Index: pmwiki.php =================================================================== --- pmwiki.php (.../pmwiki-2.2.3) (revision 2387) +++ pmwiki.php (.../pmwiki-2.2.4) (revision 2387) @@ -840,7 +840,7 @@ $text = preg_replace("/=>\\s*\n/",'=> ',@$page['text']); foreach(explode("\n",$text) as $l) if (preg_match('/^\\s*[\'"](.+?)[\'"]\\s*=>\\s*[\'"](.+)[\'"]/',$l,$match)) - $xl[stripslashes($match[1])] = htmlspecialchars(stripslashes($match[2])); + $xl[stripslashes($match[1])] = stripslashes($match[2]); if (isset($xl)) { if (@$xl['xlpage-i18n']) { $i18n = preg_replace('/[^-\\w]/','',$xl['xlpage-i18n']); @@ -1960,8 +1960,8 @@ $FmtV['$PWCascade'] = substr($pwsource, 8); return FmtPageName('$[(using $PWCascade password)]', $pagename); } - $setting = implode(' ', preg_replace('/^(?!@|\\w+:).+$/', '****', - (array)$page['=passwd'][$level])); + $setting = htmlspecialchars(implode(' ', preg_replace('/^(?!@|\\w+:).+$/', '****', + (array)$page['=passwd'][$level]))); if ($pwsource == 'group' || $pwsource == 'site') { $FmtV['$PWSource'] = $pwsource; $setting = FmtPageName('$[(set by $PWSource)] ', $pagename) Index: scripts/version.php =================================================================== --- scripts/version.php (.../pmwiki-2.2.3) (revision 2387) +++ scripts/version.php (.../pmwiki-2.2.4) (revision 2387) @@ -1 +1 @@ -[@$EnableUploadOverwrite = 0;@]%0a%0aAlternatively, an administrator can [[#upload_versions|keep older versions]] of uploads.%0a%0aAn administrator can also [[#direct_download|configure]] PmWiki so the password mechanism controls access to uploaded files.%0a%0a%0a!! Basic installation%0a%0aThe ''upload.php'' script is automatically included from ''stdconfig.php'' if the $EnableUpload variable is true in ''config.php''. In addition, ''config.php'' can set the $UploadDir and $UploadUrlFmt variables to specify the local directory where uploaded files should be stored, and the URL that can be used to access that directory. By default, $UploadDir and $UploadUrlFmt assume that uploads will be stored in a directory called ''uploads/'' within the current directory (usually the one containing ''pmwiki.php''). In addition, ''config.php'' should also set a default upload password (see [[PasswordsAdmin]]).%0a%0aThus, a basic ''config.php'' for uploads might look like:%0a%0a->[@%0a%3c?php if (!defined('PmWiki')) exit();%0a## Enable uploads and set a site-wide default upload password.%0a$EnableUpload = 1;%0a$DefaultPasswords['upload'] = crypt('secret');%0a@]%0a%0aIf you have edit passwords and wish to allow all users with edit rights to upload, instead of $DefaultPasswords['upload'], you can set @@$HandleAuth['upload'] = 'edit';@@ in config.php.%0a%0a'''Important''': do NOT create the uploads directory yet! See the next paragraph.%0a%0aYou may also need to explicitly set which filesystem directory will hold uploads and provide a URL that corresponds to that directory like:%0a%0a->[@%0a$UploadDir = "/home/foobar/public_html/uploads";%0a$UploadUrlFmt = "http://example.com/~foobar/uploads";%0a@]%0a%0a[[#uploaddirectoryconfiguration]]%0a!!! Upload directory configuration%0aUploads can be configured site-wide, by-group, or by-page by changing $UploadPrefixFmt. This determines whether all uploads go in one directory for the site, an individual directory for each group, or an individual directory for each page. The default is to organize upload by group.%0a%0a[[#sitewideprefix]]For site-wide uploads, use%0a%0a->[@$UploadPrefixFmt = '';@]%0a%0aTo organize uploads by page, use:%0a->[@%0a$UploadPrefixFmt = '/$Group/$Name';%0a@]%0a%0a!!! The upload directory%0a%0aFor the upload feature to work properly, the directory given by [=$UploadDir=] must be writable by the web server process, and it usually must be in a location that is accessible to the web somewhere (e.g., in a subdirectory of ''public_html''). Executing PmWiki with uploads enabled will prompt you with the set of steps required to create the uploads directory on your server (it differs from one server to the next). ''Note that you are likely to be required to explicitly create writable group- or page-specific subdirectories as well!''%0a%0a%0a!!! Uploading a file%0a%0aOnce the upload feature is enabled, users can access the upload form by adding "@@?action=upload@@" to the end of a normal PmWiki URL. The user will be prompted for an upload password similar to the way other pages ask for passwords (see [[Passwords]] and [[PasswordsAdmin]] for information about setting passwords on pages, groups, and the entire site).%0a%0aAnother way to access the upload form is to insert the markup "[@Attach:filename.ext@]" into an existing page, where @@filename.ext@@ is the name of a new file to be uploaded. When the page is displayed, a '?-link' will be added to the end of the markup to take the author to the upload page. (See [[Uploads]] for syntax variations.)%0a%0aBy default, PmWiki will organize the uploaded files into separate subdirectories for each group. This can be changed by modifying the $UploadPrefixFmt variable. See [[Cookbook:UploadGroups]] for details.%0a%0a%0a!! [[#upload_versions]] Versioning Uploaded Files%0a%0aPmWiki does not manage versioning of uploaded files by default. However, by setting $EnableUploadVersions=1; an administrator can have older versions of uploads preserved in the uploads directory along with the most recent version.%0a%0a!! Upload restrictions%0a!!! Restricting uploaded files for groups and pages%0a%0aUploads can be enabled only for specific groups or pages by using a [[per group customization(s)]]. Simply set @@$EnableUpload=1;@@ for those groups or pages where uploading is to be enabled; alternately, set @@$EnableUpload=1;@@ in the config.php file and then set @@$EnableUpload=0;@@ in the per-group or per-page customization files where uploads are to be disabled.%0a%0a!!! Restricting total upload size for a group or the whole wiki%0a%0aUploads can be restricted to an overall size limit for groups. In the group configuration file (i.e., local/Group.php), add the line%0a%0a->$UploadPrefixQuota = 1024000; # limit group uploads to 1000K%0a%0aThis will limit the total size of uploads for that group to 1000k --any upload that pushes the total over the limit will be rejected with an error message. This value defaults to zero (unlimited).%0a%0aUploads can also be restricted to an overall size limit for all uploads. Add the line%0a%0a->$UploadDirQuota = 10240000; # limit total uploads to 10000K%0a%0aThis will limit the total size of uploads for the whole wiki to 10000k --any upload that pushes the total over the limit will be rejected with an error message. This value defaults to zero (unlimited).%0a%0a%0a[[#restrictinguploadedfiles]]%0a!!!Restricting uploaded files type and size%0a%0aThe upload script performs a number of verifications on an uploaded file before storing it in the upload directory. The basic verifications are described below.%0a:'''filenames''': the name for the uploaded file can contain only letters, digits, underscores, hyphens, spaces, and periods, and the name must begin and end with a letter or digit. %0a:'''file extension''': only files with approved extensions such as "@@.gif@@", "@@.jpeg@@", "@@.doc@@", etc. are allowed to be uploaded to the web server. This is vitally important for server security, since the web server might attempt to execute or specially process files with extensions like "@@.php@@", "@@.cgi@@", etc. %0a:'''file size''': By default all uploads are limited to 50K bytes, as specified by the $UploadMaxSize variable. Thus, to limit all uploads to 100K, simply specify a new value for $UploadMaxSize in ''config.php'':%0a%0a->[@$UploadMaxSize = 102400;@]%0a%0aHowever, maximum file sizes can also be specified for each type of file uploaded. Thus, an administrator can restrict "@@.gif@@" and "@@.jpeg@@" files to 20K, "@@.doc@@" files to 200K, and all others to the size given by $UploadMaxSize. The $UploadExtSize array is used to determine which file extensions are valid and the maximum upload size (in bytes) for each file type. For example:%0a%0a->[@$UploadExtSize['gif'] = 20000; # limit .gif files to 20K@]%0a%0aSetting an entry to zero disables file uploads of that type altogether:%0a%0a->[@$UploadExtSize['zip'] = 0; # disallow .zip files@]%0a%0aYou can limit which types of files are uploadable by disabling all defaults and specifying only desired types%0aSetting the variable $UploadMax to zero will disable all default file types. Individual file types may then be enabled by setting their maximum size with the variable $UploadExtSize.%0a%0a-> [@# turns off all upload extensions%0a$UploadMaxSize = 0;%0a%0a# enable only these file types for uploading%0a$aSize=102400; // 100 K file size limitation%0a$UploadExtSize['jpg' ] = $aSize;%0a$UploadExtSize['gif' ] = $aSize;%0a$UploadExtSize['png' ] = $aSize;%0a@]%0a%0a[[#newuploadfiletypes]]%0a!! Adding new file types to permitted uploads%0a%0aTo add a new extension to the list of allowed upload types, add a line like the following to a [[local customization(s)]] file:%0a%0a->[@$UploadExts['ext'] = 'content-type';@]%0a%0awhere ''ext'' is the extension to be added, and ''content-type'' is the "MIME type", or content-type (which you may find %25newwin%25[[http://www.iana.org/assignments/media-types/ | here]] or on the lower part of %25newwin%25[[http://www.w3schools.com/media/media_mimeref.asp | this page]]) to be used for files with that extension. For example, to add the '[@dxf@]' extension with a Content-Type of '[@image/x-dxf@]', place the line%0a%0a->[@$UploadExts['dxf'] = 'image/x-dxf';@]%0a%0aEach entry in $UploadExts needs to be the extension and the%0amime-type associated with that extension, thus:%0a%0a->[@%0a$UploadExts = array(%0a 'gif' => 'image/gif',%0a 'jpeg' => 'image/jpeg',%0a 'jpg' => 'image/jpeg',%0a 'png' => 'image/png',%0a 'xxx' => 'yyyy/zzz'%0a);%0a@]%0a%0aFor the types that PmWiki already knows about it's not necessary to repeat them here (the ''upload.php'' script adds PmWiki's defaults to whatever the administrator supplies).%0a[[#newuploadfiletypesend]]%0aSee also Cookbook:UploadTypes for additional types.%0a%0a[[#otherfilesizelimits]]%0a!!Other file size limits%0a%0aThere are other factors involved that affect upload file sizes. In Apache 2.0, there is a `LimitRequestBody directive that controls the maximum size of anything that is posted (including file uploads). Apache has this defaulted to unlimited size. However, some Linux distributions (e.g., Red Hat Linux) limit postings to 512K so this may need to be changed or increased. (Normally these settings are in an ''httpd.conf'' configuration file or in a file in ''/etc/httpd/conf.d''.)%0a%0aProblem noted on Red Hat 8.0/9.0 with Apache 2.0.x, the error "Requested content-length of 670955 is larger than the configured limit of 524288" was occurring under Apache and a "Page not found" would appear in the browser. Trying the above settings made no change with PHP, but on Red Hat 8.0/9.0 there is an additional PHP config file, /etc/httpd/conf.d/php.conf, and increasing the number on the line "`LimitRequestBody 524288" solves the issue.%0a%0aPHP itself has two limits on file uploads (usually located in /etc/php.ini). The first is the @@upload_max_filesize@@ parameter, which is set to 2M by default. The second is @@post_max_size@@, which is set to 6M by default.%0a%0aWith the variables in place--PmWiki's maximum file size, Apache's request-size limits, and the PHP file size parameters, the maximum uploaded file size will be the smallest of the three variables.%0a%0a!!! [[#direct_download]] Password protecting uploaded files%0aSetting a read password for pages (and groups) will prevent an attached file from being seen or accessed through the page, but to prevent direct access to the file location (the uploads/ directory) one can do the following:%0a %0a* In local/config.php set $EnableDirectDownload=0;%0a* If you use per-group upload directories (PmpWiki default, see $UploadPrefixFmt), add to config.php @@$EnableUploadGroupAuth = 1;@@%0a* Deny public access to the uploads/ directory through moving it out of the html/ or public_html/ directory tree, or through a .htaccess file.%0a%0a%0aSee [[Cookbook:Secure attachments]] {Cookbook.SecureAttachments$:Summary}%0a%0a%0a!! Other notes%0a%0a* If uploads doesn't seem to work, make sure that your PHP installation allows uploads. The ''php.ini'' file (usually ''/etc/php.ini'' or ''/usr/local/lib/php.ini'') should have %0a%0a->[@file_uploads = On@]%0a%0aNote that if you change this value, httpd must generally be restarted. Another way to check if uploads are allowed by the server is to set $EnableDiag to 1 in ''config.php'', and set ?action=phpinfo on a URL. The "@@file_uploads@@" variable must have a value of 1 (if it says "@@no value@@", that means it's off).%0a%0a%0a%0a%0a>>faq%3c%3c [[#faq]]%0a%0aQ: How do I disable uploading of a certain type of file?%0aA: Here's an example of what to add to your ''local/config.php'' file to disable uploading of .zip files:%0a%0a->[@$UploadExtSize['zip'] = 0; # Disallow uploading .zip files.@]%0a%0a%0aQ: How do I attach uploads to individual pages or the entire site, instead of organizing them by [[wiki group]]?%0aA: Use the $UploadPrefixFmt variable (see also the Cookbook:UploadGroups recipe).%0a%0a->[@$UploadPrefixFmt = '/$FullName'; # per-page@]%0a->[@$UploadPrefixFmt = ''; # site-wide@]%0a%0aQ:For $UploadDirQuota - can you provide some units and numbers? Is the specification in bytes or bits? What is the number for 100K? 1 Meg? 1 Gig? 1 Terabyte?%0aA: Units are in bytes. %0a%0a $UploadDirQuota = 100*1024; # limit uploads to 100KiB%0a $UploadDirQuota = 1000*1024; # limit uploads to 1000KiB%0a $UploadDirQuota = 1024*1024; # limit uploads to 1MiB%0a $UploadDirQuota = 25*1024*1024; # limit uploads to 25MiB%0a $UploadDirQuota = 2*1024*1024*1024; # limit uploads to 2GiB%0a%0aQ: Is there a way to allow file names with Unicode or addtiional characters? %0aA: Yes, see $UploadNameChars%0a%0aQ:Where is the list of attachments stored?%0aA: It is generated on the fly by the [[PageDirectives#attachlist|(:attachlist:)]] markup.%0a%0aQ: How can I find orphaned or missing attachments%0aA: See [[Cookbook:Attachlist enhanced]] {Cookbook.AttachlistEnhanced$:Summary}%0a%0aQ: How can I prevent hotlinking of my uploaded images%0aA: See [[Cookbook:Prevent Hotlinking]] {Cookbook.PreventHotlinking$:Summary}%0a%0aQ: I have limited the max upload size to 8 Mb in config.php, however only files smaller than 2M can be uploaded.%0aA: Check your php.ini for ''upload_max_filesize''%0a->[@%0aupload_max_filesize = 8M%0a@]%0a -time=1246545817 +text=(:title Uploads Administration:)%0a(:Summary:Administration of PmWiki [[uploads]]:)%0a[[PmWiki]] includes a script called ''upload.php'' that allows users to [[upload(s)]] files to the wiki server using a web browser. Uploaded files (also called ''attachments'') can then be easily accessed using markup within wiki pages. This page describes how to install and configure the upload feature.%0a%0a%0a!! Some notes about [[security]]%0a%0aPmWiki takes a somewhat, but justifiable, paranoid stance%0awhen it comes to the uploads feature. Thus, the default settings for%0auploads tend to try to restrict the feature as much as possible:%0a%0a* The upload function is disabled by default%0a* Even if you enable it, the function is password locked by default%0a* Even if you remove the password, you're restricted to uploading files with certain names, extensions, and sizes%0a* The characters that may appear in upload filenames are (default) alphanumerics, hyphen, underscore, dot, and space ([[#restrictinguploadedfiles|see also here]]).%0a* The maximum upload size is small (50K by default)%0a%0aThis way the potential damage is limited until/unless the wiki%0aadministrator explicitly relaxes the restrictions.%0a%0aKeep in mind that letting users (anonymously!) upload files to your web server does entail some amount of risk. The ''upload.php'' script has been designed to reduce the hazards, but [[wiki administrator]]s should be aware that the potential for vulnerabilities exist, and that misconfiguration of the upload utility could lead to unwanted consequences.%0a%0aBy default, authorized users are able to overwrite files that have already been uploaded, without the possibility of restoring the previous version of the file. If you want to disallow users from being able to overwrite files that have already been uploaded, add the following line to ''config.php'':%0a%0a->[@$EnableUploadOverwrite = 0;@]%0a%0aAlternatively, an administrator can [[#upload_versions|keep older versions]] of uploads.%0a%0aAn administrator can also [[#direct_download|configure]] PmWiki so the password mechanism controls access to uploaded files.%0a%0a%0a!! Basic installation%0a%0aThe ''upload.php'' script is automatically included from ''stdconfig.php'' if the $EnableUpload variable is true in ''config.php''. In addition, ''config.php'' can set the $UploadDir and $UploadUrlFmt variables to specify the local directory where uploaded files should be stored, and the URL that can be used to access that directory. By default, $UploadDir and $UploadUrlFmt assume that uploads will be stored in a directory called ''uploads/'' within the current directory (usually the one containing ''pmwiki.php''). In addition, ''config.php'' should also set a default upload password (see [[PasswordsAdmin]]).%0a%0aThus, a basic ''config.php'' for uploads might look like:%0a%0a->[@%0a%3c?php if (!defined('PmWiki')) exit();%0a## Enable uploads and set a site-wide default upload password.%0a$EnableUpload = 1;%0a$DefaultPasswords['upload'] = crypt('secret');%0a@]%0a%0aIf you have edit passwords and wish to allow all users with edit rights to upload, instead of $DefaultPasswords['upload'], you can set @@$HandleAuth['upload'] = 'edit';@@ in config.php.%0a%0a'''Important''': do NOT create the uploads directory yet! See the next paragraph.%0a%0aYou may also need to explicitly set which filesystem directory will hold uploads and provide a URL that corresponds to that directory like:%0a%0a->[@%0a$UploadDir = "/home/foobar/public_html/uploads";%0a$UploadUrlFmt = "http://example.com/~foobar/uploads";%0a@]%0a%0a[[#uploaddirectoryconfiguration]]%0a!!! Upload directory configuration%0aUploads can be configured site-wide, by-group, or by-page by changing $UploadPrefixFmt. This determines whether all uploads go in one directory for the site, an individual directory for each group, or an individual directory for each page. The default is to organize upload by group.%0a%0a[[#sitewideprefix]]For site-wide uploads, use%0a%0a->[@$UploadPrefixFmt = '';@]%0a%0aTo organize uploads by page, use:%0a->[@%0a$UploadPrefixFmt = '/$Group/$Name';%0a@]%0a%0a!!! The upload directory%0a%0aFor the upload feature to work properly, the directory given by [=$UploadDir=] must be writable by the web server process, and it usually must be in a location that is accessible to the web somewhere (e.g., in a subdirectory of ''public_html''). Executing PmWiki with uploads enabled will prompt you with the set of steps required to create the uploads directory on your server (it differs from one server to the next). ''Note that you are likely to be required to explicitly create writable group- or page-specific subdirectories as well!''%0a%0a%0a!!! Uploading a file%0a%0aOnce the upload feature is enabled, users can access the upload form by adding "@@?action=upload@@" to the end of a normal PmWiki URL. The user will be prompted for an upload password similar to the way other pages ask for passwords (see [[Passwords]] and [[PasswordsAdmin]] for information about setting passwords on pages, groups, and the entire site).%0a%0aAnother way to access the upload form is to insert the markup "[@Attach:filename.ext@]" into an existing page, where @@filename.ext@@ is the name of a new file to be uploaded. When the page is displayed, a '?-link' will be added to the end of the markup to take the author to the upload page. (See [[Uploads]] for syntax variations.)%0a%0aBy default, PmWiki will organize the uploaded files into separate subdirectories for each group. This can be changed by modifying the $UploadPrefixFmt variable. See [[Cookbook:UploadGroups]] for details.%0a%0a%0a!! [[#upload_versions]] Versioning Uploaded Files%0a%0aPmWiki does not manage versioning of uploaded files by default. However, by setting $EnableUploadVersions=1; an administrator can have older versions of uploads preserved in the uploads directory along with the most recent version.%0a%0a!! Upload restrictions%0a!!! Restricting uploaded files for groups and pages%0a%0aUploads can be enabled only for specific groups or pages by using a [[per group customization(s)]]. Simply set @@$EnableUpload=1;@@ for those groups or pages where uploading is to be enabled; alternately, set @@$EnableUpload=1;@@ in the config.php file and then set @@$EnableUpload=0;@@ in the per-group or per-page customization files where uploads are to be disabled.%0a%0a!!! Restricting total upload size for a group or the whole wiki%0a%0aUploads can be restricted to an overall size limit for groups. In the group configuration file (i.e., local/Group.php), add the line%0a%0a->$UploadPrefixQuota = 1024000; # limit group uploads to 1000K%0a%0aThis will limit the total size of uploads for that group to 1000k --any upload that pushes the total over the limit will be rejected with an error message. This value defaults to zero (unlimited).%0a%0aUploads can also be restricted to an overall size limit for all uploads. Add the line%0a%0a->$UploadDirQuota = 10240000; # limit total uploads to 10000K%0a%0aThis will limit the total size of uploads for the whole wiki to 10000k --any upload that pushes the total over the limit will be rejected with an error message. This value defaults to zero (unlimited).%0a%0a%0a[[#restrictinguploadedfiles]]%0a!!!Restricting uploaded files type and size%0a%0aThe upload script performs a number of verifications on an uploaded file before storing it in the upload directory. The basic verifications are described below.%0a:'''filenames''': the name for the uploaded file can contain only letters, digits, underscores, hyphens, spaces, and periods, and the name must begin and end with a letter or digit. %0a:'''file extension''': only files with approved extensions such as "@@.gif@@", "@@.jpeg@@", "@@.doc@@", etc. are allowed to be uploaded to the web server. This is vitally important for server security, since the web server might attempt to execute or specially process files with extensions like "@@.php@@", "@@.cgi@@", etc. %0a:'''file size''': By default all uploads are limited to 50K bytes, as specified by the $UploadMaxSize variable. Thus, to limit all uploads to 100K, simply specify a new value for $UploadMaxSize in ''config.php'':%0a%0a->[@$UploadMaxSize = 102400;@]%0a%0aHowever, maximum file sizes can also be specified for each type of file uploaded. Thus, an administrator can restrict "@@.gif@@" and "@@.jpeg@@" files to 20K, "@@.doc@@" files to 200K, and all others to the size given by $UploadMaxSize. The $UploadExtSize array is used to determine which file extensions are valid and the maximum upload size (in bytes) for each file type. For example:%0a%0a->[@$UploadExtSize['gif'] = 20000; # limit .gif files to 20K@]%0a%0aSetting an entry to zero disables file uploads of that type altogether:%0a%0a->[@$UploadExtSize['zip'] = 0; # disallow .zip files@]%0a%0aYou can limit which types of files are uploadable by disabling all defaults and specifying only desired types%0aSetting the variable $UploadMax to zero will disable all default file types. Individual file types may then be enabled by setting their maximum size with the variable $UploadExtSize.