source: CHANGELOG @ 3095:7b52a5c13c7e

Dotclear 2.8.1 - 2015-09-23
===========================================================
* Fix admin pager parameters escaping - thanks Keiko Yashiki from JPCERT/CC for reporting this XSS
* Error on changing post author in entries' lists: fixed
* Cope with unknown URL scheme in X-Frame-Options
* One ot two of 🍻 drunk

Dotclear 2.8 - 2015-08-13
===========================================================
* New module dependencies system (plugins)
* Theme editor: Cope with css theme sub-folder
* extension/heritage system applied to mustek templateset
* installation wizard now allows SQLite engine
* Legacy editor toolbar may now be displayed below textarea
* Breadcrumb plugin added to the distribution, included in mustek/currywurst templatesets
* Allow a fifth parameter (optional) for image to insert a legend using figure/figcaption tags (wiki)
* XHTML validator removed from legacy editor
* Update jQuery from 1.11.2 to 1.11.3
* Add a blog parameter to disable internal search
* Add some sort orders and filters criteria for posts and comments
* Update CKEditor from 4.4.8 to 4.5.2
* Add IP and antispam filter columns when displaying spams
* Add actions to directly blacklist IP from comments list
* Lexical sort order for tags and widgets
* Use HTML5 audio tag for MP3 attachments
* Bye the 🐈, welcome the 🐸
* Lot of 🐛 🔫
* Various 🌼 adjustments
* Full of 🍻 drunk

Dotclear 2.7.4 - 2015-02-13
===========================================================
* Berlin theme: resources usage has been optimized
* currywurst templateset: head-linkrel block name fixed
* Current editor syntax: now displayed near edited field (post/page/quick entry)
* Some admin URLs were malformed: fixed
* Post/page preview: anti-clickjacking system fixed
* The cat is valid now

Dotclear 2.7.3 - 2015-01-13
===========================================================
* Restore advanced edition of category description (as in 2.6)
* Various bug fixes
* Some cosmetic adjustments

Dotclear 2.7.2 - 2014-12-25
===========================================================
* Dotclear wiki could not be used by standard user: fixed

Dotclear 2.7.1 - 2014-12-25
===========================================================
* Various bug fixes
* Some cosmetic adjustments

Dotclear 2.7 - 2014-12-13
===========================================================
* Security : protection against clickjacking may be activated (see blog parameters)
* Switch to HTML5 : backend, templatesets and themes
* ARIA roles in da place (a11y)
* Multiple templatesets : mustek (legacy) and currywurst
* Themes may use extension/heritage template mechanisms
* New theme (Berlin) based on currywurst templateset
* New WYSIWYG editor (CKEditor)
* Dotclear Wiki now produces HTML5 compatible markup
* Video and audio HTML5 tags are now used (with fallback to flash if possible)
* Copying default theme to user-defined theme folder is not more necessary
* Preview of comment may be optional (see blog parameters)
* Widgets may be put offline without deleting them
* jQuery version may be choosen between 1.4.2 (default) and 1.11.1 (see blog parameters)
* Number of posts listed on home page may be different than other pages (see blog parameters)
* Hidden folders are now hidden in media manager (set DC_SHOW_HIDDEN_DIRS to true in config.php to display them)
* User-defined template files may be reset (deleted) in theme editor
* Drag'n'drop now enabled on touch screens
* Alternative syntax may be set for comments by third-party plugins
* A lot of bug fixes
* Much more cosmetic adjustements and enhancements

Dotclear 2.6.4 - 2014-08-18
===========================================================
* Security fix: Sanitize search request. Thanks to Takayuki Uchiyama
* Security fix: Strenghened xmlrpc (see http://www.breaksec.com/?p=6362)

Dotclear 2.6.3 - 2014-05-16
===========================================================
* Security fix: Strengthened xmlrpc auth. Thanks to Egidio Romano
* Security fix: Strengthened categories ordering. Thanks to Egidio Romano

