ChangeLog

2007-10-05  Sylvain Beucler  <beuc@beuc.net>

	* Incorporate changes from Yves Perrin (CERN): fix xss
	vulnerability in form login name [Beuc: added EMT_QUOTES and fixed
	another occurrence]; introduced DAILY export

2007-10-04  Sylvain Beucler  <beuc@beuc.net>

	* New spanish translation from Gonzalo Sebastian

2007-09-08  Sylvain Beucler  <beuc@beuc.net>

	* New "become this user" feature for admins.

2007-XX-XX  Sylvain Beucler  <beuc@beuc.net>

	* Lots of small fixes (PHP warnings...)

2007-06-28  Sylvain Beucler  <beuc@beuc.net>

	* frontend/php/include/trackers_run/index.php: old project may
	have 'originator_email' configured as 'show_on_add' /
	'show_on_member_add', while this field is only meant for anonymous
	users. This can trigger a warning a item creation by a project
	member. Now the field is only used if the user is anonymous (and
	if the field is activated). Ex: sr #105913@savannah

	* frontend/php/include/user_home.php: unmask private e-mails for
	site administrators

2007-06-24  Sylvain Beucler  <beuc@beuc.net>

	* Fixed old bug that disallowed people from adding themselves in
	Cc, or vote, in a tracker with member-only posting

	* Quiet an old bug in include/my/general.php where hidden items
	trigger bad SQL requests in condensed (i.e. user_home.php) mode

	* Fix a bug in detail.html that didn't support the task/?XXXX form

	* Removed an added '.' in the redirect URL in login.php
	(incomplete concatenation -> string substitution)

2007-06-23  Sylvain Beucler  <beuc@beuc.net>

	* New debug variable: sys_debug_noformcheck to bypass form
	duplicates checks - this makes devs waste time going back + reload
	+ resubmit during debugging.

	* frontend/php/cvs/admin/index.php: sane_import clean-up + fixed
	warning when no hook was removed

	* frontend/php/include/trackers/data.php: remove HTML from
	reassignment message, it's not accepted by the tracker anymore for
	a while now.

	* Pass the tracker type to trackers_build_notification_list -
	during item reassignement, it can be a different type.

	* Various bugfixes (warnings, introduces during the clean-up...)

2007-06-17  Sylvain Beucler  <beuc@beuc.net>

	* Using '@' before include($conf_file) is not a good idea
	actually: if the (optional) conf file is not there, it avoids a
	warning, but if there's a syntax error in it, we just get a blank
	page. So I now explicitely test whether the file_exists.

2007-06-10  Sylvain Beucler  <beuc@beuc.net>

	* Using a full URL (with hostname and port, not a relative path)
	breaks port-forwarding in test environment (eg. qemu --redir). If
	there's no need to switch http protocol (eg. http->https) the URI
	is now relative. There's no easy way to get around if
	sys_https_host is set, but that's less important for quick
	tests. This concerns links to/in login.php and register.php.

2007-06-09  Sylvain Beucler  <beuc@beuc.net>

	* The frontend configuration file is now optional, Savane works
	fine in test environment / common case without one.

	* Fix sane_nomagic() array import

	* Simplify the root .htaccess using a regexp for p/pr/projects
	etc.

	* frontend/php/include/php4.php: add a quick'n dirty replacement
	for PHP5's array_combine - I'd have used PHP_Compat if only it
	weren't under the (GPL-incompatible) PHP License, sigh.

	* lib/Savane/Lock.pm: create /var/lock/savane if it doesn't exist
	already (bug#9200@gna)

	* Finish git support

2007-06-05  Sylvain Beucler  <beuc@beuc.net>

	* I essentially finished the clean-up (PHP warnings,
	register_globals=off, magic_quotes=off, mysql sanitizing,
	etc.). That puts an end to the freeze started 6 months ago.

2007-05-29  Sylvain Beucler  <beuc@beuc.net>

	* frontend/php/search/index.php: removed base_host support. The
	redirection is usually be done in the /project page itself, and
	this prevents going out from test installs to real servers without
	notice (when using $sys_debug_nobasehost).

2007-05-27  Sylvain Beucler  <beuc@beuc.net>

	* Merged addition and modification screen for mailing lists

	* Removed Savannah-specific unused bits in mail/admin/index.php

2007-05-26  Rudy Gevaert <Rudy.Gevaert@UGent.be>

	* Update UGent.css (bug #9201@gna)

2007-05-13  Sylvain Beucler  <beuc@beuc.net>

	* frontend/php/include/init.php: Grouped debug output at the
	bottom of the page, in a more concise format.

2007-04-30  Mathieu Roy

	* backend/accounts/sv_membersh.in: in openssh v4, sftp-server is
	in /usr/lib/openssh instead of /usr/lib

2007-04-25  Sylvain Beucler  <beuc@beuc.net>

	* frontend/php/include/session.php: Fix the cookies explicit
	domain so it works with all browsers, and document it.

2007-04-11  Sylvain Beucler  <beuc@beuc.net>

	* Fix URLs broken by the brutal comments conversion (s,//,#,) that
	somebody did once.

	* Removed comment about brother websites (it does work with
	Kerberos now, and I don't foresee any unpredictable behavior if
	the user never logged-in to the brother website).

