1
2
3
4
5
6
7
8
9
10
|
version=pmwiki-2.2.68 ordered=1 urlencoded=1
author=Petko
charset=UTF-8
csum=
name=PmWiki.ReleaseNotes
rev=557
targets=PmWiki.Upgrades,PmWiki.ChangeLog,PmWiki.RoadMap,PmWiki.PageDirectives,PmWiki.PageHistory,PmWiki.Uploads,PmWiki.Passwords,PmWiki.SiteAnalyzer,PmWiki.WikiTrails,Site.Site,SiteAdmin.SiteAdmin,PITS.00961,Site.PageActions,Site.EditForm,Site.PageNotFound,PmWiki.PageLists,PmWiki.Drafts,PmWiki.Blocklist,SiteAdmin.AuthList,Cookbook.Cookbook,Cookbook.DebuggingForCookbookAuthors,PmWiki.SkinTemplates,PmWiki.AuthUser,Site.AuthUser,Cookbook.Flash,PITS.00573,PmWiki.WikiFarms,PmWiki.MailPosts,PmWiki.Notify,PmWiki.LocalCustomizations,Site.PageListTemplates,Site.SideBar,PmWiki.PageVariables,PmWiki.WebFeeds,PmWiki.InterMap,PITS.00563,PmWiki.WikiStyles,PITS.00560,Cookbook.SharedPages,PITS.00459,PITS.00590,PmWiki.ConditionalMarkup,PITS.00566,PITS.00588,PmWiki.Subversion,PmWiki.ReleaseNotesArchive
text=(:title Release Notes:)(:Summary: Notes about new versions, important for upgrades:)%0aSee also: [[Upgrades]], [[Change log]] and [[(PmWiki:)Road map]].%0a%0a!! Version 2.2.69 (2014-10-13) [[#v2269]]%0aThis version fixes a bug when dates are defined as relative to other dates, eg. "2014-10-13 -3 days". The documentation was updated.%0a%0a!! Version 2.2.68 (2014-09-01) [[#v2268]]%0aThis version adds a Skins: InterMap prefix pointing to the Skins section on PmWiki.org, a "signature" markup in the edit quick reference, new WikiStyles clear, min-width and max-width and the documentation was updated.%0a%0a!! Version 2.2.67 (2014-08-02) [[#v2267]]%0aThis version fixes an inconsistency with input forms when values are taken from PageTextVariables. The documentation was updated to the latest state on pmwiki.org.%0a%0a!! Version 2.2.66 (2014-07-02) [[#v2266]]%0aThis version fixes a minor longstanding bug in the default Notification format when a page is deleted. In custom patterns, the "_" character will no longer be considered a function name. The documentation was updated.%0a%0a!! Version 2.2.65 (2014-06-07)%0aThis version fixes Pagelist handling of [@{$$PseudoVars}@] when they contain page variables. File permissions handling was improved when the current directory is owned by "root". The documentation was updated.%0a%0a!! Version 2.2.64 (2014-05-08)%0aThis version adds the [="{(mod)}"=] markup expression for modulo/remainder calculations, and the "tel:" and "geo:" URI schemes which, on compatible devices like smartphones, allow the creation of links to dial telephone numbers and open map/location applications. %0a%0aThe $SysMergePassthru switch was added, if enabled, it allows the "Simultaneous Edits" conflict resolution to use the passthru() function instead of popen().%0a%0aThe documentation was updated.%0a%0a!! Version 2.2.63 (2014-04-05) [[#rel2.2.63]]%0aThis version allows for form elements to have custom attributes containing a dash in the attribute names and enables the attributes 'required', 'placeholder' and 'autocomplete' for HTML5 forms. A minor bug with pagelist [={$$RequestVariables}=] appearing on some installations was fixed. The documentation was updated.%0a%0a!! Version 2.2.62 (2014-02-28) [[#rel2.2.62]]%0aThis version adds the variable $EnableTableAutoValignTop which allows to make advanced tables compatible with HTML5. For developers, a fourth argument $template was added to the Markup_e() function, and a callback template 'return' was added. The documentation was updated.%0a%0a!! Version 2.2.61 (2014-01-31) [[#rel2.2.61]]%0aThis version removes unnecessary snippets of code and adds the variable $TableCellAlignFmt which allows to make simple tables compatible with HTML5. The documentation was updated.%0a%0a!! Version 2.2.60 (2014-01-12) [[#rel2.2.60]]%0aThis version reverts the changes to the pmwiki.css file made in 2.2.59. %0a%0a!! Version 2.2.59 (2014-01-11) [[#rel2.2.59]]%0aThis version has an improvement for Blocklist when multiple text fields are posted. A bug with some nested markup conditionals was fixed. The default skin switched font sizes from points (fixed) to percents (relative). A couple of other minor bugs were fixed and the documentation was updated.%0a%0a!! Version 2.2.58 (2013-12-25)%0aThis version enables customization of [=(:input auth_form:)=], and fixes a couple of minor bugs. The documentation was updated.%0a%0a!! Version 2.2.57 (2013-11-03)%0aThis version enables the use of the Attach: link format in the [[PmWiki/PageDirectives#attachlist|[=(:attachlist:)=]]] directive. The documentation was updated.%0a%0a!! Version 2.2.56 (2013-09-30)%0aThis version aims to fix a PHP 5.5 compatibility issue with a deprecated feature of the preg_replace() function. The PageStore() class now detects and works around a bug with the iconv() function, and the documentation was updated.%0a%0a!! Version 2.2.55 (2013-09-16)%0aThis version adds the variable $EnableDraftAtomicDiff. If enabled, publishing from a draft version will clear the history of intermediate draft edits, and the published version will contain a single combined diff from the previous published version. The documentation was updated.%0a%0a!! Version 2.2.54 (2013-08-13)%0aThis version fixes a bug when old versions are restored from draft pages. The documentation was updated.%0a%0a!! Version 2.2.53 (2013-07-08)%0aThis version enables a message to be shown when a post is blocked because of too many unapproved links. The documentation was updated.%0a%0a!! Version 2.2.52 (2013-06-08)%0aThis version hides warnings about a deprecated feature in PHP 5.5 installations (preg_replace with /e eval flag). Three new upload extensions were added: docx, pptx and xlsx produced by recent versions of some office suites. The documentation was updated.%0a%0a!! Version 2.2.51 (2013-05-08)%0aThis version updates the addresses for the remote blocklists. A minor XSS vulnerability for open wikis, which was discovered today, was fixed. The documentation was updated.%0a%0a!! Version 2.2.50 (2013-04-08)%0aThis release only updates the documentation to the latest state on pmwiki.org.%0a%0a!! Version 2.2.49 (2013-03-09)%0aThis version adds an array $UploadBlacklist containing forbidden strings of an uploaded filename (case insensitive). Some Apache installations try to execute a file which has ".php", ".pl" or ".cgi" anywhere in the filename, for example, "test.php.txt" may be executed. To disallow such files to be uploaded via the PmWiki interface, add to config.php such a line:%0a%0a $UploadBlacklist = array('.php', '.pl', '.cgi', '.py', '.shtm', '.phtm', '.pcgi', '.asp', '.jsp', '.sh');%0a%0aThe documentation was updated.%0a%0a!! Version 2.2.48 (2013-02-11)%0aThis version fixes a bug introduced yesterday with some links. %0a%0a!! Version 2.2.47 (2013-02-10)%0aThis version enables tooltip titles in links to anchors in the same page, and the documentation was updated.%0a%0a!! Version 2.2.46 (2013-01-07)%0aThis version adds $UploadPermAdd and $UploadPermSet variables, and the documentation was updated.%0a%0aIf your wiki has uploads enabled, it is recommended to set the variable $UploadPermAdd to 0. %0a%0aThe $UploadPermAdd variable sets additional unix permissions applied to newly uploaded files, and should be 0 (recommended as of 2013). If uploaded files cannot be downloaded and displayed on the website, for example with the error 403 Forbidden, set this value to 0444 (core setting, default since 2004). %0a $UploadPermAdd = 0; # recommended%0a%0aThe $UploadPermSet variable unconditionally sets the file permissions on newly uploaded files. Only advanced administrators should use it.%0a%0a%0a!! Version 2.2.45 (2012-12-02)%0aThis version fixes some PHP notices appearing on some installations. The documentation was updated.%0a%0a!! Version 2.2.44 (2012-10-21)%0aThis version improves the display of consecutive whitespaces in page histories, and fixes the definition of PageTextVariables containing a dash. The documentation was updated.%0a%0a%0a!! Version 2.2.43 (2012-09-20)%0aThis version makes it possible to use HTML attribute names that contain dashes, and removes a warning when editing and previewing Site.EditForm. The documentation was updated.%0a%0a!! Version 2.2.42 (2012-08-20)%0aThis version provides a workaround for cases when a wiki page contains a character nonexistent in the active encoding. The documentation was updated.