Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Newer
Older
100644 415 lines (339 sloc) 16.844 kB
0edcb63 @brettp Added changes to CHANGES.txt.
brettp authored
1 Version 1.8.0 (Jackie)
5d6d187 @brettp Updated changes for 1.8.0.
brettp authored
2 (September 5th, 2011 from git://github.com/Elgg/Elgg.git)
3
4 Notes:
5 Elgg 1.8 contains the most changes in Elgg since the transition from Elgg
6 0.9 to Elgg 1.0. The core team tried to make the transition as smooth as
7 possible, but in the interest of following standards and simplifying the
8 development process for core and third party developers, we have made
9 changes that will require updating plugins. We believe these changes
10 will help Elgg development be easier for everyone.
11
12 It is unreasonable and unhelpful to list the full details of all changes in
13 this file. Instead, we will list the high level, overarching changes to
14 systems. If you are interested in the specifics, Elgg 1.8's source code is
15 highly documented and serves as a good guide and the git commit log can
16 provide excruciating details of what has changed between 1.7 and 1.8.
17
18 Please post your feedback, questions, and comments to the community site
19 at http://community.elgg.org. As always, thank you for using Elgg!
20
21 --The Elgg Core Development Team
22
23 A tip about updating plugins:
24 It's not difficult to update 1.7 plugins for 1.8. There is a detailed
25 document outlining this process on the wiki:
26 http://docs.elgg.org/wiki/Updating_plugins_for_Elgg_1.8
27
28 The basic process is:
29 1. Clean up the plugin to make sure it conforms to coding standards,
30 official structure, and best practices.
31 2. Update any uses of deprecated functions. Functions deprecated in 1.7 will
32 produce visible notices in 1.8!
33 3. Use the new manifest format.
34 4. Use the new menu functions.
35 5. Use the new JS features.
36 6. Update the views to use core CSS helper functions and classes instead of
37 writing your own.
38
39 The documentation directory and the wiki has more information.
8f0161a @brettp Added elgg_instanceof().
brettp authored
40
d3334ef @brettp Implemented sticky forms.
brettp authored
41 User-visible changes:
0edcb63 @brettp Added changes to CHANGES.txt.
brettp authored
42 * New default theme.
5d6d187 @brettp Updated changes for 1.8.0.
brettp authored
43 * New installation.
44 * Separate and updated admin interface.
45 * Updated plugin themes.
d3334ef @brettp Implemented sticky forms.
brettp authored
46
47 Generic API changes:
5d6d187 @brettp Updated changes for 1.8.0.
brettp authored
48 * Improved the markup and CSS.
49 * Restructured and simplified the views layouts.
50 * Added a new menu system.
51 * Added new CSS and JS file registration functions.
52 * Added a JS engine.
53 * Added a breadcrumb system.
54 * Added a sticky forms system.
55
56 New plugins:
57 * Dashboard - The activity stream is now the default index page. A 1.7-style
58 dashboard is provided through the dashboard plugin.
59 * Developers Plugins - Developer tools.
60 * Likes - Allows users to "like" other users' content.
61 * oAuth API - A generic, reusable oAuth library.
62 * Tag Cloud - A widget-based tag cloud generator.
63 * Twitter API - A generic Twitter library that allows signin with Twitter
64 and pushing content to tweets. Replaces twitter_service.
65
66 Deprecated plugins:
67 * captcha - Captchas have long since stopped being useful as a deterrent
68 against spam.
69 * crontrigger - Real cron should be used.
70 * default_widgets - This functionality is now part of core.
71 * friends - This functionality is now part of core.
72 * riverdashboard - Displaying the river (activity stream) is default in
73 core. The original dashboard can be restored by the new Dashboard plugin.
74 * twitter_service - Replaced by Twitter API.
75
76
77 Previous and Merged Changes:
78
79 Version 1.7.11
80 (August 15, 2011 from http://github.com/Elgg/elgg)
81
82 Security Enhancements:
83 * Fixed possible XSS vector in the embed plugin. Thanks to Aung Khant from YEHG for the report.
