Close
dadaIMC Auto-Update Announce
[dadaIMC Auto-Update] New update 14 Dec 2005
The latest update, with a big batch of changes. First the warning:
Stylesheets have been updated, the biggest change being the
conversion of the top row navigation links from <span> to <div>. This
was done for great flexibility in future development (allowing DHTML
menu drop downs, etc).
It will make existing layouts look funky, so I've made every effort
to convert existing stylesheets in the database. It is possible,
however, that you'll need to make a tweak to suit your custom
stylesheet. The default.css and variable.css stylesheets have all the
necessary updates in them, so you can use them as guidelines for
adjusting your own if necessary.
You'll likely have to super-reload the site (Control-Refresh, or
Shift-Refresh, depending on your browser) to get your browser to
recognize the new stylesheet.
Other major changes:
The new cleantext() routines are now in place. This is VERY strict
scrubbing and validation of ALL user input. HTML formatting is
scrubbed, and tag attributes and values are validated against the
XHTML 1.1 spec (with a some leniency for a few tags). Style
properties are similarly scrubbed. Pseudo-HTML and plain text are
scrubbed (even harder!), and non-compliant tags are converted to HTML
entities, so things like <joke>This guy walks into a bar...</joke>
are generally preserved.
Updates through the stylesheet editor are similarly treated, so
invalid selectors, properties, or values are not permitted. There's
some complex stuff going on, so if you notice something that fails to
validate, let me know ASAP.
The help module has been revamped, and replaces the existing help
table in the database. A backup table named "help_old" is created, so
if you have custom Help records, they will be preserved there. (The
change in the database was to make the "name" field lowercase, with
no spaces, so adjust your entries accordingly).
The "Error Logs" page is now broken up into a tabbed interface, and
includes the "cache.log" section -- this lists the file modification
date for all cache files (also searchable). Whenever a cached file is
included on a dadaIMC page, its modification date is included in an
HTML comment -- you can use those dates to compare them against the
date of the file on disk. If you're seeing "old" data on the site,
compare the modification date in the HTML comment to the one in the
"cache.log" section -- if they don't match, then YOUR BROWSER is
caching the page, not dadaIMC. This should help debugging some
caching issues.
Other cosmetic and bug fixes included. Change log included below.
Cheers,
spud.
2005-14-05 11:01
----------------
#!# The Help module has been updated, and all existing
entries in the table are deleted. A backup of the
existing database table is made for your convenience
Includes new, super-powerful user input validation and
scrubbing routines
Stylesheet editor now checks selectors, properties and
values for validity (90% complete)
Removed obsolete references to /admin_includes/users.inc
Fixed permissions in changeperms.sh to keep _config, _mods,
_modprefs files writeable
Fixed bug that allowed custom POST request to set
email_validation property of User object
Added ability to send approval vote when submitting
a new Feature object
Fixed bug in dt_User.inc that set level rather than
email_verified when an Admin created a user account
Updated code so HTML comments about included cache files
also display the file modification date
Updated "Error Logs" page into tabbed sections; included
information about current cache file modification
dates for comparison between page output
Simplified ob_end_cache() for caching with subsites
Added on_update handler to ColumnArticle class
Fixed bug in on_update handler in OtherPress that sent
notification before objectid was assigned
Updated stylesheets, adding new details to #toprow,
converting #navrow spans with divs, and replacing
"form p" with "form div.formtop" for flexibility
Fixed duplicate call to format_data when using "Copy From"
in the Stylesheet editor
Prevent Feature thumbnails from being displayed twice if
placeholders are used in the feature summary
Language variable now allowed as a GET arg
2005-11-24 15:13
----------------
#!# Configuration files can now be stored outside of the
web root. This includes "dt_dbinfo.php" as well as the
[site]_config, [site]_mods, and [site]_mod_prefs files
Path to an APACHE-WRITEABLE directory must be manually
specified in /dt_classes/dt_master_include.inc. Be sure
to include a trailing slash!
#!# Moved MySQL backups to path specified in $g_logdir rather
than the /docs/ directory
#!# New "closeperms.sh" shell script included in /docs/
directory. Make this file executable, and it will make
permissions as strict as possible for normal operation.
You will have to make executable and run the "changeperms.sh"
script before using the Auto-Update module, and after
updating you can run "closeperms.sh" again
Fixed javascript vulnerability in log searching function
Fixed bugs in on_update handler; e.g. Media requiring approval
that wasn't properly deleting objects
2005-11-19 15:13
----------------
Updated and improved batch options in stylesheet editor
dadaphp.log and php-error.log are now searchable
Added mod_pref for Auto-Update allowing a list of
non-dadaIMC directories to ignore
Fix security hole that would allow a custom POST to create
a user with "Admin" level
Fixed a bug in cleantext() that added extra line breaks
2005-11-12 19:01
----------------
Updated Feeder module for more consistent output
Updated RDFParser to handle more RSS 2.0/Atom syntactic elements
-------------------------------------------------------------------
a.h.s. boy
spud(at)nothingness.org "as yes is to if,love is to yes"
www.nothingness.org/
-------------------------------------------------------------------
-------------
To unsubscribe, send blank email
to dadaIMC-autoupdate-off-AT-lists.dadaimc.org
Stylesheets have been updated, the biggest change being the
conversion of the top row navigation links from <span> to <div>. This
was done for great flexibility in future development (allowing DHTML
menu drop downs, etc).