%0a%0a!! Version 2.2.41 (2012-08-12)%0aThis version changes the internal $KeepToken separator to be compatible with more encodings. The documentation was updated.%0a%0a!! Version 2.2.40 (2012-07-21)%0aThis version provides a helper function replacing htmlspecialchars() and compatible with PHP 5.4. The documentation was updated.%0a%0a!! Version 2.2.39 (2012-06-25)%0aThis version provides a fix for links to attachments containing international characters. The documentation was updated.%0a%0a!! Version 2.2.38 (2012-05-21)%0aThis version fixes a "parameter count" warning which appeared on some websites.%0a%0a!! Version 2.2.37 (2012-05-01)%0aThis version provides a workaround for installations with broken iconv() function, while optimizing the recode function. This should fix the "Unable to retrieve edit form" problem in some wikis. Dots in [[#anchor_1.2]] sections are now better supported, PageVariables are expanded in PageList template defaults, and the documentation is updated.%0a%0a!! Version 2.2.36 (2011-12-28)%0aThis version fixes the recode function to try to recover Windows-1252 characters in ISO-8859-1 files. A new variable $EnableOldCharset enables the $page["=oldcharset"] entry which will be used in the future. A couple of minor bugs were fixed and the documentation was updated.%0a%0a!! [[#v2235]] Version 2.2.35 (2011-11-11)%0aThis release fixes a critical PHP injection vulnerability, reported today by Egidio Romano. PmWiki versions 2.2.X, 2.1.X, 2.0.X and 2.0.beta33 and newer are vulnerable. When you upgrade, please read carefully the Release notes for all PmWiki versions since yours.%0a%0aIf you cannot upgrade, it is recommended to disable Searches at the earliest opportunity (even if your wiki skin doesn't have a search form). Add to config.php such a line:%0a if ($action == 'search') $action = 'browse';%0a%0aIf your old version wiki allows editing by not entirely trusted visitors, even on limited pages like a WikiSandbox, you should also disable PageLists. Add to config.php this line:%0a $EnablePageList = 0;%0a%0aThis version has an important change for international wikis: the XLPage() function no longer loads encoding scripts such as xlpage-utf-8.php. When you upgrade, you need to include those scripts from config.php, before calling XLPage():%0a%0a include_once("scripts/xlpage-utf-8.php"); # if your wiki uses UTF-8%0a XLPage('bg','PmWikiBg.XLPage');%0a%0aAll links can now have tooltip titles. Previously, only images and external links could have tooltip titles, now this feature is enabled for internal links. To set a tooltip title, add it in quotes after the link address:%0a[@%0a [[Main.HomePage"This is a tooltip title"]]%0a [[Main.HomePage"This is a tooltip title"|Home]]%0a [[http://www.pmwiki.org"Home of PmWiki"]]%0a Attach:image.jpg"Tooltip title of the image"%0a@]%0a%0aThe following new upload extensions were added: svg, xcf, ogg, flac, ogv, mp4, webm, odg, epub. A couple of minor optimizations were added (MarkupExpressions and rendering of page history) and the documentation was updated.%0a%0a!! Version 2.2.34 (2011-10-10)%0aThis version resets the timestamps of the default pages Site(Admin).AuthUser which are expected in case of upgrades from the versions 2.1.*. Core MarkupExpressions which manipulate strings should now work better with international characters. The documentation was updated to its latest state from pmwiki.org.%0a%0a!! Version 2.2.33 (2011-09-23)%0aThis version fixes a security bug introduced in 2.2.32 which left the groups Site and SiteAdmin open for reading and editing because the pages Site.GroupAttributes and SiteAdmin.GroupAttributes didn't have all necessary attributes. %0a%0aAll wikis running 2.2.32 should upgrade. If you cannot immediately upgrade, you can set the attributes from your wiki:%0a* open the attributes page [=[[SiteAdmin.GroupAttributes?action=attr]]=] and set a "read" and an "edit" password, @@ @lock @@ is recommended.%0a* open the attributes page [=[[Site.GroupAttributes?action=attr]]=] and set an "edit" password, @@ @lock @@ is recommended. Do not set a "read" password here.%0a%0aThe release also fixes the refcount.php script to produce valid HTML, and updates intermap.txt entries PITS: and Wikipedia: to point to their current locations.%0a%0a!! Version 2.2.32 (2011-09-18)%0aThis is the first version shipping with the core documentation in the UTF-8 encoding. PmWiki will automatically convert it on the fly for wikis using an older encoding.%0a%0aIt is recommended that all '''new''' PmWiki installations enable UTF-8. Migration of ''existing'' wikis from an older encoding to UTF-8 shouldn't be rushed: it is not trivial and will be documented in the future.%0a%0aA required HTML xmlns attribute was added to the print skin template. The history rendering is now faster when many lines are added or removed.%0a%0a%25note%25 Note: Due to a manipulation error, a version 2.2.31 was created before it was ready for a release.%0a%0a!! Version 2.2.30 (2011-08-13)%0aThis version fixes a $Charset definition in international iso-8859-*.php files. This will help for a future transition to UTF-8. %0a%0aA variable $EnableRangeMatchUTF8 was added, set it to 1 to enable range matches of pagenames in UTF-8 like [A-D]. Previously the range matches were always enabled in UTF-8, but we found out that on some installations this feature breaks all pagelists, even those without range matches. In case the feature worked for you, you can re-enable it.%0a%0a!! Version 2.2.29 (2011-07-24)%0aThis release fixes Attach links that were broken with the Path fix in 2.2.28 earlier today.%0a%0a!! Version 2.2.28 (2011-07-24)%0aThis release fixes 2 potential XSS vulnerabilities and a bug with Path: links.%0a%0a!! Version 2.2.27 (2011-06-19)%0aThis release fixes a validation bug on pages after a redirection. A new block WikiStyle [@%25justify%25@] was added, allowing left and right aligned text. The page history now accepts a URL parameter @@?nodiff=1@@ which hides the rendering of edit differences, showing only timestamps, authors, summaries and "Restore" links; it allows to restore a vandalized page with a huge contents or history which otherwise would break the memory or time limits of the server.%0a%0a!! Version 2.2.26 (2011-05-21)%0aThis release fixes a redundant removal of link hashes from WikiTrails, and updates the documentation to the most recent version from PmWiki.org.%0a%0a!! Version 2.2.25 (2011-03-22)%0aThis release only updates the documentation to the latest state on pmwiki.org.%0a%0a!! Version 2.2.24 (2011-02-15)%0aThis version reverts the way existing PageVariables are processed, like version 2.2.21 or earlier, but it adds a special variable $authpage which can be used in PageVar definitions. It is the same as the $page array, but exists only if the visitor has read permissions. For example, an administrator can set to config.php:%0a%0a $FmtPV['$LastModifiedSummary'] = '@$authpage["csum"]'; # instead of '@$page["csum"]'%0a%0aThen, the edit summary metadata will only be available if the user has read permissions.%0a%0a!! Version 2.2.23 (2011-01-25)%0aThis version sets the default value of $EnablePageVarAuth to 0 until we investigate a reported problem with authentication.%0a%0a!! Version 2.2.22 (2011-01-16)%0aThis version adds the variable $EnableXLPageScriptLoad which, if set to 0, will prevent authors to load scripts from XLPage and to accidentally change the encoding of the wiki. If you use it, make sure you include the required files, eg. xlpage-utf-8.php from local config files.%0a%0aPageVariables should now respect authentications: without read permissions, the title, description, change summary, author of a protected page are unavailable. PageVariables that are computed without reading the page are still available (eg. $Group, $Namespaced, $Version etc.). Administrators can revert the previous behavior by adding to config.php such a line:%0a%0a@@ $EnablePageVarAuth = 0; @@%0a%0a!! Version 2.2.21 (2010-12-14)%0aDue to a mis-configuration of a local svn repository, some of the changes intended for 2.2.20 didn't make it in the correct branch. This release corrects this.