Version 1.8.0 (Jackie) (??? from http://code.elgg.org/branches/1.8/) User-visible changes: * New default theme. * Separated admin interface. Generic API changes: * Added elgg_instanceof(). * Added remove_subtype() and update_subtype(). * Added elgg_format_url(). * ElggDiskFilestore supports non-user owners. Deprecated APIs: * ElggAccess::get_ignore_access() by ElggAccess::getIgnoreAccess(). * ElggAccess::set_ignore_access() by ElggAccess::setIgnoreAccess(). * ElggCache::set_variable() by ElggCache::setVariable(). * ElggCache::get_variable() by ElggCache::getVariable(). * ElggDiskFilestore::make_directory_root() by ElggDiskFilestore::makeDirectoryRoot(). * ElggDiskFilestore::make_file_matrix() and ElggDiskFilestore::user_file_matrix() by ElggDiskFilestore::makeFileMatrix(). * ElggDiskFilestore::mb_string_split() removed. * ElggEntity::initialise_attriutes() by ElggEntity::initializeAttributes(). Same for all sub classes of ElggEntity. * ElggFileCache::create_file() by ::createFile(). * ElggFileCache::sanitise_filename() by ::sanitizeFilename(). * ElggMemcache::make_memcache_key() by ::_makeMemcacheKey(). * ElggGroup::initialise_attributes() by ::initializeAttributes(). * ElggPlugin::initialise_attributes() by ::initializeAttributes(). * XMLRPCCall::parse() by XMLRPCCALL::_parse(). * __get_annotations_calculate_x() by get_annotations_calculate_x(). * __get_entities_from_annotations_calculate_x() by get_entities_from_annotations_calculate_x(). * __php_api_error_handler() by _php_api_error_handler(). * __php_api_exception_handler() by _php_api_exception_handler(). * __elgg_php_error_handler() by _elgg_php_error_handler(). * __elgg_php_exception_handler() by _elgg_php_exception_handler(). * __process_element() by _process_element(). * All __elgg_session_*() by _elgg_session_*(). UI/UX API changes: * Added elgg_push_breadcrumb(), elgg_pop_breadcrumb(), and elgg_get_breadcrumbs(). * Added navigation/breadcrumbs. * Added sticky form support with elgg_make_sticky_form(), elgg_clear_sticky_form(), elgg_is_sticky_form(), and elgg_get_sticky_value(). Version 1.7.9 (June 1, 2011 from http://code.elgg.org/branches/1.7) Security Enhancements: * Blocking possible access to restricted pages if headers are output too early. Thanks to Vazco for reporting! Bugfixes: * Admins can delete Pages again. * TinyMCE upgraded to 3.4.2 to fix IE support. * Autocomplete input works correctly. * Fixed Message Board "all" posts. * Fixed deleting internal messages on some non-English sites. * Better feedback if an error occurs when saving widgets. * Messages from deleted users no longer show the recipient's avatar. * Https logins on fully https sites work correctly. API Changes: * Added "creating", "river" plugin hook. * User metadata is registered as independent higher in the boot sequence. * Group ACLs are updated correctly when joining a non-logged in user to a group. * Can return 0 for plugin hook 'comments', 'count'. Version 1.7.8 (April 4, 2011 from http://code.elgg.org/branches/1.7) Security Enhancements: * Properly encoding search queries (Thanks to lord epsylon (of Lorea) for the report!) Bugfixes: * Blogs - Fixed disappearing blog draft issue. * Groups - Editing a topic from discussion list page works now. * Search - Group names used in titles. * InviteFriends - Invitation link no longer shows up when logged out. * Messages - Denormalized the message calculation for better performance. * Sorting by time_created in relationship functions supported. * Metadata and annotation names can now be updated. * Fixed error with deleting a user with disabled entities. * Removed unnecessary executable permissions on a number of files. (Thanks to pauloortiz for the report!) API Changes: * Added delete_submenu_item() for removing sidebar menu items. Version 1.7.7 (January 31, 2011 from http://code.elgg.org/branches/1.7) Security Enhancements: * Only admins can view the unvalidated users page (Thanks to Manacim Medriano for the report!) Bugfixes: * Fixed deprecation notices for locales that use comma as radix point. * Groups - Files can be completely disabled per group. * Pages - Deleting and creating subpages is restricted to owner or group member. * Groups - group icons deleted when group is deleted. * Pagination will not display when all content id displayed. * Fixed issue with get_context() when trailing slash is missing. API Changes: * Added $CONFIG->action_token_timeout. * Added callback option to elgg_get_entities(). Version 1.7.6 (December 23, 2010 from http://code.elgg.org/branches/1.7) Security