Commits

Anonymous committed 887592f Merge

Merged changes 0be125b35529

  • Participants
  • Parent commits c7b468a, 0be125b

Comments (0)

Files changed (1203)

File .gitkeep

Empty file removed.
+elgg/mod/event_calendar = https://code.lorea.org/elgg_calendar
+757d4088f06667996098788d949e8ad944a2fb0a elgg/mod/event_calendar

File elgg/CHANGES.txt

+Version 1.7.11
+(August 15, 2011 from http://github.com/Elgg/elgg)
+
+ Security Enhancements:
+  * Fixed possible XSS vector in the embed plugin. Thanks to Aung Khant from YEHG for the report.
+  * Fixed possible SQL exposure exploit in the search plugin. Thanks again to Aung Khant.
+  * Fixed possible SQL injection vector in the search plugin. Thanks to Lostmon Lords for the report.
+
+ Bugfixes:
+  * Filtering by content works in the dashboard again.
+  * Dragging widgets works in IE9.
+
+ API Changes:
+  * Deleting a container will delete all contained objects regardless of access_id.
+  * setLocation() and setLatLong() no longer double escapes strings.
+  * Calling elgg_list_entities() with count set no longer breaks the display.
+
+Version 1.7.10
+(June 14, 2011 from http://code.elgg.org/branches/1.7)
+
+ Security Enhancements:
+  * Changes to prevent numerous reflected cross site scripting vectors. Thanks to Aung Khant for
+    the reports!
+
+ Enhancements:
+  * Banned users are more apparent in user lists and profiles.
+
+ Bugfixes:
+  * TinyMCE: Using Elgg's default font to prevent small font sizes.
+  * Files: Optimizations to allow uploading and downloading larger files.
+  * Fixed bugs preventing users from adding and removing friends in Friends Collections.
+  * $CONFIG->lastcache is correctly set for pages that regenerate the cache.
+
+ API Changes:
+  * Added unit tests for access collections.
+  * Added can_edit_access_collection().
+  * Access collection functions no longer check permissions. Do this in actions instead.
+
+
+Version 1.7.9
+(June 1, 2011 from http://code.elgg.org/branches/1.7)
+
+ Security Enhancements:
+  * Blocking possible access to restricted pages if headers are output too early. Thanks to Vazco
+    for reporting!
+
+ Bugfixes:
+  * Admins can delete Pages again.
+  * TinyMCE upgraded to 3.4.2 to fix IE support.
+  * Autocomplete input works correctly.
+  * Fixed Message Board "all" posts.
+  * Fixed deleting internal messages on some non-English sites.
+  * Better feedback if an error occurs when saving widgets.
+  * Messages from deleted users no longer show the recipient's avatar.
+  * Https logins on fully https sites work correctly.
+
+ API Changes:
+  * Added "creating", "river" plugin hook.
+  * User metadata is registered as independent higher in the boot sequence.
+  * Group ACLs are updated correctly when joining a non-logged in user to a group.
+  * Can return 0 for plugin hook 'comments', 'count'.
+
+
+Version 1.7.8
+(April 4, 2011 from http://code.elgg.org/branches/1.7)
+
+ Security Enhancements:
+  * Properly encoding search queries (Thanks to lord epsylon (of Lorea) for the report!)
+
+ Bugfixes:
+  * Blogs - Fixed disappearing blog draft issue.
+  * Groups - Editing a topic from discussion list page works now.
+  * Search - Group names used in titles.
+  * InviteFriends - Invitation link no longer shows up when logged out.
+  * Messages - Denormalized the message calculation for better performance.
+  * Sorting by time_created in relationship functions supported.
+  * Metadata and annotation names can now be updated.
+  * Fixed error with deleting a user with disabled entities.
+  * Removed unnecessary executable permissions on a number of files. (Thanks to
+    pauloortiz for the report!)
+
+ API Changes:
+  * Added delete_submenu_item() for removing sidebar menu items.
+
+
+Version 1.7.7
+(January 31, 2011 from http://code.elgg.org/branches/1.7)
+
+ Security Enhancements:
+  * Only admins can view the unvalidated users page (Thanks to Manacim
+    Medriano for the report!)
+
+ Bugfixes:
+  * Fixed deprecation notices for locales that use comma as radix point.
+  * Groups - Files can be completely disabled per group.
+  * Pages - Deleting and creating subpages is restricted to owner or group member.
+  * Groups - group icons deleted when group is deleted.
+  * Pagination will not display when all content id displayed.
+  * Fixed issue with get_context() when trailing slash is missing.
+
+ API Changes:
+  * Added $CONFIG->action_token_timeout.
+  * Added callback option to elgg_get_entities().
+
+
+Version 1.7.6
+(December 23, 2010 from http://code.elgg.org/branches/1.7)
+
+ Security Enhancements:
+  * Fixed a possible SQL injection attack when using a crafted
+    URL.  Thanks to Gerrit Venema from Gol Gol (golgol.nl) for
+    the report.
+
+ Bugfixes:
+  * Pages - Fixed "All Pages" link on "All Site Pages" page.
+  * Messages - Fixed invalid URLs when using old-style
+    pg/messages/<username> links.
+  * Messages - Fixed redirect after deleting a message.
