codes****@googl*****
codes****@googl*****
2009年 4月 6日 (月) 10:22:20 JST
Author: tacahi
Date: Sun Apr 5 18:13:13 2009
New Revision: 1429
Added:
externals/geeklog-1.5.2sr2/public_html/docs/
externals/geeklog-1.5.2sr2/public_html/docs/calendar.html
externals/geeklog-1.5.2sr2/public_html/docs/changed-files
externals/geeklog-1.5.2sr2/public_html/docs/changes.html
externals/geeklog-1.5.2sr2/public_html/docs/config.html
externals/geeklog-1.5.2sr2/public_html/docs/docstyle.css
externals/geeklog-1.5.2sr2/public_html/docs/history
externals/geeklog-1.5.2sr2/public_html/docs/images/
externals/geeklog-1.5.2sr2/public_html/docs/images/de.png (contents,
props changed)
externals/geeklog-1.5.2sr2/public_html/docs/images/fr.png (contents,
props changed)
externals/geeklog-1.5.2sr2/public_html/docs/images/jp.png (contents,
props changed)
externals/geeklog-1.5.2sr2/public_html/docs/images/newlogo.gif
(contents, props changed)
externals/geeklog-1.5.2sr2/public_html/docs/images/pl.png (contents,
props changed)
externals/geeklog-1.5.2sr2/public_html/docs/index.html
externals/geeklog-1.5.2sr2/public_html/docs/install.html
externals/geeklog-1.5.2sr2/public_html/docs/license
externals/geeklog-1.5.2sr2/public_html/docs/links.html
externals/geeklog-1.5.2sr2/public_html/docs/plugin.html
externals/geeklog-1.5.2sr2/public_html/docs/polls.html
externals/geeklog-1.5.2sr2/public_html/docs/spamx.html
externals/geeklog-1.5.2sr2/public_html/docs/staticpages.html
externals/geeklog-1.5.2sr2/public_html/docs/support.html
externals/geeklog-1.5.2sr2/public_html/docs/theme.html
externals/geeklog-1.5.2sr2/public_html/docs/themevars.html
externals/geeklog-1.5.2sr2/public_html/docs/trackback.html
Log:
Geeklog 1.5.2sr1を externals/geeklog-1.5.2sr2 に取り込みます。
Added: externals/geeklog-1.5.2sr2/public_html/docs/calendar.html
==============================================================================
--- (empty file)
+++ externals/geeklog-1.5.2sr2/public_html/docs/calendar.html Sun Apr 5
18:13:13 2009
@@ -0,0 +1,131 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML
4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
+<html>
+<head>
+ <title>Geeklog Documentation - Calendar Plugin</title>
+ <link rel="stylesheet" type="text/css" href="docstyle.css" title="Dev
Stylesheet">
+</head>
+
+<body>
+<p><a href="index.html" style="background:transparent"><img
src="images/newlogo.gif" alt="Geeklog Documentation" width="243"
height="90"></a></p>
+<div class="menu"><a href="index.html">Geeklog Documentation</a> -
Calendar Plugin</div>
+
+<h1>Calendar Plugin</h1>
+
+<p>Events and the calendar used to be an integral part of the Geeklog core
code,
+but have been moved to a plugin as of Geeklog 1.4.1.</p>
+
+<h2><a name="config.php">Configuration</a></h2>
+
+<p>The calendar's configuration can be changed from the Configuration admin
+panel:</p>
+
+<h3><a name="general">General Calendar Settings</a></h3>
+
+<table>
+<tr><th style="width:25%">Variable</th>
+ <th style="width:25%">Default Value</th>
+ <th style="width:50%">Description</th>
+</tr>
+<tr>
+ <td><a name="desc_calendarloginrequired">calendarloginrequired</a></td>
+ <td>0</td>
+ <td>When set to 1, only registered users can access the calendar<br>
+ Please note that <code>$_CONF['<a
+ href="config.html#desc_loginrequired">loginrequired</a>']</code> in
+ Geeklog's main configuration takes precedence over this setting. So
when
+ <code>'loginrequired'</code> is set to 1, anonymous users can not
access
+ the calendar even when <code>'calendarloginrequired'</code> is set
+ to 0.</td>
+</tr>
+<tr class="r2">
+ <td><a name="desc_hidecalendarmenu">hidecalendarmenu</a></td>
+ <td>0</td>
+ <td>Whether to hide the "Calendar" entry from Geeklog's menu bar (when
set to
+ 1) or to show it (when set to 0).</td>
+</tr>
+<tr>
+ <td><a name="desc_personalcalendars">personalcalendars</a></td>
+ <td>0</td>
+ <td>Allow account holders to have a personal calendar</td>
+</tr>
+<tr class="r2">
+ <td><a name="desc_eventsubmission">eventsubmission</a></td>
+ <td>1</td>
+ <td>Whether events submitted by users will have to be approved by an
admin
+ first (when set = 1) or show up immediately (when set = 0).</td>
+</tr>
+<tr>
+ <td><a name="desc_showupcomingevents">showupcomingevents</a></td>
+ <td>1</td>
+ <td>Whether to show upcoming events (0 = no, 1 = yes) in a separate
+ block.</td>
+</tr>
+<tr class="r2">
+ <td><a name="desc_upcomingeventsrange">upcomingeventsrange</a></td>
+ <td>14</td>
+ <td>Number of days that the "Upcoming Events" block will look
+ ahead.</td>
+</tr>
+<tr>
+ <td><a name="desc_hour_mode">hour_mode</a></td>
+ <td>12</td>
+ <td>Which format to use when submitting or editing an event. Can be 12
(for
+ the 12 hours am/pm format) or 24 (for the 24 hours format).<br>
+ Uses the same value as <a
+ href="config.html#desc_hour_mode">$_CONF['hour_mode']</a> by
default.</td>
+</tr>
+<tr class="r2">
+ <td><a name="desc_event_types">event_types</a></td>
+ <td>Anniversary, Appointment, Birthday, Business, Education, Holiday,
Meeting, Miscellaneous, Personal, Phone Call, Special Occasion, Travel,
Vacation</td>
+ <td>The set of event types that are used both on the public calendar and
the
+ user's personal calendar.</td>
+</tr>
+<tr>
+ <td><a name="desc_notification">notification</a></td>
+ <td>0</td>
+ <td>Whether to send an email notification when a new event was submitted
for
+ the site's calendar (when set to = 1) or not (when set to = 0).<br>
+ No notification is ever sent for events in personal calendars.</td>
+</tr>
+<tr class="r2">
+ <td><a name="desc_delete_event">delete_event</a></td>
+ <td>0</td>
+ <td>Defines what to do when a user is deleted that is the owner of an
event.
+ When set to 0, all events owned by the deleted user will be assigned
to a
+ user of the "Root" group (e.g. the site admin). When set to 1, the
events
+ are deleted. This only applies to site events - a user's personal
events
+ are always deleted.</td>
+</tr>
+<tr>
+ <td><a name="desc_aftersave">aftersave</a></td>
+ <td>'list'</td>
+ <td>Which page to go to after an event has been saved:
+ <ul>
+ <li>'item': display the event details</li>
+ <li>'list': show admin's list of events (default)</li>
+ <li>'plugin': display the calendar</li>
+ <li>'home': display the site's homepage</li>
+ <li>'admin': go to the "Admin Home" page, i.e. Command &
Control</li>
+ </ul></td>
+</tr>
+</table>
+
+
+<h2><a name="others">Other Options</a></h2>
+
+<p>Please note that some of the options from Geeklog's main configuration
+are also relevant for the calendar plugin:</p>
+<ul>
+<li>Times and dates are formatted according to the current language and the
+ <a href="config.html#locale">locale settings</a> from Geeklog's main
+ configuration.</li>
+</ul>
+
+
+<div class="footer">
+ <a href="http://wiki.geeklog.net/">The Geeklog Documentation
Project</a><br>
+ All trademarks and copyrights on this page are owned by their
respective owners. Geeklog is copyleft.
