Updated change log

1 files changed, 26 insertions, 340 deletions

diff --git a/CHANGES.txt b/CHANGES.txt
index fb5870700..25df5faf6 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -1,3 +1,29 @@
+Version 1.8.1
+(November xx, 2011 from https://github.com/Elgg/Elgg/tree/1.8)
+
+ Enhancements:
+  * Completed styling of user validation admin page
+  * Adding rel=nofollow for non-trusted links
+  * Added direct icon loading for profile avatars in profile plugin
+  * Improved the structure of content views to make styling easier
+  * Updated version of jQuery to 1.6.4
+  * Added basic support for icon size customization
+  * Added a toggle for gallery/list view in file plugin
+  * Added support for passing CSS classes to icon views
+  * Added support for non http URLs to Elgg's normalize functions
+  * Added better support for the 404 forward if a page handler does handle a request
+
+ Bugfixes:
+  * Fixed autocomplete and userpicker
+  * Fixed RSS and web service-related view types
+  * Fixed walled garden display issues
+  * Added work around for IE/TinyMCE/embed insert problem
+  * Implemented ElggUser.isAdmin() JavaScript method
+  * Fixed the date views and JavaScript datepicker
+  * Fixed horizontal radio buttons styling
+  * Modules only display header if there is content for it
+
+
 Version 1.8.1b
 (October 11, 2011 from git://github.com/Elgg/Elgg.git)
 
@@ -152,343 +178,3 @@ Version 1.8.0 (Jackie)
 
  Elgg 1.8.0.1 was released immediately after 1.8.0 to correct a problem in
  installation.
-
-
-Previous and Merged Changes:
-
-Version 1.7.11
-(August 15, 2011 from http://github.com/Elgg/elgg)
-
- Security Enhancements:
-  * Fixed possible XSS vector in the embed plugin. Thanks to Aung Khant from YEHG for the report.
-  * Fixed possible SQL exposure exploit in the search plugin. Thanks again to Aung Khant.
-  * Fixed possible SQL injection vector in the search plugin. Thanks to Lostmon Lords for the report.
-
- Bugfixes:
-  * Filtering by content works in the dashboard again.
-  * Dragging widgets works in IE9.
-
- API Changes:
-  * Deleting a container will delete all contained objects regardless of access_id.
-  * setLocation() and setLatLong() no longer double escapes strings.
-  * Calling elgg_list_entities() with count set no longer breaks the display.
-
-
-Version 1.7.10
-(June 14, 2011 from http://code.elgg.org/branches/1.7)
-
- Security Enhancements:
-  * Changes to prevent numerous reflected cross site scripting vectors. Thanks to Aung Khant for
-    the reports!
-
- Enhancements:
-  * Banned users are more apparent in user lists and profiles.
-
- Bugfixes:
-  * TinyMCE: Using Elgg's default font to prevent small font sizes.
-  * Files: Optimizations to allow uploading and downloading larger files.
-  * Fixed bugs preventing users from adding and removing friends in Friends Collections.
-  * $CONFIG->lastcache is correctly set for pages that regenerate the cache.
-
- API Changes:
-  * Added unit tests for access collections.
-  * Added can_edit_access_collection().
-  * Access collection functions no longer check permissions. Do this in actions instead.
-
-
-Version 1.7.9
-(June 1, 2011 from http://code.elgg.org/branches/1.7)
-
- Security Enhancements:
-  * Blocking possible access to restricted pages if headers are output too early. Thanks to Vazco
-    for reporting!
-
- Bugfixes:
-  * Admins can delete Pages again.
-  * TinyMCE upgraded to 3.4.2 to fix IE support.
-  * Autocomplete input works correctly.
-  * Fixed Message Board "all" posts.
-  * Fixed deleting internal messages on some non-English sites.
-  * Better feedback if an error occurs when saving widgets.
-  * Messages from deleted users no longer show the recipient's avatar.
-  * Https logins on fully https sites work correctly.
-
- API Changes:
-  * Added "creating", "river" plugin hook.
