plugins, provided
1489 - Created a dedicated stylesheet file and include the file only if the URL
1490 contains the word 'calendar' [Oliver]
1491 - Tweaked the Calendar search result listing: Removed the Event Description
1492 (usually too long for the result listing), replaced Location (which is only a
1493 part of the address and not very helpful) with Event Type, minimized Date &
1494 Time display for events lasting only one day (don't list date twice) [Dirk]
1498 - Renamed classes block-vote-results to poll-vote-results and block-vote to
1500 - Removed duplicate "Other" entry from the Link submission form [Dirk]
1501 - In the Admin's list of links, only display an edit icon for links that the
1502 current user can actually edit (they did get a proper error message when
1503 trying to edit such a link, though) [Dirk]
1504 - Don't return the number of links in the links submission queue if the
1505 current user does not have links.moderate permissions [Dirk]
1506 - Filter out special characters from link IDs. They were properly escaped
1507 before storing them in the database but caused problems when using them
1511 Sep 17, 2006 (1.4.1b1)
1514 - Changes to templates and CSS to remove deprecated HTML (align= and valign=)
1515 Removed un-used CSS declarations, redundant font-family declarations
1516 Removed use of font-size percentage and used more acceptable EM units [Blaine]
1517 - Don't display an "edit" link in a story if the current user doesn't have
1518 edit permissions for the story's topic (bug #558) [Dirk]
1519 - Added a new script to check the site's security (admin/sectest.php). This
1520 replaces the "get bent" PHP block, but also performs additional checks [Dirk]
1521 - Created a Batch Delete function for users that easily identifies inactive or
1522 old users and allows mass-deletion of those [Oliver]
1523 - Updated FCKeditor to version 2.3.1 [Blaine]
1524 - Added ability to filter out Admin related groups on the Group Admin page
1525 Allows users to easily see only user groups. When editing non-core groups,
1526 You can select if this group is an Admin Group [Blaine]
1527 - Added ability to multi-select submission queue items on the moderation page
1528 and delete them all at once [Blaine]
1529 - Always make "Submissions" the first entry in the Admins Only block to keep
1530 the correspondence between the other entries and the icons on the moderation
1531 page undisturbed (and because it's an important entry) [Dirk]
1532 - Fixed 'emailstoriesperdefault' config option (bug #553) [Dirk]
1533 - Added support for Microsoft SQL Server, provided by Randy Kolenko
1534 - Introduced $_CONF['disallow_domains'] as a blacklist of domain names that are
1535 not allowed for new users during signup. Both 'disallow_domains' and
1536 'allow_domains' can also contain regular expressions [Dirk]
1537 - Introduced DB_lockTable / DB_unlockTable to encapsulate the LOCK / UNLOCK
1538 requests when updating the comments table [Dirk]
1539 - Fixed bug: [#540] Blocking the last Root user or yourself should not be
1541 - Fixed bug: [#546] The phrase "Story Stats" is hardcoded [Oliver]
1542 - Added a spam check to the email user form [Dirk]
1543 - Use the same piece of code to compare plugin version numbers in lib-admin.php
1544 and admin/plugins.php to avoid the "update" button not appearing for some
1545 version numbers (bug #542) [Dirk]
1546 - Re-implemented $_CONF['allow_domains'] whitelist (when the user submission
1547 queue is enabled) that was inexplicably missing from 1.4.0 [Dirk]
1548 - Merged User Preferences and Account information into one page, like the
1549 Story editor with tabs etc. [Blaine, Oliver]
1550 - Tried to make "3 new stories in the last 1 day" sound less awkward by going
1551 back one unit, i.e. "3 new stories in the last 24 hours", in the What's New
1552 block (likewise for 1 week, 1 month, etc.) [Dirk]
1553 - Introduced config options to set the default for the story's draft flag
1554 and frontpage option (feature request #163) [Dirk]
1555 - Introduced $_CONF['hide_main_page_navigation'] to hide the "Google paging"
1556 from index.php (may be useful for some layouts) [Dirk]
1557 - Allow (optional) usage of autotags in "normal" blocks (can be enabled /
1558 disabled per block) [Dirk]
1559 - Introduced a {story_counter} variable in the story templates. It's 0 on the
1560 article page and in previews, but 1 for the first story, 2 for the second,
1561 etc. on the index page (per page, i.e. starts with 1 again on the second page)
1563 - Require that users enter their current password when changing their password,
1564 email address or "Remember me for" setting. Redesigned the Account Information
1565 page and added a note about this requirement. [Dirk]
1566 - Prevent accidental banning of users when the Admin edits a user's information
1567 using a theme that wasn't updated for Geeklog 1.4.0+ [Dirk]
1568 - $_CONF['show_fullname'] now works as expected, i.e. when setting it to = 1,
1569 a user's full name will be displayed everywhere in Geeklog instead of the
1570 username (assuming the users entered their full name) [Dirk]
1571 - Fixed a bug in the article directory where December was not listed when no
1572 stories had been posted in that month (reported by Kino and Ivy of geeklog.jp)
1573 - Replace Geeklog's [imageX] tags before extracting the What's Related links
1574 from a story to prevent the (verbatim) tag to show up in the block [Dirk]
1575 - Update story ids in the gl_trackback table when a story's id is changed [Mike]
1576 - Implemented new plugin API function, PLG_spamAction, to perform the spam
1577 actions in case spam has been detected through some other means (e.g.
1578 trackbacks from sites that don't link back to us) [Dirk]
1579 - Implemented new plugin API function, plugin_enablestatechange_, to inform
1580 plugins when they are about to be enabled / disabled (Patch #405) [Dirk]
1581 - Support backslashes in comment and submissions in HTML mode [Mike]
1582 - Added breadcrumb functionality to the navbar class (v1.1) [Blaine]
1583 - Enhancements to navbar templates and CSS for a more 3D TAB'ed look [Blaine]
1584 - Changed several <table>s to <div>s + CSS in the Professional theme [Oliver]
1585 - Introduced generic function to delete a user's photo to avoid code
1586 duplication and slightly different error handling in various places [Dirk]
1587 - Made the new user registration form remember the user's input so that they
1588 don't have to retype everything in case of an error [Dirk]
1589 - In the Admin's user list, banned users are indicated by striked-through
1590 entries (based on a hack by Andy Maloney) [Dirk]
1591 - Added new setting $_CONF['onlyrootfeatures']. This is for sites where two or
1592 more story admins can feature stories that the other admins cannot see. The
1593 setting prevents that one admin does not see that there is another recent
1594 story featured and sets one by himself, "stealing" the feature from the other.
1595 - Changed "Reply"-button to "Post a comment" [Oliver]
1596 - Implemented an error handler to supress all PHP level errors and display a
1597 much more userfriendly error text to the end user. Prevents all path exposure,
1598 prevents "white error page" mystery debugging fun. [Mike]
1599 - Full sweep of all code for $_REQUEST/$_GET/$_POST and $_COOKIE use. Made sure
1600 that COM_applyFilter, or other safe usage is made of the variables. [Mike]
1601 - Added an option to hide the "No News To Display" message on the index page
1602 (new config option $_CONF['hide_no_news_msg']) [Dirk]
1603 - Added an option to check if the sites sending trackbacks are actually linking
1604 to our site (see $_CONF['check_trackback_link'] in config.php) [Dirk]
1605 - Made it impossible to save two syndication feeds with identical filenames
1607 - Stories with comments/trackbacks disabled, do not show comment/trackback
1608 url in RSS feeds [Mike]
1609 - Added email confirmation fields for new user and usersettings [Oliver]
1610 - Allow changing of group ownership for "gldefault" blocks. Requires a change
1611 in admin/block/defaultblockeditor.thtml to enable the group dropdown. On a
1612 fresh install, all the blocks (with the exception of "Are you secure?") are
1613 now owned by the Block Admin group [Dirk]
1614 - Users created by a User Admin should not be queued for approval, even when
1615 $_CONF['usersubmission'] = 1 [Dirk]
1616 - Introduced 'syndication.edit' permission and 'Syndication Admin' group so
1617 that access to the Content Syndication panel no longer requires 'Root'
1619 - For the "Submissions" entry in the Admins Only block, only count story and
1620 event submissions when the current user has story.moderate or event.moderate
1621 permissions, respectively [Dirk]
1622 - On admin/moderation.php, list the stories that have their draft flag set only
1623 when the current user has story.edit permission [Dirk]
1624 - Fixed empty lines in a Group Admin's list of groups when that Group Admin
1625 was not a member of all groups [Dirk]
1626 - Renamed the misnamed CUSTOM_runSheduledTask function (in lib-custom.php) to
1627 CUSTOM_runScheduledTask. Don't forget to make that change in your copy of
1628 lib-custom.php if you're using that functionality! [Dirk]
1629 - Improved error log contents when unable to acquire a feed reader for a portal
1631 - Extended plugin API for feed extensions to include feed id and the topic (for
1632 adding topic/feed specific data) [Mike]
1633 - Don't attempt to rename a non-existing user photo when
1634 $_CONF['allow_username_change'] is enabled (reported and fix suggested by
1635 Yusuke Sakata) [Dirk]
1636 - Made changes to ensure compatibility with MS SQL, as suggested by
1637 Randy Kolenko [Dirk]
1638 - The "last login date" column in the Admin's list of users now uses
1639 $_CONF['shortdate'] so that it includes the year [Dirk]
1640 - Fixed batch user import (which set all imported users to status "Awaiting
1641 Authorization" instead of "Awaiting Activation") [Mike]
1642 - Fixed admin lists google paging for use in static pages etc. [Oliver]
1643 - Added support for a custom login error handler function,
1644 CUSTOM_loginErrorHandler [Blaine]
1645 - Format the user agent string according to the RFCs 1945 / 2068 / 2616, i.e.
1646 "Geeklog/1.4.1" when trying to detect a Trackback URL [Dirk]
1647 - Made the search option on the Admin pages behave like the site search, i.e.
1648 it doesn't require you to pad queries with '*' any longer [Dirk]
1649 - In story search results, show/hide the "Author" and "Views" columns based on
1650 the $_CONF['contributedbyline'] and $_CONF['hideviewscount'] settings [Dirk]
1651 - Introduced $_CONF['title_trim_length'] to make the max. title length of items
1652 in the What's New block configurable (feature request #525). Also implemented
1653 a new function COM_truncate (based on a patch by Yusuke Sakata) that properly
1654 handles truncation of multi-byte text strings if the mb_ functions are
1656 - Added a JavaScript confirmation box to most delete buttons/links. If you'd
1657 rather not have such a confirmation, use {delete_option_no_confirmation}
1658 instead of {delete_option} in the admin templates [Dirk]
1659 - Fixed RSS Feed parser to create RFC 822 dates in en_GB or en_US locale as per
1661 - Removed obsolete "do not use spaces" warning from user editor (bug #530)
1663 - Show fullname/username according to config.php settings in stories [Oliver]
1664 - Added possibility to change the css-class for admin list headers and fields
1666 - Added unified new style class to stats.php/style.css to have all lists on
1667 the page look the same [Oliver]
1668 - Added multi-language support, based on earlier works by Euan McKay and LWC.
1669 Also see http://wiki.geeklog.net/wiki/index.php/Multi-Language_Support
1670 - Changed the default path for topic icons to /images/topics [Dirk]
1671 - Fixed an SQL error when calling up the Admin's list of stories without any
1673 - Removed the public_html/portal.php script, as it is no longer needed [Dirk]
1674 - Remove uninstalled plugins from the global $_PLUGINS array immediately
1675 (just in case the array would be used to trigger any actions) [Dirk]
1676 - The "Topic" column in the list of feeds was empty for feeds that are only
1677 linked from a topic page [Dirk]
1678 - Only use the mb_substr workaround in the calendar when the current character
1679 set is UTF-8 (bug #524) [Dirk]
1680 - Fixed SQL error on MySQL 5 when listing the members of a group (bug #527)
1682 - When emailing a story, don't include the text "Comment on this story at ..."
1683 when comments have been switched off for that story [Dirk]
1684 - Fixed wrong wording of some of the "access denied" messages when trying to
1685 access Admin panels without proper privileges [Dirk]
1686 - Fixed display of Admin block for users that only had certain Admin privileges
1689 - New Afrikaans language file, provided by Renier Maritz
1690 - Updated Hebrew language file, provided by LWC
1691 The Hebrew language file was also renamed to hebrew_utf-8.php for consistency
1692 with the other UTF-8 language files.
1693 - Updated Turkish language file, provided by Kemal Cellat
1695 Calendar plugin (1.0.0)
1697 - Bugfix: Replace autotags in the event description [Dirk]
1698 - Added an option to switch between 24 hour and 12 hour am/pm mode for entering
1699 and editing events [Dirk]
1700 - Implemented plugin_enablestatechange API function to enable/disable plugin
1701 feeds and blocks when the plugin is enabled/disabled [Dirk]
1702 - Added calendar plugin initial version [Oliver]
1704 Links plugin (1.0.1)
1706 - Implemented plugin_enablestatechange API function to enable/disable plugin
1707 feeds when the plugin is enabled/disabled [Dirk]
1708 - Changed the english language file from "Web Resources" to "Links"
1709 - Fixed hard-coded link to the "admin" directory when editing a link (reported
1710 by Ronnie Rigl) [Dirk]
1711 - Optimized SQL requests for the plugin's What's New section [Dirk]
1712 - Re-introduced {button_links} header variable [Dirk]
1713 - Added an option to hide the Top Ten Links on the first page [Dirk]
1714 - Made the page title on the Web Resources page more informative by adding the
1715 category and page number [Dirk]
1716 - The edit icon (only visible for Links Admins) now uses the same image type
1717 as the current theme (was previously hardcoded to "edit.gif") [Dirk]
1718 - Hide the "Web Resources" link from the menu when login is required to see
1719 the links (for consistency with the Polls plugin) [Dirk]
1720 - Added a title attribute to the links on the site stats page that contains
1721 the link's actual URL [Dirk]
1722 - Fixed site link in search results which wasn't using portal.php [Dirk]
1723 - The Admin's search option now also searches the link description [Dirk]
1724 - Removed extra <small> tags from the What's New section (bug #526) [Dirk]
1726 Polls plugin (1.1.0)
1728 - Fixed call to undefined function polllist when calling up a non-existing
1730 - Implemented plugin_enablestatechange API function to enable/disable the poll
1731 block when the plugin is enabled/disabled [Dirk]
1732 - Fixed search [Dirk]
1733 - Added a remark field for polls answers [Oliver]
1734 - Re-introduced {button_polls} header variable [Dirk]
1735 - Added an option to hide the link to the polls from the menu (for consistency
1736 with the Links plugin) [Dirk]
1737 - Fixed poll URLs on the site stats page [Dirk]
1738 - Remove the polls block when uninstalling the Polls plugin (another part of
1741 Spam-X plugin (1.1.0)
1743 - Added SLV (Spam Link Verification) modules [Dirk]
1744 - The MT-Blacklist modules are not being shipped with Geeklog any longer. The
1745 MT-Blacklist entries are removed from the database during the upgrade [Dirk]
1746 - Allow special characters (e.g. backslashes) in the Admin modules (e.g. the
1747 Personal Blacklist module) [Dirk]
1748 - Moved spam actions to plugin_spamaction_spamx API function [Dirk]
1749 - Fixed potential problems with the checkforSpam function's return code in case
1750 of unusual configurations (e.g. $_CONF['spamx'] = 0) [Dirk, Tom Willet]
1751 - Made the plugin's internal log flag a proper config option. So you can now
1752 disable logging to spamx.log from the plugin's config.php [Dirk]
1753 - Mass delete by IP now uses stored IP address [Mike]
1755 Static Pages plugin (1.4.3)
1757 - Make sure autotags are replaced even when execution of PHP code is disabled
1758 (reported by LWC) [Dirk]
1759 - Added a help URL for the block display of static pages [Oliver]
1760 - Added ability in staticpage editor to enable/disable Advanced Editor mode
1761 so you can use FCKeditor and then if need basic html edit mode [Blaine]
1762 - Fixed default sorting order for the list of static pages [Dirk]
1763 - Allow to show/hide update date/time and hits [Oliver]
1764 - When creating a new page, don't set the default group ownership to the Static
1765 Page Admin group if the current user is not a member of that group. Instead,
1766 pick a group with staticpages.edit permission that the user is a member of
1768 - Fixed paging for the list of static pages (bug #528) [Dirk]
1771 January 8, 2008 (1.4.0sr6)
1774 MustLive pointed out a possible XSS in the form to email an article to a
1775 friend that we're fixing with this release.
1778 July 23, 2006 (1.4.0sr5-1)
1781 This release fixes display problems in the comment preview that were only
1782 introduced in Geeklog 1.4.0sr5 (as a result of the fix for the XSS).
1784 The complete 1.4.0sr5-1 tarball also includes the following language files:
1786 - New Afrikaans language file, provided by Renier Maritz
1787 - Updated Hebrew language file, provided by LWC
1788 - Updated Turkish language file, provided by Kemal Cellat
1791 July 16, 2006 (1.4.0sr5)
1794 JPCERT/CC informed us about a possible XSS in the comment handling that we're
1795 fixing with this release.
1798 June 30, 2006 (1.4.0sr4)
1801 Two exploits have been released by "rgod" for insecure Geeklog installations
1802 and for a bug in the "mcpuk" file manager that we've been shipping as part of
1803 FCKeditor in all 1.4.0 releases.
1805 - Some of the files outside of the public_html directory were not protected
1806 against direct execution. If Geeklog was installed such that those files were
1807 accessible from a URL (which has always been strongly discouraged in the
1808 installation instructions) then those files could be used to load and
1809 execute malicious code from a remote server.
1811 More information: http://www.geeklog.net/article.php/so-called-exploit
1813 In this release, we've added the missing execution prevention for all files
1814 outside of public_html. We would still, however, suggest that you fix your
1815 Geeklog install if the files outside of public_html are accessible from a URL.
1817 - The "mcpuk" file manager that we've integrated into FCKeditor allowed the
1818 upload of arbitrary PHP code (even if FCKeditor was disabled in Geeklog's
1819 config.php). Depending on your webserver's configuration, it was then possible
1820 to execute that uploaded code.
1823 http://www.geeklog.net/article.php/exploit-for-fckeditor-filemanager
1825 The file manager has been removed from this release. You will therefore no
1826 longer be able to upload files, e.g. images, through FCKeditor. Future
1827 versions of Geeklog will ship with an updated version of FCKeditor and its
1828 included file manager.
1831 May 28, 2006 (1.4.0sr3)
1834 The Security Science Researchers Institute Of Iran reported the following
1837 - Possible SQL injection and authentication bypass in auth.inc.php
1838 - Possible XSS in getimage.php
1839 - Path disclosure in getimage.php and the functions.php of some themes,
1840 e.g. the Professional theme
1842 An internal code review also revealed a possible SQL injection in story
1846 Mar 5, 2006 (1.4.0sr2)
1851 - Konstantin Dyakoff found an old bug in the session handling that would allow
1852 anyone to log in as any user.
1853 - HTML was not stripped from the Location field in a user's profile.
1856 Feb 19, 2006 (1.4.0sr1)
1861 - James Bercegay of GulfTech Security Research reported several issues with
1862 Geeklog's cookie handling that made it vulnerable to SQL injections, arbitrary
1863 file access, and even injection and execution of arbitrary code.
1867 - Fixed bug in page-break combined with url rewrite (bug #521) [Oliver]
1868 - Fixed Story [page_break] showing only intro on first page [Oliver]
1869 - Fixed install script for the Spam-X plugin which was trying to include an SQL
1870 file that doesn't exist - and wasn't needed (part of bug #520) [Dirk]
1872 - Updated Hebrew language file, provided by LWC
1873 - New Russian language files for the Links and Polls plugins, provided by
1874 Volodymyr V. Prokurashko
1875 - Fixed Static pages dutch language file [Oliver]
1876 - New Polish language file for the Links plugin, provided by Robert Stadnik
1877 - Added UTF-8 English versions of the Links, Polls, Static Pages, and Spam-X
1878 language files [Dirk]
1879 - Added all UTF-8 Language files for core [Oliver]
1885 - Prevent execution of PHP code in "normal" blocks [Dirk]
1886 - Added missing navbar images - used for CSS based buttons as part of the
1887 standard Plugin CSS [Blaine]
1888 - Set options in FCKConfig to have Firefox browsers by default not using the
1889 <span> and font tags to format Bold and Italic [Blaine]
1890 - Fixed another bug in google pagination of admin-lists [Oliver]
1891 - Fixed "wrap static page in a block" and "exit type" options in the static
1892 page editor. Also link to the "rewritten" URL from the list of static pages
1893 when URL rewriting is on [Dirk]
1894 - Fixed JavaScript error in the Admin's story editor (bug #479) [Dirk]
1895 - Fixed hard-coded paths in the check.php script and added tests for missing
1896 directories (reported by Markus Wollschlaeger) [Dirk]
1897 - A humble attempt to add some semantics [Dirk]
1898 + Added rel="category tag" to a story's topic link
1899 + Added rel="self bookmark" for a comment's permalink
1900 - Cosmetics: Moved the number of links per category out of the actual link to
1902 - On MySQL 5, the drop-down list of link categories presented to a user when
1903 submitting a new link came out wrong (while the one in the Admin's link
1904 editor worked just fine). Moved the working code into a new function in the
1905 plugin's functions.inc and changed the code to use it in both cases now [Dirk]
1906 - Fixed an SQL error when the "length of entries" field in the Feed Editor was
1908 - Fixed date and time defaulting to the current date and time when creating
1909 a new event as an Admin user (adding a workaround for changes of strtotime()
1910 behavior in PHP 5) [Dirk]
1911 - Fixed SQL error on MySQL 5 when creating a new topic (bug #517) [Dirk]
1912 - In HTTP requests, format the user agent string according to the RFCs 1945 /
1913 2068 / 2616, i.e. "Geeklog/1.4.0" [Dirk]
1915 - Updated Japanese language files, provided by Yusuke Sakata
1916 - Updated Ukrainian (Windows-1251) language file, provided by Vitaliy Biliyenko
1919 Jan 22, 2006 (1.4.0rc2)
1922 - header.thtml now specifies the CSS Class Declaration to use for the body.
1923 This addresses the issue with FCKeditor when displayed, its CSS was
1924 over-riding the main site <body> tag and the site margin padding was being
1926 - Removed CSS for the Forum plugin from style.css [Blaine]
1927 - Fixed "Cannot modify header ..." message when logging in from the admin
1928 pages (reported by Samuel M. Stone). This also fixes confusing intermittent
1929 displays during the login (e.g. only some of the "Command and Control" icons
1930 showing up, messages about missing permissions flashing up) [Dirk]
1931 - Removed Geeklog version number from feed files due to security concerns
1932 (pointed out by Samuel M. Stone) [Dirk]
1933 - Login through the admin pages didn't work with register_globals=off [Dirk]
1934 - Fixed admin lists so pagination works also in static pages [Oliver]
1935 - Pass GeekLog as user agent when fetching RSS feeds [Mike]
1936 - Made the image upload work with out-of-the-box PHP 5 configurations [Dirk]
1937 - Fixed handling of HTML entities in Pingbacks [Dirk]
1938 - Fixed Spam-X Mass Delete Trackback Spam module to update the story's trackback
1939 count when deleting trackbacks [Dirk]
1940 - Fixed a possible SQL error when saving a block (reported by BDUB) [Dirk]
1941 - Fixed story titles in the What's New block when they contained HTML entities
1942 (entities where sometimes cut off and/or encoded twice) [Dirk]
1943 - Fixed a typo in all the plugin install script which set the group description
1944 to "grp_desc" instead of $grp_desc (found by Ingo Schaefer) [Dirk]
1945 - Improved autodetect of Trackback URLs [Dirk]
1946 - The submit story form was not selecting the advanced Editor if user was not
1947 logged in or did not have Story Editor permissions [Blaine]
1948 - Added missing CSS class name "list-feed" for portal blocks [Dirk]
1949 - Fixed user submission queue (reported by Andrew Lawlor) [Dirk]
1950 - Fixed handling of integer fields in the Admin's story editor (reported by
1951 Ron Ackerman) [Dirk]
1952 - Fixed handling of checkboxes in the static pages editor (reported by
1953 Ron Ackerman) [Dirk]
1954 - Fixed SQL error when saving a static page that had had more than 1000 hits
1955 (reported by Euan McKay) [Dirk]
1956 - Removed visible table border from advanced comment editor form [Blaine]
1957 - Moved some hard-coded text strings from the advanced editor into the
1958 language files [Blaine]
1960 - Updated Chinese language files, provided by Samuel M. Stone
1961 - Updated Japanese language files, provided by Yusuke Sakate
1964 Dec 31, 2005 (1.4.0rc1)
1967 - Added support for Advanced Editor in the Add Comment Feature [Blaine]
1968 - Fixed SQL error in search on MySQL 5 (fix suggested by dariball) [Dirk]
1969 - Added trackback.php and pingback.php to the included robots.txt [Dirk]
1970 - Added a few more calls to COM_numberFormat all over the place (links and polls
1971 plugins, Admins Only block, ...) [Dirk]
1972 - Fixed test for a Geeklog 1.3.9 database in the install script [Dirk]
1973 - When emailing a story, make sure all fields are filled in [Dirk]
1974 - Don't lose the current topic selection when a Story Admin uses the Contribute
1976 - Fixed highlighting of search query in comments when register_globals = off
1978 - When the entries in the Admin's block are not sorted, make sure the icons in
1979 Command and Control are in the same order as the block entries [Dirk]
1980 - Allow topic icons to be uploaded to and retrieved from a 'topics' directory
1981 outside of the document root [Dirk]
1982 - Added a workaround to produce abbreviated day names in the calendar for UTF-8
1983 language files (reported by Euan McKay) [Dirk]
1984 - The Spam-X plugin now uses the same "universal" install script as the other
1985 three preinstalled plugins [Dirk]
1986 - Added more allowable HTML tags and attributes if Advanced_Editor enabled
1987 config.php setting [Blaine]
1988 - Added logic to detect if Javascript was not enabled and Advanced Editor was
1990 User will be prompted with alert and able to use the default editor [Blaine]
1991 - Changed spam handling for Trackbacks and Pingbacks to check for spam on the
1992 unfiltered Trackback/Pingback content [Dirk]
1993 - When editing a link submission with a new link category (i.e. the submitter
1994 selected "other" and entered a non-existing category), make sure that new
1995 category actually shows up in the links editor [Dirk]
1996 - In the Admin's list of stories, show the display name of the topic (i.e. the
1997 same as in the Topics block) instead of the topic ID [Dirk]
1998 - Hide the edit icon in the Admin's list of stories when the current user
1999 doesn't have edit access to a story (since they only got a note saying they
2000 can't edit that story anyway) [Dirk]
2001 - Fixed alternating row colors in admin lists if one row has no data [Oliver]
2002 - Made it impossible to switch off blocks if there is no access [Oliver]
2003 - Fixed handling of items in the submission queues (it was only possible to
2004 approve / delete the first item in a queue) [Dirk]
2005 - Grant users with 'plugin.edit' permission access to the plugin editor [Dirk]
2006 - Changed admin-lists 'default-filter' to require 'AND' [Oliver]
2007 - Fixed admin lists for events & static pages for non-root users [Oliver]
2008 - Fixed invalid language string in submit.php [Oliver]
2009 - Fixed problems with the query highlighting code escaping double quotes [Dirk]
2010 - In the list of plugins, display only the plugin's current version number as
2011 long as it's in sync with the code version or the plugin hasn't implemented
2012 the chkVersion API function [Dirk]
2013 - Limit length of a new user's username to 16 characters in the
2014 admin/user/edituser.thtml template file [Dirk]
2015 - Don't display the current user's userphoto when creating a new user in
2016 admin/user.php [Dirk]
2017 - Fixed sanity checks in USER_addGroup and USER_delGroup [Trinity, Dirk]
2018 - Allowed the Links-entry from the top menu to be hidden by config.php in links
2020 - Fixed small HTML validation issues with adv. editor and admin lists [Oliver]
2021 - Fixed comment bug that allowed comments to be saved even when user did not
2022 have the correct story/topic permissions. [Vinny]
2023 - Send the character set as an HTTP header from COM_siteHeader now [Oliver]
2024 - Fixed updating Links feeds [Mike]
2025 - Corrected RSS handling of GUID or LINK [Mike]
2026 - Fixed date format in Atom feeds [Mike]
2027 - Fixed loss of sort setting when browsing the user list [Oliver]
2028 - Fixed block title of the site stats (reported by Tom Willet) [Dirk]
2029 - Fixed an SQL error when approving the default story submission ("Are you
2030 secure?") after a fresh install (reported by suvi) [Dirk]
2031 - Fixed warnings that exposed the full path to Geeklog when attempting SQL
2032 injections on the advanced search [Mike]
2033 - The "Mail Users" icon was missing from Command and Control [Dirk]
2034 - In Command and Control, show the Trackback icon only when at least one of the
2035 Trackback, Pingback, or Ping features is enabled (in addition to 'story.ping'
2036 permissions for the current user) [Dirk]
2037 - Replaced the delete_event.gif icon (in layout/professional/images/icons) with
2038 a PNG, since the Professional theme uses PNGs now and the icon wouldn't show
2040 - The block around the list of backups was missing the title [Dirk]
2041 - Don't emit the Trackback and Pingback headers when trackbacks have been
2042 disabled for a story [Dirk]
2043 - Introduced {lang_trackback_comments_no_link} (in trackback/trackback.thtml)
2044 so that you can have an article page entirely without links back to itself
2045 (for picky spiders such as the one for Google News) [Dirk]
2046 - Call COM_refresh when creating a user with usersubmission = 1 [Mike]
2047 - Fixed sorting of Trackbacks in the What's New block [Dirk]
2048 - The search by author or by date switched to searching for everything on
2049 page 2 of the results [Dirk]
2050 - For the Links plugin, the "last x days" text in the What's New block was
2052 - Fixed an SQL error when creating new blocks [Mike]
2053 - The feed reader will now also follow redirects [Mike]
2055 - Updated Chinese traditional and simplified language files, and new Chinese
2056 language files for the Links, Polls, and Static Pages plugins, provided by
2058 - German language files now exist in 4 combinations (formal / informal German,
2059 ISO-8859-15 / UTF-8 encoding) for Geeklog, the Links, Polls and Static Pages
2061 - Updated Japanese language files, provided by Yusuke Sakate
2062 - New Ukrainian language files (Windows-1251) for Geeklog and all four plugins,
2063 provided by Vitaliy Biliyenko
2064 - New Ukrainian language files (UTF-8 and KOI8-U encoding) for Geeklog, the
2065 Spam-X, and Static Pages plugins, provided by Yaroslav Fedevych
2068 Nov 20, 2005 (1.4.0b1)
2071 - Introduced {start_storylink_anchortag} and {end_storylink_anchortag} template
2072 variables in the story and commentbar template files which only produce a
2073 link to the story when not on article.php, thus avoiding links back to the
2074 article page itself, which the spider for Google News doesn't seem to like
2075 (feature request #486) [Dirk]
2076 - Added a workaround for image uploads using GD when ImageCreateTrueColor is
2077 not available (patch #468) [Dirk]
2078 - Allow a subject to be passed as a parameter for the "contact user" form
2079 (based on patch #497) [Dirk]
2080 - Added support for right-to-left languages (based on patch #488) [Dirk]
2081 - Update Feeds and Older Stories block when changing topic settings [Dirk]
2082 - Added a hits counter to events and added a Top Ten Events section to the
2084 - Introduced $_CONF['show_topic_icon'], i.e. the default setting whether to
2085 show topic icons or not [Dirk]
2086 - The "Older Stories" block now only lists articles that appeared on the
2087 frontpage (i.e. have not been set to "Show only in topic", bug #408) [Dirk]
2088 - Fixed problems with query highlighting in stories scrambling links in
2089 autotags (bug #492) [Dirk]
2090 - Group names are now unique (as they should have been from the beginning). The
2091 install script takes care of existing duplicate group names when upgrading
2092 to 1.4.0 (bug #367) [Dirk]
2093 - Allow for more topic IDs in the user's preferences (bug #490) [Dirk]
2094 - Replace autotags in the Daily Digest (bug #484) [Dirk]
2095 - Explicitly link to /docs/index.html for the documentation link in the Admin's
2096 block (bug #504) [Dirk]
2097 - Added an option to enable / disable trackbacks per story (just like you can
2098 enable / disable comments per story) [Dirk]
2099 - Changed COM_optionList to check for language arrays which override the text
2100 strings that are embedded in the database (for comment mode, featured story,
2101 post mode, etc.) Bug #227 [Dirk]
2102 - Fixed Bug #174 -- quotes in titles are no longer double htmlentized [Vinny]
2103 - The default permissions for new objects (stories, topics, blocks, etc.) can
2104 now be set in config.php (feature request #90) [Dirk]
2105 - Added an "Active users" entry to the site statistics. If Geeklog is configured
2106 to track a user's last login, this will display the number of users who
2107 logged into the site during the last 4 weeks. Otherwise, it displays the
2108 number of user accounts with status = 3 (i.e. have logged into their account
2109 at least once and haven't been banned) [Dirk]
2110 - Introduced a new plugin API function so that the plugin's summary (e.g.
2111 number of items) can be properly integrated with the "Site Stats" section.
2112 Modified stats/sitestatistics.thtml, removed stats/stats.thtml, added
2113 stats/singlesummary.thtml template files [Dirk]
2114 - Introduced a generic function, USER_getPhoto, which provides the user's photo,
2115 if available. The function also supports getting the user's avatar from
2116 gravatar.com (if enabled in config.php) [Dirk]
2117 - The texts in the What's New block ("x new stories in the last y hours",
2118 "last 2 weeks", etc.) now properly reflect the actual settings of the
2119 $_CONF['newXXXinterval'] variables (bug #390) [Oliver, Dirk]
2120 - Introduced a method to signal a forced update for feeds in case the content
2121 of one of the feed entries has changed - so far, we only checked if entries
2122 had been added or removed (bug #277) [Dirk]
2123 - Added $_CONF['show_right_blocks'] option which, if set = true, will display
2124 right-side blocks on all pages (also addresses feature request #31) [Dirk]
2125 - Fixed bug #454, SQL error when reading comments. [Vinny]
2126 - Leave off the "page=1" parameter on the "Google paging" navigation bar for
2127 links that point back to the first page [Dirk]
2128 - The default feed for a new site is now in RSS 2.0 format and named
2129 "geeklog.rss" [Mike, Dirk]
2130 - Added time of the day to the name of the database backups to allow several
2131 backups a day [Oliver]
2132 - When the search returns no results, the search form is now pre-populated
2133 with the last search query, so that it can be changed easily. On successful
2134 searches, a "refine search" link will appear that also takes you back to a
2135 pre-populated search form (to refine your search, obviously) [Dirk]
2136 - Changed search to only return a certain amount of hits per page, thus
2137 avoiding timeouts on servers where the script execution time is limited
2139 A new config variable, $_CONF['num_search_results'], defines the number of
2140 search results to be returned per page (and per type). The search form also
2141 includes a drop-down menu where this can be changed for every search.
2142 Plugins will have to indicate if they support this "paged" search. Otherwise,
2143 Geeklog will fake the paging for the plugin, so that the plugin does a full
2144 search for every page, but Geeklog will only display the hits for the current
2145 page (such a plugin can therefore still cause a timeout until it is changed
2146 to support "paged" searching).
2147 - Added a permanent link to comments (in the professional theme) [Vinny]
2148 - Added new icons for the admin sections and made sure each admin section
2149 now has an icon in admin/moderation.php [Dirk]
2150 The new icons have been taken from the Gnome project (some of them modified
2151 by Jakub Steiner). They are released under the GPL.
2152 - Introduced global variable $_IMAGE_TYPE that specifies the image type to
2153 use. Defaults to 'gif'. Themes can override it to use other images types,
2154 e.g. PNG, for all images [Dirk]
2155 - Added option to upload topic icons (Feature Request #415, Patch #423),
2156 provided by Alford Deeley (machinari)
2157 - Changed the Admin's "Command and Control" center such that there is an icon
2158 for every entry in the Admin's block [Dirk]
2159 - Removed duplicate code for creating a "topic SQL" query in moderation.php
2160 (use COM_getTopicSQL instead) [Dirk]
2161 - Added the ability to allow users to login via defined remote services (ships
2162 with Blogger and LiveJournal support) [Mike]
2163 - Added the ability to ban users, and to tell when a user has logged in at least
2165 - Added edit-icon, List-Sorting, searching, Limits & alternating row colors
2166 in admin menus for groups, syndication, staticpages, trackback
2167 (where not yet done) [Oliver]
2168 - Added function to allow user-defined scaling of images in articles by using
2169 [unscaledX] instead of [imageX] [Oliver]
2170 - Removed $_CONF['whosonline_fullname'] option - use $_CONF['show_fullname']
2172 - Fixed bug where extra slashes appeared when previewing comments [Vinny]
2173 - Removed the "lastvisit" cookies, as they are obviously not used [Dirk]
2174 - Removed redundant changepwd-button & code from /admin/user.php (Bug #9)
2176 - Added new feature to insert a feed-links into header depending on topic, to
2177 be chosen from /admin/syndication.php in the form of
2178 <link rel="alternate" type="application/{format}+xml" ....> [Oliver]
2179 - Added options to google-Navigation so it can be used by plugins and work with
2180 url-rewriting (feature request #315). [Oliver]
2181 - Userlist now also shows Registration Date and if $_CONF['lastlogin']= true it
2182 shows the last login date instead. [Oliver]
2183 - Added option in config.php to hide "Viewed: x" line with
2184 $_CONF['viewscountline'] just as the $_CONF['contributedbyline'] [Oliver]
2185 - Added function COM_numberFormat to format displayed numbers with custom
2186 decimal & thousand - separators and fixed decimal places if necessary
2187 Includes the respecitve 3 new config.php values in locale section.
2188 (Feature Request #298) [Oliver]
2189 - Default Blocks showed always in all Topics before. Now you can choose to show
2190 them in All/only one topic/only on homepage like other blocks (feature #326)
2192 - A Story can now break over several pages in the body-text. The tag
2193 [page_break] will split the bodytext in pieces that can be opened with the
2194 std. COM_printPageNavigation. Introtext is removed for pages>1 [Oliver]
2195 - Added field for old password check in /usersettings.php (bug #230) [Oliver]
2196 - Added password confirmation to /admin/user.php and /usersettings.php
2198 - Made the alternating row colors in the Admin's trackback functions compatible
2199 with the scheme used in other places (list of users, etc.). Also changed the
2200 list of weblog directory services so that editing is now done by clicking on
2201 the number of the service [Dirk]
2202 - Stories are no longer forced to be featured _and_ on frontpage (bug #362)
2204 - Changed links locations in User-list, added user-photo indicator [Oliver]
2205 - Don't update a story's date any more when unchecking the 'draft' flag
2207 - Don't use "rewritten" URLs in the static pages editor any more (bug #403).
2208 Also updated the list of static pages to use alternating colors for the
2210 - Use "\r\n" when sending trackback pings (bug #407) [Dirk]
2211 - Allow autotags to optionally have a space after the tag name [Blaine]
2213 [story:20040101093000103 here] or [story: 20040101093000103 here]
2214 - Fixed inconsistent use of {site_url} and {layout_url} in some of the
2215 professional theme's admin template files - using {layout_url} everywhere
2216 now when referring to icons (bug #395) [Dirk]
2217 - Event titles containing quotes were cut off at the first quote in the event
2218 editor, i.e. both the admin's event editor and the editor for personal events.
2220 - Modified PLG_templateSetVars API to also check for a custom function [Blaine]
2221 Users can now set header template using CUSTOM_templatesetvars()
2222 - Added new CSS declarations as recommened CSS for plugins [Blaine]
2223 - Added a basic scheduler Plugin API plugin_runScheduledTask [Blaine]
2224 Interval is set in config.php - $_CONF['cron_schedule_interval']
2225 - Enhanced the Group Admin interface display [Blaine]
2226 - Enhanced the User Admin display and made the headings sortable [Blaine]
2227 - Geeklog will now properly handle html special characters (such as quotes and
2228 ampersands) in comment titles (bug #174) [Vinny]
2229 - Hide 'edit' option for articles in preview (bug #347) [Dirk]
2230 - Changed admin/user.php to use file() for the batch import [Dirk]
2231 - Implemented pinging weblog directory services like blo.gs and weblogs.com
2232 (Feature Request #35). By default, we ping pingomatic.com [Dirk]
2233 - Complete overhaul of the Plugin Comment API to reduce the likelyhood of
2234 plugins introducing security problems. Older plugins that use the comment
2235 API will no longer work. [Vinny]
2236 - Refactored Comment code out of lib-common.php and into lib-comment.php, also
2237 some changes to comment.php [Vinny]
2238 - Introduced a 'story.ping' permission that enables users to send Pings,
2239 Pingbacks, and Trackbacks for a story (or plugin item). Members of the Story
2240 Admin group have that permission by default.
2241 - Overhauled install script: It will now abort the installation if the minumum
2242 requirements (PHP 4.1.0, MySQL 3.23.2) are not met. It also displays a warning
2243 message if register_long_arrays is off (PHP 5 only, bug #360). Another
2244 warning message is displayed if "public_html" is part of the URL.
2245 When upgrading, it now tries to identify the Geeklog version that was used
2246 previously (only really works for versions 1.3.8 - 1.3.11) [Dirk]
2247 - Fixed date in comment preview (bug #370) [Dirk]
2248 - Incorporated the new syndication framework for reading and writing feeds of
2249 different formats (RSS, RDF, Atom), provided by Michael Jervis (patch #352).
2250 This contribution also addresses Task #19 ("RSS import class") and Feature
2251 Request #67 ("Limiting number of entries in RSS feeds").
2252 Please note that the feed writer classes, system/classes/*.feed.class.php,
2253 are now obsolete and can be removed. Please also note this adds new PEAR
2254 package requirements for Net_URL and HTTP_Request.
2255 - Added support for sending and receiving trackback comments (Feature Request
2256 #34) Also implemented Pingback support in pretty much the same way. Once
2257 received, Geeklog treats Trackbacks and Pingbacks the same and stores them
2258 in the gl_trackback table. [Dirk]
2259 Both can be switched off in config.php: $_CONF['trackback_enabled'] = false;
2260 and $_CONF['pingback_enabled'] = false;
2261 - Added a new script, directory.php, that implements a date-based listing of
2262 all the stories on a site [Dirk]
2263 A link to the directory is available as a new option, 'directory', for the
2264 $_CONF['menu_elements'] config variable, so that it can be added to the menu.
2265 - The column headline for event search results was not displayed [Dirk]
2266 - Added logos to syndication feeds. [Mike]
2267 - Added config option to disable new accounts (Patch #426 from Alford Deeley)
2269 - Alphabet Sort on Admin Menu and C&C Block [Mike]
2271 - New Farsi (Persian) language file, provided by Hesam.H
2272 - Updated Japanese language file, provided by Yusuke Sakata
2274 - New Farsi (Persian) language file for the static pages plugin,
2279 - Added ID-editor and Autotags-feature [link: ... ] [Oliver]
2280 - Added Category-Specific Feeds [Oliver]
2281 - Added Edit-Icon, List-Sorting, searching, Limits & etc for admin menu [Oliver]
2282 - Moved links functionality into a plugin [Trinity, Oliver]
2286 - Polls moved to a plugin [Trinity]
2290 - The LogView module now automatically truncates the Spam-X logfile to 100KB
2292 - The IP Blacklist module now supports regular expressions [Mike]
2293 - Added a Mass Delete module for Trackback comments [Dirk]
2294 - Added an "admin override" option, so that postings by members of the 'spamx
2295 Admin' group will not be checked for spam [Dirk]
2298 July 16, 2006 (1.3.11sr7)
2301 JPCERT/CC informed us about a possible XSS in the comment handling that we're
2302 fixing with this release.
2305 May 28, 2006 (1.3.11sr6)
2308 The Security Science Researchers Institute Of Iran reported the following
2311 - Possible SQL injection and authentication bypass in auth.inc.php
2312 - Possible XSS in getimage.php
2313 - Path disclosure in getimage.php and the functions.php of some themes,
2314 e.g. the Professional theme
2316 An internal code review also revealed a possible SQL injection in story
2320 Mar 5, 2006 (1.3.11sr5)
2325 - Konstantin Dyakoff found an old bug in the session handling that would allow
2326 anyone to log in as any user.
2329 Feb 19, 2006 (1.3.11sr4)
2334 - James Bercegay of GulfTech Security Research reported several issues with
2335 Geeklog's cookie handling that made it vulnerable to SQL injections, arbitrary
2336 file access, and even injection and execution of arbitrary code.
2337 - Prevent execution of PHP code in "normal" blocks
2340 Dec 12, 2005 (1.3.11sr3)
2345 - Fixed comment bug that allowed comments to be saved even when user did not
2346 have the correct story/topic permissions (reported by LWC) [Vinny]
2347 - Fixed a path disclosure in case someone tampered with the start date or end
2348 date in advanced search (reported by r0t3d3Vil) [Mike]
2349 Feeding malformed dates to the search caused a warning message to be displayed
2350 that disclosed the path to the Geeklog install on the server. It was NOT
2351 possible to use this for SQL injections.
2355 - Fixed the problems (introduced in 1.3.11sr2) editing static pages when
2356 $_CONF['url_rewrite'] = true (bug #491) [Dirk]
2357 - The "Reply" button didn't work when viewing individual comments [Vinny]
2358 - Fixed the definition of the 'expire' field (in table gl_stories), which
2359 caused an SQL error when doing a fresh install on MySQL 5
2360 (reported by Johannes) [Dirk]
2362 - Fixed and updated the Hebrew language file [LWC, Dirk]
2363 - New Ukrainian language file (Windows-1251), provided by Vitaliy Biliyenko
2364 - New Ukrainian language files (UTF-8 and KOI8-U encoding) for Geeklog, the
2365 Spam-X, and Static Pages plugins, provided by Yaroslav Fedevych
2368 Oct 9, 2005 (1.3.11sr2)
2371 This release provides security enhancements and better spam protection
2372 originally developed for Geeklog 1.3.12. It also addresses a few bugs where
2373 the bugfix could be integrated with a reasonable amount of work (other bugfixes
2374 will have to wait for the 1.3.12 release).