Dotclear 2.6.2 - 2014-01-20
===========================================================
* Security fix: Fixed potential code injection on password protected post/page. Thanks to Charlie Briggs
* Bugfix: cope with numeric module (plugin/theme) id
* Bugfix: Bad SQL syntax when using SQLite
* Bugfix: BlogParentThemeURL template value is back
* Various bug fixes

Dotclear 2.6.1 - 2013-11-22
===========================================================
* Bugfix: trackbacks/pingbacks post URL
* Bugfix: short/full list of tags (post edition)
* Bugfix: Toolbar not drawn on new comment form (administration)
* Various bug fixes
* Some cosmetic adjustments

Dotclear 2.6 - 2013-11-13
===========================================================
* Various bug fixes
* Various cosmetic adjustments

Dotclear 2.6-RC - 2013-10-18
===========================================================
* PHP 5.2 required
* jQuery upgraded to 1.10.2 (including jQuery migrate plugin 1.2.1)
* mySQLi support (now proposed by default rather than mySQL)
* Administration revamped, relooked, redesigned, new icons, new ergonomic's behaviours
* Administration is now responsive (easier to cope with it on small devices)
* Administration menu re-organized
* a11y (accessibility) everywhere, with and whithout Js
* Success, notice and warning messages have been harmonized
* daInstaller has been dispatched in core (in plugins and blog themes management)
* Global help is now available, contextual help is available on every page
* Media manager enhanced
* Maintenance plugin revamped and enhanced (now includes export features)
* Categories management enhanced
* Plugins and themes management revamped
* New “Plumetis” variation for Blowup theme
* Jasmine is now used for unit testing of js components
* A lot of bug fixes
* A lot of cosmetics adjustments
* A lot of enhancements

Dotclear 2.5.3 - 2013-09-13
===========================================================
* Bugfix: l10n Clearbricks library
* Bugfix: post's comments and trackbacks counters
* Check public and cache directories (existence and permissions)
* Avoid Categorie's identical URL as far as possible
* Cope with alpha layers in PNG images for thumbnails generation
* Add password strength indicators
* Fix permission form (checkboxes management)
* Better management of antispam filters
* Minor enhancements
* Various bug fixes
* Various cosmetic adjustments

Dotclear 2.5.2 - 2013-08-14
===========================================================
* Security fix: Fixed potential XSS
* Bugfix: l10n Clearbricks library
* <tpl:LoopPosition> now works <tpl:Attachments>
* Dotclear update check may now be forced (ignoring cache)
* Enforce integration of daInstaller plugin
* Tags link button is now available on page editor
* Default cache age is now 1 week instead of 2 hours
* Quick entry dashboard module is not activated by default on new installation
* New template {{tpl:BlogParentThemeURL}} (return URL of parent theme of blog's theme if any, URL of blog's theme otherwise)
* Fix post comments number on comments deletion
* Fix order of backup files
* Minor enhancements
* Various bug fixes
* Various cosmetic adjustments

Dotclear 2.5.1 - 2013-07-20
===========================================================
* Security fix: Replacement of swfupload.swf by a jQuery plugin
* Security enhancement: Strenghened lists display
* Thumbnails quality improved
* Minor enhancements
* Various bug fixes
* Various cosmetic adjustments