Enhancements: * Fixed a possible SQL injection attack when using a crafted URL. Thanks to Gerrit Venema from Gol Gol (golgol.nl) for the report. Bugfixes: * Pages - Fixed "All Pages" link on "All Site Pages" page. * Messages - Fixed invalid URLs when using old-style pg/messages/ links. * Messages - Fixed redirect after deleting a message. API Changes: * Added get_entities_from_access_collection() and deprecated it. * is_registered_entity_type() returns correctly when requesting just a type and not a subtype. Version 1.7.5 (November 26, 2010 from http://code.elgg.org/branches/1.7) Security Enhancements: * Fixed a security flaw in the Bookmarks plugin that could allow an XSS attack using crafted URLs. Thanks to Akhilesh Gupta for the bug report. * Fixed a security flaw in the widgets system that could allow an XSS attack using crafted URLs. Bugfixes: * Checking for mismatched passwords before creating user when manually adding users. * 'large' size profile icons created when cropped. * Fixed menu entry for user's files link. * Fixed caching issues with plugin-added view types. * Fixed XFN links on profile page and user lists. * Fixed PHP warnings about invalid foreaches in plugins.php * Fixed problems in elgg_get_entities_*() when using an array for owner_guid. * Group profile edit action correctly encodes and saves array input. * Language string corrections. UI/UX Changes: * Users must verify their current password before they can changing passwords. * Using pagehandlers instead of mod/mod_name/ calls in Blogs, Bookmarks, Members, Pages, The Wire, Groups, Invite Friends, and Messages. * Added a page to view Wire posts by user. API Changes: * Added remove_group_tool_option(). * Wrapped Twitter Service's vendor's oAuth lib in class_exists(). * Added elgg_list_entities_from_relationship(). * Exposed order_by param in list_entities_from_relationship(). * Added a default annotation view. Version 1.7.4 (October 14, 2010 from http://code.elgg.org/branches/1.7) Bugfixes: * Upgrade Twitter Services to use oAuth so The Wire can post to Twitter. See http://el.gg/twitteroauth for instructions. * WSOD fixed when viewing an invalid profile page. * Checking for mismatched passwords earlier in registration to avoid creating a user who can never log in and wasting a username/email. * POST data in the web services API is correctly quoted on servers with magic quotes enabled. * WSOD fixed when trying to update an invalid entity. * Group file widget only shows when Files are enabled for the group. * Fixed misformatting of some group forum posts in the River. * Fixed resizing tall non-square images. * Non-English languages work when using memcache. * User avatar menus work when switching filters on River Dashboard page. * CSS is correctly cached for newly enabled plugins. * Can no longer add bookmarks without a title. Previous bookmarks with out titles can now be deleted. UI/UX Changes: * Pages: Admin users can edit user-defined "Welcome page." * Pages: Group "Welcome page" can be edited. * User Validation: Added an admin section for unvalidated users. An admin user can resend validation request, validate, or delete unvalidated users. API Changes: * test_ip() removed. * is_ip_in_range() removed. * Read/write DB connections can use different credentials. * Twitter services plugin allows other plugins to tweet if the user authorizes them. See twitterservice/README.txt Version 1.7.3 (September 2, 2010 from http://code.elgg.org/branches/1.7) Security enhancements: * Fixed a security flaw that allowed an SQL injection attack using crafted POSTs. Thanks to Georg-Christian Pranschke of www.sensepost.com for the bug report. UI/UX Changes: * Entering an invalid captcha now forwards to referring page. Bugfixes: * Multiple owners support fixed for legacy get_entity*() functions. * "Edit details" and "Edit profile icon" only show up for user's own profile. * get_objects_in_group() works correctly. Version 1.7.2 (August 18, 2010 from http://code.elgg.org/elgg/branches/1.7) UI Changes: * Group "widgets" have been standardized with new blog and bookmark widgets. * New group member listing page. * Group forum topics can be edited including title and status. * Added a group creation river entry. Bugfixes: * Fixed preview and draft saving for blog plugin. * Page titles are now editable. * Fixed several bugs with the new elgg_get* and elgg_list* functions. * Groups do not show up as personal friend collections anymore. * Fixed an upgrade issue with utf8 usernames. * Encoding of & in group forums