Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Fetching contributors…

Cannot retrieve contributors at this time

319 lines (262 sloc) 12.902 kB
Version 1.7.10
(June 14, 2011 from http://code.elgg.org/branches/1.7)
Security Enhancements:
* Changes to prevent numerous reflected cross site scripting vectors. Thanks to Aung Khant for
the reports!
Enhancements:
* Banned users are more apparent in user lists and profiles.
Bugfixes:
* TinyMCE: Using Elgg's default font to prevent small font sizes.
* Files: Optimizations to allow uploading and downloading larger files.
* Fixed bugs preventing users from adding and removing friends in Friends Collections.
* $CONFIG->lastcache is correctly set for pages that regenerate the cache.
API Changes:
* Added unit tests for access collections.
* Added can_edit_access_collection().
* Access collection functions no longer check permissions. Do this in actions instead.
Version 1.7.9
(June 1, 2011 from http://code.elgg.org/branches/1.7)
Security Enhancements:
* Blocking possible access to restricted pages if headers are output too early. Thanks to Vazco
for reporting!
Bugfixes:
* Admins can delete Pages again.
* TinyMCE upgraded to 3.4.2 to fix IE support.
* Autocomplete input works correctly.
* Fixed Message Board "all" posts.
* Fixed deleting internal messages on some non-English sites.
* Better feedback if an error occurs when saving widgets.
* Messages from deleted users no longer show the recipient's avatar.
* Https logins on fully https sites work correctly.
API Changes:
* Added "creating", "river" plugin hook.
* User metadata is registered as independent higher in the boot sequence.
* Group ACLs are updated correctly when joining a non-logged in user to a group.
* Can return 0 for plugin hook 'comments', 'count'.
Version 1.7.8
(April 4, 2011 from http://code.elgg.org/branches/1.7)
Security Enhancements:
* Properly encoding search queries (Thanks to lord epsylon (of Lorea) for the report!)
Bugfixes:
* Blogs - Fixed disappearing blog draft issue.
* Groups - Editing a topic from discussion list page works now.
* Search - Group names used in titles.
* InviteFriends - Invitation link no longer shows up when logged out.
* Messages - Denormalized the message calculation for better performance.
* Sorting by time_created in relationship functions supported.
* Metadata and annotation names can now be updated.
* Fixed error with deleting a user with disabled entities.
* Removed unnecessary executable permissions on a number of files. (Thanks to
pauloortiz for the report!)
API Changes:
* Added delete_submenu_item() for removing sidebar menu items.
Version 1.7.7
(January 31, 2011 from http://code.elgg.org/branches/1.7)
Security Enhancements:
* Only admins can view the unvalidated users page (Thanks to Manacim
Medriano for the report!)
Bugfixes:
* Fixed deprecation notices for locales that use comma as radix point.
* Groups - Files can be completely disabled per group.
* Pages - Deleting and creating subpages is restricted to owner or group member.
* Groups - group icons deleted when group is deleted.
* Pagination will not display when all content id displayed.
* Fixed issue with get_context() when trailing slash is missing.
API Changes:
* Added $CONFIG->action_token_timeout.
* Added callback option to elgg_get_entities().
Version 1.7.6
(December 23, 2010 from http://code.elgg.org/branches/1.7)
Security Enhancements:
* Fixed a possible SQL injection attack when using a crafted
URL. Thanks to Gerrit Venema from Gol Gol (golgol.nl) for
the report.
Bugfixes:
* Pages - Fixed "All Pages" link on "All Site Pages" page.
* Messages - Fixed invalid URLs when using old-style
pg/messages/<username> links.
* Messages - Fixed redirect after deleting a message.
API Changes:
* Added get_entities_from_access_collection() and deprecated it.
* is_registered_entity_type() returns correctly when requesting
just a type and not a subtype.
Version 1.7.5
(November 26, 2010 from http://code.elgg.org/branches/1.7)
Security Enhancements:
* Fixed a security flaw in the Bookmarks plugin that could
allow an XSS attack using crafted URLs. Thanks to Akhilesh
Gupta for the bug report.