%0a%0a!! Version 2.2.20 (2010-12-14)%0aThis version fixes a potential XSS vulnerability, reported today. An AuthUser bug with excluding users from authgroups was fixed. A new InterMap prefix PmL10n: was added, it leads to the Localization section on PmWiki.org and should help the work of translators. A couple of other minor bugs were fixed and the documentation was updated.%0a%0a!! Version 2.2.19 (2010-11-10)%0aThis is a documentation-update release.%0a%0a!! Version 2.2.18 (2010-09-04)%0aThis version fixes 3 minor bugs, and updates the documentation.%0a%0a!! Version 2.2.17 (2010-06-20)%0aThis version adds a variable $PostConfig containing functions and scripts to be loaded after stdconfig.php. Tabindex was added as a valid form field attribute. Protected downloads now respect existing browser caches. AuthUser now allows more flexible cookbook recipe integration. A couple of bugs were fixed and the documentation was updated.%0a%0a!! Version 2.2.16 (2010-05-10)%0aThis version fixes a bug with parsing html attributes which could allow XSS injection. Wikis allowing unprotected editing are encouraged to upgrade.%0a%0aA bug with the "center" button of the GUI edit toolbar was corrected.%0a%0aThe "exists" conditional now accepts wildcards, for example:%0a [@(:if exists Main.*:)There are pages in the Main group (:if:)@]%0a%0aThe documentation was updated.%0a%0a!! Version 2.2.15 (2010-03-27)%0aThis version adds some minor bugfixes and optimizations notably a bug with @@[=(:template none:)=]@@ introduced in the last version 2.2.14.%0a%0a!! Version 2.2.14 (2010-02-27)%0aThis release corrects inline styles for WikiTrail links. Undefined include/template @@ [={$$variables}=] @@ are now removed from the included section, like Page(Text)Variables, and can be used in conditional expressions. If needed, this change can be reverted by adding to config.php such a line:%0a%0a[@%0a $EnableUndefinedTemplateVars = 1; # keep and display unset {$$variables}%0a@]%0a%0aPageList templates now accept the sections @@ !first @@ and @@ !last @@ for markup to appear for every page in list ''except'' the first or last one.%0a%0a"Title" attributes were added to external links. You can have tooltip titles on external links, including InterMap and attachments, by adding the link title in double quotes after the URL:%0a [=[[http://www.pmwiki.org"Home of PmWiki"| External link]]=]%0a%0aFor international wikis, PmWiki now automatically translates the titles of technical pages like GroupAttributes or RecentChanges -- just define these strings as usual in XLPage, for example, in French:%0a 'AllRecentChanges' => 'Tous les changements récents',%0a%0aSome minor optimizations were done and the documentation was updated.%0a%0a!! Version 2.2.13 (2010-02-21)%0aThis release fixes a bug with $DiffKeepNum introduced in 2.2.10 -- the count of revisions was incorrect and a page could drop more revisions than it should.%0a%0aThe [[page history]] layout was modified with a rough consensus in the community. The history now defaults to "source" view with word-level highlighting of the differences. Authors can see the changes in rendered output by clicking on the link "Show changes to output". Admins can switch back the default by adding such a line to config.php:%0a%0a $DiffShow['source'] = (@$_REQUEST['source']=='y')?'y':'n';%0a%0aTo disable word-level highlighting and show plain text changes:%0a%0a $EnableDiffInline = 0;%0a%0aIn the page history rendering, a few minor bugs were fixed and the code was slightly optimized.%0a%0aThe documentation was updated.%0a%0a!! Version 2.2.12 (2010-02-17)%0aThis release adds simple word-level highlighting of differences in the page history, when "Show changes to markup" is selected. To enable the feature, add to config.php such a line:%0a $EnableDiffInline = 1;%0a%0aThis feature is like what the InlineDiff recipe provides, but not exactly the same, and the implementation is simpler. It is enabled on PmWiki.org and can be improved -- your comments are welcome.%0a%0a!! Version 2.2.11 (2010-02-14)%0aThis release adds two new table directives for header cells, [=(:head:) and (:headnr:)=]. They work the same way as [=(:cell:) and (:cellnr:)=] except that create %3cth> instead of %3ctd> html tags.%0a%0aThe pagerev.php script was refactored into separate functions to allow easier integration of recipes displaying the page history.%0a%0aA couple of minor bugs were fixed and the documentation was updated.%0a%0a!! Version 2.2.9, 2.2.10 (2010-01-17)%0aMost important in this release is the official change of $EnableRelativePageVars to 1. The change is about how [={$Variable}=] in included pages is understood by PmWiki.%0a* When $EnableRelativePageVars is set to 0, [={$Name}=] displays the name of the currently browsed page. Even if [={$Name}=] is in an included page, it will display the name of the browsed page.%0a* When $EnableRelativePageVars is set to 1, [={$Name}=] displays the name of the physical page where it written. If [={$Name}=] is in an included page, it will display the name of the included page.%0a* [={*$Name}=] always displays the name of the currently browsed page, regardless of $EnableRelativePageVars.%0a%0aSo, if your wiki relies on page variables from included pages, and doesn't have $EnableRelativePageVars set to 1, after upgrading to 2.2.9, you can revert to the previous behavior by adding to config.php such a line:%0a $EnableRelativePageVars = 0;%0a%0aMore information about page variables can be found at:%0a http://www.pmwiki.org/wiki/PmWiki/PageVariables%0a%0aThis release adds a new variable $EnablePageTitlePriority which defines how to treat multiple [=(:title..:)=] directives. If set to 1, the first title directive will be used, and if a page defines a title, directives from included pages cannot override it. PmWiki default is 0, for years, the last title directive was used (it could come from an included page or GroupFooter).%0a%0aThis release also adds a new variable $DiffKeepNum, specifying the minimum number (default 20) of edits that will be kept even if some of them are older than the limit of $DiffKeepDays.%0a%0aA number of bugs were fixed and the documentation was updated.%0a%0a!! Version 2.2.8 (2009-12-07)%0aThis release fixes another PHP 5.3 compatibility issue with conditional markup. The Author field now handles apostrophes correctly. The documentation was updated.%0a%0a!! Version 2.2.7 (2009-11-08)%0aThis release fixes most PHP 5.3 compatibility issues. Unfortunately some specific builds for Windows may still have problems, which are unrelated to PmWiki. Notably, on Windows, all passwords need to be 4 characters or longer.%0a%0aUpload names with spaces are now correctly quoted. The documentation was updated.%0a%0a!! Version 2.2.6 (2009-10-04)%0aWith this release it is now possible to display recently uploaded files to the RecentChanges pages -- if you have been using the RecentUploadsLog recipe, please uninstall it and follow the instructions at http://www.pmwiki.org/wiki/Cookbook/RecentUploadsLog.%0a%0aThe release also introduces $MakeUploadNamePatterns to allow custom filename normalization for attachements. It is now possible to replace $PageListFilters and $FPLTemplateFunctions with custom functions. Notify should now work in safe_mode. Some bugs were fixed, among which one with conditional markup with dates. The documentation was updated.%0a%0a!! Version 2.2.5 (2009-08-25)%0aThis release adds a new markup for Pagelist templates, [@(:template none:)@] which allows a message to be set when the search found no pages. The FPLTemplate() function was broken into configurable sub-parts to allow development hooks. A number of bugs were fixed, and the documentation was updated.%0a%0a!! Version 2.2.4 (2009-07-16)%0aThis release fixes a bug introduced earlier today with HTML entities in XLPages.%0a%0a!! Version 2.2.3 (2009-07-16)%0aThis release fixes six potential XSS vulnerabilities, reported by Michael Engelke. The vulnerabilities may affect wikis open for editing and may allow the injection of external JavaScripts in their pages. Public open wikis should upgrade.%0a%0aA new variable $EnableUploadGroupAuth was added; if set to 1, it allows password-protected [[uploads]] to be checked against the Group password. %0a%0aIt is now possible to use @@ @_site_edit, @_site_read, @_site_admin@@ or @@ @_site_upload @@ global [[passwords]] in GroupAttributes pages.%0a%0aA number of other small bugs were fixed, and the documentation was updated.