- Jul 09, 2003
-
-
Dries Buytaert authored
-
Dries Buytaert authored
-
Dries Buytaert authored
- Changed the XSS check a little to be slightly more forgiving wrt style attributes.
-
- Jul 01, 2003
-
-
Dries Buytaert authored
- Improvement: don't perform XSS checks for trusted users. Trusted users are those that have the "bypass input data check" permission set. Should address bug #2147. - Improvement: simplified index.php and modules/admin.module. - Bugfix: fixed broken links in bloggerapi documentation. Patch by Chris Johnson. Fixes bug #2030. - Bugfix: fixed the date shown on a book module preview. Reported as part of bug #2097. - Bugfix: fixed broken URL in the book module documentation.
-
- Jun 30, 2003
-
-
Dries Buytaert authored
- Fixed some "search related" bugs introduced by Moshe's latest patch. Fixes bug #2127.
-
- Jun 29, 2003
-
-
Dries Buytaert authored
- Removed "link" from the XSS check as well as "font".
-
- Jun 28, 2003
-
-
Dries Buytaert authored
- Improvement: faster regex/checks. Patch by Marco.
-
- Jun 27, 2003
-
-
Dries Buytaert authored
and the request will be terminated when something suspicious is detected. This will be logged in the watchdog. With help from Marco. - Fixed translation issue in the archive module. Patch by Gerhard. - Removed dead parameter from variable_get(). Patch by Chris Johnson. Fixes bug #2111. - Improved input checking of taxonomy module. Patch by Gerhard. Fixes bug #2112.
-
- Jun 26, 2003
-
-
Dries Buytaert authored
- Bugfix: do not escpae slashes in block path. Patch #50 by Gerhard. (This accompanies the recent block module documentation update, right?)
-
- Jun 25, 2003
-
-
Dries Buytaert authored
- Bugfix: fixed bug in the search module that prevented the title module from working properly. Patch by Moshe. Fixes bug #1852.
-
- Jun 23, 2003
-
-
Dries Buytaert authored
- Bugfix: fixed the "variables not set" problem (bug #2014). Patch by Slavica. Sorry for the confusion guys - I had it applied on my tree for a couple of days now but forgot to commit it.
-
- Jun 20, 2003
-
-
Dries Buytaert authored
- Bugfix: fixed problem with changing themes. Didn't apply Al's patch as the fix was somewhat simpler. Fixes bug #2003. - Bugfix: fixed problem with voting on certain poll pages. Patch #37 by Al. - Improvement: removed stupid descriptions from profile module.
-
- Jun 19, 2003
-
-
Dries Buytaert authored
- Bugfix: fixed utf-8 problem for people that use PHP 4.2.x or below. Patch #33 by Al. - Bugfix: fixed translation problems in the user module and the block module. Patch by Stefan. - Improvement: made it impossible to delete user role #1 and #2. Patch #38 by Al. - Improvement: fixed the "Allowed HTML tag" issues. Makes for better code and improved usability. Patch #35 by Al. NOTE: as soon the compose tips make their way into CVS, most of this code can be removed.
-
- Jun 16, 2003
-
-
Dries Buytaert authored
- Improvements: XHTML-ifications. Patch by GmbH. See feature #1813.
-
- Jun 15, 2003
-
-
Dries Buytaert authored
- Improvements: XHTML-ifications. Patch by GmbH.
-
- Jun 14, 2003
-
-
Dries Buytaert authored
- Moved some CXX checks to a centralized place; less error-prone.
-
- Jun 13, 2003
-
-
Dries Buytaert authored
- Bugfix: small Xtemplate fixes. Patch by Ax. (Slightly modified.) - Bugfix: block patch fix. Patch by Gerhard. - Bugfix: fixed broken URL in ping. Patch by Gerhard. (This should fix the problems shown on http://www.blo.gs/info.php?id=1515.) - Improvement: added better password generator. Patch #1 by Al. Fixes bug #1935. - Improvement: performance improvement to the blog module. Patch by Marco.