* Fixed a security flaw in the widgets system that could allow
an XSS attack using crafted URLs.
Bugfixes:
* Checking for mismatched passwords before creating user when
manually adding users.
* 'large' size profile icons created when cropped.
* Fixed menu entry for user's files link.
* Fixed caching issues with plugin-added view types.
* Fixed XFN links on profile page and user lists.
* Fixed PHP warnings about invalid foreaches in plugins.php
* Fixed problems in elgg_get_entities_*() when using an array
for owner_guid.
* Group profile edit action correctly encodes and saves array input.
* Language string corrections.
UI/UX Changes:
* Users must verify their current password before they can changing
passwords.
* Using pagehandlers instead of mod/mod_name/ calls in Blogs,
Bookmarks, Members, Pages, The Wire, Groups, Invite Friends,
and Messages.
* Added a page to view Wire posts by user.
API Changes:
* Added remove_group_tool_option().
* Wrapped Twitter Service's vendor's oAuth lib in class_exists().
* Added elgg_list_entities_from_relationship().
* Exposed order_by param in list_entities_from_relationship().
* Added a default annotation view.
Version 1.7.4
(October 14, 2010 from http://code.elgg.org/branches/1.7)
Bugfixes:
* Upgrade Twitter Services to use oAuth so The Wire can post
to Twitter. See http://el.gg/twitteroauth for instructions.
* WSOD fixed when viewing an invalid profile page.
* Checking for mismatched passwords earlier in registration to avoid
creating a user who can never log in and wasting a username/email.
* POST data in the web services API is correctly quoted on servers
with magic quotes enabled.
* WSOD fixed when trying to update an invalid entity.
* Group file widget only shows when Files are enabled for the group.
* Fixed misformatting of some group forum posts in the River.
* Fixed resizing tall non-square images.
* Non-English languages work when using memcache.
* User avatar menus work when switching filters on River Dashboard page.
* CSS is correctly cached for newly enabled plugins.
* Can no longer add bookmarks without a title. Previous bookmarks with
out titles can now be deleted.
UI/UX Changes:
* Pages: Admin users can edit user-defined "Welcome page."
* Pages: Group "Welcome page" can be edited.
* User Validation: Added an admin section for unvalidated users. An
admin user can resend validation request, validate, or delete
unvalidated users.
API Changes:
* test_ip() removed.
* is_ip_in_range() removed.
* Read/write DB connections can use different credentials.
* Twitter services plugin allows other plugins to tweet
if the user authorizes them. See twitterservice/README.txt
Version 1.7.3
(September 2, 2010 from http://code.elgg.org/branches/1.7)
Security enhancements:
* Fixed a security flaw that allowed an SQL injection attack
using crafted POSTs. Thanks to Georg-Christian Pranschke of
www.sensepost.com for the bug report.
UI/UX Changes:
* Entering an invalid captcha now forwards to referring page.
Bugfixes:
* Multiple owners support fixed for legacy get_entity*() functions.
* "Edit details" and "Edit profile icon" only show up for user's own
profile.
* get_objects_in_group() works correctly.
Version 1.7.2
(August 18, 2010 from http://code.elgg.org/elgg/branches/1.7)
UI Changes:
* Group "widgets" have been standardized with new blog and bookmark widgets.
* New group member listing page.
* Group forum topics can be edited including title and status.
* Added a group creation river entry.
Bugfixes:
* Fixed preview and draft saving for blog plugin.
* Page titles are now editable.
* Fixed several bugs with the new elgg_get* and elgg_list* functions.
* Groups do not show up as personal friend collections anymore.
* Fixed an upgrade issue with utf8 usernames.
* Encoding of & in group forums is fixed.
API changes:
* Added elgg_list_entities_from_metadata().
* Added elgg_send_email().
* Added remove_from_river_by_id().
* Added remove_from_register() for removing menu items.
* Added elgg_get_excerpt().
* Added elgg_get_friendly_title() and elgg_get_friendly_time().
Version 1.7.1
(April 21, 2010 from http://code.elgg.org/elgg/branches/1.7)
UI changes:
* (Unused) tags field removed from external pages.