It will make existing layouts look funky, so I've made every effort
to convert existing stylesheets in the database. It is possible,
however, that you'll need to make a tweak to suit your custom
stylesheet. The default.css and variable.css stylesheets have all the
necessary updates in them, so you can use them as guidelines for
adjusting your own if necessary.
You'll likely have to super-reload the site (Control-Refresh, or
Shift-Refresh, depending on your browser) to get your browser to
recognize the new stylesheet.
Other major changes:
The new cleantext() routines are now in place. This is VERY strict
scrubbing and validation of ALL user input. HTML formatting is
scrubbed, and tag attributes and values are validated against the
XHTML 1.1 spec (with a some leniency for a few tags). Style
properties are similarly scrubbed. Pseudo-HTML and plain text are
scrubbed (even harder!), and non-compliant tags are converted to HTML
entities, so things like <joke>This guy walks into a bar...</joke>
are generally preserved.
Updates through the stylesheet editor are similarly treated, so
invalid selectors, properties, or values are not permitted. There's
some complex stuff going on, so if you notice something that fails to
validate, let me know ASAP.
The help module has been revamped, and replaces the existing help
table in the database. A backup table named "help_old" is created, so
if you have custom Help records, they will be preserved there. (The
change in the database was to make the "name" field lowercase, with
no spaces, so adjust your entries accordingly).
The "Error Logs" page is now broken up into a tabbed interface, and
includes the "cache.log" section -- this lists the file modification
date for all cache files (also searchable). Whenever a cached file is
included on a dadaIMC page, its modification date is included in an
HTML comment -- you can use those dates to compare them against the
date of the file on disk. If you're seeing "old" data on the site,
compare the modification date in the HTML comment to the one in the
"cache.log" section -- if they don't match, then YOUR BROWSER is
caching the page, not dadaIMC. This should help debugging some
caching issues.
Other cosmetic and bug fixes included. Change log included below.
Cheers,
spud.
2005-14-05 11:01
----------------
#!# The Help module has been updated, and all existing
entries in the table are deleted. A backup of the
existing database table is made for your convenience
Includes new, super-powerful user input validation and
scrubbing routines
Stylesheet editor now checks selectors, properties and
values for validity (90% complete)
Removed obsolete references to /admin_includes/users.inc
Fixed permissions in changeperms.sh to keep _config, _mods,
_modprefs files writeable
Fixed bug that allowed custom POST request to set
email_validation property of User object
Added ability to send approval vote when submitting
a new Feature object
Fixed bug in dt_User.inc that set level rather than
email_verified when an Admin created a user account
Updated code so HTML comments about included cache files
also display the file modification date
Updated "Error Logs" page into tabbed sections; included
information about current cache file modification
dates for comparison between page output
Simplified ob_end_cache() for caching with subsites
Added on_update handler to ColumnArticle class
Fixed bug in on_update handler in OtherPress that sent
notification before objectid was assigned
Updated stylesheets, adding new details to #toprow,
converting #navrow spans with divs, and replacing
"form p" with "form div.formtop" for flexibility
Fixed duplicate call to format_data when using "Copy From"
in the Stylesheet editor
Prevent Feature thumbnails from being displayed twice if
placeholders are used in the feature summary
Language variable now allowed as a GET arg
2005-11-24 15:13
----------------
#!# Configuration files can now be stored outside of the
web root. This includes "dt_dbinfo.php" as well as the
[site]_config, [site]_mods, and [site]_mod_prefs files
Path to an APACHE-WRITEABLE directory must be manually
specified in /dt_classes/dt_master_include.inc. Be sure
to include a trailing slash!
#!# Moved MySQL backups to path specified in $g_logdir rather
than the /docs/ directory
#!# New "closeperms.sh" shell script included in /docs/
directory. Make this file executable, and it will make
permissions as strict as possible for normal operation.
You will have to make executable and run the "changeperms.sh"
script before using the Auto-Update module, and after
updating you can run "closeperms.sh" again
Fixed javascript vulnerability in log searching function
Fixed bugs in on_update handler; e.g. Media requiring approval
that wasn't properly deleting objects
2005-11-19 15:13
----------------
Updated and improved batch options in stylesheet editor
dadaphp.log and php-error.log are now searchable
Added mod_pref for Auto-Update allowing a list of
non-dadaIMC directories to ignore
Fix security hole that would allow a custom POST to create
a user with "Admin" level
Fixed a bug in cleantext() that added extra line breaks
2005-11-12 19:01
----------------
Updated Feeder module for more consistent output
Updated RDFParser to handle more RSS 2.0/Atom syntactic elements
-------------------------------------------------------------------
a.h.s. boy
spud(at)nothingness.org "as yes is to if,love is to yes"
www.nothingness.org/
-------------------------------------------------------------------
-------------
To unsubscribe, send blank email
to dadaIMC-autoupdate-off-AT-lists.dadaimc.org
Report Bugs
dadaIMC uses the Mantis bug-tracking system for bug reporting. Please use it! And check for existing reports of your bug before submitting a new one.
CVS
The current CVS version of dadaIMC is now browseable online. Be forewarned, though, that it is not always in a useable state as-is!
Donations
Support development!