-
- Jun 12, 2003
-
-
Dries Buytaert authored
- Bugfix: charset fixes/clean-up. Patch #52 by Al. - Improvement: renamed some theme functions of the forum module for sake of consistency/readability. Patch #2 by Kristjan. - Improvement: usability improvements to the Xtemplate theme. Patch #3 by Kristjan. - Improvement: CSS'ified the book module pages. Patch #3 by Al. (I simplified the "l ocation" part. Al's approach gave you a bit more power but I'm not sure anyone wants to change that. Besides, this will change as soon we integrate the menu system so I kept it easy for now.)
-
- Jun 11, 2003
-
-
Dries Buytaert authored
- Bugfix: fixed the CREATE FUNCTION in database.mssql as it needs to be prefixed with GO for some obscure reason. Patch by Kjartan. - Bugfix: fixed the defaults for blocks in database.mssql so the NOT NULL fields get values. Patch by Kjartan. - Bugfix: changed check_form() to use htmlspecialchars() instead of drupal_specialchars() as this caused Drupal to emit incorrect form items in presence of quotes. Example: <input type="submit" class="form-submit" name="op" value="Submit "top nodes" block changes" /> IMO, drupal_specialchars() is better called xmlspecialchars() to avoid confusion. - Bugfix: when an anonymous user visits a site, they shouldn't see any content (except the login block, if it is enabled) unless they have the "access content" permissions. Patch by Matt Westgate. - Improvement: improved the error checking and the error messages in the profile module. Updated the code to match the Drupal coding conventions. Modified patch from Matt Westgate. - Improvement: don't generate the <base href=""> tag in the base theme; it is already emitted by theme_head(). Patch by Kristjan. - Improvement: don't execute any SQL queries when checking the permissions of user #1. Patch by Kjartan. - Improvement: made a scalable layout form that works in IE and that behaves better with narrow themes. Part of patch #51 by Al. - Improvement: removed some redundant print statements from the comment module. Modified patch from Craig Courtney.
-
- Jun 08, 2003
-
-
Dries Buytaert authored
- Charset simpliciations. Patch #46 by Al.
-
Dries Buytaert authored
- Synced/unified the error reporting from database.mysql.inc and database.pear.inc. This makes debugging the PostgreSQL (and MSSQL) support somewhat easier.
-
Dries Buytaert authored
- Bugfix: fix glitch in menu rendering code. Patch #42 by Al.
-
- Jun 06, 2003
-
-
Dries Buytaert authored
- Dropped check_input(); use check_query() instead. - Made the statistics module use referer_uri() for security's sake.
-
Dries Buytaert authored
- Added a function check_url() that CSS checks URLs (or parts thereof).
-
Kjartan Mannes authored
-
- Jun 05, 2003
-
-
Dries Buytaert authored
- Bugfix: better charset support for non-ISO-8859-1 languages. Patch 0029.charset.fixes.patch by Al. Could East Asia test this please. - Bugfix: made the "moderate" field behave. Patch 0030.queue.module.help.and.settings.form.patch by Al. - Documentation: revised a large part of the help texts / documentation! Al's 0024.* patches. - Documentation: added a glossary to the help module. Patch 0025.help.module.glossary.patch by Al and Michael. - Usability: first step towards unifying the terminology used in the cloud module. Patch by 0028.site.cloud.rationalize.name.patch Al. - Usability + CSS improvements: revamped the node form and removed all tables. Patch 0027.node.form.rewrite.patch by Al. - CSS improvements: patch 0026.admin.css.small.improvement.patch by Al. - Updated the MAINTAINERS file.