84 * Fixed possible SQL exposure exploit in the search plugin. Thanks again to Aung Khant.
85 * Fixed possible SQL injection vector in the search plugin. Thanks to Lostmon Lords for the report.
86
87 Bugfixes:
88 * Filtering by content works in the dashboard again.
89 * Dragging widgets works in IE9.
90
91 API Changes:
92 * Deleting a container will delete all contained objects regardless of access_id.
93 * setLocation() and setLatLong() no longer double escapes strings.
94 * Calling elgg_list_entities() with count set no longer breaks the display.
95
96
97 Version 1.7.10
98 (June 14, 2011 from http://code.elgg.org/branches/1.7)
99
100 Security Enhancements:
101 * Changes to prevent numerous reflected cross site scripting vectors. Thanks to Aung Khant for
102 the reports!
103
104 Enhancements:
105 * Banned users are more apparent in user lists and profiles.
106
107 Bugfixes:
108 * TinyMCE: Using Elgg's default font to prevent small font sizes.
109 * Files: Optimizations to allow uploading and downloading larger files.
110 * Fixed bugs preventing users from adding and removing friends in Friends Collections.
111 * $CONFIG->lastcache is correctly set for pages that regenerate the cache.
112
113 API Changes:
114 * Added unit tests for access collections.
115 * Added can_edit_access_collection().
116 * Access collection functions no longer check permissions. Do this in actions instead.
8f0161a @brettp Added elgg_instanceof().
brettp authored
117
118
a6b939f @brettp Closes #3510. Merged CHANGES.txt for 1.7.9 to trunk.
brettp authored
119 Version 1.7.9
120 (June 1, 2011 from http://code.elgg.org/branches/1.7)
121
122 Security Enhancements:
123 * Blocking possible access to restricted pages if headers are output too early. Thanks to Vazco
124 for reporting!
125
126 Bugfixes:
127 * Admins can delete Pages again.
128 * TinyMCE upgraded to 3.4.2 to fix IE support.
129 * Autocomplete input works correctly.
130 * Fixed Message Board "all" posts.
131 * Fixed deleting internal messages on some non-English sites.
132 * Better feedback if an error occurs when saving widgets.
133 * Messages from deleted users no longer show the recipient's avatar.
134 * Https logins on fully https sites work correctly.
135
136 API Changes:
137 * Added "creating", "river" plugin hook.
138 * User metadata is registered as independent higher in the boot sequence.
139 * Group ACLs are updated correctly when joining a non-logged in user to a group.
140 * Can return 0 for plugin hook 'comments', 'count'.
141
142
143 Version 1.7.8
144 (April 4, 2011 from http://code.elgg.org/branches/1.7)
145
146 Security Enhancements:
147 * Properly encoding search queries (Thanks to lord epsylon (of Lorea) for the report!)
148
149 Bugfixes:
150 * Blogs - Fixed disappearing blog draft issue.
151 * Groups - Editing a topic from discussion list page works now.
152 * Search - Group names used in titles.
153 * InviteFriends - Invitation link no longer shows up when logged out.
154 * Messages - Denormalized the message calculation for better performance.
155 * Sorting by time_created in relationship functions supported.
156 * Metadata and annotation names can now be updated.
157 * Fixed error with deleting a user with disabled entities.
158 * Removed unnecessary executable permissions on a number of files. (Thanks to
159 pauloortiz for the report!)
160
161 API Changes:
162 * Added delete_submenu_item() for removing sidebar menu items.
163
164
165 Version 1.7.7
166 (January 31, 2011 from http://code.elgg.org/branches/1.7)
167
168 Security Enhancements:
169 * Only admins can view the unvalidated users page (Thanks to Manacim
170 Medriano for the report!)
171
172 Bugfixes:
173 * Fixed deprecation notices for locales that use comma as radix point.
174 * Groups - Files can be completely disabled per group.
175 * Pages - Deleting and creating subpages is restricted to owner or group member.
