From c2aab4e6df792dced8ce014c8d9c6feee3b24f39 Mon Sep 17 00:00:00 2001 From: Cash Costello Date: Wed, 30 Jan 2013 07:32:52 -0500 Subject: updated the changes file based on development so far --- CHANGES.txt | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'CHANGES.txt') diff --git a/CHANGES.txt b/CHANGES.txt index 13c30ae3e..fd9d0eef6 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -1,3 +1,16 @@ +Version 1.8.14 +(X xx, 2013 from https://github.com/Elgg/Elgg/tree/1.8) + Contributing Developers: + * Luciano Lima + * Paweł Sroka + + Bugfixes: + * + + Enhancements: + * Web services fall back to xml if the viewtype is invalid + + Version 1.8.13 (January 29, 2013 from https://github.com/Elgg/Elgg/tree/1.8) Contributing Developers: -- cgit v1.2.3 From 6494ba26f0f77bbb9bdfb8e4c0d2fd0af862225a Mon Sep 17 00:00:00 2001 From: Cash Costello Date: Sun, 10 Mar 2013 12:19:05 -0400 Subject: fallback to json in web services --- CHANGES.txt | 5 +++-- engine/lib/web_services.php | 6 +++--- 2 files changed, 6 insertions(+), 5 deletions(-) (limited to 'CHANGES.txt') diff --git a/CHANGES.txt b/CHANGES.txt index fd9d0eef6..130d0652d 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -1,6 +1,7 @@ Version 1.8.14 -(X xx, 2013 from https://github.com/Elgg/Elgg/tree/1.8) +(March xx, 2013 from https://github.com/Elgg/Elgg/tree/1.8) Contributing Developers: + * Cash Costello * Luciano Lima * Paweł Sroka @@ -8,7 +9,7 @@ Version 1.8.14 * Enhancements: - * Web services fall back to xml if the viewtype is invalid + * Web services fall back to json if the viewtype is invalid Version 1.8.13 diff --git a/engine/lib/web_services.php b/engine/lib/web_services.php index b6289184a..b440e3afb 100644 --- a/engine/lib/web_services.php +++ b/engine/lib/web_services.php @@ -1267,14 +1267,14 @@ function service_handler($handler, $request) { $request = explode('/', $request); // after the handler, the first identifier is response format - // ex) http://example.org/services/api/rest/xml/?method=test + // ex) http://example.org/services/api/rest/json/?method=test $response_format = array_shift($request); // Which view - xml, json, ... if ($response_format && elgg_is_valid_view_type($response_format)) { elgg_set_viewtype($response_format); } else { - // default to xml - elgg_set_viewtype("xml"); + // default to json + elgg_set_viewtype("json"); } if (!isset($CONFIG->servicehandler) || empty($handler)) { -- cgit v1.2.3 From c8fc0aef6f4b0edd218a248f9e840f268ac61260 Mon Sep 17 00:00:00 2001 From: Cash Costello Date: Sun, 10 Mar 2013 12:59:22 -0400 Subject: updated most of the major changes for 1.8.14 --- CHANGES.txt | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) (limited to 'CHANGES.txt') diff --git a/CHANGES.txt b/CHANGES.txt index 130d0652d..698fa9d61 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -1,12 +1,30 @@ Version 1.8.14 -(March xx, 2013 from https://github.com/Elgg/Elgg/tree/1.8) +(March 12, 2013 from https://github.com/Elgg/Elgg/tree/1.8) Contributing Developers: + * Aday Talavera + * Brett Profitt * Cash Costello + * Ed Lyons + * German Bortoli + * Hellekin Wolf + * iionly + * Jerome Bakker * Luciano Lima + * Matt Beckett * Paweł Sroka + * Sem + * Steve Clay + + Security Fixes: + * Fixed bug that exposed subject lines of messages in inbox + * Added requirement for CSRF token for login Bugfixes: - * + * Strip html tags from tag input + * Fixed several display issues for IE7 + * Fixed several issues with blog drafts + * Fixed repeated token timeout