+</div>
+
+</body>
+</html>
Added: externals/geeklog-1.5.2sr2/public_html/docs/changed-files
==============================================================================
--- (empty file)
+++ externals/geeklog-1.5.2sr2/public_html/docs/changed-files Sun Apr 5
18:13:13 2009
@@ -0,0 +1,6 @@
+geeklog-1.5.2sr2/public_html/admin/install/index.php
+geeklog-1.5.2sr2/public_html/docs/changed-files
+geeklog-1.5.2sr2/public_html/docs/changes.html
+geeklog-1.5.2sr2/public_html/docs/history
+geeklog-1.5.2sr2/public_html/siteconfig.php
+geeklog-1.5.2sr2/system/lib-sessions.php
Added: externals/geeklog-1.5.2sr2/public_html/docs/changes.html
==============================================================================
--- (empty file)
+++ externals/geeklog-1.5.2sr2/public_html/docs/changes.html Sun Apr 5
18:13:13 2009
@@ -0,0 +1,1279 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML
4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
+<html>
+<head>
+ <title>Geeklog Documentation - Changes</title>
+ <link rel="stylesheet" type="text/css" href="docstyle.css" title="Dev
Stylesheet">
+</head>
+
+<body>
+<p><a href="index.html" style="background:transparent"><img
src="images/newlogo.gif" alt="Geeklog Documentation" width="243"
height="90"></a></p>
+<div class="menu"><a href="index.html">Geeklog Documentation</a> -
Changes</div>
+
+<h1>Changes</h1>
+
+<p>This document is intended to give a quick overview over the most
important
+and / or obvious changes. For a detailed list of changes, please consult
the
+<a href="history">ChangeLog</a>. The file <tt>docs/changed-files</tt> has
a list
+of files that have been changed since the last release.</p>
+
+<h2><a name="changes152sr2">Geeklog 1.5.2sr2</a></h2>
+
+<p>Bookoo of the Nine Situations Group posted an SQL injection exploit for
glFusion that also works with Geeklog. This issue allowed an attacker to
extract the password hash for any account and is fixed with this
release.</p>
+
+
+<p>Fernando Muñoz reported a possible <a
href="http://en.wikipedia.org/wiki/XSS" title="Click to look up 'XSS' on
Wikipedia" style="text-decoration: none; color: black; border-bottom: 1px
dotted black;">XSS</a> in the query form on most admin panels that we are
fixing with this release.</p>
+
+<h2><a name="changes152sr1">Geeklog 1.5.2sr1</a></h2>
+
+<p>Fernando Muñoz reported a possible <a
href="http://en.wikipedia.org/wiki/XSS" title="Click to look up 'XSS' on
Wikipedia" style="text-decoration: none; color: black; border-bottom: 1px
dotted black;">XSS</a> in the query form on most admin panels that we are
fixing with this release.</p>
+
+
+<h2><a name="changes152">Geeklog 1.5.2</a></h2>
+
+<h3>Bugfixes</h3>
+
+<ul>
+<li>Fixed a bug in the story preview where the story content was lost when
+ previewing a story with a duplicate story ID.</li>
+<li>Fixed another bug in the story preview that caused extra backslashes to
+ appear in the story's title.</li>
+<li>The Trackback editor didn't work since the security token was missing
from
+ the editor template.</li>
+<li>Fixed issues with clickable links in plain text postings.</li>
+<li>Fixed various problems with updating feeds, e.g. when changing topic
+ permissions.</li>
+</ul>
+
+<h3>Fixes in the bundled Plugins</h3>
+
+<ul>
+<li>Calendar: You couldn't add a new event to your personal calendar.</li>
+<li>Links: Changing a link's ID to one that was already in use overwrote
the
+ other link.</li>
+<li>Polls: Changing a poll's ID created a new poll. Also fixed an SQL error
+ when the poll question contained single quotes.</li>
+<li>Static Pages: Saving a static page changed the owner to the user who
saved
+ it.</li>
+</ul>
+
+<h3>Other Changes</h3>
+
+<ul>
+<li>Improved image quality when using gdlib to rescale uploaded
images.</li>
+<li>Theme changes are documented in the <a href="theme.html#changes">theme
+ documentation</a>, as usual. There are 4 bugfixes (one of which is in
the
+ templates for the Polls plugin) that should be applied to all themes
for
+ the 1.5.x series.</li>
+</ul>
+
+
+<h2><a name="changes151">Geeklog 1.5.1</a></h2>
+
+<p>Geeklog 1.5.1 is mostly a bugfix release and a recommended upgrade for
users
+of Geeklog 1.5.0. There were also a few minor feature additions.</p>
+
+<h3>Bugfixes</h3>
+
+<h4>Security related</h4>
+
+<ul>
+<li>The upload script for FCKeditor could be <a
+ href="http://www.geeklog.net/article.php/file-uploads">called
directly</a>
+ to upload various media files (but not executable scripts), as reported
+ by t0pP8uZz.</li>
+<li>The protection in various include files against direct execution did
not
+ work properly on non-case sensitive file systems, e.g. on Windows
+ (reported by Mark Evans).</li>
+<li>It was possible to view stories with a publication date in the future
and
+ stories that had the draft flag set if you knew their story ID.</li>
+<li>It was possible to post comments on unpublished stories if you knew
their
+ story ID.</li>
+<li>When a database backup fails, the database password is no longer
logged to
+ <tt>error.log</tt>.</li>
+</ul>
+
+<h4>Other Bugfixes</h4>
+
+<ul>
+<li>All right-side blocks were rendered twice, which not only took more
time
+ than necessary, but could also affect the functionality of add-ons like
+ the Chatterblock or Shoutbox.</li>
+<li>Fixed handling of security tokens (for CSRF protection) that prevented
+ you from deleting comments on a story that had trackbacks.</li>
+<li>Other fixes were applied to the user submission queue, story
submissions,
+ the list of draft stories and the support for MS SQL.</li>
+</ul>
+
+<h4>Fixes in the bundled Plugins</h4>
+
+<ul>
+<li>Calendar: Fixed display of events in the Upcoming Events block for the
+ current day (really this time ...).</li>
+<li>Links: Fixed SQL error when trying to change a category and fixed new
+ categories silently overwriting existing categories with the same
ID.</li>
+<li>Static Pages: Fixed printer friendly version when <tt>url_rewrite</tt>
is
+ enabled.</li>
+</ul>
+
+<h3>New Features and Improvements</h3>
+
+<ul>
+<li>Includes <a href="http://www.fckeditor.net/">FCKeditor</a> 2.6.3</li>
+<li>In multi-language setups, blocks can now also be multi-lingual.</li>
+<li>New "Subscribe to ..." feed story option when there is a separate feed
for
+ a story's topic.</li>
+<li>New option "All Frontpage Stories" for article feeds (skip stories
that have
+ the "Show only in topic" option set).</li>
+<li>Allow to unset Configuration options again after they have
been "restored",
+ e.g. after accidental activation.</li>
+<li>Configuration options can now be overwritten in
<tt>siteconfig.php</tt>.
+ This is mostly useful for the <code>$_CONF['rootdebug']</code>
option.</li>
+<li>Remotely authenticated users can now use the webservices (they need to
use
+ <tt>username @ servicename</tt> for their username).<br>
+ <strong>Note:</strong> OpenID users can <em>not</em> use the
webservices,
+ due to technical issues with the authentication method.</li>
+<li>Improved compatibility of the webservices (i.e. AtomPub).</li>
+</ul>
+
+<h3>Theme Changes</h3>
+
+<p>There was one mandatory theme change: The template file for
configuration
+ items, <tt>admin/config/config_element.thtml</tt> has to be updated
(copy
+ from the Professional theme). All other theme changes in this release
are
+ optional - see the <a href="theme.html#changes">theme documentation</a>
for
+ details.</p>
+
+
+<h2><a name="changes150">Geeklog 1.5.0</a></h2>
+
+<h3>Results from the Summer of Code</h3>
+
+<p>This release incorporates the following projects implemented during the
+the 2007 Google Summer of Code:</p>
+
+<ul>
+<li>New user-friendly install script by Matt West</li>
+<li>New Configuration GUI (replacing config.php) by Aaron Blankstein</li>
+<li>New Webservices API based on the Atom Publishing Protocol by Ramnath
R. Iyer</li>
+</ul>
+
+<h3>Other New Features and Improvements</h3>
+
+<ul>
+<li>OpenID support: You can now allow users to log into your site using an
+ OpenID, so that they don't need to create a new account with your site
but
+ still get all the benefits of a normal registered user.</li>
+<li>New LDAP remote authentication module.</li>
+<li>The Links plugin now has hierarchical (sub-)categories.</li>
+<li>Updated <a href="http://www.fckeditor.net/">FCKeditor</a> to version
2.6.</li>
+<li>Rewrite of the underlying story code. Amongst other things, this should
+ finally resolve all outstanding issues with the handling of special
+ characters, HTML entities, etc. in stories. Also introduces a new
+ <code>[raw]</code> tag as an inline complement to <code>[code]</code>
when
+ you want to post pieces of code (e.g. HTML) "as is", so that they are
not
+ interpreted.</li>
+<li>Comments can now be closed, i.e. existing comments will still be
displayed
+ but no new comment can be posted.</li>
+<li>The Polls plugin now allows for multiple questions per poll.</li>
+<li>The Static Pages plugin now supports comments.</li>
+<li>The database backup admin panel now lets you delete and download
+ backups.</li>
+<li>The default Professional theme is now HTML 4.01 Strict compliant.
Geeklog
+ now also <a href="theme.html#xhtml">supports XHTML</a> (given an XHTML
+ compliant theme).</li>
+</ul>
+
+<h3>Security</h3>
+
+<ul>
+<li>Geeklog now includes protection against <a
href="http://www.geeklog.net/article.php/csrf">cross-site request
forgery</a> attacks.</li>
+<li>Lukasz Pilorz reported <a
href="http://www.geeklog.net/article.php/kses">security issues in kses</a>,
the HTML filter we're using in Geeklog.</li>
+</ul>
+
+
+<h2><a name="changes141">Geeklog 1.4.1</a></h2>
+
+<h3>New Features</h3>
+
+<ul>
+<li>Support for Microsoft SQL Server. Starting with this release, Geeklog
can
+ now also be installed on Microsoft SQL Server, so it's no longer
restricted
+ to just MySQL. The MS SQL support was developed by Randy Kolenko.
+ Thanks, Randy!<br>
+ Please note that any third-party plugins will have to offer support for
+ MS SQL before they can be installed on Microsoft SQL Server. The
bundled
+ plugins (Calendar, Links, Polls, Spam-X, Static Pages) have already
been
+ updated accordingly.</li>
+<li><a href="calendar.html">Calendar plugin</a>. The formerly built-in
calendar
+ and events have now been moved into a separate plugin. This
complements the
+ move of the <a href="polls.html">polls</a> and <a
href="links.html">links</a> sections into plugins in Geeklog 1.4.0 and
makes Geeklog more modular as you
+ can now easily disable or replace functionality that you don't need for
+ your site.</li>
+<li><a
href="http://wiki.geeklog.net/wiki/index.php/Multi-Language_Support">Multi-language
support</a>. It is now possible to build truly multi-lingual sites
+ with Geeklog where not only the navigation but also the content of the
site
+ changes with the language.</li>
+<li>Ships with <a href="http://www.fckeditor.net/">FCKeditor</a> 2.3.1,
which once
+ again includes a file manager for uploading images.</li>
+<li>A function for mass-deletion of old or inactive users. The list
automatically
+ searches for users that have never logged in, only used the site for a
very
+ short time or have not been online since a very long time. The time
span can
+ be varied, and found users can be selectively deleted.</li>
+</ul>
+
+<h3>Security</h3>
+
+<p>In the light of the security issues discovered in Geeklog 1.4.0 and
earlier
+versions, the Geeklog source code has undergone a code review. We have
+identified and addressed several minor issues and introduced new measures
to
+enhance security in this release. As a welcome side effect, the code
reviews
+have also uncovered a few bugs and inconsistencies that we also fixed in
this
+release.</p>
+
+<h3>Spam Protection</h3>
+
+<p>With this release we are finally removing support for the <a
href="http://www.geeklog.net/article.php/mt-blacklist-discontinued">discontinued</a>
MT-Blacklist. In its place, we are now using a system called Spam Link
Verification (SLV) run by Russ Jones at <a
href="http://www.linksleeve.org/">www.linksleeve.org</a>. SLV could be
described as a community-driven, automatically updated blacklist. See the
documentation of the <a href="spamx.html" rel="nofollow">Spam-X plugin</a>
for details.</p>
+
+
+<h2><a name="changes140sr6">Geeklog 1.4.0sr6</a></h2>
+
+<p>MustLive pointed out a possible <a
href="http://en.wikipedia.org/wiki/XSS" title="Click to look up 'XSS' on
Wikipedia" style="text-decoration: none; color: black; border-bottom: 1px
dotted black;">XSS</a> in the form to email an article to a friend that
we're fixing with this release.</p>
+
+
+<h2><a name="changes140sr5-1">Geeklog 1.4.0sr5-1</a></h2>
+
+<p>This release fixes display problems in the comment preview that were
only
+introduced in Geeklog 1.4.0sr5.</p>
+
+
+<h2><a name="changes140sr5">Geeklog 1.4.0sr5</a></h2>
+
+<p>JPCERT/CC informed us about a possible <a
href="http://en.wikipedia.org/wiki/XSS" title="Click to look up 'XSS' on
Wikipedia" style="text-decoration: none; color: black; border-bottom: 1px
dotted black;">XSS</a> in the comment handling that we're fixing with this
release.</p>
+
+
+<h2><a name="changes140sr4">Geeklog 1.4.0sr4</a></h2>
+
+<p>Two exploits have been released by "rgod" for insecure Geeklog
installations and for a bug in the "mcpuk" file manager that we've been
shipping as part of FCKeditor in all previous 1.4.0 releases.</p>
+
+<ul>
+<li>Some of the files outside of the public_html directory were not
protected
+ against direct execution. If Geeklog was installed such that those
files
+ were accessible from a URL (which has always been strongly discouraged
in
+ the installation instructions) then those files could be used to load
and
+ execute malicious code from a remote server.
