onokazu
onoka****@users*****
2006年 5月 1日 (月) 11:37:24 JST
Index: xoops2jp/docs/CHANGES.txt diff -u xoops2jp/docs/CHANGES.txt:1.11 xoops2jp/docs/CHANGES.txt:1.12 --- xoops2jp/docs/CHANGES.txt:1.11 Tue Oct 25 12:25:42 2005 +++ xoops2jp/docs/CHANGES.txt Mon May 1 11:37:23 2006 @@ -1,489 +1,511 @@ -XOOPS v2 Changelog -============================ - -2005/10/25: Version 2.0.13a JP -=============================== -- Re-applied the $HTTP_*_VARS to $_* fix to some files in newbb -- Added fix for comment XSS vulnerability that was missing in the previous release - - -2005/10/24: Version 2.0.13 JP -=============================== -- Added several fixes for XSS vulnerabilities found in the core and newbb. -- Added fix to prevent Spams via misc.php and contact module using PHPMailer -- Added fix to prevent arbitrary code execution vulnerability in uploader.php - - -2005/ 9/ 5: Version 2.0.12 JP -=============================== -- Fixed display problem in system config preferences when conf_valuetype and conf_formtype are of textarea type - - -2005/ 8/31: Version 2.0.12 JP Beta -=============================== -- Changed $HTTP_XXX_VARS to $_XXX -- Limit send to friend feature in siteinfo block to registered users only -- Fixed bug in duplicate user name checking -- Added sanitization to PHP_SELF variable -- Fixed invalid usages of HTML -- Fixed some bugs sending japanese mails -- Fixed regex bug in module.textsanitizer.php - - -2005/ 8/14: Version 2.0.11.1 JP -=============================== -- Fixed full path disclosure vulnerability in several files - - -2005/ 7/31: Version 2.0.11 JP -=============================== -- Fixed infinite refresh of page in visit.php of mydownloads/mylinks - - -2005/ 7/21: Version 2.0.11 JP RC2 -=============================== -- Added security patch to prevent SQL injection in xmlrpcapi.php -- Added security patch for XSS vulnerability in comment post -- Fixed minor display bugs in search result URLs -- Fixed incorrect Smarty tag name being assigned in header.php -- Fixed PHP notice errors in several parts - - -2005/ 6/30: Version 2.0.10.2 JP -=============================== -- Added security patch to prevent SQL injection in xmlrpcapi.php -- Added security patch for XSS vulnerability in comment post - - -2005/ 6/29: Version 2.0.11 JP RC1 -=============================== -- Merged CriteriaString with the original Cirteria class -- Fixed bug in image admin section when register_globals off. -- Code cleanup in headlinerender.php -- Added missing language constant in the news module -- Fixed bug in xoopspartners admin section when register_globals off. -- Fixed smarty variable typo in common.php -- Fixed invalid template path in template set admin section -- Fixed comment delete button bug -- Changed & to & in some files -- Added missing parameter to redirect URL of newbb/mydownload modules -- Fixed invalid cache header in footer.php -- Fixed bug not being able to send mails when over 200 registered users - - -2005/ 6/28: Version 2.0.10.1 JP -=============================== -- Added security patch to prevent login spoofing -- Added several patches to fix some important bugs present in 2.0.10 JP - - Fixed bug not being able to add user from user admin page - - Fixed fatal error in admin page of sections module - - Fixed bug not being able to delete forum posts in newbb module - - Fixed typo: $xoopsConfig -> $xoopsModuleConfig in news module - - -2005/ 6/15: Version 2.0.11 JP Beta -=============================== -- Fixed parse error in the sections module -- Fixed incorrect use of anonpost option variable in the news module -- Fixed bug not being able to add users to group when active users over 200 -- Fixed bug not being able to add user from the user admin page -- Fixed bug not being able to delete posts in the newbb module - - -2005/ 6/10: Version 2.0.10 JP -=============================== -- Added fix for better module version number handling -- Fixed possible fatal error when using the template manager -- Fixed more invalid usages of HTML -- Fixed bug not being able to change password in user admin area -- Changed <{$xoops_moduledir}> to <{$xoops_dirname}> for xoops.org 2.0.10 compatibility -- Fixed <{$show_lblock}> not being assigned when no left blocks - - -2005/ 6/2: Version 2.0.10 JP RC2 -=============================== -- Fixed Invalid usages of HTML -- More fix to popup calendar bug fix added in beta -- Fixed file/folder names starting with a . being listed as modules, themes, etc. -- Added missing post_id variable in newbb search results -- Fixed minor problem with IIS -- Fixed phpmailer inifinite loop DOS vulnerability -- Fixed module icons in admin menu and modulesadmin page to be displayed in order by weight -- Fixed ticket system for improved compatibility with xoops.org 2.0.10 - - -2005/ 5/28: Version 2.0.10 JP RC1 -=============================== -- Temporarily disabled showing XOOPS News on admin top page -- Changed the name of XoopsMediaUploader::checkFileType() to its original XoopsMediaUploader::checkFileType() to maintain compatibility -- Fixed group name not showing in group admin error message -- Fixed typo in /kernel/object.php, modules/system/admin/smiles/main.php, include/xoopscodes.php, class/xoopsform/dhtmltextarea.php -- Changed token lifetime from 900 seconds to unlimited -- Fixed invalid timestamp format in RSS news feed -- Removed invalid links to unpublished news article -- Fixed link to preference settings not being displayed in newbb admin menu -- Fixed error messages being displayed when pointing to non-existent image file in image.php -- Fixed ticket error in group admin page when users over 200 in a group -- Fixed new user being added to all groups when created from the admin page -- Fixed fatal error message being displayed when trying to browse uninstalled modules -- Fixed file not found error in zipdownloader.php -- Added support for 'NOT IN' type queries in Criteria class -- Added <{$xoops_modulename}> <{$xoops_moduledir}> template vars -- Added block weight value to each block template var - - -2005/ 5/18: Version 2.0.10 JP Beta -=============================== -- Implemented new token system for validating form origination and increased protection against CSRF -- Security fix to avoid the usage of fopen and unlink when preview/debug -- Fixed bug in header.php, assign $xoops_lblocks -- Fixed bug #1157029 - Bug in include/checklogin.php -- Fixed bug #1060061 - renderValidationJS showing htmlentities instead of intended characters -- Removed <code>foreach ($_POST as $k => $v) {${$k} = $v;}</code> and similar ones which can be insecure under certain circumstances -- Fixed CSRF vulnerability in block/template preview -- Fixed CSRF vulnerability in news/newbb preview -- Fixed arbitrary file deletion vulerability when custom avatar upload enabled -- Security