Dotclear 2.5.0 - 2013-03-12
===========================================================
* Security fix: XSS vulnerabilities in swfupload.swf (media enhanced uploader)
* Ductile theme may now use webfont (from Google, Adobe and similar providers)
* daInstaller plugin is now included in the official distribution
* The media enhanced uploader may now be temporarily enabled or disabled
* Add mass expand on posts and comments lists
* Allow wildcard for IP address on comments filters
* Add ability to delete non empty category (and move its content to another category)
* Every types of entries may be used to inserted an entry link in current edited post
* Add (none) option to image insertion title pattern
* Smileys are not more converted in image in pre,code,kbd,script and math contents
* Notes' title can be now enclosed in h4 (default), h3 or p HTML tag
* Now display translated name and desc of plugins
* Add publication date validation on post and page editing forms
* Add description to widgets
* Add syntax color option to theme editor plugin
* Add delete button on media item page
* Add/complement display modes (all pages, home page only, except on home page) for all widgets
* {{tpl:Widgets}} without type attribute set displays now all widgets (from nav, extra and custom)
* Add {{tpl:else}}, {{tpl:TagCount}}, <tpl:TagIf>, {{tpl:CategoryEntriesCount}} template tags
* Add cat_only, no_tag and content_only attributes to {{tpl:EntryFirstImage}} tag
* Add capitalize attribute to template filters' list
* Enhance links lookup anti spam filter
* Add hidden optional attribute for pages
* Adaptative compression rate for thumbnails generation
* Add timestamp on admin information messages
* Update to jQuery 1.8.3 and jQuery-UI 1.9.2 (custom)
* Add default favicon.ico
* Add default attributes settings for image,mp3,flv insertion
* Various bug fixes
* Various cosmetic updates and contrast adjustments

Dotclear 2.4.4 - 2012-08-13
===========================================================
* Bugfix: Programmed entries works again.
* Compatibility fix: widgets are now fully php >=5.3 compliant
* Security fix: potential CSRF in user management
* has_tag now part of dotclear core, moved from tag plugin.
* empty title fixed on rss reader widget

Dotclear 2.4.3 - 2012-05-18
===========================================================
* Admin: My favorites menu can be hidden
* Admin: Fix wordpress importer
* Admin: about:config and user:pref tables are now more readable
* Ductile theme: Blog logo can be changed
* New lithuanian language (thanks to Paulius Černakauskas)
* Various bug fixes

Dotclear 2.4.2 - 2012-02-11
===========================================================
* Security fix release
* 4 XSS vulnerabilities fixed, discovered by High-Tech Bridge

Dotclear 2.4.1.2 - 2011-12-24
===========================================================
* Happy Christmas!
* Security: fixed one SQL injection vulnerability in Clearbricks, thanks to Adjaya
* New behaviour: publicGetURLFor
* New behaviour: publicRegisterURL
* New behaviour: templatePrepareParams
* Changed the way to get artefacts URLs, through $core->url->getURLFor calls, instead of $core->url->getBase()
* new/updated parameter sql_only in $core->blog->getPosts and $core->blog->getComments

Dotclear 2.4.0 - 2011-11-13
===========================================================
* Admin: new iconset from Thomas Daveluy
* Admin: Accessibility enhancements
* Added a custom widget sidebar
* Added a new theme (Ductile)
* Added a new plugin (simpleMenu)
* handling of postgres non default schemas (db_prefix = 'schema.prefix')
* New iconset mechanism
* New behaviour: coreBlogBeforeGetPosts
* Security fix: Spam comments feed now checks for blog permission. Thanks to Romuald Brunet.
* Various bug fixes

Dotclear 2.3.1 - 2011-06-14
===========================================================
* Updated makefile for cleaner distrib.
* Better localization handling for prefs and shortcuts.
* Misc JS & CSS cleaning.
* Import/Export preferences-related bugfix.
* Administrative mail address is now configurable.
* Security: one minor fix and changes for two potential problems. Thanks to Jeremie Boutoille

Dotclear 2.3.0 - 2011-05-16
===========================================================
* Admin: Major backend redesign
* Admin: Customizable Dashboard
* Admin: New Favourites admin submenu
* Admin: New user preferences backend
* Admin: Accessibility enhancements
* Admin: Inline help extended
* Templates: Default theme templates moved to inc/public/default-templates
* Clearbricks: External libraries relocated to inc/libs
* Clearbricks: fixed utf-8 and mysql strict mode problems
* Added a safe mode connection, disabling all plugins
* Mysqli support (config.php may need to be updated manually)
* Fixed dcLog bug with pgsql
* Fixed comment/trackbacks counters reset.
* Several other bug fixes