%0a%0a!! Version 2.2.2 (2009-06-21)%0aThe major news in this release is a fix of an AuthUser vulnerability.%0a%0aThe vulnerability affects only wikis that (1) rely on the AuthUser core module %0afor User:Password authentication, -AND- (2) where the PHP installation runs %0awith the variable "magic_quotes_gpc" disabled.%0a%0aAll PmWiki 2.1.x versions from pmwiki-2.1.beta6 on, all 2.2.betaX, 2.2.0, and %0a2.2.1 are affected.%0a%0aThe PmWiki [[SiteAnalyzer]] can detect if your wiki needs to upgrade:%0a http://www.pmwiki.org/wiki/PmWiki/SiteAnalyzer%0a%0aIf your wiki is vulnerable, you should do one of the following at the earliest %0aopportunity:%0a%0a* Upgrade to a version of PmWiki at least 2.2.2 or greater.%0a* Turn on magic_quotes_gpc in the php.ini file or in a .htaccess file.%0a%0aAlternatively, you can temporarily disable AuthUser until you upgrade.%0a%0aNote that even if your wiki does not have the AuthUser vulnerability at the %0amoment, you are strongly encouraged to upgrade to PmWiki version 2.2.2 or %0alater, as some future configuration of your hosting server might put you at %0arisk.%0a%0aThis release also comes with minor updates in the local documentation; fixes %0awere applied for international wikis - notably global variables in %0axlpage-utf-8.php and a new variable $EnableNotifySubjectEncode, which allows %0ae-mail clients to correctly display the Subject header; and a number of other %0asmall bugs were fixed.%0a%0a!! Version 2.2.1 (2009-03-28)%0aThis release comes with an updated local documentation; [[wiki trails]] now work cross-group; guiedit.php now produces valid HTML, and other small bugs were fixed. We also added $EnableRedirectQuiet, which allows redirects to take place without any mention of "redirected from page ....".%0a%0a[[#v220]]%0a!! Version 2.2.0 (2009-01-18)%0a%0aThis is a summary of changes from 2.1.x to 2.2.0.%0a%0a* Several pages that were formerly in the [[Site]].* group are now in a separate [[SiteAdmin]].* group, which is read-restricted by default. The affected pages include Site.AuthUser, Site.AuthList, Site.NotifyList, Site.Blocklist, and Site.ApprovedUrls . If upgrading from an earlier version of PmWiki, PmWiki will prompt to automatically copy these pages to their new location if needed. If a site wishes to continue using the old Site.* group for these pages, simply set%0a%0a-> $SiteAdminGroup = $SiteGroup;%0a%0a-> when carrying out this upgrade inspect your config files for lines such as%0a--> $BlocklistDownload['Site.Blocklist-PmWiki'] = array('format' => 'pmwiki');%0a->as you may wish to fix then, eg%0a--> $BlocklistDownload[$SiteAdminGroup . '.Blocklist-PmWiki'] = array('format' => 'pmwiki');%0a%0a* Important Change in Passwords in PmWiki 2.2 indicating that the group can be edited even if a site password is set will be done by @@"@nopass"@@ prior it was done by @@"nopass"@@%0a-> When migrating a wiki you will have to manually modify the permission or by a script replace in all the page concerned @@passwdread=nopass:@@ by @@passwdread=@nopass@@ (see PITS:00961) --isidor%0a%0a* PmWiki now ships with WikiWords entirely disabled by default. To re-enable them, set either $LinkWikiWords or $EnableWikiWords to 1. To get the 2.1 behavior where WikiWords are spaced and parsed but don't form links, use the following:%0a-> $EnableWikiWords = 1;%0a-> $LinkWikiWords = 0;%0a%0a* It's now easy to disable the rule that causes lines with leading spaces to be treated as preformatted text -- simply set $EnableWSPre=0; to disable this rule.%0a%0a--> '''Important:''' There is ongoing discussion that the leading whitespace rule may be disabled ''by default'' in a future versions of PmWiki. If you want to make sure that the rule will continue to work in future upgrades, set $EnableWSPre=1; in ''local/config.php''.%0a%0a* The $ROSPatterns variable has changed somewhat -- replacement strings are no longer automatically passed through FmtPageName() prior to substitution (i.e., it must now be done explicitly).%0a%0a* Page variables and page links inside of [@(:include:)@] pages are now treated as relative to the included page, instead of the currently browsed page. In short, the idea is that links and page variables should be evaluated with respect to the page in which they are written, as opposed to the page in which they appear. This seems to be more in line with what authors expect. There are a number of important ramifications of this change:%0a%0a[[#relativeurls]]%0a** We now have a new [@{*$var}@] form of page variable, which always refers to "the currently displayed page". Pages such as Site.PageActions and Site.EditForm that are designed to work on "the currently browsed page" should generally switch to using [@{*$FullName}@] instead of [@{$FullName}@].%0a%0a** The $EnableRelativePageLinks and $EnableRelativePageVars settings control the treatment of links and page variables in included pages. However, to minimize disruption to existing sites, $EnableRelativePageVars defaults to '''disabled'''. This will give existing sites an opportunity to convert any absolute [@{$var}@] references to be [@{*$var}@] instead.%0a%0a** Eventually $EnableRelativePageVars will be enabled by default, so we highly recommend setting [@$EnableRelativePageVars = 1;@] in ''local/config.php'' to see how a site will react to the new interpretation. Administrators should especially check any customized versions of the following:%0a---> [[Site.PageActions]]%0a---> [[Site.EditForm]]%0a---> [[Site.PageNotFound]]%0a---> SideBar pages with ?action= links for the current page%0a---> $GroupHeaderFmt, $GroupFooterFmt%0a---> [[Page lists]] that refer to the current group or page, etc in sidebars, headers, and footers%0a%0a** The [@(:include:)@] directive now has a [@basepage=@] option whereby an author can explicitly specify the page upon which relative links and page variables should be based. If no basepage= option is specified, the included page is assumed to be the base.%0a%0a* Sites that want to retain the pre-2.2 behavior of [@(:include:)@] and other items can set [@$Transition['version'] = 2001900;@] to automatically retain the 2.1.x defaults.%0a%0a* Text inserted via [@(:include:)@] can contain "immediate substitutions" of the form [@{$$option}@] -- these are substituted with the value of any options provided to the include directive.%0a%0a* PmWiki now recognizes when it is being accessed via "https:" and switches its internal links appropriately. This can be overridden by explicitly setting $ScriptUrl and $PubDirUrl.%0a%0a* A new $EnableLinkPageRelative option allows PmWiki to generate relative urls for page links instead of absolute urls.%0a%0a* Draft handling capabilities have been greatly improved. When $EnableDrafts is set, then the "Save" button is relabeled to "Publish" and a "Save draft" button appears. In addition, an $EnablePublishAttr configuration variable adds a new "publish" authorization level to distinguish editing from publishing. See [[PmWiki:Drafts]] for more details.%0a%0a[[#ptvstart]]%0a* There is a new [@{$:var}@] "page text variable" available that is able to grab text excerpts out of markup content. For example, [@{SomePage$:Xyz}@] will be replaced by a definition of "Xyz" in SomePage. Page text variables can be defined using definition markup, a line beginning with the variable name and a colon, or a special directive form (that doesn't display anything on output):%0a%0a-->[@%0a:Xyz: some value # definition list form%0aXyz: some value # colon form%0a(:Xyz: some value:) # directive form%0a@]%0a[[#ptvend]]%0a%0a* The [@(:pagelist:)@] command can now filter pages based on the contents of page variables and/or page text variables. For example, the following directive displays only those pages that have an "Xyz" page text variable with "some value":%0a%0a-->[@(:pagelist $:Xyz="some value":)@]%0a%0a Wildcards also work here, thus the following pagelist command lists pages where the page's title starts with the letter "a":%0a%0a-->[@(:pagelist $Title=A* :)@]%0a%0a* The if= option to [@(:pagelist)@] can be used to filter pages based on conditional markup:%0a%0a-->[@(:pagelist if="auth upload {=$FullName}":)@] pages with upload permission%0a-->[@(:pagelist if="date today.. {=$Name}":)@] pages with names that are dates later than today%0a%0a* Spaces no longer separate wildcard patterns -- use commas. (Most people have been doing this already.)