+ <br><br>
+ More information: <a
+ href="http://www.geeklog.net/article.php/so-called-exploit">So-called
+ Geeklog "exploit" posted</a>
+ <br><br>
+ In this release, we've added the missing execution prevention for all
files
+ outside of public_html. We would still, however, suggest that you fix
your
+ Geeklog install if the files outside of public_html are accessible
from a
+ URL (see our <a
+
href="http://www.geeklog.net/faqman/index.php?op=view&t=56">FAQ</a> for
+ details).
+</li>
+<li>The "mcpuk" file manager that we've integrated into FCKeditor allowed
the
+ upload of arbitrary PHP code (even if FCKeditor was disabled in
Geeklog's
+ config.php). Depending on your webserver's configuration, it was then
+ possible to execute that uploaded code.
+ <br><br>
+ More information: <a
href="http://www.geeklog.net/article.php/exploit-for-fckeditor-filemanager">Exploit
for FCKeditor's mcpuk file manager</a>
+ <br><br>
+ The file manager has been removed from this release. You will
therefore no
+ longer be able to upload files, e.g. images, through FCKeditor. Future
+ versions of Geeklog will ship with an updated version of FCKeditor and
its
+ included file manager.
+</li>
+</ul>
+
+<p>Note: This release also includes the <a
+href="http://www.geeklog.net/article.php/fighting-trackback-spam">updated
+lib-trackback.php</a> for better protection against Trackback spam.</p>
+
+
+<h2><a name="changes140sr3">Geeklog 1.4.0sr3</a></h2>
+
+<p>This release addresses the following security issues:</p>
+<ol>
+<li>Possible SQL injection and authentication bypass in
<tt>auth.inc.php</tt>
+ (reported by the Security Science Researchers Institute Of Iran).</li>
+<li>Possible XSS in <tt>getimage.php</tt>
+ (reported by the Security Science Researchers Institute Of Iran).</li>
+<li>Path disclosure in <tt>getimage.php</tt> and the
<tt>functions.php</tt> of
+ some themes, e.g. the Professional theme
+ (reported by the Security Science Researchers Institute Of Iran).</li>
+<li>Possible SQL injection in story submissions.</li>
+</ol>
+
+
+<h2><a name="changes140sr2">Geeklog 1.4.0sr2</a></h2>
+
+<p>This release addresses the following security issues:</p>
+<ul>
+<li>Konstantin Dyakoff found an old bug in the session handling that would
+ allow anyone to log in as any user.</li>
+<li>HTML was not stripped from the Location field in a user's profile.</li>
+</ul>
+
+
+<h2><a name="changes140sr1">Geeklog 1.4.0sr1</a></h2>
+
+<p>This release addresses the following security issues:</p>
+<ul>
+<li>James Bercegay of GulfTech Security Research reported several issues
with
+ Geeklog's cookie handling that made it vulnerable to SQL injections,
+ arbitrary file access, and even injection and execution of arbitrary
+ code.</li>
+</ul>
+
+
+<h2><a name="changes140">Geeklog 1.4.0</a></h2>
+
+<p><small>(Geeklog 1.4.0 was originally supposed to be called 1.3.12, so
any
+references you may find to a version 1.3.12 apply to version
1.4.0)</small></p>
+
+<h3>New Features</h3>
+
+<ul>
+<li>Geeklog now officially works with <code>register_globals = off</code>.
+ Please note that some plugins may still require it to be
<code>on</code>,
+ though.</li>
+<li>Added support for sending and receiving <a
+ href="http://en.wikipedia.org/wiki/Trackback">Trackback</a> and <a
+ href="http://en.wikipedia.org/wiki/Pingback">Pingback</a> comments.
Both
+ are supported for stories, but there is also a new plugin API so that
+ plugins can use this feature, too. Trackback and Pingback can be
disabled
+ in <tt>config.php</tt>.</li>
+<li>Added the ability to "ping" weblog directory services to advertise site
+ updates (preconfigured to ping <a
+ href="http://pingomatic.com">Ping-o-Matic</a>). As with Trackback and
+ Pingback, this is supported for stories, but plugins can also make use
of
+ this feature via the plugin API.</li>
+<li>New syndication framework so that Geeklog can now <strong>read and
+ write</strong> feeds in different formats (currently supported: RSS,
RDF,
+ and Atom).</li>
+<li>New administrator controlled user status. Including banning and
+ administrator activation of accounts.</li>
+<li>New Remote Authentication system to allow people with accounts on
remote
+ services such as Blogger.com or LiveJournal.com to login to your site
+ without having to directly register on your site. (Remote accounts can
be
+ banned as normal accounts).</li>
+<li>The Admin sections have been revamped to provide a more consistent
look and
+ sortable lists. "Command and Control" (<tt>moderation.php</tt>) now
also
+ comes with a new set of icons and has one icon for every Admin section.
+ Furthermore, the Admin block and Command and Control can be <a
+ href="config.html#desc_sort_admin">sorted</a> alphabetically.</li>
+<li>Ships with <a href="http://www.fckeditor.net/">FCKeditor</a> (WYSIWYG
+ editor). To <a href="config.html#desc_advanced_editor">enable</a>, set
+ <code>$_CONF['advanced_editor'] = true;</code> in your
+ <tt>config.php</tt>.</li>
+<li>The search now only displays a specified amount of results per page to
+ avoid running into timeouts when searching through large databases.<br>
+ <b>Note:</b> Plugins will have to be updated to support the "paged"
search.
+ Until then, Geeklog fakes the paged results for plugin searches, which
+ means that a plugin that hasn't been updated will still search through
the
+ entire database, but Geeklog will only display the results for the
current
+ result page.</li>
+<li>Introduced an "Article Directory", providing an overview of all past
+ articles, sorted by year and month.</li>
+<li>The default permissions for new objects (stories, topics, blocks,
etc.) can
+ now be set in config.php.</li>
+</ul>
+
+<h3>Compatibility</h3>
+
+<ul>
+<li>Due to the changes, themes will have to be updated to work with Geeklog
+ 1.4.0. See the <a href="theme.html#changes">list of theme changes</a>
for
+ details.</li>
+<li>The plugin API for comments has changed. Plugins using comments will
have
+ to be updated to work with Geeklog 1.4.0.</li>
+</ul>
+
+<h3>More Information</h3>
+
+<p>We have posted a series of stories on the Geeklog homepage that
highlight and explain some of the new features:</p>
+<ul>
+<li><a href="http://www.geeklog.net/article.php/advanced-editor">Geeklog's
Advanced Editor</a></li>
+<li><a
href="http://www.geeklog.net/article.php/remote-authentication">Remote
Authentication</a></li>
+<li><a
href="http://www.geeklog.net/article.php/trackback-pingback">Trackback and
Pingback</a></li>
+<li><a href="http://www.geeklog.net/article.php/ping">Sending a
Ping</a></li>
+<li><a href="http://www.geeklog.net/article.php/comment-plugin-api">New
Comment Plugin API</a></li>
+</ul>
+
+
+<h2><a name="changes1311sr7">Geeklog 1.3.11sr7</a></h2>
+
+<p>JPCERT/CC informed us about a possible <a
href="http://en.wikipedia.org/wiki/XSS" title="Click to look up 'XSS' on
Wikipedia" style="text-decoration: none; color: black; border-bottom: 1px
dotted black;">XSS</a> in the comment handling that we're fixing with this
release.</p>
+
+
+<h2><a name="changes1311sr6">Geeklog 1.3.11sr6</a></h2>
+
+<p>This release addresses the following security issues:</p>
+<ol>
+<li>Possible SQL injection and authentication bypass in
<tt>auth.inc.php</tt>
+ (reported by the Security Science Researchers Institute Of Iran).</li>
+<li>Possible XSS in <tt>getimage.php</tt>
+ (reported by the Security Science Researchers Institute Of Iran).</li>
+<li>Path disclosure in <tt>getimage.php</tt> and the
<tt>functions.php</tt> of
+ some themes, e.g. the Professional theme
+ (reported by the Security Science Researchers Institute Of Iran).</li>
+<li>Possible SQL injection in story submissions.</li>
+</ol>
+
+
+<h2><a name="changes1311sr5">Geeklog 1.3.11sr5</a></h2>
+
+<ul>
+<li>Konstantin Dyakoff found an old bug in the session handling that would
+ allow anyone to log in as any user.</li>
+</ul>
+
+
+<h2><a name="changes1311sr4">Geeklog 1.3.11sr4</a></h2>
+
+<p>This release addresses the following security issues:</p>
+<ul>
+<li>James Bercegay of GulfTech Security Research reported several issues
with
+ Geeklog's cookie handling that made it vulnerable to SQL injections,
+ arbitrary file access, and even injection and execution of arbitrary
+ code.</li>
+</ul>
+
+
+<h2><a name="changes1311sr3">Geeklog 1.3.11sr3</a></h2>
+
+<p>This release addresses the following security issues:</p>
+
+<ol>
+<li>Provided you knew the story id, it was possible to submit comments for
+ stories even if you did not have access to those stories
+ (reported by LWC). The same problem also existed with poll
comments.</li>
+<li>Supplying an illegal start or end date to the advanced search resulted
in a
+ warning message that disclosed the path to the Geeklog install on the
+ server (reported by r0t3d3Vil).<br>
+ It was <strong>not</strong> possible to use this for SQL
injections.</li>
+</ol>
+
+<p>Also included in this release are bugfixes, e.g. for the problems
editing
+static pages when URL rewriting was enabled, that were introduced in
+1.3.11sr2.</p>
+
+
+<h2><a name="changes1311sr2">Geeklog 1.3.11sr2</a></h2>
+
+<p>This release provides security enhancements and better spam protection
+originally developed for Geeklog 1.3.12. It also addresses a few bugs where
+the bugfix could be integrated with a reasonable amount of work (other
bugfixes
+will have to wait for the 1.3.12 release).
+
+<h3>Security and Spam protection</h3>
+<ul>
+<li>There is now a speed limit for login attempts, defaulting to three
tries
+ in a five minute period (<a
+ href="config.html#desc_login_attempts">configurable</a> in
+ <tt>config.php</tt>).</li>
+<li>Linefeeds are filtered from the To:, From:, and Subject: fields of any
+ email sent through <code>COM_mail</code>.</li>
+<li>When a new user account is created and the user submission queue is
enabled
+ in <tt>config.php</tt>, Geeklog now ensures that the new account is
properly
+ queued even in the unlikely event that the account creation fails
halfway
+ through.</li>
+<li>When a post is identified as spam, it now also triggers the speed limit
+ (ie. posters will have to wait for the speed limit to expire before
they
+ can make another submission).</li>
+<li>Spam posts now get a 403 "Forbidden" HTTP response code.</li>
+<li>Spam checks are now done for comments, story, link, and event
submissions,
+ the message sent with the "email story to a friend" option, and for the
+ contents of the user profile.</li>
+<li><a href="http://www.geeklog.net/article.php/spam-x-1.0.2"
+ rel="nofollow">Spam-X plugin 1.0.2</a> included.</li>
+</ul>
+
+<p>Please note that MT-Blacklist (used by Spam-X) has recently been <a
href="http://www.geeklog.net/article.php/mt-blacklist-discontinued">discontinued</a>.