is fixed. API changes: * Added elgg_list_entities_from_metadata(). * Added elgg_send_email(). * Added remove_from_river_by_id(). * Added remove_from_register() for removing menu items. * Added elgg_get_excerpt(). * Added elgg_get_friendly_title() and elgg_get_friendly_time(). Version 1.7.1 (April 21, 2010 from http://code.elgg.org/elgg/branches/1.7) UI changes: * (Unused) tags field removed from external pages. * Languages fixes in groups. * Installation checks database settings before writing settings.php. * Made the widgets more consistent in their UI. Bugfixes: * Pagination fixed. * Profile icons fixed for PHP-CGI users who were seeing incorrect avatars. * Tag search works in groups and members. * Tag clouds correctly link to tag search. * RSS views added to search. * Wrapper function for get_entities() correctly rewrites container_guid to owner_guid. * output/url correctly appends http:// again. * full_url() urlencode()'s ' and " to avoid a security problem in IE. API changes: * Moved admin flag to users_entity table and added ElggUser->isAdmin(), ->makeAdmin(), and ->removeAdmin() to replace the metadata. * Plugin hook for reported content includes the report object. * UTF8 upgrade checks server defaults before running to avoid corrupted strings. * Tags lib updated to elgg_get_*() interface. * Can get entities based upon annotation/metadata owner_guid. * Moved friendly time and friendly title into overridable views. * Added unregister_notification_handler(). * Added remove_widget_type(). * Search supports container_guid. Version 1.7.0 (March 2, 2010 from http://code.elgg.org/elgg/trunk/) User-visible changes: * UTF8 now saved correctly in database. #1151 * Unit tests added to System diagnostics. * Debug values output to screen when enabled in admin settings. * Users can now log in from multiple computers or browsers concurrently. * Misconfigured plugins no longer break the site. #1454 * User display names cannot have HTML or be longer than 50 characters. * New search system. Bugfixes: * Searching by tag with extended characters now works. #1151, #1231 * Searching for entities works properly with case-insensitive metadata. #1326 * Invalid views now default to 'default' view. #1161. * Metadata cache now handles a 0 string. #1227 * ElggPlugin get() now works with 0. #1286 * Metadata __isset() now works for falsy values (except NULL). #1414 * clear_plugin_setting() now only clears a single setting. * Submenu entries are correctly calculated after a simplecache refresh. API changes: * New plugin hook system:unit_test for adding files to unit tests. * $is_admin global deprecated; use elgg_set_ignore_access() instead. * Deprecated get_entities(). Use elgg_get_entities(). * Deprecated get_entities_from_metadata(). Use elgg_get_entities_from_metadata(). * Deprecated get_entities_from_relationship() and g_e_f_relationships_and_meta(). Use elgg_get_entities_from_relationship(). * Deprecated get_entities_from_access_id(). Use elgg_get_entities_from_access_id(). * Deprecated get_entities_from_annotations(). Use elgg_get_entities_from_annotations(). * Reorganized directory file path to rely on GUID instead of username. * annotation_id column added to the river database table. * remove_from_river_by_annotation() added. * unregister_elgg_event_handler() and unregister_plugin_hook() added. #1465 * clear_all_plugin_settings() added. * get_entity_relationships() supports inverse relationships. #1472. * can_write_to_container() can be overridden with the container_permissions_check hook. #1164 (part 2). * Deprecated search_for_*(). * Deprecated search_list*(). * Added elgg_deprecated_notice(). * ElggEntity::countEntitiesFromRelationship() supports inverse relationships. #1325 * delete_relationship() triggers the hook delete:relationship and passes the relationship object. #1213 * added ElggEntity::removeRelationship(). #1376. * get_entity_dates() supports order by. #1406. * Added elgg_http_add_url_query_elements(). * Added elgg_register_tag_metadata_name() and elgg_get_registered_tag_metadata_names(); * Added ElggEntity::getTags(). * Added elgg_add_action_tokens_to_url(). Services API: * Separated user and api authenticate processing * hmac signature encoding now compatible with OAuth * New plugin hook api_key:use for keeping stats on key usage * New plugin hook rest:init so plugins can configure authentication modules * Moved auth.gettoken to POST for increased security * Fixed REST POST bug #1114 * Fixed #881, #1214, #1215, #1216, #1217, #1218, #1219, #1220, #1298, #1364