fix to prevent uploading of executable files -- Fixed XSS vulerability in redirect_header() function -- Fixed XSS vulerability in findusers section of system module -- Fixed XSS vuleratility when displaying smiley popup window -- Removed old autologin hack codes which can be insecure -- Fixed arbitrary PHP code execution vulnerability in saxparser class -- Fixed XOOPS news not being displayed when allow_url_fopen set to off -- Fixed new user not being added to specified groups when creating new user from the admin section -- Fixed many typos -- Fixed many HTML misusages -- Added more PHP5 compatibility fixes -- Added fix for duplicated blocks created in 2.0.9 -- Added custom XoopsSecurity class for xoops.org 2.0.10 compatibility - - -2004/12/30: Version 2.0.9.2 -=============================== -- Security fix to prevent session hijacking (thanks goes to GIJOE and the JP XOOPS community) -- Fixed duplicated blocks bug on module update -- phpmailer back to the version included in 2.0.7.3, as it is more stable (onokazu) - - -2004/12/25: Version 2.0.9 -=============================== -- Security fix in the newbb module for PHP version < 4.3.10 (GIJOE & onokazu) -- Security fix in the newbb module to prevent XSS attacks (minahito) -- Fixed various problems related to XoopsUser::isAdmin() and $xoops_isadmin patch in 2.0.7.1 (bugs #1014203/#1014403) (onokazu) -- Fixed incorrect parameters being passed to CriteriaCompo in modulesadmin.php (onokazu) -- Fixed incorrect parameters being passed to XoopsXmlRpcStruct::add() in BloggerApi::getUserInfo() (onokazu) -- Fixed Bug #1023022 - XoopsFormDhtmlTextArea and array_push() error (Mithrandir) -- Fixed Bug #1013989 - Inbox title shoud be plural "Private Messages" (Mithrandir) -- Fixed Bug #1004998 - readpmsg.php typo:</th> html tag of subject is nothing (Mithrandir) -- Fixed Bug #1035707 - Enable array type options in blocks (Mithrandir) -- Fixed a typo in include/comment_form.php, patch #1041993 (Dave_l) -- Fixed Bug #1044957 - xoopsmultimailer.php Username typo when SMTP-Auth (Mithrandir) -- Fixed RFE #900348 - Sort user list alphabetically in System -> Groups. Also changed the way it fetches the users in the group so it fetches all of them with 2 queries instead of 1 + (1 per user in the group) (Mithrandir -) -- Added patch #1048384 - mysql_field_name and others, added (Mithrandir) -- Fixed bug #1049017 - Blocks sharing a template are cached wrong (Mithrandir) -- Added patch #1048382 - Module onUpdate function (Mithrandir) -- Fixed bug #989462 - Handler object caching not working (Mithrandir) -- Added RFE #900345 - View/Edit group membership in Admin -> System -> Edit User (Mithrandir) -- Fixed Bug #1055901 - group.php(IN phrase is used ,query) (Mithrandir) -- Fixed bug #1052403 - block update in module update (Mithrandir) -- More fixes for register_globals off in the top 10 page of mylinks/mydownloads modules -- Fixed a typo in modules/xoopsheadline/admin/index.php (onokazu) -- Fixed bug where 2 headline forms were using the same form name/id, causing JS error (onokazu) -- Fixed some html problems in mylinks/mydownloads admin page (onokazu) -- Secured mainfile.dist.php from disclosing paths (Mithrandir) -- Fixed bug #1073029 (onokazu) -- Fixed bug #1073532 (onokazu) -- Fixed bug #1080791 (onokazu) -- Fixed lang phrase _NOT_ACTIVENOTIFICATIONS not being assing to template (onokazu) -- Some PHP5 fixes (Mithrandir) -- Updated Smarty to version 2.6.5 -- Updated PHPMailer to version 1.72 - - -2004/09/11: Version 2.0.7.3 -=============================== -!! SECURITY FIX !! fixed more bugs that allowed session hijacking under a certain circumstance (onokazu) - - -2004/09/10: Version 2.0.7.2 -=============================== -!! SECURITY FIX !! fixed bugs that allowed session hijacking under a certain circumstance (onokazu) - - -2004/08/21: Version 2.0.7.1 -=============================== -Fixed bug #1006511 about $xoops_isadmin misuse (skalpa/the jp.xoops.org community): -- Changed XoopsUser::isAdmin() behavior to prevent problems with modules that misuse this function -- Fixed permission checking in user profile page, to only show admin links to people who are supposed to see them -- Fixed permission checking in the comments system, to only show admin links to people who are supposed to see them -Fixed incorrect escaping of configuration values in 2.0.7 (skalpa) -Changed db proxy class error message from "Action not allowed" to "Database update not allowed during a GET request" (skalpa) -Fixed bug #964084: if comment title is long multi-byte character.last byte loss (Mithrandir/domifara) -Fixed bug #977360: Wrong icon in comment bloc (Mithrandir/zoullou) -Fixed bug #976534: modules incompatibilities in 2.0.7 (Mithrandir/gijoe_peak) -Fixed bug #975803: Typo in class/pagenav.php (Mithrandir/Dave_l) -Fixed bug #974655: slogan variable with Xoops 2.0.7 (Mithrandir/brashquido) -Fixed bug #987171: typo in edituser.php (Mithrandir) -Applied patch #928503: Search results for modules with granted permissions optimised (Mithrandir/malanciault) -Applied patch #988715: cp_header.php language (Mithrandir/phppp) -Fixed MyTextSanitizer PHP notices (Mithrandir) -Fixed XoopsForm PHP Notices about an unset _extra property (Mithrandir) - - -2004/06/14: Version 2.0.7 -=============================== -!! SECURITY FIX !! preventing code injection in media uploader (skalpa) -!! SECURITY FIX !! preventing execution of external scripts in shared environments (skalpa/ackbarr) - -Fixed bug #963937: Typo in modules/system/admin/findusers/main.php (mithrandir/tom_g3x) -Fixed typo in x2t theme css colteaser class definition (w4z004) -Set formButton class to Xoops popups buttons (w4z004) -Fixed bug #960970: Incorrect display of the graphical pagenav (w4z004) -Modified the Word Censoring fix (#962025) for MySQL 4.x compat (skalpa + quick thx 2 hervet 4 help) -Ensured page title and slogan are escaped for HTML (onokazu) -Fixed bug #961565: Search form keywords not checked by JS (mithrandir/tom_g3x) -Fixed bug #961118 in XoopsFormElementTray::getElements() (mithrandir/luckec) -Fixed bug #961311: Incorrect definition of headers var in XoopsMailer class (mithrandir/tom_g3x) -XoopsForm::assign() now indexes elements by name if possible (mithrandir/kerkness) -Fixed bug #963197: xoopsHiddenText is hardcoded in formdhtmlarea (mithrandir/tom_g3x) -Fixed bug #963301: XoopsMediaUploader checkMaxHeight() doesn't work (skalpa/onokazu) -Fixed bug #963327: XoopsImageHandler delete() keeps rows in imagebody table (skalpa/tom_g3x) -Fixed bug #962025: Word censoring can mess db config options up (skalpa/tom_g3x) -Fixed bug #961313: XoopsMailer custom headers are duplicated (skalpa/tom_g3x) -Fixed bug #960683: [code] wrong translation (skalpa/ryuji+gi_joe) -Fixed snoopy bug due to language specific characters (onokazu) -Fixed