%0a%0a* Because page variables are now "relative", the [@{$PageCount}, {$GroupCount}, {$GroupPageCount}@] variables used in pagelist templates are now [@{$$PageCount}, {$$GroupCount}, {$$GroupPageCount}@].%0a%0a* One can now use [@{$$option}@] in a pagelist template to obtain the value of any 'option=' provided to the [@(:pagelist:)@] command.%0a%0a* The [@(:pagelist:)@] directive no longer accepts parameters from urls or forms by default. In order to have it accept such parameters (which was the default in 2.1 and earlier), add a [@request=1@] option to the [@(:pagelist:)@] directive.%0a%0a* The [@count=@] option to pagelists now accepts negative values to count from the end of the list. Thus [@count=5@] returns the the first five pages in the list, and [@count=-5@] returns the last five pages in the list. In addition, ranges of pages may be specified, as in [@count=10..19@] or [@count=-10..-5@].%0a%0a* Pagelist templates may have special [@(:template first ...:)@] and [@(:template last ...:)@] sections to specify output for the first or last page in the list or a group. There's also a [@(:template defaults ...:)@] to allow a template to specify default options.%0a%0a* PmWiki comes with an ability to cache the results of certain [@(:pagelist:)@] directives, to speed up processing on subsequent visits to the page. To enable this feature, set $PageListCacheDir to the name of a writable directory (e.g., ''work.d/'').%0a%0a* [[#elseifelse]]The [@(:if ...:)@] conditional markup now also understands [@(:elseif ...:)@] and [@(:else:)@]. In addition, markup can nest conditionals by placing digits after if/elseif/else, as in [@(:if1 ...)@], [@(:elseif1 ...:)@], [@(:else1:)@], etc.%0a%0a* The [@(:if date ...:)@] conditional markup can now perform date comparisons for dates other than the current date and time.%0a%0a* [[WikiTrails]] can now specify #anchor identifiers to use only sections of pages as a trail.%0a%0a* A new [@(:if ontrail ...:)@] condition allows testing if a page is listed on a trail.%0a%0a* The extensions .odt, .ods, and .odp (from OpenOffice.org) are now recognized as valid attachment types by default.%0a%0a* A new [[blocklist]] capability has been added to the core distribution. It allows blocking of posts based on IP address, phrase, or regular expression, and can also make use of publicly available standard blocklists. See [[PmWiki.Blocklist]] for details.%0a%0a* There is a new [[SiteAdmin.AuthList]] page that can display a summary of all password and permissions settings for pages on a site. This page is restricted to administrators by default.%0a%0a* There are new [@{$PasswdRead}@], [@{$PasswdEdit}@], etc. variables that display the current password settings for a page (assuming the browser has attr permissions or whatever permissions are set in $PasswdVarAuth).%0a%0a* Forms creation via the [@(:input:)@] markup has been internally refactored somewhat (and may still undergo some changes prior to 2.2.0 release). The new [@(:input select ...:)@] markup can be used to create select boxes, and [@(:input default ...:)@] can be used to set default control values, including for radio buttons and checkboxes.%0a%0a* The [@(:input textarea:)@] markup now can take values from other sources, including page text variables from other pages.%0a%0a* Specifying [@focus=1@] on an [@(:input:)@] control causes that control to receive the input focus when a page is loaded. If a page has multiple controls requesting the focus, then the first control with the lowest value of [@focus=@] "wins".%0a%0a* PmWiki now provides a ''scripts/creole.php'' module to enable Creole standard markup. To enable this, add [@include_once('scripts/creole.php')@] to a local customization file.%0a%0a* PmWiki adds a new [@{(...)}@] ''markup expression'' capability, which allows various simple string and data processing (e.g., formatting of dates and times). This is extensible so that recipe authors and system administrators can easily add custom expression operators.%0a%0a* It's now possible to configure PmWiki to automatically create Category pages whenever a page is saved with category links and the corresponding category doesn't already exist. Pages are created only if the author has appropriate write permissions into the group. To enable this behavior, add the following to ''local/config.php'':%0a%0a-->[@$AutoCreate['/^Category\\./'] = array('ctime' => $Now);@]%0a%0a* Sites with wikiwords enabled can now set $WikiWordCount['WikiWord'] to -1 to indicate that 'WikiWord' should not be spaced according to $SpaceWikiWords.%0a%0a* WikiWords that follow # or & are no longer treated as WikiWords.%0a%0a* Links to non-existent group home pages (e.g., [@[[Group.]]@] and [@[[Group/]]@]) will now go to the first valid entry of $PagePathFmt, instead of being hardcoded to "Group.Group". For example, to set PmWiki to default group home pages to [@$DefaultName@], use%0a%0a-->[@$PagePathFmt = array('{$Group}.$1', '$1.{$DefaultName}', '$1.$1');@]%0a%0a* PmWiki now provides a $CurrentTimeISO and $TimeISOFmt variables, for specifying dates in ISO format.%0a%0a* [[(Cookbook:)Cookbook]] authors can use the internal PmWiki function UpdatePage (temporarily documented at [[(Cookbook:)DebuggingForCookbookAuthors]]) to change page text while preserving history/diff information, updating page revision numbers, updating RecentChanges pages, sending email notifications, etc.%0a%0a* [[Skin templates]] are now required to have %3c!--HTMLHeader--> and %3c!--HTMLFooter--> directives. Setting $EnableSkinDiag causes PmWiki to return an error if this isn't the case for a loaded skin. Skins that explicitly do not want HTMLHeader or HTMLFooter sections can use %3c!--NoHTMLHeader--> and %3c!--NoHTMLFooter--> to suppress the warning.%0a%0a* Added a new "pre" wikistyle for preformatted text blocks.%0a%0a* The xlpage-utf-8.php script now understands how to space UTF-8 wikiwords. %0a%0a* Searches on utf-8 site are now case-insensitive for utf-8 characters.%0a%0a* Many Abort() calls now provide a link to pages on pmwiki.org that can explain the problem in more detail and provide troubleshooting assistance.%0a%0a* PmWiki no longer reports "?cannot acquire lockfile" if the visitor is simply browsing pages or performing other read-only actions.%0a%0a* The $EnableReadOnly configuration variable can be set to signal PmWiki that it is to run in "read-only" mode (e.g., for distribution on read-only media). Attempts to perform actions that write to the disk are either ignored or raise an error via Abort().%0a%0a* Including authuser.php no longer automatically calls ResolvePageName().%0a%0a* Authentication using Active Directory is now simplified. In Site.AuthUser or the $AuthUser variable, set "ldap://name.of.ad.server/" with no additional path information (see PmWiki.AuthUser for more details).%0a%0a* Pages are now saved with a "charset=" attribute to identify the character set in effect when the page was saved.%0a%0a* The phpdiff.php algorithm has been optimized to be smarter about finding smaller diffs.%0a%0a* Removed the (deprecated) "#wikileft h1" and "#wikileft h5" styles from the pmwiki default skin.%0a%0a* The mailposts.php and compat1x.php scripts have been removed from the distribution.%0a%0a!! Version 2.1.27 (2006-12-11)%0a%0aThis version backports from 2.2.0-beta a bugfix for $TableRowIndexMax and also support for the [@{*$Variable}@] markup.%0a%0a!! Version 2.1.26 (2006-09-11)%0a%0aThis version fixes a bug in feeds.php that would cause feed entries to be mixed up.%0a%0a!! Version 2.1.25 (2006-09-08)%0a%0aThis release fixes a bug in authuser.php introduced by the 2.1.24 release.%0a%0aThe skin template code has also been extended to allow [@%3c!--XMLHeader-->@] and [@%3c!--XMLFooter-->@] as aliases for [@%3c!--HTMLHeader-->@] and [@%3c!--HTMLFooter-->@].%0a%0a!! Version 2.1.24 (2006-09-06)%0a%0aThis release makes some improvements and fixes to the [[AuthUser]]%0acapability.%0a%0aA bug in authuser.php that had trouble dealing with non-array values in $AuthUser has been fixed.