phpBB

Fix getting host for situations where the name/IP is not resolvable. Related to Bug #41025
Related revisions: r9387 and r10158

- fixed bug #44975

Because we store forwarded_for if the check is activated we need a better check

Fix Bug #49035 - Fix general error while registration, through undefined variable $config in validate_referer (Patch by wjvriend)

Authorised by: bantu

Fix bug #18005 - Do not add style-parameter to URL again, after admin re-authentification - Patch by leviatan21

Authorised by: AcydBurn

Fixed Bug #47145 - [Fix] Correctly check banned users when force password change

Authorised by: AcydBurn

add quicktool to remove users from the newly registered special group.

- [Feature] New "Newly Registered Users" group for assigning permissions to newly registered users. They will be removed from this group once they reach a defineable amount of posts.
- [Feature] Ability to define if the "Newly Registered Users" group will be assigned as the default group to newly registered users....

some corrections, only very minor things.

#44485 - we only send a 503 header if it is a search engine.

#41575

#41575

- Add indicator to be used in code if session was created (user visits the site for the first time)
- Correctly count topic views for guests visiting the website the first time by entering the topic directly (Bug #43445)

Do not suppress PHP notices/errors in language packs if DEBUG_EXTRA mode enabled. (Bug #41485)

for using the same cached file we need to have exact queries. :P

Correctly display future dates (Bug #38755)

[Change] Performance increase for format_date() (Bug #37575 - Patch by BartVB)
[Change] Changed prosilver date separator from 'on' to '»'
[Feature] Added 'AGO' setting to relative date strings. For example: posted 14 minutes ago. (Patch by BartVB)
[Fix] Extend vertical line for last post column if no posts in forum (Bug #37125)

make topic icon image width/height available to viewforum and search templates (Bug #15934)

add missing dot. :)

Remove a pointless str_replace()

a tiny fix to the language code. ;)

Okay. Frozen, we never said anything about it being permafrost. Also, this is not 100% tested, expect troubel with store_db (I'm waiting for the bug reports)

urlencode image filenames used in img(). This is not needed, but better for XHTML compatibility.

#27395

some adjustements (changes to sessions code need to be backwards-compatible) - henry, do not forget to include this into your merge to 3.2.x too.

...

explanation

So, tighten things up a little further. QA Team, please check this.

#21255

some corrections to let the update work flawlessly.

- some changes to the recent session change
- display errors on inserting sessions
- fix database updater

Minor stuff: #20925, #20815

#20135

20255

#16865

try to add another fix for bans

make the ban check perform a bit better :/

- fixed database updater
- fixed hook function call in database updater
- fixed bot agent detection (we used a wildcard within the w3c-agent, therefore we should really support this. ;))

new hook system (do not get it confused with events or plugins please)
- introducing two new hookable functions too

put expressions for ip validation into our get_preg_ function.

fixing some bugs

two fixes

• empty log message ***

fix session problems for those using mysql in strict mode and users having a browser agent string > 150 characters.

please have a second look at the change within session.php - we had a few "doubled" keys within the db...

hehehe... :(

remove T_THEME_DATA completely... now the css data is able to be fetched for banned users too. Gives us a good chunk of memory back.

- search result extract shouldn't end in the middle of a multibyte character [Bug #11863]
- missing localisation for an imageset shouldn't create lots of "imageset refreshed" log messages [Bug #12027]
- explain that themes which need parsing cannot be stored on the filesystem [Bug #11134]...

some more fixes

#12705

fixing some bugs

Maybe we shouldn't trust the language settings in the db so much.

This should be a better fix for #12441

Should also fix #12393

well, oops.

#12441

Changing the behaviour of the hideonline permission.

Test the current setting before altering the memory limit during install(Bug #12195)

And another language var.

hopefully not too late in the game. Checked in new jabber class (the class done by the flyspray project). It would be nice if this could be tested with more servers - jabber.org seems to work fine...
- other fixes

- style.php uses default language fallback for the imageset like session.php now
- style.php removes placeholders for non-existant images instead of leaving them alone
- automatically try to load a localised part of an imageset if the folder exists and no images for that language were found in the database, thanks PhilippK

added class for disabled options in ACP
E_USER_ERROR now using language keys if available [related to #10445]
UCP/MCP title tags [#10441]
Check $start parameter in viewforum [#10435]
Check for postable forum for moving user posts within users ACP [#10433]...