176 * Groups - group icons deleted when group is deleted.
177 * Pagination will not display when all content id displayed.
178 * Fixed issue with get_context() when trailing slash is missing.
179
180 API Changes:
181 * Added $CONFIG->action_token_timeout.
182 * Added callback option to elgg_get_entities().
183
184
185 Version 1.7.6
186 (December 23, 2010 from http://code.elgg.org/branches/1.7)
187
188 Security Enhancements:
189 * Fixed a possible SQL injection attack when using a crafted
190 URL. Thanks to Gerrit Venema from Gol Gol (golgol.nl) for
191 the report.
192
193 Bugfixes:
194 * Pages - Fixed "All Pages" link on "All Site Pages" page.
195 * Messages - Fixed invalid URLs when using old-style
196 pg/messages/<username> links.
197 * Messages - Fixed redirect after deleting a message.
198
199 API Changes:
200 * Added get_entities_from_access_collection() and deprecated it.
201 * is_registered_entity_type() returns correctly when requesting
202 just a type and not a subtype.
203
204
205 Version 1.7.5
206 (November 26, 2010 from http://code.elgg.org/branches/1.7)
207
208 Security Enhancements:
209 * Fixed a security flaw in the Bookmarks plugin that could
210 allow an XSS attack using crafted URLs. Thanks to Akhilesh
211 Gupta for the bug report.
212 * Fixed a security flaw in the widgets system that could allow
213 an XSS attack using crafted URLs.
214
215 Bugfixes:
216 * Checking for mismatched passwords before creating user when
217 manually adding users.
218 * 'large' size profile icons created when cropped.
219 * Fixed menu entry for user's files link.
220 * Fixed caching issues with plugin-added view types.
221 * Fixed XFN links on profile page and user lists.
222 * Fixed PHP warnings about invalid foreaches in plugins.php
223 * Fixed problems in elgg_get_entities_*() when using an array
224 for owner_guid.
225 * Group profile edit action correctly encodes and saves array input.
226 * Language string corrections.
227
228 UI/UX Changes:
229 * Users must verify their current password before they can changing
230 passwords.
231 * Using pagehandlers instead of mod/mod_name/ calls in Blogs,
232 Bookmarks, Members, Pages, The Wire, Groups, Invite Friends,
233 and Messages.
234 * Added a page to view Wire posts by user.
235
236 API Changes:
237 * Added remove_group_tool_option().
238 * Wrapped Twitter Service's vendor's oAuth lib in class_exists().
239 * Added elgg_list_entities_from_relationship().
240 * Exposed order_by param in list_entities_from_relationship().
241 * Added a default annotation view.
242
243
244 Version 1.7.4
245 (October 14, 2010 from http://code.elgg.org/branches/1.7)
246
247 Bugfixes:
248 * Upgrade Twitter Services to use oAuth so The Wire can post
249 to Twitter. See http://el.gg/twitteroauth for instructions.
250 * WSOD fixed when viewing an invalid profile page.
251 * Checking for mismatched passwords earlier in registration to avoid
252 creating a user who can never log in and wasting a username/email.
253 * POST data in the web services API is correctly quoted on servers
254 with magic quotes enabled.
255 * WSOD fixed when trying to update an invalid entity.
256 * Group file widget only shows when Files are enabled for the group.
257 * Fixed misformatting of some group forum posts in the River.
258 * Fixed resizing tall non-square images.
259 * Non-English languages work when using memcache.
260 * User avatar menus work when switching filters on River Dashboard page.
261 * CSS is correctly cached for newly enabled plugins.
262 * Can no longer add bookmarks without a title. Previous bookmarks with
263 out titles can now be deleted.
264
265 UI/UX Changes:
266 * Pages: Admin users can edit user-defined "Welcome page."
267 * Pages: Group "Welcome page" can be edited.
268 * User Validation: Added an admin section for unvalidated users. An
269 admin user can resend validation request, validate, or delete
270 unvalidated users.