-  * User metadata is registered as independent higher in the boot sequence.
-  * Group ACLs are updated correctly when joining a non-logged in user to a group.
-  * Can return 0 for plugin hook 'comments', 'count'.
-
-
-Version 1.7.8
-(April 4, 2011 from http://code.elgg.org/branches/1.7)
-
- Security Enhancements:
-  * Properly encoding search queries (Thanks to lord epsylon (of Lorea) for the report!)
-
- Bugfixes:
-  * Blogs - Fixed disappearing blog draft issue.
-  * Groups - Editing a topic from discussion list page works now.
-  * Search - Group names used in titles.
-  * InviteFriends - Invitation link no longer shows up when logged out.
-  * Messages - Denormalized the message calculation for better performance.
-  * Sorting by time_created in relationship functions supported.
-  * Metadata and annotation names can now be updated.
-  * Fixed error with deleting a user with disabled entities.
-  * Removed unnecessary executable permissions on a number of files. (Thanks to
-    pauloortiz for the report!)
-
- API Changes:
-  * Added delete_submenu_item() for removing sidebar menu items.
-
-
-Version 1.7.7
-(January 31, 2011 from http://code.elgg.org/branches/1.7)
-
- Security Enhancements:
-  * Only admins can view the unvalidated users page (Thanks to Manacim
-    Medriano for the report!)
-
- Bugfixes:
-  * Fixed deprecation notices for locales that use comma as radix point.
-  * Groups - Files can be completely disabled per group.
-  * Pages - Deleting and creating subpages is restricted to owner or group member.
-  * Groups - group icons deleted when group is deleted.
-  * Pagination will not display when all content id displayed.
-  * Fixed issue with get_context() when trailing slash is missing.
-
- API Changes:
-  * Added $CONFIG->action_token_timeout.
-  * Added callback option to elgg_get_entities().
-
-
-Version 1.7.6
-(December 23, 2010 from http://code.elgg.org/branches/1.7)
-
- Security Enhancements:
-  * Fixed a possible SQL injection attack when using a crafted
-    URL.  Thanks to Gerrit Venema from Gol Gol (golgol.nl) for
-    the report.
-
- Bugfixes:
-  * Pages - Fixed "All Pages" link on "All Site Pages" page.
-  * Messages - Fixed invalid URLs when using old-style
-    pg/messages/<username> links.
-  * Messages - Fixed redirect after deleting a message.
-
- API Changes:
-  * Added get_entities_from_access_collection() and deprecated it.
-  * is_registered_entity_type() returns correctly when requesting
-    just a type and not a subtype.
-
-
-Version 1.7.5
-(November 26, 2010 from http://code.elgg.org/branches/1.7)
-
- Security Enhancements:
-  * Fixed a security flaw in the Bookmarks plugin that could
-    allow an XSS attack using crafted URLs.  Thanks to Akhilesh
-    Gupta for the bug report.
-  * Fixed a security flaw in the widgets system that could allow
-    an XSS attack using crafted URLs.
-
- Bugfixes:
-  * Checking for mismatched passwords before creating user when
-    manually adding users.
-  * 'large' size profile icons created when cropped.
-  * Fixed menu entry for user's files link.
-  * Fixed caching issues with plugin-added view types.
-  * Fixed XFN links on profile page and user lists.
-  * Fixed PHP warnings about invalid foreaches in plugins.php
-  * Fixed problems in elgg_get_entities_*() when using an array
-    for owner_guid.
-  * Group profile edit action correctly encodes and saves array input.
-  * Language string corrections.
-
- UI/UX Changes:
-  * Users must verify their current password before they can changing
-    passwords.
-  * Using pagehandlers instead of mod/mod_name/ calls in Blogs,
-    Bookmarks, Members, Pages, The Wire, Groups, Invite Friends,
-    and Messages.
-  * Added a page to view Wire posts by user.
-
- API Changes:
-  * Added remove_group_tool_option().
-  * Wrapped Twitter Service's vendor's oAuth lib in class_exists().