%0a%0aIt is now possible to specify group memberships from ''local/config.php'' (remember that such entries must come ''before'' including the ''authuser.php'' script):%0a%0a # alice and bob's passwords%0a $AuthUser['alice'] = crypt('alicepassword');%0a $AuthUser['bob'] = crypt('bobpassword');%0a%0a # members of the @writers and @admins groups%0a $AuthUser['@writers'] = array('alice', 'bob');%0a $AuthUser['@admins'] = array('alice', 'dave');%0a%0a # carol is a member of @editors and @writers%0a $AuthUser['carol'] = array('@editors', '@writers');%0a%0aAuthUser can now read from Apache-formatted .htgroup files. The location of the .htgroup file can be done either in ''local/config.php'' or [[Site.AuthUser]]%0a%0a # local/config.php:%0a $AuthUser['htgroup'] = '/path/to/.htgroup';%0a%0a # Site.AuthUser%0a htgroup: /path/to/.htgroup%0a%0a%0a!! Versions 2.1.21, 2.1.22, 2.1.23 (2006-09-05, 2006-09-06)%0a%0aThis release closes a potential security vulnerability for sites %0athat are running with 'register_globals' set to on. Details of%0athe vulnerability will be forthcoming on the mailing list%0aand site.%0a%0aSites that are running with PHP 'register_globals' and 'allow_url_fopen'%0aset to 'On' should upgrade to this release at the earliest%0aopportunity. If upgrading isn't an option, contact Pm for%0aa patch to older versions.%0a%0aThere is now a tool available to analyze PmWiki sites for security%0aand other configuration settings, see [[PmWiki:SiteAnalyzer]].%0a%0aVersion 2.1.23 also corrects a bug that prevented PmWiki from being%0aable to read pagefiles created by versions of PmWiki before 0.5.6.%0a%0a!! Version 2.1.20 (2006-09-04)%0a%0aMore minor bugfixes:%0a* Corrected a bug with WikiWord references appearing in the [@(:attachlist:)@] markup.%0a* Restore ability to remove/override PmWiki's default CSS settings.%0a%0a!! Version 2.1.19 (2006-08-30)%0a%0aThis release provides a number of very minor bugfixes and%0aenhancements:%0a%0a* Fixed a bug in the pageindex code that was causing it to not regenerate as quickly as it should.%0a* Fixed image/object/embed handling in wikistyles to better support the [[Cookbook:Flash]] recipe.%0a* Fixed a bug with wikistyles and input form tags.%0a%0aThe next release(s) may have a number of substantial code%0aenhancements and changes, so this release simply closes out%0aa few items before introducing those changes.%0a%0a%0a!! Version 2.1.18 (2006-08-28)%0a%0aThis release closes a potential cross-site scripting vulnerability%0athat could allow authors to inject Javascript code through the%0avarious table markups.%0a%0aThe release also adds a new [@(:input image:)@] markup to generate%0aimage input tags in forms.%0a%0aFinally, this release corrects a problem with [@?action=print@]%0afailing to properly set the [@{$Action}@] page variable.%0a%0a!! Version 2.1.17 (2006-08-26)%0a%0aThis release fixes a long-standing bug with $EnableIMSCaching%0a(PITS:00573), whereby login/logout operations wouldn't invalidate %0abrowser caches, causing some people to see versions of a page prior%0ato the login/logout taking place. %0a%0aThe new IMS caching code maintains a "imstime" cookie in the %0avisitor's browser that keeps track of the time of last login, %0alogout, author name change, or site modification. This cookie%0ais then used to determine the proper response to browser requests%0acontaining If-Modified-Since headers. (Previously only the%0atime of the last site modification was available.) %0a%0aBrowsers which do not accept cookies will effectively act as%0athough IMS caching is disabled.%0a%0a%0a!! Version 2.1.16 (2006-08-26) [[#v2116]]%0a%0aThis release makes some improvements to skin handling -- primarily%0athis improves the capability of relocating skin files to other%0alocations, and to provide the ability for recipes to insert items%0aat the ''end'' of HTML output.%0a%0aThis release introduces a [@%3c!--HTMLFooter-->@] directive into%0a[[skin templates]], which allows recipes and local%0acustomizations to insert output near the end of a document %0ausing a $HTMLFooterFmt array from PHP.%0a%0aAlso, the [@%3c!--HeaderText-->@] directive, which inserts the%0acontents of $HTMLHeaderFmt into the output, has now been%0arenamed to [@%3c!--HTMLHeader-->@]. PmWiki will continue to%0arecognize [@%3c!--HeaderText-->@] to preserve compatibility with%0aexisting skins, but [@%3c!--HTMLHeader-->@] is preferred.%0a%0aA new $SkinLibDirs array has been introduced which allows%0athe source locations and urls for skins to be specified from%0aa customization file. By default $SkinLibDirs is set as%0a%0a $SkinLibDirs = array("./pub/skins/\$Skin" => "$PubDirUrl/skins/\$Skin",%0a "$FarmD/pub/skins/\$Skin" => "$FarmPubDirUrl/skins/\$Skin");%0a%0aThe keys (on the left) indicate the places to look for a "skin .tmpl %0afile" in the filesystem, while the values (on the right) indicate the%0aurl location of the "skin css file". Modifying the value of %0a$SkinLibDirs allows a skin .tmpl file to be located anywhere on the %0afilesystem.%0a%0aAs far as I can see, none of the changes introduced by this%0arelease should have any sort of negative impact on existing%0asites, so it should be safe to upgrade. (If I'm wrong, please%0alet me know.)%0a%0a%0a!! Version 2.1.15 (2006-08-25)%0a%0aThis release includes a number of feature enhancements and code cleanups%0aas reported or requested by administrators.%0a%0aFirst, AuthUser's LDAP authentication system now allows the use of%0aa [@?filter@] parameter, consistent with urls used for mod_auth_ldap%0aauthorization in Apache. See the newly updated LDAP section of the%0a[[AuthUser]] documentation for more details.%0a%0aA chicken-and-egg problem with the [@@_site_*@] authorization groups%0ahas been resolved. It's now possible to have a page's read authorization%0arefer to things such as [@_site_edit@].%0a%0aAlso, the RetrieveAuthPage() function -- used for retrieving pages only%0aif the visitor is authorized to do so -- now recognizes a special%0alevel parameter of 'ALWAYS', which means to always authorize access%0aregardless of the browser or visitors current permissions. This%0amay be useful for allowing certain operations to take place from%0awithin trusted scripts without having to grant full authorization%0ato the browser.%0a%0aHardcoded instances of the ''local/'' directory now use a%0acustomizable $LocalDir variable. This variable controls where%0aPmWiki looks for ''local/config.php'' and per-group customization %0afiles. It may be useful for some [[Wiki Farm(s)]] contexts. Note that%0athis does not change or affect the location of %0a''$FarmD/local/farmconfig.php''.%0a%0aSome minor internal changes have been made to %0a''scripts/wikistyles.php'' to better accommodate the %0awikipublisher recipe. It's probably better if we don't try%0ato explain them. :-)%0a%0a%0a!! Version 2.1.13, 2.1.14 (2006-08-15, 2006-08-16)%0a%0aThis release fixes a bug in handling numeric passwords, and also%0aallows ldaps:// authentication sources.%0a%0a!! Version 2.1.12 (2006-08-07)%0a%0aThis version introduces the ability to nest divs and tables.%0aThe standard [@(:table:)@] and [@(:div:)@] markups are still%0aavailable, except that a [@(:div:)@] may contain a [@(:table:)@]%0aand vice-versa. %0a%0aAs in previous versions of PmWiki, the [@(:div:)@] markup%0aautomatically closes any previous [@(:div:)@]. However, there%0aare now [@(:div1:)@], [@(:div2:)@], etc. markups (and the%0acorresponding [@(:div1end:)@], [@(:div2end:)@], ...) which can be%0aused to uniquely distinguish divs for nesting purposes.%0a%0aTo restore PmWiki's previous "non-nested" div behavior, set%0a$Transition['nodivnest'] = 1; in a local customization file.%0a%0aOther changes in this release:%0a* Add a [@(:noaction:)@] directive to suppress display of page actions.%0a* Allow anchor tags to contain colons, hyphens, and dots.%0a* Add "white-space" as an allowed wikistyle.%0a* Other minor bug fixes and typographical corrections.%0a%0a%0a!! Version 2.1.11 (2006-06-09)%0a%0aThis is a minor update that prevents [@%25define=%25@] wikistyles%0afrom generating empty paragraphs in the HTML output. Prior to%0athis release, markup lines containing only wikistyle definitions%0awould often generate empty paragraphs (%3cp>%3c/p>), this release%0achanges things so that a markup line beginning with [@%25define=@]%0aand containing only wikistyle definitions will not initiate%0aa new paragraph.