271
272 API Changes:
273 * test_ip() removed.
274 * is_ip_in_range() removed.
275 * Read/write DB connections can use different credentials.
276 * Twitter services plugin allows other plugins to tweet
277 if the user authorizes them. See twitterservice/README.txt
278
279
280 Version 1.7.3
281 (September 2, 2010 from http://code.elgg.org/branches/1.7)
282
283 Security enhancements:
284 * Fixed a security flaw that allowed an SQL injection attack
285 using crafted POSTs. Thanks to Georg-Christian Pranschke of
286 www.sensepost.com for the bug report.
287
288 UI/UX Changes:
289 * Entering an invalid captcha now forwards to referring page.
290
291 Bugfixes:
292 * Multiple owners support fixed for legacy get_entity*() functions.
293 * "Edit details" and "Edit profile icon" only show up for user's own
294 profile.
295 * get_objects_in_group() works correctly.
296
297
60c1387 @cash Merged r6757:6810 from 1.7 branch into trunk
cash authored
298 Version 1.7.2
df42268 @cash Merged r6812:6837 from 1.7 branch to trunk (skipping some changes to …
cash authored
299 (August 18, 2010 from http://code.elgg.org/elgg/branches/1.7)
60c1387 @cash Merged r6757:6810 from 1.7 branch into trunk
cash authored
300
301 UI Changes:
302 * Group "widgets" have been standardized with new blog and bookmark widgets.
303 * New group member listing page.
304 * Group forum topics can be edited including title and status.
305 * Added a group creation river entry.
306
307 Bugfixes:
308 * Fixed preview and draft saving for blog plugin.
309 * Page titles are now editable.
310 * Fixed several bugs with the new elgg_get* and elgg_list* functions.
311 * Groups do not show up as personal friend collections anymore.
312 * Fixed an upgrade issue with utf8 usernames.
313 * Encoding of & in group forums is fixed.
314
315 API changes:
316 * Added elgg_list_entities_from_metadata().
317 * Added elgg_send_email().
318 * Added remove_from_river_by_id().
319 * Added remove_from_register() for removing menu items.
320 * Added elgg_get_excerpt().
321 * Added elgg_get_friendly_title() and elgg_get_friendly_time().
322
323
36ef345 @brettp Merged 5530:5604 from 1.7 to trunk.
brettp authored
324 Version 1.7.1
6ba1737 @brettp merge -r5832:5898 from 1.7 to trunk.
brettp authored
325 (April 21, 2010 from http://code.elgg.org/elgg/branches/1.7)
36ef345 @brettp Merged 5530:5604 from 1.7 to trunk.
brettp authored
326
327 UI changes:
328 * (Unused) tags field removed from external pages.
329 * Languages fixes in groups.
330 * Installation checks database settings before writing settings.php.
6ba1737 @brettp merge -r5832:5898 from 1.7 to trunk.
brettp authored
331 * Made the widgets more consistent in their UI.
36ef345 @brettp Merged 5530:5604 from 1.7 to trunk.
brettp authored
332
333 Bugfixes:
334 * Pagination fixed.
6ba1737 @brettp merge -r5832:5898 from 1.7 to trunk.
brettp authored
335 * Profile icons fixed for PHP-CGI users who were seeing incorrect avatars.
36ef345 @brettp Merged 5530:5604 from 1.7 to trunk.
brettp authored
336 * Tag search works in groups and members.
337 * Tag clouds correctly link to tag search.
338 * RSS views added to search.
5d6d187 @brettp Updated changes for 1.8.0.
brettp authored
339 * Wrapper function for get_entities() correctly rewrites container_guid to
36ef345 @brettp Merged 5530:5604 from 1.7 to trunk.
brettp authored
340 owner_guid.
341 * output/url correctly appends http:// again.
6ba1737 @brettp merge -r5832:5898 from 1.7 to trunk.
brettp authored
342 * full_url() urlencode()'s ' and " to avoid a security problem in IE.