2376 Security and Spam protection:
2378 - Added speedlimit to login attempts, defaults to allowing three tries in a
2379 five minute period. [Vinny]
2380 See new config options $_CONF['login_attempts'] and $_CONF['login_speedlimit']
2381 - Changed the spam handling to update the speed limit when spam is detected
2382 (i.e. handle spam posts as if they were successful posts and make the
2383 submitter wait for the speed limit to expire). Also send a 403 "Forbidden"
2384 HTTP response code when displaying the "spam detected" message [Dirk]
2385 To quote RFC2616: "403 Forbidden: The server understood the request, but is
2386 refusing to fulfill it. Authorization will not help and the request SHOULD
2388 - Filter linefeeds in the To:, From:, and Subject: fields of an email in
2390 - When a new user account is created and the user submission queue is enabled
2391 in config.php, ensure that the user is properly "queued" even in the
2392 unlikely event that the account creation fails halfway through (reported by
2394 - When $_CONF['emailstoryloginrequired'] = 1, hide the links to the "email
2395 story" form from anonymous users [Dirk]
2396 - When emailing a story, check the user's message that is sent with the story
2398 - Added a robots.txt file to the distribution. By default, it excludes
2399 comment.php, submit.php, and the docs directory from being spidered [Dirk]
2400 - Added a spam check to the user profile [Dirk]
2401 - Story, event, and link submissions are now also checked for spam [Dirk]
2402 - This release also includes the Spam-X plugin version 1.0.2
2404 Please note that MT-Blacklist (used by Spam-X) has recently been discontinued.
2405 For the time being, we provide the last version of the blacklist for download
2406 from geeklog.net (the Spam-X plugin as included in this release is configured
2407 to get it from there for the initial import). There will, however, be no
2408 updates the blacklist. For details, please see
2409 http://www.geeklog.net/article.php/mt-blacklist-discontinued
2413 - Fixed an error message thrown up by PHP 5.0.5 or later when viewing the
2414 article page (bug #483) [Dirk]
2415 - Fixed bug with topic-specific blocks not showing up on the article page when
2416 URL rewriting was enabled (bug #401) [Dirk]
2417 - Fixed missing site header when trying to submit an event without required
2418 fields. Also fixed that it would redirect you to the story submission form
2419 then (bug #409) [Dirk]
2420 - Make sure {menu_elements} is rendered using the menuitem_none.thtml template
2421 when no menu elements are to be displayed (bug #378) [Dirk]
2422 - Quote names in email addresses as soon as they contain any non-alphanumeric
2423 characters (apart from the blank). This also addresses bug #368 [Dirk]
2424 - Allow single quotes in passwords (bug #396, also previously reported as
2425 bug #349 / #996354) [Dirk]
2426 - When $_CONF['profileloginrequired'] was set to 1, the actual message that
2427 you have to log in before being able to see a user profile was not wrapped
2428 in the Geeklog framework (reported by Sean C) [Dirk]
2429 - Fix: Made a story's archive/expire date work with the timezone hack [Dirk]
2430 - COM_applyFilter will now accept negative numbers if the isnumeric parameter
2431 is true. Needed to fix problems with pollbooth.php (and others) [Vinny]
2432 - Upgraded included kses class to version 0.2.2 which fixes problems with
2433 Japanese and Thai characters (among other things), thus addressing bugs #94
2435 - Fixed SQL error when using the [staticpage:] autotag (bug #373) [Dirk]
2436 - Added a missing stripslashes call to remove backslashes when a topic's name
2437 was displayed in the index page's title (bug #369) [Dirk]
2438 - Link tags are now translated in printer friendly mode (Bug #411) [Mike]
2439 - Removed the <meta name="ROBOTS"> entry from the Professional theme's
2440 header.thtml as "INDEX,FOLLOW" is the default anyway. For finer control,
2441 we now ship a robots.txt [Dirk]
2445 - Don't check for auto-archived stories when no archive topic has been
2447 - Added support for a custom_usercheck function. Custom registration code that
2448 requires certain information can now abort the creation of a new account if
2449 that information is missing. The function is called after Geeklog has checked
2450 that the username and email address of the new user are okay (valid and not
2451 in the database yet), but before the user has been added to the database
2453 - Saved one SQL request for a story's printable view [Dirk]
2457 - Made sure all language files refer to Geeklog's [image] tags as [imageX],
2458 [imageX_right], and [imageX_left] (bug #381) [Dirk]
2460 - New Catalan language file, provided by an anonymous user
2461 - New Russian (UTF-8) language file, provided by Konstantin Boyandin
2462 - Updated Hebrew language file, provided by LWC
2463 - Updated Hellenic (Greek) language file, provided by MzOzD
2464 - Updated Italian language file, provided by Marcello Teodori
2465 - Updated Japanese (UTF-8) language file, provided by Yusuke Sakata
2466 - Updated Portuguese (Brazil) language file, provided by Alcides Soares Filho
2467 - Updated Russian language file, provided by Konstantin Boyandin
2469 - New Japanese (UTF-8) language file for the Static Pages plugin, provided by
2471 - Updated Italian language file for the Static Pages plugin, provided by
2473 - Updated Japanese language file for the Static Pages plugin, provided by
2477 Aug 21, 2005 (Spam-X plugin 1.0.2)
2480 - Changed the display name of the plugin to "Spam-X" to avoid potential
2481 confusion with the email spam filter of the same name.
2482 "SpamX" is a registered trademark of Hendrickson Software Components.
2483 - Added a new module to filter posts based on the IP address of the poster
2485 - Added a new module to filter posts based on the IP address of the
2486 spamvertised site [Tom Willet]
2487 - Added a new module to filter posts based on characteristics of the HTTP header
2489 - Fixed the Mass Delete Spam Comments module [Tom Willet]
2490 - The Spam-X plugin's examine modules run the post through html_entity_decode()
2491 now in case the spammers try to obfuscate their posts by using HTML entities
2493 - The Mail Admin action module now also reports the HTTP headers of the post
2494 that triggered the spam filter [Dirk]
2495 - Added a simple stats function (reports the number of posts deleted as spam,
2496 and - to the Spam-X Admin only - the number of entries for each module) [Dirk]
2497 - Implemented an update function for the plugin [Dirk]
2499 - New Farsi (Persian) language file, provided by Hesam.H
2500 - New Italian language file, provided by Marcello Teodori
2501 - New Spanish language file, provided by vivi1123
2504 Jul 3, 2005 (1.3.11sr1)
2507 This release addresses the following security issue:
2509 Stefan Esser found an SQL injection that can, under certain circumstances,
2510 be exploited to extract user data such as the user's password hash.
2513 Dec 31, 2004 (1.3.11)
2516 Geeklog 1.3.11 addresses the following security issues:
2518 1. It was possible to submit stories anonymously even if anonymous submissions
2519 were turned off in config.php (reported by Barry Wong).
2520 These stories still ended up in the submission queue, though, unless you
2521 disabled it in config.php.
2522 2. Some of the parameters in link and event submissions weren't filtered,
2523 leaving them open to potential SQL injections.
2524 3. The links for the What's Related block were created from the unfiltered story
2525 text, opening the possibility of XSS attacks (reported by Vincent Furia).
2529 - Added a missing stripslashes() call for the topic name in the What's Related
2530 block (bug #351) [Dirk]
2531 (affected file: system/lib-story.php)
2532 - Fixed problems in the story editor when editing plain-text posts with
2533 uploaded images (bug #356) [Dirk]
2534 (affected file: public_html/admin/story.php)
2535 - When changing a story ID, update the story ID in any comments to that story,
2536 too (bug #357) [Dirk]
2537 (affected file: public_html/admin/story.php)
2538 - Fixed handling of autotags that started with the same substring, e.g. for
2539 2 tags 'mytag' and 'mytagtwo', the second tag would not be recognized
2540 (reported by Dr. Shakagee) [Dirk]
2541 (affected file: system/lib-plugins.php)
2542 - Fixed caching of $_GROUPS [Dirk]
2543 (affected files: system/lib-security.php, public_html/lib-common.php)
2544 - Made a minor optimization to save one SQL request when displaying the comment
2545 bar for anonymous users [Dirk]
2546 (affected file: public_html/lib-common.php)
2547 - Updated Slovenian language file, provided by gape.
2548 (affected file: language/slovenian.php)
2551 Dec 22, 2004 (1.3.11rc1)
2554 - Fixed "archive" option being activated too early on certain non-featured
2555 stories (bug #345) [Blaine]
2556 - Added missing handling of autotags in static pages being displayed as center
2557 blocks (reported by Jill) [Dirk]
2558 - Fixed size of the 'sid' field in the gl_comments table. It should be 40
2559 characters, to be able to hold the long story IDs introduced in 1.3.10
2560 (reported by Douglas Santos) [Dirk]
2561 - When using mogrify (ImageMagick) to resize uploaded images, the name of the
2562 image is now enclosed in double quotes instead of single quotes, which
2563 caused the command to fail on Windows [Dirk]
2564 - The emails sent from the Spam-X plugin's MailAdmin action now also include
2565 the IP address of the spam poster [Dirk]
2566 - SEC_getFeatureGroup() should not overwrite $_GROUPS if not operating on the
2567 current user (bug #331) [Dirk]
2568 - Introduced a {camera_icon} variable in story and comment templates that
2569 displays the little camera icon if the author has uploaded a user photo, just
2570 like in the Who's Online block (suggested by Laurence Whitworth) [Dirk]
2571 - The parent link in top-level comments took the user to the homepage rather
2572 than to the article page (bug #346) [Vinny]
2573 - Stories submitted for the archive topic will automatically be saved with
2574 frontpage = 0 when approved, i.e. only be displayed in the topic [Dirk]
2575 - Avoid emitting an extra <br> tag after the last section in the What's New
2576 block (bug #330) [Dirk]
2577 - Update comment count in Older Stories block when a new comment is posted
2578 (bug #317). Also optimized the code to collect the contents of the Older
2579 Stories block [Dirk]
2580 - Fixed extra <br> being emitted in the calendar for events that aren't
2581 visible for the current user (bug #268) [Dirk]
2582 - (Event) Admins can now delete events directly from the calendar's day and
2583 week views (just like events in the personal calendar) [Dirk]
2584 - Fixed usersettings.php so that it displays the "benefits" message again when
2585 called up by an anonymous user. Also made it go to the user's preferences
2586 when called without a 'mode' parameter [Dirk]
2587 - Added {layout_url} to the available theme variables in the submission forms.
2588 Also added {separator} for those who prefer correct spelling ;-) [Dirk]
2589 - More parameter filtering and permission checks in submit.php [Dirk]
2590 - Fixed over-zealous parameter filtering in links.php which prevented
2591 categories with apostrophes from working [Dirk]
2592 - Fixed broken URLs when editing a plain-text story that contained uploaded
2593 images (reported by LWC) [Dirk]
2594 - The PEAR classes that ship with Geeklog actually require PHP 4.2.x now.
2595 However, the missing functions in older PHP versions (minimum requirement
2596 for Geeklog itself is now PHP 4.1.0) are provided by the PEAR PHP_Compat
2597 package, which we will have to ship with Geeklog from now on. Added the
2598 necessary code to lib-common.php to load PHP_Compat, if required [Dirk]
2599 Many thanks to Tom Willet for providing a test setup.
2600 - Fixed "quick add form" for personal events, so that it stores the new event
2602 - Fixed handling of 12am/pm in events, event submissions, and when passing the
2603 time from the calendar to the event submission forms [Dirk]
2604 - Improved handling of personal events / personal calendar, especially for
2605 (Event) Admins [Dirk]
2606 - Fixed What's Related links when magic_quotes_qpc = on [Vinny, Dirk]
2607 - Fixed use of an undefined variable $U in COM_showBlocks and warning messages
2608 for undefined array indexes in COM_getCurrentURL (reported by irawen) [Dirk]
2609 - Allow empty search query strings so that the "More by <author>" and "More
2610 from <topic>" options work again [Dirk]
2611 - When deleting a poll, also delete any comments to that poll [Dirk]
2612 - Delete comments and story images when deleting stories from a deleted topic
2614 - When deleting a story, added an extra check for type='article' when deleting
2615 the story's comments [Dirk]
2616 - Set current user as the owner when cloning an event (bug #338) [Dirk]
2617 - Start time, end time, and event location weren't copied over when adding a
2618 site event to the personal calendar (bug #336) [Dirk]
2619 - Fixed wrong use of htmlentities() on comment title (bug #335) [Dirk]
2620 - Changed "read more" word count so that it ignores HTML tags (bug #333) [Dirk]
2622 - Updated Slovenian language file, provided by gape.
2623 - Updated Dutch language file, provided by Ko de Pree.
2624 - Updated Dutch language file for the Static Pages plugin,
2625 provided by Ko de Pree.
2626 - New French language files for the Spam-X plugin, provided by Alain Ponton.
2629 Nov 28, 2004 (1.3.10)
2632 - Allow omission of the link text for the [story:], [event:], and [staticpage:]
2633 autotags. Geeklog will then use the title (of the story / event / static page)
2634 as the link text [Dirk]
2635 (affected files: system/lib-plugins.php, plugins/staticpages/functions.inc)
2637 - Updated Chinese language files (all 4 of them), provided by Samuel M. Stone
2640 Nov 21, 2004 (1.3.10rc3)
2643 - Changed wording of the error message if the "backups" directory is not
2645 - Fixed comments for the DB_result (in lib-database.php) and dbResult
2646 (in mysql.class.php) functions (bug #320) [Dirk]
2647 - Display a success message when using the "changepw" option in admin/user.php
2649 - When changing a username, make sure to change the name of the user's photo,
2650 too (bug #321) [Dirk]
2651 - Links in "plain text" stories and comments are now made clickable (i.e.
2652 enclosed in <a> tags) when the post is saved instead of when it's displayed,
2653 as in the previous release candidates. This also fixes bug #308. [Dirk]
2654 - Added $_CONF['disable_autolinks'] config option to disable autolinks [Dirk]
2655 - Removed ViewBlacklist.Admin.class.php from the Spam-X plugin [Tom Willet]
2656 - Overhauled handling of personal events [Dirk]:
2657 + Fixed deleting personal events (again).
2658 + The upcoming events block now links to the event details of personal
2659 events (just like it already did for site events).
2660 + Added stricter checks for permissions, user IDs, and the personal calendars
2661 being activated in the first place.
2662 - Added a check for allow_url_fopen if reading a (RSS) feed fails and report it
2663 in error.log if it is off [Dirk]
2664 - When deleting a story (automatically), make sure we're only deleting comments
2665 belonging to that story (i.e. added a check for type = 'article') [Dirk]
2666 - Added {event_type}, {lang_event_type}, and {edit_icon} in all the themes'
2667 calendar/eventdetails.thtml template file [Dirk]
2668 - Fixed some URLs in the calendar (missing slash) [Dirk]
2669 - Comment IDs don't have to be numeric (in comment.php) [Vinny]
2670 - The Static Pages plugin now takes $_CONF['showfirstasfeatured'] into account
2671 when displaying static pages in center blocks (reported by eyecravedvd) [Dirk]
2672 - Forgot to declare $_CONF as global when fixing bug #301 (bug #302) [Dirk]
2674 - Updated Chinese language files (all 4 of them), provided by Samuel M. Stone
2675 - Updated Japanese language files (euc-jp and UTF-8), provided by Yusuke Sakata
2676 - Updated Polish language file, provided by Robert Stadnik
2677 - Updated Slovenian language file, provided by gape
2678 - Updated Spanish language file, provided by Angel Romero
2679 - Updated Swedish language file, provided by Markus Berg
2682 Oct 24, 2004 (1.3.10rc2)
2685 - Fixed plugin update function [Blaine]
2686 - Set the target encoding in Geeklog's RSS parser (bug #301) [Dirk]
2687 - Set the {topic_icon} variable to an empty string for the "Home" link in the
2688 Topics block (reported by jhwhite) [Dirk]
2689 - Fixed News Box Configuration, i.e. the ability to disable blocks [Vinny]
2690 - In the story template files, the number of comments now only is a link when
2691 there actually is a comment on the story [Dirk]
2692 - Hard-coded the English word 'delete' in the URLs to delete a comment [Dirk]
2693 - For the list of a user's recent comments, use 'mode=view' to link directly
2694 to a comment now [Dirk]
2695 - Fixed comment id in comment notification emails [Dirk]
2696 - Fixed display of the number of static pages that the user has access to (in
2697 the Admin Block) [Dirk]
2698 - COM_makeClickableLinks did not recognize links with the 'http:' at the
2699 start of a line [Dirk]
2700 - Re-introduced <br> between plugin sections in the What's New block, pretty
2701 much reverting the change suggested by feature request #292 [Dirk]
2702 - Introduced function COM_formatEmailAddress that creates a (more or less)
2703 RFC(2)822 compliant email address from a name and an address [Dirk]
2704 This function is now used for formatting the site address, as well as for
2705 addresses entered by the user in profiles.php and admin/mail.php.
2706 - The Spam-X plugin's MailAdmin action didn't send any email notifications,
2707 since the call to COM_mail was commented out ... [Dirk]
2708 - admin/mail.php and admin/group.php use the complete URL to the script in
2709 the <form action="..."> now (instead of relying on PHP_SELF) [Dirk]
2710 - Fixed parse error in the Dutch language file (reported by NeoNecro) [Dirk]
2711 - Allow the dot '.' in IDs (in addition to letters, digits, the dash, and the
2715 Oct 17, 2004 (1.3.10rc1)
2717 - Added new functionality to [autotags] - New plugin API's added [Blaine]
2718 - Added [autotag] hooks for stories [Blaine]
2719 - When a plugin had its icon only in the admin directoy, the plugin editor
2720 did not find it and displayed a generic icon instead [Dirk]
2721 - In admin/mail.php, apply htmlspecialchars() on the email addresses before
2722 displaying them, as the '<foo@example.com>' part will be interpreted as
2723 HTML by some browsers (pointed out by LWC) [Dirk]
2724 - When using gdlib for image resizing, GIF images were converted to PNG, but
2725 Geeklog was still trying to display the GIF (reported by Tom Willet). Since
2726 the LZW patent has now expired (see http://www.unisys.com/about__unisys/lzw),
2727 it is safe to use GIF images again, so the PNG conversion was dropped [Dirk]
2728 - Fixed link to the Anonymous user's profile in comment/thread.thtml [Dirk]
2729 - Added Location field to the user profile [Blaine]
2730 - In the light of bug #293, removed all variable names from the language files,
2731 leaving only the $_CONF config variables [Dirk]
2732 - Fixed an error message when plugins didn't return an array from
2733 plugin_getmenuitems_xxx (reported by computerade) [Dirk]
2734 - When sending emails from the admin/mail.php, some user's names weren't set
2735 in their email address (reported by LWC) [Dirk]
2736 - Removed an extra <br> from before and between data provided by plugins in
2737 the What's New block (feature request #292) [Dirk]
2738 - When creating a new user from admin/user.php, don't determine the uid before
2739 actually creating the database entries to avoid race conditions / collisions
2740 with other user accounts created at the same time (bug #243) [Dirk]
2741 Also took the opportunity to refactor and move the almost identical code
2742 from users.php and admin/user.php into a new function USER_createAccount in
2743 system/lib-user.php.
2744 - usersettings.php was missing a default case for unsupported values of 'mode'
2745 (bug #287). This only displayed a blank page and was not exploitable [Dirk]
2746 - Fixed hard-coded default group names in the Admin sections (e.g. when a user
2747 had story.edit permissions but was not in the Story Admin group, any new
2748 story created by that user would default to being owned by the Story Admin
2749 group nonetheless) [Dirk]
2750 - Introduced new plugin API functions plugin_user_changed_xxx and
2751 plugin_group_changed_xxx to inform plugins when a user's information
2752 (profile or settings) or a group (new, edit, delete) has been changed [Dirk]
2753 - COM_checkHTML and COM_allowedHTML now accept an additional parameter in form
2754 of a comma-separated list of permissions. If the current user has at least
2755 one of those permissions, they are assumed to be an "Admin" and the functions
2756 will use the $_CONF['admin_html'] list of HTML tags for them (bugs #114 and
2758 - COM_allowedHTML now has an option to only return the list of allowed HTML
2759 tags without the "Allowed HTML" text (bug #118) [Dirk]
2760 - For the poll block, always use the block title stored in the database (bug
2762 - It is now again possible to have a different number of stories per page
2763 for individual topics. Users have to set their preferred number of stories
2764 per page to 0 (zero) in their preferences, though, as the user preferences
2765 will always override this setting (bug #190) [Dirk]
2766 - The Professional theme, kindly provided by Victor B. Gonzalez, is our new
2768 - In the calendar's day and week view, event permissions weren't checked
2769 properly, so that some events were displayed to user who shouldn't have
2770 been able to see them (reported by Willem Jan) [Dirk]
2771 - Don't update a story's hit counter as long as the draft flag is set or the
2772 publishing date is in the future (feature request #282) [Dirk]
2773 - Introduced new function COM_sanitizeID() to filter special characters out of
2774 user-editable IDs as used for stories, polls, topics, and static pages (also
2775 fixes bug #181). Allowed characters are letters a-z (both upper and lower
2776 case), digits 0-9, the dash '-', and the underscore '_' [Dirk]
2777 - The Upcoming Events block didn't use the help URL, even if it was set
2778 (reported by Wolfgang M. Schmitt) [Dirk]
2779 - Geeklog now comes with Tom Willet's Spam-X plugin pre-installed. The plugin
2780 now stores the blacklists in the database and uses a new plugin API
2781 function to filter comment posts [Tom Willet, Tony, Blaine, Dirk]
2782 - Plugins can now offer their own tags to allow easy linking to their content.
2783 These tags take the form [name:id link text], where 'name' is a name
2784 associated with the plugin, 'id' is a unique id referring to one of the
2785 objects under the plugin's control, and 'link text' is text used in the <a>
2786 tag that Geeklog creates from these tags.
2787 Built-in tags are [story:] to link to a story and [event:] to link to an
2788 event [Blaine, Dirk]
2789 Example: [story:email-bug About the email bug] would be translated into
2790 <a href="http://example.com/article.php/email-bug">About the email bug</a>
2791 - portal.php now sends a 301 HTTP status code for the links instead of a 302.
2792 While a 302 status code would actually make more sense, Google does have a
2793 tendency to list search results with the URL of the portal script but with
2794 the content of the linked site, thus giving the impression that the content
2795 is actually located on another site. Sending a 301 avoids this problem [Dirk]
2796 - Group Admins should not even see the groups of which they are not a member
2798 - Prevent Group Admins from listing the members of a group unless they are a
2799 member of that group themselves [Dirk]
2800 - Introduced $_CONF['left_blocks_in_footer'] config option that makes the
2801 {left_blocks} variable available in footer.thtml (disabling it in header.thtml
2802 at the same time). This is really only useful for two-column layouts where
2803 you want the side blocks in the right column [Dirk]
2804 - Polls linked from the stats page now display the result of the poll instead
2805 of letting the user vote on them (feature request #267) [Dirk]
2806 - In the Admin's list of events and stories, don't list items for which the
2807 Admin doesn't have read access (bug #269). [Dirk]
2808 - Story IDs are now editable (just like the IDs of static pages). [Dirk]
2809 Important: Update the story editor template (admin/story/storyeditor.thtml)!
2810 - Fixed a bug that reset every user's password request as soon as some user
2811 changed their account information (bug #265) [Dirk]
2812 - Added support for URL rewriting to portal.php [Dirk]
2813 - The links for the What's Related block are stored in the 'related' field in
2814 the gl_stories table again. Parsing the story for links every time it is
2815 rendered uses too much CPU power (with apologies to groklaw.net) [Dirk]
2816 - Added theme variable {story_link} to commentbar.thtml to link back to original
2817 story the comments are derived from. [Vinny]
2818 - Introduced new file system/lib-story.php for story-related functions and
2819 moved COM_article, COM_whatsRelated, COM_extractLinks, as well as the code
2820 to delete article images into that file (functions were renamed accordingly:
2821 STORY_renderArticle, STORY_whatsRelated, STORY_extractLinks) [Dirk]
2822 - Fixed URLs to userphotos and story images when $_CONF['path_images'] had been
2823 changed (but was still inside of $_CONF['path_html']) [Dirk]
2824 - Added a script to convert an existing database to InnoDB tables (if the MySQL
2825 version supports them): admin/install/toinnodb.php [Dirk]
2826 - Added missing closing </a> tag in story search results (bug #260) [Dirk]
2827 - Added a second parameter to function COM_makeList that is used as a CSS
2828 class name in the list it returns (use {list_class_name} to get the actual
2829 class name, and {list_class} to get class="classname"). Changed the existing
2830 calls to COM_makeList to include class names, so that you can now use the
2831 following class names in your stylesheet to style lists: list-feed,
2832 list-new-comments, list-new-links, list-new-plugins, list-older-stories,
2833 list-personal-events, list-site-events, list-story-options, list-whats-related
2834 (the names should be self-explanatory) [Dirk]
2835 - Moved the docs directory to public_html/docs and added a link to it from the
2836 Admin's block (can be switched off in config.php by setting the new option
2837 $_CONF['link_documentation'] = 0) [Dirk]
2838 - Replaced 'ppmtojpeg' with 'pnmtojpeg' when using NetPBM for scaling
2839 uploaded JPEG images (bug #257) [Dirk]
2840 - Added a check (and a warning message) for PHP 4.1.0 to the install script,
2841 as that is our new minimum requirement [Dirk]
2842 - Rewrote install/success.php and added a link to install/check.php [Dirk]
2843 - Added the 'data' and 'pdfs' directory to install/check.php [Dirk]
2844 - Integrated the "welcome email hack": If the file 'welcome_email.txt' exists
2845 in the 'data' directory, the contents of that file are sent out as the
2846 welcome email to new users (instead of the hard-coded welcome message) [Dirk]
2847 - Introduced a 'data' directory ($_CONF['path_data'], defaulting to
2848 /path/to/geeklog/data) and use it for the batch user import, as Geeklog's
2849 base directory may not be writable on some setups (bug #77) [Dirk]
2850 - Sort list of older polls by date (newest first) and added paging [Dirk]
2851 - Make sure the old userphoto is deleted when uploading a new one (bug #228).