%0a%0a-> [@# turns off all upload extensions%0a$UploadMaxSize = 0;%0a%0a# enable only these file types for uploading%0a$aSize=102400; // 100 K file size limitation%0a$UploadExtSize['jpg' ] = $aSize;%0a$UploadExtSize['gif' ] = $aSize;%0a$UploadExtSize['png' ] = $aSize;%0a@]%0a%0a[[#newuploadfiletypes]]%0a!! Adding new file types to permitted uploads%0a%0aTo add a new extension to the list of allowed upload types, add a line like the following to a [[local customization(s)]] file:%0a%0a->[@$UploadExts['ext'] = 'content-type';@]%0a%0awhere ''ext'' is the extension to be added, and ''content-type'' is the "MIME type", or content-type (which you may find %25newwin%25[[http://www.iana.org/assignments/media-types/ | here]] or on the lower part of %25newwin%25[[http://www.w3schools.com/media/media_mimeref.asp | this page]]) to be used for files with that extension. For example, to add the '[@dxf@]' extension with a Content-Type of '[@image/x-dxf@]', place the line%0a%0a->[@$UploadExts['dxf'] = 'image/x-dxf';@]%0a%0aEach entry in $UploadExts needs to be the extension and the%0amime-type associated with that extension, thus:%0a%0a->[@%0a$UploadExts = array(%0a 'gif' => 'image/gif',%0a 'jpeg' => 'image/jpeg',%0a 'jpg' => 'image/jpeg',%0a 'png' => 'image/png',%0a 'xxx' => 'yyyy/zzz'%0a);%0a@]%0a%0aFor the types that PmWiki already knows about it's not necessary to repeat them here (the ''upload.php'' script adds PmWiki's defaults to whatever the administrator supplies).%0a[[#newuploadfiletypesend]]%0aSee also Cookbook:UploadTypes for additional types.%0a%0a[[#otherfilesizelimits]]%0a!!Other file size limits%0a%0aThere are other factors involved that affect upload file sizes. In Apache 2.0, there is a `LimitRequestBody directive that controls the maximum size of anything that is posted (including file uploads). Apache has this defaulted to unlimited size. However, some Linux distributions (e.g., Red Hat Linux) limit postings to 512K so this may need to be changed or increased. (Normally these settings are in an ''httpd.conf'' configuration file or in a file in ''/etc/httpd/conf.d''.)%0a%0aProblem noted on Red Hat 8.0/9.0 with Apache 2.0.x, the error "Requested content-length of 670955 is larger than the configured limit of 524288" was occurring under Apache and a "Page not found" would appear in the browser. Trying the above settings made no change with PHP, but on Red Hat 8.0/9.0 there is an additional PHP config file, /etc/httpd/conf.d/php.conf, and increasing the number on the line "`LimitRequestBody 524288" solves the issue.%0a%0aPHP itself has two limits on file uploads (usually located in /etc/php.ini). The first is the @@upload_max_filesize@@ parameter, which is set to 2M by default. The second is @@post_max_size@@, which is set to 6M by default.%0a%0aWith the variables in place--PmWiki's maximum file size, Apache's request-size limits, and the PHP file size parameters, the maximum uploaded file size will be the smallest of the three variables.%0a%0a!!! [[#direct_download]] Password protecting uploaded files%0aSetting a read password for pages (and groups) will prevent an attached file from being seen or accessed through the page, but to prevent direct access to the file location (the uploads/ directory) one can do the following:%0a %0a* In local/config.php set $EnableDirectDownload=0;%0a* If you use per-group upload directories (PmWiki default, see $UploadPrefixFmt), add to config.php @@$EnableUploadGroupAuth = 1;@@%0a* Deny public access to the uploads/ directory through moving it out of the html/ or public_html/ directory tree, or through a .htaccess file.%0a%0a%0aSee [[Cookbook:Secure attachments]] {Cookbook.SecureAttachments$:Summary}%0a%0a%0a!! Other notes%0a%0a* If uploads doesn't seem to work, make sure that your PHP installation allows uploads. The ''php.ini'' file (usually ''/etc/php.ini'' or ''/usr/local/lib/php.ini'') should have %0a%0a->[@file_uploads = On@]%0a%0aNote that if you change this value, httpd must generally be restarted. Another way to check if uploads are allowed by the server is to set $EnableDiag to 1 in ''config.php'', and set ?action=phpinfo on a URL. The "@@file_uploads@@" variable must have a value of 1 (if it says "@@no value@@", that means it's off).%0a%0a%0a%0a%0a>>faq%3c%3c [[#faq]]%0a%0aQ: How do I disable uploading of a certain type of file?%0aA: Here's an example of what to add to your ''local/config.php'' file to disable uploading of .zip files:%0a%0a->[@$UploadExtSize['zip'] = 0; # Disallow uploading .zip files.@]%0a%0a%0aQ: How do I attach uploads to individual pages or the entire site, instead of organizing them by [[wiki group]]?%0aA: Use the $UploadPrefixFmt variable (see also the Cookbook:UploadGroups recipe).%0a%0a->[@$UploadPrefixFmt = '/$FullName'; # per-page@]%0a->[@$UploadPrefixFmt = ''; # site-wide@]%0a%0aQ:For $UploadDirQuota - can you provide some units and numbers? Is the specification in bytes or bits? What is the number for 100K? 1 Meg? 1 Gig? 1 Terabyte?%0aA: Units are in bytes. %0a%0a $UploadDirQuota = 100*1024; # limit uploads to 100KiB%0a $UploadDirQuota = 1000*1024; # limit uploads to 1000KiB%0a $UploadDirQuota = 1024*1024; # limit uploads to 1MiB%0a $UploadDirQuota = 25*1024*1024; # limit uploads to 25MiB%0a $UploadDirQuota = 2*1024*1024*1024; # limit uploads to 2GiB%0a%0aQ: Is there a way to allow file names with Unicode or addtiional characters? %0aA: Yes, see $UploadNameChars%0a%0aQ:Where is the list of attachments stored?%0aA: It is generated on the fly by the [[PageDirectives#attachlist|(:attachlist:)]] markup.%0a%0aQ: How can I find orphaned or missing attachments%0aA: See [[Cookbook:Attachlist enhanced]] {Cookbook.AttachlistEnhanced$:Summary}%0a%0aQ: How can I prevent hotlinking of my uploaded images%0aA: See [[Cookbook:Prevent Hotlinking]] {Cookbook.PreventHotlinking$:Summary}%0a%0aQ: I have limited the max upload size to 8 Mb in config.php, however only files smaller than 2M can be uploaded.%0aA: Check your php.ini for ''upload_max_filesize''%0a->[@%0aupload_max_filesize = 8M%0a@]%0a +time=1247707211 title=Uploads Administration Index: wikilib.d/PmWiki.ReleaseNotes =================================================================== --- wikilib.d/PmWiki.ReleaseNotes (.../pmwiki-2.2.3) (revision 2387) +++ wikilib.d/PmWiki.ReleaseNotes (.../pmwiki-2.2.4) (revision 2387) @@ -1,12 +1,12 @@ -version=pmwiki-2.2.2 ordered=1 urlencoded=1 +version=pmwiki-2.2.3 ordered=1 urlencoded=1 agent=Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.19) Gecko/20081216 Ubuntu/8.04 (hardy) Firefox/2.0.0.19 author=Petko charset=ISO-8859-1 csum= host=81.65.14.164 name=PmWiki.ReleaseNotes -rev=425 +rev=426 targets=Site.Site,SiteAdmin.SiteAdmin,Site.PageActions,Site.EditForm,Site.PageNotFound,PmWiki.PageLists,PmWiki.WikiTrails,PmWiki.Blocklist,SiteAdmin.AuthList,PmWiki.SkinTemplates,PmWiki.AuthUser,Site.AuthUser,PmWiki.WikiFarms,PmWiki.Notify,PmWiki.LocalCustomizations,Site.PageListTemplates,Site.SideBar,PmWiki.PageVariables,PmWiki.WebFeeds,PmWiki.InterMap,PmWiki.WikiStyles,PmWiki.ConditionalMarkup -text=(:title Release Notes:)%0a(:Summary: PmWiki release notes:)%0a!! Version 2.2.3 (2009-07-16)%0aThis release fixes six potential XSS vulnerabilities, reported by Michael Engelke. The vulnerabilities may affect wikis open for editing and may allow the injection of external JavaScripts in their pages. Public open wikis should upgrade.%0a%0aA new variable $EnableUploadGroupAuth was added; if set to 1, it allows password-protected uploads to be checked against the Group password. %0a%0aIt is now possible to use @@ @_site_edit, @_site_read, @_site_admin@@ or @@ @_site_upload@@ global passwords in GroupAttributes pages.%0a%0aA number of other small bugs were fixed, and the documentation was updated.%0a%0a!! Version 2.2.2 (2009-06-21)%0aThe major news in this release is a fix of an AuthUser vulnerability.%0a%0aThe vulnerability affects only wikis that (1) rely on the AuthUser core module %0afor User:Password authentication, -AND- (2) where the PHP installation runs %0awith the variable "magic_quotes_gpc" disabled.%0a%0aAll PmWiki 2.1.x versions from pmwiki-2.1.beta6 on, all 2.2.betaX, 2.2.0, and %0a2.2.1 are affected.%0a%0aThe PmWiki SiteAnalyzer can detect if your wiki needs to upgrade:%0a http://www.pmwiki.org/wiki/PmWiki/SiteAnalyzer%0a%0aIf your wiki is vulnerable, you should do one of the following at the earliest %0aopportunity:%0a%0a* Upgrade to a version of PmWiki at least 2.2.2 or greater.%0a* Turn on magic_quotes_gpc in the php.ini file or in a .htaccess file.%0a%0aAlternatively, you can temporarily disable AuthUser until you upgrade.%0a%0aNote that even if your wiki does not have the AuthUser vulnerability at the %0amoment, you are strongly encouraged to upgrade to PmWiki version 2.2.2 or %0alater, as some future configuration of your hosting server might put you at %0arisk.%0a%0aThis release also comes with minor updates in the local documentation; fixes %0awere applied for international wikis - notably global variables in %0axlpage-utf-8.php and a new variable $EnableNotifySubjectEncode, which allows %0ae-mail clients to correctly display the Subject header; and a number of other %0asmall bugs were fixed.%0a%0a!! Version 2.2.1 (2009-03-28)%0aThis release comes with an updated local documentation; wikiTrails now work cross-group; guiedit.php now produces valid HTML, and other small bugs were fixed. We also added $EnableRedirectQuiet, which allows redirects to take place without any mention of "redirected from page ....".%0a%0a!! Version 2.2.0 (2009-01-18)%0a%0aThis is a summary of changes from 2.1.x to 2.2.0.%0a%0a* Several pages that were formerly in the [[Site]].* group are now in a separate [[SiteAdmin]].* group, which is read-restricted by default. The affected pages include Site.AuthUser, Site.AuthList, Site.NotifyList, Site.Blocklist, and Site.ApprovedUrls . If upgrading from an earlier version of PmWiki, PmWiki will prompt to automatically copy these pages to their new location if needed. If a site wishes to continue using the old Site.* group for these pages, simply set%0a%0a-> $SiteAdminGroup = $SiteGroup;%0a%0a-> when carrying out this upgrade inspect your config files for lines such as%0a--> $BlocklistDownload['Site.Blocklist-PmWiki'] = array('format' => 'pmwiki');%0a->as you may wish to fix then, eg%0a--> $BlocklistDownload[$SiteAdminGroup . '.Blocklist-PmWiki'] = array('format' => 'pmwiki');%0a%0a* Important Change in Passwords in PmWiki 2.2 indicating that the group can be edited even if a site password is set will be done by @@"@nopass"@@ prior it was done by @@"nopass"@@%0a-> When migrating a wiki you will have to manually modify the permission or by a script replace in all the page concerned @@passwdread=nopass:@@ by @@passwdread=@nopass@@ (see PITS:00961) --isidor%0a%0a* PmWiki now ships with WikiWords entirely disabled by default. To re-enable them, set either $LinkWikiWords or $EnableWikiWords to 1. To get the 2.1 behavior where WikiWords are spaced and parsed but don't form links, use the following:%0a-> $EnableWikiWords = 1;%0a-> $LinkWikiWords = 0;%0a%0a* It's now easy to disable the rule that causes lines with leading spaces to be treated as preformatted text -- simply set $EnableWSPre=0; to disable this rule.%0a%0a--> '''Important:''' There is ongoing discussion that the leading whitespace rule may be disabled ''by default'' in a future versions of PmWiki. If you want to make sure that the rule will continue to work in future upgrades, set $EnableWSPre=1; in ''local/config.php''.%0a%0a* The $ROSPatterns variable has changed somewhat -- replacement strings are no longer automatically passed through FmtPageName() prior to substitution (i.e., it must now be done explicitly).%0a%0a* Page variables and page links inside of [@(:include:)@] pages are now treated as relative to the included page, instead of the currently browsed page. In short, the idea is that links and page variables should be evaluated with respect to the page in which they are written, as opposed to the page in which they appear. This seems to be more in line with what authors expect. There are a number of important ramifications of this change:%0a%0a[[#relativeurls]]%0a** We now have a new [@{*$var}@] form of page variable, which always refers to "the currently displayed page". Pages such as Site.PageActions and Site.EditForm that are designed to work on "the currently browsed page" should generally switch to using [@{*$FullName}@] instead of [@{$FullName}@].%0a%0a** The $EnableRelativePageLinks and $EnableRelativePageVars settings control the treatment of links and page variables in included pages. However, to minimize disruption to existing sites, $EnableRelativePageVars defaults to '''disabled'''. This will give existing sites an opportunity to convert any absolute [@{$var}@] references to be [@{*$var}@] instead.%0a%0a** Eventually $EnableRelativePageVars will be enabled by default, so we highly recommend setting [@$EnableRelativePageVars = 1;@] in ''local/config.php'' to see how a site will react to the new interpretation. Administrators should especially check any customized versions of the following:%0a---> [[Site.PageActions]]%0a---> [[Site.EditForm]]%0a---> [[Site.PageNotFound]]%0a---> SideBar pages with ?action= links for the current page%0a---> $GroupHeaderFmt, $GroupFooterFmt%0a---> [[Page lists]] that refer to the current group or page, etc in sidebars, headers, and footers%0a%0a** The [@(:include:)@] directive now has a [@basepage=@] option whereby an author can explicitly specify the page upon which relative links and page variables should be based. If no basepage= option is specified, the included page is assumed to be the base.%0a%0a* Sites that want to retain the pre-2.2 behavior of [@(:include:)@] and other items can set [@$Transition['version'] = 2001900;@] to automatically retain the 2.1.x defaults.%0a%0a* Text inserted via [@(:include:)@] can contain "immediate substitutions" of the form [@{$$option}@] -- these are substituted with the value of any options provided to the include directive.%0a%0a* PmWiki now recognizes when it is being accessed via "https:" and switches its internal links appropriately. This can be overridden by explicitly setting $ScriptUrl and $PubDirUrl.%0a%0a* A new $EnableLinkPageRelative option allows PmWiki to generate relative urls for page links instead of absolute urls.%0a%0a* Draft handling capabilities have been greatly improved. When $EnableDrafts is set, then the "Save" button is relabeled to "Publish" and a "Save draft" button appears. In addition, an $EnablePublishAttr configuration variable adds a new "publish" authorization level to distinguish editing from publishing. See [[PmWiki:Drafts]] for more details.%0a%0a[[#ptvstart]]%0a* There is a new [@{$:var}@] "page text variable" available that is able to grab text excerpts out of markup content. For example, [@{SomePage$:Xyz}@] will be replaced by a definition of "Xyz" in SomePage. Page text variables can be defined using definition markup, a line beginning with the variable name and a colon, or a special directive form (that doesn't display anything on output):%0a%0a-->[@%0a:Xyz: some value # definition list form%0aXyz: some value # colon form%0a(:Xyz: some value:) # directive form%0a@]%0a[[#ptvend]]%0a%0a* The [@(:pagelist:)@] command can now filter pages based on the contents of page variables and/or page text variables. For example, the following directive displays only those pages that have an "Xyz" page text variable with "some value":%0a%0a-->[@(:pagelist $:Xyz="some value":)@]%0a%0a Wildcards also work here, thus the following pagelist command lists pages where the page's title starts with the letter "a":%0a%0a-->[@(:pagelist $Title=A* :)@]%0a%0a* The if= option to [@(:pagelist)@] can be used to filter pages based on conditional markup:%0a%0a-->[@(:pagelist if="auth upload {=$FullName}":)@] pages with upload permission%0a-->[@(:pagelist if="date today.. {=$Name}":)@] pages with names that are dates later than today%0a%0a* Spaces no longer separate wildcard patterns -- use commas. (Most people have been doing this already.)%0a%0a* Because page variables are now "relative", the [@{$PageCount}, {$GroupCount}, {$GroupPageCount}@] variables used in pagelist templates are now [@{$$PageCount}, {$$GroupCount}, {$$GroupPageCount}@].%0a%0a* One can now use [@{$$option}@] in a pagelist template to obtain the value of any 'option=' provided to the [@(:pagelist:)@] command.%0a%0a* The [@(:pagelist:)@] directive no longer accepts parameters from urls or forms by default. In order to have it accept such parameters (which was the default in 2.1 and earlier), add a [@request=1@] option to the [@(:pagelist:)@] directive.%0a%0a* The [@count=@] option to pagelists now accepts negative values to count from the end of the list. Thus [@count=5@] returns the the first five pages in the list, and [@count=-5@] returns the last five pages in the list. In addition, ranges of pages may be specified, as in [@count=10..19@] or [@count=-10..-5@].%0a%0a* Pagelist templates may have special [@(:template first ...:)@] and [@(:template last ...:)@] sections to specify output for the first or last page in the list or a group. There's also a [@(:template defaults ...:)@] to allow a template to specify default options.%0a%0a* PmWiki comes with an ability to cache the results of certain [@(:pagelist:)@] directives, to speed up processing on subsequent visits to the page. To enable this feature, set $PageListCacheDir to the name of a writable directory (e.g., ''work.d/'').%0a%0a* [[#elseifelse]]The [@(:if ...:)@] conditional markup now also understands [@(:elseif ...:)@] and [@(:else:)@]. In addition, markup can nest conditionals by placing digits after if/elseif/else, as in [@(:if1 ...)@], [@(:elseif1 ...:)@], [@(:else1:)@], etc.%0a%0a* The [@(:if date ...:)@] conditional markup can now perform date comparisons for dates other than the current date and time.%0a%0a* [[WikiTrails]] can now specify #anchor identifiers to use only sections of pages as a trail.%0a%0a* A new [@(:if ontrail ...:)@] condition allows testing if a page is listed on a trail.%0a%0a* The extensions .odt, .ods, and .odp (from OpenOffice.org) are now recognized as valid attachment types by default.%0a%0a* A new [[blocklist]] capability has been added to the core distribution. It allows blocking of posts based on IP address, phrase, or regular expression, and can also make use of publicly available standard blocklists. See [[PmWiki.Blocklist]] for details.%0a%0a* There is a new [[SiteAdmin.AuthList]] page that can display a summary of all password and permissions settings for pages on a site. This page is restricted to administrators by default.%0a%0a* There are new [@{$PasswdRead}@], [@{$PasswdEdit}@], etc. variables that display the current password settings for a page (assuming the browser has attr permissions or whatever permissions are set in $PasswdVarAuth).%0a%0a* Forms creation via the [@(:input:)@] markup has been internally refactored somewhat (and may still undergo some changes prior to 2.2.0 release). The new [@(:input select ...:)@] markup can be used to create select boxes, and [@(:input default ...:)@] can be used to set default control values, including for radio buttons and checkboxes.%0a%0a* The [@(:input textarea:)@] markup now can take values from other sources, including page text variables from other pages.%0a%0a* Specifying [@focus=1@] on an [@(:input:)@] control causes that control to receive the input focus when a page is loaded. If a page has multiple controls requesting the focus, then the first control with the lowest value of [@focus=@] "wins".%0a%0a* PmWiki now provides a ''scripts/creole.php'' module to enable Creole standard markup. To enable this, add [@include_once('scripts/creole.php')@] to a local customization file.%0a%0a* PmWiki adds a new [@{(...)}@] ''markup expression'' capability, which allows various simple string and data processing (e.g., formatting of dates and times). This is extensible so that recipe authors and system administrators can easily add custom expression operators.%0a%0a* It's now possible to configure PmWiki to automatically create Category pages whenever a page is saved with category links and the corresponding category doesn't already exist. Pages are created only if the author has appropriate write permissions into the group. To enable this behavior, add the following to ''local/config.php'':%0a%0a-->[@$AutoCreate['/^Category\\./'] = array('ctime' => $Now);@]%0a%0a* Sites with wikiwords enabled can now set $WikiWordCount['WikiWord'] to -1 to indicate that 'WikiWord' should not be spaced according to $SpaceWikiWords.%0a%0a* WikiWords that follow # or & are no longer treated as WikiWords.%0a%0a* Links to non-existent group home pages (e.g., [@[[Group.]]@] and [@[[Group/]]@]) will now go to the first valid entry of $PagePathFmt, instead of being hardcoded to "Group.Group". For example, to set PmWiki to default group home pages to [@$DefaultName@], use%0a%0a-->[@$PagePathFmt = array('{$Group}.$1', '$1.{$DefaultName}', '$1.$1');@]%0a%0a* PmWiki now provides a $CurrentTimeISO and $TimeISOFmt variables, for specifying dates in ISO format.%0a%0a* [[(Cookbook:)Cookbook]] authors can use the internal PmWiki function UpdatePage (temporarily documented at [[(Cookbook:)DebuggingForCookbookAuthors]]) to change page text while preserving history/diff information, updating page revision numbers, updating RecentChanges pages, sending email notifications, etc.%0a%0a* [[Skin templates]] are now required to have %3c!--HTMLHeader--> and %3c!--HTMLFooter--> directives. Setting $EnableSkinDiag causes PmWiki to return an error if this isn't the case for a loaded skin. Skins that explicitly do not want HTMLHeader or HTMLFooter sections can use %3c!--NoHTMLHeader--> and %3c!--NoHTMLFooter--> to suppress the warning.%0a%0a* Added a new "pre" wikistyle for preformatted text blocks.%0a%0a* The xlpage-utf-8.php script now understands how to space UTF-8 wikiwords. %0a%0a* Searches on utf-8 site are now case-insensitive for utf-8 characters.%0a%0a* Many Abort() calls now provide a link to pages on pmwiki.org that can explain the problem in more detail and provide troubleshooting assistance.%0a%0a* PmWiki no longer reports "?cannot acquire lockfile" if the visitor is simply browsing pages or performing other read-only actions.%0a%0a* The $EnableReadOnly configuration variable can be set to signal PmWiki that it is to run in "read-only" mode (e.g., for distribution on read-only media). Attempts to perform actions that write to the disk are either ignored or raise an error via Abort().%0a%0a* Including authuser.php no longer automatically calls ResolvePageName().%0a%0a* Authentication using Active Directory is now simplified. In Site.AuthUser or the $AuthUser variable, set "ldap://name.of.ad.server/" with no additional path information (see PmWiki.AuthUser for more details).%0a%0a* Pages are now saved with a "charset=" attribute to identify the character set in effect when the page was saved.%0a%0a* The phpdiff.php algorithm has been optimized to be smarter about finding smaller diffs.%0a%0a* Removed the (deprecated) "#wikileft h1" and "#wikileft h5" styles from the pmwiki default skin.%0a%0a* The mailposts.php and compat1x.php scripts have been removed from the distribution.%0a%0a!! Version 2.1.27 (2006-12-11)%0a%0aThis version backports from 2.2.0-beta a bugfix for $TableRowIndexMax and also support for the [@{*$Variable}@] markup.%0a%0a!! Version 2.1.26 (2006-09-11)%0a%0aThis version fixes a bug in feeds.php that would cause feed entries to be mixed up.%0a%0a!! Version 2.1.25 (2006-09-08)%0a%0aThis release fixes a bug in authuser.php introduced by the 2.1.24 release.%0a%0aThe skin template code has also been extended to allow [@%3c!--XMLHeader-->@] and [@%3c!--XMLFooter-->@] as aliases for [@%3c!--HTMLHeader-->@] and [@%3c!--HTMLFooter-->@].%0a%0a!! Version 2.1.24 (2006-09-06)%0a%0aThis release makes some improvements and fixes to the [[AuthUser]]%0acapability.%0a%0aA bug in authuser.php that had trouble dealing with non-array values in $AuthUser has been fixed.