5d6d187 @brettp Updated changes for 1.8.0.
brettp authored
343
36ef345 @brettp Merged 5530:5604 from 1.7 to trunk.
brettp authored
344 API changes:
5d6d187 @brettp Updated changes for 1.8.0.
brettp authored
345 * Moved admin flag to users_entity table and added ElggUser->isAdmin(),
36ef345 @brettp Merged 5530:5604 from 1.7 to trunk.
brettp authored
346 ->makeAdmin(), and ->removeAdmin() to replace the metadata.
347 * Plugin hook for reported content includes the report object.
348 * UTF8 upgrade checks server defaults before running to avoid
349 corrupted strings.
350 * Tags lib updated to elgg_get_*() interface.
351 * Can get entities based upon annotation/metadata owner_guid.
352 * Moved friendly time and friendly title into overridable views.
6ba1737 @brettp merge -r5832:5898 from 1.7 to trunk.
brettp authored
353 * Added unregister_notification_handler().
354 * Added remove_widget_type().
355 * Search supports container_guid.
36ef345 @brettp Merged 5530:5604 from 1.7 to trunk.
brettp authored
356
8f0161a @brettp Added elgg_instanceof().
brettp authored
357
6008f2d @brettp Added coding styles and changes documents.
brettp authored
358 Version 1.7.0
57a217f @brettp Updated changes file for 1.7 release.
brettp authored
359 (March 2, 2010 from http://code.elgg.org/elgg/trunk/)
6008f2d @brettp Added coding styles and changes documents.
brettp authored
360
361 User-visible changes:
362 * UTF8 now saved correctly in database. #1151
cb01252 Updating core changes file
nickw authored
363 * Unit tests added to System diagnostics.
364 * Debug values output to screen when enabled in admin settings.
f38e409 @brettp Updated changes file with search and user data storage info.
brettp authored
365 * Users can now log in from multiple computers or browsers concurrently.
75a5ae6 @brettp Fixes #1454: Applied Cash's patch. Bad plugins are automatically dis…
brettp authored
366 * Misconfigured plugins no longer break the site. #1454
771e431 @brettp Updated changes for the display name change.
brettp authored
367 * User display names cannot have HTML or be longer than 50 characters.
f38e409 @brettp Updated changes file with search and user data storage info.
brettp authored
368 * New search system.
6008f2d @brettp Added coding styles and changes documents.
brettp authored
369
370 Bugfixes:
371 * Searching by tag with extended characters now works. #1151, #1231
cb01252 Updating core changes file
nickw authored
372 * Searching for entities works properly with case-insensitive metadata. #1326
afa0511 @brettp Updated changes for bug #1161 and deprecated get_entities_from_metada…
brettp authored
373 * Invalid views now default to 'default' view. #1161.
d0248cc @cash updated changes.txt
cash authored
374 * Metadata cache now handles a 0 string. #1227
7d3cdbc @cash updated documentation of API functions - perhaps ready for developer …
cash authored
375 * ElggPlugin get() now works with 0. #1286
a3fb93c @brettp Updated changes.
brettp authored
376 * Metadata __isset() now works for falsy values (except NULL). #1414
85ba73c @brettp Updated changes for previous commit.
brettp authored
377 * clear_plugin_setting() now only clears a single setting.
63a047a @brettp Fixes #1472: get_entity_relationships() supports inverse relationships.
brettp authored
378 * Submenu entries are correctly calculated after a simplecache refresh.
6008f2d @brettp Added coding styles and changes documents.
brettp authored
379
380 API changes:
381 * New plugin hook system:unit_test for adding files to unit tests.
aae5761 @brettp Updated changes file for $is_admin deprecation.
brettp authored
382 * $is_admin global deprecated; use elgg_set_ignore_access() instead.
4af004e @brettp Updated changes to show deprecated get_entities().
brettp authored
383 * Deprecated get_entities(). Use elgg_get_entities().
afa0511 @brettp Updated changes for bug #1161 and deprecated get_entities_from_metada…
brettp authored
384 * Deprecated get_entities_from_metadata(). Use elgg_get_entities_from_metadata().
b2c9bea @brettp Updated changes for the relationship functions.
brettp authored
385 * Deprecated get_entities_from_relationship() and g_e_f_relationships_and_meta(). Use elgg_get_entities_from_relationship().
c9c73ce Deprecating get_entities_from_access_id().
nickw authored
386 * Deprecated get_entities_from_access_id(). Use elgg_get_entities_from_access_id().
10d3c74 @brettp Updated changes for deprecated functions.
brettp authored
387 * Deprecated get_entities_from_annotations(). Use elgg_get_entities_from_annotations().
263dab1 Updating 1.7 CHANGES file.
nickw authored
388 * Reorganized directory file path to rely on GUID instead of username.
a3fb93c @brettp Updated changes.
brettp authored
389 * annotation_id column added to the river database table.
3aeb6fc @brettp Fixes #1419: Added remove_from_river_by_annotation(). Deleting annota…
brettp authored
390 * remove_from_river_by_annotation() added.
a3fb93c @brettp Updated changes.
brettp authored
391 * unregister_elgg_event_handler() and unregister_plugin_hook() added. #1465
85ba73c @brettp Updated changes for previous commit.
brettp authored
392 * clear_all_plugin_settings() added.
63a047a @brettp Fixes #1472: get_entity_relationships() supports inverse relationships.
brettp authored
393 * get_entity_relationships() supports inverse relationships. #1472.
10136da @brettp Fixes #1164: can_write_to_container() now sends default values throug…
brettp authored
394 * can_write_to_container() can be overridden with the container_permissions_check hook. #1164 (part 2).
0a27471 @brettp Deprecated old search functions and views.
brettp authored
395 * Deprecated search_for_*().
396 * Deprecated search_list*().
ced1f7e @brettp Add elgg_deprecated_notice() so we don't have to re-write all the elg…
brettp authored
397 * Added elgg_deprecated_notice().
234847a @brettp Fixes #1325: ElggEntities::countEntitiesFromRelationship() support in…
brettp authored
398 * ElggEntity::countEntitiesFromRelationship() supports inverse relationships. #1325
8015d39 @brettp Fixes #1213: delete_relationship() triggers delete:relationship hook.
brettp authored
399 * delete_relationship() triggers the hook delete:relationship and passes the relationship object. #1213
f1ad194 @brettp Fixes #1376: added ElggEntity::removeRelationship().
brettp authored
400 * added ElggEntity::removeRelationship(). #1376.
aedefa9 @brettp Fixes #1406: get_entity_dates() supports order by.
brettp authored
401 * get_entity_dates() supports order by. #1406.
9fbed88 @brettp Closes #1506: Added elgg_register_tag_metadata_name(), elgg_get_regis…
brettp authored
402 * Added elgg_http_add_url_query_elements().
403 * Added elgg_register_tag_metadata_name() and elgg_get_registered_tag_metadata_names();
404 * Added ElggEntity::getTags().
b832052 @brettp Deprecated elgg_validate_action_url() by elgg_add_action_tokens_to_ur…
brettp authored
405 * Added elgg_add_action_tokens_to_url().
4fa9ce8 @cash updated CHANGES.txt with services API changes
cash authored
406
407 Services API:
408 * Separated user and api authenticate processing
d0248cc @cash updated changes.txt
cash authored
409 * hmac signature encoding now compatible with OAuth
4fa9ce8 @cash updated CHANGES.txt with services API changes
cash authored
410 * New plugin hook api_key:use for keeping stats on key usage
411 * New plugin hook rest:init so plugins can configure authentication modules
412 * Moved auth.gettoken to POST for increased security
413 * Fixed REST POST bug #1114
5d6d187 @brettp Updated changes for 1.8.0.
brettp authored
414 * Fixed #881, #1214, #1215, #1216, #1217, #1218, #1219, #1220, #1298, #1364
Something went wrong with that request. Please try again.