* Languages fixes in groups.
* Installation checks database settings before writing settings.php.
* Made the widgets more consistent in their UI.
Bugfixes:
* Pagination fixed.
* Profile icons fixed for PHP-CGI users who were seeing incorrect avatars.
* Tag search works in groups and members.
* Tag clouds correctly link to tag search.
* RSS views added to search.
* Wrapper function for get_entities() correctly rewrites container_guid to
owner_guid.
* output/url correctly appends http:// again.
* full_url() urlencode()'s ' and " to avoid a security problem in IE.
API changes:
* Moved admin flag to users_entity table and added ElggUser->isAdmin(),
->makeAdmin(), and ->removeAdmin() to replace the metadata.
* Plugin hook for reported content includes the report object.
* UTF8 upgrade checks server defaults before running to avoid
corrupted strings.
* Tags lib updated to elgg_get_*() interface.
* Can get entities based upon annotation/metadata owner_guid.
* Moved friendly time and friendly title into overridable views.
* Added unregister_notification_handler().
* Added remove_widget_type().
* Search supports container_guid.
Version 1.7.0
(March 2, 2010 from http://code.elgg.org/elgg/trunk/)
User-visible changes:
* UTF8 now saved correctly in database. #1151
* Unit tests added to System diagnostics.
* Debug values output to screen when enabled in admin settings.
* Users can now log in from multiple computers or browsers concurrently.
* Misconfigured plugins no longer break the site. #1454
* User display names cannot have HTML or be longer than 50 characters.
* New search system.
Bugfixes:
* Searching by tag with extended characters now works. #1151, #1231
* Searching for entities works properly with case-insensitive metadata. #1326
* Invalid views now default to 'default' view. #1161.
* Metadata cache now handles a 0 string. #1227
* ElggPlugin get() now works with 0. #1286
* Metadata __isset() now works for falsy values (except NULL). #1414
* clear_plugin_setting() now only clears a single setting.
* Submenu entries are correctly calculated after a simplecache refresh.
API changes:
* New plugin hook system:unit_test for adding files to unit tests.
* $is_admin global deprecated; use elgg_set_ignore_access() instead.
* Deprecated get_entities(). Use elgg_get_entities().
* Deprecated get_entities_from_metadata(). Use elgg_get_entities_from_metadata().
* Deprecated get_entities_from_relationship() and g_e_f_relationships_and_meta(). Use elgg_get_entities_from_relationship().
* Deprecated get_entities_from_access_id(). Use elgg_get_entities_from_access_id().
* Deprecated get_entities_from_annotations(). Use elgg_get_entities_from_annotations().
* Reorganized directory file path to rely on GUID instead of username.
* annotation_id column added to the river database table.
* remove_from_river_by_annotation() added.
* unregister_elgg_event_handler() and unregister_plugin_hook() added. #1465
* clear_all_plugin_settings() added.
* get_entity_relationships() supports inverse relationships. #1472.
* can_write_to_container() can be overridden with the container_permissions_check hook. #1164 (part 2).
* Deprecated search_for_*().
* Deprecated search_list*().
* Added elgg_deprecated_notice().
* ElggEntity::countEntitiesFromRelationship() supports inverse relationships. #1325
* delete_relationship() triggers the hook delete:relationship and passes the relationship object. #1213
* added ElggEntity::removeRelationship(). #1376.
* get_entity_dates() supports order by. #1406.
* Added elgg_http_add_url_query_elements().
* Added elgg_register_tag_metadata_name() and elgg_get_registered_tag_metadata_names();
* Added ElggEntity::getTags().
* Added elgg_add_action_tokens_to_url().
Services API:
* Separated user and api authenticate processing
* hmac signature encoding now compatible with OAuth
* New plugin hook api_key:use for keeping stats on key usage
* New plugin hook rest:init so plugins can configure authentication modules
* Moved auth.gettoken to POST for increased security
* Fixed REST POST bug #1114
* Fixed #881, #1214, #1215, #1216, #1217, #1218, #1219, #1220, #1298, #1364
Jump to Line
Something went wrong with that request. Please try again.