kses ChangeLog
==============
KSES5
* 1.0.2
KSES4
* 0.2.2
- Folded in code from kses 0.2.2.
KSES5
* 1.0.1rc
KSES4
* 0.2.2rc
- Added SetProtocols() to make protocol replacement a single step
to fully answer concerns in bug #892477
KSES5
* 1.0.0
- Turned many methods private
- Now using __construct default constructor
- Only runs in PHP5 or better
- All method names changed to reflect verb status
- Folded sinlge line functions into calling methods
- Deprecated _hook(), Protocols()
- Added AddProtocols() to replace Protocols()
- Added filterKsesTextHook() to replace _hook()
- Added RemoveProtocol() and RemoveProtocols() to remove protocols
singly, or batch. This should clear bug #892477
- Version number is 1.0.0
KSES4
* 0.2.1
- Synced version number to procedural code
- Deprecated _hook(), Protocols()
- Added AddProtocols() to replace Protocols()
- Added filterKsesTextHook() to replace _hook()
- Added RemoveProtocol() and RemoveProtocols() to remove protocols singly,
or batch. This should clear bug #892477
OOP
- Forked code into PHP4 and PHP5 versions. Use '$myKses = new kses[45]'
from now on.
- Modified code to run in E_STRICT. This should clear bug #918493
- Added phpDoc commenting
OOP
* 0.0.2
- Fixed a bug in AddProtocol that wasn't adding new protocols to
$this->allowed_protocols
- Modified internal methods to correspond to kses 0.2.1 modifications.
- Created a basic test suite that can be run via web or CLI.
- Started CVSing the code.
OOP
* 0.0.1
- Turned all the kses_function_name functions to _function_name methods.
- Added a couple of properties (allowed_protocols, allowed_html) with
$this->allowed_protocols defaulting to the lion's share of usual
protocols.
- Modified the applicable use of preg_replace() functions to point to
internal class methods.
- Reduced the parameter list of some methods since internal properties
are now being used.
- Added "public" methods to set up the allowed protocols and HTML.
Procedural
* 0.2.1
0.2.1 was released on the 29th of September 2003.
It has the following changes:
- There is now an additional version of kses, using the object-oriented
paradigm. Thanks a lot to Richard R. Vasquez, Jr., who created it!
Anyone who wants to make functional programming, logical programming or
spaghetti programming versions of kses as well (or any other programming
paradigm that you like), go ahead! All the people who like old
procedural programming for web applications shouldn't despair, though,
as both versions will be maintained with each release.
- kses now has some new attribute value checks: minlen, minval and
valueless. See docs/attribute-value-checks for an explanation.
- For some reason, the Opera developers decided to make chr(173) a
whitespace character in URL protocols, both when it occurs raw and in an
entity. kses now handles this.
- The URL protocol whitelisting system now decodes entities before
removing NULLs and whitespaces.
Procedural
* 0.2.0
0.2.0 was released on the 25th of July 2003.
It has the following changes:
- kses now supports checking of attribute values, and not just element
names and attribute names. The attribute value checks that exist so far
are 'maxlen' (checks how long attribute values are, to avoid Buffer
Overflows) and 'maxval' (checks how big an integer value is, to avoid
Denial of Service attacks).
Buffer Overflows could both be a problem for WWW clients and different
servers on the Internet that an HTML document links to. One example is
.
Denial of Service attacks can take the form of too big sizes of iframes
or other things. One example is