%0a%0aIt is now possible to specify group memberships from ''local/config.php'' (remember that such entries must come ''before'' including the ''authuser.php'' script):%0a%0a # alice and bob's passwords%0a $AuthUser['alice'] = crypt('alicepassword');%0a $AuthUser['bob'] = crypt('bobpassword');%0a%0a # members of the @writers and @admins groups%0a $AuthUser['@writers'] = array('alice', 'bob');%0a $AuthUser['@admins'] = array('alice', 'dave');%0a%0a # carol is a member of @editors and @writers%0a $AuthUser['carol'] = array('@editors', '@writers');%0a%0aAuthUser can now read from Apache-formatted .htgroup files. The location of the .htgroup file can be done either in ''local/config.php'' or [[Site.AuthUser]]%0a%0a # local/config.php:%0a $AuthUser['htgroup'] = '/path/to/.htgroup';%0a%0a # Site.AuthUser%0a htgroup: /path/to/.htgroup%0a%0a%0a!! Versions 2.1.21, 2.1.22, 2.1.23 (2006-09-05, 2006-09-06)%0a%0aThis release closes a potential security vulnerability for sites %0athat are running with 'register_globals' set to on. Details of%0athe vulnerability will be forthcoming on the mailing list%0aand site.%0a%0aSites that are running with PHP 'register_globals' and 'allow_url_fopen'%0aset to 'On' should upgrade to this release at the earliest%0aopportunity. If upgrading isn't an option, contact Pm for%0aa patch to older versions.%0a%0aThere is now a tool available to analyze PmWiki sites for security%0aand other configuration settings, see [[PmWiki:SiteAnalyzer]].%0a%0aVersion 2.1.23 also corrects a bug that prevented PmWiki from being%0aable to read pagefiles created by versions of PmWiki before 0.5.6.%0a%0a!! Version 2.1.20 (2006-09-04)%0a%0aMore minor bugfixes:%0a* Corrected a bug with WikiWord references appearing in the [@(:attachlist:)@] markup.%0a* Restore ability to remove/override PmWiki's default CSS settings.%0a%0a!! Version 2.1.19 (2006-08-30)%0a%0aThis release provides a number of very minor bugfixes and%0aenhancements:%0a%0a* Fixed a bug in the pageindex code that was causing it to not regenerate as quickly as it should.%0a* Fixed image/object/embed handling in wikistyles to better support the [[Cookbook:Flash]] recipe.%0a* Fixed a bug with wikistyles and input form tags.%0a%0aThe next release(s) may have a number of substantial code%0aenhancements and changes, so this release simply closes out%0aa few items before introducing those changes.%0a%0a%0a!! Version 2.1.18 (2006-08-28)%0a%0aThis release closes a potential cross-site scripting vulnerability%0athat could allow authors to inject Javascript code through the%0avarious table markups.%0a%0aThe release also adds a new [@(:input image:)@] markup to generate%0aimage input tags in forms.%0a%0aFinally, this release corrects a problem with [@?action=print@]%0afailing to properly set the [@{$Action}@] page variable.%0a%0a!! Version 2.1.17 (2006-08-26)%0a%0aThis release fixes a long-standing bug with $EnableIMSCaching%0a(PITS:00573), whereby login/logout operations wouldn't invalidate %0abrowser caches, causing some people to see versions of a page prior%0ato the login/logout taking place. %0a%0aThe new IMS caching code maintains a "imstime" cookie in the %0avisitor's browser that keeps track of the time of last login, %0alogout, author name change, or site modification. This cookie%0ais then used to determine the proper response to browser requests%0acontaining If-Modified-Since headers. (Previously only the%0atime of the last site modification was available.) %0a%0aBrowsers which do not accept cookies will effectively act as%0athough IMS caching is disabled.%0a%0a%0a!! Version 2.1.16 (2006-08-26) [[#v2116]]%0a%0aThis release makes some improvements to skin handling -- primarily%0athis improves the capability of relocating skin files to other%0alocations, and to provide the ability for recipes to insert items%0aat the ''end'' of HTML output.%0a%0aThis release introduces a [@%3c!--HTMLFooter-->@] directive into%0a[[skin templates]], which allows recipes and local%0acustomizations to insert output near the end of a document %0ausing a $HTMLFooterFmt array from PHP.%0a%0aAlso, the [@%3c!--HeaderText-->@] directive, which inserts the%0acontents of $HTMLHeaderFmt into the output, has now been%0arenamed to [@%3c!--HTMLHeader-->@]. PmWiki will continue to%0arecognize [@%3c!--HeaderText-->@] to preserve compatibility with%0aexisting skins, but [@%3c!--HTMLHeader-->@] is preferred.%0a%0aA new $SkinLibDirs array has been introduced which allows%0athe source locations and urls for skins to be specified from%0aa customization file. By default $SkinLibDirs is set as%0a%0a $SkinLibDirs = array("./pub/skins/\$Skin" => "$PubDirUrl/skins/\$Skin",%0a "$FarmD/pub/skins/\$Skin" => "$FarmPubDirUrl/skins/\$Skin");%0a%0aThe keys (on the left) indicate the places to look for a "skin .tmpl %0afile" in the filesystem, while the values (on the right) indicate the%0aurl location of the "skin css file". Modifying the value of %0a$SkinLibDirs allows a skin .tmpl file to be located anywhere on the %0afilesystem.%0a%0aAs far as I can see, none of the changes introduced by this%0arelease should have any sort of negative impact on existing%0asites, so it should be safe to upgrade. (If I'm wrong, please%0alet me know.)%0a%0a%0a!! Version 2.1.15 (2006-08-25)%0a%0aThis release includes a number of feature enhancements and code cleanups%0aas reported or requested by administrators.%0a%0aFirst, AuthUser's LDAP authentication system now allows the use of%0aa [@?filter@] parameter, consistent with urls used for mod_auth_ldap%0aauthorization in Apache. See the newly updated LDAP section of the%0a[[AuthUser]] documentation for more details.%0a%0aA chicken-and-egg problem with the [@@_site_*@] authorization groups%0ahas been resolved. It's now possible to have a page's read authorization%0arefer to things such as [@_site_edit@].%0a%0aAlso, the RetrieveAuthPage() function -- used for retrieving pages only%0aif the visitor is authorized to do so -- now recognizes a special%0alevel parameter of 'ALWAYS', which means to always authorize access%0aregardless of the browser or visitors current permissions. This%0amay be useful for allowing certain operations to take place from%0awithin trusted scripts without having to grant full authorization%0ato the browser.%0a%0aHardcoded instances of the ''local/'' directory now use a%0acustomizable $LocalDir variable. This variable controls where%0aPmWiki looks for ''local/config.php'' and per-group customization %0afiles. It may be useful for some [[Wiki Farm(s)]] contexts. Note that%0athis does not change or affect the location of %0a''$FarmD/local/farmconfig.php''.%0a%0aSome minor internal changes have been made to %0a''scripts/wikistyles.php'' to better accommodate the %0awikipublisher recipe. It's probably better if we don't try%0ato explain them. :-)%0a%0a%0a!! Version 2.1.13, 2.1.14 (2006-08-15, 2006-08-16)%0a%0aThis release fixes a bug in handling numeric passwords, and also%0aallows ldaps:// authentication sources.%0a%0a!! Version 2.1.12 (2006-08-07)%0a%0aThis version introduces the ability to nest divs and tables.%0aThe standard [@(:table:)@] and [@(:div:)@] markups are still%0aavailable, except that a [@(:div:)@] may contain a [@(:table:)@]%0aand vice-versa. %0a%0aAs in previous versions of PmWiki, the [@(:div:)@] markup%0aautomatically closes any previous [@(:div:)@]. However, there%0aare now [@(:div1:)@], [@(:div2:)@], etc. markups (and the%0acorresponding [@(:div1end:)@], [@(:div2end:)@], ...) which can be%0aused to uniquely distinguish divs for nesting purposes.%0a%0aTo restore PmWiki's previous "non-nested" div behavior, set%0a$Transition['nodivnest'] = 1; in a local customization file.%0a%0aOther changes in this release:%0a* Add a [@(:noaction:)@] directive to suppress display of page actions.%0a* Allow anchor tags to contain colons, hyphens, and dots.%0a* Add "white-space" as an allowed wikistyle.%0a* Other minor bug fixes and typographical corrections.%0a%0a%0a!! Version 2.1.11 (2006-06-09)%0a%0aThis is a minor update that prevents [@%25define=%25@] wikistyles%0afrom generating empty paragraphs in the HTML output. Prior to%0athis release, markup lines containing only wikistyle definitions%0awould often generate empty paragraphs (%3cp>%3c/p>), this release%0achanges things so that a markup line beginning with [@%25define=@]%0aand containing only wikistyle definitions will not initiate%0aa new paragraph.%0a%0a%0a!! Version 2.1.10 (2006-06-03)%0a%0aVersion 2.1.4 introduced an [@{$Action}@] page variable that would%0acontain the current [@?action=@] value. Unfortunately, this page%0avariable conflicted with a pre-existing [@$Action@] global variable%0athat was being used by skins to display a human-friendly form of%0athe current action. Since there's not really a clean way to resolve%0athis, I've decided to keep [@{$Action}@] as a page variable%0awith the current action value (as introduced in 2.1.4), and change %0athe global for skins to be $ActionTitle. This will require updating%0askins to use $ActionTitle instead of $Action. I apologize for the%0aconflict.%0a%0aThis release adds a Site.LocalTemplates page for the [@fmt=#xyz@]%0aoption in pagelist and search results. The list of pages to be%0asearched can be customized via the $FPLTemplatePageFmt variable.%0aThe [@fmt=#xyz@] option will now also search the current page for%0aa matching template before searching Site.LocalTemplates%0aand Site.PageListTemplates.%0a%0aThe 'pmwiki' skin now places a %3cspan> around the "Recent Changes"%0alink in the header to make it somewhat easier to style.%0a%0a!! Version 2.1.9 (2006-06-02)%0a%0aThis release fixes a long-standing and difficult-to-find bug with%0athe handling of [@[[~Author]]@] links.%0a%0a!! Version 2.1.8 (2006-06-01)%0a%0aThis release simply changes the $NotifyListFmt variable to be%0a$NotifyListPageFmt (more descriptive), and adds a $NotifyList%0aarray that can be used to specify notification entries from%0aa configuration file.%0a%0a!! Version 2.1.7 (2006-05-31)%0a%0aThis release introduces a variety of improvements and bugfixes.%0a%0a'''Vspace paragraphs are now divs:'''%0aVersion 2.1.7 changes the way that PmWiki handles vertical%0aspace in output (the infamous [@%3cp class='vspace>%3c/p>@] sequence).%0aInstead of using paragraphs, PmWiki now generates %0a[@%3cdiv class='vspace'>%3c/div>@] for vertical space sequences.%0aIn addition, PmWiki is able to collapse the vspace %3cdiv> with%0aany subsequent paragraph tags, such that a sequence like%0a%0a %3cdiv class='vspace>%3c/div>%3cp>...paragraph text...%3c/p>%0a%0ais automatically converted to%0a%0a %3cp class='vspace'>...paragraph text...%3c/p>%0a%0aThis allows for better control over paragraph spacing. It is%0aexpected that this change in vspace handling will not have%0aany detrimental effects on existing sites. Sites that have%0aset custom values for $HTMLVSpace will continue to use the%0acustom value. A site that wants to restore PmWiki's earlier%0ahandling of vspace can do so by adding the following to%0a''local/config.php'':%0a%0a $HTMLVSpace = "%3cp class='vspace'>%3c/p>";%0a%0a'''Improved email notifications of changes:''' Version 2.1.7%0aincorporates a ''notify.php'' script that provides improved%0acapabilities for sending email notifications in response to%0apage changes. This script is intended to replace the previous%0a[[(PmWiki:)MailPosts]] capability, which is now deprecated (but will%0acontinue to be supported in PmWiki 2.1.x). Details and %0ainstructions for using notify.php are in the [[PmWiki.Notify]] page.%0a%0a'''Added 'group home page' syntax:''' A group name followed%0aby only a dot or slash is automatically treated as a reference%0ato the group's home page, whatever it happens to be. This simplifies%0asome pagelist templates as well as a number of other items. %0aIn particular, group links in pagelist output now points to the%0acorrect locations (instead of being a page in the current group).%0a%0aSeveral bugs and vulnerabilities have been fixed:%0a* The default width of edit forms is now more appropriate for Internet Explorer.%0a* Authentication failure messages from LDAP are now suppressed.%0a* Some cross-site scripting vulnerabilities in uploads and page links have been corrected (courtesy Moritz Naumann, http://moritz-naumann.com).%0a* A problem with invalid pagenames resulting in redirect loops has been corrected.%0a%0a!! Version 2.1.6 (2006-05-22)%0a%0aThe primary improvement in this release is the addition of %0aa pagename argument to the [@(:if auth:)@] conditional markup.%0aThus one can display markup based on a visitor's authorization%0ato a page other than the current one. For example, to test%0afor edit privileges to `Main.WikiSandbox, one would use%0a[@(:if auth edit Main.WikiSandbox:)@]. As before, if the%0apagename is omitted the directive tests authorization to%0athe current page.%0a%0aThis release also restores the ability to have hyphens in%0aInterMap link names.%0a%0aLastly, the release closes a potential cross-site scripting%0avulnerability in the WikiTrail markup, and provides some small%0aperformance improvements.%0a%0a!! Version 2.1.4, 2.1.5 (2006-03-29)%0a%0aThis release fixes a few more bugs:%0a* Pagelist-based feeds using ?action=rss work again.%0a* Multi-term searches with special characters is fixed.%0a%0aThe release also adds a couple of items:%0a* There is now an [@{$Action}@] page variable.%0a* Usernames and passwords submitted to authuser.php can contain quotes.%0a* The [@(:attachlist:)@] command now uses a natural case sort.%0a%0a!! Version 2.1.3 (2006-03-17)%0a%0aThis release fixes a bug that prevents the [@lines=@] option from%0aworking on sites running PHP 5.1.1 or later. It also re-fixes%0aa bug involving empty passwords and LDAP authentication.%0a%0a!! Version 2.1.2 (2006-03-16)%0a%0aThis release fixes a bug with handling "nopass" passwords. It also%0amakes some speed improvements to large web feeds, and fixes a couple%0aof minor HTML tag mismatches.%0a%0a!! Version 2.1.1 (2006-03-13)%0a%0aThis release primarily fixes a bug with passwords containing%0amultiple authorization groups, and in the process slightly liberalized%0athe formatting of "@group" and "id:name" handling. This release also %0aadds a new mechanism for managing and displaying FAQ pages.%0a%0a!! Version 2.1.0 (2006-03-12)%0a%0aThis set of release notes is fairly lengthy, as it chronicles all of the changes since 2.0.13 (four months of development). A lot remains the same, but some changes warrant extra care when upgrading from a 2.0.x version to 2.1.0 (thus the major revision number change). As always, questions and issues can be mailed to the pmwiki-users mailing list.%0a%0aHere's the list:%0a%0a* WikiWords are now disabled by default. To enable them, set "$LinkWikiWords = 1;" in a [[local customization(s)]] file. As of 2.1.beta2, you can now leave WikiWords enabled but have links to non-existent pages display without decoration -- to do this, place the following lines in ''pub/css/local.css'':%0a%0a span.wikiword a.createlink { display:none; }%0a span.wikiword a.createlinktext %0a { border-bottom:none; text-decoration:none; color:inherit; }%0a%0a* The [@(:pagelist:)@] code has been substantially revised. Pagelist formatting can now be specified using markup, and several defaults are available from [[Site.PageListTemplates]]. Also, several built-in pagelist formatting functions (FPLSimple, FPLByGroup, FPLGroup) are now removed in favor of the template code. The FPLByGroup function can be restored by setting $Transition['fplbygroup']=1; . '''Remark:''' Check to see if your page [[Site.PageListTemplates]] is not passwordprotected for viewing, otherwise the resulting pagelist will not be shown. %0a%0a* [@(:pagelist:)@] now also understands wildcards in @@group=@@ and @@name=@@ arguments, as well as excluding specific names and groups.%0a%0a* [@(:pagelist:)@] now has an "order=random" option.%0a%0a* [@(:searchbox:)@] now accepts "group=", "link=", "list=", etc. options to be passed along to the search results. It also accepts a "target=" option that identifies the page on which to send the search query.%0a%0a* [@?action=search@] will display the contents of the current page if it contains a [@(:@][@searchresults:)@] directive, otherwise it uses the content of the page identified by $PageSearchForm (default is the search page for the current language translation). %0a%0a* PmWiki no longer maintains a ".linkindex" file -- it now has a ".pageindex" file that contains not only a table of links, but also words used in each page (to speed up term searches). The maintenance of the .pageindex file can be disabled by setting $PageIndexFile=''; %0a %0a* The $EnablePageListProtect variable now defaults to true, so that read-only pages appear in pagelists only if the visitor has read authorization. Note that this can also slow down some [@(:pagelist:)@] and search commands, so if the site doesn't have any read-only pages or if you aren't worried with cloaking read-only pages from searchlists, it might be worth setting $EnablePageListProtect=0; .%0a%0a* Whitespace indentation rules now exist and are enabled by default. Any line that begins with whitespace and aligns with a previous list item is considered to be "within" that list item. Text folds and wraps as normal, and the [@(:linebreaks:)@] directive is honored. To turn off whitespace indentation, use [@DisableMarkup('^ws');@].%0a%0a* A single blank line after a [@!!Heading@] is silently ignored.%0a%0a* The [@(:redirect:)@] directive is now a true markup, and can be embedded inside conditional markups or includes. It also allows redirecting to an anchor in a page, such as [@(:redirect PageName#anchor:)@]. A new [@from=@] option allows the redirect to take place only from pages that match the given wildcard specification. The [@status=@] option allows a 301, 302, 303, or 307 HTTP status code to be returned.%0a%0a* The built-in authorization function has gone through some substantial internal changes, however these changes should be fully backward compatible so that it doesn't impact any existing sites. (If it ''does'' cause a problem, please let me know so I can investigate why!) The password prompts are now specified by an admin-customizable Site.AuthForm page. In addition, the authorization function no longer creates PHP sessions for visitors that aren't being authenticated.%0a%0a* The authuser.php has likewise been substantially updated. The new version should have complete backwards compatibility with previous authuser.php settings, but this version also offers the ability to configure authentication resources and authorization groups through the [[Site.AuthUser]] page. Note that by default the Site.AuthUser page can only be edited using the admin password.%0a%0a* The $EnableSessionPasswords variable can be used to control whether passwords are held in PHP sessions. (This does not affect user authentication via [[AuthUser]], however.)%0a%0a* The $Author variable now defaults to $AuthId if not otherwise set by a script or cookie.%0a%0a* The [[Site.SideBar]] page now defaults its edit password to the sitewide edit password (in $DefaultPasswords['edit']).%0a%0a* PmWiki now supports a "draft edit" mode, enabled by $EnableDrafts = 1. This creates a "Save as draft" button that will save a page under a "-Draft" suffix, for intermediate edits.%0a%0a* There is now an ?action=login action available.%0a%0a* A potential security vulnerability for sites running PHP 5 with register_globals enabled has been fixed.%0a%0a* The [@[[PageName |+]]@] markup is now available by default; this creates a link to `PageName and uses that page's title as the link text.%0a%0a* What used to be "markup variables" are now "[[page variables]]". These are always specified using the @@{$''variable''}@@ syntax, and can be used in markup and in $...Fmt strings. In addition, one can request a value for a specific page by placing the pagename in front of the variable, as in @@{''pagename''$''variable''}@@.%0a%0a* The ''scripts/rss.php'' script is now ''scripts/feeds.php'', and is a complete redesign for [[web feed(s)]] generation. The new version supports UTF-8 and other encodings, can generate Atom 1.0 ([@?action=atom@]), Dublin Core Metadata ([@?action=dc@]) output, and enclosures for podcasting. It also allows feeds to be generated from trails, groups, categories, and backlinks, and provides options (same as pagelists) for sorting and filtering the contents of the feed. Most sites can simply switch to using [@include_once("scripts/feeds.php");@] instead of the previous ''rss.php'' include. The ''rss.php'' file has been removed from the distribution (but still works with PmWiki 2.1 for those sites that wish to continue using it).%0a%0a* [[PmWiki/InterMap]] entries can now come from a `Site.InterMap page as well as the ''local/localmap.txt'' and ''local/farmmap.txt'' files. The format of these files has changed slightly, in that the InterMap name should now have a colon after it (previously the colon was omitted).%0a%0a* We can now provide better control of robot (webcrawler) interactions with a site to reduce server load and bandwidth. The $RobotPattern variable is used to detect robots based on the user-agent string, and any actions not listed in the $RobotActions array will return a 403 Forbidden response to robots. In addition, setting $EnableRobotCloakActions will eliminate any forbidden ?action= values from page links returned to robots, which will reduce bandwidth loads from robots even further (PITS:00563).%0a%0a* Non-existent page handling has been improved; whenever a browser hits a non-existent page, PmWiki returns the contents of Site.PageNotFound and a 404 ("Not Found") status code.%0a%0a* Page links that have "?action=" in their query arguments are now treated as "existing page" links even if the page does not exist.%0a%0a* The PmWiki default skin now adds rel='nofollow' to various action links.%0a%0a* Some of the CSS styles in the PmWiki default skin have been changed for better presentation.%0a%0a* The gui edit buttons have transparent (instead of white) borders so they integrate better into skins.%0a%0a* The $EnableIMSCaching variable is now much smarter, it can detect changes in local customization files as well as pages.%0a%0a* [[PmWiki/WikiStyles]] can now make percentage specifications by using "pct" to mean "%25".%0a%0a* Class attributes in [[WikiStyle(s)]] shortcuts are now cumulative, so that [@%25class1 class2%25@] results in [@class='class1 class2'@] instead of just [@class='class2'@] in the output.%0a%0a* A problem with the [@(:include PageName#from#:)@] markup not working has been fixed (PITS:00560).%0a%0a* Viewing a GroupHeader or GroupFooter page no longer displays the contents twice.%0a%0a* It's now easier to share pages among multiple sites (e.g., [[WikiFarms]]), see Cookbook:SharedPages (PITS:00459).%0a%0a* A problem with nested apostrophe markups has been fixed (PITS:00590).%0a%0a* PmWiki is now smarter about not surrounding block HTML tags with %3cp>...%3c/p> tags.%0a%0a* If an [@[[#anchor]]@] is used more than once in a page, only the first generates an actual anchor (to preserve XHTML validity).%0a%0a* There are now [@(:if equal ...:)@] and [@(:if exists pagename:)@] [[conditional markup]]s.%0a%0a* Compound conditional markup expressions are now possible -- e.g. [@(:if [ group PmWiki && ! name PmWiki ] :)@] .%0a%0a* Added an $InputValues array that can supply default values for certain form controls (PITS:00566).%0a%0a* The default setting of $UploadUrlFmt is now based on $PubDirUrl instead of $ScriptUrl.%0a%0a* The $text global variable has been removed (use $_GET['text'], $_POST['text'], or $_REQUEST['text']).%0a%0a* A possible problem with url-encoding of attachments with non-ASCII characters has been addressed (PITS:00588).%0a%0a* Page actions in non-existent pages no longer display with non-existent link decorations.%0a%0a* A README.txt file has been added, and several documentation files are now available through the docs/ directory.%0a %0a* PmWiki is no longer available through CVS on sourceforge.net. It is now available via SVN on pmwiki.org, at svn://pmwiki.org/pmwiki/tags/latest . For more details, see PmWiki:Subversion.%0a%0a* The $NewlineXXX variable (deprecated in 2.0.0) has been removed.%0a%0a* There is experimental support for server-side caching of pages that take a long time to render; this is currently an unsupported feature and may be removed in future releases.%0a%0a%25red%25Wiki administrators should note that from this release on PmWiki defaults to having WikiWords disabled.%0a%0aTo make sure WikiWords are enabled, use [@$LinkWikiWords = 1;@] in%0athe ''local/config.php'' file.