#10283 - no style if banning anonymous/ip and using style requiring stylesheet parsing. Also fixes a bug for non-parsed THEME_DATA...

- correctly initialise $words in fulltext_native [Bug #347]
- display ignored words from sub-search-queries
- "Return to search page" [Bug #9591]
- spelling in coding guidelines
- htmlspecialchars forwarded_for before logging

some fixes...

fix issue with user agent and debug_extra enabled - reported by kellanved...

- fix htmlspecialchars handling in search (search backends get specialchared input, and should return specialchared output), current backends strip entities anyway [includes Bug #8156]
- allow cancelling search index creation/removal
- custom CSS class name input too short [Bug #8328]...

trying to fix two conversion issues
- anonymous user not entered correctly or entered with user id 0 (need to be tested)
- ips not converted

- fix some oddities (doubled spaces for example)
- changed the way make_forum_select() is returning the forum list - now including skipped forums but being disabled. This should make identifying the correct forum much more easier.
- Changed some permission namings based on suggestions by the community...

- fixing some bugs
- removing utf8 characters from email files (has been discussed internally, you guys know why)
- making sure some opendir calls are checked before calling readdir.

- Optimize acl_getf_global a bit
- a little performance improvement of the IP regular expressions
- convert post_text/subject collation to utf8_unicode_ci if a user wants to use mysql_fulltext to allow case insensitivity [Bug #6272]
- mysql_fulltext should alter all necessary columns at once to speed up the process...

I'm very oblivious today :@

- finally correctly calculate current time for birthday calculation [Bug #6030]
- allow searching forums with unsearchable subforums [Bug #6056]
- addition of an optional HTTP_X_FORWARDED_FOR check in sessions, including bans
- do not index forums which have indexing disabled on index recreation [Bug #6060]...

- author search should use clean names for searching [Bug #5752]
- local moderators are moderators too!
- don't show a "word is not contained in any post" message for ignored common words
- bold search words in search error messages [Bug #5762]

fix for bug #5676 - of course the "delete install folder" notice should not occur if directly within installation.

- fixing a bunch of bugs
- moved the install trigger error to sessions and also disabled it for those having DEBUG_EXTRA enabled.
i hope not having introduced too many new bugs.

- fixes for the following bugs:
#5326
#5318
#5304
#5290
#5288
#5278
#5276
#5272
#5266
- also fixed the "Call-time pass-by-reference" bug #5252
- within this step changed the normalize calls to require references.
- added captcha size variables to the class scope (suggestion was posted at area51)

#5094

comment out for the moment - it may be not fair to disallow "virtual" urls. :)

ok, i do not why the db is setting the type for user id to string - but with this change bots should no longer "spawn" sessions. ;)

- extend config checking to include check for writeable path
- removed not utilized user_allow_email column from schema
- removed inactive groups (they had no use at all, since inactive users are not able to login)
The only benefit those brought are distinguish users - but this is no longer needed too due to the inactive code present. This also allows us to retain group memberships as well as default settings for users being set inactive due to profile changes....

Prevent cookies from other applications interfering with our forms

use the "old" approach

- fixed some bugs
- changed attachment handling a bit
- tried to remove target tags out of the code
- do not add session ids to urls for bots as well as not creating a new session on each page view for them

I bet i introduced some bugs too. ;)

- birthdays/age in user's timezone and not server's local time
- parse bbcode in posts with fewer characters than selected maximum on search results page
- retrieve search word context in posts which are longer than maximum characters (no raw BBCode anymore)...

- casting to int so this won't throw any unwanted errors

submit some attachment changes/fixes as well as fixing the language pack download for zip files.

