path: root/CHANGES.txt

Version 1.8.0 (Jackie)
(??? from http://code.elgg.org/branches/1.8/)

 User-visible changes:
  * New default theme.
  * Separated admin interface.

 Generic API changes:
  * Added elgg_instanceof().
  * Added remove_subtype() and update_subtype().
  * Added elgg_format_url().
  * ElggDiskFilestore supports non-user owners.

 Deprecated APIs:
  * ElggAccess::get_ignore_access() by ElggAccess::getIgnoreAccess().
  * ElggAccess::set_ignore_access() by ElggAccess::setIgnoreAccess().
  * ElggCache::set_variable() by ElggCache::setVariable().
  * ElggCache::get_variable() by ElggCache::getVariable().
  * ElggDiskFilestore::make_directory_root() by ElggDiskFilestore::makeDirectoryRoot().
  * ElggDiskFilestore::make_file_matrix() and ElggDiskFilestore::user_file_matrix() by
    ElggDiskFilestore::makeFileMatrix().
  * ElggDiskFilestore::mb_string_split() removed.
  * ElggEntity::initialise_attriutes() by ElggEntity::initializeAttributes(). Same for
    all sub classes of ElggEntity.
  * ElggFileCache::create_file() by ::createFile().
  * ElggFileCache::sanitise_filename() by ::sanitizeFilename().
  * ElggMemcache::make_memcache_key() by ::_makeMemcacheKey().
  * ElggGroup::initialise_attributes() by ::initializeAttributes().
  * ElggPlugin::initialise_attributes() by ::initializeAttributes().
  * XMLRPCCall::parse() by XMLRPCCALL::_parse().
  * __get_annotations_calculate_x() by get_annotations_calculate_x().
  * __get_entities_from_annotations_calculate_x() by get_entities_from_annotations_calculate_x().
  * __php_api_error_handler() by _php_api_error_handler().
  * __php_api_exception_handler() by _php_api_exception_handler().
  * __elgg_php_error_handler() by _elgg_php_error_handler().
  * __elgg_php_exception_handler() by _elgg_php_exception_handler().
  * __process_element() by _process_element().
  * All __elgg_session_*() by _elgg_session_*().
  
 UI/UX API changes:
  * Added elgg_push_breadcrumb(), elgg_pop_breadcrumb(), and elgg_get_breadcrumbs().
  * Added navigation/breadcrumbs.
  * Added sticky form support with elgg_make_sticky_form(), 
    elgg_clear_sticky_form(), elgg_is_sticky_form(), and elgg_get_sticky_value().


Version 1.7.9
(June 1, 2011 from http://code.elgg.org/branches/1.7)

 Security Enhancements:
  * Blocking possible access to restricted pages if headers are output too early. Thanks to Vazco
    for reporting!

 Bugfixes:
  * Admins can delete Pages again.
  * TinyMCE upgraded to 3.4.2 to fix IE support.
  * Autocomplete input works correctly.
  * Fixed Message Board "all" posts.
  * Fixed deleting internal messages on some non-English sites.
  * Better feedback if an error occurs when saving widgets.
  * Messages from deleted users no longer show the recipient's avatar.
  * Https logins on fully https sites work correctly.

 API Changes:
  * Added "creating", "river" plugin hook.
  * User metadata is registered as independent higher in the boot sequence.
  * Group ACLs are updated correctly when joining a non-logged in user to a group.
  * Can return 0 for plugin hook 'comments', 'count'.


Version 1.7.8
(April 4, 2011 from http://code.elgg.org/branches/1.7)

 Security Enhancements:
  * Properly encoding search queries (Thanks to lord epsylon (of Lorea) for the report!)

 Bugfixes:
  * Blogs - Fixed disappearing blog draft issue.
  * Groups - Editing a topic from discussion list page works now.
  * Search - Group names used in titles.
  * InviteFriends - Invitation link no longer shows up when logged out.
  * Messages - Denormalized the message calculation for better performance.
  * Sorting by time_created in relationship functions supported.
  * Metadata and annotation names can now be updated.
  * Fixed error with deleting a user with disabled entities.
  * Removed unnecessary executable permissions on a number of files. (Thanks to
    pauloortiz for the report!)

 API Changes:
  * Added delete_submenu_item() for removing sidebar menu items.


Version 1.7.7
(January 31, 2011 from http://code.elgg.org/branches/1.7)

 Security Enhancements:
  * Only admins can view the unvalidated users page (Thanks to Manacim
    Medriano for the report!)

 Bugfixes:
  * Fixed deprecation notices for locales that use comma as radix point.
  * Groups - Files can be completely disabled per group.
  * Pages - Deleting and creating subpages is restricted to owner or group member.
  * Groups - group icons deleted when group is deleted.
  * Pagination will not display when all content id displayed.
  * Fixed issue with get_context() when trailing slash is missing.