2852 So far, the old photo was not removed when the file type changed (e.g. from
2853 .gif to .jpg) [Dirk]
2854 - Don't assume the uploaded file in usersettings.php is always the userphoto -
2855 it may in fact belong to a plugin (bug #179). This bug prevented plugins from
2856 uploading their own files through the plugin API [Dirk]
2857 - Fixed repeating events in the personal calendar's day view (bug #232) [Dirk]
2858 - COM_siteHeader() now accepts a page title (to go between the page's
2859 <title>...</title> tags) as the second parameter, replacing the
2860 $_CONF['pagetitle'] hack (which still works but should be avoided) [Dirk]
2861 - In the site's page title, replace the site slogan with more meaningful
2862 information, where possible, e.g. "Submit a Story" on the story submission
2863 form, "Search Results", etc. (feature request #95) [Dirk]
2864 - Fixed deleting events from the personal calendar (bug #199) [Dirk]
2865 - Carry over the date and time from the calendar when Admins add a new event
2867 - Don't display "Site Events" headline in the Upcoming Events block when
2868 personal calendars are off (feature request #151) [Dirk]
2869 - Removed hard-coded am/pm formatted hours from the calendar's day view
2870 (calendar/dayview/dayview.thtml) and replaced them with {xx_hour} variables,
2871 where 'xx' is 0-23, which will be replaced with the hours formatted
2872 according to the $_CONF['timeonly'] config variable [Dirk]
2873 - Themes can now use a couple of CSS class names to style the small calendar (of
2874 the previous and next month) in month view: .smallcal, .smallcal-headline,
2875 .smallcal-week-even, .smallcal-week-odd, .smallcal-week-empty,
2876 .smallcal-day-even, .smallcal-day-odd, and .smallcal-day-empty [Dirk]
2877 - Improvements to the Story Archive Feature, UI tweaks, Language Extraction,
2878 Added new field to the topics table. Admin now sets the archive topic in
2879 the Topic Editor. Only one topic can be used - logic enforced. [Blaine]
2880 - Don't emit the <br><br> in article.php when the story's body text is empty
2881 (based on patch #147, provided by Andy Maloney) [Dirk]
2882 - Set {article_url} variable when displaying the story in article.php [Dirk]
2883 - Fixed missing </select> tags for the comment display mode and sort order
2884 drop-down menus in usersettings.php (patch #255, provided by machinari) [Dirk]
2885 - Hard-coded the names of the pseudo image tags in story.php, i.e. they are
2886 always [imageX], [imageX_left], and [imageX_right] now, independent of
2887 the current language file (bug #139) [Dirk]
2888 - Added the Auto-Archive Management feature. Optionally allows the Story Editor
2889 to archive or delete a story when the expire date is reached [Blaine]
2890 - Improved the commentbar to logically support comments viewed from comment.php
2892 - Removed a bug in comment.php that allowed a story/comment mismatch during
2893 display. This was not exploitable. [Vinny]
2894 - Integrated the timezone hack to compensate for time differences when your
2895 webserver is located in another timezone (original timezone hack by Yew Loong,
2896 with additions by "Joe" as well as several other geeklog.net users) [Dirk]
2897 - The calendar can now be configured so that the week starts on either a
2898 Sunday or a Monday - see new config variable $_CONF['week_start']
2899 (based on a patch by bond_anton) [Dirk]
2900 - Sort the admin's list of events by date (newest first). Also added paging,
2901 a row number and parameter filtering. Paging and the row number require
2902 theme changes in admin/event/eventlist.thtml and listitem.thtml [Dirk]
2903 - Incorporated a patch provided by Drago Goricanec to sort the Admin's user
2905 - Introduced 2 config options for the Who's Online block:
2906 - $_CONF['whosonline_fullname'] will display the user's full name,
2907 - $_CONF['whosonline_anonymous'] does not display the names of registered
2908 users to anonymous visitors of the site.
2909 Both options are disabled by default [Dirk]
2910 - Added support for single quotes and nested tags to COM_extractLinks [Vinny]
2911 - The admin_html and user_html are now merged recursively (bug #240) [Vinny]
2912 - Remove colons from email addresses, as they have a special meaning,
2913 according to RFC(2)822, that we didn't intend (bug #6) [Dirk]
2914 - Fixed compilation of regexp if the search query ended or started with a
2915 space (the resulting error message would also expose the path to article.php),
2917 - Sort the admin's list of polls by date (newest first). Also added paging,
2918 a row number and parameter filtering. Paging and the row number require
2919 theme changes in admin/poll/polllist.thtml and listitem.thtml [Dirk]
2920 - Added paging to the plugin editor (for more than 25 installed plugins).
2921 A {google_paging} variable is needed in admin/plugins/pluginlist.thtml for
2922 the paging links to show up [Dirk]
2923 - Emails sent from the Admin's mail form (admin/mail.php) were always sent
2924 with the site name and site email address, even if you entered something else
2925 in the form. Also made admin/mail/mailform.thtml slightly less ugly [Dirk]
2926 - When deleting a topic, keep the blocks assigned to that topic (bug #247).
2927 They're assigned to 'all topics' and disabled, but kept around now. The same
2928 applies for topic feeds, which weren't handled at all before [Dirk]
2929 - Make sure upload errors for user photos and story images are displayed in a
2930 Geeklog block, not on a blank screen [Dirk]
2931 - Fixed description of DB_insertId() in lib-database.php and dbInsertId() in
2932 mysql.class.php: The functions take a resource, describing the opened link to
2933 the database, not a record set (pointed out by lgonze on IRC). [Dirk]
2934 - Plugins are now getting the key type passed to their search function, so that
2935 they can perform a search for "exact phrase", "all of these words", or
2936 "any of these words" as selected from the search form. [Dirk]
2937 - Use URL rewriting for the link to a story's printer-friendly version, when
2938 activated (bug #201) [Dirk]
2939 - Resizing an image didn't work when the image height exceeded the max. height
2940 but the image width was still below the max. width (bug #242) [Dirk]
2941 - Keeping the unscaled image when using GDlib didn't work (bug #197) [Dirk]
2942 - Added a workaround for the Zeus webserver so that blocks marked "homeonly"
2943 properly appear there (bug #244) [Dirk]
2944 - Previewing a story submission from admin/story.php before saving it left the
2945 original story submission in the submission queue while also adding it as a
2946 new story. This has been fixed now [Dirk]
2947 - Added {article_url} variable for article/printable.thtml so that we can
2948 print the proper URL to the article if URL rewriting is on [Dirk]
2949 - Added filtering for the $order parameter in article.php [Dirk]
2950 - Added {link_actual_url} variable in links.php, holding the actual URL of
2951 a link (not Geeklog's redirect URL via portal.php). Updated template
2952 file links/linkdetails.thtml in all default themes to use {link_actual_url}
2953 in a title attribute for the links [Dirk]
2954 - The event description now honors linefeeds to allow some basic text
2956 - Escape all PCRE special characters in the code to highlight search query
2957 words (bug #200). Also moved the code to its own function, COM_highlightQuery,
2958 in lib-common.php [Dirk]
2959 - The contents and order of the menu entries, i.e. of the {menu_elements}
2960 variable in header.thtml, is now configurable in config.php (new config
2961 variable $_CONF['menu_elements']). It also includes an option to add custom
2962 entries by implementing a function CUSTOM_menuEntries() that returns the
2963 additional entries [Dirk]
2964 - Use an UPDATE request when increasing the number of times a story has been
2966 - When an error occurs while creating a backup, the complete command line
2967 used to call mysqldump is now added to error.log [Dirk]
2968 - Added 'view' mode to allow links directly to a single comment (and optionally
2969 its children) in comments.php. [Vinny]
2970 - Added a few variables to be used in the eventdetails.thtml template file:
2971 {event_state_name} (full name of the state), {event_state_only} and
2972 {event_state_name_only} (abbreviated and full state name without the comma),
2973 {event_edit} (link to edit the event, if allowed for the current user),
2974 {edit_icon} (same, but with the edit icon instead of a text link),
2975 {lang_event_type} and {event_type} for the event type [Dirk]
2976 - Registered users can now report abusive comments to the site admin (inspired
2977 by Feature Request #171, which actually requested this for the forums).
2978 Requires new text strings in the language files and a new template file,
2979 comment/reportcomment.thtml [Dirk]
2980 - Bugfix: New users created through the batch import didn't get the email with
2981 their password [Dirk]
2982 - Moved function to create and send a password to lib-user.php to avoid having
2983 identical code in users.php, admin/user.php, and admin/moderation.php [Dirk]
2984 - Added {topic_image} variable (available in the topicoption.thtml and
2985 topicoption_off.thtml template files) so that you can use topic images in
2986 the Topics block (feature request #152) [Dirk]
2987 - COM_undoSpecialChars() now also handles (bug #192) [Dirk]
2988 - Fixed handling of HTML entities in [code] sections (bug #159) [Dirk]
2989 - Added an option to look up IP addresses (new variable $_CONF['ip_lookup'] in
2990 config.php, pointing to a service that does IP address lookups) [Dirk]
2991 - Fixed problems with the database backup when there were spaces in the path to
2992 the backups directory (bug #185). [Dirk]
2993 - Added email notification for new comments (feature request #155) [Dirk]
2994 - Added tracking of IP addresses of comment posters (as suggested by Michael
2996 - Altered COM_article to improve performance by reducing queries. [Vinny]
2997 - Reduced DB queries in COM_showTopics to improve performance. [Vinny]
2998 - Cached enabled plugins to reduce db queries and improve performance. [Vinny]
2999 - Fixed SEC_inGroup not using $_GROUPS cache in several instances. [Vinny]
3000 - mysql.class.php now only runs mysql_connect once per page load. [Vinny]
3001 - The "Google paging" now has additional links to jump to the first and last
3002 page (patch provided by Niels Leenheer). [Dirk]
3003 - Introduced function COM_makeClickableLinks to turn URLs in text-only posts
3004 into clickable links (i.e. it's adding <a> tags around URLs). [Dirk]
3005 - Changed the comment insert, delete, display algorithms for improved
3006 efficiency. They now use a modified preorder tree traversal method. [Vinny]
3007 - Comment limit now applies to all the comments displayed, not just the top
3008 level comments. [Vinny]
3009 - Added pagination ability to comments ({pagenav} template variable in
3010 startcomment.thtml). [Vinny]
3011 - Fixed typo in timer.class.php that broke the ->restart() function. [Vinny]
3012 - Make sure the database backup files are always sorted by (last modified) date
3013 (found & fixed by Alexander Schmacks). [Dirk]
3014 - Make sure the user's preferred comment limit is used when changing the
3015 comment display via the comment bar (bug #176). [Vinny]
3016 - When URL rewriting is activated, the "rewritten" URLs are now also used
3017 in all (RSS) feeds containing links to articles. [Dirk]
3018 - Experimental: On a fresh install, use InnoDB tables (instead of MyISAM) if
3019 the MySQL version running on the server supports them (usually as of
3020 MySQL 4.0). This should avoid locks on tables where hit counters and the
3021 actual data are stored in the same table, e.g. stories (suggested by
3022 Marc Von Ahn). [Dirk]
3023 - Fixed bug in the install script when upgrading from 1.3.8 or earlier:
3024 Check to see if the static pages plugin is installed before attempting to
3025 update its tables (reported by Rob Griffiths). [Dirk]
3026 - Implemented a change to DB_fetchArray, suggested by Niels Leenheer:
3027 Geeklog will now, by default, only return associative array indices. In case
3028 the numeric indices are needed, a new (optional) second parameter for
3029 DB_fetchArray has to be set to "true". [Dirk]
3030 - Removed extra quotes in SQL statements in admin/block.php to ensure
3031 compatibility with old MySQL versions (reported by Elmer Masters). [Dirk]
3032 - In admin/database.php, if the is_executable function is not available (e.g.
3033 on Windows), do at least a file_exists to check if the mysqldump executable
3034 exists in the path given in config.php. [Dirk]
3035 - Introduced function COM_getTopicSQL which returns part of an SQL request to
3036 check for a user's topic access [Dirk]
3037 (This was actually introduced in 1.3.9sr1 but missing from the changelog)
3041 - New Bosnian language file, provided by Kenan Hodzic
3042 - Updated Croatian language file, provided by Roberto Bilic
3043 - New Indonesian language file, provided by Piotr Sobis
3044 - Updated Norwegian language file, provided by Torfinn Ingolfsen
3046 Static Pages Plugin 1.4.1
3047 -------------------------
3048 - Added a printable version for static pages (based on a concept by
3049 Jannetta S Lewis). Requires a new template file, printable.thtml, located
3050 in the static pages' template directory [Dirk]
3051 - Added support for autolinks and provide a [staticpage:] autotag [Dirk]
3052 - Added an option to sort the static pages that are added to a site's menu
3053 (see {plg_menu_elements} in header.thtml) by id, label, title, or date [Dirk]
3054 - The block templates used to wrap a static page in a block can now be
3055 overridden, using '_staticpages_block' and '_staticpages_centerblock' as the
3056 index for the $_BLOCK_TEMPLATE array [Dirk]
3057 - The plugin now checks for template files in the current theme's directory
3058 (layout/THEMENAME/staticpages) first before using the default template files
3059 from plugin/staticpages/templates [Dirk]
3060 - When displaying a static page, the plugin no longer checks if the current
3061 user is a member of the Root group, so that "Root" users shouldn't see static
3062 pages that are for anonymous users only [Dirk]
3063 This change was actually supposed to be in Static Pages 1.4 (Geeklog 1.3.9),
3064 but somehow didn't make it ...
3065 - For center blocks, ignore the "blank page" setting, unless it's for a page
3066 that is supposed to replace the entire frontpage (bug #234) [Dirk]
3067 - The static pages editor doesn't display a "delete" button for new and
3068 cloned pages any more (since, obviously, you can't delete what hasn't been
3069 saved yet ...). [Dirk]
3070 - Bugfix: Fresh installs of Geeklog 1.3.9 only allowed 20 characters for the
3071 static page ID, while installs upgraded from an earlier version allowed up
3072 to 40 characters [Dirk]
3073 - New Portuguese (Brazil) language file, provided by Alcides Soares Filho.
3076 Mar 5, 2006 (1.3.9sr5)
3079 This release addresses the following security issues:
3081 - Konstantin Dyakoff found an old bug in the session handling that would allow
3082 anyone to log in as any user.
3083 - James Bercegay of GulfTech Security Research reported several issues with
3084 Geeklog's cookie handling that made it vulnerable to SQL injections, arbitrary
3085 file access, and even injection and execution of arbitrary code.
3086 - Prevent execution of PHP code in "normal" blocks
3089 Jul 3, 2005 (1.3.9sr4)
3092 This release addresses the following security issue:
3094 Stefan Esser found an SQL injection that can, under certain circumstances,
3095 be exploited to extract user data such as the user's password hash.
3098 Dec 31, 2004 (1.3.9sr3)
3101 This release addresses 2 security issues:
3103 1. It was possible to submit stories anonymously even if anonymous submissions
3104 were turned off in config.php (reported by Barry Wong).
3105 These stories still ended up in the submission queue, though, unless you
3106 disabled it in config.php.
3107 2. Some of the parameters in link and event submissions weren't filtered,
3108 leaving them open to potential SQL injections.
3111 Oct 8, 2004 (1.3.9sr2)
3114 This release addresses 2 security issues:
3116 - Fixed a cross site scripting vulnerability caused by using the $topic
3117 variable in the language files ($LANG05[3]) where it should have been
3118 using '%s' instead (bug #293) [Vinny, Dirk]
3119 - It was possible to post comments to stories or polls for which comment
3120 posting had been switched off [Dirk]
3121 This was only a problem if you allowed anonymous posts or when spammers
3122 went through the trouble of actually signing up for an account before
3125 Non-security related fixes:
3127 - Fixed lib-plugins.php to be compatible with PHP 5 [Dirk]
3128 - Includes updated PEAR packages to resolve email problems some users were
3129 having (especially with safe_mode being on).
3132 Jun 1, 2004 (1.3.9sr1)
3135 This release addresses the following security issues:
3137 - It was possible to post anonymous comments, even when anonymous comment
3138 posting had been switched off in config.php [Vinny, Dirk]
3139 - Added additional speed limit checks for comments and submissions [Vinny]
3140 - It was still possible to read the comments to stories, even when the user
3141 didn't have access to the story's topic (provided they knew the story id)
3143 - If none of the topics were visible for anonymous users, the site's index
3144 page may still have displayed some stories for anonymous users, depending on
3145 the stories' permissions [Vinny, Dirk]
3146 - Users still got Daily Digest emails for topics from which they had been
3147 removed (bug #178) [Dirk]
3148 - It was possible to subscribe to the Daily Digest for all topics, even if the
3149 user did not have access to certain topics [Dirk]
3150 - Don't list stories or comments in the user profile if the current user isn't
3151 allowed to see the topics they were posted under (bug #208) [Dirk]
3153 Non-security related fixes:
3155 - Fixed an SQL error in COM_showTopics if users excluded topics in their
3156 preferences (reported by Rob Young) [Dirk]
3157 - Fixed sporadic "Duplicate entry '...' for key 1." messages in error.log
3158 (caused by the handling of pseudo-session ids for anonymous users) [Dirk]
3159 - Fixed incorrect author names in Daily Digest (bug #207) [Dirk]
3160 - The plugin_profileblocksedit_<plugin-name> Plugin API function wasn't working
3161 due to a missing piece of code in usersettings.php [Dirk]
3162 - COM_extractLinks will now ignore anchor tags that do not contain "href"
3166 Mar 14, 2004 (1.3.9)
3169 - Custom Registration function hook to custom_useredit added in the edituser()
3170 when creating a new user from the admin screen. The custom function was not
3171 being called if this was a new user [file: admin/user.php].
3172 - Fixed wrong use of DB_count in COM_showPoll in lib-common.php. This may have
3173 prevented people from voting on other polls once they voted on any poll on
3174 a site [file: lib-common.php].
3176 - Updated Danish language file, provided by ZooN.
3177 - Updated Hebrew language file, provided by Tal Vizel (please note that this
3178 file was made for 1.3.8-1 and is missing a few of the texts added in 1.3.9).
3181 Mar 7, 2004 (1.3.9rc3)
3184 - Fixed call to CUSTOM_mail and added a sample implementation in
3185 lib-custom.php (commented out by default).
3186 - Made an attempt to recover from duplicate session ids for anonymous users.
3187 - Adding new topics always resulted in a "Please fill in the Topic ID and Topic
3188 Name fields" error message, even if you did fill in both fields (this bug was
3189 only introduced in 1.3.9rc2).
3190 - Filter out backslashes.
3191 - Comment titles were cut off at the first single or double quote (when
3192 submitting a new comment).
3193 - The text string $LANG04[89] in all language files must be enclosed in
3194 double quotes, not single quotes.
3196 - Updated Hebrew language file, provided by Tal Vizel.
3197 - Updated Polish language file, provided by Robert Stadnik.
3198 - Updated Polish language file for the Static Pages plugin, provided by
3200 - Updated Russian language file, provided by Denis Kuznetsov.
3201 - Updated Slovenian language file, provided by gape.
3202 - Included UTF-8 versions of the Croatian and Japanese language files,
3203 provided by Samuel Stone.
3206 Feb 29, 2004 (1.3.9rc2)
3209 - The new Admin interface for handling blocks (introduced in 1.3.9rc1) will
3210 renumber the block order in steps of 10, which can lead to order numbers
3211 > 255 if you have many blocks. Changed the 'blockorder' field in the
3212 "gl_blocks" table from TINYINT to SMALLINT to compensate.
3213 If you are upgrading from 1.3.9rc1, you will need to run the following SQL
3216 ALTER TABLE gl_blocks CHANGE blockorder blockorder smallint(5) unsigned NOT NULL default '1';
3218 Replacing "gl_blocks" with the proper table name, if you are using a table
3219 prefix other than 'gl_'. This step is not necessary when upgrading from 1.3.8
3220 or earlier versions.
3221 - The Group Admin restrictions introduced in 1.3.9rc1 didn't even let the
3222 Admin assign unassigned features to groups (e.g. there was no way to add
3223 the staticpages.PHP feature to the Static Page Admin group on a fresh
3225 - When normal users tried to submit an event, they were redirected to the
3226 story submission form (this bug was only introduced in 1.3.9rc1).
3227 - Cosmetic changes in the beautifying of language names (in the user's
3229 - Fixed COM_extractLinks to work with links that follow [IMAGE] tags and more
3230 generally handle the extraction of links better and more efficiently.
3231 - If a function CUSTOM_mail() exists, it will be called instead of COM_mail(),
3232 to allow users to implement their own function to send emails, if necessary.
3233 - The Static Pages plugin now supports the "exact phrase", "all of these words",
3234 and "any of these words" search options.
3235 - Included a simplified custom registration example and made the naming
3236 convention for the custom registration functions more consistent.
3237 - Fixed display problems with comments in nested and threaded mode.
3238 Please note that the template file comment/comment.thtml has changed (again)
3240 - Don't rely on the Who's Online block being active when handling sessions
3241 for anonymous users.
3242 - Removed some unused code that handled the obsolete "layout" blocks.
3243 - Try to guess the correct path separator when running on PHP < 4.3.0.
3244 - When upgrading from a pre-1.3.9 install, the install script choked on
3245 single quotes in the site name or site slogan.
3246 - More parameter filtering.
3248 - Included UTF-8 versions of the English, German, Finnish, and Chinese
3249 (traditional and simplified) language files, provided by Samuel Stone.
3250 - Added new Croatian language file, provided by Roberto Bilic.
3251 - Added new Finnish language file, provided by Jussi Josefsson.
3252 - Added new Hebrew language file, provided by Tal Vizel.
3253 - Updated Dutch language file, provided by Wim Niemans.
3256 Feb 16, 2004 (1.3.9rc1)
3259 - Use COM_getYearFormOptions() etc. for the event submission form in
3260 submit.php, thus avoiding duplicated code.
3261 - Plugins can now add their new entries to the What's New block by implementing
3262 the new plugin_whatsnewsupported and plugin_getwhatsnew API functions.
3263 This section can be enabled/disabled with the new $_CONF['hidenewplugins']
3265 - When a user is deleted, make sure we assign any objects that require Admin
3266 access (blocks, topics, ...) to a user from the Root group.
3267 - Slightly revamped the install script and made it catch (or silently ignore)
3268 the most popular problems with the path to Geeklog ...
3269 - Removed the hard-coded from {welcome_msg} and added it to the
3270 header.thtml of the Classic, XSilver, and Yahoo themes (the other themes
3271 either look fine without it or didn't use {welcome_msg} anyway).
3272 - Added a missing stripslashes() call for link titles returned from a search.
3273 - Fixed bug when highlighting search queries that contained a '*' (reported
3275 - Fixed a bug/typo introduced in 1.3.8-1sr4 that prevented you from deleting
3276 story submissions from the Admin's story editor (reported by James Bothe).
3277 - Changed all url fields in the database to hold up to 255 characters per URL.
3278 Please note that the template files in most themes will limit the max.
3279 number of characters to 96 or 128 characters. See docs/theme.html for more
3280 information on how to update the themes.
3281 - Fixed problems batch-importing users with single quotes in their names
3283 - The permissions for the "Group Admin" group have been changed such that
3284 members of that group now only have access to groups of which they themselves
3285 are a member of. When creating new groups, the rights (permissions) to chose
3286 from are also limited to those that the Group Admin users have themselves.