%0a%0a----%0aBugs and other requests can be reported to the PmWiki Issue Tracking %0aSystem at http://www.pmwiki.org/wiki/PITS/PITS. Any help%0ain testing, development, and/or documentation is greatly appreciated..%0a%0a[[(PmWiki:)Release Notes archive]] - notes for versions older than 2.1.0.%0a%0a%0a%0a%0a%0a%0a%0a%0a%0a%0a -time=1247698849 +text=(:title Release Notes:)%0a(:Summary: PmWiki release notes:)%0a!! Version 2.2.4 (2009-07-16)%0aThis release fixes a bug introduced earlier today with HTML entities in XLPages.%0a%0a!! Version 2.2.3 (2009-07-16)%0aThis release fixes six potential XSS vulnerabilities, reported by Michael Engelke. The vulnerabilities may affect wikis open for editing and may allow the injection of external JavaScripts in their pages. Public open wikis should upgrade.%0a%0aA new variable $EnableUploadGroupAuth was added; if set to 1, it allows password-protected uploads to be checked against the Group password. %0a%0aIt is now possible to use @@ @_site_edit, @_site_read, @_site_admin@@ or @@ @_site_upload@@ global passwords in GroupAttributes pages.%0a%0aA number of other small bugs were fixed, and the documentation was updated.%0a%0a!! Version 2.2.2 (2009-06-21)%0aThe major news in this release is a fix of an AuthUser vulnerability.%0a%0aThe vulnerability affects only wikis that (1) rely on the AuthUser core module %0afor User:Password authentication, -AND- (2) where the PHP installation runs %0awith the variable "magic_quotes_gpc" disabled.%0a%0aAll PmWiki 2.1.x versions from pmwiki-2.1.beta6 on, all 2.2.betaX, 2.2.0, and %0a2.2.1 are affected.%0a%0aThe PmWiki SiteAnalyzer can detect if your wiki needs to upgrade:%0a http://www.pmwiki.org/wiki/PmWiki/SiteAnalyzer%0a%0aIf your wiki is vulnerable, you should do one of the following at the earliest %0aopportunity:%0a%0a* Upgrade to a version of PmWiki at least 2.2.2 or greater.%0a* Turn on magic_quotes_gpc in the php.ini file or in a .htaccess file.%0a%0aAlternatively, you can temporarily disable AuthUser until you upgrade.%0a%0aNote that even if your wiki does not have the AuthUser vulnerability at the %0amoment, you are strongly encouraged to upgrade to PmWiki version 2.2.2 or %0alater, as some future configuration of your hosting server might put you at %0arisk.%0a%0aThis release also comes with minor updates in the local documentation; fixes %0awere applied for international wikis - notably global variables in %0axlpage-utf-8.php and a new variable $EnableNotifySubjectEncode, which allows %0ae-mail clients to correctly display the Subject header; and a number of other %0asmall bugs were fixed.%0a%0a!! Version 2.2.1 (2009-03-28)%0aThis release comes with an updated local documentation; wikiTrails now work cross-group; guiedit.php now produces valid HTML, and other small bugs were fixed. We also added $EnableRedirectQuiet, which allows redirects to take place without any mention of "redirected from page ....".%0a%0a!! Version 2.2.0 (2009-01-18)%0a%0aThis is a summary of changes from 2.1.x to 2.2.0.%0a%0a* Several pages that were formerly in the [[Site]].* group are now in a separate [[SiteAdmin]].* group, which is read-restricted by default. The affected pages include Site.AuthUser, Site.AuthList, Site.NotifyList, Site.Blocklist, and Site.ApprovedUrls . If upgrading from an earlier version of PmWiki, PmWiki will prompt to automatically copy these pages to their new location if needed. If a site wishes to continue using the old Site.* group for these pages, simply set%0a%0a-> $SiteAdminGroup = $SiteGroup;%0a%0a-> when carrying out this upgrade inspect your config files for lines such as%0a--> $BlocklistDownload['Site.Blocklist-PmWiki'] = array('format' => 'pmwiki');%0a->as you may wish to fix then, eg%0a--> $BlocklistDownload[$SiteAdminGroup . '.Blocklist-PmWiki'] = array('format' => 'pmwiki');%0a%0a* Important Change in Passwords in PmWiki 2.2 indicating that the group can be edited even if a site password is set will be done by @@"@nopass"@@ prior it was done by @@"nopass"@@%0a-> When migrating a wiki you will have to manually modify the permission or by a script replace in all the page concerned @@passwdread=nopass:@@ by @@passwdread=@nopass@@ (see PITS:00961) --isidor%0a%0a* PmWiki now ships with WikiWords entirely disabled by default. To re-enable them, set either $LinkWikiWords or $EnableWikiWords to 1. To get the 2.1 behavior where WikiWords are spaced and parsed but don't form links, use the following:%0a-> $EnableWikiWords = 1;%0a-> $LinkWikiWords = 0;%0a%0a* It's now easy to disable the rule that causes lines with leading spaces to be treated as preformatted text -- simply set $EnableWSPre=0; to disable this rule.%0a%0a--> '''Important:''' There is ongoing discussion that the leading whitespace rule may be disabled ''by default'' in a future versions of PmWiki. If you want to make sure that the rule will continue to work in future upgrades, set $EnableWSPre=1; in ''local/config.php''.%0a%0a* The $ROSPatterns variable has changed somewhat -- replacement strings are no longer automatically passed through FmtPageName() prior to substitution (i.e., it must now be done explicitly).%0a%0a* Page variables and page links inside of [@(:include:)@] pages are now treated as relative to the included page, instead of the currently browsed page. In short, the idea is that links and page variables should be evaluated with respect to the page in which they are written, as opposed to the page in which they appear. This seems to be more in line with what authors expect. There are a number of important ramifications of this change:%0a%0a[[#relativeurls]]%0a** We now have a new [@{*$var}@] form of page variable, which always refers to "the currently displayed page". Pages such as Site.PageActions and Site.EditForm that are designed to work on "the currently browsed page" should generally switch to using [@{*$FullName}@] instead of [@{$FullName}@].%0a%0a** The $EnableRelativePageLinks and $EnableRelativePageVars settings control the treatment of links and page variables in included pages. However, to minimize disruption to existing sites, $EnableRelativePageVars defaults to '''disabled'''. This will give existing sites an opportunity to convert any absolute [@{$var}@] references to be [@{*$var}@] instead.%0a%0a** Eventually $EnableRelativePageVars will be enabled by default, so we highly recommend setting [@$EnableRelativePageVars = 1;@] in ''local/config.php'' to see how a site will react to the new interpretation. Administrators should especially check any customized versions of the following:%0a---> [[Site.PageActions]]%0a---> [[Site.EditForm]]%0a---> [[Site.PageNotFound]]%0a---> SideBar pages with ?action= links for the current page%0a---> $GroupHeaderFmt, $GroupFooterFmt%0a---> [[Page lists]] that refer to the current group or page, etc in sidebars, headers, and footers%0a%0a** The [@(:include:)@] directive now has a [@basepage=@] option whereby an author can explicitly specify the page upon which relative links and page variables should be based. If no basepage= option is specified, the included page is assumed to be the base.%0a%0a* Sites that want to retain the pre-2.2 behavior of [@(:include:)@] and other items can set [@$Transition['version'] = 2001900;@] to automatically retain the 2.1.x defaults.%0a%0a* Text inserted via [@(:include:)@] can contain "immediate substitutions" of the form [@{$$option}@] -- these are substituted with the value of any options provided to the include directive.%0a%0a* PmWiki now recognizes when it is being accessed via "https:" and switches its internal links appropriately. This can be overridden by explicitly setting $ScriptUrl and $PubDirUrl.%0a%0a* A new $EnableLinkPageRelative option allows PmWiki to generate relative urls for page links instead of absolute urls.%0a%0a* Draft handling capabilities have been greatly improved. When $EnableDrafts is set, then the "Save" button is relabeled to "Publish" and a "Save draft" button appears. In addition, an $EnablePublishAttr configuration variable adds a new "publish" authorization level to distinguish editing from publishing. See [[PmWiki:Drafts]] for more details.%0a%0a[[#ptvstart]]%0a* There is a new [@{$:var}@] "page text variable" available that is able to grab text excerpts out of markup content. For example, [@{SomePage$:Xyz}@] will be replaced by a definition of "Xyz" in SomePage. Page text variables can be defined using definition markup, a line beginning with the variable name and a colon, or a special directive form (that doesn't display anything on output):%0a%0a-->[@%0a:Xyz: some value # definition list form%0aXyz: some value # colon form%0a(:Xyz: some value:) # directive form%0a@]%0a[[#ptvend]]%0a%0a* The [@(:pagelist:)@] command can now filter pages based on the contents of page variables and/or page text variables. For example, the following directive displays only those pages that have an "Xyz" page text variable with "some value":%0a%0a-->[@(:pagelist $:Xyz="some value":)@]%0a%0a Wildcards also work here, thus the following pagelist command lists pages where the page's title starts with the letter "a":%0a%0a-->[@(:pagelist $Title=A* :)@]%0a%0a* The if= option to [@(:pagelist)@] can be used to filter pages based on conditional markup:%0a%0a-->[@(:pagelist if="auth upload {=$FullName}":)@] pages with upload permission%0a-->[@(:pagelist if="date today.. {=$Name}":)@] pages with names that are dates later than today%0a%0a* Spaces no longer separate wildcard patterns -- use commas. (Most people have been doing this already.)%0a%0a* Because page variables are now "relative", the [@{$PageCount}, {$GroupCount}, {$GroupPageCount}@] variables used in pagelist templates are now [@{$$PageCount}, {$$GroupCount}, {$$GroupPageCount}@].%0a%0a* One can now use [@{$$option}@] in a pagelist template to obtain the value of any 'option=' provided to the [@(:pagelist:)@] command.%0a%0a* The [@(:pagelist:)@] directive no longer accepts parameters from urls or forms by default. In order to have it accept such parameters (which was the default in 2.1 and earlier), add a [@request=1@] option to the [@(:pagelist:)@] directive.%0a%0a* The [@count=@] option to pagelists now accepts negative values to count from the end of the list. Thus [@count=5@] returns the the first five pages in the list, and [@count=-5@] returns the last five pages in the list. In addition, ranges of pages may be specified, as in [@count=10..19@] or [@count=-10..-5@].%0a%0a* Pagelist templates may have special [@(:template first ...:)@] and [@(:template last ...:)@] sections to specify output for the first or last page in the list or a group. There's also a [@(:template defaults ...:)@] to allow a template to specify default options.%0a%0a* PmWiki comes with an ability to cache the results of certain [@(:pagelist:)@] directives, to speed up processing on subsequent visits to the page. To enable this feature, set $PageListCacheDir to the name of a writable directory (e.g., ''work.d/'').%0a%0a* [[#elseifelse]]The [@(:if ...:)@] conditional markup now also understands [@(:elseif ...:)@] and [@(:else:)@]. In addition, markup can nest conditionals by placing digits after if/elseif/else, as in [@(:if1 ...)@], [@(:elseif1 ...:)@], [@(:else1:)@], etc.%0a%0a* The [@(:if date ...:)@] conditional markup can now perform date comparisons for dates other than the current date and time.%0a%0a* [[WikiTrails]] can now specify #anchor identifiers to use only sections of pages as a trail.%0a%0a* A new [@(:if ontrail ...:)@] condition allows testing if a page is listed on a trail.%0a%0a* The extensions .odt, .ods, and .odp (from OpenOffice.org) are now recognized as valid attachment types by default.%0a%0a* A new [[blocklist]] capability has been added to the core distribution. It allows blocking of posts based on IP address, phrase, or regular expression, and can also make use of publicly available standard blocklists. See [[PmWiki.Blocklist]] for details.%0a%0a* There is a new [[SiteAdmin.AuthList]] page that can display a summary of all password and permissions settings for pages on a site. This page is restricted to administrators by default.%0a%0a* There are new [@{$PasswdRead}@], [@{$PasswdEdit}@], etc. variables that display the current password settings for a page (assuming the browser has attr permissions or whatever permissions are set in $PasswdVarAuth).%0a%0a* Forms creation via the [@(:input:)@] markup has been internally refactored somewhat (and may still undergo some changes prior to 2.2.0 release). The new [@(:input select ...:)@] markup can be used to create select boxes, and [@(:input default ...:)@] can be used to set default control values, including for radio buttons and checkboxes.%0a%0a* The [@(:input textarea:)@] markup now can take values from other sources, including page text variables from other pages.%0a%0a* Specifying [@focus=1@] on an [@(:input:)@] control causes that control to receive the input focus when a page is loaded. If a page has multiple controls requesting the focus, then the first control with the lowest value of [@focus=@] "wins".%0a%0a* PmWiki now provides a ''scripts/creole.php'' module to enable Creole standard markup. To enable this, add [@include_once('scripts/creole.php')@] to a local customization file.%0a%0a* PmWiki adds a new [@{(...)}@] ''markup expression'' capability, which allows various simple string and data processing (e.g., formatting of dates and times). This is extensible so that recipe authors and system administrators can easily add custom expression operators.%0a%0a* It's now possible to configure PmWiki to automatically create Category pages whenever a page is saved with category links and the corresponding category doesn't already exist. Pages are created only if the author has appropriate write permissions into the group. To enable this behavior, add the following to ''local/config.php'':%0a%0a-->[@$AutoCreate['/^Category\\./'] = array('ctime' => $Now);@]%0a%0a* Sites with wikiwords enabled can now set $WikiWordCount['WikiWord'] to -1 to indicate that 'WikiWord' should not be spaced according to $SpaceWikiWords.%0a%0a* WikiWords that follow # or & are no longer treated as WikiWords.%0a%0a* Links to non-existent group home pages (e.g., [@[[Group.]]@] and [@[[Group/]]@]) will now go to the first valid entry of $PagePathFmt, instead of being hardcoded to "Group.Group". For example, to set PmWiki to default group home pages to [@$DefaultName@], use%0a%0a-->[@$PagePathFmt = array('{$Group}.$1', '$1.{$DefaultName}', '$1.$1');@]%0a%0a* PmWiki now provides a $CurrentTimeISO and $TimeISOFmt variables, for specifying dates in ISO format.%0a%0a* [[(Cookbook:)Cookbook]] authors can use the internal PmWiki function UpdatePage (temporarily documented at [[(Cookbook:)DebuggingForCookbookAuthors]]) to change page text while preserving history/diff information, updating page revision numbers, updating RecentChanges pages, sending email notifications, etc.%0a%0a* [[Skin templates]] are now required to have %3c!--HTMLHeader--> and %3c!--HTMLFooter--> directives. Setting $EnableSkinDiag causes PmWiki to return an error if this isn't the case for a loaded skin. Skins that explicitly do not want HTMLHeader or HTMLFooter sections can use %3c!--NoHTMLHeader--> and %3c!--NoHTMLFooter--> to suppress the warning.%0a%0a* Added a new "pre" wikistyle for preformatted text blocks.%0a%0a* The xlpage-utf-8.php script now understands how to space UTF-8 wikiwords. %0a%0a* Searches on utf-8 site are now case-insensitive for utf-8 characters.%0a%0a* Many Abort() calls now provide a link to pages on pmwiki.org that can explain the problem in more detail and provide troubleshooting assistance.%0a%0a* PmWiki no longer reports "?cannot acquire lockfile" if the visitor is simply browsing pages or performing other read-only actions.%0a%0a* The $EnableReadOnly configuration variable can be set to signal PmWiki that it is to run in "read-only" mode (e.g., for distribution on read-only media). Attempts to perform actions that write to the disk are either ignored or raise an error via Abort().%0a%0a* Including authuser.php no longer automatically calls ResolvePageName().%0a%0a* Authentication using Active Directory is now simplified. In Site.AuthUser or the $AuthUser variable, set "ldap://name.of.ad.server/" with no additional path information (see PmWiki.AuthUser for more details).%0a%0a* Pages are now saved with a "charset=" attribute to identify the character set in effect when the page was saved.%0a%0a* The phpdiff.php algorithm has been optimized to be smarter about finding smaller diffs.%0a%0a* Removed the (deprecated) "#wikileft h1" and "#wikileft h5" styles from the pmwiki default skin.%0a%0a* The mailposts.php and compat1x.php scripts have been removed from the distribution.%0a%0a!! Version 2.1.27 (2006-12-11)%0a%0aThis version backports from 2.2.0-beta a bugfix for $TableRowIndexMax and also support for the [@{*$Variable}@] markup.%0a%0a!! Version 2.1.26 (2006-09-11)%0a%0aThis version fixes a bug in feeds.php that would cause feed entries to be mixed up.%0a%0a!! Version 2.1.25 (2006-09-08)%0a%0aThis release fixes a bug in authuser.php introduced by the 2.1.24 release.%0a%0aThe skin template code has also been extended to allow [@%3c!--XMLHeader-->@] and [@%3c!--XMLFooter-->@] as aliases for [@%3c!--HTMLHeader-->@] and [@%3c!--HTMLFooter-->@].%0a%0a!! Version 2.1.24 (2006-09-06)%0a%0aThis release makes some improvements and fixes to the [[AuthUser]]%0acapability.%0a%0aA bug in authuser.php that had trouble dealing with non-array values in $AuthUser has been fixed.%0a%0aIt is now possible to specify group memberships from ''local/config.php'' (remember that such entries must come ''before'' including the ''authuser.php'' script):%0a%0a # alice and bob's passwords%0a $AuthUser['alice'] = crypt('alicepassword');%0a $AuthUser['bob'] = crypt('bobpassword');%0a%0a # members of the @writers and @admins groups%0a $AuthUser['@writers'] = array('alice', 'bob');%0a $AuthUser['@admins'] = array('alice', 'dave');%0a%0a # carol is a member of @editors and @writers%0a $AuthUser['carol'] = array('@editors', '@writers');%0a%0aAuthUser can now read from Apache-formatted .htgroup files. The location of the .htgroup file can be done either in ''local/config.php'' or [[Site.AuthUser]]%0a%0a # local/config.php:%0a $AuthUser['htgroup'] = '/path/to/.htgroup';%0a%0a # Site.AuthUser%0a htgroup: /path/to/.htgroup%0a%0a%0a!! Versions 2.1.21, 2.1.22, 2.1.23 (2006-09-05, 2006-09-06)%0a%0aThis release closes a potential security vulnerability for sites %0athat are running with 'register_globals' set to on. Details of%0athe vulnerability will be forthcoming on the mailing list%0aand site.%0a%0aSites that are running with PHP 'register_globals' and 'allow_url_fopen'%0aset to 'On' should upgrade to this release at the earliest%0aopportunity. If upgrading isn't an option, contact Pm for%0aa patch to older versions.%0a%0aThere is now a tool available to analyze PmWiki sites for security%0aand other configuration settings, see [[PmWiki:SiteAnalyzer]].%0a%0aVersion 2.1.23 also corrects a bug that prevented PmWiki from being%0aable to read pagefiles created by versions of PmWiki before 0.5.6.%0a%0a!! Version 2.1.20 (2006-09-04)%0a%0aMore minor bugfixes:%0a* Corrected a bug with WikiWord references appearing in the [@(:attachlist:)@] markup.%0a* Restore ability to remove/override PmWiki's default CSS settings.%0a%0a!! Version 2.1.19 (2006-08-30)%0a%0aThis release provides a number of very minor bugfixes and%0aenhancements:%0a%0a* Fixed a bug in the pageindex code that was causing it to not regenerate as quickly as it should.%0a* Fixed image/object/embed handling in wikistyles to better support the [[Cookbook:Flash]] recipe.%0a* Fixed a bug with wikistyles and input form tags.%0a%0aThe next release(s) may have a number of substantial code%0aenhancements and changes, so this release simply closes out%0aa few items before introducing those changes.%0a%0a%0a!! Version 2.1.18 (2006-08-28)%0a%0aThis release closes a potential cross-site scripting vulnerability%0athat could allow authors to inject Javascript code through the%0avarious table markups.%0a%0aThe release also adds a new [@(:input image:)@] markup to generate%0aimage input tags in forms.%0a%0aFinally, this release corrects a problem with [@?action=print@]%0afailing to properly set the [@{$Action}@] page variable.%0a%0a!! Version 2.1.17 (2006-08-26)%0a%0aThis release fixes a long-standing bug with $EnableIMSCaching%0a(PITS:00573), whereby login/logout operations wouldn't invalidate %0abrowser caches, causing some people to see versions of a page prior%0ato the login/logout taking place. %0a%0aThe new IMS caching code maintains a "imstime" cookie in the %0avisitor's browser that keeps track of the time of last login, %0alogout, author name change, or site modification. This cookie%0ais then used to determine the proper response to browser requests%0acontaining If-Modified-Since headers. (Previously only the%0atime of the last site modification was available.) %0a%0aBrowsers which do not accept cookies will effectively act as%0athough IMS caching is disabled.%0a%0a%0a!! Version 2.1.16 (2006-08-26) [[#v2116]]%0a%0aThis release makes some improvements to skin handling -- primarily%0athis improves the capability of relocating skin files to other%0alocations, and to provide the ability for recipes to insert items%0aat the ''end'' of HTML output.%0a%0aThis release introduces a [@%3c!--HTMLFooter-->@] directive into%0a[[skin templates]], which allows recipes and local%0acustomizations to insert output near the end of a document %0ausing a $HTMLFooterFmt array from PHP.%0a%0aAlso, the [@%3c!--HeaderText-->@] directive, which inserts the%0acontents of $HTMLHeaderFmt into the output, has now been%0arenamed to [@%3c!--HTMLHeader-->@]. PmWiki will continue to%0arecognize [@%3c!--HeaderText-->@] to preserve compatibility with%0aexisting skins, but [@%3c!--HTMLHeader-->@] is preferred.%0a%0aA new $SkinLibDirs array has been introduced which allows%0athe source locations and urls for skins to be specified from%0aa customization file. By default $SkinLibDirs is set as%0a%0a $SkinLibDirs = array("./pub/skins/\$Skin" => "$PubDirUrl/skins/\$Skin",%0a "$FarmD/pub/skins/\$Skin" => "$FarmPubDirUrl/skins/\$Skin");%0a%0aThe keys (on the left) indicate the places to look for a "skin .tmpl %0afile" in the filesystem, while the values (on the right) indicate the%0aurl location of the "skin css file". Modifying the value of %0a$SkinLibDirs allows a skin .tmpl file to be located anywhere on the %0afilesystem.%0a%0aAs far as I can see, none of the changes introduced by this%0arelease should have any sort of negative impact on existing%0asites, so it should be safe to upgrade. (If I'm wrong, please%0alet me know.)%0a%0a%0a!! Version 2.1.15 (2006-08-25)%0a%0aThis release includes a number of feature enhancements and code cleanups%0aas reported or requested by administrators.%0a%0aFirst, AuthUser's LDAP authentication system now allows the use of%0aa [@?filter@] parameter, consistent with urls used for mod_auth_ldap%0aauthorization in Apache. See the newly updated LDAP section of the%0a[[AuthUser]] documentation for more details.%0a%0aA chicken-and-egg problem with the [@@_site_*@] authorization groups%0ahas been resolved. It's now possible to have a page's read authorization%0arefer to things such as [@_site_edit@].%0a%0aAlso, the RetrieveAuthPage() function -- used for retrieving pages only%0aif the visitor is authorized to do so -- now recognizes a special%0alevel parameter of 'ALWAYS', which means to always authorize access%0aregardless of the browser or visitors current permissions. This%0amay be useful for allowing certain operations to take place from%0awithin trusted scripts without having to grant full authorization%0ato the browser.%0a%0aHardcoded instances of the ''local/'' directory now use a%0acustomizable $LocalDir variable. This variable controls where%0aPmWiki looks for ''local/config.php'' and per-group customization %0afiles. It may be useful for some [[Wiki Farm(s)]] contexts. Note that%0athis does not change or affect the location of %0a''$FarmD/local/farmconfig.php''.