The
+Spam-X plugin as included in this release is configured to get the last
version
+of the blacklist from geeklog.net, but there will be no more updates.</p>
+
+<h3>Bugfixes</h3>
+<ul>
+<li>Fixed an error message thrown up by PHP 5.0.5 or later when viewing the
+ article page (bug #483).</li>
+<li>Quote names in email addresses as soon as they contain any
non-alphanumeric
+ characters, apart from the blank (bug #368). This should help when
trying
+ to email users with special characters in their name.</li>
+<li>Upgraded included kses class to version 0.2.2 which fixes problems with
+ Japanese and Thai characters (bugs #94 and #119).</li>
+<li>Fixed SQL error when using the [staticpage:] autotag (bug #373).</li>
+</ul>
+<p>For a complete list of bugfixes, please see the Changelog.</p>
+
+<h3>Improvements</h3>
+<ul>
+<li>Added support for a <code>custom_usercheck</code> function (for the
+ custom registration code). See the included <tt>lib-custom.php</tt> for
+ details.</li>
+<li>Improved handling of the auto-archive option in <tt>index.php</tt>,
which
+ should slightly improve page load times.</li>
+<li>Includes several new and updated language files.</li>
+<li>Includes updated PEAR classes.</li>
+</ul>
+
+
+<h2><a name="changes1311sr1">Geeklog 1.3.11sr1</a></h2>
+<p>This release addresses the following security issue:</p>
+<ul>
+<li>Stefan Esser found an SQL injection that can, under certain
circumstances,
+be exploited to extract user data such as the user's password hash.</li>
+</ul>
+
+<h2><a name="changes1311">Geeklog 1.3.11</a></h2>
+
+<p>Geeklog 1.3.11 is a <strong>bugfix and security release</strong> over
Geeklog 1.3.10 and is meant to replace 1.3.10. The change in the version
number was necessary since one of the bugfixes involves a change in the
database.</p>
+
+<h3>Security issues</h3>
+<ol>
+<li>It was possible to submit stories anonymously even if anonymous
submissions
+ were turned off in <tt>config.php</tt> (reported by Barry Wong).<br>
+ These stories still ended up in the submission queue, though, unless
you
+ disabled it in <tt>config.php</tt>.</li>
+<li>Some of the parameters in link and event submissions weren't filtered,
+ leaving them open to potential SQL injections.</li>
+<li>The links for the What's Related block were created from the unfiltered
+ story text, opening the possibility of XSS attacks (reported by Vincent
+ Furia).</li>
+</ol>
+
+<h3>Bugfixes</h3>
+<ul>
+<li>Fixes the length of the 'sid' field in the gl_comments table. Using
story
+ IDs longer than 20 characters prevented comment posts from being
associated
+ with the story.</li>
+<li>Ensures compatibility with PHP 4.1.x (includes updated PEAR
packages).</li>
+<li>Fixes the archiving option being activated too early (bug #345).</li>
+<li>Properly deletes comments and story images when deleting entire topics
+ (bug #339).</li>
+<li>Deletes comments when deleting polls.</li>
+<li>Fixes several bugs in the calendar and improves overall handling of
both
+ the site calendar and the personal calendars (bugs #268, #336, #338,
and
+ others).</li>
+<li>Fixes "More by <i>author</i>" and "More from <i>topic</i>" links in
+ articles.</li>
+<li>Various other fixes, see <tt>docs/history</tt> for details.</li>
+</ul>
+
+<p>We strongly advise users of Geeklog 1.3.10 to upgrade to 1.3.11 ASAP.
Upgrading should be relatively painless, as there weren't any changes in
the themes, language files, or config.php over 1.3.10.</p>
+
+
+<h2><a name="changes1310">Geeklog 1.3.10</a></h2>
+
+<h3>New Default Theme</h3>
+
+<p>This release comes with a new default theme: We've chosen the
Professional
+theme, kindly provided by Victor B. Gonzalez (of <a
href="http://aeonserv.com">Aeonserv</a> fame). The theme has been modified
slightly and is now fully HTML 4.01 and CSS compliant.</p>
+
+<p>We've also decided to remove the old set of themes (Classic, Clean,
Digital Monochrome, Gameserver, Smooth Blue, XSilver, Yahoo) from the
distribution. They are now available as a separate tarball.</p>
+
+<h3>New Features</h3>
+
+<ul>
+<li><a href="spamx.html" rel="nofollow">Spam-X plugin</a> included. Tom
Willet
+ has kindly provided his spam detection plugin, which is now part of the
+ default Geeklog install.<br>
+ The plugin has been modified slightly to store the blacklists in the
+ database. Users of the previous version of the plugin will have to
import
+ their personal blacklist via the plugin's admin panel.</li>
+<li>Story Archive feature: It is now possible to move stories to
an "archive"
+ topic or have them deleted automatically at a given time.</li>
+<!-- li>PDF support: Stories can be converted into PDFs (requires
installation
+ of third-party software - see config.php for details).</li -->
+<li>Customizable menu bar: The site's menu bar can now be <a
+ href="config.html#desc_menu_elements">configured</a> in config.php,
i.e.
+ you can choose which entries should be displayed there and in which
order.
+ It's also possible to add custom entries by providing a function in
+ lib-custom.php.</li>
+<li>Clickable links in text postings: URLs in non-HTML postings are now
+ recognized by Geeklog and displayed as clickable links.</li>
+<li>Editable story IDs: The IDs of stories can now be changed (like the
IDs of
+ static pages) to provide more readable URLs (and further improve the
+ chances of being picked up by seach engines, especially when used with
+ URL rewriting).</li>
+<li>Autolinks are a new form of links that can be used in stories and
comments.
+ An autolink takes the form
+ <code>[<i>name</i>:<i>id</i> <i>link text</i>]</code> where
<i>name</i> is
+ the tag name, <i>id</i> is the ID of an object the link should be
pointing
+ to, and <i>link text</i> is used as the text of the link.<br>
+ Example: <code>[story:email-bug About the email bug]</code> would be
+ translated into <code><a
href="http://example.com/article.php/email-bug">About the email
bug</a></code><br>
+ For the built-in autotags, the <i>link text</i> is optional and Geeklog
+ will use the title of the object (story / event / static page) if it
is not
+ given.<br>
+ Predefined autotags are <code>[story:]</code> to link to stories and
+ <code>[event:]</code> to link to events. Plugins can define their own
+ autotags to provide links to objects under their control. The Static
Pages
+ plugin already provides a <code>[staticpage:]</code> autotag.</li>
+<li>Customizable welcome email: The email that is sent out to users
+ registering with your site is now fully customizable by providing the
+ text in a text file (/path/to/geeklog/data/welcome_email.txt).</li>
+<li>Timezone hack: The popular "<a
+
href="http://www.geeklog.net/forum/viewtopic.php?showtopic=40196">timezone
+ hack</a>" is now included. It lets you set the site's timezone for when
+ your server is located in another timezone.</li>
+</ul>
+
+<h3>Other Improvements</h3>
+
+<ul>
+<li>Various changes have been made to improve the overall performance.</li>
+<li>On fresh installs, there is now an option to use InnoDB tables
(instead of
+ MyISAM) if your MySQL version supports them (as of MySQL 4.0, or
3.x "Max"
+ builds). Existing databases can be converted to InnoDB by using the
script
+ <tt>admin/install/toinnodb.php</tt>.<br>
+ <strong>Warning:</strong> Using InnoDB tables makes database backups
+ somewhat more complicated. Small and medium-sized sites should work
just
+ fine with MyISAM tables, so if in doubt <em>don't</em> use InnoDB
+ tables.</li>
+<li>The calendar's week can now either start on a Sunday or a Monday.</li>
+<li>The Static Pages plugin now has an option to display a printer-friendly
+ version of a static page.</li>
+</ul>
+
+<h3>Comments</h3>
+
+<ul>
+<li>The comment code has undergone major changes to improve performance and
+ add improvements like the ability to link to individual comments,
+ paging comments, etc.</li>
+<li>Users can now report abusive comments to the site admin.</li>
+<li>The site admin can get an email notification when a new comment is
+ posted (similar to the notification emails for new stories, links,
+ events, and users).</li>
+<li>The IP addresses of comment posters are now tracked and can be looked
up
+ directly by linking to a Whois service (or you can install Tom Willet's
+ <a
href="http://sf.net/project/showfiles.php?group_id=68255&package_id=95743">NetTools</a>,
which include a Whois function).</li>
+</ul>
+
+<h3>Security-related fixes</h3>
+
+<p><strong>Note:</strong> All of the following bugs were problems with
+Geeklog's permissions system and fall into the "information leakage"
category,
+i.e. under certain circumstances, site content was visible to persons who
+shouldn't be able to see it. None of these bugs were exploitable in the
sense
+that they could be used to gain privileges or cause damage to Geeklog or
the
+environment it's running in.</p>
+
+<ul>
+<li>Group Admins were able to list the members of all groups, even if they
were
+ not members of those groups.</li>
+<li>Group Admins were given a list of all the groups in the system, even if
+ they were not members of those groups (bug #280).</li>
+<li>Story and Event Admins were always given a list of all the stories /
all
+ the events, even when they didn't have read access to them (bug
#269).</li>
+<li>It was possible to request comments from stories even if the user
didn't
+ have permission to read the story (provided you knew both the story and
+ the comment id).</li>
+<li>Event permissions in the calendar's day and week view weren't checked
+ properly, so that events may have been visible to users who shouldn't
+ have been able to see them.</li>
+<li>It was possible to add any event to the personal calender, even if you
+ didn't have permissions to see it in the site calendar (provided you
knew
+ the event id).</li>
+</ul>
+
+<h3>Other bugfixes</h3>
+
+<ul>
+<li>Previewing and saving a story submission left the submitted story in
the
+ submission queue, but did additionally save it as a new story.</li>
+<li>Deleting an event from the personal calendar didn't work (bug
#199).</li>
+<li>Old userphotos weren't removed when the new photo had a different file
+ type, e.g. when changing from a .gif to a .jpg (bug #228).</li>
+<li>Scaling images didn't work when the image exceeded the max. height but
+ not the max. width (bug #242).</li>
+<li>Keeping an unscaled image wasn't possible when using gdlib to rescale
+ images (bug #197).</li>
+<li>When using gdlib, GIF images were converted to PNG format, but Geeklog
+ was still trying to display the GIF version. Since the LZW patent has
+ now <a href="http://www.unisys.com/about__unisys/lzw">expired</a>, it
is
+ safe to use GIF images again and the PNG conversion has been
dropped.</li>
+<li>The tarball also includes updated PEAR packages which should address
the
+ email problems some users were having (bug #246).<br>
+ <strong>Note:</strong> These are the same PEAR packages that already
+ shipped with Geeklog 1.3.9sr2.</li>
+</ul>
+
+<p>Please note that there have also been <a href="theme.html#changes">theme
+changes</a>, some of which are important to make the new features work
(e.g.