errors + * Fixed JavaScript localization for non-English languages Enhancements: * Web services fall back to json if the viewtype is invalid -- cgit v1.2.3 From 34b14b305f5a106316fdc403c4ce80b25e89b51d Mon Sep 17 00:00:00 2001 From: cash Date: Tue, 12 Mar 2013 19:44:48 -0400 Subject: final update on changes file before release --- CHANGES.txt | 1 + 1 file changed, 1 insertion(+) (limited to 'CHANGES.txt') diff --git a/CHANGES.txt b/CHANGES.txt index 698fa9d61..797fb9c62 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -16,6 +16,7 @@ Version 1.8.14 * Steve Clay Security Fixes: + * Fixed a XSS vulnerability when accepting URLs on user profiles * Fixed bug that exposed subject lines of messages in inbox * Added requirement for CSRF token for login -- cgit v1.2.3 From 970d9bc397edaf03b8c8228e78065f51d8736eb0 Mon Sep 17 00:00:00 2001 From: cash Date: Fri, 19 Apr 2013 22:45:11 -0400 Subject: added changes for 1.8.15 --- CHANGES.txt | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) (limited to 'CHANGES.txt') diff --git a/CHANGES.txt b/CHANGES.txt index 797fb9c62..c23d30fd2 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -1,3 +1,37 @@ +Version 1.8.15 +(April xx, 2013 from https://github.com/Elgg/Elgg/tree/1.8) + Contributing Developers: + * Cash Costello + * Ismayil Khayredinov + * Jeff Tilson + * Matt Beckett + * Paweł Sroka + * Sem + * Steve Clay + * Tom Voorneveld + + Bugfixes: + * Not displaying http:// on profiles when website isn't set + * Fixed pagination display issue for small screens + * Not hiding subpages of top level pages that have been deleted + * Stop corrupting JavaScript views with elgg deprecation messages + * Fixed out of memory error due to query cache + * Fixed bug preventing users authorizing Twitter account access + * Fixed friends access level for editing pages + + Enhancements: + * Added browser caching of language JS files + * Auto-registering views for simplecache when their URL is requested + * Display helpful message for those who have site URL configuration issues + * Can revert to a previous revision with pages plugin + * Site owners can turn off posting wire messages to Twitter + * Search results are sorted by relevance + + Dropped Support: + * Twitter widget due to changes in Twitter API and terms of service + * OAuth API plugin due to conflicts with the Twitter API plugin + + Version 1.8.14 (March 12, 2013 from https://github.com/Elgg/Elgg/tree/1.8) Contributing Developers: -- cgit v1.2.3 From f6e70740d7601af0ff64e4ca2e683a7c9c650e95 Mon Sep 17 00:00:00 2001 From: cash Date: Sat, 20 Apr 2013 13:11:22 -0400 Subject: updates changes and version for 1.8.15 release --- CHANGES.txt | 5 +++-- version.php | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) (limited to 'CHANGES.txt') diff --git a/CHANGES.txt b/CHANGES.txt index c23d30fd2..fcdc97969 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -1,5 +1,5 @@ Version 1.8.15 -(April xx, 2013 from https://github.com/Elgg/Elgg/tree/1.8) +(April 23, 2013 from https://github.com/Elgg/Elgg/tree/1.8) Contributing Developers: * Cash Costello * Ismayil Khayredinov @@ -21,13 +21,14 @@ Version 1.8.15 Enhancements: * Added browser caching of language JS files + * Adding nofollow on user posted URLs for spam deterrence (thanks to Hellekin) * Auto-registering views for simplecache when their URL is requested * Display helpful message for those who have site URL configuration issues * Can revert to a previous revision with pages plugin * Site owners can turn off