a bug preventing deletion of users from the admin user search results (onokazu) -Fixed a bug preventing deletion of admin users (onokazu) -Fixed bug #915976: module onInstall feature doesn't display module messages correctly (skalpa/feugy+dave_l) -Fixed bug #898776: Xoops module resolution for www.host.com and host.com (wulff_dk) -Fixed bug #906282: XoopsGroupPermForm::render() - throws Undefined variable (mithrandir) -Fixed bug #946621: Comments system extra_param not working with register_globals off (mithrandir/gstarrett) -Fixed bug #932200: Admin > Edit user shows wrong username :-(mithrandir) -Fixed bug #936753: $xoops_module_header not in all themes (w4z004) -Fixed bug #921930: SQL queries with leading whitespace don't work (mithrandir) -Fixed bug #920480: xoops_substr always adds three dots (skalpa) -Fixed bug #921448: Undefined variable in xoopscodes.php (skalpa/dave_l) -Applied patch #953063: js Calendar first popup date bug fix (mithrandir/venezia) -Applied patch #953060: xoopstree.php selbox - subcategories not ordered (mithrandir/venezia) -Applied patch #928503: Only show search results for modules with granted permissions (mithrandir/malanciault) -Fixed bug #922152 preventing notifications to work with some Windows configurations (skalpa/robekras) -Fixed bug #930351 preventing XoopsThemeForm::insertBreak() to work -Corrected the content of $xoopsRequestUri on IIS fixing bug #895984 (skalpa) - -2/6/2004: Version 2.0.6 -=============================== -- Removed calls to XoopsHandlerRegistry class (onokazu) -- Fixed loop problem after retrieving a lost password (onokazu) -- Changed all include() calls to include_once() for xoopscodes.php (onokazu) -- Added routines to remove users from the online member list when a user is deleted (onokazu) -- Added parameters to the Critreria class constructor to allow the use of DB functions in SQL criteria (skalpa) -- Added fetchBoth() method to the XoopsDatabase class (skalpa) -- Fixed typos in class/smarty/plugins/resource.db.php (skalpa) -- Refactoring in /class/xoopsform/form.php (skalpa) -- Added some methods to /class/xoopsform/formelement.php to allow the use of accesskey and class attributes in form element tags (skalpa) -- Fixed extra HTML tags not being displayed when using the XoopsThemeForm::insertBreak() method (Catzwolf) -- Changed the default HTTP method of the search form to GET (onokazu) -- Fixed notification constants not being included during installation (onokazu) -- Fixed session data not being properly escaped before inserting to the database (onokazu) -- Some useful changes to the group permission form (onokazu) -- Fixed the block cachetime selection being reset after preview (onokazu) -- Fixed invalid regex patterns used for username filtering, also added fix to allow the safe use of multi-byte characters in username (contributed by GIJOE) -- Fixed bug where some blocks were not being displayed in block admin page on certain occasions (onokazu) -- Fixed the problem of system admin icon disappearing on certain occasions (onokazu) -- Fixed the errorhandler class to check the current error_reporting level before handleing errors (onokazu) -- Re-activated the errorhandler class (onokazu) -- Updated class/Snoopy.php to the latest version, v1.01 (onokazu) -- Fixed a typo in kernel/online.php (onokazu) -- Added some useful functions to include/xoops.js (skalpa) -- Fix for Opera in include/xoops.js (onokazu) -- Fixed user bio and signature values causing corruption in the edit profile form on certain occasions (onokazu) -- Fixed the module name being reset to the default value after module update (onokazu) -- Fixed invalid regex patterns in xoopslists.php (onokazu) -- Fixed a few issues with register_globals setting -- Fix for the auto-login feature (not activated) -- Fixed image categories not being displayed in the order set by admin (onokazu)- Fixed a typo in kernel/config.php (onokazu) -- Fixed comments not being displayed in the order as requested (onokazu) -- Fixed the mailer class not setting some header values (onokazu) -- Fixed chmod problem in class/uploader.php -- Fixed magic_quotes related problems in class/uploader.php -- Fixed notification routines causing a fatal error while trying to notify non-existent users (onokazu) -- Added fix to convert & to & within mail messages (onokazu) -- Fixed html special characters causing problem when submitting a new module name (onokazu) -- Fixed javascript error in mailuser form (onokazu) -- Fixed javascript error in calendar date select form -- Added a new Smarty function <{xoops_link}> (skalpa) -- Added check to prevent webmaster user/group from being removed completely (contributed by Ryuji) - -newbb -- Security fix in modules/newbb/viewtopic.php (onokazu) -- Security fix in modules/newbb/viewforum.php (onokazu) -- Added register_globals related fix to topicmanager.php (onokazu) -- Fixed topic moderation icons not being displayed for moderators in templates/newbb_thread.html (onokazu) -- Fixed topic time not being displayed in recent posts block on certain occasions in blocks/newbb_new.php (onokazu) -- Added fix to correctly navigate to the requested post even when the post is not on the first page of flat view (contrib by GIJOE in class/forumpost.php, viewtopic.php, viewforum.php) - -sections -- Added missing global variable declarations to index.php (onokazu) - -mydownloads -- Added register_globals related fix to modfile.php (onokazu) - -news -- Added fix to always display published date in each article (onokazu) -- Added missing ?> at the end of file in xoops_version.php (onokazu) -- Some fixes in admin/index.php - -xoopspolls -- Fixed color bar selections not working when creating/editing a new poll (onokazu) - -xoopsmembers -- Fixed 'more than X posts' not working when set to 0 (onokazu) -- Added a new language constant to language/english/main.php (Catzwolf) -- Removed invalid HTML tags in templates/xoopsmembers_searchresults.html (Catzwolf) - - -1/5/2004: Version 2.0.5.2 -=============================== -- Security fix in modules/mylinks/myheader.php -- Security fix in modules/mylinks/visit.php -- Security fix in modules/mylinks/admin/index.php - - -11/22/2003: Version 2.0.5.1 -=============================== -- Added $option parameter to xoops_gethandler function (skalpa) -- Security fix in banners.php (onokazu) -- Security fix in modules/newss/include/forumform.inc.php (onokazu) -- Security fix in include/common.php (onokazu) -- Temporarily disabled XoopsErrorHandler class (onokazu) -- Security fix in include/functions.php (onokazu) -- Removed XoopsHandlerRegistry class (onokazu) -- Added fix for preventing users entering infinite loop when recovering a lost password (onokazu) - - -10/8/2003: Version 2.0.5 -=============================== -- Fixed template files not being updated