3287 These changes should make the Group Admin group more useful.
3288 Note: Group admins can still see all the existing groups and who is a member
3290 - Fixed search class so that the simplified and the advanced search return
3291 the same results (as long as none of the advanced options are used).
3292 - Added new config variable $_CONF['allowed_protocols'] which lets you specify
3293 the protocols that are allowed to be used in a link (feature request #109).
3294 Note: The kses class has a hard-coded list of allowed protocols to which
3295 the above will be added. It is currently not possible to remove any of the
3296 predefined protocols.
3297 - Introduced variable {allowed_menu_elements} in header.thtml which only
3298 includes those menu elements that the current user is allowed to use
3299 (i.e. honoring the $_CONF['XXXloginrequired'] settings).
3300 - COM_accessLog() now logs the user's uid and IP address automatically.
3301 - The option to stay logged in for 1 year has been removed and an option to
3302 not stay logged in (after the session has expired) has been added.
3303 - Fixed display of default blocks in the user preferences.
3304 - If the user chose not to see certain topics (by selecting them from the
3305 "Excluded Items" list in the preferences) then don't list those topics in
3307 - After saving your account information, you are now redirected to your
3308 profile page, so that you can see your changes as they would be displayed
3309 for other users of the site.
3310 - Integrated Vincent Furia's patches to use Geeklog's URL rewriting for links
3311 to stories (i.e. article.php).
3312 - In the story templates, you can now use {article_url} as the URL to the
3313 article.php with the current story (e.g. for a "link to this story" link).
3314 - There is a new file, system/lib-user.php, for user-related code that is
3315 used by usersettings.php, admin/user.php, and admin/moderation.php.
3316 - All template files that let you enter a URL are now using {max_url_length}
3317 for the maxlength attribute.
3318 - Access to admin/mail.php is now granted to all users with 'user.mail'
3319 permissions (previously, users with that permission without being in the
3320 'Mail Admin' group would see the "Mail Users" entry in the Admin block but
3321 were refused access to it).
3322 - The list of group names in the Mail Users form is now sorted alphabetically.
3323 - Any unauthorized attempts to access the admin pages are now properly logged
3325 - Fixed problems when resizing userphotos for user names that have spaces in
3326 them (reported by Per on geeklog-users).
3327 - Now accomodate strict webhosts who don't allow file uploads to the standard
3328 image directory, you can now set a new configuration variable,
3329 $_CONF['path_images'] to point to a directory outside of your webtree where
3330 article images and user profile pictures will be saved and served from.
3331 - Don't append a '-' to the page title if $_CONF['site_slogan'] is empty
3332 (feature request #88).
3333 - COM_getMonthFormOptions() now always lists the month names instead of only
3334 the numbers. COM_getYearFormOptions() also lists the previous year.
3335 - Changed admin/event.php to use the COM_getMonthFormOptions() etc. functions
3336 from lib-common.php, thus avoiding duplicated code.
3337 - In the calendar/calendar.thtml template file, you can now use {start_block}
3338 and {end_block} to wrap the calendar in a block.
3339 - Fixed a few display problems in case of errors in calendar_event.php. Also
3340 made calendar.php display messages sent from calendar_event.php.
3341 - Make sure the custom registration form is properly called from all relevent
3343 - Single quotes are now silently stripped from topic IDs (bug #113).
3344 - Fixed search displaying all the links for an empty search string, e.g. when
3345 searching for "more from" some user (bug #87).
3346 - Fixed link from search results that contained a '/' (bug #115).
3347 - Comments from a story that has been marked as "draft" are no longer returned
3348 from a search (bug #128).
3349 - The Admin's link list now uses "google paging", 50 links per page (bug #104).
3350 Note: Requires a change in the admin/link/linklist.thtml template file.
3351 - (Block)Admins can now change the order of blocks and enable / disable blocks
3352 directly from the Admin's list of blocks (based on a concept by stratosfear).
3353 - An alternative interface to adding (multiple) users to a group is now
3354 available from the Admin's list of groups. This feature requires JavaScript.
3355 - Fixed display of permissions in the "Access" column of the Admin's list of
3356 stories (didn't take Topic permissions into account).
3357 - Fixed handling of "0" as a poll answer (bug #73).
3358 - Added a check and warning message in admin/moderation.php if register_globals
3360 - Changed function COM_isEmail() to use PEAR::Mail/RFC822 to check for valid
3362 - Added an edit icon to each theme (images/edit.gif). Variable {edit_icon} can
3363 be used as an alternative to {edit_link}, i.e. as an icon that Story Admins
3364 can click on to edit a story.
3365 - You can now enable debug messages (to error.log) for the image upload by
3366 setting $_CONF['debug_image_upload'] = true in config.php.
3367 - When deleting a group, delete all references to that group from the
3368 group_assignments table (bug #50). The install script will remove any
3369 orphaned entries when upgrading the database to 1.3.9.
3370 - The option to delete comments was only available to users in the Root group
3371 (e.g. Admin). Since comments don't have permissions, comments can now be
3372 deleted by users with Story Admin permissions for the story they are
3373 commenting on (or Poll Admin permissions for comments on polls; bug #27).
3374 - Display a generic (and localised) error message when there is a problem
3375 importing an (RSS) feed - details will be available in error.log. Also checks
3376 for empty (but existing) feeds now.
3377 - When the user submission queue is activated, you now have an "edit" link
3378 that takes you to the Admin's user editor (the profile link is now on the
3379 username). Contributed by Ed Magin.
3380 - COM_siteHeader() now uses output buffering for the eval(), preventing the
3381 header from being output directly.
3382 Note: This may require changes in 3rd party scripts, e.g. the Geeklog/Gallery
3384 - The install script will set the 'date' field for links to sensible values
3385 now (reconstructed from the date that's encoded in the link id).
3386 - The author exclusion list in the preferences is now a (multi-select) listbox.
3387 - A proper error message is now displayed if the Admin creates a new user or
3388 changes an existing account with an email address that already exists (that
3389 test was already introduced in 1.3.8-1 but the error message was confusing),
3390 thus closing bug #24. Also checks for valid email addresses now.
3391 - You can now use {author_fullname} and {author_photo} variables in comment
3392 templates (feature request #35).
3393 - Remove extra backslashes from new links in What's New block (bug #59).
3394 - The [code] tag is now displayed in the list of allowed HTML tags.
3395 - Image upload can now use the GD library (contributed by Rob Coenen).
3396 If possible, GIF images will be converted to PNGs during upload. However,
3397 some versions of the GD library may not allow to read GIF images at all.
3398 - Geeklog now uses PEAR::Mail to send all emails.
3399 In config.php, you can select whether emails should be sent via PHP's mail()
3400 function, sendmail, or SMTP.
3401 - Introduced /path/to/geeklog/system/pear as the directory to hold the PEAR
3402 packages used by Geeklog. Currently, those are PEAR, Mail, Net_SMTP, and
3403 Net_Socket. These packages will be included in the releases from now on.
3404 - Introduced function COM_mail(). From now on, all Geeklog email will be sent
3405 from this function (instead of using PHP's mail() function directly).
3406 - When users try to register with an empty username or invalid email address,
3407 make sure we're displaying a custom registration form (if one exists) when
3408 displaying the error message (part 1 of bug #57).
3409 - Prevent users from registering with an empty username (bug #56).
3410 - Use $_CONF['emailstoriesperdefault'] when batch-adding users. Until now,
3411 new users were subscribed to the Daily Digest automatically (bug #55).
3412 - Added an 'edit' link to links/linkdetails.thtml, so that (Link) Admins can
3413 edit links easily (contributed by Euan McKay).
3414 - What's Related applied COM_checkHTML() on the entire block instead of on the
3415 individual items, thus stripping out HTML from the template file (bug #52).
3416 - Words from a search query are now properly highlighted in comments when the
3417 words occured only in the comments (but not in the story).
3418 - Integrated Vincent Furia's new comment code to use templates for comments
3419 (instead of hard-coded HTML).
3420 New template files: comment/comment.thtml, comment/thread.thtml.
3421 Updated: comment/startcomment.thtml
3422 - New Admin interface for content syndication (RSS feeds etc.). This lets you
3423 create feeds for all the stories and per topic as well as for links and
3424 (upcoming) events. Plugins can also provide feeds (through extensions of the
3425 Plugin API). Additional feed formats (other than RSS 0.91) can be implemented
3426 as new classes (xxx.feed.class.php).
3427 Includes new admin/syndication template directory.
3428 - Don't display the "delete" button in the Admin's Event editor when we're
3429 editing a new event (reported by Simon Lord).
3431 Static Pages Plugin 1.4
3432 -----------------------
3434 - It is now possible to disable the use of PHP in static pages entirely by
3435 setting $_SP_CONF['allow_php'] = 0 in the static pages' config.php file.
3436 If you don't plan on using PHP in static pages, it is recommended that you
3437 do that as an additional security measure.
3438 - You can now use "plain PHP" code in a static page, i.e. it doesn't need to
3439 be written such that it returns all output in a 'return' statement. The
3440 PHP checkbox has been replaced with a dropdown menu offering "do not execute
3441 PHP", "execute PHP (return)" [that's the old way], and "execute PHP" [new].
3442 - The ID of a static page can now have up to 40 characters.
3443 - When displaying a static page, the plugin no longer checks if the current
3444 user is a member of the Root group, so that "Root" users shouldn't see static
3445 pages that are for anonymous users only.
3446 - The option to wrap static pages in a block can now be applied to each page
3447 individually. $_SP_CONF['in_block'] is only used as the default setting
3449 - Static pages to be displayed after the featured story (in a center block) are
3450 now displayed even if there is no featured story (after the static pages to
3451 be displayed at the top of the page).
3452 - Static pages are not wrapped in a block when the page format is set to "blank
3454 - Added a "Cancel" button in the static pages editor.
3455 - Bugfix: Depending on the permission settings, the "Edit" link was sometimes
3456 displayed for users without them having edit permissions for the static page.
3457 It wasn't possible to edit the page, though, but the link shouldn't have
3458 been there in the first place.
3459 - For security reasons, the Static Page Admin group does not include
3460 'staticpages.PHP' permissions by default any more.
3461 - When a user is deleted, static pages created by that user can now either be
3462 deleted or assigned to a Root user (see $_SP_CONF['delete_pages'] option).
3464 Please see docs/staticpages.html for details.
3467 Oct 8, 2004 (1.3.8-1sr6)
3470 This release addresses 2 security issues:
3472 - Fixed a cross site scripting vulnerability caused by using the $topic
3473 variable in the language files ($LANG05[3]) where it should have been
3474 using '%s' instead (bug #293) [Vinny, Dirk]
3475 Note: german.php was not affected and is therefore not included.
3477 - It was possible to post comments to stories or polls for which comment
3478 posting had been switched off [Dirk]
3479 This was only a problem if you allowed anonymous posts or when spammers
3480 went through the trouble of actually signing up for an account before
3484 Jun 1, 2004 (1.3.8-1sr5)
3487 This release fixes a bug due to which it was possible to post anonymous
3488 comments even when anonymous comment posting had been switched off in
3491 To upgrade from Geeklog 1.3.8-1sr4 to 1.3.8-1sr5, simply upload the included
3492 comment.php, replacing the file of the same name on your webserver.
3495 January 26, 2004 (1.3.8-1sr4)
3498 This release addresses the following security issues:
3500 1. It was possible for users in the Group Admin and User Admin groups to
3501 become a member of the Root group (reported by Samuel M. Stone, bug #135).
3502 2. Being admin for a certain area (e.g. Story Admin for stories) made it
3503 possible to delete all objects in that area (e.g. stories) even if the
3504 user was not supposed to have access to them, provided the id of the object
3506 3. It was possible to delete other people's personal events if you knew the
3508 4. It was possible to browse through the comments of a story even if the user
3509 did not have access to the actual story (reported by Peter Roozemaal).
3510 5. Due to an XSS issue, it was possible to change someone's account settings
3511 (including the password) if you got them to click on a specially crafted
3512 link (reported by Jelmer, fix suggested by Vincent Furia).
3513 6. The comment display suffered from the possibility of an SQL injection
3514 (reported by Jelmer).
3515 7. It was possible to inject Javascript code in the calendar (reported by
3517 8. It was possible to execute (but not save) Javascript code in the comment
3518 preview (reported by Jelmer).
3521 December 5, 2003 (1.3.8-1sr3)
3524 This release addresses the following security-related issues:
3526 1. As "dr.wh0" pointed out, the category field for link submissions was not
3527 filtered at all. Although you probably can't cause too much harm with
3528 those 32 characters, this has now been fixed.
3529 2. Vincent Furia found that the restrictions for the form to email users
3530 could be circumvented and could even be used to spam users.
3531 In addition to fixing theses issues, there is now also a speed limit
3532 on that form (defaults to the speed limit for story submissions).
3533 3. There was a way to post comments anonymously even when posting for
3534 anonymous users had been disabled.
3535 4. It was possible to post comments under someone else's username.
3538 October 14, 2003 (1.3.8-1sr2)
3541 Jouko Pynnonen found a way to trick the new "forgot password" feature,
3542 introduced in 1.3.8, into letting an attacker change the password for _any_
3543 account. This release addresses this issue - there were no other changes.
3545 The only thing you need to do is to replace the file users.php on your site
3546 with the file that comes with this tarball. It's suggested that you change
3547 the version number in your config.php to '1.3.8-1sr2' afterwards.
3549 Please note that only Geeklog 1.3.8, 1.3.8-1, and 1.3.8-1sr1 are affected,
3550 as this feature did not exist in earlier versions.
3553 October 12, 2003 (1.3.8-1sr1)
3556 This release is intended to address some of the security issues reported in
3557 September and early October 2003.
3559 1. Includes Ulf Harnhammar's kses HTML filter to address possible Javascript
3560 injections and CSS defacements.
3562 When upgrading from an earlier version, please make sure to copy over the
3563 $_CONF['user_html'] and $_CONF['admin_html'] arrays from the included
3564 config.php to your own copy of that file.
3566 2. While almost all of the alleged SQL injection issues could not be
3567 reproduced, this release includes an update to the MySQL class to not
3568 report SQL errors in the browser any more (but only in Geeklog's error.log).
3569 This will avoid disclosing any sensitive information as part of the error
3572 Please note that at the moment we do NOT recommend to use Geeklog with
3573 MySQL 4.1 (which, at the time of this writing, is in alpha state and should
3574 not be used on production sites anyway).
3576 An upcoming release of Geeklog will address the remaining SQL issues,
3577 including any problems with MySQL 4.1.
3579 Other fixes (not security-related):
3580 - When trying to guess the value of $_CONF['cookiedomain'], we need to remove
3581 the port number from the URL, if there is one (bug #75).
3582 - The full 1.3.8-1sr1 tarball also includes updated French (Canada) and
3583 Turkish language files.
3586 August 9, 2003 (1.3.8-1)
3589 - When upgrading, the install script will now default the version selection to
3590 the last version in the list (currently: 1.3.7) instead of the first one
3592 - Don't allow HTML in static page titles (bug #26).
3593 - Display the search form again if the query returned no results.
3594 - Make sure we're not attempting to send a Daily Digest email to Anonymous.
3595 - Prevent admin from changing a user's email address to one that's already used
3596 by someone else (bug #24). The error message you get when you try this may
3597 be confusing, though ("The username you tried saving already exists.") since
3598 I don't want to introduce new texts in the language file at this point. To
3600 - Fixed a problem with the cookie timeout: When a user edited his/her profile
3601 for the first time, the cookie timeout defaulted to 1 hour, while the default
3602 in config.php was usually much longer (default: 1 week). So after editing
3603 their profile for the first time, users didn't stay logged in as long as
3604 before (unless they noticed that and changed the cookie timeout accordingly
3606 - Fixed problems in the install script when trying to find out the MySQL
3608 - Fixed a problem collecting links for the What's Related block when the article
3609 contained (uploaded) images.
3610 - Words from a search query are now hightlighted in comments as well.
3611 - You can now use variables {rss_url} and {rdf_file} in both the site header
3612 and footer. Both variables hold the URL to the RSS feed.
3613 - Fixed an occassional "call to member function of non-object" error message
3615 - Make sure the RSS feed and Older Stories block are updated when a story is
3617 - The language selection will only list files that end in .php and do not
3619 - Fixed links to a user's comments from the Last 10 Comments block in the user
3621 - Removed '&query=' from links in search results if the query was empty.
3622 - Anonymous users couldn't use the advanced search even if
3623 $_CONF['searchloginrequired'] was not set.
3624 - Fix to disallow access to the extended search for anonymous users (i.e.
3625 $_CONF['searchloginrequired'] works again as it did in 1.3.7)
3626 - Fixed search by date.
3627 - Template variable {uid_value} was always empty in the user's profile edit
3628 form (in usersettings.php).
3630 - New French (Canada) language file, provided by Jean-Francois Allard.
3631 - Updated Dutch language file, provided by W. Niemans.
3632 - Updated Bulgarian language file, provided by Vassil Simeonov and Itso Banov.
3633 - Updated Spanish language file, provided by Angel Romero.
3635 - New French (Canada) language file for the Static Pages plugin, provided by
3636 Jean-Francois Allard.
3637 - New Dutch language file for the Static Pages plugin, provided by W. Niemans.
3640 July 17, 2003 (1.3.8)
3643 - Added Blaine's sample code for the custom registration to lib-custom.php
3644 (there's also an accompanying sample template file, memberdetail.thtml).
3645 - "No new links" wasn't displayed in the What's New block when you didn't
3646 have any links in the database or when the current user didn't have access
3647 to any of them (reported by krove).
3648 - Applied a patch by Tatsumi Imai to fix problems with Japanese characters
3649 when editing polls (bug #17).
3650 - Hide those story submissions from moderators that don't have access to the
3652 - Use $HTTP_SERVER_VARS['PATH_INFO'] instead of $PATH_INFO for the url_rewrite
3653 feature, since the latter doesn't seem to work on some setups (reported by
3656 - Updated Slovenian language file, provided by gape.
3657 - Updated Polish language file for the Static Pages plugin, provided by
3661 July 6, 2003 (1.3.8rc2)
3664 - When failing to delete an image for a story (from the Admin's story editor),
3665 only log this problem in the error.log but don't abort the script (reported
3667 - When editing a story that used double quotes in the title, the title was cut
3668 off after the first quote sign.
3669 - Story Admins could edit stories in a topic they didn't have access to, if
3670 they somehow found out the story id.
3671 - When $_CONF['listdraftstories'] was enabled, moderation.php listed all stories
3672 that had the "draft" flag set without checking for topic permissions (this
3673 option was only introduced in 1.3.8rc1).
3674 - For Story Admins, the Admin menu may have listed a greater number of stories
3675 than the user actually had access to (didn't check for topic permissions).
3676 - Fixed "Google paging" on the Admin's list of stories when the current user
3677 didn't have access to all the topics (paging was only introduced in 1.3.8rc1).
3678 - Try to prevent "illegal access" messages in error.log, caused by the plugin
3679 page looking for uninstalled plugins.
3680 - Upcoming events (in the block of the same name) are now sorted by start date
3681 and start time, which makes more sense than the old start date, end date
3682 sort order (reported by Peter Sieradzki).
3683 - Fixed description of function DB_count() in lib-database.php (reported by
3685 - Changed the "getBent" block to test the real admin directory in case it has
3686 been renamed (bug #762881).
3687 - Saving the user profile also saved the privacy options, setting them all to
3688 "off" (reported by Dwight Trumbower).
3689 - Check the topic permissions when doing a search on stories and comments.
3690 - Check the topic permissions when displaying the new stories and comments in
3691 the What's New block.
3692 - Need to use date_sub() in the SQL request for the display=new mode on the
3693 index page to ensure compatibility with old versions of MySQL (reported by
3695 - New users created manually from the Admin's User menu were assigned a
3696 random password, even when the Admin entered one (reported by TechFan).
3697 This bug was only introduced in 1.3.8rc1.
3698 - The printer-friendly version of a story in HTML format should not call
3699 nl2br() on the story text (bug #762636).
3700 - When attempting to edit a submission, check that it still exists in the
3701 submission queue (since another Admin could already have handled it),
3702 avoiding an SQL error (reported by Simon Lord).
3704 - New language file for formal German (addressing the user as "Sie" instead of
3705 "Du"), provided by Philip Sack.
3706 - Updated Italian language file, provided by quess65.
3707 - Updated Japanese language file, provided by Yusuke Sakata.
3708 - Updated Polish language file, provided by Robert Stadnik.
3709 - Updated Spanish language file, provided by Angel Romero.
3710 - Updated Swedish language file, provided by Markus Berg.
3712 - New formal German language file for the Static Pages plugin.
3713 - New Italian language file for the Static Pages plugin, provided by quess65.
3714 - New Japanese language file for the Static Pages plugin, provided by Yusuke
3716 - New Swedish language file for the Static Pages plugin, provided by Markus Berg
3719 June 29, 2003 (1.3.8rc1)
3722 - Fixed SQL error when using quotes in a group description.
3723 - Fixed bug where blocks assigned to a topic disappeared when viewing articles.
3724 - Add new Plugin API PLG_getHeaderCode, Used to return JS Functions or other
3725 Header Meta Tags required by the plugin. Added new variable {plg_headercode}
3726 to the template header.thtml files.
3727 - New search: You can search for the exact phrase, all of the words, or any of
3728 the words from the query. Search words are highlighted in stories. Also,
3729 results in stories and comments are listed separately.
3730 - Added new block "Privacy Options" to the Preferences:
3731 + chose to receive email from admins and/or other users
3732 + chose to show up in Who's Online block
3733 (Feature requests #609758 and #609759)
3734 - New config option $_CONF['hide_author_exclusion'] to hide the author
3735 exclusion list from the user's preferences (useful e.g. when it's a rather
3736 long list but hardly used by the users of your site).
3737 - Added tracking of users lastlogin to the userinfo table.
3738 New $_CONF['lastlogin'] added to config.php - SESSION SETTINGS area
3739 - Added an option in admin/group.php to list all the users belonging to a group.
3740 - Added adminoption_off.thtml template file (for current entry in the Admin
3741 menu) and topicoption.thtml and topicoption_off.thtml files (for entries in
3742 the Topics/Sections menu).
3743 - Geeklog will not accept topic ids containing spaces any more.
3744 - Added new config option $_CONF['allow_account_delete'] to allow users to
3745 delete their account (from their Account Information page).
3746 - Posts (stories and comments) from deleted users will now be reassigned to
3748 - Removed the Geeklog version number from the footer of the default themes.
3749 Instead, the version number is now displayed in the headline of the "Command
3750 and Control" block (moderation.php) and next to the "GL Version Test" entry
3751 in the Admin's functions block.
3752 - New Norwegian language file, provided by Torfinn Ingolfsen.
3753 - Introduced new config.php variable $_CONF['mysqldump_options'] that holds
3754 additional options to be used when Geeklog calls mysqldump to do a backup
3756 - Added a check for an existing email address in the user's profile so that
3757 users can't change their email address to one that's already in use for
3759 - Pick up the 'postmode' default setting for the Admin's story editor.
3760 - Stories in the Daily Digest are now sorted by date (newest first, as on the
3762 - Changed handling of plugin comments slightly: Plugins will have to do the
3763 'delete' operation on their comments on their own now since Geeklog can't
3764 possibly know which (if any) permissions are needed to delete a comment.
3765 The 'id' parameter in the call to plugin_handlecomment_<type> will now
3766 always be the comment id.
3767 - In another attempt to solve the various issues regarding "www vs. non-www"
3768 URLs and related login problems:
3769 + Made sure all setcookie() calls use all 6 parameters
3770 + Try to guess the correct value for $_CONF['cookiedomain'] if it isn't set
3771 + Removed the redirection attempt from index.php
3772 - When requesting a new password for your account, you can now enter either
3773 your username or the email address you used to register with the site.
3774 - Added a speed limit for requests for a new password (defaults to 5 minutes
3776 - The commentspeedlimit and submitspeedlimit tables have been replaced with a
3777 general speedlimit table and three new functions operating on it have been
3778 introduced (in lib-common.php). The new table has a 'type' field, so plugins
3779 could easily implement their own speed limits.
3780 - Introduced new "forgot password" functionality: When requesting a new password
3781 for an account, the user will now receive an email with a link that s/he has
3782 to click on. It will take the user to a form where s/he can enter a new
3783 password (a unique id is contained in the URL and checked when entering the
3784 new password, thus preventing misuse). The old password remains valid until a
3785 new password is entered from this form, so the email can simply be ignored in
3786 case the user didn't request a new password (cf. Feature Request #567979).
3787 - Removed unused commentheader.thtml file from all default themes.
3788 - Fixed the redirect after posting a comment to a poll (should return to the
3789 poll, not to the index page).
3790 - You can now "clone" events, i.e. make a copy of an existing event. This comes
3791 in handy if you have a lot of similar events (e.g. repeating events).
3792 Template files admin/event/eventlist.thtml and admin/event/listitem.thtml
3793 need to be updated or the "clone" option will not show up ...
3794 - Fixed a bug in the Admin's poll editor which let you enter more than
3795 $_CONF['maxanswers'] answers for a poll. You may need to adjust your setting
3796 of $_CONF['maxanswers'] or you may lose an answer when editing such a poll
3797 (found & fixed by Tom Willet).
3798 - Moved hard-coded HTML for the poll block and poll results to new template
3800 - When the theme uses a replacement function for COM_siteHeader and/or
3801 COM_siteFooter, we need to pass it the same parameter that the replaced
3802 function was being called with.
3803 - Fixed "Last 10 comments by user" in the user's profile which was missing the
3805 - When a new user registers, we need to check for a valid email address
3806 first (before searching the database to see if that address is already in use)
3807 - You are now taken back to the moderation page after editing a story submission
3808 - Fixed 'previous' link on the Admin's list of stories. Alternatively, you can
3809 now use {google_paging} there (requires a change in the template).
3810 - Added -Q option to the mysqldump call when doing a database backup. This will
3811 enclose database names in quotes and thus prevent problems with special
3812 characters in table names as used by some plugins (bug #712901).
3813 - Set the max length of the input field for the event URL to 128 characters
3814 (was 96) in the default themes (other themes may need adjusting).
3815 - Fixed localisation of the date of all-day events in the event details.
3816 - Added missing {event_location} variable in calendar/eventdetails.thtml
3818 - Fixed display of events spanning several days in the personal calendar.
3819 - Moved hard-coded HTML for the login form in the User Functions block to a new
3821 - The Sections block now uses the useroption.thtml and the new
3822 useroption_off.thtml template files for the list of topics. You can also use
3823 $_CONF['hide_home_link'] to hide the "Home" link from the Sections block.
3824 - New config option $_CONF['keep_unscaled_image'] allows you to keep the
3825 original, unscaled image after upload (in stories only, for now). The smaller,
3826 scaled image will be used as a thumbnail and link to the original image
3827 (based on code provided by Alexander Schmacks).
3828 - In admin/database.php:
3829 + Made sure we really display the last 10 backups (fix by Alexander Schmacks)
3830 + Display total number of backups in the directory
3831 + Moved hard-coded HTML for the list of backups to template files
3832 + Replaced $PHP_SELF with $_CONF['site_admin_url']/database.php since
3833 $PHP_SELF seems to cause problems in some environments
3834 - You can now make one topic the default topic. The topic selection in the
3835 story submission form will then default to this topic.
3836 - When clicking on the "contribute" link from the topic index page, the new
3837 story will now default to the topic you just viewed.
3838 This only works with themes that use the {menu_elements} variable in
3839 header.thtml. Other themes can use the new variable {current_topic} which
3840 holds '&topic=<topicid>' when a topic is selected (and is empty otherwise).
3841 - Integrated Vincent Furia's improvements for COM_exportRDF. You can now use
3842 $_CONF['rdf_limit'] to limit the number of stories in the RDF file by
3843 setting this to a number (e.g. 10) or a number of hours (e.g. 24h).
3844 $_CONF['rdf_storytext'] lets you add the story's introtext to the RDF feed.
3845 Also fixed a bug with un-escaped special characters in the feed's title.
3846 - Added paging to the list of Static Pages (for more than 50 pages).
3847 - Fixed problem with the Older Stories block disappearing when it was edited
3848 (e.g. moved from left to right), bug #670673.
3849 - Fixed "late" update of portal blocks (bug #681855).
3850 - Fixed mixing of comments from different plugins, found & fixed by Alan McKay.
3851 - A theme can provide its own functions to render the site header and footer
3852 (this is not a new feature). Geeklog now expects those functions to be named
3853 <themename>_siteHeader and <themename>_siteFoote, respectively. Until now,
3854 it was, however, looking for the wrong function names ...
3855 - Added the piece of code that is needed to make the Theme Tester work to
3856 lib-common.php (won't do anything without the Theme Tester block).
3857 - Fixed SQL query for displaying new comments in the What's New block, provided
3858 by Marc Von Ahn (with some help from Rob Griffiths).
3859 - Changes to make Geeklog install and work again on old versions of MySQL
3860 (e.g. MySQL 3.22). Special thanks to Markus Guske for providing the fixes
3861 for the What's New block and for testing the new install.
3862 - Feb 13/03: (Blaine) Added new Plugin function to support Center Blocks
3863 Included call to PLG_showCenterblock in index.php
3864 - The user's signature is now appended to messages sent to another user.
3865 - Feb 6/03: (Blaine) Added support for custom user registration and account
3866 profile: Added hooks to users.php, usersettings.php and admin/user.php and
3867 new $_CONF parm to enable
3868 Developer is responsible for code to handle new form processing, account
3869 record save, update and delete.
3870 - The list of blocks now includes a column indicating whether the block is
3871 enabled or disabled (will need changes in admin/block/listblocks.thtml and
3872 listitem.thtml template files of custom themes).
3873 - Variable {rdf_url} (available in footer.thtml) holds the URL of the RDF file.
3874 - What's Related block is now created dynamically.
3875 - Top Ten Commented Stories didn't count comments on stories submitted by
3876 anonymous users (found & fixed by Laurence Whitworth).
3877 - Allow users to change their username if $_CONF['allow_username_change'] is
3879 - Jan 18/03: (Blaine) Corrected problem in mysql.class.php where the checks in
3880 dbdelete, dbchange, dbcount and dbcopy for a passed value of 0 were not
3881 sufficient. If the parameter was 0 - it was assuming it was empty.
3882 Consequence: The dbdelete would delete all records or dbcount would return
3884 - Display Preferences and Comment Preferences have been merged. There is now
3885 only one option, Preferences, in the User Functions block.
3886 - Hard-coded HTML for the Display Preferences, Comment Preferences, and
3887 Account information has been moved to template files (new "preferences"
3890 Static Pages Plugin 1.3
3891 -----------------------
3892 - Integrated (and extended) the Static Pages plugin 1.2 (originally started by
3893 Phill Gillespie and later supported by Tom Willet). This "combined" version
3894 is now called Static Pages 1.3.
3895 Use Geeklog's install script to upgrade from any previous version (1.1 or 1.2)
3896 - Supports the use of PHP in static pages.
3897 - You can now edit the ID of a static page to create more readable URLs like
3898 http://yoursite/staticpages/index.php?page=about
3899 In combination with Geeklog's $_CONF['url_rewrite'] option, the URL can even
3900 look like http://yoursite/staticpages/index.php/page/about
3901 - You can now "clone" static pages, i.e. make a copy of an existing page.
3902 - Removed the "static pages on frontpage" hack and changed the plugin to use
3903 the new Center Block API instead:
3904 A static page can now be displayed on the top of the front page, on the
3905 bottom, or after the featured story. It can also replace the front page
3906 entirely. Instead of using special label names (like "frontpage"), the
3907 display mode and position can now be selected from drop-down menus in the
3908 static pages editor.
3910 Please see docs/staticpages.html for details.
3913 January 26, 2004 (1.3.7sr5)
3916 This release addresses the following security issues:
3918 1. It was possible for users in the Group Admin and User Admin groups to
3919 become a member of the Root group (reported by Samuel M. Stone, bug #135).
3920 2. Being admin for a certain area (e.g. Story Admin for stories) made it
3921 possible to delete all objects in that area (e.g. stories) even if the
3922 user was not supposed to have access to them, provided the id of the object
3924 3. It was possible to delete other people's personal events if you knew the
3926 4. It was possible to browse through the comments of a story even if the user
3927 did not have access to the actual story (reported by Peter Roozemaal).
3928 5. Due to an XSS issue, it was possible to change someone's account settings
3929 (including the password) if you got them to click on a specially crafted
3930 link (reported by Jelmer, fix suggested by Vincent Furia).
3931 6. The comment display suffered from the possibility of an SQL injection
3932 (reported by Jelmer).
3933 7. It was possible to inject Javascript code in the calendar (reported by
3935 8. It was possible to execute (but not save) Javascript code in the comment
3936 preview (reported by Jelmer).
3939 December 5, 2003 (1.3.7sr4)
3942 This release addresses the following security-related issues:
3944 1. As "dr.wh0" pointed out, the category field for link submissions was not
3945 filtered at all. Although you probably can't cause too much harm with
3946 those 32 characters, this has now been fixed.
3947 2. Vincent Furia found that the restrictions for the form to email users
3948 could be circumvented and could even be used to spam users.
3949 3. There was a way to post comments anonymously even when posting for
3950 anonymous users had been disabled.
3951 4. It was possible to post comments under someone else's username.
3954 October 12, 2003 (1.3.7sr3)
3957 This release is intended to address some of the security issues reported in
3958 September and early October 2003.
3960 1. Includes Ulf Harnhammar's kses HTML filter to address possible Javascript
3961 injections and CSS defacements.
3963 When upgrading from an earlier version, please make sure to copy over the
3964 $_CONF['user_html'] and $_CONF['admin_html'] arrays from the included
3965 config.php to your own copy of that file.
3967 2. While almost all of the alleged SQL injection issues could not be
3968 reproduced, this release includes an update to the MySQL class to not
3969 report SQL errors in the browser any more (but only in Geeklog's error.log).
3970 This will avoid disclosing any sensitive information as part of the error
3973 Please note that at the moment we do NOT recommend to use Geeklog with
3974 MySQL 4.1 (which, at the time of this writing, is in alpha state and should
3975 not be used on production sites anyway).
3977 An upcoming release of Geeklog will address the remaining SQL issues,
3978 including any problems with MySQL 4.1.
3981 May 26, 2003 (1.3.7sr2)
3986 1. It was possible to obtain valid session ids for every account (reported by
3988 2. Using Internet Explorer, it was possible to upload an image with embedded
3989 PHP code and execute it (reported by SCAN Associates).
3990 3. Story permissions could override topic permissions, resulting in the display
3991 of stories to users who shouldn't have access to them (reported by Andrew
3993 Note: This was already fixed with the new index.php, released 2003-05-15.
3994 4. Added a warning in config.php that adding any of the following tags to the
3995 list of allowable HTML can make the site vulnerable to scripting attacks:
3996 <img> <span> <marquee> <script> <embed> <object> <iframe>
3997 (pointed out by Joat Dede)
3999 - Fixed the bug in several of the admin areas (blocks, events, links, polls,
4000 stories, topics) where admins without root access got a message stating
4001 that they did not have the proper permissions when trying to save an object.
4002 - Fixed a typo in lib-sessions.php that caused the creation of unnecessary
4003 sessions (pointed out by Kobaz).
4004 - Fixed malformed cookie (used $_CONF['site_url'] instead of
4005 $_CONF['cookiedomain']) in lib-sessions.php, found & fixed by Jon Evans.
4006 - Fixed a bug that prevented certain right blocks from showing up when there
4007 were no stories for a topic.
4008 - The "Google paging" on the index page may have displayed the wrong number
4009 of pages for users who disabled topics in their display preferences.
4011 - Updated Dutch language file, provided by Claudio.
4012 - Updated French language file, provided by Jaques.
4013 - Updated Hellenic (Greek) language file, provided by Access-=-Denied Networks
4014 - Updated Spanish and Spanish (Argentina) language files,
4015 provided by Fernando Bernardini
4016 - New Portuguese language file, provided by Mario Seabra
4017 - New Bulgarian language file, provided by lachko
4018 - New Turkish language file, provided by Sinan Ussakli
4019 - New Slovenian language file, provided by gape
4020 - New Slovak language file, provided by Rado
4021 - New Romanian language file, provided by Dan Gheorghitza
4022 - New Chinese language file (gb2312 encoding), provided by Crocodile King
4023 - New Czech language file, provided by Hermes Trismegistos
4026 January 13, 2003 (1.3.7sr1)
4031 1. Javascript code could be used in the homepage link of a user's profile
4032 (reported by Jin Yean Tan).
4033 2. Javascript code could be injected in several URLs so that these could then
4034 be used for a cross-site scripting attack (reported by Jin Yean Tan).
4035 3. Anybody could delete comments, provided they knew the comment id.
4036 4. A StoryAdmin could manipulate any story, even if permissions should have
4037 prevented that. The same applied to Admins for links, events, polls, topics,
4038 and blocks (reported by Kobaz).
4040 - The new user notification email was always sent out, even if 'user' was not
4041 listed in $_CONF['notification'].
4042 - In admin/database.php, added a check to test if function is_executable() is
4043 available (since it is not available on Windows).
4044 - {copyright_notice} in the site's footer (footer.thtml) will now use the
4045 current year for the copyright notice. You can override this by setting
4046 $_CONF['copyrightyear'] to the year you want.
4047 Also, new variables {lang_copyright} and {current_year} as well as {site_name}
4048 and {site_slogan} are now available in footer.thtml so that you can build a
4049 customised copyright notice from them.
4050 - Fixed incomplete links to search results from poll comments.
4051 - Fixed wrong link to the week view from the last week of the month view.
4052 - Fixed bug where links was not using the date field - being stored as null.
4053 - Fixed image resizing when using ImageMagick.
4054 - Added the actual and max. image dimensions in the error message that is
4055 displayed when an image exceeds the max. image dimensions and no imagelib
4057 - The Admin menu will now be displayed for users which have Admin access to
4058 a plugin but not to a core Geeklog Admin feature.
4059 - The redirect in index.php (when a site is called up with a URL other than
4060 the one configured in $_CONF['site_url']) now checks for the existence of
4061 $HTTP_SERVER_VARS['HTTP_HOST']. Also, the server name comparison is done
4062 case-insensitive now.
4063 - New config option $_CONF['emailstoriesperdefault']: Set to 1 if new users
4064 should be subscribed to the daily digest automatically. Defaults to 0 (no
4065 automatic subscribtion), thus restoring the behaviour of Geeklog prior to
4067 - Removed some unused / outdated files (include and etc directories)
4068 - Updated URLs to point to www.geeklog.net and lists.geeklog.net instead of the
4069 now outdated places on Sourceforge.
4070 - Updated Dutch language file, provided by R.F. van der Veen
4071 - New Danish language files (for Geeklog and for the Static Pages plugin),
4072 provided by Steen Broelling
4075 December 16, 2002 (1.3.7)
4078 - In all Admin editors, the hard-coded default group permissions have been
4079 changed from 3 (read/write) to 2 (read-only).
4080 - Make sure an error message is displayed when a StoryAdmin tries to edit a
4081 story s/he does not have access to.
4082 - Hide topics from the Admin's list of stories that the current (Story)Admin
4084 - Tom Willet found a problem in admin/user.php that sometimes mangled user
4085 names, especially on sites hosted on sourceforge.net.
4086 - Fixed an SQL error when using single quotes in a block title.
4087 - When updating events in the master calendar, make sure copies of such events
4088 in the personal calendars are updated as well (including deleting them when
4089 the original event is removed from the master calendar).
4090 - Fixed PRIMARY KEY for table personal_events, so that more than one user can
4091 add an event to his/her personal calendar.
4093 - New Hellenic (Greek) language file, provided by Access-=-Denied Networks
4094 - New Spanish language file, provided by LeChuck
4095 - Updated Polish language file, provided by Robert Stadnik
4096 - Updated Italian language file, provided by quess65
4097 - Updated Japanese language file, provided by Yusuke Sakata
4100 December 3, 2002 (1.3.7rc1)
4103 - Modifed savesubmission() to better handle Plugin return - Bug ID 642106
4104 - Modified Comment Plugin API Comment call - PLG_handlePluginComment now passes
4105 $operation to indicate a 'save' or 'delete'.
4106 - Fixed problems with the portal.php redirect for links (bug #579221).
4107 - Fixed a problem when uploading images with certain versions of Opera.
4108 - When deleting a topic, also remove stories for that topic from the submission
4110 - Added a redirect in index.php when the site was called up with the "wrong"
4111 URL (i.e. not the one that has been set in $_CONF['site_url']), thus
4112 fixing the "www vs. non-www" problem where people showed up in Who's Online
4113 but did not get the User Functions block.
4114 - The topic selection in the daily digest now defaults to "on" for all topics,
4115 i.e. when the daily digest is activated ($_CONF['emailstories'] = 1) and
4116 a user has not selected any topics yet, s/he will receive a digest for all
4117 topics. This ensures that new topics are automatically added to the daily
4118 digest (bug #573305).
4119 - Fixed a permission problem with the daily digest where users could get a
4120 digested version of a story they didn't have access to.
4121 - Fixed permission problems in the statistics where story titles, links, and
4122 events where listed even when the current user did not have access to them.
4123 - Added the Top Ten Links to the links page (only when links are displayed
4125 - When sending emails, Geeklog now uses \r\n in the mail headers which should
4126 resolve problems under Windows.
4127 - Resolved a couple of stripslashes() issues.
4128 - The static pages plugin can now be uninstalled using the "delete" option
4129 from the plugin editor. Note that this will only remove the plugin's tables
4130 and data from the database, not remove any files.
4131 - Added a simple email notification when a new story, link, or event has been
4132 submitted or a new user has registered. See $_CONF['notification'] for details
4133 - Added a separate set of config variables for the max. dimensions of user
4134 photos ($_CONF['max_photo_width'] etc.).
4135 - Fixed a problem when resizing GIF images using the netpbm tools.
4136 - Check the topic permissions when presenting a list of topics in the Admin
4137 story editor (since the StoryAdmin may not have access to all topics).
4138 - Removed the Normal / Archive / Refreshing drop down menus from the admin
4139 story and poll editors since they're not used anyway.
4140 - In the links section, do not display link categories when the current user
4141 does not have access to the links in those categories (bug #612869).
4142 - Fixed problems when using quotes in the title of an HTML-formatted comment
4143 (including confusing error messages and wrong speed limit alerts).
4144 - Changed the way how Geeklog checks if it's currently displaying the site's
4145 front page, thus fixing the problem with disappearing "homeonly" blocks.
4146 - Fixed double line spacing in HTML-formatted comments and [code] sections when
4147 running on PHP 4.2.0 and up.
4148 - Fixed problems with slashes and HTML entities in emails sent out by Geeklog
4149 (Send story to friend, daily digest, Admin mail utility).
4150 - Added new config variable 'showfirstasfeatured' which, when set to 1, will
4151 render the first story on _any_ page like it was a featured story.
4152 - Added admin/plugins/newpluginlist.thtml and newlistitem.thml template files
4153 for the list of plugins not installed yet. These files are optional, i.e.
4154 the list will be formatted using hard-coded HTML when they don't exist.
4155 - Removed unused template file admin/plugins/installform.thtml.
4156 - The plugin menu will now list all plugins which exist in the file system
4157 but haven't been installed (yet) with a link to their install script for
4158 easy installation (based on code provided by Blaine Lang).
4159 - New plugin API function PLG_callCommentForm() and improvements for the use of
4160 comments in plugins, provided by Blaine Lang.
4161 - The Older Stories block did not take stories into account which were to be
4162 published in the future. Therefore, the block sometimes listed stories that
4163 were still on the first index page.
4164 - Added variable {contributedby_photo} (user photo of story author) for use in
4166 - Users couldn't disable display of the Older Stories block in their preferences
4167 - The contents of the Older Stories block was deleted whenever you changed it
4168 (e.g. moving it from the left to the right column).
4169 - The static pages editor displayed a blank page when the title and/or content
4170 field of a new static page were not filled in (will display an error message
4172 - Implemented fixes for plugins using the submission queue, suggested by
4174 - Following the link "X stories in last 24 hours" from the What's New block
4175 will now display only the new stories on the index page.
4176 - When $_CONF['searchloginrequired'] = 2, the search is completely blocked
4177 for anonymous users (1 will only block the advanced search).
4178 - Added a check to test for a valid date format when searching by date.
4179 - Added $_CONF['skip_preview'] to allow submission of comments and stories
4180 without previewing (defaults to off).
4181 - Search queries with less than 3 characters are now rejected to reduce server
4183 - (Event)Admins couldn't add events directly to their personal calendar
4184 (found & fixed by Kenn Osborne).
4185 - Fixed a nasty bug in SEC_inGroup() (in lib-security.php) that let a user
4186 admin change the password of a root user, so that effectively every user
4187 admin could become a root user ...
4188 - Topics are now sorted alphabetically by the topic name instead of by topic id.
4189 - Added several new variables which can be used in the story template files.
4190 - New config options $_CONF['dateonly'] and $_CONF['timeonly'] which hold the
4191 format string for day + month (to be used in the Upcoming Events and Older
4192 Stories blocks) and the time (to be used for event details).
4193 - Fixed calls to unknown function printErrorMsgs in the file upload class.
4194 - New options in config.php:
4195 $_CONF['upcomingeventsrange'] = no. of days to look ahead for upcoming events
4196 $_CONF['emailstoryloginrequired'] = disallow "send story be email" for
4198 $_CONF['hideemailicon'], $_CONF['hideprintericon'] = hide email / printer
4199 icon from stories (and from Story Options block)
4200 $_CONF['hidenewstories'], $_CONF['hidenewcomments'], $_CONF['hidenewlinks'] =
4201 hide new stories / comments / links from What's New block
4202 - User photos are now resized according to the image dimensions in config.php
4203 (if an imagelib is configured - otherwise images exceeding those dimensions
4205 - Added a check for the proper permissions on the admin page of the Static
4207 - Plugins can now return "false" (or an empty array) from
4208 plugin_cclabel_<plugin-name> so that the plugin's icon does not show up
4209 in moderation.php if the user does not have the proper access rights for the
4210 plugin. Changed the Static Pages plugin to do exactly that.
4211 - Fixed problems when using multiple [code] ... [/code] sections.
4212 - PHP blocks which return an empty string are not displayed any more. This
4213 allows PHP blocks to "hide" themselves.
4214 - Searching for links caused an SQL error on installs that were upgraded
4215 from Geeklog 1.1 (missing "date" field in links table). However, links don't
4216 use that field anyway, so searching by date was removed (the "date" field
4217 will be added when upgrading the database to 1.3.7).
4218 Also, the search results are now sorted by link title.
4219 - The calendar displayed an empty last week (in month view) for some months,
4221 - COM_pollResults() will not use the side block templates when called from
4222 pollbooth.php (thus allowing different block layouts for the poll results
4223 in a side block and in pollbooth.php).
4224 - Allow for theme-based topic icons by using the $_THEME_URL variable as the
4225 base directory for topic icons (if that variable is set).
4226 - Fixed display (or lack thereof) of $ signs in portal blocks.
4227 - lib-common.php didn't use $_CONF['path_language'] to include the default
4229 - What's Related block
4230 + content is now set for all user submitted stories (previously, links where
4231 only added in stories submitted by the Admin or user submissions edited by
4233 + block is not displayed when it's empty
4234 + now uses COM_makeList() (i.e. the list.thtml and listitem.thtml template
4235 files) instead of hard-coded <li> tags
4236 - The What's Related and Story Options blocks can now be used independent of
4237 each other in the article/article.thtml template file - use {whats_related},
4238 {story_options} or {whats_related_story_options}.
4239 - Theme authors can now use the $_BLOCK_TEMPLATE "hack" for the What's Related
4240 and Story Options blocks as well (using 'whats_related_block' and
4241 'story_options_block' as the block names).
4242 - Fixed the "noboxes" feature where all blocks (with the exception of the
4243 section, login / user functions, and admin blocks) are hidden.
4244 - Changed admin/link/listitem.thtml so that the URLs in the Admin's list of
4245 links are clickable.
4246 - Fixed an SQL error when calling search.php and there were no stories and no
4247 comments in the system.
4248 - Fixed an SQL error in the user profile when there were no stories and no polls
4250 - Fixed date bug when previewing stories to be posted around the noon hour in
4251 the admin story editor.
4252 - Added sanity checks in admin/story.php to prevent possible loss of stories
4253 when using an incomplete language file (or manipulating the URL).
4254 - Fixed a variable in admin/plugins/editor.ththml of the Smooth Blue theme.
4255 - Fixed a typo and a grammatical error in english.php
4256 - Fixed problems with the "static page as frontpage" hack:
4257 + will now check if the static pages plugin is installed and enabled
4258 + uses sp_format (i.e. display blocks as specified in the static pages editor)
4259 + added a missing stripslashes() call
4260 New: When you have $_SP_CONF['in_block'] == 1 and the label of the static
4261 page is neither empty nor "nonews" then that label is used as the block title
4262 for the static page.
4263 - The "userevent" table is back in lib-database.php. Geeklog doesn't use this
4264 table any more, but the name is needed when upgrading from old versions.
4267 - New Chinese language file (Big 5 encoding), provided by Jacky Chan
4268 - New Swedish language file, provided by Markus Berg
4269 - Updated Dutch language file, provided by R. F. van der Veen
4270 - Updated French language file, provided by Florent Guiliani
4271 - The German language file now uses the proper national special characters
4272 (umlauts) instead of HTML entities.
4273 _ New Polish language file for the Static Pages plugin, provided by Robert Stadnik
4274 - New Spanish language file for the Static Pages Plugin, provided by gorka
4277 September 20, 2002 (1.3.6)
4279 - Images in stories can now be resized automatically during upload, provided
4280 you have either ImageMagick or netpbm installed. See the image settings in
4281 config.php for details.
4282 - If you create a static page with the title "Frontpage" then the content of
4283 this static page will be displayed above the first story on the front page
4284 of your site. If you additionally set the label of this static page to
4285 "nonews", then the static page will completeley replace the news on the front
4287 You may want to wrap static pages in a block - set $_SP_CONF['in_block'] = 1;
4288 in /path/to/geeklog/plugins/staticpages/config.php
4289 - A user assigned only to the Mail Admin group wasn't able to use the "Mail
4291 - The filter to disable Javascript onXXX events also changed certain links in
4292 HTML postings. This should be fixed now.
4293 - The poll uses a POST instead of a GET request now to at least prevent
4294 primitive manipulation attempts ...
4295 - Events on the same day were displayed in the order they were entered, not
4296 in the order they were scheduled (occured in day, week, and month view).
4297 - The user function and admin blocks weren't using the proper templates when
4298 the theme was using the $_BLOCK_TEMPLATE trick, as outlined in
4299 <http://www.geeklog.net/article.php?story=20020429092841722>.
4300 - When the first character of the content of a block is a '<' it is now
4301 assumed that the block contains HTML and nl2br() is not applied to the
4302 block content. This allows proper HTML usage and even the use of Javascript
4304 - Sanity checks have been added to the admin editors (including the editor
4305 for static pages) to prevent possible damage to the database in case of
4306 incomplete translations (language files) or invalid IDs.
4307 - The delete button in the plugin editor, which was unused since the removal
4308 of the automated plugin install (in Geeklog 1.3.4), will now cause a function
4309 plugin_uninstall_<plugin name> to be called. This allows plugins to uninstall
4310 themselves (if possible).
4311 - The author's name was missing from emailed stories. Also changed it so that
4312 the author's name is only included when $_CONF['contributedbyline'] == 1.
4313 The daily digest now also includes the author's name.
4314 - Fixed the "1054: Unknown column 'deleted' in 'where clause'" SQL error that
4315 some people were getting when logging out.
4316 - Submitted stories will now pick up the permissions from the topic they were
4317 posted under (instead of using default permissions).
4318 - Added new features story.submit, link.submit, event.submit which, when
4319 assigned to a group, allow members of that group to post directly (skipping
4320 the submission queue) even when the submissione queue is active.
4321 - Fixed issues with backslashes in block titles, as suggested by Neil Darlow.
4322 - The page navigation is now wrapped in a <div class="pagenav"> so that it
4323 can be formatted by a theme using CSS.
4324 Because of this change, the template files admin/user/userslist.thtml and
4325 links/links.thtml had to be changed, because they wrapped the page navigation
4327 - Submission of links and events by anonymous users failed when the link
4328 submission queues were switched off.
4329 - Anonymous users were able to submit comments even when $_CONF['loginrequired']
4331 - Fixed a search bug introduced in 1.3.6rc1 when searching by author.
4332 - When updating from an earlier version, the install script will no longer try
4333 to rename the staticpage table when no prefix is used in the database.
4334 - PLG_getUserOptions() will no longer return empty menu options.
4335 - Updated Italian language file, provided by quess65
4336 - Changed some wording in the German language file
4337 - Fixed spelling errors in the English language file
4340 August 28, 2002 (1.3.6rc1)
4342 - Problems with using the dollar sign in stories, comments, and their titles
4344 - Fresh installations now have a "Are you secure?" block pre-installed
4345 that only the Admin can see and which does some (very simple) tests whether
4346 the site is secure or not.
4347 - Fixed the page navigation in (admin's) user list.
4348 - Using the preview in the admin story editor will now keep the topic icon
4349 and the time will not revert from pm to am any more.
4350 - The links section now includes a list of the link categories at the top.
4351 The list of links is now also separated into pages (10 links per page by
4352 default, configurable in config.php).
4353 To get back the old (pre-1.3.6) style of the links section, just set both
4354 $_CONF['linkcols'] and $_CONF['linksperpage'] (in config.php) to 0.
4355 These changes are based on code provided by Tom Willett.
4356 - Fixed the SQL syntax for some requests ("count(*) AS count" instead of
4357 "count(*) count") which seems to have caused problems with some (older)
4359 - A proper error message is now displayed when attempting to use "Mail Users"
4360 but not filling out all the fields.
4361 - Editing a portal block shouldn't make it disappear any more ...
4362 - The somewhat random order of poll answers has been fixed.
4363 - The site can be disabled by setting $_CONF['site_enabled'] = false; in
4364 config.php. $_CONF['site_disabled_msg'] can either contain a message to be
4365 displayed in that case or a URL (has to start with http:) to which all
4366 requests will be redirected.
4367 - Fixed various access rights / privacy issues where users could see (but
4368 not access) information even when they shouldn't ...
4369 + Search returns only those stories, comments, links, and events to which the
4370 user has the proper access rights
4371 + What's New block counts stories and comments according to access rights
4372 now (this should also fix the problems some people had when New Comments
4373 were not displayed for anonymous users). New Links also take access rights
4375 + Upcoming events are only visible to those with the proper rights.
4376 + Topics are not available for submissions without proper rights.
4377 + Topic selection in the user preferences also follows access rights.
4378 + "Last 10 comments" (and the new "Last 10 stories too, of course) in profile
4379 takes proper rights into account
4380 - Story display and paged navigation weren't working properly when some stories
4381 were only accessible to certain users.
4382 - Fixed a bug where users weren't able to use the site when their theme had
4383 been removed (until they cleared their cookies).
4384 - New installations now have only two default accounts: The Admin account (as
4385 before) and a Moderator account that has access to the story, links, and
4386 events submission queues.
4387 - The Older Stories block should work again.
4388 - The submission queues for stories, links, events, and users can now be
4389 switched off separately (in config.php), i.e. items submitted by users will
4390 then be visible to everybody immediately.
4391 - The database backup is more verbose now, especially when there are problems
4392 (changes provided by Blaine Lang).
4393 - Fixed a bug where the admin's user photo overwrote a user's photo when the
4394 admin was editing the user's account information.
4396 + Could not create new groups when using a non-english language file.
4397 + Once you've added one group to another (by checking off an option from
4398 the "Security Groups" list), there was no way to uncheck it again.
4399 + The message after saving/deleting a group said that the topic(!) had been
4401 - Changes in search:
4402 + Should be faster now.
4403 + Search by date did not work (mostly because the date format recommended to
4404 be used in a search is really YYYY-MM-DD and not MM-DD-YYYY).
4405 + List of authors is now sorted by username.
4406 + Search results for links are now routed via portal.php, too, so that the
4407 links are counted when clicked.
4408 + When no results are returned for a search, then the search form will now
4409 be displayed below that message again.
4410 - The static pages plugin uses the table prefix now (databases created with
4411 Geeklog 1.3.5 or older need to be upgraded).
4412 - A user submission queue has been added. When activated in config.php
4413 ($_CONF['usersubmission'] = 1;), new users will not get their password
4414 emailed until they are approved by an admin.
4415 You can, however, let users from certain domains be approved automatically
4416 by adding their domain names to the comma-separated list of domains in
4417 $_CONF['allow_domains'].
4418 - Fixed problems with quotes in poll question and answers.
4419 - The default value for the number of stories per page for a new user is now
4420 taken from $_CONF['limitnews'] (was hard-coded to 10).
4421 - The user profile has been extended to include
4422 + last 10 stories by that user
4423 + total number of stories and comments posted by that user
4424 + link to search for all postings by that user
4425 - The title of an article is now displayed in the page title (again).
4426 - New configuration option $_CONF['allow_user_language'] to allow / prevent
4427 to change the language. When set to 0, the option to switch the language
4428 is hidden from the user preferences.
4429 - The message "You have successfully logged out" should not show up any more
4430 when you log out and log in again.
4431 - The blocks stating that the search returned no results (e.g. for links) are
4432 now switched off by default but can be switched on again with the new
4433 configuration variable $_CONF['showemptysearchresults'].
4434 - Fixed the list of authors in the search form (did not list all authors).
4435 - Fixed search results for links and events: They always displayed only one
4436 result, even when there where more hits. Also, when searching for authors,
4437 no hits amongst the links and events will be returned (since they have
4439 - In the admin menu, the count of available submissions is now displayed
4440 according to the admin's access rights (e.g. don't count story submissions
4441 for someone who's only a link admin).
4442 - Links in the What's New block are now counted when clicked (for the site
4444 - Fixed a stray "(N/A)" that would show up in the admin menu for admins which
4445 were not static pages admins.
4446 - You can now block anonymous users from accessing any part of a Geeklog site
4447 or you can block them from certain parts, e.g. block anonymous access to the
4448 calendar (via a new set of XXXloginrequired flags in config.php).
4449 Please note that $_CONF['loginrequired'] is now used to require login to all
4450 areas. To require login for submissions, use $_CONF['submitloginrequired'].
4451 - New RDF/RSS parser, provided by Roger Webster. This should now properly
4452 import even those RDF feeds which Geeklog previously refused to display.
4453 - Updated language files:
4454 + Italian, provided by quess65
4455 + Japanese, provided by Yusuke Sakata
4456 + Polish, provided by Robert Stadnik
4457 - Various fixes for the consistent use of $_CONF['site_admin_url'] instead of
4458 $_CONF['site_url']/admin, provided by Gene Wood.
4459 - The static pages plugin can now wrap static pages in a block
4460 (available as an option in staticpages.cfg)
4461 - You can now use [code] ... [/code] in stories and comments (HTML formatted
4462 only) to mark portions of the text as containing code of any form (HTML, PHP,
4463 any other programming language). Geeklog will then reproduce this section
4464 verbatim, i.e. not interpreting any special characters in that section.
4465 - Fixed type pulldown menu in search when more than one plugin was used.
4466 - Signatures in comments are working again.
4467 - The daily digest uses $_CONF['shortdate'] now
4468 - New configuration variable $_CONF['emailstorieslength'] to specify the length
4469 of stories sent in the daily digest: 0 = only the title and a link to the
4470 story are included, 1 = entire introtext is included (default), any other
4471 number = cut off text after that amount of characters.
4472 - The selection of the user theme is now hidden from the user's preferences
4473 when 'allow_user_themes' is turned off in config.php
4474 - The links "Add To My Calendar" are now hidden when personal calendars are
4475 turned off in config.php
4476 - Fixed a bug where the number of submissions was displayed in the sections
4477 block even when that was turned off.
4478 - New variable $_CONF['adminhtml'] allows (Story)Admin to use a wider variety
4479 of HTML tags than the ordinary user.
4480 - Fixed COM_exportRDF so that only articles that anonymous users have access to
4482 - Search: User drop down only shows users that have posted a comment or a story.
4483 - Fixed bug with double quotes in title of story submission.
4484 - The upcoming events block uses the list templates now.
4485 - The story option block uses the list templates now.
4486 - The (Event)Admin could not delete events (delete button was missing).
4487 - The calendar class reverted to using the english day and month names as
4488 soon as you called setCalendarMatrix().
4489 - Added {edit_link} in story templates in Classic theme.
4490 - All admin editors have the save / cancel / delete buttons at the bottom now.
4491 - The link to the plugin homepage did not work from the plugin editor.
4492 - Added $_CONF['default_charset'] in config.php and $LANG_CHARSET in the
4493 language files to specify a character set to be used for the web pages (use
4494 {charset} in header.thtml) and email sent by Geeklog.
4495 - Changes in the themes and the admin editors, moving lots of hard-coded
4496 english texts to the language files.
4497 This affects most of the files in the admin and calendar directories within
4498 the themes directories.
4499 - The static pages plugin will now pick the language automatically, based on
4500 the user / default setting for the language. Currently, only English and
4501 German language files are included.
4502 - New variables that can be used in footer.thtml: {execution_textandtime},
4506 July 8, 2002 (1.3.5sr2)
4508 - New installation instructions (now back in docs/install.html).
4509 Please note that some of the other documentation may be out of date ...
4510 - Display of stories in older stories block was off by one day.
4511 - Number of guest users in Who's online block should now be reset properly.
4512 - Added some scripts in admin/install to help with the installation:
4513 + info.php just does a phpinfo()
4514 + check.php will check the file and directory permissions
4515 + configinfo.php will display the contents of config.php
4516 Note: It is now even more important that you remove the install directory
4517 after the installation went through (or at least block read access to this
4519 - Disable all onXXX Javascript events in HTML postings (stories and comments).
4520 - Fill in user name and email address when writing an email to a user (via
4521 the 'send email' form from the user profile).
4522 - Make sure that the first comment to a story has the 'title' field filled in
4523 (previously, only comments to comments took over the title).
4524 - Cut off the subject at the first linefeed when sending email to a user,
4525 thus preventing the injection of additional email headers.
4526 - Added a test for register_globals=off in the install script (and display a
4527 warning if it is off). Also added a hint what the current path is and tries
4528 to guess the /path/to/geeklog.
4529 - Fixed the "12pm bug": Posting a story between 12 and 1 pm would result in
4530 the story being posted with a date in 1969.
4531 - Use mysql_connect() instead of mysql_pconnect() in MySQL class.
4532 - The redirect after submitting a story always went to /index.php
4533 - HTML tags are now stripped out of search queries.
4534 - Removed the logging of all search queries to error.log.
4535 - Fixed a wrong link from personal events in the upcoming events block.
4536 - The "Home" link in the section block was not active on pages > 1. It was,
4537 however, always active on the home page when the Geeklog site was not
4538 located in the DocumentRoot.
4541 June 10, 2002 (1.3.5sr1)
4543 - This release addresses security issues recently discovered by the people at
4544 olympos.org. These issues allow for the injection of malicious javascript
4545 code (which could be used to access the admin's cookie) and the injection
4546 of MySQL code which could be used to access and even damaged the database
4547 (under certain circumstances). Details will be available in a report on
4548 the Bugtraq list shortly after this release is out.
4549 - The following bugs from the 1.3.5 release have also been fixed:
4550 + missing field 'emailfromadmin' in userprefs table (fresh installs only)
4551 + fixed a typo that prevented the page navigation from working
4552 + fixed batch user import
4553 + fixed logo size and path to search in XSilver theme
4554 + optimized size of image files in XSilver theme
4555 + fixed path to search in Clean theme
4558 April 24, 2002 (1.3.5)
4560 - Change installation so that server configuration is manual, DB configuration is scripted
4561 - Search page now properly generates the right link to search comments
4562 - Comments to polls now show up in whats new block
4563 - You can now specify the order the poll results show up in in config.php. You can either sort by
4564 voteorder (highest number of votes -> lowest) or by the order they were saved in admin/poll.php
4565 - You can now move /admin somewhere else in web tree. This should help out folk where ISP's use /admin
4566 for their administration stuff.
4567 - if you go to submit.php as an admin we will try to send you to the admin/ page for the type of thing you
4568 are trying to submit (e.g. story, link, event)
4569 - fixed calendar.php so month view now shows events spanning multiple days on months other than the current
4570 - admin/event.php now saves am/pm and allday properly
4571 - PollAdmin group can now properly add a new poll.
4572 - fixed SEC_getUserGroups() so that it always returns an array even if no groups are returned (e.g.
4574 - fixed moderation.php so post mode is saved properly from storysubmission to story table.
4575 - killed 1064 bug in admin/event.php
4576 - set error_reporting() so uninitialized variables don't show up (common in poorly configured PHP installs)
4577 - gldefault blocks now actually use permissions assigned to them in admin/block.php
4578 - Added all sorts of shit to english.php. Translators will need to really take their time
4580 - Added $_CONF['maximagesperarticle'] to config.php
4581 - install.php was reworked a bit for upcoming release
4582 - lib-common.php has changed. can't even begin to note all the changes there
4583 - admin/user.php has a very simple batch import utility. You can now create multiple
4584 accounts by importing a tab-delimited file. See that page for file format specs
4585 - story.php was reworked a bit to be simplified and to correctly do paging (old
4586 paging feature had a bug where one article would never show up.
4587 - admin/user.php now allows for paging and searching. Check it out, you'll see what I mean ;-)
4588 - blocks can now be disabled in admin/block.php
4589 - added support for images in articles
4590 - complete overhauled upload.class.php for ease of use, better security, better logging
4591 and for use in putting images in articles.
4592 - fixed bug in users.php that allows accounts with same email addresses yet different
4593 usernames to be created.
4594 - New strings in english.php (and german.php):
4595 $LANG02: 15 (moved from calendar_event.php)
4596 $LANG04: 74, 75, 76 (moved from usersettings.php)
4597 $LANG08: 31, 32, 33, 34 (moved from lib-common.php)
4598 These strings need to be added to the other language files!
4599 - Fixed user selection of emailed topics (usersettings.php) and removed the
4600 hard coded texts for the daily digest from lib-common.php (again).
4601 - Slightly changed display of event block: The type of event is no longer
4602 underlined and the event date is displayed as 03-Apr etc.
4603 - Added Russion Translation
4604 - Fixed bug #531483 where $_CONF['commentsloginrequired'] was set to 'on' or
4605 'off' instead of '1' or '0'.
4606 - Fixed bug #529621 and added the variable layout_url in COM_endBlock in
4608 - (Sort of) fixed bug #530142: {geeklog_blocks} is now set to an empty string
4610 - Fixed bug #531018: {contributedby_use} had an 'r' too many in lib-common.php
4611 - There have been lots of minor changes in the themes so that they now contain
4612 valid HTML. Nearly all those change fall into one of the following categories:
4613 + changed '&' in URLs to '&'
4614 + added alt="" to <img> tags
4615 + changed the script tags to <script type="text/javascript">
4616 + changed the DOCTYPE to HTML 4.01 (there is a bug in the HTML 4.0
4617 specification which prevents the use of 'name' attributes in forms).
4618 + added '#' signs in front of colour values (mostly in the Classic theme)
4619 These kinds of changes have also been applied to index.php and lib-common.php
4620 - During those changes for valid HTML, some typos were corrected:
4621 + Classic/header.thtml: added a missing <b> before {welcome_message}
4622 + Classic/storytext.thtml: added a missing 'n' in {end_contributedby_anchortag}
4623 + Yahoo/header.thml referred to a non-existent file "spec.gif"
4624 + Yahoo/footer.thml: there was an extra quote after align="right"
4625 + Digital_Monochrom/admin/plugins/editor.thml: file was missing - copied
4626 over from the Classic theme)
4627 + Digital_Monochrom/footer.thtml: added a missing ';' after  
4628 - admin/install/install.php had two <body> tags but was missing the </head>
4632 - Fixed broken older stories block (lib-common.php)
4633 - Fixed problems with saving rights to a group in admin/group.php (admin/group.php)
4634 - Fixed bug in admin/user that would reset user's settings when admin made a change (admin/user.php)
4635 - Fixed bug in index.php. There were two FOR loops, one nested inside the other both interating
4636 on the variable $i. This caused problems only for users who went into display preferences and
4637 selected only the topics they wanted to get articles for (index.php)
4638 - Fixed bug in story admin that would prevent the date edit from prepopulating right when admin hit
4639 the preview button (admin/story.php)
4640 - Modified admin/plugin.php to reflect change in how plugins are installed. Because of platform
4641 dependance issues, all plugins will have a simple but manual installation process. This should
4642 work across all platforms. (admin/plugin.php, layout/Yahoo/admin/plugins/pluginlist.thtml,
4643 layout/Classic/admin/plugins/pluginlist.thtml, layout/Digital_Monochrome/admin/plugins/pluginlist.thtml)
4644 - Alter the database to force all stories to show on the frontpage by default. This will make the
4645 moderation of articles work as expected. Before if you approved an article it would show up only
4646 in the topic and not on the frontpage (mysql_tableanddata.sql, table.sql, mysql_1.3.3_to_1.3.4.sql)
4650 - Admins can now manually edit the publish date of an article. This include the ability
4651 to set the date for a time in the future. In that case the article is completely
4652 ignored by COM_exportRDF, stats.php, search.php and the email digest
4653 - Rudimentary support for database backups (one per day at most). There is no restore
4654 capability at this time.
4655 - Modified the display preference so we store the blocks a user doesn't want to see instead
4656 of the ones they do want to see. This will allow any new block to show up by default as
4658 - Removed hardcoded english from COM_emailUserTopics
4659 - Fixed minor security bug with whats new block. It would display items the user didn't have access too (however, if they click them they would correctly get the access denied message)
4660 - Topic administration page now default the group to 'Topic Admin' properly
4661 - Topic administration now save anonymous permissions properly
4665 - Removed some outdated themes (hence the 1.3.2-1 version number)
4669 - Added Canadian French, German and Polish translations
4670 - Fixed bug that kept front page with multiple polls from working right
4671 - Added missing help field to block table
4672 - Added block to usersettings where user can pick topics to receive articles for in an
4674 - Fixed bug with the contact link in the header of some themes
4675 - Fixed bug that caused the admin block to disappear
4676 - Fixed bug that caused save of story as admin to go to http://someurl/draft_flag
4677 - Fixed bad relative paths in calendar
4678 - block type now defaults properly when showing prepopulated data
4682 - Two security fixes, one major one. This release addes a users MD5 password to a cookie that is checked when using the permanent cookie. Prior to this you could change the permanent cookie to any user and get their access rights. Second security fix addresses an orphaned group_assignments record that, one new Geeklog installations, would give the very first user to register with the site access to the GroupAdmin and UserAdmin groups
4683 - In admin/block.php you can now specify the URL to a help file. This is usefully in providing site help to your users
4684 - Many bugfixes to the calendar in both the UI and the administration
4685 - Added who's online block
4686 - Fixed bug that was keeping users registration date from being saved.
4687 - Fixed bugs in usersettings.php that keep user options from saving
4688 - Added two database indexes that really speed things up
4689 - Coded some performance-related enhancements
4690 - Fixed bug that kept user-defined themes from working
4691 - Fixed bug in links.php that caused the first link category to report over and over
4692 - Started updating some of the documents
4696 - Added user-defined themes via PHPLib's template class library
4697 - Update the Geeklog security model from numeric Security Levels to a *nix-like model that
4698 can be used by plugins
4699 - Added support for plugins. Plugins can be downloaded from http://geeklog.sourceforge.net and uploaded and installed remotely or manually
4700 - Updated most places where dates are used to use the user-defined format in their display preferences
4701 - Updated session management to use a long-term cookie that is fully configurable. If desired, users can specify how long their long-term cookie will persist for.
4702 - Update blocks so that admins can specify the side and order a block shows up on.
4703 - Seperated common.php into the following libraries: lib-database.php, lib-common.php, lib-sessions.php lib-security.php
4704 - Started moving Geeklog to use PHP's OO features with the addition of a timer class, a calendar class, a MySQL database class.
4705 - Fixed bug with output of Geeklog RDF file that allowed story drafts to be included.
4706 - Updated most of the codebase to use the Geeklog Coding Standard (a subset of the PEAR standard).
4711 - Updated configuration documentation
4712 - Added the ability for article author's username to be hidden (via 'contributedbyline' option in config.php)
4713 - Fixed a bug with the Google-like paging feature where it would only work if the GeekLog site was in the root dir
4714 - Fixed a bug which caused slashes to appear before apostrophes in the older stuff block and in the search results
4715 - Fixed overlapping/bad HTML in index.php and common.php
4716 - Fixed the bug in the sections block that showed submission cue numbers to non-logged in people
4717 - Added workaround for problem where users (after following link in e-mail after registration) would still see the login page after logging in
4718 - Created phrase IDs for previously hard-coded English in common.php and story.php
4719 - Fixed a bug which caused draft stories to be counted as new stories in the What's New block
4720 - Fixed a bug with the upcoming events block where it would only work if the GeekLog site was in the root dir
4726 - Added in support for plugins and has been test for *nix and *should* work for windows
4732 - Added the ability for admins to save drafts of stories
4733 - Fixed a bug with in calendar_event.php when adding event to user calendar
4734 - Fixed a bug with the search bar in header.php
4739 - a few minor bug fixes
4740 - Added google-like paging feature
4741 - fixed all references to newsgeeks to point to geeklog.org
4742 - when you login when on users.php you are routed to index.php when successfully logged in
4743 instead of back to users.php
4747 - Released 1.2 stable.
4748 - Added personalized calendars
4749 - Fixed a number of bugs from 1.2b
4750 - Fixed MySQL 3.23 incompatibility issues
4751 - Added alt_header.php which is the same as header.php minus the left hand side
4756 - Released 1.2b. Changes are below:
4757 -Fixed security error in usersettings.php with PGP key
4758 -Now allows posts that don't go to front page
4760 -Whether the count of stories and submissions shows up in the Sections block is driven in config.php
4761 -Add ability to sort topics in Section block by number or alpha (specified in config.php)
4762 -Renamed header.inc and footer.inc to have the php extension to avoid letting nosy people see the code
4763 -Added field called limitnews to topics table. This is the same as limitnews in the config.php but applys to only that topic (i.e. you can control the number of stories that show up in each topic
4764 -changed userindex.maxstories to default to null. This is so that the order of precedence for the number for articles that show up will be 1) userindex.maxstories 2) topic.limitnews 3) $CONF["limitnews"]
4765 -added config variable called $CONF["minnews"] which specifies the minimum number of stories per page regardless of topic (i.e. it overrides topics.limitnews)
4766 -an anonymous user can now email a story to a friend and they can enter some text to accompany the message
4767 -fixed bug that allowed users to post comments to non-existent articles through article.php
4768 -added the Get Geeklog Articles in Your Mailbox feature. This is dependent on cron and a shelled php script. This can be turned off in the config file
4769 -session management has been improved
4770 -moved "appears on homepage" setting on poll administraction screen to the top of the form to
4771 keep from having to scroll down all the way.
4772 -Added messages to various user actions (i.e. notification that submission was sent, confirmation that user data was saved, etc)
4773 -Added Upcoming events block
4774 -Fixed MySQL 3.23 incompatibilities
4775 -added account creation date to user table along with other useful information (aim, yim, etc)
4776 -added email gl users/admins feature
4777 -fixed checkhtml function so that strings to gain extra spaces
4778 -added file custom_code.php. This is where admins should put all custom code (not addon code). GL admins should never touch common.php moving forward
4779 -added version checking system to let admins check for current version
4780 -added $CONF["OS"] for use by Geeklog Addons (Use PHP OS variable). It represents the operating system that Geeklog is running on and is useful for producing useful error messages should a user be trying to use an addon that is OS specific
4784 ---------------------------------------
4786 - Tar'ed it up and shipped 1.1 out the door!
4791 - Date in moderation now shows the correct
4793 - Maxstories now counts a feature as a story.
4794 - Saving user information now returns you the
4800 - Fixed comment post mode preview bug.
4801 - If a block is empty, it will not be displayed.
4802 - Fixed a user creation error.
4803 - Fixed the submission scripts to add and remove
4804 slashes in all the right places.
4809 - Added a limit check to index.php to ensure stories
4811 - If block order is between 1 and 9 it is a default
4812 block. Anything greater than 9 will not be displayed
4813 without the user configuring thier settings for it.
4814 - Added bolding to the display preferences screen for
4820 - If a user sets maxstories to less than 5, max stories
4822 - If a story id and poll id are the smae they will
4823 share comments and the poll will be displayed on the
4824 stories article page.
4825 - Poll results box is now linked to comments.
4826 - Added stripslashes to the links description.
4827 - Made HTML the default posting format.
4828 - Updated the user authentication to address a login bug.
4829 - Added a 404 script.
4830 - Updated the admin user editor to create all the new
4831 user tables when creating a user.
4832 - Updated the What's Releated function to better parse
4834 - Updated comment functions to update the comment counter
4836 - Finished the addition of a "smart" style sheet! It will
4837 now format the font size according to the users browser
4843 - Updated some missing to language in english.php.
4844 Thanks to Hidekazu SHIOZAWA.
4845 - Updated the stats script.
4846 - Added post modes, the user can now select plain
4848 - Added user preferences for date format.
4853 - Fixed a few more issues surronding the
4854 $CONF["site_url"] placement. Thanks to Hidekazu SHIOZAWA.
4855 - Added sig to user accounts.
4856 - Added a system hit counter
4857 - Fixed a poll comment bug.
4858 - Comments can now be enabled on a per story basis.
4859 - Comments can now be enabled on a per poll basis.
4864 - Fixed the // uri issue.
4865 - Fixed a few issues surronding the $CONF["site_url"]
4867 - Began work on new user customization system!
4868 - Index Configuration
4869 - Comment Configuration
4870 - Story Configuation
4871 - User Configuration
4872 - Fixed the link submission script so it now
4878 - Updated the email story to a friend to use the
4880 - Fixed the "More by author" search links from the
4882 - Fixed the article editor to be able to delete
4884 - Fixed translation issues by adding two more
4885 strings to english.php. Added $LANG01[61] and
4887 - Fixed a formating error on the links page.
4888 - Fixed the admin user editor to allow blanking
4889 on non-essential fields.
4890 - Removed moderation option from config. If you
4891 want an unmoderated site there are better
4892 applications out there like UBB and FreeLinks.
4893 - Updated the user profile page to put all
4894 descriptors at the top of the cell for the
4895 about and PGP key boxes.
4896 - Updated INSTALL.HTML
4901 - Olderstuff() will now parse special charactors.
4902 - Fixed the admin story editor to properly parse
4903 the special charactors in the text for editing.
4904 - Fixed article() to stripslashes from the title.
4909 - Fixed a logout bug effecting Netscape users.
4910 - Fixed a change password bug effecting Netscape
4912 - Fixed references to speck.gif, spec.gif was
4913 referenced incorrectly.
4914 - Fixed the story submission to correctly
4915 record the user instead of Anonymous.
4916 - Added multiple previews when submitting a
4918 - Update to english.php
4919 - Updated the blockparser to use str_replace()
4920 instead of strtr(). The use of strtr() was
4921 causing issues on some platforms using
4922 earlier versions of PHP4.
4923 - Added a sample httpd.conf Apache configuration
4924 file to the distribution.
4925 - Updated INSTALL.HTML
4931 - Fixed a bug in the database upgrade scripts.
4933 RELEASE!!! 1.0!!! - August 29, 2000
4934 ------------------------------------
4936 - Tar'ed it up and shipped 1.0 out the door!
4941 - Fixed a bug in the command and control center
4942 which didn't allow the display to be completely
4943 updated after a batch moderation.
4948 - Completed the command and control center
4950 - Completed new search engine.
4951 - Fixed language display bug in story submission
4957 - Fixed a login bug that occoured under FreeBSD.
4962 - Fixed a bug that allowed anyone logged in to
4968 - Fixed a nasty delete everything bug with the
4970 - Continued with search engine update.
4975 - Fixed a bug with the link counter.
4976 - Reworked the olderstuff block.
4977 - Updated the search engine.
4978 - Fixed the speed limit warnings so they show the
4979 number of seconds since the last post.
4980 - Updated the index page to show date of last
4986 - Cleaned out now defuct class settings.
4987 - Comments can now be set to force login to post.
4988 - Block list is now sorted by type
4989 - Email forms updated.
4990 - Fixed the no from info bug in the password email.
4991 - Fixed the topic editor background bug.
4992 - Postions of the olderstuff and poll blocks is now
4994 - Olderstuff block can now be turned off.
4995 - Olderstuff block now shows 2x the news limit.
4996 - Updated the install instructions.
5001 - Modified the polls, you can now set then maximum
5002 number of possible answers in config.php.
5003 - Fixed edit link bug.
5004 - Updared english.php for the new admin files.
5005 - Modified the cookies to have a configurable
5006 expiration time for users and admins. This can
5007 be set in config.php.
5012 - Reworked the default interface.
5013 - Fixed numerous bugs.
5018 - Began moving portions of the HTML in to blocks
5019 - Updated the english.php file.
5024 - Updated how polls are shown.
5025 - Updated the poll adminstration interface, this was
5026 the last old piece of code to be re-worked.
5031 - Completed new submission forms.
5032 - Completed added base path to all references.
5033 - Completed scripts for user account creation.
5034 - Completed comment intergration with user
5036 - Added comment posting speed limit.
5042 - Completed new story editor and managment
5044 - Completed database widgets.
5045 - Began work on reworking the poll editor
5047 - Removed the following functions that have
5054 - Removed the following array used to set
5055 premissions in older versions
5057 - Began work on intergrating comments with
5063 - More work on user accounts and database
5065 - Minor cosmetic fixes.
5066 - Began re-working the administration forms.
5071 - More work on new submission engine and
5073 - Implemented submission speed limit.
5078 - Added command and contol center to admin and
5079 moderate submissions.
5080 - Added ability for users to submit links.
5081 - Added ability for users to submit events.
5082 - Began intergrating user accounts.
5083 - Began intergration of a help system.
5088 - Created new database function templates. Began
5089 updating all the scripts to use these new
5092 BETA RELEASE!!! 0.5!!! - August 3, 2000
5093 ----------------------------------------
5095 - Tar'ed it up and shipped 0.5 BETA out the door!
5100 - Getting ready for 0.5 release!!
5101 - Parent links no longer show up on top level
5103 - Story moderation now show the "new story" button
5104 even if no stories exist.
5105 - Story contribution preview now displays the date
5107 - Comment preview now displays the date correctly.
5108 - Made the log path configurable.
5109 - Fixed false "no stories" error in index.php.
5110 - Fixed the topic highlighting in showtopics.
5111 - Fixed comments so that the posting and delete
5112 work properly again.
5113 - Events (calander) now properly parses special
5115 - Links now properly parses special charactors.
5116 - Mail to a friend should work better now.
5121 - Moved all date functions to using strftime and
5122 locale settings for display of dates and times
5123 in local languages and formats. These are also
5124 configurable in the config.php file.
5129 - Finished move admin strings to english.php.
5134 - Added the featured article functionality.
5135 - Fixed a special charactors problem in the
5136 comments, you can now use special charactors.
5137 - Made some changes to the email story function
5138 to provide a statement on this isn't spam!
5139 - Added parent function to comments.
5144 - Began moving strings from the admin files in to
5146 - Finished up printable story and email story
5148 - More minor bug fixes to the comment engine.
5153 - Fixed encoding bugs in comments. Slashes are now
5154 being stripped properly.
5155 - Fixed the comment control bar, the title and
5156 number of comments are now showing up correctly.
5157 - Fixed the url encoding in the reply links. The
5158 title of a reply now copies over in to the form.
5159 - Bought more vodka! The vodka shortage is over!
5160 - Adjusted the comment spacing.
5161 - Began to add the printable story and email story
5167 - Added comment count to olderstuff block.
5168 - Reworked the polls for better display
5169 - Worked more on the comment engine, all comment
5170 modes (none, flat, threaded, nested) work at
5171 one level or another. This is really shaping up
5172 well and we have unchained the monkies from
5173 their typewriters... But no novel yet...
5174 - Out of vodka and can't buy any more since it is
5175 illegal to sell alcohol on Sundays in Georgia.
5180 - Changed password functions to use md5, crypt()
5181 is becoming to unreliable. Running the dat
5183 <editor problems, change log for 0.4.1.2 - 0.4.1.1 lost>
5185 BETA RELEASE!!! 0.4.1!!! - July 19, 2000
5186 -----------------------------------------
5188 - Tar'ed it up and shipped 0.4.1 BETA out the door!
5193 - RDF fetch bug fixed. The rdfimport routine was
5194 not correctly identifying if the file open didn't
5196 - Poll Dispaly bug fixed. Poll wouldn't display if
5197 there wern't at least two user defined blocks.
5198 - Added word count to the read more display.
5199 - Move all strings for public side functions to
5200 a resource bundle called english.php. Geeklog can
5201 now be translated. If you do translate Geeklog
5202 please send me your resource file! Great thanks
5203 goes to Mischa Polivanov for his work on this
5205 - When moderating a story, it now returns you to
5206 the submissions que when your done.
5208 BETA RELEASE!!! 0.4.0!!! - July 8, 2000
5209 ----------------------------------------
5211 - Tar'ed it up and shipped 0.4.0 BETA out the door!
5216 - Update the poll to restrict votes by IP. This
5217 function only creates a table of IP addresses
5218 pollids and timestamps, votes are NOT tracked!
5219 Addresses are deleted after an admin specified
5220 peroid of time set with the config.php variable
5221 $CONF["polladdresstime"].
5222 - Added $CONF["pollcookietime"] to config.php to
5223 allow you to set the amount of time the poll
5224 cookies will exist for the user.
5225 - Changed poll to only show a % in the smaller
5226 index window. Graphs are now only on the full
5227 view of the results.
5228 - Added SQL query interface for admins. This was
5229 added for those that don't have shell access or
5230 shell access isn't alaways avaiable for
5231 troubleshooting. Be VERY careful with this!
5232 - Fixed a really nasty bug with the RDF import
5233 HTTP calls! This was causing the server to
5234 lock up under certian circumstances.
5235 - Update showblocks() to now order polls and
5236 olderstuff as well. Here's the new method:
5237 - show blockoder = 0 to 1
5239 - show blockorder = 2
5241 - show remaining blocks
5242 - Reworked the calendar layout a bit.
5243 - Added two new doc files dbschema.html and
5244 dbschema.png to document the database.
5249 - New admin menu as well as more admin checks
5250 in editing of stories and blocks. In stories
5251 only the owner or someone with a seclev of 200
5252 or higher can edit a story. Blocks seclev's
5253 are now being enforced.
5255 - Access logging is now working! It reports on
5256 admin access and illegal operations in
5258 - Found some more bugs released to stricter PHP
5259 syntax guidelines in blocks.php and users.php.
5261 - Added the beginings for threaded comments, but
5262 it is NOT working yet.
5263 - Refined different aspects of the database, this
5264 is going to be the bigest DB update script yet!
5265 - Calendar has been rewored as events, since I can
5266 see Security Geeks using this functionality for
5267 things other than a calendar. Hmm, what is he
5269 - Adding CSS references where needed when I find
5275 - Added additional security checks for admins
5276 as well as adding additional admin tracking.
5277 - REMOVAL: function isAdmin() is being removed.
5278 - Created a new story format and parser. The
5279 story text is now broken in to two blocks, an
5280 introtext block and bodytext block. Introtext
5281 is all that is displayed on the index page.
5282 Both introtext and bodytext are displayed on
5283 an article page. There are many other neat
5284 things that have changed to go along with this,
5285 too many to mention! An example is "read more"
5286 is only displayed when there is data in bodytext.
5287 - Added comment and poll stats to the stats page.
5289 BETA RELEASE!!! 0.3.0!!! - July 3, 2000
5290 ----------------------------------------
5292 - Tar'ed it up and shipped 0.3.0 BETA out the door!
5297 - Fixed poll division by zero error. (xix)
5298 - Added the calander. This also involved adding
5299 lines to config.php and style.css.
5300 - Added next a previous links to the stories list.
5301 Security Geeks has almost 2000 stories now. We
5302 needed a better way to view this information
5303 without killing the SQL server!
5304 - Fixed a parsing bug on the contrib form. (richpav)
5305 - Fixed a bug in which votes were not being saved
5306 if the first answer has 0 votes in the poll
5312 - Fixed a rouge <xmp> tag in contrib.php.
5313 - Added a new function to check email addresses.
5314 - Fixed a problem with the checking of <a href=>
5316 - Moved more of the layout to CSS. Giving some
5317 though to creating a CSS editor for the site.
5318 - Added additional error checking on submissions.
5319 - Evaluated the security of the file layout, file
5320 premissions, cookies and made some minor changes
5321 - Added the RDF import capibilty to the blocks.
5322 Woo-hoo! Half way there to 0.3.0!
5323 - Fixed a bunch of function calls that are now
5324 considered errors in PHP 4.0.1pl2 (richpav)
5326 BETA RELEASE!!! 0.2.1!!! - July 1, 2000
5327 ----------------------------------------
5329 - Tar'ed it up and shipped 0.2.1 BETA out the door!
5330 The bugs fixed here are pretty signifant. This
5331 has none of the 0.3.0 features.
5336 - Cleaned up the all of the PHP scripts and added
5337 missing ;'s. (macole)
5338 - Fixed some table layouts for comment and story
5344 - Fixed an bug in the story submit functions. It
5345 seems addslashes was droped when putting in the
5346 content checking. It's back now!
5347 - Added a line to display the allowable HTML in the
5348 story editor and submission form.
5350 BETA RELEASE!!! 0.2.0!!! - June 29, 2000
5351 -----------------------------------------
5353 - Tar'ed it up and shipped 0.2.0 BETA out the door!
5358 - Bugs Found Score: Women:28 Men:13
5359 - Security hole regarding user cookies. The
5360 user cookie contined the site key, this 33%
5361 is part of the information needed to forge
5362 a admin site key. This has been fixed.
5363 - Also fixed a problem in the user cookie where
5364 some of Jason's (the other Jason) info for
5365 his site was coded in there.
5366 - Added the ability to specify your own salt
5367 value for the encryptor.
5368 - Added filters that are admin configurable to
5369 strip out unwanted HTML tags and key words.
5370 These options are configurable in the
5372 - Blocks are now topic aware.
5373 - Change sid to char(20) in the database tables
5374 stories and comments. This was in order to
5375 create compatibilty between stories, comments
5378 - Added a blockorder field to the blocks table. You
5379 can now modify the display order of blocks.
5380 - Fixed a bug in the link generation in stats.php.
5381 - Changed the description field in the links
5382 tables from varchar(255) to text to allow for
5383 longer descriptions.
5384 - Preview now uses article() function. Shows a
5386 - Fixed a bug in comment.php that still may the
5387 user type in a user name email even if if the
5388 anonymous option was chosen. It never actually
5389 saved the info, just asked for it. Now it no
5395 - Correct setting of a user cookie in comment.php,
5396 contrib.php and profile.php. The cookie was not
5397 being set to remember a users infomation if they
5399 - Fixed the CSS layout for the comment bar, this
5400 wasn't working properly under Netscape.
5401 - Fixed an error in the change password function. It
5402 was displaying a error even when the change was
5404 - Made total votes a caculated field in the poll
5405 editor, this is also a easy way to reset the count
5406 in the case of SQL errors.
5407 - Fixed topic sorting bug, topics sort themselves now.
5408 This also involved a change to the config.php file
5409 in which $CONF["topicssort"] was changed to
5411 - Added feature to track which admin moderated a
5412 story and posted it to the site.
5414 BETA RELEASE!!! 0.1.0!!! - June 27, 2000
5415 -----------------------------------------
5417 - Tar'ed it up and shipped 0.1.0 BETA out the door!
5422 - Added the ability to delete comments. NOTE: I do
5423 not plan on the abilty to edit comments. Just
5424 a personal thing, thats all.
5429 - Created search engine that searched stories,
5431 - Update comments and how they are displayed.
5432 - Created new form for submitting comments.
5433 - Enhansed a bunch of the forms.
5434 - Removed some obsolete stuff, cleaned things up a bit.
5435 - Added some additional error checking to submits. Also
5436 moved all error checking to the server side. I was
5437 testing the use of JavaScript but too many people
5438 like to turn it off! I know I do! :-)
5443 - Squashed 23 bugs with the help of my wife! Now if
5444 only Frank would get his bug reports in!
5445 - Created interface for editing, creating and deleting
5447 - Cleaned PHP procedures out of inc files.
5448 - Updated and tested SQL statements to refelct DB
5450 - DB changes frozen for release and the beta testers
5456 - Created interface for editing, creating and deleting
5458 - Figgin problem with polls deleting themselves seems
5460 - Created interface for editing, creating and deleting
5462 - Created interface for editing, creating and deleting
5464 - Created interface for moderation, editing and posting
5465 of stories by admin. This worked out well!
5470 - Finished up additions to the datebase, need to change
5471 the forms now so the site can use the new fields.
5472 Some of the new feilds are for future use as well.
5473 - Added descriptions to the Links page.
5474 - Fixed the search page so its now formated correctly.
5475 - Finished up the pollbooth functions (edit and delete).
5476 - Optimized some of the HTML in the scripts, further
5482 - Created a new layout format using all external CSS
5483 calls. Let the client do the work!
5484 - Finished moving configuration to config.php
5485 - Weeded out some functions in common.php. Move
5486 functions that are only used by one script to that
5487 script. Combined other similar functions in to one
5488 function. Smaller... Faster... More Stable!
5489 - Only 6 more items on the to do list for 0.1.0.0
5494 - Created admin functions for the pollbooth. Seems the
5495 other authors on the site don't like hand entering SQL!
5496 I don't like them having shell accounts! -grin-
5497 - Update the Header feild in the Stories block to be a
5498 little bigger. This should let wordy authors emblish
5500 - Created a more robust errorlog routine. Now has the
5501 options of output to a log, the screen or both!
5506 - Created a pollbooth for voting. All user functions are
5507 in pollbooth.php. There are no admin functions yet as I
5508 just love hand entering SQL!
5513 - Optimizations made to the SQL connections and calls. Too
5514 much done here to talk about, but part of it was moving
5515 the site configuration to a flat file. These changes
5516 should decrease the usage of the SQL server a great deal.
5517 This took up most of my day.
5518 - Variable usage optimizations. Made many, many chnages in
5519 the way variables were being used. This should result in
5520 cleaner, faster code that _may_ use a little less memory?
5521 Hey, if I can save 2k per hit, thats a big deal! :-)
5522 - Updated all code and tested to ensure php4 compatibility.
5523 So from now on only php4 will be run on the Geeks web
5524 servers. So I changed all the extentions and links from
5525 .php3 to .php to mark this moment.
5526 - Restructured the directory layout so I can implement some
5527 new security settings on the files. Hmmm, I bet you
5528 wondering "what is this mad-man thinking?"
5533 - Initial announcement, running this new code on the Geeks
5535 - Special thanks to Jason Hines and phpWebLog! His work
5536 inspired much of my efforts! Unfortunatly phpWebLog is
5537 taking a different direction that the Geeks sites needed.
5538 However, all the code I am writing here will be published
5539 in the hopes that Jason and others may find these functions
5540 useful. If you looking for a weblog software that is cool,
5541 configurable and supported by someone I would recommend you
5542 check out http://phpweblog.org and party on dudes!