2007-04-10  Sylvain Beucler  <beuc@beuc.net>

	* frontend/php/people/viewjob.php: fix bad link to the project,
	replaced /project/?group_id= by /projects/$unix_group_name. We
	need to check why project/?group_id=XXX doesn't work anymore
	though (task #6723@sv)

2007-04-09  Mathieu Roy
	
	* backend/misc/sv_spamcheck_scholar.in: fix bug causing spamcheck
	scholar to use --ham instead of --spam (bug #8897).

2007-04-09  Sylvain Beucler  <beuc@beuc.net>

	* frontend/php/include/database.php(db_autoexecute): adapt fix
	from Mathieu, "Escape fields name with ` `, sometimes necessary
	with MySQL 5 because plenty of name are reserved (bug #8898)."

	* frontend/php/images: big clean-up, replaces duplicate images by
	symlinks, symlinks identical themes, grouped icons by similar
	sets, removed old unused icons (ftp->download, error->wrong),
	removed pseudo-theme 'transparent' (replaced by groups of
	icons). The images size is appreciably reduced from 6.9M/12M to
	1.6M/2.3M (without/with generated smaller icons).

2007-03-25  Sylvain Beucler  <beuc@beuc.net>

	* frontend/php/mail/majordomo_interface.php: removed after reading
	proprietary license http://www.greatcircle.com/majordomo/LICENSE

	* tests/minimal_configs: create a full LAMP for testing purposes.

2007-03-24  Sylvain Beucler  <beuc@beuc.net>

	* Continued autoconfiscation and clean-ups.

2007-03-17  Sylvain Beucler  <beuc@beuc.net>

	* configure.ac & al.: autoconfiscation

	* lib/Makefile.PL: provide Perl-style module installation. Drop
	Savannah.pm compatibility links.

2007-03-16  Sylvain Beucler  <beuc@beuc.net>

	* frontend/php/include/i18n.php: follow gettext guidelines and use
	bindtextdomain. See the explanation in configure/INSTALLNLSDIR.

	* configure: try to minimise the number of question asked

	* Removed .in source css files - they are relocatable now and
	doesn't need SV_URLROOT expanded anymore. Removed the Makefile.in
	as well.

	* docs/devel/CLEANUP: introduce clean-up methods

	* frontend/php/search/index.php: removed Google-specific search,
	after all we didn't receive funds from Google. This is becoming a
	monopoly...

2007-02-24  Sylvain Beucler  <beuc@beuc.net>

	* More clean-up.

	* Removed outdated unused batch-processing
	bulk_admin_users.php

2007-01-02  Sylvain Beucler  <beuc@beuc.net>

	* Bugfix my bugfixes.

	* Remove unused argument 5 for trackers_add_cc() and its calls.

2007-01-01  Sylvain Beucler  <beuc@beuc.net>

	* Removed deprecated format_date() and replaced the remaining
	calls with utils_format_date().

	* There has been quite a lot of changes for PHP5 / E_STRICT /
	register_globals=off compliance. Not finished yet.

2006-12-17  Sylvain Beucler  <beuc@beuc.net>

	* Other big chunks of PHP warning fixes.

2006-12-16  Sylvain Beucler  <beuc@beuc.net>

	* Remove Savannah-specific code from Download.pm - it's now
	unused.

	* find -name "*.php" -print0 | xargs -r0 sed -i -e
	's/$PHP_SELF/$_SERVER['\''PHP_SELF'\'']/g'

	* sed -i -e
	's/$GLOBALS\[.\?REMOTE_ADDR.\?\]/$_SERVER['\''REMOTE_ADDR'\'']/g'
	include/session.php account/lostpw-confirm.php

2006-12-16  Sylvain Beucler  <beuc@beuc.net>

	* Merged Savane changes - bugfix about MySQL5's mysqldump using
	MySQL5-specific instructions.

2006-12-10  Sylvain Beucler  <beuc@beuc.net>

	* Show WWW repository ViewCVS link even if the URL differ from the
	group type default. This puzzled users more than it helped
	them. Possibly showing/adding the 'Homepage' link should be
	possible - but currently the 'active features' page is a bit
	messy.

2006-12-03  Sylvain Beucler  <beuc@beuc.net>

	* Lots of PHP warnings and PHP5 fixes; I try to run Savane with
	error_reporting = E_ALL | E_STRICT, register_globals=off,
	magic_quotes=off to clean-up the code.

	* frontend/php/include/utils.php: Removed lowercasing in fb(), as
	well as other code expecting that $msg is a single sentence - this
	is often not the case.

	* PHP5 fix: sed -i -e
	's/$GLOBALS\[.\?PHP_SELF.\?\]/$_SERVER['\''PHP_SELF'\'']/g'
	my/quitproject.php include/pre.php
	include/trackers_run/admin/field_values_reset.php
	include/trackers/general.php include/trackers/general.php

	* Detect when php-mysql is not installed and reports the error
	clearly.

	* ChangeLog.byversion -> NEWS

	* Introduce a smaller default SVN repository creation, with no
	default architecture. Move Gna-style default layout to the Attic
	sub.

2006-11-30  Sylvain Beucler  <beuc@beuc.net>

	* backend/accounts/sv_membersh.pl: uses
	/usr/local/bin:/usr/bin:/bin as PATH (reverse order compared to
	before, includes /usr/local/bin) - this is the default Debian PATH

	* account/login.php: Uses HTTP 302 redirections to detect cookies
	immediately.

	* Don't try to chmod ~/.ssh/authorized_keys if doesn't exists.
	
2006-11-29  Sylvain Beucler  <beuc@beuc.net>

	* Fixed warnings in /users/<username due to uninitialized vars.