%0a%0aSome minor internal changes have been made to %0a''scripts/wikistyles.php'' to better accommodate the %0awikipublisher recipe. It's probably better if we don't try%0ato explain them. :-)%0a%0a%0a!! Version 2.1.13, 2.1.14 (2006-08-15, 2006-08-16)%0a%0aThis release fixes a bug in handling numeric passwords, and also%0aallows ldaps:// authentication sources.%0a%0a!! Version 2.1.12 (2006-08-07)%0a%0aThis version introduces the ability to nest divs and tables.%0aThe standard [@(:table:)@] and [@(:div:)@] markups are still%0aavailable, except that a [@(:div:)@] may contain a [@(:table:)@]%0aand vice-versa. %0a%0aAs in previous versions of PmWiki, the [@(:div:)@] markup%0aautomatically closes any previous [@(:div:)@]. However, there%0aare now [@(:div1:)@], [@(:div2:)@], etc. markups (and the%0acorresponding [@(:div1end:)@], [@(:div2end:)@], ...) which can be%0aused to uniquely distinguish divs for nesting purposes.%0a%0aTo restore PmWiki's previous "non-nested" div behavior, set%0a$Transition['nodivnest'] = 1; in a local customization file.%0a%0aOther changes in this release:%0a* Add a [@(:noaction:)@] directive to suppress display of page actions.%0a* Allow anchor tags to contain colons, hyphens, and dots.%0a* Add "white-space" as an allowed wikistyle.%0a* Other minor bug fixes and typographical corrections.%0a%0a%0a!! Version 2.1.11 (2006-06-09)%0a%0aThis is a minor update that prevents [@%25define=%25@] wikistyles%0afrom generating empty paragraphs in the HTML output. Prior to%0athis release, markup lines containing only wikistyle definitions%0awould often generate empty paragraphs (%3cp>%3c/p>), this release%0achanges things so that a markup line beginning with [@%25define=@]%0aand containing only wikistyle definitions will not initiate%0aa new paragraph.%0a%0a%0a!! Version 2.1.10 (2006-06-03)%0a%0aVersion 2.1.4 introduced an [@{$Action}@] page variable that would%0acontain the current [@?action=@] value. Unfortunately, this page%0avariable conflicted with a pre-existing [@$Action@] global variable%0athat was being used by skins to display a human-friendly form of%0athe current action. Since there's not really a clean way to resolve%0athis, I've decided to keep [@{$Action}@] as a page variable%0awith the current action value (as introduced in 2.1.4), and change %0athe global for skins to be $ActionTitle. This will require updating%0askins to use $ActionTitle instead of $Action. I apologize for the%0aconflict.%0a%0aThis release adds a Site.LocalTemplates page for the [@fmt=#xyz@]%0aoption in pagelist and search results. The list of pages to be%0asearched can be customized via the $FPLTemplatePageFmt variable.%0aThe [@fmt=#xyz@] option will now also search the current page for%0aa matching template before searching Site.LocalTemplates%0aand Site.PageListTemplates.%0a%0aThe 'pmwiki' skin now places a %3cspan> around the "Recent Changes"%0alink in the header to make it somewhat easier to style.%0a%0a!! Version 2.1.9 (2006-06-02)%0a%0aThis release fixes a long-standing and difficult-to-find bug with%0athe handling of [@[[~Author]]@] links.%0a%0a!! Version 2.1.8 (2006-06-01)%0a%0aThis release simply changes the $NotifyListFmt variable to be%0a$NotifyListPageFmt (more descriptive), and adds a $NotifyList%0aarray that can be used to specify notification entries from%0aa configuration file.%0a%0a!! Version 2.1.7 (2006-05-31)%0a%0aThis release introduces a variety of improvements and bugfixes.%0a%0a'''Vspace paragraphs are now divs:'''%0aVersion 2.1.7 changes the way that PmWiki handles vertical%0aspace in output (the infamous [@%3cp class='vspace>%3c/p>@] sequence).%0aInstead of using paragraphs, PmWiki now generates %0a[@%3cdiv class='vspace'>%3c/div>@] for vertical space sequences.%0aIn addition, PmWiki is able to collapse the vspace %3cdiv> with%0aany subsequent paragraph tags, such that a sequence like%0a%0a %3cdiv class='vspace>%3c/div>%3cp>...paragraph text...%3c/p>%0a%0ais automatically converted to%0a%0a %3cp class='vspace'>...paragraph text...%3c/p>%0a%0aThis allows for better control over paragraph spacing. It is%0aexpected that this change in vspace handling will not have%0aany detrimental effects on existing sites. Sites that have%0aset custom values for $HTMLVSpace will continue to use the%0acustom value. A site that wants to restore PmWiki's earlier%0ahandling of vspace can do so by adding the following to%0a''local/config.php'':%0a%0a $HTMLVSpace = "%3cp class='vspace'>%3c/p>";%0a%0a'''Improved email notifications of changes:''' Version 2.1.7%0aincorporates a ''notify.php'' script that provides improved%0acapabilities for sending email notifications in response to%0apage changes. This script is intended to replace the previous%0a[[(PmWiki:)MailPosts]] capability, which is now deprecated (but will%0acontinue to be supported in PmWiki 2.1.x). Details and %0ainstructions for using notify.php are in the [[PmWiki.Notify]] page.%0a%0a'''Added 'group home page' syntax:''' A group name followed%0aby only a dot or slash is automatically treated as a reference%0ato the group's home page, whatever it happens to be. This simplifies%0asome pagelist templates as well as a number of other items. %0aIn particular, group links in pagelist output now points to the%0acorrect locations (instead of being a page in the current group).%0a%0aSeveral bugs and vulnerabilities have been fixed:%0a* The default width of edit forms is now more appropriate for Internet Explorer.%0a* Authentication failure messages from LDAP are now suppressed.%0a* Some cross-site scripting vulnerabilities in uploads and page links have been corrected (courtesy Moritz Naumann, http://moritz-naumann.com).%0a* A problem with invalid pagenames resulting in redirect loops has been corrected.%0a%0a!! Version 2.1.6 (2006-05-22)%0a%0aThe primary improvement in this release is the addition of %0aa pagename argument to the [@(:if auth:)@] conditional markup.%0aThus one can display markup based on a visitor's authorization%0ato a page other than the current one. For example, to test%0afor edit privileges to `Main.WikiSandbox, one would use%0a[@(:if auth edit Main.WikiSandbox:)@]. As before, if the%0apagename is omitted the directive tests authorization to%0athe current page.%0a%0aThis release also restores the ability to have hyphens in%0aInterMap link names.%0a%0aLastly, the release closes a potential cross-site scripting%0avulnerability in the WikiTrail markup, and provides some small%0aperformance improvements.%0a%0a!! Version 2.1.4, 2.1.5 (2006-03-29)%0a%0aThis release fixes a few more bugs:%0a* Pagelist-based feeds using ?action=rss work again.%0a* Multi-term searches with special characters is fixed.%0a%0aThe release also adds a couple of items:%0a* There is now an [@{$Action}@] page variable.%0a* Usernames and passwords submitted to authuser.php can contain quotes.%0a* The [@(:attachlist:)@] command now uses a natural case sort.%0a%0a!! Version 2.1.3 (2006-03-17)%0a%0aThis release fixes a bug that prevents the [@lines=@] option from%0aworking on sites running PHP 5.1.1 or later. It also re-fixes%0aa bug involving empty passwords and LDAP authentication.%0a%0a!! Version 2.1.2 (2006-03-16)%0a%0aThis release fixes a bug with handling "nopass" passwords. It also%0amakes some speed improvements to large web feeds, and fixes a couple%0aof minor HTML tag mismatches.%0a%0a!! Version 2.1.1 (2006-03-13)%0a%0aThis release primarily fixes a bug with passwords containing%0amultiple authorization groups, and in the process slightly liberalized%0athe formatting of "@group" and "id:name" handling. This release also %0aadds a new mechanism for managing and displaying FAQ pages.%0a%0a!! Version 2.1.0 (2006-03-12)%0a%0aThis set of release notes is fairly lengthy, as it chronicles all of the changes since 2.0.13 (four months of development). A lot remains the same, but some changes warrant extra care when upgrading from a 2.0.x version to 2.1.0 (thus the major revision number change). As always, questions and issues can be mailed to the pmwiki-users mailing list.%0a%0aHere's the list:%0a%0a* WikiWords are now disabled by default. To enable them, set "$LinkWikiWords = 1;" in a [[local customization(s)]] file. As of 2.1.beta2, you can now leave WikiWords enabled but have links to non-existent pages display without decoration -- to do this, place the following lines in ''pub/css/local.css'':%0a%0a span.wikiword a.createlink { display:none; }%0a span.wikiword a.createlinktext %0a { border-bottom:none; text-decoration:none; color:inherit; }%0a%0a* The [@(:pagelist:)@] code has been substantially revised. Pagelist formatting can now be specified using markup, and several defaults are available from [[Site.PageListTemplates]]. Also, several built-in pagelist formatting functions (FPLSimple, FPLByGroup, FPLGroup) are now removed in favor of the template code. The FPLByGroup function can be restored by setting $Transition['fplbygroup']=1; . '''Remark:''' Check to see if your page [[Site.PageListTemplates]] is not passwordprotected for viewing, otherwise the resulting pagelist will not be shown. %0a%0a* [@(:pagelist:)@] now also understands wildcards in @@group=@@ and @@name=@@ arguments, as well as excluding specific names and groups.%0a%0a* [@(:pagelist:)@] now has an "order=random" option.%0a%0a* [@(:searchbox:)@] now accepts "group=", "link=", "list=", etc. options to be passed along to the search results. It also accepts a "target=" option that identifies the page on which to send the search query.%0a%0a* [@?action=search@] will display the contents of the current page if it contains a [@(:@][@searchresults:)@] directive, otherwise it uses the content of the page identified by $PageSearchForm (default is the search page for the current language translation). %0a%0a* PmWiki no longer maintains a ".linkindex" file -- it now has a ".pageindex" file that contains not only a table of links, but also words used in each page (to speed up term searches). The maintenance of the .pageindex file can be disabled by setting $PageIndexFile=''; %0a %0a* The $EnablePageListProtect variable now defaults to true, so that read-only pages appear in pagelists only if the visitor has read authorization. Note that this can also slow down some [@(:pagelist:)@] and search commands, so if the site doesn't have any read-only pages or if you aren't worried with cloaking read-only pages from searchlists, it might be worth setting $EnablePageListProtect=0; .%0a%0a* Whitespace indentation rules now exist and are enabled by default. Any line that begins with whitespace and aligns with a previous list item is considered to be "within" that list item. Text folds and wraps as normal, and the [@(:linebreaks:)@] directive is honored. To turn off whitespace indentation, use [@DisableMarkup('^ws');@].%0a%0a* A single blank line after a [@!!Heading@] is silently ignored.%0a%0a* The [@(:redirect:)@] directive is now a true markup, and can be embedded inside conditional markups or includes. It also allows redirecting to an anchor in a page, such as [@(:redirect PageName#anchor:)@]. A new [@from=@] option allows the redirect to take place only from pages that match the given wildcard specification. The [@status=@] option allows a 301, 302, 303, or 307 HTTP status code to be returned.%0a%0a* The built-in authorization function has gone through some substantial internal changes, however these changes should be fully backward compatible so that it doesn't impact any existing sites. (If it ''does'' cause a problem, please let me know so I can investigate why!) The password prompts are now specified by an admin-customizable Site.AuthForm page. In addition, the authorization function no longer creates PHP sessions for visitors that aren't being authenticated.%0a%0a* The authuser.php has likewise been substantially updated. The new version should have complete backwards compatibility with previous authuser.php settings, but this version also offers the ability to configure authentication resources and authorization groups through the [[Site.AuthUser]] page. Note that by default the Site.AuthUser page can only be edited using the admin password.%0a%0a* The $EnableSessionPasswords variable can be used to control whether passwords are held in PHP sessions. (This does not affect user authentication via [[AuthUser]], however.)%0a%0a* The $Author variable now defaults to $AuthId if not otherwise set by a script or cookie.%0a%0a* The [[Site.SideBar]] page now defaults its edit password to the sitewide edit password (in $DefaultPasswords['edit']).%0a%0a* PmWiki now supports a "draft edit" mode, enabled by $EnableDrafts = 1. This creates a "Save as draft" button that will save a page under a "-Draft" suffix, for intermediate edits.%0a%0a* There is now an ?action=login action available.%0a%0a* A potential security vulnerability for sites running PHP 5 with register_globals enabled has been fixed.%0a%0a* The [@[[PageName |+]]@] markup is now available by default; this creates a link to `PageName and uses that page's title as the link text.%0a%0a* What used to be "markup variables" are now "[[page variables]]". These are always specified using the @@{$''variable''}@@ syntax, and can be used in markup and in $...Fmt strings. In addition, one can request a value for a specific page by placing the pagename in front of the variable, as in @@{''pagename''$''variable''}@@.%0a%0a* The ''scripts/rss.php'' script is now ''scripts/feeds.php'', and is a complete redesign for [[web feed(s)]] generation. The new version supports UTF-8 and other encodings, can generate Atom 1.0 ([@?action=atom@]), Dublin Core Metadata ([@?action=dc@]) output, and enclosures for podcasting. It also allows feeds to be generated from trails, groups, categories, and backlinks, and provides options (same as pagelists) for sorting and filtering the contents of the feed. Most sites can simply switch to using [@include_once("scripts/feeds.php");@] instead of the previous ''rss.php'' include. The ''rss.php'' file has been removed from the distribution (but still works with PmWiki 2.1 for those sites that wish to continue using it).%0a%0a* [[PmWiki/InterMap]] entries can now come from a `Site.InterMap page as well as the ''local/localmap.txt'' and ''local/farmmap.txt'' files. The format of these files has changed slightly, in that the InterMap name should now have a colon after it (previously the colon was omitted).%0a%0a* We can now provide better control of robot (webcrawler) interactions with a site to reduce server load and bandwidth. The $RobotPattern variable is used to detect robots based on the user-agent string, and any actions not listed in the $RobotActions array will return a 403 Forbidden response to robots. In addition, setting $EnableRobotCloakActions will eliminate any forbidden ?action= values from page links returned to robots, which will reduce bandwidth loads from robots even further (PITS:00563).%0a%0a* Non-existent page handling has been improved; whenever a browser hits a non-existent page, PmWiki returns the contents of Site.PageNotFound and a 404 ("Not Found") status code.%0a%0a* Page links that have "?action=" in their query arguments are now treated as "existing page" links even if the page does not exist.%0a%0a* The PmWiki default skin now adds rel='nofollow' to various action links.%0a%0a* Some of the CSS styles in the PmWiki default skin have been changed for better presentation.%0a%0a* The gui edit buttons have transparent (instead of white) borders so they integrate better into skins.%0a%0a* The $EnableIMSCaching variable is now much smarter, it can detect changes in local customization files as well as pages.%0a%0a* [[PmWiki/WikiStyles]] can now make percentage specifications by using "pct" to mean "%25".%0a%0a* Class attributes in [[WikiStyle(s)]] shortcuts are now cumulative, so that [@%25class1 class2%25@] results in [@class='class1 class2'@] instead of just [@class='class2'@] in the output.%0a%0a* A problem with the [@(:include PageName#from#:)@] markup not working has been fixed (PITS:00560).%0a%0a* Viewing a GroupHeader or GroupFooter page no longer displays the contents twice.%0a%0a* It's now easier to share pages among multiple sites (e.g., [[WikiFarms]]), see Cookbook:SharedPages (PITS:00459).%0a%0a* A problem with nested apostrophe markups has been fixed (PITS:00590).%0a%0a* PmWiki is now smarter about not surrounding block HTML tags with %3cp>...%3c/p> tags.%0a%0a* If an [@[[#anchor]]@] is used more than once in a page, only the first generates an actual anchor (to preserve XHTML validity).%0a%0a* There are now [@(:if equal ...:)@] and [@(:if exists pagename:)@] [[conditional markup]]s.%0a%0a* Compound conditional markup expressions are now possible -- e.g. [@(:if [ group PmWiki && ! name PmWiki ] :)@] .%0a%0a* Added an $InputValues array that can supply default values for certain form controls (PITS:00566).%0a%0a* The default setting of $UploadUrlFmt is now based on $PubDirUrl instead of $ScriptUrl.%0a%0a* The $text global variable has been removed (use $_GET['text'], $_POST['text'], or $_REQUEST['text']).%0a%0a* A possible problem with url-encoding of attachments with non-ASCII characters has been addressed (PITS:00588).%0a%0a* Page actions in non-existent pages no longer display with non-existent link decorations.%0a%0a* A README.txt file has been added, and several documentation files are now available through the docs/ directory.%0a %0a* PmWiki is no longer available through CVS on sourceforge.net. It is now available via SVN on pmwiki.org, at svn://pmwiki.org/pmwiki/tags/latest . For more details, see PmWiki:Subversion.%0a%0a* The $NewlineXXX variable (deprecated in 2.0.0) has been removed.%0a%0a* There is experimental support for server-side caching of pages that take a long time to render; this is currently an unsupported feature and may be removed in future releases.%0a%0a%25red%25Wiki administrators should note that from this release on PmWiki defaults to having WikiWords disabled.%0a%0aTo make sure WikiWords are enabled, use [@$LinkWikiWords = 1;@] in%0athe ''local/config.php'' file.%0a%0a----%0aBugs and other requests can be reported to the PmWiki Issue Tracking %0aSystem at http://www.pmwiki.org/wiki/PITS/PITS. Any help%0ain testing, development, and/or documentation is greatly appreciated..%0a%0a[[(PmWiki:)Release Notes archive]] - notes for versions older than 2.1.0.%0a%0a%0a%0a%0a%0a%0a%0a%0a%0a%0a +time=1247767159 title=Release Notes Index: wikilib.d/PmWiki.ChangeLog =================================================================== --- wikilib.d/PmWiki.ChangeLog (.../pmwiki-2.2.3) (revision 2387) +++ wikilib.d/PmWiki.ChangeLog (.../pmwiki-2.2.4) (revision 2387) @@ -1,11 +1,11 @@ -version=pmwiki-2.2.2 ordered=1 urlencoded=1 +version=pmwiki-2.2.3 ordered=1 urlencoded=1 agent=Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.19) Gecko/20081216 Ubuntu/8.04 (hardy) Firefox/2.0.0.19 author=Petko charset=ISO-8859-1 csum= host=81.65.14.164 name=PmWiki.ChangeLog -rev=909 +rev=910 targets=PmWiki.MailingLists,PmWiki.ReleaseNotes,PmWiki.WikiFarms,SiteAdmin.SiteAdmin,PmWiki.Version,SiteAdmin.Status,SiteAdmin.AuthList,PmWiki.PageTextVariables,PmWiki.Links,PmWiki.WikiStyles,PmWiki.PageLists,PmWiki.Forms,PmWiki.PageListTemplates,PmWiki.FAQ,PmWiki.Passwords,PmWiki.Skins,PmWiki.PageVariables,PmWiki.MarkupExpressions,Site.PageListTemplates,PmWiki.PageDirectives,PmWiki.ConditionalMarkup,PmWiki.AuthUser,PmWiki.PagelistVariables,PmWiki.Uploads -text=(:Summary: Log of changes made to PmWiki by [[Release(Notes)]]:)%0aSee [[Cookbook:RecentChanges | the cookbook recent changes page]] for additional updates and activity by other developers, or join the [[PmWiki/MailingLists | pmwiki mailing lists]] to discuss feature development with us.%0a%0a(:comment Changes made to the [[PmWiki:Subversion | subversion pre-release ]] of PmWiki.:)%0a!!! Version 2.2.3 (2009-07-16)%0a* Fix action=logout could incorrectly set a session cookie (PITS:01062).%0a* Fix page history trim in vardoc.php (PITS:01103).%0a* Add $EnableUploadGroupAuth, use group password for downloads (PITS:01104).%0a* Fix recursive PTV loops, added $MaxPageTextVars (PITS:00915, PITS:01099).%0a* Fix mkdirp() messages for absolute paths (PITS:00396).%0a* Fix sample-config.php order for urlapprove.php (PITS:01037).%0a* Fix broken signature links on preview.%0a* Fix crypt.php (action=crypt) could malfunction for passwords with quotes or apostrophes.%0a* Fix @@ @_site_*@@ passwords to work in GroupAttributes (PITS:00836, PITS:00998).%0a* Fix possible XSS vulnerabilities, reported by Michael Engelke.%0a* Update documentation.%0a%0a!!! Version 2.2.2 (2009-06-21)%0a* Fix class in pages not on the breadcrumbs trail, reported by Ed W.%0a* Fix @@tabindex@@ and @@onclick@@ to guiedit buttons.%0a* Fix $GroupPrintHeaderFmt in print.php (PITS:01073).%0a* Fix global vars in xlpage-utf-8.php (PITS:00980).%0a* Fix $txt in LinkPage (reported by Eemeli Aro).%0a* Add $EnableNotifySubjectEncode for international wikis (Cookbook:UTF-8).%0a* Fix international message in Abort().%0a* Fix security bug with AuthUser, reported by Eemeli Aro. See [[Release notes]].%0a* Fix $ActionTitleFmt for login and upload, reported by Eemeli Aro.%0a%0a!!! Version 2.2.1 (2009-03-28)%0a* Fix $FPLTemplateMarkupFunction which somehow didn't get in the 2.2.0 archive.%0a* Fix wikitrails to work cross-group (PITS:00407).%0a* Add $EnableRedirectQuiet variable (PITS:00919).%0a* Fix [={$Title}=] could display global variables (reported by HansB).%0a* Fix reloaded form submissions could lose values (reported by DaveG).%0a* Fix preview while restoring a version from history (PITS:01081).%0a* Fix relative links with international characters (reported by G. Hermanowicz).%0a* Add in sample-config.php example call to xlpage-utf-8.php (PITS:01066).%0a* Update documentation.%0a* Fix guiedit.php to produce valid HTML.%0a%0a!! Version 2.2.0 (2009-01-18)%0a* Convert beta series to official release series.%0a* Add $FPLTemplateMarkupFunction (PITS:00984, requested by John Rankin).%0a%0a!!! [[#beta68]] Version 2.2.0-beta68 (2008-08-14)%0a* Fix E_NOTICE errors reported by Dominique Faure.%0a* Enable [@(:redirect:)@] directives in pagelists.%0a%0a!!! [[#beta67]] Version 2.2.0-beta67 (2008-07-13)%0a* Add [={$LastModifiedTime}=] page variable.%0a* Add $EnableSessionPasswords variable to control session password usage.%0a* Add $SessionEncode and $SessionDecode variables to specify functions for encoding/decoding sensitive session data.%0a* Updated httpauth.php to use SessionAuth instead of poking in session guts directly.%0a%0a!!! [[#beta66]] Version 2.2.0-beta66 (2008-07-04)%0a* Add content-type/charset to Abort() output (suggested by Petko).%0a* Close minor XSS vulnerability (PITS:01030).%0a* Add "nested if" capability.%0a* Fix bug in $Transition handling that would enable all transitions if any were set (reported by John Rankin).%0a %0a%0a!!! [[#beta65]] Version 2.2.0-beta65 (2007-11-17)%0a* Fix SiteAdmin.AuthList so that it defaults to list=all (reported by Roman).%0a* Fix pmwiki skin to include xmlns= attribute in %3chtml> tag (PITS:00989, reported by Mateusz Czaplinski and Petko Yotov).%0a%0a!!! [[#beta64]] Version 2.2.0-beta64 (2007-11-13)%0a* Add times to PmWiki date parsing (e.g., 2007-08-09T12:22:04).%0a* Suppress warning from ini_set in diag.php (suggested by Petko).%0a* Fix handling of -> links in trails (reported by Eemeli Aro).%0a* Add .kml and .kmz as valid attachment types. %0a* Fix handling of [=&=] in markup (PITS:00988, reported by Stirling Westrup).%0a* Fix duplication of language markers in $XLLangs (PITS:00987, reported by Stirling Westrup).%0a* Correct typo in DRange() call in stdmarkup.php (reported by Stirling Westrup).%0a* Turn on error displays when diagnostics are enabled.%0a* Default PHP's pcre.backtrack_limit to at least 1000000.%0a%0a!!! [[#beta63]] Version 2.2.0-beta63 (2007-07-31)%0a* Added $SkinDirectivesPattern to allow adjustments to available skin directives (requested by Petko).%0a* Fix default permissions on Site.AuthUser and Site.AuthList (reported by Scott Connard).%0a* Add "monospace" to pmwiki.css default (reported by Joshua Timberman, with assistance from H. Fox)%0a* Fix problem with slashes in wildcards to name= and group= parameters (reported by Ian MacGregor).