+the editable story IDs and the story archive options)!</p>
+
+<p>This release contains various improvements provided by the Geeklog
community
+(see the <tt>docs/history</tt> file for proper credits). Thank you!</p>
+
+<h2><a name="changes139sr3">Geeklog 1.3.9sr3</a></h2>
+<p>This release addresses the following security issues:</p>
+
+<ol>
+<li>It was possible to submit stories anonymously even if anonymous
submissions
+ were turned off in <tt>config.php</tt> (reported by Barry Wong).<br>
+ These stories still ended up in the submission queue, though, unless
you
+ disabled it in <tt>config.php</tt>.</li>
+<li>Some of the parameters in link and event submissions weren't filtered,
+ leaving them open to potential SQL injections.</li>
+</ol>
+
+
+<h2><a name="changes139sr2">Geeklog 1.3.9sr2</a></h2>
+<p>This release addresses the following security issues:</p>
+
+<ol>
+<li>Fixed a cross site scripting vulnerability caused by using the variable
+ <code>$topic</code> in the language files (bug #293).</li>
+<li>Prevent comment posts on stories or polls were comment posting has been
+ disabled.</li>
+</ol>
+
+<h3>Other fixes</h3>
+<ul>
+<li>Fixed <tt>lib-plugins.php</tt> to work properly with PHP 5.</li>
+<li>The complete tarball also includes updated PEAR packaged that fix
+ some of the reported email problems.</li>
+</ul>
+
+
+<h2><a name="changes139sr1">Geeklog 1.3.9sr1</a></h2>
+<p>This release addresses the following security issues:</p>
+
+<ol>
+<li>It was possible to post anonymous comments, even when anonymous comment
+ posting had been switched off in config.php.<br>
+ This bug was apparently exploited by spammers to send hundreds of spam
+ posts to certain Geeklog sites.</li>
+<li>Added additional speed limit checks for comments and submissions.</li>
+<li>If none of the topics were visible for anonymous users, the site's
index
+ page may still have displayed some stories for anonymous users,
depending
+ on the stories' permissions.</li>
+<li>Users still got Daily Digest emails for topics from which they had been
+ removed (bug #178).</li>
+<li>It was possible to subscribe to the Daily Digest for all topics, even
if
+ the user did not have access to certain topics.</li>
+<li>Comments to stories were sometimes listed in a user's profile, even if
the
+ user viewing the profile didn't have permissions to access the story
the
+ comments belonged to.</li>
+</ol>
+
+<h3>Other fixes</h3>
+<ul>
+<li>Fixed an SQL error in <code>COM_showTopics</code> if users excluded
topics
+ from their preferences.</li>
+<li>Fixed sporadic "Duplicate entry '...' for key 1." messages in
error.log,
+ caused by the handling of pseudo-session ids for anonymous users.</li>
+<li>Fixed incorrect author names in Daily Digest (bug #207).</li>
+<li>The <code>plugin_profileblocksedit_<i>plugin-name</i></code> Plugin API
+ function wasn't working due to a missing piece of code in
+ usersettings.php.</li>
+<li><code>COM_extractLinks</code> will now ignore anchor tags that do not
+ contain "<code>href</code>" (bug #183).</li>
+</ul>
+
+
+<h2><a name="changes139">Geeklog 1.3.9</a></h2>
+
+<h3>New Features</h3>
+
+<ul>
+<li>Geeklog now uses PEAR::Mail to send all emails. This gives you the
option
+ to send emails via PHP's built-in mail() function (as before), via
+ sendmail or via SMTP.</li>
+<li>There is a new admin option called Content Syndication that lets you
+ create and configure (RSS) feeds. In addition to the standard feed
+ containing all the new stories, you can now create feeds per topic, for
+ upcoming events, and for links.<br>
+ This feature is extensible in that plugins can provide additional
feeds.
+ It is also possible to provide feeds in formats other than RSS 0.91 by
+ providing additional feed classes.</li>
+<li>Admins can change the block order easily from the list of blocks
now.</li>
+<li>There is an alternative interface to adding users to groups (requires
+ JavaScript).</li>
+<li>Users in the Group Admin group can now only assign other users to
groups
+ of which they themselves are a member.</li>
+<li>Image upload can now also use the GD library to scale images.</li>
+<li>Comments now use templates.</li>
+<li>To accomodate strict webhosts who don't allow file uploads to the
standard
+ image directory, you can now set a new configuration variable,
+ <code>$_CONF['path_images']</code> to point to a directory outside of
your
+ webtree where article images and user profile pictures will be
saved.</li>
+<li>Geeklog now supports URL rewriting for story URLs, i.e. you can have
URLs
+ like <tt>http://www.geeklog.net/article.php/20031229225326631</tt>
which
+ are known to be picked up by Google.</li>
+<li>Plugins can add their own section to Geeklog's What's New block.</li>
+<li>All URL fields can now hold up to 255 characters (requires theme
updates).</li>
+</ul>
+
+<p>Please see the <a href="theme.html#changes">themes documentation</a>
for a
+complete list of theme changes.</p>
+
+<p>Also included is the <a href="staticpages.html">Static Pages plugin
1.4</a>,
+which now has, among other improvements, a second option to include PHP in
+static pages without having to use the PHP <code>return</code>
statement.</p>
+
+
+<h3>Bugfixes</h3>
+
+<ul>
+<li>Words from a search query are now properly highlighted in comments.
Also
+ fixed a problem with highlighting when the search query contained '*'
+ characters.</li>
+<li>Various fixes in the search class.</li>
+<li>Fixed a bug that let users register with an empty username.</li>
+<li>When batch-importing users, those users were all subscribed to the
+ Daily Digest automatically (uses the $_CONF['emailstoriesperdefault']
+ setting instead now).</li>
+<li>Fixed option to delete comments, which previously was only available to
+ users in the Root group (e.g. Admin). Now those users that have
story.edit
+ permissions for the actual story can delete comments.</li>
+<li>Deleting a group may have left orphaned entries in the
group_assignments
+ table (this has been fixed now). When upgrading to 1.3.9, the install
+ script will remove any orphaned entries from the database.</li>
+</ul>
+
+<p>There have also been a lot of changes to improve security, especially
+against SQL injections.</p>
+
+
+<h2><a name="changes138-1sr6">Geeklog 1.3.8-1sr6</a></h2>
+<p>This release addresses the following security issues:</p>
+
+<ol>
+<li>Fixed a cross site scripting vulnerability caused by using the variable
+ <code>$topic</code> in the language files (bug #293).</li>
+<li>Prevent comment posts on stories or polls were comment posting has been
+ disabled.</li>
+</ol>
+
+
+<h2><a name="changes138-1sr5">Geeklog 1.3.8-1sr5</a></h2>
+<p>This release addresses the following security issue:</p>
+
+<ol>
+<li>It was possible to post anonymous comments, even when anonymous comment
+ posting had been switched off in config.php.<br>
+ This bug was apparently exploited by spammers to send hundreds of spam
+ posts to certain Geeklog sites.</li>
+</ol>
+
+
+<h2><a name="changes138-1sr4">Geeklog 1.3.8-1sr4</a></h2>
+<p>This release addresses the following security issues:</p>
+
+<ol>
+<li>It was possible for users in the Group Admin and User Admin groups to
+ become a member of the Root group (reported by Samuel M. Stone,
+ bug #135).</li>
+<li>Being admin for a certain area (e.g. Story Admin for stories) made it
+ possible to delete all objects in that area (e.g. stories) even if the
user
+ was not supposed to have access to them, provided the id of the object
was
+ known.</li>
+<li>It was possible to delete other people's personal events if you knew
the
+ event ID.</li>
+<li>It was possible to browse through the comments of a story even if the
user
+ did not have access to the actual story (reported by Peter
Roozemaal).</li>
+<li>Due to an XSS issue, it was possible to change someone's account
settings
+ (including the password) if you got them to click on a specially
crafted
+ link (reported by Jelmer, fix suggested by Vincent Furia).</li>
+<li>The comment display suffered from the possibility of an SQL injection
+ (reported by Jelmer).</li>
+<li>It was possible to inject Javascript code in the calendar (reported by
+ Jelmer).</li>
+<li>It was possible to execute (but not save) Javascript code in the
comment
+ preview (reported by Jelmer).</li>
+</ol>
+
+
+<h2><a name="changes138-1sr3">Geeklog 1.3.8-1sr3</a></h2>
+<p>This release addresses the following security-related issues:</p>
+
+<ol>
+<li>As "dr.wh0" pointed out, the category field for link submissions was
not
+ filtered at all. Although you probably can't cause too much harm with
+ those 32 characters, this has now been fixed.</li>
+<li>Vincent Furia found that the restrictions for the form to email users
+ could be circumvented and could even be used to spam users.
+ In addition to fixing theses issues, there is now also a speed limit
+ on that form (defaults to the speed limit for story submissions).</li>
+<li>There was a way to post comments anonymously even when posting for
+ anonymous users had been disabled.</li>
+<li>It was possible to post comments under someone else's username.</li>
+</ol>
+
+
+<h2><a name="changes138-1sr2">Geeklog 1.3.8-1sr2</a></h2>
+
+<p>Jouko Pynnonen found a way to trick the new "forgot password" feature,
introduced in 1.3.8, into letting an attacker change the password for
<em>any</em> account. This release addresses this issue - there were no
other changes.</p>
+
+<p>Obviously, we strongly recommend to upgrade as soon as possible.</p>
+
+
+<h2><a name="changes138-1sr1">Geeklog 1.3.8-1sr1</a></h2>
+
+<p>The purpose of this release is to address some of the security issues
reported in September and early October 2003. We strongly recommend
upgrading to this version.</p>
+
+<h3>Security issues</h3>
+<ol>
+<li>By including Ulf Harnhammar's <a
href="http://sourceforge.net/projects/kses/" title="kses homepage">kses</a>
HTML filter, this release addresses a variety of possible Javascript
injection and CSS defacement issues.</li>
+<li>Details of SQL errors will not be reported in the browser any more
(but only in Geeklog's error.log file). This will avoid disclosing any
sensitive information as part of the error message (which is so far the
only problem we have found with the alleged SQL injection issues that have
been reported).
+</ol>
+
+<p>Please note that at the moment we do <strong>not</strong> recommend to
use Geeklog with MySQL 4.1 (which, at the time of this writing, is in alpha
state and should not be used on production sites anyway). An upcoming
release of Geeklog will include more thorough filtering of SQL injections
attempts, thus also fixing the problems with MySQL 4.1.</p>
+
+<h3>Other fixes</h3>
+<ul>
+<li>Fixed the auto-detection of the value for the
<code>$_CONF['cookiedomain']</code> variable if the URL included a port
number (such as <tt>example.com:8080</tt>). This will fix the login
problems some users were reporting.</li>
+<li>The full 1.3.8-1sr1 tarball also includes updated French (Canada) and
Turkish language files.</li>
+</ul>
+
+
+<h2><a name="changes138-1">Geeklog 1.3.8-1</a></h2>
+
+<p>Geeklog 1.3.8-1 is a bugfix release over Geeklog 1.3.8. It contains a
+variety of (mostly minor) bugfixes. None of those fixes are
security-related.</p>
+
+<h3>Bugfixes</h3>
+
+<ul>
+<li>Fixes to the new search to restore pre-1.3.8 behavior (display search
form
+ again if no results are returned, handling of
+ <tt>$_CONF['searchloginrequired']</tt>, etc.). Also fixed the search by
+ date.</li>
+<li>Fixed problems in the install script when trying to identify the MySQL
+ version. The install script failed silently on PHP 4.0.4 and earlier
+ versions.</li>
+<li>Fixed a problem with the What's Related block on stories that contain
+ images.</li>
+<li>Skip user "Anonymous" when sending out the Daily Digest.