Dotclear 2.2.3 - 2011-04-01
===========================================================
* Security fix in media manager. Thx to Raphaël
* Bugfix : 2.2.2 was preventing manual thumbnail regeneration.
* Database handling bugfixes

Dotclear 2.2.2 - 2011-01-17
===========================================================
* Bugfix: 2.2.1 was blocking new installations
* Autoupdate procedure should now be "bad ftp client configuration"-proof.
* Several other small bugfixes

Dotclear 2.2.1 - 2011-01-15
===========================================================
* ExternalMedia is not part of the core distribution anymore
* New attribute to tpl:SysIf: blog_id
* New behaviour: adminMediaItemForm
* Several bugfixes
* Several code optimizations
* Several typos corrected
* Security fix in Clearbricks. Thx to François Pierre-Doray for pointing it out.

Dotclear 2.2 - 2010-07-01
===========================================================
* New installation wizard.
* Several new behaviours:
     - adminCommentHeaders
     - adminCommentsActionsCombo
     - adminCommentsActions
     - adminCommentsActionsContent
     - adminBeforeCommentDelete
     - adminPostsActionsHeaders
     - adminUsersActionsCombo
     - coreBeforeCategoryCreate & coreAfterCategoryCreate
     - coreBeforeCategoryUpdate & coreAfterCategoryUpdate
     - coreBeforeLogCreate & coreAfterLogCreate
     - coreBeforePostCreate & coreAfterPostCreate
     - coreBeforePostUpdate & coreAfterPostUpdate
     - coreMediaConstruct
     - templateCustomSortByAlias
     - urlHandlerGetArgsDocument
* New methods for several core classes.
* Metadata integration to the core.
* Error handlers can now be extended.
* Templates: blocks can now be recursive.
* Templates: Entries & Comments tags can now be sorted.
* Templates: The template subsystem is quicker, linier, and ready to be extended.
* Complete reworking of the settings system
* Correct handling of postgresql non default schemas.
* Admin: Autocompletion and further enhancing to tags handling.
* Admin: Accessibility & ergonomic tweaks.
* Admin: Administrator tag in users list.
* Comment cookies are now specific to the blog rather than to the domain.
* Password changes can now be mandatory.
* jQuery updated to 1.4.2.
* And way too many bugfixes and typos squashes to be listed.


Dotclear 2.1.7 - 2010-05-25
===========================================================
* Auto-update procedure fix

Dotclear 2.1.6 - 2009-10-01
===========================================================
* Install procedure fixes
* Admin: Page managers can now create pages
* Admin: several typos corrected.
* Admin: Widgets now work in IE8.
* Admin: Password protected posts can now be previewed.
* Templates: tpl:Meta* are now tpl:Tags*.
* Templates: <tpl:Entries lastn="0"> now display all posts.
* new behavior: adminPageHTMLHead
* DB schema: new blog_id field in log table
* Media manager: Pubic folder can now be set on a different host.
* WordPress import fixes
* Dailymotion insertion fix
* Upgrade procedure: CRLF removed in files that were bugging the upgrade.
* JQuery updated to 1.3
* IE7-js update
* security: Full Path Disclosure protection. Thx to Karim Ayad for pointing it out.
* and way too many bugfixes to be listed.

Dotclear 2.1.5 - 2009-02-05
===========================================================
* Security release
* Youtube insertion update

Dotclear 2.1.4 - 2008-12-21
===========================================================
* Security flaw fix
* WordPress import refining
* XML-RPC improvements

Dotclear 2.1.3 - 2008-11-19
===========================================================
* Admin: New upgrade procedure
* Admin: Fixed video insertion bug
* Template: New attributes
  * url on EntryIf
  * only_category on Blogroll
  * no_context on Pagination
* Template: New tag
  * BlogID
* Admin: escaped blog_id on authentication page