 API Changes:
  * Added $CONFIG->action_token_timeout.
  * Added callback option to elgg_get_entities().


Version 1.7.6
(December 23, 2010 from http://code.elgg.org/branches/1.7)

 Security Enhancements:
  * Fixed a possible SQL injection attack when using a crafted
    URL.  Thanks to Gerrit Venema from Gol Gol (golgol.nl) for
    the report.

 Bugfixes:
  * Pages - Fixed "All Pages" link on "All Site Pages" page.
  * Messages - Fixed invalid URLs when using old-style
    pg/messages/<username> links.
  * Messages - Fixed redirect after deleting a message.

 API Changes:
  * Added get_entities_from_access_collection() and deprecated it.
  * is_registered_entity_type() returns correctly when requesting
    just a type and not a subtype.


Version 1.7.5
(November 26, 2010 from http://code.elgg.org/branches/1.7)

 Security Enhancements:
  * Fixed a security flaw in the Bookmarks plugin that could
    allow an XSS attack using crafted URLs.  Thanks to Akhilesh
    Gupta for the bug report.
  * Fixed a security flaw in the widgets system that could allow
    an XSS attack using crafted URLs.

 Bugfixes:
  * Checking for mismatched passwords before creating user when
    manually adding users.
  * 'large' size profile icons created when cropped.
  * Fixed menu entry for user's files link.
  * Fixed caching issues with plugin-added view types.
  * Fixed XFN links on profile page and user lists.
  * Fixed PHP warnings about invalid foreaches in plugins.php
  * Fixed problems in elgg_get_entities_*() when using an array
    for owner_guid.
  * Group profile edit action correctly encodes and saves array input.
  * Language string corrections.

 UI/UX Changes:
  * Users must verify their current password before they can changing
    passwords.
  * Using pagehandlers instead of mod/mod_name/ calls in Blogs,
    Bookmarks, Members, Pages, The Wire, Groups, Invite Friends,
    and Messages.
  * Added a page to view Wire posts by user.

 API Changes:
  * Added remove_group_tool_option().
  * Wrapped Twitter Service's vendor's oAuth lib in class_exists().
  * Added elgg_list_entities_from_relationship().
  * Exposed order_by param in list_entities_from_relationship().
  * Added a default annotation view.


Version 1.7.4
(October 14, 2010 from http://code.elgg.org/branches/1.7)

 Bugfixes:
  * Upgrade Twitter Services to use oAuth so The Wire can post
    to Twitter. See http://el.gg/twitteroauth for instructions.
  * WSOD fixed when viewing an invalid profile page.
  * Checking for mismatched passwords earlier in registration to avoid
    creating a user who can never log in and wasting a username/email.
  * POST data in the web services API is correctly quoted on servers
    with magic quotes enabled.
  * WSOD fixed when trying to update an invalid entity.
  * Group file widget only shows when Files are enabled for the group.
  * Fixed misformatting of some group forum posts in the River.
  * Fixed resizing tall non-square images.
  * Non-English languages work when using memcache.
  * User avatar menus work when switching filters on River Dashboard page.
  * CSS is correctly cached for newly enabled plugins.
  * Can no longer add bookmarks without a title. Previous bookmarks with
    out titles can now be deleted.

 UI/UX Changes:
  * Pages: Admin users can edit user-defined "Welcome page."
  * Pages: Group "Welcome page" can be edited.
  * User Validation:  Added an admin section for unvalidated users. An
    admin user can resend validation request, validate, or delete
    unvalidated users.

 API Changes:
  * test_ip() removed.
  * is_ip_in_range() removed.
  * Read/write DB connections can use different credentials.
  * Twitter services plugin allows other plugins to tweet
    if the user authorizes them.  See twitterservice/README.txt


Version 1.7.3
(September 2, 2010 from http://code.elgg.org/branches/1.7)

 Security enhancements:
  * Fixed a security flaw that allowed an SQL injection attack
    using crafted POSTs.  Thanks to Georg-Christian Pranschke of
    www.sensepost.com for the bug report.

 UI/UX Changes:
  * Entering an invalid captcha now forwards to referring page.

 Bugfixes:
  * Multiple owners support fixed for legacy get_entity*() functions.
  * "Edit details" and "Edit profile icon" only show up for user's own
    profile.
  * get_objects_in_group() works correctly.


Version 1.7.2
(August 18, 2010 from http://code.elgg.org/elgg/branches/1.7)

 UI Changes:
  * Group "widgets" have been standardized with new blog and bookmark widgets.
  * New group member listing page.
  * Group forum topics can be edited including title and status.
  * Added a group creation river entry.

 Bugfixes:
  * Fixed preview and draft saving for blog plugin.
  * Page titles are now editable.
  * Fixed several bugs with the new elgg_get* and elgg_list* functions.
  * Groups do not show up as personal friend collections anymore.
  * Fixed an upgrade issue with utf8 usernames.
  * Encoding of & in group forums is fixed.