posting wire messages to Twitter * Search results are sorted by relevance - Dropped Support: + Dropped Plugins: * Twitter widget due to changes in Twitter API and terms of service * OAuth API plugin due to conflicts with the Twitter API plugin diff --git a/version.php b/version.php index b5822b371..c5fc817d4 100644 --- a/version.php +++ b/version.php @@ -14,4 +14,4 @@ $version = 2013030600; // Human-friendly version name -$release = '1.8.14'; +$release = '1.8.15'; -- cgit v1.2.3 From 11c8b773274e3e7217eb7e842448ceb592541c63 Mon Sep 17 00:00:00 2001 From: cash Date: Tue, 23 Apr 2013 18:48:03 -0400 Subject: updated changes file for the 1.8.15 release --- CHANGES.txt | 2 ++ 1 file changed, 2 insertions(+) (limited to 'CHANGES.txt') diff --git a/CHANGES.txt b/CHANGES.txt index fcdc97969..9b79735b3 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -4,6 +4,7 @@ Version 1.8.15 * Cash Costello * Ismayil Khayredinov * Jeff Tilson + * Juho Jaakkola * Matt Beckett * Paweł Sroka * Sem @@ -18,6 +19,7 @@ Version 1.8.15 * Fixed out of memory error due to query cache * Fixed bug preventing users authorizing Twitter account access * Fixed friends access level for editing pages + * Fixed uploading files within the embed dialog Enhancements: * Added browser caching of language JS files -- cgit v1.2.3 From 6d17bde6d059a5d0d5782719623317ec494b773b Mon Sep 17 00:00:00 2001 From: Cash Costello Date: Thu, 13 Jun 2013 07:50:50 -0400 Subject: added some of the notes for the 1.8.16 release --- CHANGES.txt | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) (limited to 'CHANGES.txt') diff --git a/CHANGES.txt b/CHANGES.txt index 9b79735b3..39a88a677 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -1,3 +1,26 @@ +Version 1.8.16 +(June xx, 2013 from https://github.com/Elgg/Elgg/tree/1.8) + Contributing Developers: + * Brett Profitt + * Cash Costello + * Jeff Tilson + * Jerome Bakker + * Paweł Sroka + * Steve Clay + + Security Fixes: + * + + Bugfixes: + * Fixed infinite loop when deleting/disabling an entity with > 50 annotations + * Fixed deleting log tables in log rotate plugin + * Added full text index for groups if missing + * Added workaround for IE8 and jumping user avatar + * Fixed pagination for members pages + * Fixed several internal cache issues + * Plus many more bug fixes + + Version 1.8.15 (April 23, 2013 from https://github.com/Elgg/Elgg/tree/1.8) Contributing Developers: -- cgit v1.2.3 From 175c65bec4a46ee7ffa424555870b383e77bd3bf Mon Sep 17 00:00:00 2001 From: Cash Costello Date: Tue, 25 Jun 2013 06:54:48 -0400 Subject: preparing 1.8.16 release --- CHANGES.txt | 4 ++-- version.php | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'CHANGES.txt') diff --git a/CHANGES.txt b/CHANGES.txt index 39a88a677..187dc7e25 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -1,5 +1,5 @@ Version 1.8.16 -(June xx, 2013 from https://github.com/Elgg/Elgg/tree/1.8) +(June 25, 2013 from https://github.com/Elgg/Elgg/tree/1.8) Contributing Developers: * Brett Profitt * Cash Costello @@ -9,7 +9,7 @@ Version 1.8.16 * Steve Clay Security Fixes: - * + * Fixed avatar removal bug (thanks to Jerome Bakker for the first report of this) Bugfixes: * Fixed infinite loop when deleting/disabling an entity with > 50 annotations diff --git a/version.php b/version.php index ac554a945..f21ea074a 100644 --- a/version.php +++ b/version.php @@ -14,4 +14,4 @@ $version = 2013051700; // Human-friendly version name -$release = '1.8.15'; +$release = '1.8.16'; -- cgit v1.2.3 From 