%0a%0a!!! Version 2.2.0-beta62 (2007-07-21)%0a* Fix bug in trails introduced by beta61 (reported by charlequin).%0a%0a!!! Version 2.2.0-beta61 (2007-07-19)%0a* Add ability to grab trails by section.%0a* Add an "ontrail" condition (from suggestions by charlequin).%0a%0a!!!Version 2.2.0-beta59, 2.2.0-beta60 (2007-07-18)%0a* Fix problem with upgrade.php on [[wiki farms]] (reported by Scott Connard).%0a* Fix problem with distributed version of Site.AuthUser (reported by Jon Haupt).%0a%0a!!!Version 2.2.0-beta58 (2007-07-17)%0a* Significant change: Site.AuthUser, Site.Blocklist, Site.ApprovedUrls, and Site.NotifyList now appear in the [[SiteAdmin]] group by default.%0a** Note: if you limit groups by setting $GroupPattern, you now need to include SiteAdmin (see [[Cookbook:LimitWikiGroups]])%0a* Abort if ldap: authentication requested and libraries aren't present.%0a* Added "upgrades.php" script to handle various migration issues.%0a* Current PmWiki [[version]] is now held in [[SiteAdmin.Status]] .%0a* Fix ?action=postupload to follow ?action=upload settings.%0a* Improvements to [[SiteAdmin.AuthList]] page (suggestions and fixes from Ian MacGregor).%0a* Allow leading underscores in attachment names (requested by Christophe David).%0a%0a!!!Version 2.2.0-beta57 (2007-06-15)%0a* Fix AsSpacedUTF8() to work like AsSpaced() (reported by Petko).%0a* Qualify page links that contain parentheses (reported by Petko).%0a* Fix bug in [@(:input default $:var ... :)@] (reported by Crisses).%0a%0a!!!Version 2.2.0-beta56 (2007-06-13)%0a* Fix AsSpaced() to not add spaces before leading digit, and treat hyphenated digits as complete numbers.%0a* Fix infinite recursion in self-referencing [[page text variables]] (PITS:00915).%0a* Fix bug introduced in beta55 not handling end [[links|anchors]] correctly (reported by Roman).%0a%0a!!!Version 2.2.0-beta55 (2007-06-11)%0a* Fix attributes to [@(:input e_form:)@] (PITS:00387, re-reported by Crisses).%0a* UpdatePage() now calls StopWatch() to record posting.%0a* Display stopwatch output as part of redirect.%0a* Fix [[wiki styles]] bug when $EnableLinkPageRelative is set (reported by Petko).%0a* Revise TextSection() code to hopefully avoid %25newwin%25[[http://pcre.org/|pcre]] limits (reported by Kathryn Andersen, Knut Alboldt).%0a* Add wrap=inline and wrap=none options to [[page list(s#pagelistwrap)]].%0a%0a!!!Version 2.2.0-beta53, 2.2.0-beta54 (2007-06-02)%0a* Improve error message reporting for markup rules (suggestion by Knut Alboldt).%0a* Clean up more E_NOTICE warnings (reported by Ian MacGregor).%0a* Add focus= option to [=(:=][[forms|input]]:) controls.%0a* Added CSS [@.faqtoc@] class, to be able to display only the questions coming from the #includefaq [[page list template(s)]].%0a* Changed [[PmWiki.FAQ]] to use .faqtoc class.%0a* Fix bug in TextSection (PITS:00935, reported by Jean-Fabrice).%0a* Fix bug in [[page list(s#pagelisttrail)]] caching of trails.%0a%0a!!!Version 2.2.0-beta52 (2007-05-26)%0a* Add per-PageStore attributes (from a suggestion by Tobias Thelen).%0a* Add [@{$PasswdRead}@], [@{$PasswdEdit}@], etc. to display page password settings.%0a* Add Site.AuthList to display all password permissions on a site.%0a* Reorder $PageListFilters slightly.%0a* Add "passwd=" option to [[page list(s#pagelistpasswd)]], to return only those pages that have some sort of [[password(s)]] attribute on them.%0a* Add line numbers to StopWatchHTML output.%0a* Clean up handling of $AuthCascade.%0a%0a!!!Version 2.2.0-beta51 (2007-05-23)%0a* Add fmt=count to [[page list(s#pagelistcount)]] (reminder from Hans).%0a* Ignore hidden files in [[skin(s)]] directories when searching for .tmpl (suggestion by Stephan Becker).%0a* Clean up queuing of pages to be updated in .pageindex .%0a* Reset $LinkTargets() at beginning of each UpdatePage() sequence.%0a%0a!!!Version 2.2.0-beta50 (2007-05-22)%0a* Fix HTML cache when drafts are enabled, or other recipes using CondAuth().%0a* Prevent [[page lists]] with protected pages from HTML cache.%0a%0a!!!Version 2.2.0-beta48, 2.2.0-beta49 (2007-05-21)%0a* Fix spurious value= attribute in %3ctextarea> tag generated by [@(:input textarea ... :)@].%0a* Allow either [@(:input default ...:)@] or [@(:input defaults ...:)@].%0a* Fix problem with page text variable handling in [@(:input defaults:)@].%0a* Allow either [@(:template default:)@] or [@(:template defaults:)@] in [[page list templates]].%0a* Fix a bug handling dates with suffixes (reported by Crisses).%0a%0a!!!Version 2.2.0-beta47 (2007-05-20)%0a* Fix bug with quote handling in [@(:include:)@] options (reported by Hans).%0a%0a!!!Version 2.2.0-beta46 (2007-05-19)%0a* Moved $PageTextVarPatterns definition from scripts/stdmarkup.php to pmwiki.php.%0a* Ignore Markup() rules that have unresolved $when parameters.%0a* Fix issue in authuser.php when $auth array isn't set (contributed by Ben Stallings).%0a* The [@(:include:)@] directive now performs template argument processing on the included text.%0a* Optimized [@(:pagelist:)@] slightly when sorting on [[page variables]].%0a* Refactored [@(:input ... :)@] markups.%0a* Added HandleDispatch(), which allows action handlers to easily redispatch to other actions (and add messages).%0a* Added FmtTemplateVars(), to perform various template-substitutions.%0a%0a%0a!!!Version 2.2.0-beta45 (2007-05-02)%0a* Update pmwiki's date parsing to use a common routine, recognizing dates within strings and restricting range to 1900-2039.%0a* Add additional parameter to "date" conditional.%0a* Add if= option to [[page list(s#pagelistif)]] (suggested by Crisses).%0a* Refactor code to use TextSection() and RetrieveAuthSection() functions.%0a* The value= parameter to [@(:input textarea:)@] now works properly (including values loaded from $InputValues).%0a* The [@(:input default:)@] directive now allows loading input control defaults from another page via the [@source=@] parameter.%0a* Remove automatic call to FmtPageName() in $ROSPatterns. Add $ROEPatterns (from suggestions by JB and others).%0a* Fix minor variable bugs in scripts/crypt.php.%0a* Remove E_NOTICE errors (reported by Hans).%0a* Fix handling of page variables when pagename is empty or not provided.%0a* Add $EnableLinkPageRelative configuration option.%0a* Clean up handling of arguments to [@{(ftime ...)}@].%0a* Remove mailposts.php call in stdconfig.php (reported by Christophe David).%0a%0a!!!Version 2.2.0-beta44 (2007-04-16)%0a* Fix case conversion of U+027D and U+026B (reported by Petko).%0a* Add $FTimeFmt to set default formatting for [@{(ftime)}@].%0a* Add %25s conversion to [@{(ftime)}@] for systems that don't have it by default.%0a* Report an error if edit [[form(s)]] cannot be read (suggested by Hans).%0a* Don't report ?cannot acquire lockfile when simply browsing pages.%0a* Add $EnableReadOnly flag to signal when PmWiki is to be run in read-only mode.%0a%0a!!!Version 2.2.0-beta43 (2007-04-15)%0a* Update drafts code to add $EnablePublishAttr and change button labels when drafts are enabled (PITS:00755).%0a* Removed no-longer-needed 'compat1x.php' and 'mailposts.php' from distribution.%0a* Added $DraftRecentChangesFmt.%0a* Added "[[markup expressions]]" [@{(...)}@] into the core.%0a* Added charset= attribute to saved pages.%0a* Update pagelist.php and xlpage-utf-8.php to handle case-insensitive searches.%0a* Added some optimizations to phpdiff.php script to produce more useful history information.%0a%0a!!!Version 2.2.0-beta42 (2007-03-27)%0a* Fix a bug with order=title in pagelists (reported by Anno).%0a%0a!!!Version 2.2.0-beta41 (2007-03-26)%0a* Added $EnableWSPre option, which allows easy adjustment of the "leading space -> preformatted text" (or "whitespace") rule.%0a* Added a new "pre" wikistyle, to designate blocks that are to be treated as preformatted text.%0a%0a!!!Version 2.2.0-beta40 (2007-03-24)%0a* Fix bug with order=title in pagelists when using $Titlespaced (PITS:00906, reported by Feral).%0a* Report state of allow_url_fopen when downloads fail in blocklist.php.%0a%0a!!!Version 2.2.0-beta39 (2007-03-23)%0a* Allow page variable filters to appear as options in [@(:template defaults:)@] (reported by SteP).%0a* Updated [[Site.PageListTemplates]] to use [@(:template:)@] directives.%0a* Remove '#wikileft h1' and '#wikileft h5' from pmwiki default stylesheet.%0a%0a!!!Version 2.2.0-beta38 (2007-03-22)%0a* Strip control characters from $ChangeSummary.%0a* Fix problem with count=m..n where m..n is outside the range of available pages (reported by SteP).%0a* Allow [@(:template default ...:)@] to specify a class= option.%0a* [[PmWiki/PageDirectives#redirect|Redirect]] pagename can now include an anchor (PITS:00558)%0a%0a!!!Version 2.2.0-beta37 (2007-03-16)%0a* Allow an optional space after comma separators in wildcard patterns (reported by Han Baas).%0a%0a!!!Version 2.2.0-beta36 (2007-03-16)%0a* Allow nested [[page text variables]] to work, remove extraneous ENT_NOQUOTES parameter.%0a* Add new [@(:template ...:)@] directives for pagelist templates.%0a* Modify count= option to pagelists to allow for alternate ranges.%0a%0a!!!Version 2.2.0-beta35 (2007-03-05)%0a* Fix bug in [[conditional markup]] parsing (reported by Christophe David).%0a%0a!!!Version 2.2.0-beta33, 2.2.0-beta34 (2007-03-01)%0a* Refactor wildcard handling into its own GlobToPCRE function.%0a* Allow negated wildcards for page variable filters in pagelists (PITS:00878, reported by Jiri)%0a* Fix wildcards so that spaces no longer separate patterns (use commas).%0a* Fix handling of '&' prior to [@(:input:)@] and other directives (reported by Luigi).%0a* Adjust position of [@%25define=...%25@] [[wiki styles]] to occur after ampersands.%0a* Adjust copyright dates on many files.%0a* Allow spaces around text variable names in [[page text variable(s)]] markups.%0a%0a!!! [[#beta32]] Version 2.2.0-beta32 (2007-02-28)%0a* Fix erroneous $EnableCreole item in docs/sample-config.php (reported by Sigurd).%0a* Added [@(:elseif:)@] and [@(:else:)@] markups (PITS:00787).%0a* Fix global $Skin variable handling when using SetSkin from within markup.%0a* Make sure directives aren't treated like [[page text variables]] (reported by Petko).%0a* Remove call to ResolvePageName() from authuser.php .%0a* Simplify [[PmWiki/AuthUser#LDAP|LDAP]] authentication for Active Directory sites.%0a* Cache lowercase/uppercase patterns in AsSpacedUTF8().%0a%0a!!!Version 2.2.0-beta31 (2007-02-11)%0a* Fix bug with sorting on [[pagelist variables]] (reported by Kathryn Andersen).%0a%0a!!!Version 2.2.0-beta29, 2.2.0-beta30 (2007-02-09)%0a* MakePageName now uses the first matching entry of $PagePathFmt as the home page of groups without a home page.%0a* Add AsSpacedUTF8() to handle title spacing in utf-8 (PITS:00875, contributed by Petko, Celok)%0a* Fix $RequestedPage when running with utf-8.%0a* Add %3cmeta> content-type tag for utf-8.%0a* Add an experimental caching system for pagelists.%0a* Fix $SuffixPattern and link suffixes for utf-8 (PITS:00881, reported by ppip).%0a%0a!!!Version 2.2.0-beta28 (2007-02-03)%0a* Update blocklist.php so that all posted fields are checked for block values (PITS:00850).%0a%0a!!!Version 2.2.0-beta27 (2007-01-25)%0a* Fix markup processing sequence for [@(:input default:), (:input select:)@], etc. (problem noted by Marc).%0a* Fix default value of [@order=@] parameter to MakePageList().%0a%0a!!!Version 2.2.0-beta26 (2007-01-23)%0a* Fix a bug where pagelist list= option had no effect when reading from trails (from an rss problem noted by Russ Fink).%0a%0a!!!Version 2.2.0-beta24, 2.2.0-beta25 (2007-01-22)%0a* Add a scripts/creole.php module for Creole markup (http://www.wikicreole.org/).%0a* Move WikiWords out of the core defaults -- can be enabled via $EnableWikiWords.%0a* Fix handling of WikiWords following & or #, as in [=Æ and #FFFF00=] (reported by Moni Kellermann).%0a* Adjust FormatTableRow() to support Creole-style tables (using single |'s).%0a* Update docs/sample-config.php with new configurations and options.%0a* Added code to allow Abort() to refer to additional information on pmwiki.org.%0a* Added $EnableSkinDiag, which checks templates for required %3c!--HTMLHeader--> and %3c!--HTMLFooter--> directives.%0a* Removed deprecated $BasicLayoutVars support from skins.php.%0a%0a!!!Version 2.2.0-beta22, 2.2.0-beta23 (2007-01-17)%0a* Added $EnableActions, to allow pmwiki.php to be included without generating output (from a suggestion by Wouter Groeneveld).%0a* Fix bug in "order=" option to [@(:pagelist:)@] (reported by Mike Bishop).%0a* Change DisplayStopWatch() function to StopWatchHTML().%0a* Allow multiple lines for markup:, wiki:, and page: template directives (reported by Marc)%0a%0a!!!Version 2.2.0-beta21 (2007-01-12)%0a* Fix %3cvspace> bug in searchresults output (PITS:00846, reported by M. Czaplinski, marc, and others).%0a* Fix numerous E_NOTICE warnings and incorrect constants (PITS:00853, contributed by AndrewFyfe).%0a%0a!!!Version 2.2.0-beta20 (2007-01-11)%0a* $FeedPageListOpt needs to be declared global in feeds.php.%0a* Add "404 Not Found" status code to ?invalid page name aborts (PITS:00854, suggested by Athan).%0a* Remove stale entries from $PageExistsCache when a new PageStore is added (reported by Hans).%0a%0a!!!Version 2.2.0-beta19 (2006-12-29)%0a* Have blocklist check $_POST['text'] only when it is set (from a report by Simon).%0a%0a!!!Version 2.2.0-beta18 (2006-12-28)%0a* Change $pagename parameter in UpdatePage() to be passed by reference (suggestion by J. Meijer).%0a* Fix $EnableRobotsCloakActions so that it works again with page variables.%0a* Add "XML Sitemaps" to $RobotPattern.%0a* Change $MetaRobots to return "nofollow,noindex" for non-existent pages.%0a* Prefer "404 Not Found" to "403 Forbidden" for [[(PmWiki:)robots]] attempting to do invalid actions on non-existent pages.%0a* Add rel='nofollow' to "create attachment" links.%0a* Added class='inputbox' to select boxes (suggested by Hans).%0a* Added .odt, .ods, and .odp file extensions to allowed [[uploads]] (suggested by Algis Kabaila, Robin Sheat, and others).%0a* Clean up some error warnings (PITS:00801, contributed by psvo).%0a* Set $ScriptUrl to 'https:' when accessed via SSL link (suggestions from C. Ridderström, H. Fox, PITS:00410, PITS:00527, PITS:00595).%0a* Fix bug in link= and trail= options to [@(:pagelist:)@] (reported by C. Ridderström).%0a%0a!!!Version 2.2.0-beta17 (2006-12-13)%0a* Fix spurious hidden field in [@(:searchbox:)@] output (reported by Hans).%0a* Fix $CaseConversions array for \xc4\xb1 and \xc5\xbf (reported by Petko Yotov).%0a* Refactor [@(:input:)@] markup handling.%0a* Add [@(:input select ...:)@] markup (PITS:00567).%0a* Add [@(:input default ...:)@] markup -- may change before 2.2.0 release.%0a* Add ability to set defaults for radio/checkbox/select controls.%0a%0a%0a!!!Version 2.2.0-beta16 (2006-11-10)%0a* Fix problem with [@(:e_preview:)@] directive when viewing an edit form (reported by Dominique Faure).%0a* Fix out-of-memory problem in scripts/compat1x.php when dealing with large pages to be converted (contributed by Donald Gordon).%0a* Fix problem of Variable: lines immediately followed by newline (reported by Hans).%0a* Fix uninitialized variable errors in FormatTableRow() (reported by Bob Sanders).%0a* Fix second argument of MakeBaseName() (provided by Stirling Westrup).%0a%0a!!!Version 2.2.0-beta15 (2006-10-16)%0a* Fix bug with displaying multi-line [@(:var:value:)@] [[page text variables]] (reported by Pico).%0a* Improve PageStore ls() method slightly, to restrict pagename searches to directories of a given depth (based on an issue reported by Chris Cox).%0a* Added $IsBlocked status variable to scripts/blocklist.php.%0a* Added $UnapprovedLink array to report unapproved links.%0a* Added $TimeISOFmt, $TimeISOZFmt, and $CurrentTimeISO variables.%0a* Switched scripts/feeds.php to use $TimeISOZFmt instead of $ISOTimeFmt.%0a* Added [@request=@] option to [@(:pagelist:)@], switched pagelist to default to not use url/form parameters.%0a* Fixed bug with array [@{$$options}@] in pagelist.%0a%0a!!!Version 2.2.0-beta14 (2006-10-06)%0a* Fix problem with extra parameter to mail when $NotifyParameters is empty (reported by Tom Lederer).%0a* Improve configurability of $SearchPatterns (from suggestions by Stirling Westrup).%0a* Add ability for $WikiWordCount to disable wikiword spacing (PITS:00327).%0a%0a!!!Version 2.2.0-beta13 (2006-10-04)%0a* Fix handling of angle brackets (and potential XSS) in pagelists combined with page text variables (noted by Pico).%0a%0a!!!Version 2.2.0-beta12 (2006-10-03)%0a* Added the UpdatePage() function into the core. %0a%0a!!!Version 2.2.0-beta11 (2006-10-03)%0a* Added ability to automatically create targets.%0a* Added sample code to docs/sample-config.php for automatic generation of Category.* pages.%0a* Fixed character escapes in pagelist [@{$$option}@] variables.%0a%0a!!!Version 2.2.0-beta10 (2006-10-02)%0a* Added [@{$$option}@] variables to get option values from [@(:pagelist:)@] (based on a recipe from Martin Fick).%0a* Changed [@{$PageCount}, {$GroupPageCount}, and {$GroupCount}@] to be [@{$$PageCount}, {$$GroupPageCount}, and {$$GroupCount}@].%0a* Added [@{$BaseName}@] page variable and $BaseNamePatterns.%0a%0a!!!Version 2.2.0-beta9 (2006-10-01)%0a* Fix bug with $EnablePageListProtect (reported by Brent Zupp).%0a* Added ability to select based on page variables in [@(:pagelist:)@].%0a%0a!!!Version 2.2.0-beta8 (2006-09-30)%0a* Update scripts/blocklist.php to check only $_POST['text'] instead of entire markup text.%0a* Fix bug in pagelist.php that wouldn't return correctly formatted array in certain circumstances (noted by Florian Fischer and JDem).%0a%0a!!!Version 2.2.0-beta7 (2006-09-30)%0a* Added scripts/blocklist.php to core.%0a* Updated handling of $PageTextVarPatterns.%0a* Eliminated need for extra flush() steps in notify.php, pagelist.php.%0a%0a!!!Version 2.2.0-beta6 (2006-09-27)%0a* Fix bug with initialization of $FeedPageListOpt in scripts/feeds.php (reported by Roman).%0a* Fix bug with over-eager [@(:textvar:value:)@] markup (from a bug reported by Chris Cox).%0a%0a!!!Version 2.2.0-beta4, 2.2.0-beta5 (2006-09-27)%0a* Fix bug with name= option in pagelist (reported by Ben Wilson).%0a* Fix bug with array_merge under PHP 5 (reported by Kathryn Andersen).%0a%0a!!!Version 2.2.0-beta3 (2006-09-26)%0a* Remove extra %3c!----> comment at end of table directives (noted by Ben Stallings).%0a* Fix directive form of page text variables (reported by Kathryn Andersen).%0a* Add first version of new modular pagelist code.%0a%0a!!!Version 2.2.0-beta2 (2006-09-25)%0a* Add support for [@{$:var}@] page text variables, and [@(:var:...:)@] markup.%0a* Fix default setting of $EnableRelativePageVars in docs/sample-config.php .%0a%0a!!!Version 2.2.0-beta1 (2006-09-25)%0a* Added [@{*$var}@] page variables (always the currently browsed page).%0a* Convert link and page variable handling in [=(:include:)=] to be relative to the included page.%0a* Added $EnableRelativePageVars and $EnableRelativePageLinks variables, as well as transition options.%0a* Added basepage= option to [=(:include:)=].%0a* Updated $GroupHeaderFmt and $GroupFooterFmt to use basepage= option.%0a* Adjusted $MakePageNamePatterns to automatically strip any #... or ?... from the end of a pagename input string (solution to a problem reported by J. Meijer).%0a%0a!!!Version 2.1.27 (2006-12-11)%0a* Backport in bug fix for TableRowFormat (from 2.2.0-beta16).%0a* Add support for [@{*$Variable}@] syntax (from 2.2.0 page variables).%0a%0a!!!Version 2.1.26 (2006-09-11)%0a* Fix a bug with variable referencing that caused feeds.php to get a confused PCache (reported by Helge Larsen).%0a%0a!!!Version 2.1.25 (2006-09-08)%0a* Fixed a bug in authuser.php that would fail if $AuthUser isn't defined (reported by Hans Huijgen).%0a* Added %3c!--XMLHeader--> and %3c!--XMLFooter--> aliases to %3c!--HTMLHeader--> and %3c!--HTMLFooter--> directives in skin templates (suggested by John Rankin).%0a* Added $PageExistsCache (suggested by John Rankin).%0a%0a!!!Version 2.1.24 (2006-09-06)%0a* Fixed a bug in authuser.php that had trouble dealing with non-array entries in $AuthUser (reported by Udo).%0a* Can now specify authorization groups using $AuthUser['@group'] entries.%0a* Can now specify an Apache .htgroup-formatted file for authorization groups via $AuthUser['htgroup'].%0a%0a!!!Versions 2.1.21, 2.1.22, 2.1.23 (2006-09-05, 2006-09-06)%0a* Close a potential security hole with $FarmD when register_globals is set "On".%0a* Correct a syntax error in feeds.php (noted by Ben Wilson).%0a* Fix a bug that prevented PmWiki from reading page files generated by versions prior to 0.5.6 (discovered by Milan Avramovic).%0a%0a!!!Version 2.1.20 (2006-09-04)%0a* Fixed a bug in [[PageDirectives#attachlist| [@(:attachlist:)@] ]] when passed a wikiword argument (reported by Kathryn Andersen).%0a* Changed $HTMLStylesFmt['markup'] to honor config.php setting (reported by Hans).%0a%0a!!!Version 2.1.19 (2006-08-30)%0a* Corrected a bug in the pageindex code that was causing the .pageindex to not update as quickly as it should.%0a* Slightly changed the handling of 'width' and 'height' in wikistyles.php, so that they can be be applied as attributes to %3cobject> and %3cembed> tags.%0a* Updated the Keep() function to recognize closing block tags as being in the 'B' block pool.%0a* Fixed a bug with wikistyles and form tags.%0a%0a!!!Version 2.1.18 (2006-08-28)%0a* Closed a potential cross-site scripting vulnerability in table markups (reported by JB).%0a* Added [@(:input image:)@] markup (requested by JB).%0a* Fixed problem with ?action=print failing to set [@{$Action}@] (reported by Bart).%0a%0a!!!Version 2.1.17 (2006-08-26)%0a* Added some improvements to IMS caching to better handle logout and authorization actions (PITS:00573, reported by floozy and Henrik Bechmann).%0a%0a!!!Version 2.1.16 (2006-08-26)%0a* Added $SkinLibDirs variable, to select filesystem and url locations where skins may be found (resolves PITS:00708, as reported by Hagan Fox, with additional suggestions from Ben Wilson).%0a* Changed [@%3c!--HeaderText-->@] to [@%3c!--HTMLHeader-->@] in skin templates, and added an optional [@%3c!--HTMLFooter-->@] directive (PITS:00767).%0a* Adjusted the pmwiki and print skins to use the new directives.%0a%0a!!!Version 2.1.15 (2006-08-25)%0a* Fixed issue dealing with order of [@@_site_*@] passwords (reported by Jean-Fabrice and others).%0a* Added $LocalDir variable (requested by John Rankin).%0a* Removed an unnecessary setting of $DefaultPage in ''scripts/pgcust.php'' (it's now handled by ResolvePageName() ).%0a* Added some variables and changes in wikistyles.php to better support wikipublisher (contributed by John Rankin).%0a* RetrieveAuthPage (PmWikiAuth) now recognizes a $level of 'ALWAYS' as indicating that access should always be allowed, regardless of current passwords or identities.%0a* Added filter specifier for AuthUser LDAP authentication (contributed by Balu).%0a%0a!!!Version 2.1.13, 2.1.14 (2006-08-15, 2006-08-16)%0a* Updated scripts/authuser.php to allow ldaps://... authentications (contributed by Michael Brenner).%0a* Fixed problem with numeric passwords introduced in 2.1.beta20 (reported by Christophe David and Dirk Blaas).%0a%0a!!!Version 2.1.12 (2006-08-07)%0a* Corrected typo in Site.SideBar file (reported by Judith Zacharie).%0a* Suppressed warning message for search on sites without a wikilib.d/ directory.%0a* Added capability for nested divs.%0a* Use $Transition['nodivnest'] to restore previous non-nesting div/table behavior.%0a* Including authuser.php now automatically resolves pagename.%0a* Added [@(:noaction:)@] directive to turn off actions.%0a* Fixed bug in wikistyles prior to image blocks.%0a* Added white-space as allowed wikistyle (suggested by C. Ridderström).%0a* Allow colons, hyphens, and dots in id= tags.%0a%0a!!!Version 2.1.11 (2006-06-09)%0a* Fixed generation of empty paragraphs around [@%25define=...%25@] wikistyles (PITS:00753).%0a%0a!!!Version 2.1.10 (2006-06-04)%0a* Added a %3cspan> around the RecentChanges link in the pmwiki skin (PITS:00750, suggested by Hagan Fox).%0a* Changed the $Action variable to $ActionTitle (PITS:00749, reported by Hagan Fox).%0a* Changed $FPLTemplatePageFmt to be an array of pages to be searched for page templates, enabled searching of current page and Site.LocalTemplates page.