- fixed some problems with themes
- added support for {IMG_NAME_SRC}, {IMG_NAME_WIDTH} and {IMG_NAME_HEIGHT}
- fulltext_native has to use group by in a few more quries

Fix session id assignment for bots (previously this bug related in bots creating a new session for every view, now bots are assigned one session like normal users - still no rotation).
If cookie is there but having an empty session try to get it through the url - but also resetting the user

- also check for registered users since i do not think guests and bots want to change their password.

some bugfixes

make sure set_config is called with the correct is_dynamic value

some bugfixes

- fixed a few bugs
- added user_add() function
- check posted images ([img]) for same domain/scipt and php files
- auth_api.html updated to the coding guidelines look&feel
- introduced ability to force non page-updates (cron is using it)
- correctly resend coppa email

ok, this one is rather large... the most important change:
re-introduce append_sid: old style continues to work, not a performance hog as it was in 2.0.x -> structure is different

apart from this, code cleanage, bug fixing, etc.

- get every bbcode tpl block defined within bbcode.html. ;) (#1889)

some tiny changes...

- added a few missing log variables
- include acp/common.php language file if displaying logs (LOG_ variables should be stored there only now)
- added check to cron.php
- added database_gc config variable
- recalculate binary trees every once a week ;)

- introduce new function build_url to easily build a valid url from the user->page object as well as optionally removing certain keys
- changed attachment config to utilize the config build methods
- cleaned up posting.php
- the submit/delete_post functions are now usable (functions_posting.php)...

reverting changes to the installer
do not introduce a function we never call outside of common.php

- adding user logs (displaying all users instead of limited to the user if viewing user notes)
- fixed a tiny set of bugs...

- added login error constant for various external auth failures
- completed auth plugin interface (init_method, login_method, autologin_method, validate_session_method, logout_method)
- updated ldap and apache auth plugins to return an info array
- added apache autologin

fix #1213

- Bug 1245

- a bunch of bugfixes. :P

Cross-port a patch from 2.0.20 into the 3.0 branch

- fix some bugs...

- streamlined reports to consist of the feature set we decided upon (Nils, your turn now)
- use getenv instead of $_ENV (with $_ENV the case could be wrong)
- permission fixes (there was a bug arising with getting permission flags - re-added them and handled roles deletion differently)...

- some bugfixes
- committed coding guidelines as they are at area51
- removed script_path (needs a close inspection later)
- removed the need for server_name and server_port
- able to define server port/name/protocol and force the user-defined server vars (very handy for proxy setups)

- size select fix
- introduced function for building group options (acp)
- fixed acl_getf if negated option needs to be retrieved
- only using one function for updating post informations
- fixing module display if module is disabled
- if user is having a non-existent style do not print out error message, instead fix the users value and load the default style

Prevents an occasional error where the $this->data['session_time'] is undefined.

- sperate permissions from sessions
- added some comments to the auth class for better understanding
- revised some permission functions
- added option to negate permission check by prefixing option with a ! (for example checking for !f_read returns true if user is not able to read forum)...

Another small tweak to allow empty theme.cfg values to overwrite the default, e.g. using an empty string for the pagination separator instead of a comma

- fix autologin issues :)

- more acp additions and changes...

Ooopsie

- updated topic tracking code
- additional changes (mostly bugfixes)
- bart, if you update your user table with the user_lastmark field, set it to the user_lastvisit value ;)
- and last but not least, introducing some bugs in ucp main front (regarding topic tracking)

- session changes (this checkin is producing a lot of errors and render the cvs useless. Those following cvs should be able to grasp what to do, others... please wait for other changes being checked in)

Logout banned users, they are unable to use the normal logout link

- fix some tiny glitches

Minor updates

sigh

Remove use of serialize for session cookie data, no need for it anymore ... at least I can't think of one.

- sorry for this change paul. :( But it is needed for a memberlist change... hopefully not breaking anything for you. The only change is the check for the ids explicitly set to false to allow ids with "0".