 API changes:
  * Added elgg_list_entities_from_metadata().
  * Added elgg_send_email().
  * Added remove_from_river_by_id().
  * Added remove_from_register() for removing menu items.
  * Added elgg_get_excerpt().
  * Added elgg_get_friendly_title() and elgg_get_friendly_time().


Version 1.7.1
(April 21, 2010 from http://code.elgg.org/elgg/branches/1.7)

 UI changes:
  * (Unused) tags field removed from external pages.
  * Languages fixes in groups.
  * Installation checks database settings before writing settings.php.
  * Made the widgets more consistent in their UI.

 Bugfixes:
  * Pagination fixed.
  * Profile icons fixed for PHP-CGI users who were seeing incorrect avatars.
  * Tag search works in groups and members.
  * Tag clouds correctly link to tag search.
  * RSS views added to search.
  * Wrapper function for get_entities() correctly rewrites container_guid to 
    owner_guid.
  * output/url correctly appends http:// again.
  * full_url() urlencode()'s ' and " to avoid a security problem in IE.
  
 API changes:
  * Moved admin flag to users_entity table and added ElggUser->isAdmin(), 
    ->makeAdmin(), and ->removeAdmin() to replace the metadata.
  * Plugin hook for reported content includes the report object.
  * UTF8 upgrade checks server defaults before running to avoid
    corrupted strings.
  * Tags lib updated to elgg_get_*() interface.
  * Can get entities based upon annotation/metadata owner_guid.
  * Moved friendly time and friendly title into overridable views.
  * Added unregister_notification_handler().
  * Added remove_widget_type().
  * Search supports container_guid.


Version 1.7.0
(March 2, 2010 from http://code.elgg.org/elgg/trunk/)

 User-visible changes:
  * UTF8 now saved correctly in database. #1151
  * Unit tests added to System diagnostics.
  * Debug values output to screen when enabled in admin settings.
  * Users can now log in from multiple computers or browsers concurrently.
  * Misconfigured plugins no longer break the site. #1454
  * User display names cannot have HTML or be longer than 50 characters.
  * New search system.

 Bugfixes:
  * Searching by tag with extended characters now works. #1151, #1231
  * Searching for entities works properly with case-insensitive metadata. #1326
  * Invalid views now default to 'default' view. #1161.
  * Metadata cache now handles a 0 string. #1227
  * ElggPlugin get() now works with 0. #1286
  * Metadata __isset() now works for falsy values (except NULL). #1414
  * clear_plugin_setting() now only clears a single setting.
  * Submenu entries are correctly calculated after a simplecache refresh.

 API changes:
  * New plugin hook system:unit_test for adding files to unit tests.
  * $is_admin global deprecated; use elgg_set_ignore_access() instead.
  * Deprecated get_entities().  Use elgg_get_entities().
  * Deprecated get_entities_from_metadata().  Use elgg_get_entities_from_metadata().
  * Deprecated get_entities_from_relationship() and g_e_f_relationships_and_meta().  Use elgg_get_entities_from_relationship().
  * Deprecated get_entities_from_access_id(). Use elgg_get_entities_from_access_id().
  * Deprecated get_entities_from_annotations().  Use elgg_get_entities_from_annotations().
  * Reorganized directory file path to rely on GUID instead of username.
  * annotation_id column added to the river database table.
  * remove_from_river_by_annotation() added.
  * unregister_elgg_event_handler() and unregister_plugin_hook() added. #1465
  * clear_all_plugin_settings() added.
  * get_entity_relationships() supports inverse relationships. #1472.
  * can_write_to_container() can be overridden with the container_permissions_check hook. #1164 (part 2).
  * Deprecated search_for_*().
  * Deprecated search_list*().
  * Added elgg_deprecated_notice().
  * ElggEntity::countEntitiesFromRelationship() supports inverse relationships. #1325
  * delete_relationship() triggers the hook delete:relationship and passes the relationship object. #1213
  * added ElggEntity::removeRelationship(). #1376.
  * get_entity_dates() supports order by. #1406.
  * Added elgg_http_add_url_query_elements().
  * Added elgg_register_tag_metadata_name() and elgg_get_registered_tag_metadata_names();
  * Added ElggEntity::getTags().
  * Added elgg_add_action_tokens_to_url().

 Services API:
  * Separated user and api authenticate processing
  * hmac signature encoding now compatible with OAuth
  * New plugin hook api_key:use for keeping stats on key usage
  * New plugin hook rest:init so plugins can configure authentication modules
  * Moved auth.gettoken to POST for increased security
  * Fixed REST POST bug #1114
  * Fixed #881, #1214, #1215, #1216, #1217, #1218, #1219, #1220, #1298, #1364