%0a* Updated .vspace margin in sidebar for pmwiki skin (PITS:00751, by Hagan Fox).%0a%0a%0a!!!Version 2.1.9 (2006-06-02)%0a* Fixed a bug with [@[[~Author]]@] links (PITS:00530 reported by Klonk, PITS:00611 reported by weijang, PITS:00671 reported by Stirling Westrup, and helpful clues provided by Clayton Curtis).%0a%0a!!!Version 2.1.8 (2006-06-01)%0a* Added ability to specify notification entries from ''local/config.php'' as well as Site.Notify (suggested by Christophe David).%0a* Fixed $Transition['vspace'] from 2.1.7.%0a%0a!!!Version 2.1.7 (2006-05-31)%0a* Adjusted width of edit form for IE browsers (contributed by Roman and H. Fox).%0a* Suppress authentication failure error from LDAP (PITS:00739).%0a* Fixed problem with invalid page names resulting in redirect loop (PITS:00723, reported by jojoo).%0a* Added "Group." and "Group/" page name syntax, resolving PITS:00736 (from a suggestion by Pico).%0a* Changed handling of "vspace" paragraphs.%0a* Fixed some XSS vulnerabilities in uploads.php and url links (reported by Moritz Naumann, http://moritz-naumann.com).%0a* Added notify.php script, allowing finer control of email notifications.%0a%0a!!!Version 2.1.6 (2006-05-22)%0a* Optimized performance of urlapprove.php.%0a* Added [@(:if auth xyz PageName:)@] syntax.%0a* Corrected XSS bug in trails.php.%0a* Slightly improved performance of free links.%0a* Restore ability to use hyphens in InterMap links (reported by Henrik Bechmann).%0a%0a!!!Version 2.1.4, 2.1.5 (2006-03-29)%0a* Fixed problem with pagelist-based feeds (PITS:00709, reported by Jon Haupt).%0a* Added [@{$Action}@] page variable. (PITS:00696, reported by Sebastian Pipping).%0a* Added stripmagic() around variables submitted to authuser.php.%0a* Fixed problem with multi-term searches containing special characters (PITS:00713, reported by Leo).%0a* Switched [[PageDirectives#attachlist| [@(:attachlist:)@] ]] to use a natural case sort (suggested by H. Fox).%0a%0a!!!Version 2.1.3 (2006-03-17)%0a* Re-fixed problem with PHP 5.1.1 and lines= option to [@(:include:)@] (PITS:00620).%0a* Fixed empty LDAP password issue (reported by Thomas Lederer).%0a%0a!!!Version 2.1.2 (2006-03-16)%0a* Fixed %3ch1>/%3ch2> tag mismatches (PITS:00702, reported by Martin Hason).%0a* Fixed bug with $AllowPassword and "nopass" (reported by M. Weiner and bram brambring).%0a* Improved the speed of RSS and other web feeds when $EnablePageListProtect is not set.%0a%0a!!!Version 2.1.1 (2006-03-13)%0a* Fixed a bug with multiple authorization groups as a password (PITS:00699, reported by Ari Epstein).%0a* Updated the authorization code to be a bit more liberal with password/group settings.%0a* Updated PmWiki.FAQ page to be able to grab FAQ items from other pages in the documentation.%0a%0a!!Version 2.1.0 (2006-03-12)%0a* Many many documentation updates (special thanks to many authors).%0a* Allow trailing underscores in upload names (requested by Hans).%0a* Fixed 'ak_print' problem causing accesskey='a' for print (noted by Pico).%0a* Added code to make sure each anchor is generated only once per page (for XHTML validity).%0a* Added a $BlockPattern variable to recognize block HTML tags.%0a* Made an adjustment to Keep() so that it places strings with block HTML into the 'B' pool.%0a* Adjusted stdmarkup.php to not produce paragraphs for keep blocks in the 'B' pool.%0a* Corrected a variety of i18n phrases.%0a* Added class='escaped' to distinguish [=@@...@@=] from [=[@...@]=] (from a comment by Hans).%0a* Slightly changed styling of .faq divs.%0a* Made the edit textarea a couple of rows smaller to better fit on smaller displays (suggested by H. Fox).%0a----%0a[[(PmWiki:)ChangeLog Archive]] - changes prior to version 2.1.0.%0a -time=1247697823 +text=(:Summary: Log of changes made to PmWiki by [[Release(Notes)]]:)%0aSee [[Cookbook:RecentChanges | the cookbook recent changes page]] for additional updates and activity by other developers, or join the [[PmWiki/MailingLists | pmwiki mailing lists]] to discuss feature development with us.%0a%0a(:comment Changes made to the [[PmWiki:Subversion | subversion pre-release ]] of PmWiki.:)%0a!!! Version 2.2.4 (2009-07-16)%0a* Fix bug with page attributes, which somehow didn't make it in the 2.2.3 release.%0a* Fix bug with HTML entities in XLPages introduced earlier today in 2.2.3 (reverted, PITS:01111).%0a%0a!!! Version 2.2.3 (2009-07-16)%0a* Fix action=logout could incorrectly set a session cookie (PITS:01062).%0a* Fix page history trim in vardoc.php (PITS:01103).%0a* Add $EnableUploadGroupAuth, use group password for downloads (PITS:01104).%0a* Fix recursive PTV loops, added $MaxPageTextVars (PITS:00915, PITS:01099).%0a* Fix mkdirp() messages for absolute paths (PITS:00396).%0a* Fix sample-config.php order for urlapprove.php (PITS:01037).%0a* Fix broken signature links on preview.%0a* Fix crypt.php (action=crypt) could malfunction for passwords with quotes or apostrophes.%0a* Fix @@ @_site_*@@ passwords to work in GroupAttributes (PITS:00836, PITS:00998).%0a* Fix possible XSS vulnerabilities, reported by Michael Engelke.%0a* Update documentation.%0a%0a!!! Version 2.2.2 (2009-06-21)%0a* Fix class in pages not on the breadcrumbs trail, reported by Ed W.%0a* Fix @@tabindex@@ and @@onclick@@ to guiedit buttons.%0a* Fix $GroupPrintHeaderFmt in print.php (PITS:01073).%0a* Fix global vars in xlpage-utf-8.php (PITS:00980).%0a* Fix $txt in LinkPage (reported by Eemeli Aro).%0a* Add $EnableNotifySubjectEncode for international wikis (Cookbook:UTF-8).%0a* Fix international message in Abort().%0a* Fix security bug with AuthUser, reported by Eemeli Aro. See [[Release notes]].%0a* Fix $ActionTitleFmt for login and upload, reported by Eemeli Aro.%0a%0a!!! Version 2.2.1 (2009-03-28)%0a* Fix $FPLTemplateMarkupFunction which somehow didn't get in the 2.2.0 archive.%0a* Fix wikitrails to work cross-group (PITS:00407).%0a* Add $EnableRedirectQuiet variable (PITS:00919).%0a* Fix [={$Title}=] could display global variables (reported by HansB).%0a* Fix reloaded form submissions could lose values (reported by DaveG).%0a* Fix preview while restoring a version from history (PITS:01081).%0a* Fix relative links with international characters (reported by G. Hermanowicz).%0a* Add in sample-config.php example call to xlpage-utf-8.php (PITS:01066).%0a* Update documentation.%0a* Fix guiedit.php to produce valid HTML.%0a%0a!! Version 2.2.0 (2009-01-18)%0a* Convert beta series to official release series.%0a* Add $FPLTemplateMarkupFunction (PITS:00984, requested by John Rankin).%0a%0a!!! [[#beta68]] Version 2.2.0-beta68 (2008-08-14)%0a* Fix E_NOTICE errors reported by Dominique Faure.%0a* Enable [@(:redirect:)@] directives in pagelists.%0a%0a!!! [[#beta67]] Version 2.2.0-beta67 (2008-07-13)%0a* Add [={$LastModifiedTime}=] page variable.%0a* Add $EnableSessionPasswords variable to control session password usage.%0a* Add $SessionEncode and $SessionDecode variables to specify functions for encoding/decoding sensitive session data.%0a* Updated httpauth.php to use SessionAuth instead of poking in session guts directly.%0a%0a!!! [[#beta66]] Version 2.2.0-beta66 (2008-07-04)%0a* Add content-type/charset to Abort() output (suggested by Petko).%0a* Close minor XSS vulnerability (PITS:01030).%0a* Add "nested if" capability.%0a* Fix bug in $Transition handling that would enable all transitions if any were set (reported by John Rankin).%0a %0a%0a!!! [[#beta65]] Version 2.2.0-beta65 (2007-11-17)%0a* Fix SiteAdmin.AuthList so that it defaults to list=all (reported by Roman).%0a* Fix pmwiki skin to include xmlns= attribute in %3chtml> tag (PITS:00989, reported by Mateusz Czaplinski and Petko Yotov).%0a%0a!!! [[#beta64]] Version 2.2.0-beta64 (2007-11-13)%0a* Add times to PmWiki date parsing (e.g., 2007-08-09T12:22:04).%0a* Suppress warning from ini_set in diag.php (suggested by Petko).%0a* Fix handling of -> links in trails (reported by Eemeli Aro).%0a* Add .kml and .kmz as valid attachment types. %0a* Fix handling of [=&=] in markup (PITS:00988, reported by Stirling Westrup).%0a* Fix duplication of language markers in $XLLangs (PITS:00987, reported by Stirling Westrup).%0a* Correct typo in DRange() call in stdmarkup.php (reported by Stirling Westrup).%0a* Turn on error displays when diagnostics are enabled.%0a* Default PHP's pcre.backtrack_limit to at least 1000000.%0a%0a!!! [[#beta63]] Version 2.2.0-beta63 (2007-07-31)%0a* Added $SkinDirectivesPattern to allow adjustments to available skin directives (requested by Petko).%0a* Fix default permissions on Site.AuthUser and Site.AuthList (reported by Scott Connard).%0a* Add "monospace" to pmwiki.css default (reported by Joshua Timberman, with assistance from H. Fox)%0a* Fix problem with slashes in wildcards to name= and group= parameters (reported by Ian MacGregor).%0a%0a!!! Version 2.2.0-beta62 (2007-07-21)%0a* Fix bug in trails introduced by beta61 (reported by charlequin).%0a%0a!!! Version 2.2.0-beta61 (2007-07-19)%0a* Add ability to grab trails by section.%0a* Add an "ontrail" condition (from suggestions by charlequin).%0a%0a!!!Version 2.2.0-beta59, 2.2.0-beta60 (2007-07-18)%0a* Fix problem with upgrade.php on [[wiki farms]] (reported by Scott Connard).%0a* Fix problem with distributed version of Site.AuthUser (reported by Jon Haupt).%0a%0a!!!Version 2.2.0-beta58 (2007-07-17)%0a* Significant change: Site.AuthUser, Site.Blocklist, Site.ApprovedUrls, and Site.NotifyList now appear in the [[SiteAdmin]] group by default.%0a** Note: if you limit groups by setting $GroupPattern, you now need to include SiteAdmin (see [[Cookbook:LimitWikiGroups]])%0a* Abort if ldap: authentication requested and libraries aren't present.%0a* Added "upgrades.php" script to handle various migration issues.%0a* Current PmWiki [[version]] is now held in [[SiteAdmin.Status]] .%0a* Fix ?action=postupload to follow ?action=upload settings.%0a* Improvements to [[SiteAdmin.AuthList]] page (suggestions and fixes from Ian MacGregor).%0a* Allow leading underscores in attachment names (requested by Christophe David).%0a%0a!!!Version 2.2.0-beta57 (2007-06-15)%0a* Fix AsSpacedUTF8() to work like AsSpaced() (reported by Petko).%0a* Qualify page links that contain parentheses (reported by Petko).%0a* Fix bug in [@(:input default $:var ... :)@] (reported by Crisses).%0a%0a!!!Version 2.2.0-beta56 (2007-06-13)%0a* Fix AsSpaced() to not add spaces before leading digit, and treat hyphenated digits as complete numbers.%0a* Fix infinite recursion in self-referencing [[page text variables]] (PITS:00915).%0a* Fix bug introduced in beta55 not handling end [[links|anchors]] correctly (reported by Roman).%0a%0a!!!Version 2.2.0-beta55 (2007-06-11)%0a* Fix attributes to [@(:input e_form:)@] (PITS:00387, re-reported by Crisses).%0a* UpdatePage() now calls StopWatch() to record posting.%0a* Display stopwatch output as part of redirect.%0a* Fix [[wiki styles]] bug when $EnableLinkPageRelative is set (reported by Petko).%0a* Revise TextSection() code to hopefully avoid %25newwin%25[[http://pcre.org/|pcre]] limits (reported by Kathryn Andersen, Knut Alboldt).%0a* Add wrap=inline and wrap=none options to [[page list(s#pagelistwrap)]].%0a%0a!!!Version 2.2.0-beta53, 2.2.0-beta54 (2007-06-02)%0a* Improve error message reporting for markup rules (suggestion by Knut Alboldt).%0a* Clean up more E_NOTICE warnings (reported by Ian MacGregor).%0a* Add focus= option to [=(:=][[forms|input]]:) controls.%0a* Added CSS [@.faqtoc@] class, to be able to display only the questions coming from the #includefaq [[page list template(s)]].%0a* Changed [[PmWiki.FAQ]] to use .faqtoc class.%0a* Fix bug in TextSection (PITS:00935, reported by Jean-Fabrice).%0a* Fix bug in [[page list(s#pagelisttrail)]] caching of trails.%0a%0a!!!Version 2.2.0-beta52 (2007-05-26)%0a* Add per-PageStore attributes (from a suggestion by Tobias Thelen).%0a* Add [@{$PasswdRead}@], [@{$PasswdEdit}@], etc. to display page password settings.%0a* Add Site.AuthList to display all password permissions on a site.%0a* Reorder $PageListFilters slightly.%0a* Add "passwd=" option to [[page list(s#pagelistpasswd)]], to return only those pages that have some sort of [[password(s)]] attribute on them.%0a* Add line numbers to StopWatchHTML output.%0a* Clean up handling of $AuthCascade.%0a%0a!!!Version 2.2.0-beta51 (2007-05-23)%0a* Add fmt=count to [[page list(s#pagelistcount)]] (reminder from Hans).%0a* Ignore hidden files in [[skin(s)]] directories when searching for .tmpl (suggestion by Stephan Becker).%0a* Clean up queuing of pages to be updated in .pageindex .%0a* Reset $LinkTargets() at beginning of each UpdatePage() sequence.%0a%0a!!!Version 2.2.0-beta50 (2007-05-22)%0a* Fix HTML cache when drafts are enabled, or other recipes using CondAuth().%0a* Prevent [[page lists]] with protected pages from HTML cache.%0a%0a!!!Version 2.2.0-beta48, 2.2.0-beta49 (2007-05-21)%0a* Fix spurious value= attribute in %3ctextarea> tag generated by [@(:input textarea ... :)@].%0a* Allow either [@(:input default ...:)@] or [@(:input defaults ...:)@].%0a* Fix problem with page text variable handling in [@(:input defaults:)@].%0a* Allow either [@(:template default:)@] or [@(:template defaults:)@] in [[page list templates]].%0a* Fix a bug handling dates with suffixes (reported by Crisses).%0a%0a!!!Version 2.2.0-beta47 (2007-05-20)%0a* Fix bug with quote handling in [@(:include:)@] options (reported by Hans).%0a%0a!!!Version 2.2.0-beta46 (2007-05-19)%0a* Moved $PageTextVarPatterns definition from scripts/stdmarkup.php to pmwiki.php.%0a* Ignore Markup() rules that have unresolved $when parameters.%0a* Fix issue in authuser.php when $auth array isn't set (contributed by Ben Stallings).%0a* The [@(:include:)@] directive now performs template argument processing on the included text.%0a* Optimized [@(:pagelist:)@] slightly when sorting on [[page variables]].%0a* Refactored [@(:input ... :)@] markups.%0a* Added HandleDispatch(), which allows action handlers to easily redispatch to other actions (and add messages).%0a* Added FmtTemplateVars(), to perform various template-substitutions.%0a%0a%0a!!!Version 2.2.0-beta45 (2007-05-02)%0a* Update pmwiki's date parsing to use a common routine, recognizing dates within strings and restricting range to 1900-2039.%0a* Add additional parameter to "date" conditional.%0a* Add if= option to [[page list(s#pagelistif)]] (suggested by Crisses).%0a* Refactor code to use TextSection() and RetrieveAuthSection() functions.%0a* The value= parameter to [@(:input textarea:)@] now works properly (including values loaded from $InputValues).%0a* The [@(:input default:)@] directive now allows loading input control defaults from another page via the [@source=@] parameter.%0a* Remove automatic call to FmtPageName() in $ROSPatterns. Add $ROEPatterns (from suggestions by JB and others).%0a* Fix minor variable bugs in scripts/crypt.php.%0a* Remove E_NOTICE errors (reported by Hans).%0a* Fix handling of page variables when pagename is empty or not provided.%0a* Add $EnableLinkPageRelative configuration option.%0a* Clean up handling of arguments to [@{(ftime ...)}@].%0a* Remove mailposts.php call in stdconfig.php (reported by Christophe David).%0a%0a!!!Version 2.2.0-beta44 (2007-04-16)%0a* Fix case conversion of U+027D and U+026B (reported by Petko).%0a* Add $FTimeFmt to set default formatting for [@{(ftime)}@].%0a* Add %25s conversion to [@{(ftime)}@] for systems that don't have it by default.%0a* Report an error if edit [[form(s)]] cannot be read (suggested by Hans).%0a* Don't report ?cannot acquire lockfile when simply browsing pages.%0a* Add $EnableReadOnly flag to signal when PmWiki is to be run in read-only mode.%0a%0a!!!Version 2.2.0-beta43 (2007-04-15)%0a* Update drafts code to add $EnablePublishAttr and change button labels when drafts are enabled (PITS:00755).%0a* Removed no-longer-needed 'compat1x.php' and 'mailposts.php' from distribution.%0a* Added $DraftRecentChangesFmt.%0a* Added "[[markup expressions]]" [@{(...)}@] into the core.%0a* Added charset= attribute to saved pages.%0a* Update pagelist.php and xlpage-utf-8.php to handle case-insensitive searches.%0a* Added some optimizations to phpdiff.php script to produce more useful history information.%0a%0a!!!Version 2.2.0-beta42 (2007-03-27)%0a* Fix a bug with order=title in pagelists (reported by Anno).%0a%0a!!!Version 2.2.0-beta41 (2007-03-26)%0a* Added $EnableWSPre option, which allows easy adjustment of the "leading space -> preformatted text" (or "whitespace") rule.%0a* Added a new "pre" wikistyle, to designate blocks that are to be treated as preformatted text.%0a%0a!!!Version 2.2.0-beta40 (2007-03-24)%0a* Fix bug with order=title in pagelists when using $Titlespaced (PITS:00906, reported by Feral).%0a* Report state of allow_url_fopen when downloads fail in blocklist.php.%0a%0a!!!Version 2.2.0-beta39 (2007-03-23)%0a* Allow page variable filters to appear as options in [@(:template defaults:)@] (reported by SteP).%0a* Updated [[Site.PageListTemplates]] to use [@(:template:)@] directives.%0a* Remove '#wikileft h1' and '#wikileft h5' from pmwiki default stylesheet.%0a%0a!!!Version 2.2.0-beta38 (2007-03-22)%0a* Strip control characters from $ChangeSummary.%0a* Fix problem with count=m..n where m..n is outside the range of available pages (reported by SteP).%0a* Allow [@(:template default ...:)@] to specify a class= option.%0a* [[PmWiki/PageDirectives#redirect|Redirect]] pagename can now include an anchor (PITS:00558)%0a%0a!!!Version 2.2.0-beta37 (2007-03-16)%0a* Allow an optional space after comma separators in wildcard patterns (reported by Han Baas).%0a%0a!!!Version 2.2.0-beta36 (2007-03-16)%0a* Allow nested [[page text variables]] to work, remove extraneous ENT_NOQUOTES parameter.%0a* Add new [@(:template ...:)@] directives for pagelist templates.%0a* Modify count= option to pagelists to allow for alternate ranges.%0a%0a!!!Version 2.2.0-beta35 (2007-03-05)%0a* Fix bug in [[conditional markup]] parsing (reported by Christophe David).%0a%0a!!!Version 2.2.0-beta33, 2.2.0-beta34 (2007-03-01)%0a* Refactor wildcard handling into its own GlobToPCRE function.%0a* Allow negated wildcards for page variable filters in pagelists (PITS:00878, reported by Jiri)%0a* Fix wildcards so that spaces no longer separate patterns (use commas).%0a* Fix handling of '&' prior to [@(:input:)@] and other directives (reported by Luigi).%0a* Adjust position of [@%25define=...%25@] [[wiki styles]] to occur after ampersands.%0a* Adjust copyright dates on many files.%0a* Allow spaces around text variable names in [[page text variable(s)]] markups.%0a%0a!!! [[#beta32]] Version 2.2.0-beta32 (2007-02-28)%0a* Fix erroneous $EnableCreole item in docs/sample-config.php (reported by Sigurd).%0a* Added [@(:elseif:)@] and [@(:else:)@] markups (PITS:00787).%0a* Fix global $Skin variable handling when using SetSkin from within markup.%0a* Make sure directives aren't treated like [[page text variables]] (reported by Petko).%0a* Remove call to ResolvePageName() from authuser.php .%0a* Simplify [[PmWiki/AuthUser#LDAP|LDAP]] authentication for Active Directory sites.%0a* Cache lowercase/uppercase patterns in AsSpacedUTF8().%0a%0a!!!Version 2.2.0-beta31 (2007-02-11)%0a* Fix bug with sorting on [[pagelist variables]] (reported by Kathryn Andersen).%0a%0a!!!Version 2.2.0-beta29, 2.2.0-beta30 (2007-02-09)%0a* MakePageName now uses the first matching entry of $PagePathFmt as the home page of groups without a home page.%0a* Add AsSpacedUTF8() to handle title spacing in utf-8 (PITS:00875, contributed by Petko, Celok)%0a* Fix $RequestedPage when running with utf-8.%0a* Add %3cmeta> content-type tag for utf-8.%0a* Add an experimental caching system for pagelists.%0a* Fix $SuffixPattern and link suffixes for utf-8 (PITS:00881, reported by ppip).%0a%0a!!!Version 2.2.0-beta28 (2007-02-03)%0a* Update blocklist.php so that all posted fields are checked for block values (PITS:00850).%0a%0a!!!Version 2.2.0-beta27 (2007-01-25)%0a* Fix markup processing sequence for [@(:input default:), (:input select:)@], etc. (problem noted by Marc).%0a* Fix default value of [@order=@] parameter to MakePageList().%0a%0a!!!Version 2.2.0-beta26 (2007-01-23)%0a* Fix a bug where pagelist list= option had no effect when reading from trails (from an rss problem noted by Russ Fink).%0a%0a!!!Version 2.2.0-beta24, 2.2.0-beta25 (2007-01-22)%0a* Add a scripts/creole.php module for Creole markup (http://www.wikicreole.org/).%0a* Move WikiWords out of the core defaults -- can be enabled via $EnableWikiWords.%0a* Fix handling of WikiWords following & or #, as in [=Æ and #FFFF00=] (reported by Moni Kellermann).%0a* Adjust FormatTableRow() to support Creole-style tables (using single |'s).%0a* Update docs/sample-config.php with new configurations and options.%0a* Added code to allow Abort() to refer to additional information on pmwiki.org.%0a* Added $EnableSkinDiag, which checks templates for required %3c!--HTMLHeader--> and %3c!--HTMLFooter--> directives.%0a* Removed deprecated $BasicLayoutVars support from skins.php.%0a%0a!!!Version 2.2.0-beta22, 2.2.0-beta23 (2007-01-17)%0a* Added $EnableActions, to allow pmwiki.php to be included without generating output (from a suggestion by Wouter Groeneveld).%0a* Fix bug in "order=" option to [@(:pagelist:)@] (reported by Mike Bishop).%0a* Change DisplayStopWatch() function to StopWatchHTML().%0a* Allow multiple lines for markup:, wiki:, and page: template directives (reported by Marc)%0a%0a!!!Version 2.2.0-beta21 (2007-01-12)%0a* Fix %3cvspace> bug in searchresults output (PITS:00846, reported by M. Czaplinski, marc, and others).%0a* Fix numerous E_NOTICE warnings and incorrect constants (PITS:00853, contributed by AndrewFyfe).%0a%0a!!!Version 2.2.0-beta20 (2007-01-11)%0a* $FeedPageListOpt needs to be declared global in feeds.php.%0a* Add "404 Not Found" status code to ?invalid page name aborts (PITS:00854, suggested by Athan).%0a* Remove stale entries from $PageExistsCache when a new PageStore is added (reported by Hans).%0a%0a!!!Version 2.2.0-beta19 (2006-12-29)%0a* Have blocklist check $_POST['text'] only when it is set (from a report by Simon).%0a%0a!!!Version 2.2.0-beta18 (2006-12-28)%0a* Change $pagename parameter in UpdatePage() to be passed by reference (suggestion by J. Meijer).%0a* Fix $EnableRobotsCloakActions so that it works again with page variables.%0a* Add "XML Sitemaps" to $RobotPattern.%0a* Change $MetaRobots to return "nofollow,noindex" for non-existent pages.%0a* Prefer "404 Not Found" to "403 Forbidden" for [[(PmWiki:)robots]] attempting to do invalid actions on non-existent pages.%0a* Add rel='nofollow' to "create attachment" links.%0a* Added class='inputbox' to select boxes (suggested by Hans).%0a* Added .odt, .ods, and .odp file extensions to allowed [[uploads]] (suggested by Algis Kabaila, Robin Sheat, and others).%0a* Clean up some error warnings (PITS:00801, contributed by psvo).%0a* Set $ScriptUrl to 'https:' when accessed via SSL link (suggestions from C. Ridderström, H. Fox, PITS:00410, PITS:00527, PITS:00595).%0a* Fix bug in link= and trail= options to [@(:pagelist:)@] (reported by C. Ridderström).%0a%0a!!!Version 2.2.0-beta17 (2006-12-13)%0a* Fix spurious hidden field in [@(:searchbox:)@] output (reported by Hans).%0a* Fix $CaseConversions array for \xc4\xb1 and \xc5\xbf (reported by Petko Yotov).%0a* Refactor [@(:input:)@] markup handling.%0a* Add [@(:input select ...:)@] markup (PITS:00567).%0a* Add [@(:input default ...:)@] markup -- may change before 2.2.0 release.%0a* Add ability to set defaults for radio/checkbox/select controls.%0a%0a%0a!!!Version 2.2.0-beta16 (2006-11-10)%0a* Fix problem with [@(:e_preview:)@] directive when viewing an edit form (reported by Dominique Faure).%0a* Fix out-of-memory problem in scripts/compat1x.php when dealing with large pages to be converted (contributed by Donald Gordon).%0a* Fix problem of Variable: lines immediately followed by newline (reported by Hans).%0a* Fix uninitialized variable errors in FormatTableRow() (reported by Bob Sanders).%0a* Fix second argument of MakeBaseName() (provided by Stirling Westrup).%0a%0a!!!Version 2.2.0-beta15 (2006-10-16)%0a* Fix bug with displaying multi-line [@(:var:value:)@] [[page text variables]] (reported by Pico).