-  * Added elgg_list_entities_from_relationship().
-  * Exposed order_by param in list_entities_from_relationship().
-  * Added a default annotation view.
-
-
-Version 1.7.4
-(October 14, 2010 from http://code.elgg.org/branches/1.7)
-
- Bugfixes:
-  * Upgrade Twitter Services to use oAuth so The Wire can post
-    to Twitter. See http://el.gg/twitteroauth for instructions.
-  * WSOD fixed when viewing an invalid profile page.
-  * Checking for mismatched passwords earlier in registration to avoid
-    creating a user who can never log in and wasting a username/email.
-  * POST data in the web services API is correctly quoted on servers
-    with magic quotes enabled.
-  * WSOD fixed when trying to update an invalid entity.
-  * Group file widget only shows when Files are enabled for the group.
-  * Fixed misformatting of some group forum posts in the River.
-  * Fixed resizing tall non-square images.
-  * Non-English languages work when using memcache.
-  * User avatar menus work when switching filters on River Dashboard page.
-  * CSS is correctly cached for newly enabled plugins.
-  * Can no longer add bookmarks without a title. Previous bookmarks with
-    out titles can now be deleted.
-
- UI/UX Changes:
-  * Pages: Admin users can edit user-defined "Welcome page."
-  * Pages: Group "Welcome page" can be edited.
-  * User Validation:  Added an admin section for unvalidated users. An
-    admin user can resend validation request, validate, or delete
-    unvalidated users.
-
- API Changes:
-  * test_ip() removed.
-  * is_ip_in_range() removed.
-  * Read/write DB connections can use different credentials.
-  * Twitter services plugin allows other plugins to tweet
-    if the user authorizes them.  See twitterservice/README.txt
-
-
-Version 1.7.3
-(September 2, 2010 from http://code.elgg.org/branches/1.7)
-
- Security enhancements:
-  * Fixed a security flaw that allowed an SQL injection attack
-    using crafted POSTs.  Thanks to Georg-Christian Pranschke of
-    www.sensepost.com for the bug report.
-
- UI/UX Changes:
-  * Entering an invalid captcha now forwards to referring page.
-
- Bugfixes:
-  * Multiple owners support fixed for legacy get_entity*() functions.
-  * "Edit details" and "Edit profile icon" only show up for user's own
-    profile.
-  * get_objects_in_group() works correctly.
-
-
-Version 1.7.2
-(August 18, 2010 from http://code.elgg.org/elgg/branches/1.7)
-
- UI Changes:
-  * Group "widgets" have been standardized with new blog and bookmark widgets.
-  * New group member listing page.
-  * Group forum topics can be edited including title and status.
-  * Added a group creation river entry.
-
- Bugfixes:
-  * Fixed preview and draft saving for blog plugin.
-  * Page titles are now editable.
-  * Fixed several bugs with the new elgg_get* and elgg_list* functions.
-  * Groups do not show up as personal friend collections anymore.
-  * Fixed an upgrade issue with utf8 usernames.
-  * Encoding of & in group forums is fixed.
-
- API changes:
-  * Added elgg_list_entities_from_metadata().
-  * Added elgg_send_email().
-  * Added remove_from_river_by_id().
-  * Added remove_from_register() for removing menu items.
-  * Added elgg_get_excerpt().
-  * Added elgg_get_friendly_title() and elgg_get_friendly_time().
-
-
-Version 1.7.1
-(April 21, 2010 from http://code.elgg.org/elgg/branches/1.7)
-
- UI changes:
-  * (Unused) tags field removed from external pages.
-  * Languages fixes in groups.
-  * Installation checks database settings before writing settings.php.
-  * Made the widgets more consistent in their UI.
-
- Bugfixes:
-  * Pagination fixed.
-  * Profile icons fixed for PHP-CGI users who were seeing incorrect avatars.
-  * Tag search works in groups and members.
-  * Tag clouds correctly link to tag search.
-  * RSS views added to search.
-  * Wrapper function for get_entities() correctly rewrites container_guid to
-    owner_guid.