82b30f63043eba9c18999bd2a15301d62ead4a76 Mon Sep 17 00:00:00 2001 From: Paweł Sroka Date: Wed, 1 Jan 2014 12:42:10 +0100 Subject: Preparing 1.8.17 release --- CHANGES.txt | 43 +++++++++++++++++++++++++++++++++++++++++++ version.php | 4 ++-- 2 files changed, 45 insertions(+), 2 deletions(-) (limited to 'CHANGES.txt') diff --git a/CHANGES.txt b/CHANGES.txt index 187dc7e25..819378e12 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -1,3 +1,46 @@ +Version 1.8.17 +(January 1, 2014 from https://github.com/Elgg/Elgg/tree/1.8) + Contributing Developers: + * Brett Profitt + * Cash Costello + * Ed Lyons + * Evan Winslow + * Jeroen Dalsem + * Jerome Bakker + * Juho Jaakkola + * Matt Beckett + * Paweł Sroka + * Sem + * Steve Clay + + Security Fixes: + * Specially-crafted request could return the contents of sensitive files. + * Reflected XSS attack was possible against 1.8 systems. + * The cryptographic key used for various purposes may have been generated with weak entropy, particularly on Windows. + + Bugfixes: + * URLs with non-ASCII usernames again work + * Floated images are now properly cleared in content areas + * The activity page title now matches the document title + * Search again supports multiple comments on the same entity + * Blog archive sidebar now reverse chronological + * URLs with matching parens can now be auto-linked + * Log browser links for users now work + * Disabling over 50 objects should no longer result in an infinite loop + * Radio/checkbox inputs no longer have border radius (for IE10) + * User picker: the Only Friends checkbox again works + * Group bookmarklet no longer shown to non-members + * Widget reordering fixed when moving across columns + * Refuse to deactivate plugins needed as dependencies + + Enhancements: + * Group member listings are ordered by name + * The system_log table can now store IPv6 addresses + * Web services auth_gettoken() now accepts email address + * List functions: no need to specify pagination for unlimited queries + * Htmlawed was upgraded to 1.1.16 + + Version 1.8.16 (June 25, 2013 from https://github.com/Elgg/Elgg/tree/1.8) Contributing Developers: diff --git a/version.php b/version.php index a94bf9d31..c29b44c07 100644 --- a/version.php +++ b/version.php @@ -11,7 +11,7 @@ // YYYYMMDD = Elgg Date // XX = Interim incrementer -$version = 2013052900; +$version = 2014010100; // Human-friendly version name -$release = '1.8.16'; +$release = '1.8.17'; -- cgit v1.2.3 From 0dd36c458d41e77521c36ae572fe73114ad4bc5a Mon Sep 17 00:00:00 2001 From: Steve Clay Date: Sat, 11 Jan 2014 19:54:34 -0500 Subject: Prepare for 1.8.18 release --- CHANGES.txt | 10 ++++++++++ version.php | 4 ++-- 2 files changed, 12 insertions(+), 2 deletions(-) (limited to 'CHANGES.txt') diff --git a/CHANGES.txt b/CHANGES.txt index 819378e12..f6974a3ae 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -1,3 +1,13 @@ +Version 1.8.18 +(January 11, 2014 from https://github.com/Elgg/Elgg/tree/1.8) + Contributing Developers: + * Juho Jaakkola + * Steve Clay + + Bugfixes: + * Fixes notify_user() broken in 1.8.17 + + Version 1.8.17 (January 1, 2014 from https://github.com/Elgg/Elgg/tree/1.8) Contributing Developers: diff --git a/version.php b/version.php index c29b44c07..a7a4776a4 100644 --- a/version.php +++ b/version.php @@ -11,7 +11,7 @@ // YYYYMMDD = Elgg Date // XX = Interim incrementer -$version = 2014010100; +$version = 2014110100; // Human-friendly version name -$release = '1.8.17'; +$release = '1.8.18'; -- cgit v1.2.3