+<li>Prevent admin from changing a user's email address to one that's
already
+ used by another user.</li>
+<li>Update RSS feed and Older Stories block when deleting a story.</li>
+</ul>
+
+<p>The full 1.3.8-1 tarball also includes new and updated language files
+(see the Changelog for details).</p>
+
+
+<h2><a name="changes138">Geeklog 1.3.8</a></h2>
+
+<h3>New Features</h3>
+
+<p>Geeklog 1.3.8 Includes the <strong>Static Pages 1.3 plugin</strong>
which
+replaces <em>both</em> the Static Pages 1.1 and 1.2 plugins. See the <a
+href="staticpages.html">Static Pages documentation</a> for details.</p>
+
+<ul>
+ <li>The search function has been rewritten. You can now search for the
+ exact phrase, all the words, or any of the words from a query. Search
+ words are also highlighted in stories.
+ <li>New Privacy options: Users can decide whether they want to receive
+ email from other users and/or admins and whether they want to show up
in
+ the Who's Online block.
+ <li>You can now get a list of all users who are in a certain group (from
the
+ Admin's group editor).
+ <li>When scaling is configured for images in stories, you can now keep
the
+ unscaled image (has to be enabled in config.php first). In that case,
the
+ scaled-down image in the story will serve as a thumbnail and link to
the
+ unscaled image.
+ <li>You can now make one topic the default topic. The topic selection in
the
+ story submission form will then default to that topic. However, when
+ browsing by topic (index.php?topic=Geeklog etc.) new story submissions
will
+ default to the current topic.
+ <li>You can give your users the ability to change their username and
delete
+ their account. Both features have to be enabled in config.php.
+ <li>Extended Plugin API: Plugins can now display content in Geeklog's
+ center area, add their own information to the user profile, and add
+ information to the site's header (<code><head></code> section).
+ <li>There's a new API for custom registration forms (see
+ <tt>lib-custom.php</tt> for sample code).
+ <li>There have been quite a few theme changes in order to move most
larger
+ portions of hard-coded HTML to template files and to give theme
designers
+ more control over the layout. Please consult the <a
+ href="theme.html#changes138">themes documentation</a> for a list of
changes.</li>
+</ul>
+
+<h3>Bugfixes</h3>
+
+<ul>
+ <li>The "forgot password" function has been rewritten. Instead of
resetting
+ your old password and sending you a new one, you will now receive an
+ email with a unique link in it. If you follow this link, you can enter
a
+ new password directly. Otherwise, you can simply ignore the email and
your
+ old password will remain valid.
+ <li>Topic access was not always checked properly. If Story Admins report
+ getting access denied messages after upgrading to 1.3.8, check your
topic
+ permissions carefully.
+ <li>The poll editor let you enter one answer too many (i.e. when the max.
+ number of answers was set to 10 you could actually enter 11). Please
check
+ your existing polls or you may lose the last answer if you exceeded the
+ max. number of answers in a poll (adjust $_CONF['maxanswers']
accordingly,
+ if necessary).
+ <li>Geeklog should install and run again on old versions of MySQL
+ (specifically, 3.22.xx). Please note that some of these old versions
aren't
+ even supported by MySQL AB any more and MySQL installs older than
3.23.54
+ are having security issues.
+</ul>
+
+
+<h2><a name="changes137sr5">Geeklog 1.3.7sr5</a></h2>
+<p>This release addresses the following security issues:</p>
+
+<ol>
+<li>It was possible for users in the Group Admin and User Admin groups to
+ become a member of the Root group (reported by Samuel M. Stone,
+ bug #135).</li>
+<li>Being admin for a certain area (e.g. Story Admin for stories) made it
+ possible to delete all objects in that area (e.g. stories) even if the
user
+ was not supposed to have access to them, provided the id of the object
was
+ known.</li>
+<li>It was possible to delete other people's personal events if you knew
the
+ event ID.</li>
+<li>It was possible to browse through the comments of a story even if the
user
+ did not have access to the actual story (reported by Peter
Roozemaal).</li>
+<li>Due to an XSS issue, it was possible to change someone's account
settings
+ (including the password) if you got them to click on a specially
crafted
+ link (reported by Jelmer, fix suggested by Vincent Furia).</li>
+<li>The comment display suffered from the possibility of an SQL injection
+ (reported by Jelmer).</li>
+<li>It was possible to inject Javascript code in the calendar (reported by
+ Jelmer).</li>
+<li>It was possible to execute (but not save) Javascript code in the
comment
+ preview (reported by Jelmer).</li>
+</ol>
+
+
+<h2><a name="changes137sr4">Geeklog 1.3.7sr4</a></h2>
+<p>This release addresses the following security-related issues:</p>
+
+<ol>
+<li>As "dr.wh0" pointed out, the category field for link submissions was
not
+ filtered at all. Although you probably can't cause too much harm with
+ those 32 characters, this has now been fixed.</li>
+<li>Vincent Furia found that the restrictions for the form to email users
+ could be circumvented and could even be used to spam users.</li>
+<li>There was a way to post comments anonymously even when posting for
+ anonymous users had been disabled.</li>
+<li>It was possible to post comments under someone else's username.</li>
+</ol>
+
+
+<h2><a name="changes137sr3">Geeklog 1.3.7sr3</a></h2>
+
+<p>The purpose of this release is to address some of the security issues
reported in September and early October 2003. If you don't plan to upgrade
to the latest version of Geeklog (1.3.8-1sr1, at the time of this writing),
we strongly suggest you upgrade to at least 1.3.7sr3 instead.</p>
+
+<h3>Security issues</h3>
+<ol>
+<li>By including Ulf Harnhammar's <a
href="http://sourceforge.net/projects/kses/" title="kses homepage">kses</a>
HTML filter, this release addresses a variety of possible Javascript
injection and CSS defacement issues.</li>
+<li>Details of SQL errors will not be reported in the browser any more
(but only in Geeklog's error.log file). This will avoid disclosing any
sensitive information as part of the error message (which is so far the
only problem we have found with the alleged SQL injection issues that have
been reported).
+</ol>
+
+<p>Please note that at the moment we do <strong>not</strong> recommend to
use Geeklog with MySQL 4.1 (which, at the time of this writing, is in alpha
state and should not be used on production sites anyway). An upcoming
release of Geeklog will include more thorough filtering of SQL injections
attempts, thus also fixing the problems with MySQL 4.1.</p>
+
+
+<h2><a name="changes137sr2">Geeklog 1.3.7sr2</a></h2>
+
+<h3>Security issues</h3>
+
+<p>The purpose of this release is to fix the following security issues.
+All users are <em>strongly</em> encouraged to upgrade to this version
ASAP.</p>
+<ol>
+<li>It was possible to obtain valid session ids for every account on a
Geeklog
+ site, including the Admin account (reported by SCAN Associates).</li>
+<li>Using Internet Explorer, it was possible to upload an image with
embedded
+ PHP code and execute it (reported by SCAN Associates).</li>
+<li>Story permissions could override topic permissions, resulting in the
display
+ of stories to users who shouldn't have access to them (reported by
Andrew
+ Lawlor). This was already fixed with the new <tt>index.php</tt>,
released
+ 2003-05-15.</li>
+<li>Added a warning in <tt>config.php</tt> that adding any of the following
+ tags to the list of allowable HTML can make the site vulnerable to
+ scripting attacks:<br>
+ <code><img> <span> <marquee> <script>
+ <embed> <object> <iframe></code><br>
+ (pointed out by Joat Dede).</li>
+</ol>
+
+<p>This update also includes fixes for the notorious "permission denied"
+error messages that some users would get in the Admin area (e.g. when
trying
+to save a story and being "only" a user with Story Admin permissions).</p>
+
+<p>The full 1.3.7sr2 tarball also includes various new and updated language
+files (see the Changelog for details).</p>
+
+
+<h2><a name="changes137sr1">Geeklog 1.3.7sr1</a></h2>
+
+<h3>Security issues</h3>
+
+<p>The main purpose of this release is to fix the following security
issues.
+All users are strongly recommended to upgrade to this version.</p>
+<ol>
+<li>Javascript code could be injected in the homepage field of a user's
profile (reported by Jin Yean Tan).</li>
+<li>Javascript code could be injected in certain URLs to be used in a
cross-site scripting attack (reported by Jin Yean Tan).</li>
+<li>Comments could be deleted by anybody if they knew the comment id
(which is not normally visible).</li>
+<li>A StoryAdmin could manipulate stories even if s/he did not have access
to them (e.g. when s/he was not a member of a certain group). The same
applied to Admins for events, links, polls, topics, and blocks (reported by
Kobaz).</li>
+</ol>
+
+<h3>Other Bugfixes</h3>
+
+<ul>
+<li>Fixed possible causes for endless loops with the redirect in
index.php: No redirect will be done if $HTTP_SERVER_VARS['HTTP_HOST'] is
not set. Also, the comparison of the configured and actual server name is
not case-sensitive any more.</li>
+<li>Fixed image resizing when using ImageMagick.</li>
+<li>The new user notification email (introduced in Geeklog 1.3.7) was
always
+ sent out, even if 'user' was not listed in $_CONF['notification'].