Dotclear 2.1.1 - 2008-11-07
===========================================================
* Admin: Automatic Update bug fixes
* Admin: Disable Automatic Update if no digests file
* Admin: Javascript fixes in authentication page
* Admin: Fixed errors with categories select boxes
* Template: Added level attribute in tpl:Categories
* Media: Added H.264/MPEG-4 AVC for mp4 files

Dotclear 2.1 - 2008-11-01
===========================================================
* Subcategories
* Admin: Automatic Update
* Admin: Flash 10 support for uploader
* Admin: mailto link in comment details
* Admin: Embedded video size selection
* Admin: Restrict session cookie path to admin
* Media: H.264/MPEG-4 AVC (HD) support with m4v files
* Inherited themes
* WordPress XML-RPC methods support
* True unicode URLs
* Plugin: Widgets as template tags
* Plugin: Filters in entries widgets and Blogroll
* Plugin: Added vimeo.com in external media
* Template: New tags
  * LoopPosition
  * CommentAuthorDomain
  * CommentAuthorMD5
  * EntryFirstImage
  * EntryCategoryShortURL
  * CategoryIf
  * CategoryFirstChildren
  * CategoryParents
  * EntryCategoriesBreadcrum
  * MediaURL

Dotclear 2.0.2 - 2008-09-05
===========================================================
* New installation procedure
* Plugin: WordPress import fixes
* Plugin: Plain text export as downloadable files
* Plugin: Message about URLs in Dotclear 1.2 import
* Public: Display a message if search returns no result
* Admin: Fixed some CSS bugs
* Admin: Batch select/unselect entries
* Admin: In a media item, find entries containing it

Dotclear 2.0.1 - 2008-08-16
===========================================================
* Plugin: Fixed a bug with Dotclear 1.2 URLs import.
* Plugin: Fixed a l10n bug in Pages
* Admin: Enhanced plugins resources loading and cache

Dotclear 2.0 - 2008-08-01
===========================================================
* Public: Atom becomes the default feed format. RSS 2 is always available.
* Admin: design enhancements and new Dotclear logo
* Admin: entries preview in blog context
* L10N: New language manager with zip files support
* Plugin: Import/Export plugin version 2.0 with import from Dotclear 1.2 and WordPress
* Plugin: Pages enhancements (preview, sorting)
* Plugin: support for jamendo and deezer in External Media
* JSMin on JavaScript files instead of JS packing
* SQLite 3 only support (PDO based)
* Many bug fixes and major performances improvements

Dotclear 2.0 RC2 - 2008-06-21
===========================================================
* FairTrackback spam filter
* Language pack infrastructure
* Bug fix on comment search with author "0"
* Javascript fixes
* dcAuth::sessionExists and dcAuth::checkSession new methods
* Right management in dcAuth::sudo
* Media File sorting options in media manager
* CandyUpload, new uploader tool based on SWFUpload
* New search engine robots options
* New image options
* L10N: Japanese and Portugues (Brazil) language packs
* Many bug fixes and enhancements

Dotclear 2.0 RC1 - 2008-05-01
===========================================================
* New: Pages plugin
* New: Theme editor plugin
* Entries: Text and WYSIWYG enhancements
* Entries: Markup validator
* Entries: Insertion of links to other entries from toolbar
* Entries: External media insertion (dailymotion, youtube, google video)
* Tags: Same list for new and existing entries
* Tags: Tags can be removed on all associated entries
* Tags: Tags can be removed on a post selection
* Admin: Ask password for user management tasks, theme upload and plugin upload
* Admin: New contextual help viewer
* Media manager: Recreate thumbnails option
* Media manager: Custom medium thumbnail size (per blog)
* Media manager: Zip files extract support
* Media manager: Zip file download of directory
* Media manager: File exclusion pattern option
* Themes and plugins: Zip as new package format
* Themes and plugins: Upload
* Themes and plugins: Upgrade within administration interface
* Themes and plugins: Deletion
* Public: New default theme: Blowup (fully customizable)
* Public: Changed the way commenter cookie is handled
* Themes: Template files moved to tpl/ directory
* L10N: Polish, Catalan and Spanish translations
* Misc: jQuery upgraded to 1.2.3
* Misc: Crushed png files
* Fixed many bugs