even when the 'allow update from themes directory' option was enabled in preferences -- Fixed RSS channel title being cutoff at special characters -- Minor bug fix in pagenav.php -- Fixed blocks disappearing from the block admin page on certain occasion -- Additional fixes to work with register_globals off -- Fixed problem with XoopsCode Img button not working on certain occasion -- Added missing SQL query in kernel/avatar.php -- Fixed problem with the newbb module where users could post without a thread title on certain occasion -- Fixed problem in banner admin page where banner edit form not being displayed on certain occasion -- Fixed group selection option in the blocks admin page not being selected on certain occasion -- Fixed poll option textbox forms not displaying the correct values -- Fixed show all link in user profile page not working in 2.0.5RC -- Additional phrases in language/english/global.php(_NOTITLE), language/english/search.php(_SR_IGNOREDWORDS), install/language/english/install.php(_INSTALL_L128, _INSTALL_L200) -- Added check in install/index.php to read $HTTP_ACCEPT_LANGUAGE on initial load - - -9/30/2003: Version 2.0.5 RC -=============================== -- Fixed email checking bug mentioned in http://www.xoops.org/modules/newbb/viewtopic.php?topic_id=12288&forum=2 (mvandam) -- Fixed a number of bugs in blocks admin page (onokazu) -- More usability fix in blocks admin page (onokazu) -- Fixed forum topic links to correctly use the # feature in url (onokazu) -- Fixed password checking bug mentioned in http://www.xoops.org/modules/newbb/viewtopic.php?topic_id=12301&post_id=49369&order=0&viewmode=flat&pid=49203&forum=21#forumpost49369 -- Fixed database connection error when creating database during install (onokazu) -- Fixed mb_output_handler causing problems in backend.php/image.php/downloader (onokazu) -- Fixed search feature to use GET requests for prev/next/showall links (onokazu) -- Register_globals related fix in /include/comment_post.php (contrib by gstarrett) -- Added $xoopsUserIsAdmin global variable (onokazu) -- Added xoops_getLinkedUnameById function to /include/functions.php (Catzwolf) -- Fixed invalid Smarty tags in /modules/system/templates/system_siteclosed.html, /modules/system/templates/system_redirect.html, /modules/system/templates/system_imagemanager2.html (onokazu) - - -9/19/2003: Version 2.0.4 -=============================== -- XOOPS_CACHE_PATH, XOOPS_UPLOAD_PATH, XOOPS_THEME_PATH", XOOPS_COMPILE_PATH, XOOPS_THEME_URL, XOOPS_UPLOAD_URL are now set in include/common.php (onokazu) -- Added [siteurl][/siteurl] tag to XoopsCode (mvandam) -- Fixed a typo in class/uploader.php (onokazu) -- Fixed some redirect problems after login (onokazu) -- registre_globals fix in include/comment_view.php (onokazu) -- Xoops.org news is disabled by default in the admin section (onokazu) -- Added a new error handler class (class/errorhandler.php) (mvandam) -- Fixed XoopsGroupPermHandler returning duplicate permissions (onokazu) -- Fixed block-disappearing problem in blocks admin (onokazu) -- Fixed typo in kernel/notification.php (mvandam) -- Added XoopsGuestUser class in kernel/user.php (onokazu) -- Fixed newbb module to correctly use the # feature in URL (onokazu) -- Improved usability in blocks admin section -- Reduced number of users to display in group/edituser page to max 200 users (onokazu) -- Fixed bug where admins could add users with a existing username (onokazu) -- Added files for module developers to easily add group permisson feature (modules/system/groupperm.php, class/xoopsform/groupperm.php) (onokazu) -- Fixed typo in register.php (onokazu) - - -6/17/2003: Version 2.0.3 -=============================== -- fixed CSS related bug in global search page -- register_globals bug fix in comments -- Smarty updated to 2.5.0 -- fixed typo in kernel/object.php -- fixed group permission bug -- fixed bug where image categories were deleted after group permission update -- fixed bug where user votes could not be deleted in the mylinks module -- fixed some language typos -- changed XoopsGroupPermHandler::getItemIds to accept an array fot the second parameter (gperm_groupid), which was required in certain places.. -- removed avatar image files - - -4/25/2003: Version 2.0.2 -=============================== -- security fix to prevent malicious cross site scripting attacks (onokazu) -- fixed character encoding problem for some languages when using the mailer class (onokazu) -- fixed some major bugs in the xoopsheadline module (onokazu) -- fixed some cookie related problems in the forums module (mvandam) - - -4/18/2003: Version 2.0.1 -=============================== -- fixed bug where notification feature could not be turned on -- fixed character encoding problem for some languages when using the mailer class (onokazu) -- fixed the theme selection block to work again -- fixed typo in kernel/module.php -- fixed incorrect table name in xoops_version.php of the new headline module -- changed max limit size of some columns in the configoption table -- fixed image manager bug when using db store method -- xoops.org can now be disabled by adding nonews=1 - - -4/16/2003: Version 2.0.0 -=============================== -- xoopsheadlines module replaced with xoopsheadline module to fix character encoding problems -- numerous bug fixes - - -3/19/2003: Version 2.0.0 RC3 -=============================== -- a major change in the handling of theme files, the detail of which you can read in this [url=http://www.xoops.org/modules/news/article.php?storyid=677]article[/url] (onokazu) -- a new global notification feature that can easily be incorporated into modules (that use Smarty) by only modifying xoops_version.php and template files (mvandam) -- SMTP support using phpMailer (bunny) -- group permission tables merged into one table (onokazu) -- code refactoring - - -2/9/2003: Version 2.0.0 RC2 -=============================== -A bug fix release.. -- avatar upload bug -- themeset image upload bug -- register_globals fix -- recommend us block error -- error message displayed upon submit of news article -- page navigation bug in some modules -- blank page bug on some servers -- SQL displayed in blocks admin - - -1/31/2003: Version 2.0.0 RC1 -=============================== -The first public release of 2.0 series. -For new features that have been added from 1.3.x, please refer to -the articles listed below: -http://www.xoops.org/modules/news/article.php?storyid=486 -http://www.xoops.org/modules/news/article.php?storyid=549 -http://www.xoops.org/modules/xoopsdocs/index.php?cat_id=6 \ No newline at end of file +XOOPS v2 Changelog +============================ + +2006/ 4/29: Version 2.0.14 JP +=============================== +- Fixed installation failure problem with PHP 5.1.x +- Removed xoops.org banner image files and data + + +2006/ 4/21: Version 2.0.14 JP RC1 +=============================== +- Added fix for 4.4.x variable reference PHP notice errors +- Updated 3rd party libraries + Snoopy v1.2.3 + PHPMailer Ver 1.73 + Smarty Ver 2.6.12 +- Fixed comment post URL in newbb/viewtopic.php +- Fixed additional slashes in user password being md5()'d. +- Fixed & -> & in some mail template files +- Bug Fix #7393: Fixed Smarty Template cycle plugin parameters +- Added input validity checks for system avatar selection +- Fixed many typo +- Modified xoops.org links to xoopscube.org ;-) +- Removed duplicate footer include()'s in mydownloads + + +2005/10/25: Version 2.0.13a JP +=============================== +- Re-applied the $HTTP_*_VARS to $_* fix to some files in newbb +- Added fix for comment XSS vulnerability that was missing in the previous release + + +2005/10/24: Version 2.0.13 JP +=============================== +- Added several fixes for XSS vulnerabilities found in the core and newbb. +- Added fix to prevent Spams via misc.php and contact module using PHPMailer +- Added fix to prevent arbitrary code execution vulnerability in uploader.php + + +2005/ 9/ 5: Version 2.0.12 JP +=============================== +- Fixed display problem in system config preferences when conf_valuetype and conf_formtype are of textarea type + + +2005/ 8/31: Version 2.0.12 JP Beta +=============================== +- Changed $HTTP_XXX_VARS to $_XXX +- Limit send to friend feature in siteinfo block to registered users only +- Fixed bug in duplicate user name checking +- Added sanitization to PHP_SELF variable +- Fixed invalid usages of HTML +- Fixed some bugs sending japanese mails +- Fixed regex bug in module.textsanitizer.php + + +2005/ 8/14: Version 2.0.11.1 JP +=============================== +- Fixed full path disclosure vulnerability in several files + + +2005/ 7/31: Version 2.0.11 JP +=============================== +- Fixed infinite refresh of page in visit.php of mydownloads/mylinks + + +2005/ 7/21: Version 2.0.11 JP RC2 +=============================== +- Added security patch to prevent SQL injection in xmlrpcapi.php +- Added security patch for XSS vulnerability in comment post +- Fixed minor display bugs in search result URLs +- Fixed incorrect Smarty tag name being assigned in header.php +- Fixed PHP notice errors in several parts + + +2005/ 6/30: Version 2.0.10.2 JP +=============================== +- Added security patch to prevent SQL injection in xmlrpcapi.php +- Added security patch for XSS vulnerability in comment post + + +2005/ 6/29: Version 2.0.11 JP RC1 +=============================== +- Merged CriteriaString with the original Cirteria class +- Fixed bug in image admin section when register_globals off. +- Code cleanup in headlinerender.php +- Added missing language constant in the news module +- Fixed bug in xoopspartners admin section when register_globals off. +- Fixed smarty variable typo in common.php +- Fixed invalid template path in template set admin section +- Fixed comment delete button bug +- Changed & to & in some files +- Added missing parameter to redirect URL of newbb/mydownload modules +- Fixed invalid cache header in footer.php +- Fixed bug not being able to send mails when over 200 registered users + + +2005/ 6/28: Version 2.0.10.1 JP +=============================== +- Added security patch to prevent login spoofing +- Added several patches to fix some important bugs present in 2.0.10 JP + - Fixed bug not being able to add user from user admin page + - Fixed fatal error in admin page of sections module + - Fixed bug not being able to delete forum posts in newbb module + - Fixed typo: $xoopsConfig -> $xoopsModuleConfig in news module + + +2005/ 6/15: Version 2.0.11 JP Beta +=============================== +- Fixed parse error in the sections module +- Fixed incorrect use of anonpost option variable in the news module +- Fixed bug not being able to add users to group when active users over 200 +- Fixed bug not being able to add user from the user admin page +- Fixed bug not being able to delete posts in the newbb module + + +2005/ 6/10: Version 2.0.10 JP +=============================== +- Added fix for better module version number handling +- Fixed possible fatal error when using the template manager +- Fixed more invalid usages of HTML +- Fixed bug not being able to change password in user admin area +- Changed <{$xoops_moduledir}> to <{$xoops_dirname}> for xoops.org 2.0.10 compatibility +- Fixed <{$show_lblock}> not being assigned when no left blocks + + +2005/ 6/2: Version 2.0.10 JP RC2 +=============================== +- Fixed Invalid usages of HTML +- More fix to popup calendar bug fix added in beta +- Fixed file/folder names starting with a . being listed as modules, themes, etc. +- Added missing post_id variable in newbb search results +- Fixed minor problem with IIS +- Fixed phpmailer inifinite loop DOS vulnerability +- Fixed module icons in admin menu and modulesadmin page to be displayed in order by weight +- Fixed ticket system for improved compatibility with xoops.org 2.0.10 + + +2005/ 5/28: Version 2.0.10 JP RC1 +=============================== +- Temporarily disabled showing XOOPS News on admin top page +- Changed the name of XoopsMediaUploader::checkFileType() to its original XoopsMediaUploader::checkFileType() to maintain compatibility +- Fixed group name not showing in group admin error message +- Fixed typo in /kernel/object.php, modules/system/admin/smiles/main.php, include/xoopscodes.php, class/xoopsform/dhtmltextarea.php +- Changed token lifetime from 900 seconds to unlimited +- Fixed invalid timestamp format in RSS news feed +- Removed invalid links to unpublished news article +- Fixed link to preference settings not being displayed in newbb admin menu +- Fixed error messages being displayed when pointing to non-existent image file in image.php +- Fixed ticket error in group admin page when users over 200 in a group +- Fixed new user being added to all groups when created from the admin page +- Fixed fatal error message being displayed when trying to browse uninstalled modules +- Fixed file not found error in zipdownloader.php +- Added support for 'NOT IN' type queries in Criteria class +- Added <{$xoops_modulename}> <{$xoops_moduledir}> template vars +- Added block weight value to each block template var + + +2005/ 5/18: Version 2.0.10 JP Beta +=============================== +- Implemented new token system for validating form origination and increased protection against CSRF +- Security fix to avoid the usage of fopen and unlink when preview/debug +- Fixed bug in header.php, assign $xoops_lblocks +- Fixed bug #1157029 - Bug in include/checklogin.php +- Fixed bug #1060061 - renderValidationJS showing htmlentities instead of intended characters +- Removed <code>foreach ($_POST as $k => $v) {${$k} = $v;}</code> and similar ones which can be insecure under certain circumstances +- Fixed CSRF vulnerability in block/template preview +- Fixed CSRF vulnerability in news/newbb preview +- Fixed arbitrary file deletion vulerability when custom avatar upload enabled +- Security fix to prevent uploading of executable files +- Fixed XSS vulerability in redirect_header() function +- Fixed XSS vulerability in findusers section of system module +- Fixed XSS vuleratility when displaying smiley popup window +- Removed old autologin hack codes which can be insecure +- Fixed arbitrary PHP code execution vulnerability in saxparser class +- Fixed XOOPS news not being displayed when allow_url_fopen set to off +- Fixed new user not being added to specified groups when creating new user from the admin section +- Fixed many typos +- Fixed many HTML misusages +- Added more PHP5 compatibility fixes +- Added fix for duplicated blocks created in 2.0.9 +- Added custom XoopsSecurity class for xoops.org 2.0.10 compatibility + + +2004/12/30: Version 2.0.9.2 +=============================== +- Security fix to prevent session hijacking (thanks goes to GIJOE and the JP XOOPS community) +- Fixed duplicated blocks bug on module update +- phpmailer back to the version included in 2.0.7.3, as it is more stable (onokazu) + + +2004/12/25: Version 2.0.9 +=============================== +- Security fix in the newbb module for PHP version < 4.3.10 (GIJOE & onokazu) +- Security fix in the newbb module to prevent XSS attacks (minahito) +- Fixed various problems related to XoopsUser::isAdmin() and $xoops_isadmin patch in 2.0.7.1 (bugs #1014203/#1014403) (onokazu) +- Fixed incorrect parameters being passed to CriteriaCompo in modulesadmin.php (onokazu) +- Fixed incorrect parameters being passed to XoopsXmlRpcStruct::add() in BloggerApi::getUserInfo() (onokazu) +- Fixed Bug #1023022 - XoopsFormDhtmlTextArea and array_push() error (Mithrandir) +- Fixed Bug #1013989 - Inbox title shoud be plural "Private Messages" (Mithrandir) +- Fixed Bug #1004998 - readpmsg.php typo:</th> html tag of subject is nothing (Mithrandir) +- Fixed Bug #1035707 - Enable array type options in blocks (Mithrandir) +- Fixed a typo in include/comment_form.php, patch #1041993 (Dave_l) +- Fixed Bug #1044957 - xoopsmultimailer.php Username typo when SMTP-Auth (Mithrandir) +- Fixed RFE #900348 - Sort user list alphabetically in System -> Groups. Also changed the way it fetches the users in the group so it fetches all of them with 2 queries instead of 1 + (1 per user in the group) (Mithrandir +) +- Added patch #1048384 - mysql_field_name and others, added (Mithrandir) +- Fixed bug #1049017 - Blocks sharing a template are cached wrong (Mithrandir) +- Added patch #1048382 - Module onUpdate function (Mithrandir) +- Fixed bug #989462 - Handler object caching not working (Mithrandir) +- Added RFE #900345 - View/Edit group membership in Admin -> System -> Edit User (Mithrandir) +- Fixed Bug #1055901 - group.php(IN phrase is used ,query) (Mithrandir) +- Fixed bug #1052403 - block update in module update (Mithrandir) +- More fixes for register_globals off in the top 10 page of mylinks/mydownloads modules +- Fixed a typo in modules/xoopsheadline/admin/index.php (onokazu) +- Fixed bug where 2 headline forms were using the same form name/id, causing JS error (onokazu) +- Fixed some html problems in mylinks/mydownloads admin page (onokazu) +- Secured mainfile.dist.php from disclosing paths (Mithrandir) +- Fixed bug #1073029 (onokazu) +- Fixed bug #1073532 (onokazu) +- Fixed bug #1080791 (onokazu) +- Fixed lang phrase _NOT_ACTIVENOTIFICATIONS not being assing to template (onokazu) +- Some PHP5 fixes (Mithrandir) +- Updated Smarty to version 2.6.5 +- Updated PHPMailer to version 1.72 + + +2004/09/11: Version 2.0.7.3 +=============================== +!! SECURITY FIX !! fixed more bugs that allowed session hijacking under a certain circumstance (onokazu) + + +2004/09/10: Version 2.0.7.2 +=============================== +!! SECURITY FIX !! fixed bugs that allowed session hijacking under a certain circumstance (onokazu) + + +2004/08/21: Version 2.0.7.1 +=============================== +Fixed bug #1006511 about $xoops_isadmin misuse (skalpa/the jp.xoops.org community): +- Changed XoopsUser::isAdmin() behavior to prevent problems with modules that misuse this function +- Fixed permission checking in user profile page, to only show admin links to people who are supposed to see them +- Fixed permission checking in the comments system, to only show admin links to people who are supposed to see them +Fixed incorrect escaping of configuration values in 2.0.7 (skalpa) +Changed db proxy class error message from "Action not allowed" to "Database update not allowed during a GET request" (skalpa) +Fixed bug #964084: if comment title is long multi-byte character.last byte loss (Mithrandir/domifara) +Fixed bug #977360: Wrong icon in comment bloc (Mithrandir/zoullou) +Fixed bug #976534: modules incompatibilities in 2.0.7 (Mithrandir/gijoe_peak) +Fixed bug #975803: Typo in class/pagenav.php (Mithrandir/Dave_l) +Fixed bug #974655: slogan variable with Xoops 2.0.7 (Mithrandir/brashquido) +Fixed bug #987171: typo in edituser.php (Mithrandir) +Applied patch #928503: Search results for modules with granted permissions optimised (Mithrandir/malanciault) +Applied patch #988715: cp_header.php language (Mithrandir/phppp) +Fixed MyTextSanitizer PHP notices (Mithrandir) +Fixed XoopsForm PHP Notices about an unset _extra property (Mithrandir) + + +2004/06/14: Version 2.0.7 +=============================== +!! SECURITY FIX !! preventing code injection in media uploader (skalpa) +!! SECURITY FIX !! preventing execution of external scripts in shared environments (skalpa/ackbarr) + +Fixed bug #963937: Typo in modules/system/admin/findusers/main.php (mithrandir/tom_g3x) +Fixed typo in x2t theme css colteaser class definition (w4z004) +Set formButton class to Xoops popups buttons (w4z004) +Fixed bug #960970: Incorrect display of the graphical pagenav (w4z004) +Modified the Word Censoring fix (#962025) for MySQL 4.x compat (skalpa + quick thx 2 hervet 4 help) +Ensured page title and slogan are escaped for HTML (onokazu) +Fixed bug #961565: Search form keywords not checked by JS (mithrandir/tom_g3x) +Fixed bug #961118 in XoopsFormElementTray::getElements() (mithrandir/luckec) +Fixed bug #961311: Incorrect definition of headers var in XoopsMailer class (mithrandir/tom_g3x) +XoopsForm::assign() now indexes elements by name if possible (mithrandir/kerkness) +Fixed bug #963197: xoopsHiddenText is hardcoded in formdhtmlarea (mithrandir/tom_g3x) +Fixed bug #963301: XoopsMediaUploader checkMaxHeight() doesn't work (skalpa/onokazu) +Fixed bug #963327: XoopsImageHandler delete() keeps rows in imagebody table (skalpa/tom_g3x) +Fixed bug #962025: Word censoring can mess db config options up (skalpa/tom_g3x) +Fixed bug #961313: XoopsMailer custom headers are duplicated (skalpa/tom_g3x) +Fixed bug #960683: [code] wrong translation (skalpa/ryuji+gi_joe) +Fixed snoopy bug due to language specific characters (onokazu) +Fixed a bug preventing deletion of users from the admin user search results (onokazu) +Fixed a bug preventing deletion of admin users (onokazu) +Fixed bug #915976: module onInstall feature doesn't display module messages correctly (skalpa/feugy+dave_l) +Fixed bug #898776: Xoops module resolution for www.host.com and host.com (wulff_dk) +Fixed bug #906282: XoopsGroupPermForm::render() - throws Undefined variable (mithrandir) +Fixed bug #946621: Comments system extra_param not working with register_globals off (mithrandir/gstarrett) +Fixed bug #932200: Admin > Edit user shows wrong username :-(mithrandir) +Fixed bug #936753: $xoops_module_header not in all themes (w4z004) +Fixed bug #921930: SQL queries with leading whitespace don't work (mithrandir) +Fixed bug #920480: xoops_substr always adds three dots (skalpa) +Fixed bug #921448: Undefined variable in xoopscodes.php (skalpa/dave_l) +Applied patch #953063: js Calendar first popup date bug fix (mithrandir/venezia) +Applied patch #953060: xoopstree.php selbox - subcategories not ordered (mithrandir/venezia) +Applied patch #928503: Only show search results for modules with granted permissions (mithrandir/malanciault) +Fixed bug #922152 preventing notifications to work with some Windows configurations (skalpa/robekras) +Fixed bug #930351 preventing XoopsThemeForm::insertBreak() to work +Corrected the content of $xoopsRequestUri on IIS fixing bug #895984 (skalpa) + +2/6/2004: Version 2.0.6 +=============================== +- Removed calls to XoopsHandlerRegistry class (onokazu) +- Fixed loop problem after retrieving a lost password (onokazu) +- Changed all include() calls to include_once() for xoopscodes.php (onokazu) +- Added routines to remove users from the online member list when a user is deleted (onokazu) +- Added parameters to the Critreria class constructor to allow the use of DB functions in SQL criteria (skalpa) +- Added fetchBoth() method to the XoopsDatabase class (skalpa) +- Fixed typos in class/smarty/plugins/resource.db.php (skalpa) +- Refactoring in /class/xoopsform/form.php (skalpa) +- Added some methods to /class/xoopsform/formelement.php to allow the use of accesskey and class attributes in form element tags (skalpa) +- Fixed extra HTML tags not being displayed when using the XoopsThemeForm::insertBreak() method (Catzwolf) +- Changed the default HTTP method of the search form to GET (onokazu) +- Fixed notification constants not being included during installation (onokazu) +- Fixed session data not being properly escaped before inserting to the database (onokazu) +- Some useful changes to the group permission form (onokazu) +- Fixed the block cachetime selection being reset after preview (onokazu) +- Fixed invalid regex patterns used for username filtering, also added fix to allow the safe use of multi-byte characters in username (contributed by GIJOE) +- Fixed bug where some blocks were not being displayed in block admin page on certain occasions (onokazu) +- Fixed the problem of system admin icon disappearing on certain occasions (onokazu) +- Fixed the errorhandler class to check the current error_reporting level before handleing errors (onokazu) +- Re-activated the errorhandler class (onokazu) +- Updated class/Snoopy.php to the latest version, v1.01 (onokazu) +- Fixed a typo in kernel/online.php (onokazu) +- Added some useful functions to include/xoops.js (skalpa) +- Fix for Opera in include/xoops.js (onokazu) +- Fixed user bio and signature values causing corruption in the edit profile form on certain occasions (onokazu) +- Fixed the module name being reset to the default value after module update (onokazu) +- Fixed invalid regex patterns in xoopslists.php (onokazu) +- Fixed a few issues with register_globals setting +- Fix for the auto-login feature (not activated) +- Fixed image categories not being displayed in the order set by admin (onokazu)- Fixed a typo in kernel/config.php (onokazu) +- Fixed comments not being displayed in the order as requested (onokazu) +- Fixed the mailer class not setting some header values (onokazu) +- Fixed chmod problem in class/uploader.php +- Fixed magic_quotes related problems in class/uploader.php +- Fixed notification routines causing a fatal error while trying to notify non-existent users (onokazu) +- Added fix to convert & to & within mail messages (onokazu) +- Fixed html special characters causing problem when submitting a new module name (onokazu) +- Fixed javascript error in mailuser form (onokazu) +- Fixed javascript error in calendar date select form +- Added a new Smarty function <{xoops_link}> (skalpa) +- Added check to prevent webmaster user/group from being removed completely (contributed by Ryuji) + +newbb +- Security fix in modules/newbb/viewtopic.php (onokazu) +- Security fix in modules/newbb/viewforum.php (onokazu) +- Added register_globals related fix to topicmanager.php (onokazu) +- Fixed topic moderation icons not being displayed for moderators in templates/newbb_thread.html (onokazu) +- Fixed topic time not being displayed in recent posts block on certain occasions in blocks/newbb_new.php (onokazu) +- Added fix to correctly navigate to the requested post even when the post is not on the first page of flat view (contrib by GIJOE in class/forumpost.php, viewtopic.php, viewforum.php) + +sections +- Added missing global variable declarations to index.php (onokazu) + +mydownloads +- Added register_globals related fix to modfile.php (onokazu) + +news +- Added fix to always display published date in each article (onokazu) +- Added missing ?