- test slightly modified topic tracking code
- some bugfixes

- add ability to grab single image params from user::img

- added updated coding guidelines
- introduced is_registered and is_bot flags for correct determinition of guest/registered/bot users
- changed bot code to act on useragent || ip

- Documentation related changes
- added resend activation email dialog
- fixed issue in session code
- log failed/successful admin re-authentication/login
- fixed simple forum dropdown box (used in mcp and posting)

It's really hard to get a commit right the first time. Really\! It is\!

fix admin_session "bug"

- change registration page language on-the-fly
- added download function to functions_compress as well as tiny bugfixes
- added local_name and author to iso.txt file

- remove group informations from session queries

- fix $user->img (once assigned alt/title tag not able to be overwritten because of static variable)

- more updates, mostly bugfixes to the bbcode parser
- changed current_user in sessions (please review)
- give more flexibility to style authors in regard to the pagination elements
- profile fields updates (included a sample constuct into viewtopic_body.html - have to be documented extensivly)...

my turn to break the forum (and at least pm's are no longer working - will not last long). HARRRR

This is a mass commit ... expect trouble! Changes made here are primarily to how login is handled, schema changes necessary!

- fixing some issues with the confirm screen - merging our (the devs) approaches (more fail-safe now)
- fixing some small issues...

replacing two preg_replace statements with one preg_match_all statement...

- private messages - not finished yet.

session updates, please review

Minor alteration

splitted language files

Damn users :)

Force password change after defined number of days

Minor update for image production

Alter method for storing imageset data ... I can't see any obvious increase in page gen times but please comment if such a thing does become apparent

sessions went on a calorie controlled diet and lost 1000 bytes and still had a tasty lunch and dinner!

Fixed a small typo, and no, I'm not hostage of closet monkeys.

Attempt to make page tracking behave a little better

Allow wildcard bot matching

hmmmm

optionget/optionset updates

user option method (get) start

The moving of update eliminates it's usefulness ... given the change was done to increase security it wins :)

Changes for styling directory layout alterations

Allow preview of style for user with appropriate rights ... a "cheat" really

Altered method of storage of cached permissions ... primarily for easier sqlite/firebird support. Clear your user_permission fields before re-visiting your forum else you'll see very little! Changed way in which founder status is protected

Add new method ... allow grab of options for all forums ... useful for e.g. when forums where post count is incremented are required

Append POST originated forum_id to this->page if present

Was certainly one problem with it ...

Fixed typos, added isset() to produce less PHP notices and changed addslashes() to the corresponding dbal function

Renamed ACL_ constants, altered field names

Weekly update: MCP templates. Forms renamed to 'main', added mcp_jumpbox.html for easy jumping and mcp_foruminfo.html.
Not too happy with HTML though =" templates\subSilver\mcp_forum.html templates\subSilver\mcp_foruminfo.html templates\subSilver\mcp_front.html templates\subSilver\mcp_header.html templates\subSilver\mcp_jumpbox.html templates\subSilver\mcp_move.html templates\subSilver\mcp_post.html templates\subSilver\mcp_viewip.html templates\subSilver\mcp_viewlogs.html

Wrong object name

Add browser validation

Here I am going on about minimising new includes and I go and create one ... probably better off as a seperate include though than adding ~500 lines of code to session.php

Some tinkering ... clear your prefetch (user_permissions) fields ...

Re-jiggled where options are cached, moved clear prefetch to main auth class

EOL should be fixed now

Updates as opposed to downdates

This one has the enormous benefit of actually doing what it was supposed to do ...

Various updates

Subforums update take #1

Various, typically posting related updates

Changed $board_config to $config, more posting "stuff", altered polling code in viewtopic and loads of new problems, poor coding, etc. created :)

bah, various issues, assign lang to this->lang via pointer(?)

Random bugfixes, (hopefully) improved admin panel security.

Added the redirect() function for nice and clean redirection.

Err... max() actually needs two args :D

wrong field name, oops

another oopsie in sessions + whos online fix for forum_id in page_header (index displays correctly now)

Overcome last visit issue (in a 'way'), reduce work gc has to do ... hopefully without screwing up what it does ... but this is a "Paul production" so anything is possible ...

Well, here are all my changes ... don't blame me if things break :D

Garbage collection update

More updates

Some sql changes

Idiot

More session changes to accomodate ACL_PERMIT/PREVENT ...

Change connection limit to session per minute limit ... maybe more 'general' ?

Full of debug print outs but hum ho

Various updates, banning, etc.

Various changes + Ashe's security fix