+
+ API Changes:
+  * Added get_entities_from_access_collection() and deprecated it.
+  * is_registered_entity_type() returns correctly when requesting
+    just a type and not a subtype.
+
+
+Version 1.7.5
+(November 26, 2010 from http://code.elgg.org/branches/1.7)
+
+ Security Enhancements:
+  * Fixed a security flaw in the Bookmarks plugin that could
+    allow an XSS attack using crafted URLs.  Thanks to Akhilesh
+    Gupta for the bug report.
+  * Fixed a security flaw in the widgets system that could allow
+    an XSS attack using crafted URLs.
+
+ Bugfixes:
+  * Checking for mismatched passwords before creating user when
+    manually adding users.
+  * 'large' size profile icons created when cropped.
+  * Fixed menu entry for user's files link.
+  * Fixed caching issues with plugin-added view types.
+  * Fixed XFN links on profile page and user lists.
+  * Fixed PHP warnings about invalid foreaches in plugins.php
+  * Fixed problems in elgg_get_entities_*() when using an array
+    for owner_guid.
+  * Group profile edit action correctly encodes and saves array input.
+  * Language string corrections.
+
+ UI/UX Changes:
+  * Users must verify their current password before they can changing
+    passwords.
+  * Using pagehandlers instead of mod/mod_name/ calls in Blogs,
+    Bookmarks, Members, Pages, The Wire, Groups, Invite Friends,
+    and Messages.
+  * Added a page to view Wire posts by user.
+
+ API Changes:
+  * Added remove_group_tool_option().
+  * Wrapped Twitter Service's vendor's oAuth lib in class_exists().
+  * Added elgg_list_entities_from_relationship().
+  * Exposed order_by param in list_entities_from_relationship().
+  * Added a default annotation view.
+
+
+Version 1.7.4
+(October 14, 2010 from http://code.elgg.org/branches/1.7)
+
+ Bugfixes:
+  * Upgrade Twitter Services to use oAuth so The Wire can post
+    to Twitter. See http://el.gg/twitteroauth for instructions.
+  * WSOD fixed when viewing an invalid profile page.
+  * Checking for mismatched passwords earlier in registration to avoid
+    creating a user who can never log in and wasting a username/email.
+  * POST data in the web services API is correctly quoted on servers
+    with magic quotes enabled.
+  * WSOD fixed when trying to update an invalid entity.
+  * Group file widget only shows when Files are enabled for the group.
+  * Fixed misformatting of some group forum posts in the River.
+  * Fixed resizing tall non-square images.
+  * Non-English languages work when using memcache.
+  * User avatar menus work when switching filters on River Dashboard page.
+  * CSS is correctly cached for newly enabled plugins.
+  * Can no longer add bookmarks without a title. Previous bookmarks with
+    out titles can now be deleted.
+
+ UI/UX Changes:
+  * Pages: Admin users can edit user-defined "Welcome page."
+  * Pages: Group "Welcome page" can be edited.
+  * User Validation:  Added an admin section for unvalidated users. An
+    admin user can resend validation request, validate, or delete
+    unvalidated users.
+
+ API Changes:
+  * test_ip() removed.
+  * is_ip_in_range() removed.
+  * Read/write DB connections can use different credentials.
+  * Twitter services plugin allows other plugins to tweet
+    if the user authorizes them.  See twitterservice/README.txt
+
+
+Version 1.7.3
+(September 2, 2010 from http://code.elgg.org/branches/1.7)
+
+ Security enhancements:
+  * Fixed a security flaw that allowed an SQL injection attack
+    using crafted POSTs.  Thanks to Georg-Christian Pranschke of
+    www.sensepost.com for the bug report.
+
+ UI/UX Changes:
+  * Entering an invalid captcha now forwards to referring page.
+
+ Bugfixes:
+  * Multiple owners support fixed for legacy get_entity*() functions.
+  * "Edit details" and "Edit profile icon" only show up for user's own
+    profile.
+  * get_objects_in_group() works correctly.
+
+
+Version 1.7.2
+(August 18, 2010 from http://code.elgg.org/elgg/branches/1.7)
+
+ UI Changes:
+  * Group "widgets" have been standardized with new blog and bookmark widgets.
+  * New group member listing page.
+  * Group forum topics can be edited including title and status.
+  * Added a group creation river entry.
+
+ Bugfixes:
+  * Fixed preview and draft saving for blog plugin.
+  * Page titles are now editable.
+  * Fixed several bugs with the new elgg_get* and elgg_list* functions.
+  * Groups do not show up as personal friend collections anymore.
+  * Fixed an upgrade issue with utf8 usernames.
+  * Encoding of & in group forums is fixed.
+
+ API changes:
+  * Added elgg_list_entities_from_metadata().
+  * Added elgg_send_email().
+  * Added remove_from_river_by_id().
+  * Added remove_from_register() for removing menu items.
+  * Added elgg_get_excerpt().
+  * Added elgg_get_friendly_title() and elgg_get_friendly_time().
+
+
 Version 1.7.1
 (April 21, 2010 from http://code.elgg.org/elgg/branches/1.7)
 