Dotclear 2.0 beta 7 - 2007-07-12
===========================================================
* New way to display comments and trackbacks on entries in backend
* Dashboard visual improvements
* Default cache dir created by installation process
* Option to limit posts and comments in feeds
* Introduced UDBS for installation and upgrade
* Changed handling of XML-RPC URLs
* New option to force HTTPS redirect if wanted
* Enforced cookies security (directory and ssl support)
* Added Plugin auto-install and auto-upgrade support
* Added trackbacks ttl and moderation preferences
* Added an Internal search engine
* FLV support in backend with Neolao player
* Added nice messages if database is broken or Dotclear not installed
* upgrade jQuery to 1.1.3
* Fixed many bugs
* Fixed security issues in backend

Dotclear 2.0 beta 6 - 2007-02-19
===========================================================
* New antispam plugin, with a set of filters (rbl, ipblacklist, spamwords, akismet)
* New admin dashboard page
* Fixed unwanted logout bug
* Added settings to disable template caching and allow PHP code
* Blog preferences panel bug fix
* New XML-RPC Client and Server
* Comment posting permissions bug fix

Dotclear 2.0 beta 5.4 - 2007-01-19
===========================================================
* Minor change on spam display in comments.php
* Command line upgrade script and fix in load_plugin_file.php
* Make akismet configurable only by superadmin with DC_AKISMET_SUPER
* SQL optimisations
* New comments view in post

Dotclear 2.0 beta 5.2 - 2007-01-11
===========================================================
* Fixed a bug with imageMeta::getMeta
* Enhanced dynamic file uploader
* Move clearbricks files to their own repository
* Fixed a bug with auto_br in wikiSimpleComment
* Support for language restriction in feeds
* Default theme structure changes
* Fixed a PHP 5.0 compatibility issue
* Installation Wizard

Dotclear 2.0 beta 4 - 2006-12-26
===========================================================
* Performances enhancements.
* Administration UI enhancements.
* More user-friendly Widgets (version 1.5).
* Switch to jQuery <http://jquery.com>.
* Added jQuery in default theme.
* Major changes in HTTP client and Feed Parser based on a
  generic socket handler.
* PHP 5.2 compatibility.
* Code documentation (all core and most of clearbricks).
* Many bug fixes.

Dotclear 2.0 beta 3 - 2006-11-05
===========================================================
* Disallow special wrappers for fopen like functions.
* XML/RPC improvements.
* Read IPTC and EXIF metadata in uploaded pictures.
* MySQL 4.1 support only.
* Metadata import from Dotclear 1.2.x.
* Akismet plugin.
* Pings plugin.
* Added a priority setting for plugins.
* Many bug fixes.

Dotclear 2.0 beta 2 - 2006-08-09
===========================================================
* DC_PLUGIN_ROOT can handle more than one path.
* OPML/XBEL import in blogroll plugin.
* Fixed a security issue in html::absoluteURLs().
* Fixed issues with timezone on scheduled entries.
* Multiple categories selection in tpl:Entries.
* Improved dbLayer.
* Changed category feed URL.
* Feeds for tags (entries and comments).
* Added attachments count on backend and frontend.
* New settings code design. Can now handle wide system settings.
* Memory usage improvements with autoloader.
* Some code cleanup.
* Feed parser improvements.
* Themes can be configured if needed.
* XMP support on JPEG files.
* Media manager improvements.
* Spamplemousse now uses DNSBL (and the guy who left the bug was fired).
* Javascript editor and toolbar improvements.
* RDS support (XML/RPC API discovery).
* Added a theme with user stylesheet.
* Plugins manager