%0a%0a%0a!! Version 2.1.10 (2006-06-03)%0a%0aVersion 2.1.4 introduced an [@{$Action}@] page variable that would%0acontain the current [@?action=@] value. Unfortunately, this page%0avariable conflicted with a pre-existing [@$Action@] global variable%0athat was being used by skins to display a human-friendly form of%0athe current action. Since there's not really a clean way to resolve%0athis, I've decided to keep [@{$Action}@] as a page variable%0awith the current action value (as introduced in 2.1.4), and change %0athe global for skins to be $ActionTitle. This will require updating%0askins to use $ActionTitle instead of $Action. I apologize for the%0aconflict.%0a%0aThis release adds a Site.LocalTemplates page for the [@fmt=#xyz@]%0aoption in pagelist and search results. The list of pages to be%0asearched can be customized via the $FPLTemplatePageFmt variable.%0aThe [@fmt=#xyz@] option will now also search the current page for%0aa matching template before searching Site.LocalTemplates%0aand Site.PageListTemplates.%0a%0aThe 'pmwiki' skin now places a %3cspan> around the "Recent Changes"%0alink in the header to make it somewhat easier to style.%0a%0a!! Version 2.1.9 (2006-06-02)%0a%0aThis release fixes a long-standing and difficult-to-find bug with%0athe handling of [@[[~Author]]@] links.%0a%0a!! Version 2.1.8 (2006-06-01)%0a%0aThis release simply changes the $NotifyListFmt variable to be%0a$NotifyListPageFmt (more descriptive), and adds a $NotifyList%0aarray that can be used to specify notification entries from%0aa configuration file.%0a%0a!! Version 2.1.7 (2006-05-31)%0a%0aThis release introduces a variety of improvements and bugfixes.%0a%0a'''Vspace paragraphs are now divs:'''%0aVersion 2.1.7 changes the way that PmWiki handles vertical%0aspace in output (the infamous [@%3cp class='vspace>%3c/p>@] sequence).%0aInstead of using paragraphs, PmWiki now generates %0a[@%3cdiv class='vspace'>%3c/div>@] for vertical space sequences.%0aIn addition, PmWiki is able to collapse the vspace %3cdiv> with%0aany subsequent paragraph tags, such that a sequence like%0a%0a %3cdiv class='vspace>%3c/div>%3cp>...paragraph text...%3c/p>%0a%0ais automatically converted to%0a%0a %3cp class='vspace'>...paragraph text...%3c/p>%0a%0aThis allows for better control over paragraph spacing. It is%0aexpected that this change in vspace handling will not have%0aany detrimental effects on existing sites. Sites that have%0aset custom values for $HTMLVSpace will continue to use the%0acustom value. A site that wants to restore PmWiki's earlier%0ahandling of vspace can do so by adding the following to%0a''local/config.php'':%0a%0a $HTMLVSpace = "%3cp class='vspace'>%3c/p>";%0a%0a'''Improved email notifications of changes:''' Version 2.1.7%0aincorporates a ''notify.php'' script that provides improved%0acapabilities for sending email notifications in response to%0apage changes. This script is intended to replace the previous%0a[[(PmWiki:)MailPosts]] capability, which is now deprecated (but will%0acontinue to be supported in PmWiki 2.1.x). Details and %0ainstructions for using notify.php are in the [[PmWiki.Notify]] page.%0a%0a'''Added 'group home page' syntax:''' A group name followed%0aby only a dot or slash is automatically treated as a reference%0ato the group's home page, whatever it happens to be. This simplifies%0asome pagelist templates as well as a number of other items. %0aIn particular, group links in pagelist output now points to the%0acorrect locations (instead of being a page in the current group).%0a%0aSeveral bugs and vulnerabilities have been fixed:%0a* The default width of edit forms is now more appropriate for Internet Explorer.%0a* Authentication failure messages from LDAP are now suppressed.%0a* Some cross-site scripting vulnerabilities in uploads and page links have been corrected (courtesy Moritz Naumann, http://moritz-naumann.com).%0a* A problem with invalid pagenames resulting in redirect loops has been corrected.%0a%0a!! Version 2.1.6 (2006-05-22)%0a%0aThe primary improvement in this release is the addition of %0aa pagename argument to the [@(:if auth:)@] conditional markup.%0aThus one can display markup based on a visitor's authorization%0ato a page other than the current one. For example, to test%0afor edit privileges to `Main.WikiSandbox, one would use%0a[@(:if auth edit Main.WikiSandbox:)@]. As before, if the%0apagename is omitted the directive tests authorization to%0athe current page.%0a%0aThis release also restores the ability to have hyphens in%0aInterMap link names.%0a%0aLastly, the release closes a potential cross-site scripting%0avulnerability in the WikiTrail markup, and provides some small%0aperformance improvements.%0a%0a!! Version 2.1.4, 2.1.5 (2006-03-29)%0a%0aThis release fixes a few more bugs:%0a* Pagelist-based feeds using ?action=rss work again.%0a* Multi-term searches with special characters is fixed.%0a%0aThe release also adds a couple of items:%0a* There is now an [@{$Action}@] page variable.%0a* Usernames and passwords submitted to authuser.php can contain quotes.%0a* The [@(:attachlist:)@] command now uses a natural case sort.%0a%0a!! Version 2.1.3 (2006-03-17)%0a%0aThis release fixes a bug that prevents the [@lines=@] option from%0aworking on sites running PHP 5.1.1 or later. It also re-fixes%0aa bug involving empty passwords and LDAP authentication.%0a%0a!! Version 2.1.2 (2006-03-16)%0a%0aThis release fixes a bug with handling "nopass" passwords. It also%0amakes some speed improvements to large web feeds, and fixes a couple%0aof minor HTML tag mismatches.%0a%0a!! Version 2.1.1 (2006-03-13)%0a%0aThis release primarily fixes a bug with passwords containing%0amultiple authorization groups, and in the process slightly liberalized%0athe formatting of "@group" and "id:name" handling. This release also %0aadds a new mechanism for managing and displaying FAQ pages.%0a%0a!! Version 2.1.0 (2006-03-12)%0a%0aThis set of release notes is fairly lengthy, as it chronicles all of the changes since 2.0.13 (four months of development). A lot remains the same, but some changes warrant extra care when upgrading from a 2.0.x version to 2.1.0 (thus the major revision number change). As always, questions and issues can be mailed to the pmwiki-users mailing list.%0a%0aHere's the list:%0a%0a* WikiWords are now disabled by default. To enable them, set "$LinkWikiWords = 1;" in a [[local customization(s)]] file. As of 2.1.beta2, you can now leave WikiWords enabled but have links to non-existent pages display without decoration -- to do this, place the following lines in ''pub/css/local.css'':%0a%0a span.wikiword a.createlink { display:none; }%0a span.wikiword a.createlinktext %0a { border-bottom:none; text-decoration:none; color:inherit; }%0a%0a* The [@(:pagelist:)@] code has been substantially revised. Pagelist formatting can now be specified using markup, and several defaults are available from [[Site.PageListTemplates]]. Also, several built-in pagelist formatting functions (FPLSimple, FPLByGroup, FPLGroup) are now removed in favor of the template code. The FPLByGroup function can be restored by setting $Transition['fplbygroup']=1; . '''Remark:''' Check to see if your page [[Site.PageListTemplates]] is not passwordprotected for viewing, otherwise the resulting pagelist will not be shown. %0a%0a* [@(:pagelist:)@] now also understands wildcards in @@group=@@ and @@name=@@ arguments, as well as excluding specific names and groups.%0a%0a* [@(:pagelist:)@] now has an "order=random" option.%0a%0a* [@(:searchbox:)@] now accepts "group=", "link=", "list=", etc. options to be passed along to the search results. It also accepts a "target=" option that identifies the page on which to send the search query.%0a%0a* [@?action=search@] will display the contents of the current page if it contains a [@(:@][@searchresults:)@] directive, otherwise it uses the content of the page identified by $PageSearchForm (default is the search page for the current language translation). %0a%0a* PmWiki no longer maintains a ".linkindex" file -- it now has a ".pageindex" file that contains not only a table of links, but also words used in each page (to speed up term searches). The maintenance of the .pageindex file can be disabled by setting $PageIndexFile=''; %0a %0a* The $EnablePageListProtect variable now defaults to true, so that read-only pages appear in pagelists only if the visitor has read authorization. Note that this can also slow down some [@(:pagelist:)@] and search commands, so if the site doesn't have any read-only pages or if you aren't worried with cloaking read-only pages from searchlists, it might be worth setting $EnablePageListProtect=0; .