   * Tag search works in groups and members.
   * Tag clouds correctly link to tag search.
   * RSS views added to search.
-  * Wrapper function for get_entities() correctly rewrites container_guid to 
+  * Wrapper function for get_entities() correctly rewrites container_guid to
     owner_guid.
   * output/url correctly appends http:// again.
   * full_url() urlencode()'s ' and " to avoid a security problem in IE.
-  
+
  API changes:
-  * Moved admin flag to users_entity table and added ElggUser->isAdmin(), 
+  * Moved admin flag to users_entity table and added ElggUser->isAdmin(),
     ->makeAdmin(), and ->removeAdmin() to replace the metadata.
   * Plugin hook for reported content includes the report object.
   * UTF8 upgrade checks server defaults before running to avoid
   * Added remove_widget_type().
   * Search supports container_guid.
 
+
 Version 1.7.0
 (March 2, 2010 from http://code.elgg.org/elgg/trunk/)
 
   * New plugin hook rest:init so plugins can configure authentication modules
   * Moved auth.gettoken to POST for increased security
   * Fixed REST POST bug #1114
-  * Fixed #881, #1214, #1215, #1216, #1217, #1218, #1219, #1220, #1298, #1364 
+  * Fixed #881, #1214, #1215, #1216, #1217, #1218, #1219, #1220, #1298, #1364

File elgg/CODING.txt

 These are the coding standards for Elgg.  All core development, bundled 
 plugins, and tickets attached to Trac are expected to be in this format.
 
-* Unix line endings
+* Unix line endings.
+
 * Hard tabs, 4 character tab spacing.
-* No shortcut tags ( <? or <?= or <% )
-* PHPDoc comments on functions and classes (including methods and declared 
-  members).
+
+* No PHP shortcut tags ( <? or <?= or <% ).
+
+* PHPDoc comments on functions and classes (all methods; declared properties
+  when appropriate).
+
 * Mandatory wrapped {}s around any code blocks. 
 	Bad:
-	if (true)
-		foreach($arr as $elem)
+	if (true) 
+		foreach($arr as $elem) 
 			echo $elem;
 
 	Good:
 			echo $elem;
 		}
 	}
+
 * Name standalone functions using underscore_character().
+
 * Name classes using CamelCase() and methods using lowerCamelCase().
-* Name globals and constants in ALL_CAPS (FALSE, TRUE, NULL, ACCESS_FRIENDS, 
-  $CONFIG).
-* Space functions like_this($required, $optional = TRUE)
-* Space keywords and constructs like this: if (false) { ... }
-* Include variables in strings with double quotes instead of concatenating:
-	Bad: 
-	echo 'Hello, ' . $name . '!  How are you?';
+
+* Name globals and constants in ALL_CAPS (TRUE, NULL, ACCESS_FRIENDS, $CONFIG).
+
+* Use underscores / camel case to separate standard English words in
+  functions, classes, and methods. (get_default_site(), ElggUser->isLoggedIn()).
+
+* Space functions like_this($required, $optional = TRUE).
+
+* Space keywords and constructs like this: if (FALSE) { ... }.
+
+* Correctly use spaces, quotes, and {}s in strings: 
+	Bad (hard to read, misuse of quotes and {}s): 
+	echo 'Hello, '.$name."!  How is your {$time_of_day}?";
 	