%0a* Improve PageStore ls() method slightly, to restrict pagename searches to directories of a given depth (based on an issue reported by Chris Cox).%0a* Added $IsBlocked status variable to scripts/blocklist.php.%0a* Added $UnapprovedLink array to report unapproved links.%0a* Added $TimeISOFmt, $TimeISOZFmt, and $CurrentTimeISO variables.%0a* Switched scripts/feeds.php to use $TimeISOZFmt instead of $ISOTimeFmt.%0a* Added [@request=@] option to [@(:pagelist:)@], switched pagelist to default to not use url/form parameters.%0a* Fixed bug with array [@{$$options}@] in pagelist.%0a%0a!!!Version 2.2.0-beta14 (2006-10-06)%0a* Fix problem with extra parameter to mail when $NotifyParameters is empty (reported by Tom Lederer).%0a* Improve configurability of $SearchPatterns (from suggestions by Stirling Westrup).%0a* Add ability for $WikiWordCount to disable wikiword spacing (PITS:00327).%0a%0a!!!Version 2.2.0-beta13 (2006-10-04)%0a* Fix handling of angle brackets (and potential XSS) in pagelists combined with page text variables (noted by Pico).%0a%0a!!!Version 2.2.0-beta12 (2006-10-03)%0a* Added the UpdatePage() function into the core. %0a%0a!!!Version 2.2.0-beta11 (2006-10-03)%0a* Added ability to automatically create targets.%0a* Added sample code to docs/sample-config.php for automatic generation of Category.* pages.%0a* Fixed character escapes in pagelist [@{$$option}@] variables.%0a%0a!!!Version 2.2.0-beta10 (2006-10-02)%0a* Added [@{$$option}@] variables to get option values from [@(:pagelist:)@] (based on a recipe from Martin Fick).%0a* Changed [@{$PageCount}, {$GroupPageCount}, and {$GroupCount}@] to be [@{$$PageCount}, {$$GroupPageCount}, and {$$GroupCount}@].%0a* Added [@{$BaseName}@] page variable and $BaseNamePatterns.%0a%0a!!!Version 2.2.0-beta9 (2006-10-01)%0a* Fix bug with $EnablePageListProtect (reported by Brent Zupp).%0a* Added ability to select based on page variables in [@(:pagelist:)@].%0a%0a!!!Version 2.2.0-beta8 (2006-09-30)%0a* Update scripts/blocklist.php to check only $_POST['text'] instead of entire markup text.%0a* Fix bug in pagelist.php that wouldn't return correctly formatted array in certain circumstances (noted by Florian Fischer and JDem).%0a%0a!!!Version 2.2.0-beta7 (2006-09-30)%0a* Added scripts/blocklist.php to core.%0a* Updated handling of $PageTextVarPatterns.%0a* Eliminated need for extra flush() steps in notify.php, pagelist.php.%0a%0a!!!Version 2.2.0-beta6 (2006-09-27)%0a* Fix bug with initialization of $FeedPageListOpt in scripts/feeds.php (reported by Roman).%0a* Fix bug with over-eager [@(:textvar:value:)@] markup (from a bug reported by Chris Cox).%0a%0a!!!Version 2.2.0-beta4, 2.2.0-beta5 (2006-09-27)%0a* Fix bug with name= option in pagelist (reported by Ben Wilson).%0a* Fix bug with array_merge under PHP 5 (reported by Kathryn Andersen).%0a%0a!!!Version 2.2.0-beta3 (2006-09-26)%0a* Remove extra %3c!----> comment at end of table directives (noted by Ben Stallings).%0a* Fix directive form of page text variables (reported by Kathryn Andersen).%0a* Add first version of new modular pagelist code.%0a%0a!!!Version 2.2.0-beta2 (2006-09-25)%0a* Add support for [@{$:var}@] page text variables, and [@(:var:...:)@] markup.%0a* Fix default setting of $EnableRelativePageVars in docs/sample-config.php .%0a%0a!!!Version 2.2.0-beta1 (2006-09-25)%0a* Added [@{*$var}@] page variables (always the currently browsed page).%0a* Convert link and page variable handling in [=(:include:)=] to be relative to the included page.%0a* Added $EnableRelativePageVars and $EnableRelativePageLinks variables, as well as transition options.%0a* Added basepage= option to [=(:include:)=].%0a* Updated $GroupHeaderFmt and $GroupFooterFmt to use basepage= option.%0a* Adjusted $MakePageNamePatterns to automatically strip any #... or ?... from the end of a pagename input string (solution to a problem reported by J. Meijer).%0a%0a!!!Version 2.1.27 (2006-12-11)%0a* Backport in bug fix for TableRowFormat (from 2.2.0-beta16).%0a* Add support for [@{*$Variable}@] syntax (from 2.2.0 page variables).%0a%0a!!!Version 2.1.26 (2006-09-11)%0a* Fix a bug with variable referencing that caused feeds.php to get a confused PCache (reported by Helge Larsen).%0a%0a!!!Version 2.1.25 (2006-09-08)%0a* Fixed a bug in authuser.php that would fail if $AuthUser isn't defined (reported by Hans Huijgen).%0a* Added %3c!--XMLHeader--> and %3c!--XMLFooter--> aliases to %3c!--HTMLHeader--> and %3c!--HTMLFooter--> directives in skin templates (suggested by John Rankin).%0a* Added $PageExistsCache (suggested by John Rankin).%0a%0a!!!Version 2.1.24 (2006-09-06)%0a* Fixed a bug in authuser.php that had trouble dealing with non-array entries in $AuthUser (reported by Udo).%0a* Can now specify authorization groups using $AuthUser['@group'] entries.%0a* Can now specify an Apache .htgroup-formatted file for authorization groups via $AuthUser['htgroup'].%0a%0a!!!Versions 2.1.21, 2.1.22, 2.1.23 (2006-09-05, 2006-09-06)%0a* Close a potential security hole with $FarmD when register_globals is set "On".%0a* Correct a syntax error in feeds.php (noted by Ben Wilson).%0a* Fix a bug that prevented PmWiki from reading page files generated by versions prior to 0.5.6 (discovered by Milan Avramovic).%0a%0a!!!Version 2.1.20 (2006-09-04)%0a* Fixed a bug in [[PageDirectives#attachlist| [@(:attachlist:)@] ]] when passed a wikiword argument (reported by Kathryn Andersen).%0a* Changed $HTMLStylesFmt['markup'] to honor config.php setting (reported by Hans).%0a%0a!!!Version 2.1.19 (2006-08-30)%0a* Corrected a bug in the pageindex code that was causing the .pageindex to not update as quickly as it should.%0a* Slightly changed the handling of 'width' and 'height' in wikistyles.php, so that they can be be applied as attributes to %3cobject> and %3cembed> tags.%0a* Updated the Keep() function to recognize closing block tags as being in the 'B' block pool.%0a* Fixed a bug with wikistyles and form tags.%0a%0a!!!Version 2.1.18 (2006-08-28)%0a* Closed a potential cross-site scripting vulnerability in table markups (reported by JB).%0a* Added [@(:input image:)@] markup (requested by JB).%0a* Fixed problem with ?action=print failing to set [@{$Action}@] (reported by Bart).%0a%0a!!!Version 2.1.17 (2006-08-26)%0a* Added some improvements to IMS caching to better handle logout and authorization actions (PITS:00573, reported by floozy and Henrik Bechmann).%0a%0a!!!Version 2.1.16 (2006-08-26)%0a* Added $SkinLibDirs variable, to select filesystem and url locations where skins may be found (resolves PITS:00708, as reported by Hagan Fox, with additional suggestions from Ben Wilson).%0a* Changed [@%3c!--HeaderText-->@] to [@%3c!--HTMLHeader-->@] in skin templates, and added an optional [@%3c!--HTMLFooter-->@] directive (PITS:00767).%0a* Adjusted the pmwiki and print skins to use the new directives.%0a%0a!!!Version 2.1.15 (2006-08-25)%0a* Fixed issue dealing with order of [@@_site_*@] passwords (reported by Jean-Fabrice and others).%0a* Added $LocalDir variable (requested by John Rankin).%0a* Removed an unnecessary setting of $DefaultPage in ''scripts/pgcust.php'' (it's now handled by ResolvePageName() ).%0a* Added some variables and changes in wikistyles.php to better support wikipublisher (contributed by John Rankin).%0a* RetrieveAuthPage (PmWikiAuth) now recognizes a $level of 'ALWAYS' as indicating that access should always be allowed, regardless of current passwords or identities.%0a* Added filter specifier for AuthUser LDAP authentication (contributed by Balu).%0a%0a!!!Version 2.1.13, 2.1.14 (2006-08-15, 2006-08-16)%0a* Updated scripts/authuser.php to allow ldaps://... authentications (contributed by Michael Brenner).%0a* Fixed problem with numeric passwords introduced in 2.1.beta20 (reported by Christophe David and Dirk Blaas).%0a%0a!!!Version 2.1.12 (2006-08-07)%0a* Corrected typo in Site.SideBar file (reported by Judith Zacharie).%0a* Suppressed warning message for search on sites without a wikilib.d/ directory.%0a* Added capability for nested divs.%0a* Use $Transition['nodivnest'] to restore previous non-nesting div/table behavior.%0a* Including authuser.php now automatically resolves pagename.%0a* Added [@(:noaction:)@] directive to turn off actions.%0a* Fixed bug in wikistyles prior to image blocks.%0a* Added white-space as allowed wikistyle (suggested by C. Ridderström).%0a* Allow colons, hyphens, and dots in id= tags.%0a%0a!!!Version 2.1.11 (2006-06-09)%0a* Fixed generation of empty paragraphs around [@%25define=...%25@] wikistyles (PITS:00753).%0a%0a!!!Version 2.1.10 (2006-06-04)%0a* Added a %3cspan> around the RecentChanges link in the pmwiki skin (PITS:00750, suggested by Hagan Fox).%0a* Changed the $Action variable to $ActionTitle (PITS:00749, reported by Hagan Fox).%0a* Changed $FPLTemplatePageFmt to be an array of pages to be searched for page templates, enabled searching of current page and Site.LocalTemplates page.%0a* Updated .vspace margin in sidebar for pmwiki skin (PITS:00751, by Hagan Fox).%0a%0a%0a!!!Version 2.1.9 (2006-06-02)%0a* Fixed a bug with [@[[~Author]]@] links (PITS:00530 reported by Klonk, PITS:00611 reported by weijang, PITS:00671 reported by Stirling Westrup, and helpful clues provided by Clayton Curtis).%0a%0a!!!Version 2.1.8 (2006-06-01)%0a* Added ability to specify notification entries from ''local/config.php'' as well as Site.Notify (suggested by Christophe David).%0a* Fixed $Transition['vspace'] from 2.1.7.%0a%0a!!!Version 2.1.7 (2006-05-31)%0a* Adjusted width of edit form for IE browsers (contributed by Roman and H. Fox).%0a* Suppress authentication failure error from LDAP (PITS:00739).%0a* Fixed problem with invalid page names resulting in redirect loop (PITS:00723, reported by jojoo).%0a* Added "Group." and "Group/" page name syntax, resolving PITS:00736 (from a suggestion by Pico).%0a* Changed handling of "vspace" paragraphs.%0a* Fixed some XSS vulnerabilities in uploads.php and url links (reported by Moritz Naumann, http://moritz-naumann.com).%0a* Added notify.php script, allowing finer control of email notifications.%0a%0a!!!Version 2.1.6 (2006-05-22)%0a* Optimized performance of urlapprove.php.%0a* Added [@(:if auth xyz PageName:)@] syntax.%0a* Corrected XSS bug in trails.php.%0a* Slightly improved performance of free links.%0a* Restore ability to use hyphens in InterMap links (reported by Henrik Bechmann).%0a%0a!!!Version 2.1.4, 2.1.5 (2006-03-29)%0a* Fixed problem with pagelist-based feeds (PITS:00709, reported by Jon Haupt).%0a* Added [@{$Action}@] page variable. (PITS:00696, reported by Sebastian Pipping).%0a* Added stripmagic() around variables submitted to authuser.php.%0a* Fixed problem with multi-term searches containing special characters (PITS:00713, reported by Leo).%0a* Switched [[PageDirectives#attachlist| [@(:attachlist:)@] ]] to use a natural case sort (suggested by H. Fox).%0a%0a!!!Version 2.1.3 (2006-03-17)%0a* Re-fixed problem with PHP 5.1.1 and lines= option to [@(:include:)@] (PITS:00620).%0a* Fixed empty LDAP password issue (reported by Thomas Lederer).%0a%0a!!!Version 2.1.2 (2006-03-16)%0a* Fixed %3ch1>/%3ch2> tag mismatches (PITS:00702, reported by Martin Hason).%0a* Fixed bug with $AllowPassword and "nopass" (reported by M. Weiner and bram brambring).%0a* Improved the speed of RSS and other web feeds when $EnablePageListProtect is not set.%0a%0a!!!Version 2.1.1 (2006-03-13)%0a* Fixed a bug with multiple authorization groups as a password (PITS:00699, reported by Ari Epstein).%0a* Updated the authorization code to be a bit more liberal with password/group settings.%0a* Updated PmWiki.FAQ page to be able to grab FAQ items from other pages in the documentation.%0a%0a!!Version 2.1.0 (2006-03-12)%0a* Many many documentation updates (special thanks to many authors).%0a* Allow trailing underscores in upload names (requested by Hans).%0a* Fixed 'ak_print' problem causing accesskey='a' for print (noted by Pico).%0a* Added code to make sure each anchor is generated only once per page (for XHTML validity).%0a* Added a $BlockPattern variable to recognize block HTML tags.%0a* Made an adjustment to Keep() so that it places strings with block HTML into the 'B' pool.%0a* Adjusted stdmarkup.php to not produce paragraphs for keep blocks in the 'B' pool.%0a* Corrected a variety of i18n phrases.%0a* Added class='escaped' to distinguish [=@@...@@=] from [=[@...@]=] (from a comment by Hans).%0a* Slightly changed styling of .faq divs.%0a* Made the edit textarea a couple of rows smaller to better fit on smaller displays (suggested by H. Fox).%0a----%0a[[(PmWiki:)ChangeLog Archive]] - changes prior to version 2.1.0.%0a +time=1247767068 Index: wikilib.d/PmWiki.UrlApprovals =================================================================== --- wikilib.d/PmWiki.UrlApprovals (.../pmwiki-2.2.3) (revision 2387) +++ wikilib.d/PmWiki.UrlApprovals (.../pmwiki-2.2.4) (revision 2387) @@ -1,11 +1,11 @@ -version=pmwiki-2.2.0 ordered=1 urlencoded=1 -agent=Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.19) Gecko/20081216 Ubuntu/8.04 (hardy) Firefox/2.0.0.19 -author=Petko +version=pmwiki-2.2.3 ordered=1 urlencoded=1 +agent=Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5 (.NET CLR 3.5.30729) +author=DaveG charset=ISO-8859-1 -csum=mv discussion to talk page -host=81.65.14.164 +csum=Added anchor link for sidebar heading +host=173.71.104.159 name=PmWiki.UrlApprovals -rev=66 +rev=69 targets=SiteAdmin.ApprovedUrls,Site.AllRecentChanges,PmWiki.Blocklist,PmWiki.Security -text=(:Summary:Require approval of Url links:)%0a%0aThis page explains how to discourage "link spamming" on your wiki site using PmWiki's ''urlapprove.php'' script. This script is already included in PmWiki files, but not activated by default.%0a%0a%0a!! Using ''urlapprove.php''%0aOccasionally spammers may try to add large number of (sometimes hidden) `URLs to pages because they think it will improve their search engine rankings -- which it [[#nofollow |probably won't]]. The ''urlapprove.php'' script works against these spammers' purpose by%0a%0a* requiring approval of links to Internet sites before a link to them are created in the wiki, and%0a* allowing you to limit the number of unapproved links that may be added to a page.%0a%0aTo enable ''urlapprove.php'', add the following line to a configuration file:%0a%0a->[@include_once("$FarmD/scripts/urlapprove.php");@]%0a%0aBy default, unapproved links display what ever should be displayed normally (the URL or a text), but not linked and next to it a link [-%25blue%25(approve links)%25%25-].%0aA click on the link will approve all unapproved `URLs on the page, %25green%25but ''only'' if you are authorized to edit the ''SiteAdmin.ApprovedUrls'' page%25%25. You may also pre-approve sites by by adding them directly to the [[SiteAdmin.ApprovedUrls]] page.%0a%0a%0a!!! Limiting unapproved urls per page%0aYou can limit the number of unapproved links per page. If the limit is exceeded, the page cannot be saved. This is useful because spammers like to write long link lists, which is rare for normal authors.%0a%0aExample: To set the limit to 5 unapproved links, add the following line to a configuration file:%0a%0a->[@$UnapprovedLinkCountMax = 5;@]%0a->[@include_once('scripts/urlapprove.php');@]%0a%0aNote that $UnapprovedLinkCountMax must be set ''before'' including the ''urlapprove.php'' script.%0a%0a%0a!!! Handling of Unapproved Links%0aYou can also change the disapproval message defined in the $UnapprovedLinkFmt variable, for example:%0a%0a-> [@%0ainclude_once('scripts/urlapprove.php');%0a$UnapprovedLinkFmt =%0a "[$[Link requires approval]]%3ca class='apprlink'%0a href='\$PageUrl?action=approvesites'>$[(approve)]%3c/a>";%0a@]%0a%0a"Link requires approval" is whatever you want to see in place of the unapproved link and "(approve)" is the blue text. Using this feature may prove usefull if you want to always hide the unapproved link.%0a%0aIf you wish to totally forbid unapproved links you can use%0a%0a->[@$UnapprovedLinkFmt = "%3cb>external link not allowed%3c/b>";@]%0a%0a%0a!!! `SideBar caveat%0aPlease note that in general you need to go to the sidebar page in order to approve links in the sidebar. The reason for this is that the approve mechanism only approves links on the ''current'' page.%0a%0a%0a!!! Initial setup%0aAfter initial setup all existing links become unapproved. You need to visit your pages and approve all links, where needed. See [[Site/AllRecentChanges]] for a list of all pages that were created on your wiki.%0a%0a!! Technical tips%0a[[#whiteurls]]%0a!!! URL Whitelist%0aUrls can also be approved by adding them to a "white list", %0adefined in the variable @@$WhiteUrlPatterns@@, %0awhich is set in the ''local/config.php'' file.\\%0aTo add multiples urls, use the separator @@|@@ (vertical bar). For example:%0a%0a-> [@%0a$WhiteUrlPatterns =%0a "http://example.com/|http://example.net/|http://example.org/";%0a@]%0a%0aTo add all urls from, say New Zealand and Australia, use:%0a%0a-> [@%0a$WhiteUrlPatterns[] = 'http://[^/] \\.nz';%0a$WhiteUrlPatterns[] = 'http://[^/] \\.au';%0a@]%0a%0a%0a!!! Change Approved URLs page name%0aIf you want to change the default name of ''SiteAdmin.ApprovedUrls'', set the following in ''local/config.php'':%0a%0a->[@$ApprovedUrlPagesFmt = array('OtherGroup.OtherName');@]%0a%0a!!! Previewing the unapproved URL%0aTo see what link is to be approved without editing the page a tool tip can be displayed when the cursor hovers over the [-%25blue%25(approve links)%25%25-] link that displays the URL. e.g. [[http://uuu.example.com|Example]].%0a%0aAdd the following setting in your ''local/config.php'':%0a%0a-> [@%0a$UnapprovedLinkFmt =%0a "\$LinkText%3ca class='apprlink' href='\$PageUrl?action=approvesites'%0a title='\$LinkUrl'>$[(approve links)]%3c/a>";%0a@]%0a%0a->Some browsers show only the link and not the tooltip title. In this case, you can use the following code to see the unapproved link at the end of the tooltip :%0a-> [@$UnapprovedLinkFmt =%0a "\$LinkText%3ca class='apprlink' href='\$PageUrl?action=approvesites&XES_url=\$LinkUrl'%0a title='\$LinkUrl'>$[(approve sites)]%3c/a>";%0a@]%0a%0a%0a!! About rel='nofollow' [[#nofollow]]%0aBy default, PmWiki creates external links that are not followed by search engines. %0aHere are release notes from pmwiki-2.0.beta20 (30-Jan-2005):%0a%0a->''First, the $UrlLinkFmt variable has been modified so that links to external urls automatically have a rel='nofollow' attribute added to them, to help combat wiki spam as described in [[http://googleblog.blogspot.com/2005/01/preventing-comment-spam.html]]. Site administrators can customize $UrlLinkFmt and $UnapprovedLinkFmt to supply or omit rel='nofollow' as appropriate.''%0a%0a!! See Also%0a%0a* [[PmWiki/Blocklist]] - Blocking postings based on content or IP address%0a* [[PmWiki/Security]] - Securing your PmWIki%0a -time=1235244773 +text=(:Summary:Require approval of Url links:)%0a%0aThis page explains how to discourage "link spamming" on your wiki site using PmWiki's ''urlapprove.php'' script. This script is already included in PmWiki files, but not activated by default.%0a%0a%0a!! Using ''urlapprove.php''%0aOccasionally spammers may try to add large number of (sometimes hidden) `URLs to pages because they think it will improve their search engine rankings -- which it [[#nofollow |probably won't]]. The ''urlapprove.php'' script works against these spammers' purpose by%0a%0a* requiring approval of links to Internet sites before a link to them are created in the wiki, and%0a* allowing you to limit the number of unapproved links that may be added to a page.%0a%0aTo enable ''urlapprove.php'', add the following line to a configuration file:%0a%0a->[@include_once("$FarmD/scripts/urlapprove.php");@]%0a%0aBy default, unapproved links display what ever should be displayed normally (the URL or a text), but not linked and next to it a link [-%25blue%25(approve links)%25%25-].%0aA click on the link will approve all unapproved `URLs on the page, %25green%25but ''only'' if you are authorized to edit the ''SiteAdmin.ApprovedUrls'' page%25%25. You may also pre-approve sites by by adding them directly to the [[SiteAdmin.ApprovedUrls]] page.%0a%0a%0a!!! Limiting unapproved urls per page%0aYou can limit the number of unapproved links per page. If the limit is exceeded, the page cannot be saved. This is useful because spammers like to write long link lists, which is rare for normal authors.%0a%0aExample: To set the limit to 5 unapproved links, add the following line to a configuration file:%0a%0a->[@$UnapprovedLinkCountMax = 5;@]%0a->[@include_once('scripts/urlapprove.php');@]%0a%0aNote that $UnapprovedLinkCountMax must be set ''before'' including the ''urlapprove.php'' script.%0a%0a%0a!!! Handling of Unapproved Links%0aYou can also change the disapproval message defined in the $UnapprovedLinkFmt variable, for example:%0a%0a-> [@%0ainclude_once('scripts/urlapprove.php');%0a$UnapprovedLinkFmt =%0a "[$[Link requires approval]]%3ca class='apprlink'%0a href='\$PageUrl?action=approvesites'>$[(approve)]%3c/a>";%0a@]%0a%0a"Link requires approval" is whatever you want to see in place of the unapproved link and "(approve)" is the blue text. Using this feature may prove usefull if you want to always hide the unapproved link.%0a%0aIf you wish to totally forbid unapproved links you can use%0a%0a->[@$UnapprovedLinkFmt = "%3cb>external link not allowed%3c/b>";@]%0a%0a%0a!!! `SideBar caveat [[#sidebar]]%0aPlease note that in general you need to go to the sidebar page in order to approve links in the sidebar. The reason for this is that the approve mechanism only approves links on the ''current'' page.%0a%0a%0a!!! Initial setup%0aAfter initial setup all existing links become unapproved. You need to visit your pages and approve all links, where needed. See [[Site/AllRecentChanges]] for a list of all pages that were created on your wiki.%0a%0a!! Technical tips%0a[[#whiteurls]]%0a!!! URL Whitelist%0aUrls can also be approved by adding them to a "white list", %0adefined in the variable @@$WhiteUrlPatterns@@, %0awhich is set in the ''local/config.php'' file.\\%0aTo add multiples urls, use the separator @@|@@ (vertical bar). For example:%0a%0a-> [@%0a$WhiteUrlPatterns =%0a "http://example.com/|http://example.net/|http://example.org/";%0a@]%0a%0aTo add all urls from, say New Zealand and Australia, use:%0a%0a-> [@%0a$WhiteUrlPatterns[] = 'http://[^/] \\.nz';%0a$WhiteUrlPatterns[] = 'http://[^/] \\.au';%0a@]%0a%0a%0a!!! Change Approved URLs page name%0aIf you want to change the default name of ''SiteAdmin.ApprovedUrls'', set the following in ''local/config.php'':%0a%0a->[@$ApprovedUrlPagesFmt = array('OtherGroup.OtherName');@]%0a%0a!!! Previewing the unapproved URL%0aTo see what link is to be approved without editing the page a tool tip can be displayed when the cursor hovers over the [-%25blue%25(approve links)%25%25-] link that displays the URL. e.g. [[http://uuu.example.com|Example]].%0a%0aAdd the following setting in your ''local/config.php'':%0a%0a-> [@%0a$UnapprovedLinkFmt =%0a "\$LinkText%3ca class='apprlink' href='\$PageUrl?action=approvesites'%0a title='\$LinkUrl'>$[(approve links)]%3c/a>";%0a@]%0a%0a->Some browsers show only the link and not the tooltip title. In this case, you can use the following code to see the unapproved link at the end of the tooltip :%0a-> [@$UnapprovedLinkFmt =%0a "\$LinkText%3ca class='apprlink' href='\$PageUrl?action=approvesites&XES_url=\$LinkUrl'%0a title='\$LinkUrl'>$[(approve sites)]%3c/a>";%0a@]%0a%0a%0a!! About rel='nofollow' [[#nofollow]]%0aBy default, PmWiki creates external links that are not followed by search engines. %0aHere are release notes from pmwiki-2.0.beta20 (30-Jan-2005):%0a%0a->''First, the $UrlLinkFmt variable has been modified so that links to external urls automatically have a rel='nofollow' attribute added to them, to help combat wiki spam as described in [[http://googleblog.blogspot.com/2005/01/preventing-comment-spam.html]]. Site administrators can customize $UrlLinkFmt and $UnapprovedLinkFmt to supply or omit rel='nofollow' as appropriate.''%0a%0a!! See Also%0a%0a* [[PmWiki/Blocklist]] - Blocking postings based on content or IP address%0a* [[PmWiki/Security]] - Securing your PmWIki%0a +time=1247709346