-  * output/url correctly appends http:// again.
-  * full_url() urlencode()'s ' and " to avoid a security problem in IE.
-
- API changes:
-  * Moved admin flag to users_entity table and added ElggUser->isAdmin(),
-    ->makeAdmin(), and ->removeAdmin() to replace the metadata.
-  * Plugin hook for reported content includes the report object.
-  * UTF8 upgrade checks server defaults before running to avoid
-    corrupted strings.
-  * Tags lib updated to elgg_get_*() interface.
-  * Can get entities based upon annotation/metadata owner_guid.
-  * Moved friendly time and friendly title into overridable views.
-  * Added unregister_notification_handler().
-  * Added remove_widget_type().
-  * Search supports container_guid.
-
-
-Version 1.7.0
-(March 2, 2010 from http://code.elgg.org/elgg/trunk/)
-
- User-visible changes:
-  * UTF8 now saved correctly in database. #1151
-  * Unit tests added to System diagnostics.
-  * Debug values output to screen when enabled in admin settings.
-  * Users can now log in from multiple computers or browsers concurrently.
-  * Misconfigured plugins no longer break the site. #1454
-  * User display names cannot have HTML or be longer than 50 characters.
-  * New search system.
-
- Bugfixes:
-  * Searching by tag with extended characters now works. #1151, #1231
-  * Searching for entities works properly with case-insensitive metadata. #1326
-  * Invalid views now default to 'default' view. #1161.
-  * Metadata cache now handles a 0 string. #1227
-  * ElggPlugin get() now works with 0. #1286
-  * Metadata __isset() now works for falsy values (except NULL). #1414
-  * clear_plugin_setting() now only clears a single setting.
-  * Submenu entries are correctly calculated after a simplecache refresh.
-
- API changes:
-  * New plugin hook system:unit_test for adding files to unit tests.
-  * $is_admin global deprecated; use elgg_set_ignore_access() instead.
-  * Deprecated get_entities().  Use elgg_get_entities().
-  * Deprecated get_entities_from_metadata().  Use elgg_get_entities_from_metadata().
-  * Deprecated get_entities_from_relationship() and g_e_f_relationships_and_meta().  Use elgg_get_entities_from_relationship().
-  * Deprecated get_entities_from_access_id(). Use elgg_get_entities_from_access_id().
-  * Deprecated get_entities_from_annotations().  Use elgg_get_entities_from_annotations().
-  * Reorganized directory file path to rely on GUID instead of username.
-  * annotation_id column added to the river database table.
-  * remove_from_river_by_annotation() added.
-  * unregister_elgg_event_handler() and unregister_plugin_hook() added. #1465
-  * clear_all_plugin_settings() added.
-  * get_entity_relationships() supports inverse relationships. #1472.
-  * can_write_to_container() can be overridden with the container_permissions_check hook. #1164 (part 2).
-  * Deprecated search_for_*().
-  * Deprecated search_list*().
-  * Added elgg_deprecated_notice().
-  * ElggEntity::countEntitiesFromRelationship() supports inverse relationships. #1325
-  * delete_relationship() triggers the hook delete:relationship and passes the relationship object. #1213
-  * added ElggEntity::removeRelationship(). #1376.
-  * get_entity_dates() supports order by. #1406.
-  * Added elgg_http_add_url_query_elements().
-  * Added elgg_register_tag_metadata_name() and elgg_get_registered_tag_metadata_names();
-  * Added ElggEntity::getTags().
-  * Added elgg_add_action_tokens_to_url().
-
- Services API:
-  * Separated user and api authenticate processing
-  * hmac signature encoding now compatible with OAuth
-  * New plugin hook api_key:use for keeping stats on key usage
-  * New plugin hook rest:init so plugins can configure authentication modules
-  * Moved auth.gettoken to POST for increased security
-  * Fixed REST POST bug #1114
-  * Fixed #881, #1214, #1215, #1216, #1217, #1218, #1219, #1220, #1298, #1364