 	Good:
-	echo "Hello, $name!  How are you?"; 
-	
+	echo "Hello, $name!  How is your $time_of_day?"; 
+
 * Line lengths should be reasonable.  If you are writing lines over 100 
-  characters, please revise the code.
-* Use slash-style comments. (// and /* */)
-* Preferred no closing ?> tag at EOF. (Avoids problems with trailing 
-  whitespace, marginal speed improvements.)
+  characters on a line, please revise the code.
 
+* Use // or /* */ when commenting.
 
-*** DEPRECATING APIs ***
-
-Occasionally, functions and classes must be deprecated in favor of newer
-replacements.  Since 3rd party plugin authors rely on a consistent API,
-backward compatibility must be maintained, but will not be maintained
-indefinitely as plugin authors are expected to properly update their
-plugins.  In order to maintain backward compatibility, deprecated APIs will
-follow these guidelines:
-
-* API changes cannot occur between bugfix versions (1.6.0 - 1.6.1).
-* API changes between minor versions (1.6 - 1.7) must maintain backward
-  compatibility for at least 2 minor versions.  (See procedures, below.)
-* Bugfixes that change the API cannot be included in bugfix versions.
-* API changes between major versions (1.0 - 2.0) can occur without regard to
-  backward compatibility.
-
-The procedures for deprecating an API are as follows:
-
-* The first minor version (1.7) with a deprecated API must include a wrapper
-  function/class (or otherwise appropriate means) to maintain backward
-  compatibility, including any bugs in the original function/class.
-  This wrapper function will use elgg_log('...', 'WARNING') to announce
-  that the function is deprecated.
-* The second minor version (1.8) maintains the backward compatibility
-  wrapper, but in addition to elgg_log(), a register_error() message is also
-  thrown.
-* The third minor version (1.9) removes the wrapper function.  Any use of 
-  the deprecated API should be corrected before this.
-
-The general timeline for three minor releases is 8 to 12 months.
+* No closing PHP tag (?>) at EOF unless after a heredoc. (Avoids problems with 
+  trailing whitespace. Required after heredoc by PHP.)
 
 
 *** CODING BEST PRACTICES ***
 
 The following best practices make code easier to read, easier to maintain,
 and easier to debug.  Consistent use of these guidelines means less guess
-work for developers.
+work for developers, which means happier, more productive developers.
+
+* Adhere to "Don't Repeat Yourself" (DRY) principles of code design and 
+  organization. If you are copy-and-pasting code YOU ARE DOING SOMETHING WRONG.
+  If you find a block of code that you want to use multiple times, make a 
+  function.  If you find views that are identical except for a single value,
+  pull it out into a generic view that takes an option.
+
+* Whitespace is free.  Don't be afraid to use it to separate blocks of code. 
+  Use a single space to separate function params and string concatenation.
 
 * Use self-documenting variable names.  $group_guids is better than $array.
+
 * Functions returning an array should return an empty array instead of FALSE
   on no results.
-* If not throwing an exception, boolean FALSE should be returned by functions
-  on failure or error.
-* Functions returning only boolean should be prefaced with is_*(). (eg,
-  is_logged_in().)
+
+* Functions not throwing an exception on error should return FALSE upon 
+  failure. 
+
+* Functions returning only boolean should be prefaced with is_ or has_ (eg,
+  is_logged_in(), has_access_to_entity()).
+
 * Ternary syntax is acceptable for single-line, non-embedded statements.
+
 * Use comments effectively.  Good comments describe the "why."  Good code
-  describes the "how." Ex:
+  describes the "how."  Ex:
 	Not a very useful comment:
 
 	// increment $i only when the entity is marked as active.
 			$i++;
 		}
 	}
+
+* Use commit messages effectively.  Be concise and meaningful. Ex:
+	Not meaningful: