1. 13 Aug, 2003 1 commit
    • Dries's avatar
      · 6ddeae9f
      Dries authored
      - Bugfix: fixed problem with "exit" hook not always being called.  Reported
        by Jeremy.  Patch by Moshe.
      6ddeae9f
  2. 12 Aug, 2003 1 commit
  3. 11 Aug, 2003 1 commit
  4. 08 Aug, 2003 1 commit
    • Dries's avatar
      · 39950fe2
      Dries authored
      - Committed a modified version of Ulf's input checking changes.  Patch #95.
        I added an error message, changed a few things around and fixed tw typos.
      39950fe2
  5. 23 Jul, 2003 2 commits
    • Dries's avatar
      · 3833e4de
      Dries authored
      - Cache system improvements by Gerhard: removed some left-overs.
      3833e4de
    • Dries's avatar
      · 81ea70d1
      Dries authored
      - Bugfix: the cache wasn't always cleared properly.  Patch by Gerhard.
      81ea70d1
  6. 16 Jul, 2003 1 commit
    • Dries's avatar
      · 8759ca73
      Dries authored
      - Commited the URL aliasing patch.  Thanks Matt.
      
        This update requires you to run update.php!
      8759ca73
  7. 10 Jul, 2003 1 commit
    • Dries's avatar
      · 337b3c9d
      Dries authored
      - Committed a slightly modified version of Slavica's table prefix patch.
      337b3c9d
  8. 09 Jul, 2003 3 commits
    • Dries's avatar
      - Fixed typo · e5b392b5
      Dries authored
      e5b392b5
    • Dries's avatar
      - Some more refinements · 9fd25fa5
      Dries authored
      9fd25fa5
    • Dries's avatar
      · ae4fe72d
      Dries authored
      - Changed the XSS check a little to be slightly more forgiving wrt style
        attributes.
      ae4fe72d
  9. 01 Jul, 2003 1 commit
    • Dries's avatar
      · dc15ba06
      Dries authored
      - Improvement: don't perform XSS checks for trusted users.  Trusted users
        are those that have the "bypass input data check" permission set.  Should
        address bug #2147.
      
      - Improvement: simplified index.php and modules/admin.module.
      
      - Bugfix: fixed broken links in bloggerapi documentation.  Patch by Chris
        Johnson.  Fixes bug #2030.
      
      - Bugfix: fixed the date shown on a book module preview.  Reported as part
        of bug #2097.
      
      - Bugfix: fixed broken URL in the book module documentation.
      dc15ba06
  10. 30 Jun, 2003 1 commit
    • Dries's avatar
      · 886ae2bf
      Dries authored
      - Fixed some "search related" bugs introduced by Moshe's latest patch.
        Fixes bug #2127.
      886ae2bf
  11. 29 Jun, 2003 1 commit
    • Dries's avatar
      · da80e620
      Dries authored
      - Removed "link" from the XSS check as well as "font".
      da80e620
  12. 28 Jun, 2003 1 commit
    • Dries's avatar
      · 646bb31a
      Dries authored
      - Improvement: faster regex/checks.  Patch by Marco.
      646bb31a
  13. 27 Jun, 2003 1 commit
    • Dries's avatar
      - Reworked the CXX checking; now, _any_ user input will be checked · f4df7195
      Dries authored
      and the request will be terminated when something suspicious is
      detected.  This will be logged in the watchdog.  With help from Marco.
      
      - Fixed translation issue in the archive module.  Patch by Gerhard.
      
      - Removed dead parameter from variable_get().  Patch by Chris Johnson.
      Fixes bug #2111.
      
      - Improved input checking of taxonomy module.  Patch by Gerhard.
      Fixes bug #2112.
      f4df7195
  14. 25 Jun, 2003 1 commit
    • Dries's avatar
      · e95aa56e
      Dries authored
      - Bugfix: fixed bug in the search module that prevented the title module
        from working properly.  Patch by Moshe.  Fixes bug #1852.
      e95aa56e
  15. 23 Jun, 2003 1 commit
    • Dries's avatar
      · e756213b
      Dries authored
      - Bugfix: fixed the "variables not set" problem (bug #2014).  Patch by
        Slavica.
      
        Sorry for the confusion guys - I had it applied on my tree for a couple
        of days now but forgot to commit it.
      e756213b
  16. 20 Jun, 2003 1 commit
    • Dries's avatar
      · e57faf21
      Dries authored
      - Bugfix: fixed problem with changing themes.  Didn't apply Al's patch as
        the fix was somewhat simpler.  Fixes bug #2003.
      
      - Bugfix: fixed problem with voting on certain poll pages.  Patch #37 by Al.
      
      - Improvement: removed stupid descriptions from profile module.
      e57faf21
  17. 19 Jun, 2003 1 commit
    • Dries's avatar
      · 828ba665
      Dries authored
      - Bugfix: fixed utf-8 problem for people that use PHP 4.2.x or below.  Patch #33 by Al.
      
      - Bugfix: fixed translation problems in the user module and the block module.  Patch by Stefan.
      
      - Improvement: made it impossible to delete user role #1 and #2.  Patch #38 by Al.
      
      - Improvement: fixed the "Allowed HTML tag" issues.  Makes for better code and improved usability.  Patch #35 by Al.
      
        NOTE: as soon the compose tips make their way into CVS, most of this code can be removed.
      828ba665
  18. 15 Jun, 2003 1 commit
    • Dries's avatar
      · eb030cb9
      Dries authored
      - Improvements: XHTML-ifications.  Patch by GmbH.
      eb030cb9
  19. 14 Jun, 2003 1 commit
    • Dries's avatar
      · 3e9aabe0
      Dries authored
      - Moved some CXX checks to a centralized place; less error-prone.
      3e9aabe0
  20. 12 Jun, 2003 1 commit
    • Dries's avatar
      · 1a257603
      Dries authored
      - Bugfix: charset fixes/clean-up.  Patch #52 by Al.
      
      - Improvement: renamed some theme functions of the forum module for sake of consistency/readability.  Patch #2 by Kristjan.
      
      - Improvement: usability improvements to the Xtemplate theme.  Patch #3 by Kristjan.
      
      - Improvement: CSS'ified the book module pages.  Patch #3 by Al.  (I simplified the "l
      ocation" part.  Al's approach gave you a bit more power but I'm not sure anyone wants
      to change that.  Besides, this will change as soon we integrate the menu system so I kept it easy for now.)
      1a257603
  21. 11 Jun, 2003 1 commit
    • Dries's avatar
      · 3b8c99d9
      Dries authored
      - Bugfix: fixed the CREATE FUNCTION in database.mssql as it needs to be prefixed with GO for some obscure reason.  Patch by Kjartan.
      
      - Bugfix: fixed the defaults for blocks in database.mssql so the NOT NULL fields get values.  Patch by Kjartan.
      
      - Bugfix: changed check_form() to use htmlspecialchars() instead of drupal_specialchars() as this caused Drupal to emit incorrect form items in presence of quotes.  Example:
      
        <input type="submit" class="form-submit" name="op" value="Submit "top nodes" block changes" />
      
        IMO, drupal_specialchars() is better called xmlspecialchars() to avoid confusion.
      
      - Bugfix: when an anonymous user visits a site, they shouldn't see any content (except the login block, if it is enabled) unless they have the "access content" permissions.  Patch by Matt Westgate.
      
      - Improvement: improved the error checking and the error messages in the profile module.  Updated the code to match the Drupal coding conventions.  Modified patch from Matt Westgate.
      
      - Improvement: don't generate the <base href=""> tag in the base theme; it is already emitted by theme_head().  Patch by Kristjan.
      
      - Improvement: don't execute any SQL queries when checking the permissions of user #1.  Patch by Kjartan.
      
      - Improvement: made a scalable layout form that works in IE and that behaves better with narrow themes.  Part of patch #51 by Al.
      
      - Improvement: removed some redundant print statements from the comment module.  Modified patch from Craig Courtney.
      3b8c99d9
  22. 08 Jun, 2003 1 commit
    • Dries's avatar
      · a448f5a9
      Dries authored
      - Charset simpliciations.  Patch #46 by Al.
      a448f5a9
  23. 06 Jun, 2003 2 commits
    • Dries's avatar
      · aa38097c
      Dries authored
      - Dropped check_input(); use check_query() instead.
      
      - Made the statistics module use referer_uri() for security's sake.
      aa38097c
    • Dries's avatar
      · 17cd7c49
      Dries authored
      - Added a function check_url() that CSS checks URLs (or parts thereof).
      17cd7c49
  24. 05 Jun, 2003 1 commit
    • Dries's avatar
      · de3b0796
      Dries authored
      - Bugfix: better charset support for non-ISO-8859-1 languages.  Patch 0029.charset.fixes.patch by Al.  Could East Asia test this please.
      
      - Bugfix: made the "moderate" field behave.  Patch 0030.queue.module.help.and.settings.form.patch by Al.
      
      - Documentation: revised a large part of the help texts / documentation!  Al's 0024.* patches.
      
      - Documentation: added a glossary to the help module.  Patch 0025.help.module.glossary.patch by Al and Michael.
      
      - Usability: first step towards unifying the terminology used in the cloud module.  Patch by 0028.site.cloud.rationalize.name.patch Al.
      
      - Usability + CSS improvements: revamped the node form and removed all tables.  Patch 0027.node.form.rewrite.patch by Al.
      
      - CSS improvements: patch 0026.admin.css.small.improvement.patch by Al.
      
      - Updated the MAINTAINERS file.
      de3b0796
  25. 04 Jun, 2003 1 commit
    • Dries's avatar
      · 355d25e7
      Dries authored
      - Bugfix: renamed the SQL field 'types' to 'nodes' because 'types' is a reserved keyword in MySQL 4.  This fixes critical bug #1618.  Patch by Marco.
      
        ==> This fix requires to run update.php!
      
      - Bugfix: made sessions work without warnings when register_globals is turned off. The solution is to use $_SESSION instead of session_register().  This fixes critical bug #1797.  Patch by Marco.
      
      - Bugfix: sometimes error messages where being discarded when previewing a node.  Patch by Craig Courtney.
      
      - Bugfix: fixed charset problems.  This fixes critical bug #1549.  Patch '0023.charset.patch' by Al.
      
      - Code improvements: removed some dead code from the comment module.  Patch by Marco.
      
      - Documentation improvements: polished the node module help texts and form descriptions.  Patch '0019.node.module.help.patch' by Al.
      
      - CSS improvements all over the map!  Patch '0021.more.css.patch' by Al.
      
      - GUI improvements: improved the position of Druplicon in the admin menu.  Patch '0020.admin.logo.patch' by Al.
      
      - GUI improvements: new logos for theme Marvin and theme UnConeD.  Logos by Kristjan Jansen.
      
      - GUI improvements: small changes to the output emitted by the profile module.  Suggestions by Steven Wittens.
      
      - GUI improvements: small fixes to Xtemplate.  Patch '0022.xtemplate.css.patch' by Al.
      
      TODO:
      
      - Some modules such as the buddy list module and the annotation module in the contributions repository are also using session_register().  They should be updated.  We should setup a task on Drupal.
      
      - There is code emitting '<div align="right">' which doesn't validate.
      
      - Does our XML feeds validate with the charset changes?
      
      - The forum module's SQL doesn't work properly on PostgreSQL.
      355d25e7
  26. 03 Jun, 2003 1 commit
    • Dries's avatar
      - Bugfix: made request_uri() rewrite ( and ) with their entity equivalents · 05288ac4
      Dries authored
      to avoid XSS attacks!  Patch by Al, Moshe, Marco, Kjartan and me.
      