+<li>The Admin menu will now be displayed for users who have Admin access
to plugins only, but not to one of the core Admin features.</li>
+<li>The default for the daily digest is now back to "off", i.e. new users
will not receive it automatically. To enable the daily digest for new users
again, set $_CONF['emailstoriesperdefault'] = 1 in config.php.</li>
+</ul>
+
+<p>Documentation and hard-coded links (version check, link to Geeklog in a
site's footer) have been updated to point to <a
href="http://www.geeklog.net/">www.geeklog.net</a>.</p>
+
+
+<h2><a name="changes137">Geeklog 1.3.7</a></h2>
+
+<h3>New Features</h3>
+
+<ul>
+ <li>A notification email can now be sent when a new story, link, or event
+ has been submitted or a new user has registered with the site (see the
+ <a href="config.html#submission">submission settings</a> for
details).<br>
+ Please note that this feature doesn't tie in with Geeklog's security
+ features - it's really more of a hack, since many people asked for this
+ functionality.</li>
+ <li>Following the "X stories in last 24 hours" link in the What's New
block
+ will now display just those new stories.</li>
+ <li>User photos are now resized, just like images in stories (if the use
+ of an image library is configured). The max. dimensions for user photos
+ can be set with a separate set of config variables in
+ <tt>config.php</tt>.</li>
+ <li>The plugin menu now lists all plugins which exist in the file system
+ but haven't been installed yet. It also provides a link to the install
+ script of those plugins for easy installation.</li>
+ <li>Several new config variables have been added to config.php
(notification,
+ showfirstasfeatured, dateonly, timeonly, skip_preview,
upcomingeventsrange,
+ emailstoryloginrequired, hideemailicon, hideprintericon,
hidenewstories,
+ hidenewcomments, hidenewlinks, max_photo_width, max_photo_height,
+ max_photo_size). Please see the <a
+ href="config.html">config documentation</a> for details.</li>
+ <li>Theme changes: Please consult the <a
href="theme.html#changes137">themes
+ documentation</a> for a list of changes.</li>
+</ul>
+
+
+<h3>Bugfixes</h3>
+
+<ul>
+ <li>Added sanity checks in the Admin story editor to prevent the loss of
all
+ stories when using an incomplete language file (or when manipulating
the
+ URL).</li>
+ <li>Fixed a nasty bug in lib-security.php that let any user with
UserAdmin
+ permissions change the Root user's password, thus effectively becoming
+ root.</li>
+ <li>Fixed problems with blocks disappearing when they were set to
+ "homeonly".</li>
+ <li>Fixed problems with multiple [code] ... [/code] sections in stories
+ and comments.</li>
+ <li>Fixed double line spacing in [code] sections and HTML-formatted
comments
+ on PHP 4.2.0 and up.</li>
+ <li>Fixed problems with slashes and HTML entities in emails sent by
+ Geeklog.</li>
+ <li>Fixes and improvements to the plugin API.</li>
+</ul>
+
+<p><strong>Contributors:</strong> Blaine Lang, Vincent Furia, and Kenn
Osborne
+have contributed to this release. Thank you!</p>
+
+<h3><a name="addindex">Speeding up Geeklog (a bit)</a></h3>
+
+<p>If you're upgrading from 1.3.6 or older versions, you may want to run
the
+script called <tt>addindex.php</tt> that you will find in the
<tt>install</tt>
+directory. This script adds index fields to some of Geeklog's database
tables
+which should improve overall access times a bit.</p>
+
+<p>This has been implemented as a separate script (and not as part of the
+upgrade process of the install script) since it may take some time to run,
+depending on how many users / stories / etc. you have in your database.
Some
+people may even run into timeouts, e.g. when their hosting service limits
the
+execution time of PHP scripts. If that happens to you - <strong>Don't
+Panic</strong>. Simply run the script again (and again and ...) until it
+reports that it didn't add any fields to any tables.</p>
+
+<p>Please note that you do <em>not</em> need to run this script if you're
doing
+a fresh install of Geeklog 1.3.7. A database created during a fresh install
+already has the new index fields.</p>
+
+
+<h2><a name="changes136">Geeklog 1.3.6</a></h2>
+
+<h3>New Features</h3>
+
+<ul>
+ <li>Images in articles can now be resized automatically during upload
+ (provided you have either ImageMagick or netpbm installed). See the
+ <a href="config.html#image">configuration description</a> for
details.</li>
+ <li>The contents of a static page entitled "Frontpage" will be displayed
+ before the first story on the front page of a Geeklog site. If the
static
+ page additionally carries the label "nonews", then it will completely
+ replace the news on the front page.</li>
+ <li>User submission queue: When activated (in <tt><a
+ href="config.html#submission">config.php</a></tt>), new users will
need to
+ be approved by an admin before they receive their password.</li>
+ <li>The submission queues can be switched off separately, either
completely
+ (in <tt><a href="config.html#submission">config.php</a></tt>) or only
for
+ certain groups of users (by using the new features story.submit,
+ links.submit, and event.submit).</li>
+ <li>When posting source code (e.g. PHP, HTML, ...), you can now use the
+ [code] ... [/code] pseudo tags to enclose those portions of your
posting
+ that should be reproduced verbatim.</li>
+ <li>The links section now uses a categorized and paged display (can be
+ <a href="config.html#links">switched off</a> separately and even back
to the
+ pre-1.3.6 style listing).</li>
+ <li>Anonymous users can now be <a href="config.html#login">blocked</a>
from
+ almost every part of the site (e.g. links section, site stats, ...), if
+ needed.</li>
+ <li>A Geeklog site can now be disabled easily (e.g. for maintenance) by
+ setting a flag in <tt><a
href="config.html#site">config.php</a></tt>.</li>
+ <li>Theme changes: Please consult the <a
href="theme.html#changes136">themes
+ documentation</a> for a list of changes.</li>
+</ul>
+
+<h3>Bugfixes</h3>
+
+<ul>
+ <li>Several fixes have been made to ensure that permissions are taken
into
+ account properly (e.g. not revealing titles of stories that the user
has no
+ access to).</li>
+ <li>Several fixes have been made to make sure that Geeklog can now be
+ properly localized (provided you have a language file that is up to
date
+ and have chosen the proper <a href="config.html#locale">locale
settings</a>
+ for your country and language).</li>
+ <li>The variable $_CONF['site_admin_url'] is now used properly so that
you
+ can rename Geeklog's <tt>admin</tt> directory if needed.</li>
+ <li>New RDF parser will now import most (if not all) RDF news feeds
+ properly</li>
+</ul>
+
+<h3>Notes</h3>
+
+<ul>
+ <li>Since there are a lot of new variables in <tt>config.php</tt>, it is
+ recommended you start with a fresh copy of that file instead of copying
+ over your old <tt>config.php</tt> from your previous installation.</li>
+ <li>Please note that currently only the English, German, Italian, Polish,
+ and Japanese language files are up to date. Using one of the other
+ language files may result in your Geeklog site not working
properly.</li>
+</ul>
+
+<p><strong>Contributors:</strong> Gene Wood, Blaine Lang, Tom Willet, and
+Roger Webster have contributed to this release. Thank you!</p>
+
+<div class="footer">
+ <a href="http://wiki.geeklog.net">The Geeklog Documentation
Project</a><br>
+ All trademarks and copyrights on this page are owned by their
respective owners. Geeklog is copyleft.
+</div>
+
+</body>
+</html>
Added: externals/geeklog-1.5.2sr2/public_html/docs/config.html
==============================================================================
--- (empty file)
+++ externals/geeklog-1.5.2sr2/public_html/docs/config.html Sun Apr 5
18:13:13 2009
@@ -0,0 +1,1544 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML
4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
+<html>
+<head>
+ <title>Geeklog Documentation - Configuration</title>
+ <link rel="stylesheet" type="text/css" href="docstyle.css" title="Dev
Stylesheet">
+</head>
+
+<body>
+<p><a href="index.html" style="background:transparent"><img
src="images/newlogo.gif" alt="Geeklog Documentation" width="243"
height="90"></a></p>
+<div class="menu"><a href="index.html">Geeklog Documentation</a> -
Configuration</div>
+
+<h1>Geeklog Configuration</h1>
+
+<h2>Configuration files</h2>
+
+<p>Previous versions of Geeklog used one huge file called
<tt>config.php</tt>
+that held all the core configuration options. As of Geeklog 1.5.0, most of
+the configuration options have been moved to the database and can now be
+reached from the <b>Configuration</b> admin panel within Geeklog.</p>
+
+<p>For technical reasons, some configuration options still have to be
+stored in files. There are two such configuration files now:
+<ul>
+<li><a href="#db-config.php">db-config.php</a></li>
+<li><a href="#siteconfig.php">siteconfig.php</a></li>
+</ul>
+<p>These files are updated
+when you install Geeklog and you will not normally have to edit them
+manually.</p>
+
+<h1>Configuration options</h1>
+
+<p>Geeklog's configuration options are grouped like this:</p>
+
+<ul>
+<li><a href="#site">Site</a></li>
+<li><a href="#stories">Stories and Trackback</a></li>
+<li><a href="#theme">Theme</a></li>
+<li><a href="#blocks">Blocks</a></li>
+<li><a href="#users">Users and Submissions</a></li>
+<li><a href="#images">Images</a></li>
+<li><a href="#languages">Languages and Locale</a></li>
+<li><a href="#misc">Miscellaneous</a></li>
+</ul>
+
+<h2><a name="site">Site</a></h2>
+
+<h3><a name="site_site">Site: Site</a></h3>
+
+<table border="1" width="100%">
+<tr><th style="width:8%">Variable</th>
+ <th style="width:29%">Default Value</th>
+ <th style="width:63%">Description</th></tr>
+<tr>
+ <td valign="top"><a name="desc_site_url">site_url</a></td>
+ <td valign="top">http://www.example.com</td>
+ <td valign="top">Base URL for your site (no trailing slash)</td></tr>
+<tr>
+ <td valign="top"><a name="desc_site_admin_url">site_admin_url</a></td>
+ <td valign="top">http://www.example.com/admin</td>
+ <td valign="top">Base URL of the admin area of your site (no trailing
slash).
+ You won't have to change this normally, but some hosting services use a
+ predefined "admin" directory for other purposes. In this case, you can
+ rename Geeklog's <tt>admin</tt> directory and adjust the URL
accordingly to
+ avoid conflicts.</td></tr>
+<tr>
+ <td valign="top"><a name="desc_site_name">site_name</a></td>
+ <td valign="top">Geeklog Site</td>
+ <td valign="top">Name of your site</td></tr>
+<tr>
+ <td valign="top"><a name="desc_site_slogan">site_slogan</a></td>
+ <td valign="top">Another Nifty Geeklog Site</td>
+ <td valign="top">Slogan for your site. This is added to the HTML title
field.</td></tr>
+<tr>
+ <td valign="top"><a
name="desc_microsummary_short">microsummary_short</a></td>
+ <td valign="top">GL:</td>
+ <td valign="top">Prefix to use for a <a
href="http://wiki.mozilla.org/Microsummaries">microsummary</a>.</td></tr>
+<tr>
+ <td valign="top"><a
name="desc_site_disabled_msg">site_disabled_msg</a></td>
+ <td valign="top">'Geeklog Site is down. Please come back soon.'</td>
+ <td valign="top">This contains the message to display when a Geeklog
site is
+ disabled. If the text begins with "http:" then visitors are redirected
to
+ that URL.<br>
+ <strong>Note:</strong> The option actually disable the site can be
found
+ in the <tt>siteconfig.php</tt> file.</td></tr>
+<tr>
+ <td valign="top"><a name="desc_copyrightyear">copyrightyear</a></td>
+ <td valign="top"><i>(disabled)</i></td>
+ <td valign="top">Set this to the year you want to appear in the
copyright notice of your
+ site's footer. If not set, Geeklog will use the current year.</td></tr>
+<tr>
+ <td valign="top"><a name="desc_url_rewrite">url_rewrite</a></td>
+ <td valign="top">false</td>
+ <td valign="top">Enable (true) or disable (false) URL rewriting.<br>
+ Also see the section on <a href="#url-rewrite">URL Rewriting</a>
below.</td></tr>
+</table>
+
+<h3><a name="site_mail">Site: Mail</a></h3>
+
+<table border="1" width="100%">
+<tr><th style="width:8%">Variable</th>
+ <th style="width:29%">Default Value</th>
+ <th style="width:63%">Description</th></tr>
+<tr>
+ <td valign="top"><a name="desc_site_mail">site_mail</a></td>
+ <td valign="top">admin****@examp*****</td>
+ <td valign="top">E-mail address for all admin mail</td></tr>
+<tr>
+ <td valign="top"><a name="desc_noreply_mail">noreply_mail</a></td>
+ <td valign="top">norep****@examp*****</td>
+ <td valign="top">This is the sender's address of emails sent by the
system when users register etc.