> at the end of file in xoops_version.php (onokazu) +- Some fixes in admin/index.php + +xoopspolls +- Fixed color bar selections not working when creating/editing a new poll (onokazu) + +xoopsmembers +- Fixed 'more than X posts' not working when set to 0 (onokazu) +- Added a new language constant to language/english/main.php (Catzwolf) +- Removed invalid HTML tags in templates/xoopsmembers_searchresults.html (Catzwolf) + + +1/5/2004: Version 2.0.5.2 +=============================== +- Security fix in modules/mylinks/myheader.php +- Security fix in modules/mylinks/visit.php +- Security fix in modules/mylinks/admin/index.php + + +11/22/2003: Version 2.0.5.1 +=============================== +- Added $option parameter to xoops_gethandler function (skalpa) +- Security fix in banners.php (onokazu) +- Security fix in modules/newss/include/forumform.inc.php (onokazu) +- Security fix in include/common.php (onokazu) +- Temporarily disabled XoopsErrorHandler class (onokazu) +- Security fix in include/functions.php (onokazu) +- Removed XoopsHandlerRegistry class (onokazu) +- Added fix for preventing users entering infinite loop when recovering a lost password (onokazu) + + +10/8/2003: Version 2.0.5 +=============================== +- Fixed template files not being updated even when the 'allow update from themes directory' option was enabled in preferences +- Fixed RSS channel title being cutoff at special characters +- Minor bug fix in pagenav.php +- Fixed blocks disappearing from the block admin page on certain occasion +- Additional fixes to work with register_globals off +- Fixed problem with XoopsCode Img button not working on certain occasion +- Added missing SQL query in kernel/avatar.php +- Fixed problem with the newbb module where users could post without a thread title on certain occasion +- Fixed problem in banner admin page where banner edit form not being displayed on certain occasion +- Fixed group selection option in the blocks admin page not being selected on certain occasion +- Fixed poll option textbox forms not displaying the correct values +- Fixed show all link in user profile page not working in 2.0.5RC +- Additional phrases in language/english/global.php(_NOTITLE), language/english/search.php(_SR_IGNOREDWORDS), install/language/english/install.php(_INSTALL_L128, _INSTALL_L200) +- Added check in install/index.php to read $HTTP_ACCEPT_LANGUAGE on initial load + + +9/30/2003: Version 2.0.5 RC +=============================== +- Fixed email checking bug mentioned in http://www.xoops.org/modules/newbb/viewtopic.php?topic_id=12288&forum=2 (mvandam) +- Fixed a number of bugs in blocks admin page (onokazu) +- More usability fix in blocks admin page (onokazu) +- Fixed forum topic links to correctly use the # feature in url (onokazu) +- Fixed password checking bug mentioned in http://www.xoops.org/modules/newbb/viewtopic.php?topic_id=12301&post_id=49369&order=0&viewmode=flat&pid=49203&forum=21#forumpost49369 +- Fixed database connection error when creating database during install (onokazu) +- Fixed mb_output_handler causing problems in backend.php/image.php/downloader (onokazu) +- Fixed search feature to use GET requests for prev/next/showall links (onokazu) +- Register_globals related fix in /include/comment_post.php (contrib by gstarrett) +- Added $xoopsUserIsAdmin global variable (onokazu) +- Added xoops_getLinkedUnameById function to /include/functions.php (Catzwolf) +- Fixed invalid Smarty tags in /modules/system/templates/system_siteclosed.html, /modules/system/templates/system_redirect.html, /modules/system/templates/system_imagemanager2.html (onokazu) + + +9/19/2003: Version 2.0.4 +=============================== +- XOOPS_CACHE_PATH, XOOPS_UPLOAD_PATH, XOOPS_THEME_PATH", XOOPS_COMPILE_PATH, XOOPS_THEME_URL, XOOPS_UPLOAD_URL are now set in include/common.php (onokazu) +- Added [siteurl][/siteurl] tag to XoopsCode (mvandam) +- Fixed a typo in class/uploader.php (onokazu) +- Fixed some redirect problems after login (onokazu) +- registre_globals fix in include/comment_view.php (onokazu) +- Xoops.org news is disabled by default in the admin section (onokazu) +- Added a new error handler class (class/errorhandler.php) (mvandam) +- Fixed XoopsGroupPermHandler returning duplicate permissions (onokazu) +- Fixed block-disappearing problem in blocks admin (onokazu) +- Fixed typo in kernel/notification.php (mvandam) +- Added XoopsGuestUser class in kernel/user.php (onokazu) +- Fixed newbb module to correctly use the # feature in URL (onokazu) +- Improved usability in blocks admin section +- Reduced number of users to display in group/edituser page to max 200 users (onokazu) +- Fixed bug where admins could add users with a existing username (onokazu) +- Added files for module developers to easily add group permisson feature (modules/system/groupperm.php, class/xoopsform/groupperm.php) (onokazu) +- Fixed typo in register.php (onokazu) + + +6/17/2003: Version 2.0.3 +=============================== +- fixed CSS related bug in global search page +- register_globals bug fix in comments +- Smarty updated to 2.5.0 +- fixed typo in kernel/object.php +- fixed group permission bug +- fixed bug where image categories were deleted after group permission update +- fixed bug where user votes could not be deleted in the mylinks module +- fixed some language typos +- changed XoopsGroupPermHandler::getItemIds to accept an array fot the second parameter (gperm_groupid), which was required in certain places.. +- removed avatar image files + + +4/25/2003: Version 2.0.2 +=============================== +- security fix to prevent malicious cross site scripting attacks (onokazu) +- fixed character encoding problem for some languages when using the mailer class (onokazu) +- fixed some major bugs in the xoopsheadline module (onokazu) +- fixed some cookie related problems in the forums module (mvandam) + + +4/18/2003: Version 2.0.1 +=============================== +- fixed bug where notification feature could not be turned on +- fixed character encoding problem for some languages when using the mailer class (onokazu) +- fixed the theme selection block to work again +- fixed typo in kernel/module.php +- fixed incorrect table name in xoops_version.php of the new headline module +- changed max limit size of some columns in the configoption table +- fixed image manager bug when using db store method +- xoops.org can now be disabled by adding nonews=1 + + +4/16/2003: Version 2.0.0 +=============================== +- xoopsheadlines module replaced with xoopsheadline module to fix character encoding problems +- numerous bug fixes + + +3/19/2003: Version 2.0.0 RC3 +=============================== +- a major change in the handling of theme files, the detail of which you can read in this [url=http://www.xoops.org/modules/news/article.php?storyid=677]article[/url] (onokazu) +- a new global notification feature that can easily be incorporated into modules (that use Smarty) by only modifying xoops_version.php and template files (mvandam) +- SMTP support using phpMailer (bunny) +- group permission tables merged into one table (onokazu) +- code refactoring + + +2/9/2003: Version 2.0.0 RC2 +=============================== +A bug fix release.. +- avatar upload bug +- themeset image upload bug +- register_globals fix +- recommend us block error +- error message displayed upon submit of news article +- page navigation bug in some modules +- blank page bug on some servers +- SQL displayed in blocks admin + + +1/31/2003: Version 2.0.0 RC1 +=============================== +The first public release of 2.0 series. +For new features that have been added from 1.3.x, please refer to +the articles listed below: +http://www.xoops.org/modules/news/article.php?storyid=486 +http://www.xoops.org/modules/news/article.php?storyid=549 \ No newline at end of file