      - Bugfix: the admin module does now import drupal.css prior to admin.css.
      Patch by me.
      
      - Bugfix: the admin module was still emitting a <base href=""> tag.  I
      removed this as it is been taken care of by theme_head();  Patch by me.
      
      - Bugfix: made the tracker module's pager only consider published pages.
      Patch by Moshe.
      
      - Bugfix: cured some typos in the comment module's help function.  Patch by
      Marco.
      
      - Bugfix: fixed a typo in the pager_display() that caused optional
      attributes to be discarded.
      
      - Bugfix: made the Xtemplate emit empty boxes like any other theme does.
      Patch by Al.
      
      - Bugfix: fixed broken link on the statistics module's log page.
      Reported by Kjartan.
      
      - CSS improvements: made the HTML output emitted by the tracker module
      look nicer.  Patch by Moshe and Al.
      
      - CSS improvements: added CSS classes for form elements.  Patch by Al.
      
      - CSS improvements: added a vertical gap between the last form item and the
      submit button.  Patch by Al.  Note that Opera 6 is not picking up this
      CSS but apparently others browsers such as Konqueror do.
      
      - Xtemplate improvements: changed the color of the selected day in the
      archive module's calendar.  Patch by Al.
      
      - Usability improvements: made the "birthday" field of the profile module
      look nicer.  Patch by Al.
      
      ------
      
      - TODO: it might be a good idea to emit the following meta tag in the
      theme_head() function:
      
      <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
      
      Currently, some themes (and modules!) emit this while others don't.  This
      would also make it possible to change the charset site-wide.
      
      - TODO: now we added support for td.dark and td.light to drupal.css, maybe
      it can be removed from admin.css as well as xtemplate.css?
      05288ac4
  27. 01 Jun, 2003 1 commit
    • Dries's avatar
      · 4582eecc
      Dries authored
      - Another register globals fix.  Patch by Kjartan.
      4582eecc
  28. 31 May, 2003 1 commit
    • Dries's avatar
      · 82019d89
      Dries authored
      - Omit "index.php" when using Apache.  Patch by Al.
      82019d89
  29. 30 May, 2003 2 commits
    • Dries's avatar
      · c6f9ca54
      Dries authored
      - Fixed typo.  Patch by Marco.
      c6f9ca54
    • Dries's avatar
      · 4499241f
      Dries authored
      - Make sure the HTML filter is applied before any other filter.  Patch by
        Al.
      4499241f
  30. 29 May, 2003 1 commit
    • Dries's avatar
      · 1fc8a18c
      Dries authored
      - Al's CSS patches.  This commit improves the themability of some core
        components such as lists, form items, removes an ugly hack from the
        archive module and should fix the poll problem (although it doesn't
        Opera/Konqueror).
      1fc8a18c
  31. 24 May, 2003 1 commit
    • Dries's avatar
      · 45d5aad6
      Dries authored
      - Updated Drupal to use "on output" filters.  Derived from Gerhard's patch.
      45d5aad6
  32. 23 May, 2003 2 commits
  33. 20 May, 2003 1 commit
    • Dries's avatar
      · b68b2798
      Dries authored
      - Fixed a IIS bug with regard to register globals.  This also avoids the
        aforementioned ugly hack.  Patch by Moshe.
      b68b2798
  34. 19 May, 2003 1 commit
    • Dries's avatar
      · bf28f870
      Dries authored
      - Applied Moshe's patch that should make clean URLs work on IIS.  I removed
        a little hack that sometimes patches the request_uri(); I don't think
        this should trigger in first place.  If it does, let me know the URL of
        the form as well as the referring page.  (If this needs fixing after all,
        fixing this _inside_ request_uri() might be a better solution.)
      bf28f870