%0a%0a* Whitespace indentation rules now exist and are enabled by default. Any line that begins with whitespace and aligns with a previous list item is considered to be "within" that list item. Text folds and wraps as normal, and the [@(:linebreaks:)@] directive is honored. To turn off whitespace indentation, use [@DisableMarkup('^ws');@].%0a%0a* A single blank line after a [@!!Heading@] is silently ignored.%0a%0a* The [@(:redirect:)@] directive is now a true markup, and can be embedded inside conditional markups or includes. It also allows redirecting to an anchor in a page, such as [@(:redirect PageName#anchor:)@]. A new [@from=@] option allows the redirect to take place only from pages that match the given wildcard specification. The [@status=@] option allows a 301, 302, 303, or 307 HTTP status code to be returned.%0a%0a* The built-in authorization function has gone through some substantial internal changes, however these changes should be fully backward compatible so that it doesn't impact any existing sites. (If it ''does'' cause a problem, please let me know so I can investigate why!) The password prompts are now specified by an admin-customizable Site.AuthForm page. In addition, the authorization function no longer creates PHP sessions for visitors that aren't being authenticated.%0a%0a* The authuser.php has likewise been substantially updated. The new version should have complete backwards compatibility with previous authuser.php settings, but this version also offers the ability to configure authentication resources and authorization groups through the [[Site.AuthUser]] page. Note that by default the Site.AuthUser page can only be edited using the admin password.%0a%0a* The $EnableSessionPasswords variable can be used to control whether passwords are held in PHP sessions. (This does not affect user authentication via [[AuthUser]], however.)%0a%0a* The $Author variable now defaults to $AuthId if not otherwise set by a script or cookie.%0a%0a* The [[Site.SideBar]] page now defaults its edit password to the sitewide edit password (in $DefaultPasswords['edit']).%0a%0a* PmWiki now supports a "draft edit" mode, enabled by $EnableDrafts = 1. This creates a "Save as draft" button that will save a page under a "-Draft" suffix, for intermediate edits.%0a%0a* There is now an ?action=login action available.%0a%0a* A potential security vulnerability for sites running PHP 5 with register_globals enabled has been fixed.%0a%0a* The [@[[PageName |+]]@] markup is now available by default; this creates a link to `PageName and uses that page's title as the link text.%0a%0a* What used to be "markup variables" are now "[[page variables]]". These are always specified using the @@{$''variable''}@@ syntax, and can be used in markup and in $...Fmt strings. In addition, one can request a value for a specific page by placing the pagename in front of the variable, as in @@{''pagename''$''variable''}@@.%0a%0a* The ''scripts/rss.php'' script is now ''scripts/feeds.php'', and is a complete redesign for [[web feed(s)]] generation. The new version supports UTF-8 and other encodings, can generate Atom 1.0 ([@?action=atom@]), Dublin Core Metadata ([@?action=dc@]) output, and enclosures for podcasting. It also allows feeds to be generated from trails, groups, categories, and backlinks, and provides options (same as pagelists) for sorting and filtering the contents of the feed. Most sites can simply switch to using [@include_once("scripts/feeds.php");@] instead of the previous ''rss.php'' include. The ''rss.php'' file has been removed from the distribution (but still works with PmWiki 2.1 for those sites that wish to continue using it).%0a%0a* [[PmWiki/InterMap]] entries can now come from a `Site.InterMap page as well as the ''local/localmap.txt'' and ''local/farmmap.txt'' files. The format of these files has changed slightly, in that the InterMap name should now have a colon after it (previously the colon was omitted).%0a%0a* We can now provide better control of robot (webcrawler) interactions with a site to reduce server load and bandwidth. The $RobotPattern variable is used to detect robots based on the user-agent string, and any actions not listed in the $RobotActions array will return a 403 Forbidden response to robots. In addition, setting $EnableRobotCloakActions will eliminate any forbidden ?action= values from page links returned to robots, which will reduce bandwidth loads from robots even further (PITS:00563).%0a%0a* Non-existent page handling has been improved; whenever a browser hits a non-existent page, PmWiki returns the contents of Site.PageNotFound and a 404 ("Not Found") status code.%0a%0a* Page links that have "?action=" in their query arguments are now treated as "existing page" links even if the page does not exist.%0a%0a* The PmWiki default skin now adds rel='nofollow' to various action links.%0a%0a* Some of the CSS styles in the PmWiki default skin have been changed for better presentation.%0a%0a* The gui edit buttons have transparent (instead of white) borders so they integrate better into skins.%0a%0a* The $EnableIMSCaching variable is now much smarter, it can detect changes in local customization files as well as pages.%0a%0a* [[PmWiki/WikiStyles]] can now make percentage specifications by using "pct" to mean "%25".%0a%0a* Class attributes in [[WikiStyle(s)]] shortcuts are now cumulative, so that [@%25class1 class2%25@] results in [@class='class1 class2'@] instead of just [@class='class2'@] in the output.%0a%0a* A problem with the [@(:include PageName#from#:)@] markup not working has been fixed (PITS:00560).%0a%0a* Viewing a GroupHeader or GroupFooter page no longer displays the contents twice.%0a%0a* It's now easier to share pages among multiple sites (e.g., [[WikiFarms]]), see Cookbook:SharedPages (PITS:00459).%0a%0a* A problem with nested apostrophe markups has been fixed (PITS:00590).%0a%0a* PmWiki is now smarter about not surrounding block HTML tags with %3cp>...%3c/p> tags.%0a%0a* If an [@[[#anchor]]@] is used more than once in a page, only the first generates an actual anchor (to preserve XHTML validity).%0a%0a* There are now [@(:if equal ...:)@] and [@(:if exists pagename:)@] [[conditional markup]]s.%0a%0a* Compound conditional markup expressions are now possible -- e.g. [@(:if [ group PmWiki && ! name PmWiki ] :)@] .%0a%0a* Added an $InputValues array that can supply default values for certain form controls (PITS:00566).%0a%0a* The default setting of $UploadUrlFmt is now based on $PubDirUrl instead of $ScriptUrl.%0a%0a* The $text global variable has been removed (use $_GET['text'], $_POST['text'], or $_REQUEST['text']).%0a%0a* A possible problem with url-encoding of attachments with non-ASCII characters has been addressed (PITS:00588).%0a%0a* Page actions in non-existent pages no longer display with non-existent link decorations.%0a%0a* A README.txt file has been added, and several documentation files are now available through the docs/ directory.%0a %0a* PmWiki is no longer available through CVS on sourceforge.net. It is now available via SVN on pmwiki.org, at svn://pmwiki.org/pmwiki/tags/latest . For more details, see PmWiki:Subversion.%0a%0a* The $NewlineXXX variable (deprecated in 2.0.0) has been removed.%0a%0a* There is experimental support for server-side caching of pages that take a long time to render; this is currently an unsupported feature and may be removed in future releases.%0a%0a%25red%25Wiki administrators should note that from this release on PmWiki defaults to having WikiWords disabled.%0a%0aTo make sure WikiWords are enabled, use [@$LinkWikiWords = 1;@] in%0athe ''local/config.php'' file.%0a%0a----%0aBugs and other requests can be reported to the PmWiki Issue Tracking %0aSystem at http://www.pmwiki.org/wiki/PITS/PITS. Any help%0ain testing, development, and/or documentation is greatly appreciated..%0a%0a[[(PmWiki:)Release Notes archive]] - notes for versions older than 2.1.0.%0a%0a%0a%0a%0a%0a%0a%0a%0a%0a
time=1413217329
title=Release Notes
|