-
- Jun 04, 2003
-
-
Dries Buytaert authored
- Bugfix: renamed the SQL field 'types' to 'nodes' because 'types' is a reserved keyword in MySQL 4. This fixes critical bug #1618. Patch by Marco. ==> This fix requires to run update.php! - Bugfix: made sessions work without warnings when register_globals is turned off. The solution is to use $_SESSION instead of session_register(). This fixes critical bug #1797. Patch by Marco. - Bugfix: sometimes error messages where being discarded when previewing a node. Patch by Craig Courtney. - Bugfix: fixed charset problems. This fixes critical bug #1549. Patch '0023.charset.patch' by Al. - Code improvements: removed some dead code from the comment module. Patch by Marco. - Documentation improvements: polished the node module help texts and form descriptions. Patch '0019.node.module.help.patch' by Al. - CSS improvements all over the map! Patch '0021.more.css.patch' by Al. - GUI improvements: improved the position of Druplicon in the admin menu. Patch '0020.admin.logo.patch' by Al. - GUI improvements: new logos for theme Marvin and theme UnConeD. Logos by Kristjan Jansen. - GUI improvements: small changes to the output emitted by the profile module. Suggestions by Steven Wittens. - GUI improvements: small fixes to Xtemplate. Patch '0022.xtemplate.css.patch' by Al. TODO: - Some modules such as the buddy list module and the annotation module in the contributions repository are also using session_register(). They should be updated. We should setup a task on Drupal. - There is code emitting '<div align="right">' which doesn't validate. - Does our XML feeds validate with the charset changes? - The forum module's SQL doesn't work properly on PostgreSQL.
-
- Jun 03, 2003
-
-
Dries Buytaert authored
to avoid XSS attacks! Patch by Al, Moshe, Marco, Kjartan and me. - Bugfix: the admin module does now import drupal.css prior to admin.css. Patch by me. - Bugfix: the admin module was still emitting a <base href=""> tag. I removed this as it is been taken care of by theme_head(); Patch by me. - Bugfix: made the tracker module's pager only consider published pages. Patch by Moshe. - Bugfix: cured some typos in the comment module's help function. Patch by Marco. - Bugfix: fixed a typo in the pager_display() that caused optional attributes to be discarded. - Bugfix: made the Xtemplate emit empty boxes like any other theme does. Patch by Al. - Bugfix: fixed broken link on the statistics module's log page. Reported by Kjartan. - CSS improvements: made the HTML output emitted by the tracker module look nicer. Patch by Moshe and Al. - CSS improvements: added CSS classes for form elements. Patch by Al. - CSS improvements: added a vertical gap between the last form item and the submit button. Patch by Al. Note that Opera 6 is not picking up this CSS but apparently others browsers such as Konqueror do. - Xtemplate improvements: changed the color of the selected day in the archive module's calendar. Patch by Al. - Usability improvements: made the "birthday" field of the profile module look nicer. Patch by Al. ------ - TODO: it might be a good idea to emit the following meta tag in the theme_head() function: <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> Currently, some themes (and modules!) emit this while others don't. This would also make it possible to change the charset site-wide. - TODO: now we added support for td.dark and td.light to drupal.css, maybe it can be removed from admin.css as well as xtemplate.css?
-
- Jun 01, 2003
-
-
Dries Buytaert authored
- Another register globals fix. Patch by Kjartan.
-
- May 31, 2003
-
-
Dries Buytaert authored
- Omit "index.php" when using Apache. Patch by Al.
-
- May 30, 2003
-
-
Dries Buytaert authored
- Fixed typo. Patch by Marco.
-
Dries Buytaert authored
- Make sure the HTML filter is applied before any other filter. Patch by Al.
-
Dries Buytaert authored
- Fixed the order in which the CSS gets loaded. Patch by Al.
-
- May 29, 2003
-
-
Dries Buytaert authored
- Al's CSS patches. This commit improves the themability of some core components such as lists, form items, removes an ugly hack from the archive module and should fix the poll problem (although it doesn't Opera/Konqueror).
-
- May 26, 2003
-
-
Dries Buytaert authored
- Removed check_output() from the theme system layer.
-
- May 24, 2003
-
-
Dries Buytaert authored
- Updated Drupal to use "on output" filters. Derived from Gerhard's patch.
-
- May 23, 2003
-
-
Dries Buytaert authored
- Fixed typo in URL(). Patch by Al. - Added a filter option to disable/enable the rewrite_old_urls() filter. See task #1542.
-
Dries Buytaert authored
removed a dead global variable.)
-
Dries Buytaert authored
-
- May 20, 2003
-
-
Dries Buytaert authored
- Fixed a IIS bug with regard to register globals. This also avoids the aforementioned ugly hack. Patch by Moshe.
-