Tue, 12 Jul 2011 22:15:18 -0400 |
Dan Fuhry |
SECURITY: Fixed XSS in post-login page redirection. Reported by Secunia.
|
file |
diff |
annotate
|
Sat, 29 Jan 2011 15:22:06 -0500 |
Dan Fuhry |
Corrected a link
|
file |
diff |
annotate
|
Tue, 16 Nov 2010 12:10:24 -0500 |
Dan Fuhry |
SECURITY: Fix path disclosure in Special:Captcha
|
file |
diff |
annotate
|
Tue, 21 Sep 2010 14:14:55 -0400 |
Dan Fuhry |
Fixed password field in HTML login not being focused during >USER_LEVEL_MEMBER auth
|
file |
diff |
annotate
|
Sat, 21 Aug 2010 23:29:54 -0400 |
Dan Fuhry |
Fixed some bugs with the change password form when pw_strength_enable is 0.
|
file |
diff |
annotate
|
Fri, 30 Jul 2010 21:32:05 -0400 |
Dan Fuhry |
Improved display of comments from foes, and fixed some general issues with the friend and foe lists
|
file |
diff |
annotate
|
Mon, 26 Jul 2010 20:10:01 -0400 |
Dan |
Improved captcha word generation; fixed duplicate auth parameter in Special:Login privileged login; improved search indexer performance on websites with lots of words
|
file |
diff |
annotate
|
Thu, 01 Jul 2010 18:24:11 -0400 |
Dan Fuhry |
Integrated XSS patch for 1.1.7 maintenance branch
1.1.7-maintenance 1.1.7pl1
|
file |
diff |
annotate
|
Mon, 28 Jun 2010 10:43:04 -0400 |
Dan Fuhry |
SECURITY: Multiple XSS in Special:ChangeStyle. Reported by Mesut Timur of Mavituna Security - thanks! Also removed my stand-in for ucfirst().
|
file |
diff |
annotate
|
Mon, 19 Apr 2010 18:07:43 -0400 |
Dan |
Fixed registration admin override with account_activation set to disable.
|
file |
diff |
annotate
|
Sun, 28 Mar 2010 23:10:46 -0400 |
Dan |
Going ahead with the switch to tabs. This is a major coding standards change! If any unusual parser bugs show up, check this changeset. Converted all .php, .js, .tpl, .css, and .json files and did basic testing.
|
file |
diff |
annotate
|
Wed, 17 Mar 2010 14:21:46 -0400 |
Dan |
Fixed username not being decoded in Special:ActivateAccount
|
file |
diff |
annotate
|
Wed, 06 Jan 2010 02:02:51 -0500 |
Dan |
Fixed some bugs with account activation, especially if you're a half-logged-in vegetable.
|
file |
diff |
annotate
|
Sat, 12 Dec 2009 15:39:36 -0500 |
Dan |
CAPTCHA: Added smart autosubmit for registration page. Usability testing was so-so, may back out later.
|
file |
diff |
annotate
|
Tue, 03 Nov 2009 22:08:48 -0500 |
Dan |
Logins: reorganized data structures a bit. WiP - needs test routine done.
|
file |
diff |
annotate
|
Fri, 25 Sep 2009 14:18:20 -0400 |
Dan |
HTML login: fixed bad submit under IE
|
file |
diff |
annotate
|
Sun, 20 Sep 2009 03:59:36 -0400 |
Dan |
Login: if return-to specified and already logged in, jump to return-to instead of main page.
|
file |
diff |
annotate
|
Fri, 11 Sep 2009 09:54:32 -0400 |
Dan |
Common: renamed global $title to $urlname (it broke the API from non-plugin Enano scripts)
|
file |
diff |
annotate
|
Fri, 21 Aug 2009 20:41:38 -0400 |
Dan |
Sessions: Improved inactive account UX; shuffled around a bit of code so that whitelist checks are shared; fixed a bunch of bugs related to ban code and IPv6 addresses
|
file |
diff |
annotate
|
Thu, 20 Aug 2009 20:01:55 -0400 |
Dan |
Fixed some upgrade bugs; added support for choosing one's own date/time formats; rebrand as 1.1.7
|
file |
diff |
annotate
|
Thu, 02 Jul 2009 09:01:29 -0400 |
Dan |
Login and sessions: fixed some improper handling of the config for lockout logic
|
file |
diff |
annotate
|
Fri, 15 May 2009 19:52:12 -0400 |
Dan |
Added another word to the CAPTCHA blacklist (thanks Neal).
|
file |
diff |
annotate
|
Fri, 15 May 2009 17:24:12 -0400 |
Dan |
Added protection against obscene words in CAPTCHAs
|
file |
diff |
annotate
|
Wed, 13 May 2009 09:43:00 -0400 |
Dan |
Comment UI / Special:Memberlist: UI consistency for Send PM/Add Buddy links in Memberlist and comment display UI
|
file |
diff |
annotate
|
Sun, 10 May 2009 14:44:37 -0400 |
Dan |
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
|
file |
diff |
annotate
|
Tue, 05 May 2009 00:10:26 -0400 |
Dan |
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
|
file |
diff |
annotate
|
Wed, 15 Apr 2009 16:20:33 -0400 |
Dan |
File rollbacks should be all up to date now.
|
file |
diff |
annotate
|
Tue, 14 Apr 2009 21:02:13 -0400 |
Dan |
Finished core of log display interface including filter management. There is still a bit of a to-do list, especially regarding rollbacks and reuploads.
|
file |
diff |
annotate
|
Mon, 13 Apr 2009 17:28:24 -0400 |
Dan |
Memberlist now shows rank instead of user level in "Title" column. (thanks mm3)
|
file |
diff |
annotate
|
Mon, 13 Apr 2009 16:57:20 -0400 |
Dan |
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
|
file |
diff |
annotate
|
Thu, 26 Feb 2009 01:27:56 -0500 |
Dan |
Set password in userinfo to allow auth plugins to see it (some really do need it)
|
file |
diff |
annotate
|
Thu, 26 Feb 2009 01:07:32 -0500 |
Dan |
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
|
file |
diff |
annotate
|
Mon, 16 Feb 2009 16:17:25 -0500 |
Dan |
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
|
file |
diff |
annotate
|
Sun, 04 Jan 2009 00:55:40 -0500 |
Dan |
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
|
file |
diff |
annotate
|
Sat, 03 Jan 2009 17:54:26 -0500 |
Dan |
Added a couple of hooks for the registration form.
|
file |
diff |
annotate
|
Sun, 21 Dec 2008 17:25:28 -0500 |
Dan |
Corrected a few issues with languages and client-side code
|
file |
diff |
annotate
|
Wed, 19 Nov 2008 11:37:10 -0500 |
Dan |
Fixed: Special:Memberlist still used SpryEffects
|
file |
diff |
annotate
|
Sat, 15 Nov 2008 18:23:25 -0500 |
Dan |
Added ability to have alternate main page for members
|
file |
diff |
annotate
|
Thu, 21 Aug 2008 11:24:56 -0400 |
Dan |
Autocomplete further stabilized. Made Special:PasswordReset and Special:Register prevent use if logged in.
|
file |
diff |
annotate
|
Tue, 12 Aug 2008 00:06:35 -0400 |
Dan |
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
|
file |
diff |
annotate
|
Mon, 11 Aug 2008 22:31:04 -0400 |
Dan |
Rebranded as 1.1.5 (Caoineag alpha 5) and fixed a couple bugs related to CDN support in template_nodb and installerUI. Updated readme.
|
file |
diff |
annotate
|
Mon, 11 Aug 2008 21:43:04 -0400 |
Dan |
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
|
file |
diff |
annotate
|
Wed, 09 Jul 2008 22:40:41 -0400 |
Dan |
Added Gravatar support! And it's really configurable too.
|
file |
diff |
annotate
|
Wed, 09 Jul 2008 18:02:32 -0400 |
Dan |
Got user registration working with the new componentized JS framework
|
file |
diff |
annotate
|
Mon, 07 Jul 2008 02:49:54 -0400 |
Dan |
Fixed missing require() on math.php in SpecialUserFuncs
|
file |
diff |
annotate
|
Wed, 02 Jul 2008 22:15:55 -0400 |
Dan |
More optimization work. Moved special page init functions to common instead of common_post hook. Allowed paths to cache page metadata on filesystem. Phased out the redundancy in $paths->pages that paired a number with every urlname as foreach loops are allowed now (and have been for some time). Fixed missing includes for several functions. Rewrote str_replace_once to be a lot more efficient.
|
file |
diff |
annotate
|
Mon, 30 Jun 2008 17:22:29 -0400 |
Dan |
Made $session->private_key protected and added pk_{en,de}crypt methods for encrypting and decrypting data using the private key
|
file |
diff |
annotate
|
Mon, 30 Jun 2008 17:20:02 -0400 |
Dan |
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
|
file |
diff |
annotate
|