+ This should be either the same as $_CONF['site_mail'] or a bouncing
address
+ to prevent spammers from getting your email address by registering on
the site.
+ If this is NOT the same as above, there will be a message in sent
messages
+ that replying to those emails is recommended.</td></tr>
+<tr><td valign="top"><a name="desc_mail_settings_backend">backend</a></td>
+ <td valign="top">mail</td>
+ <td valign="top">Used to select how to send email. Can be one
of 'smtp',
+ 'sendmail', or 'mail'.</td></tr>
+<tr><td valign="top"><a
name="desc_mail_settings_sendmail_path">sendmail_path</a></td>
+ <td valign="top"><tt>/usr/bin/sendmail</tt></td>
+ <td valign="top">If you chose 'sendmail' for the backend setting, this
+ specifies the complete path to the sendmail binary.</td></tr>
+<tr><td valign="top"><a
name="desc_mail_settings_sendmail_args">sendmail_args</a></td>
+ <td valign="top"><tt>''</tt> <i>(empty)</i></td>
+ <td valign="top">If you chose 'sendmail' for the backend setting, this
+ variable can be used to pass additional parameters to the sendmail
+ binary.</td></tr>
+<tr><td valign="top"><a name="desc_mail_settings_host">host</a></td>
+ <td valign="top">smtp.example.com</td>
+ <td valign="top">If you chose 'smtp' for the backend setting, this is
the
+ SMTP server to use.</td></tr>
+<tr><td valign="top"><a name="desc_mail_settings_port">port</a></td>
+ <td valign="top">25</td>
+ <td valign="top">If you chose 'smtp' for the backend setting, this is
the
+ port number to talk to on the SMTP server.</td></tr>
+<tr><td valign="top"><a name="desc_mail_settings_auth">auth</a></td>
+ <td valign="top">0</td>
+ <td valign="top">If you chose 'smtp' for the backend setting, set this
to
+ <code>1</code> if your SMTP server requires authorization, and
+ <code>0</code> (or leave the field empty) if it doesn't.</td></tr>
+<tr><td valign="top"><a
name="desc_mail_settings_username">username</a></td>
+ <td valign="top">smtp-username</td>
+ <td valign="top">If you chose 'smtp' for the backend setting, this is
the
+ name of your SMTP account.</td></tr>
+<tr><td valign="top"><a
name="desc_mail_settings_password">password</a></td>
+ <td valign="top">smtp-password</td>
+ <td valign="top">If you chose 'smtp' for the backend setting, this is
the
+ password for your SMTP account.</td></tr>
+</table>
+
+<h3><a name="site_syndication">Site: Syndication</a></h3>
+
+<p>Geeklog can export its headlines to a news feed in various formats
(RSS, RDF, and Atom). This will let you share your news with other sites
(Hint: Create a Portal block from Geeklog's Block menu to import news feeds
from other sites).</p>
+
+<p>Starting with Geeklog 1.3.9, feeds can be created and configured from
+Geeklog's Admin menu ("Content Syndication"). The following settings will
only
+be used as the <em>default settings</em> for any new feeds that you create
from
+the admin panel.</p>
+
+<table border="1" width="100%">
+<tr><th style="width:8%">Variable</th>
+ <th style="width:29%">Default Value</th>
+ <th style="width:63%">Description</th></tr>
+<tr><td valign="top"><a name="desc_backend">backend</a></td>
+ <td valign="top">1</td>
+ <td valign="top">Create a feed file for the stories in rdf_file (0=no,
1=yes)</td></tr>
+<tr><td valign="top"><a name="desc_rdf_file">rdf_file</a></td>
+ <td valign="top">HTML path with "/backend/geeklog.rss" suffix</td>
+ <td valign="top">File system path for the feed file. This file allows
you to share your site's headlines with others</td></tr>
+<tr><td valign="top"><a name="desc_rdf_limit">rdf_limit</a></td>
+ <td valign="top">10</td>
+ <td valign="top">Limit the number of stories to export to the news
feed. If the value for this setting is a number, the feed will hold this
many stories. If the number is followed by a lower-case 'h' (e.g. 24h) it
denotes the number of hours from which to chose the stories.</td></tr>
+<tr><td valign="top"><a name="desc_rdf_storytext">rdf_storytext</a></td>
+ <td valign="top">0</td>
+ <td valign="top">If this value is 1, then the entire introtext of the
stories will be included in the news feed. Any number greater than 1 limits
the introtext to that many characters (e.g. a value of 80 would only
include the first 80 characters from the introtext in the feed). If set to
0, the introtext is not included in the feed.</td></tr>
+<tr><td valign="top"><a name="desc_rdf_language">rdf_language</a></td>
+ <td valign="top">en-gb</td>
+ <td valign="top">Value for the feed's language tag. Depending on your
site's language and operating system, this may differ from the language
setting in the locale (see above).<br><strong>Example:</strong> The PHP
locale setting for German is 'de_DE' while the correct language setting for
a German RSS feed would be 'de-DE' (note the dash instead of the
underscore).</td></tr>
+<tr><td valign="top"><a
name="desc_syndication_max_headlines">syndication_max_headlines</a></td>
+ <td valign="top">0</td>
+ <td valign="top">Upper limit for the max. number of headlines when
<em>importing</em> a feed (into a portal block). The limit can also be set
for each individual portal block in the block menu.<br>
+ When set to 0, all headlines are imported.</td></tr>
+</table>
+
+<h3><a name="site_paths">Site: Paths</a></h3>
+
+<table border="1" width="100%">
+<tr><th style="width:8%">Variable</th>
+ <th style="width:29%">Default Value</th>
+ <th style="width:63%">Description</th></tr>
+<tr><td valign="top"><a name="desc_path_html">path_html</a></td>
+ <td valign="top">/path/to/geeklog/public_html/</td>
+ <td valign="top">Path to your web tree directory for your site
(trailing slash necessary). This directory holds all the web pages used by
Geeklog.</td></tr>
+<tr><td valign="top"><a name="desc_path_log">path_log</a></td>
+ <td valign="top">/path/to/geeklog/logs/</td>
+ <td valign="top">File system path for the log files</td></tr>
+<tr><td valign="top"><a name="desc_path_language">path_language</a></td>
+ <td valign="top">/path/to/geeklog/language/</td>
+ <td valign="top">location of the Geeklog language files</td></tr>
+<tr><td valign="top"><a name="desc_backup_path">backup_path</a></td>
+ <td valign="top">/path/to/geeklog/backups/</td>
+ <td valign="top">location where mysqldump (see above) will store
database backups</td></tr>
+<tr><td valign="top"><a name="desc_path_data">path_data</a></td>
+ <td valign="top">/path/to/geeklog/data/</td>
+ <td valign="top">File system path for the data directory, used e.g.
for the user batch add feature</td></tr>
+<tr><td valign="top"><a name="desc_path_images">path_images</a></td>
+ <td valign="top">/path/to/geeklog/public_html/images/</td>
+ <td valign="top">Path where Geeklog expects to find its images,
including
+ user photos and images for stories.</td>
+</table>
+
+<h3><a name="site_pear">Site: PEAR</a></h3>
+
+<table border="1" width="100%">
+<tr><th style="width:8%">Variable</th>
+ <th style="width:29%">Default Value</th>
+ <th style="width:63%">Description</th></tr>
+<tr><td valign="top"><a name="desc_have_pear">have_pear</a></td>
+ <td valign="top"><code>false</code></td>
+ <td valign="top">Whether you have <a
href="http://pear.php.net/">PEAR</a>
+ installed on your server (<code>= true</code>) or not
+ (<code>= false</code>). When set to <code>false</code>, Geeklog
will
+ use the PEAR packages installed in <code>$_CONF['path_pear']</code>
+ (see below)</td></tr>
+<tr><td valign="top"><a name="desc_path_pear">path_pear</a></td>
+ <td valign="top"><tt>/path/to/geeklog/system/pear/</tt></td>
+ <td valign="top">When <code>$_CONF['have_pear']</code> (see above) is
set
+ to <code>false</code>, this is the path where Geeklog expects to
find
+ the <a href="http://pear.php.net/">PEAR</a> packages it requires
(e.g.
+ PEAR::Mail for sending emails).</td></tr>
+</table>
+
+<h3><a name="site_mysql">Site: MySQL</a></h3>
+
+<p>As the name implies, these options are only relevant when your site is
+running on a MySQL database. They are ignored when using MS SQL.</p>
+
+<table border="1" width="100%">
+<tr><th style="width:8%">Variable</th>
+ <th style="width:29%">Default Value</th>
+ <th style="width:63%">Description</th></tr>
+<tr><td valign="top"><a
name="desc_allow_mysqldump">allow_mysqldump</a></td>
+ <td valign="top">1</td>
+ <td valign="top">Enable or disable the backup functionality (1 = on,
+ 0 = off).</td></tr>
+<tr><td valign="top"><a
name="desc_mysqldump_path">_DB_mysqldump_path</a></td>
+ <td valign="top">/usr/bin/mysqldump</td>
+ <td valign="top">Complete path to the <a
+ href="http://www.mysql.com/doc/en/mysqldump.html">mysqldump</a>
utility
+ (part of MySQL) for making backups of your Geeklog
database.</td></tr>
+<tr><td valign="top"><a
name="desc_mysqldump_options">mysqldump_options</a></td>
+ <td valign="top">-Q</td>
+ <td valign="top">Here you can include additional options for the <a
+ href="http://www.mysql.com/doc/en/mysqldump.html">mysqldump</a>
call
+ that Geeklog uses to create a backup from your database.</td></tr>
+</table>
+
+<h3><a name="site_search">Site: Search</a></h3>
+
+<table border="1" width="100%">
+<tr><th style="width:8%">Variable</th>
+ <th style="width:29%">Default Value</th>
+ <th style="width:63%">Description</th></tr>
+<tr>
+ <td valign="top"><a
name="desc_num_search_results">num_search_results</a></td>
+ <td valign="top">10</td>
+ <td valign="top">Number of search results per page (and per
type).</td></tr>
+</table>
+
+
+<h2><a name="stories">Stories and Trackback</a></h2>
+
+<h3><a name="stories_story">Stories and Trackback: Story</a></h3>
+
+<table border="1" width="100%">
+<tr><th style="width:8%">Variable</th>
+ <th style="width:29%">Default Value</th>
+ <th style="width:63%">Description</th></tr>
+<tr>
+ <td valign="top"><a
name="desc_maximagesperarticle">maximagesperarticle</a></td>
+ <td valign="top">5</td>
+ <td valign="top">max. number of images you can have in a story</td></tr>
+<tr>
+ <td valign="top"><a name="desc_limitnews">limitnews</a></td>
+ <td valign="top">10</td>
+ <td valign="top">Number of stories to limit the index page to, this same
number will appear in the older stuff block</td></tr>
+<tr>
+ <td valign="top"><a name="desc_minnews">minnews</a></td>
+ <td valign="top">1</td>
+ <td valign="top">Minimum numbers of stories than can appear on a topic
page</td></tr>
+<tr>
+ <td valign="top"><a
name="desc_contributedbyline">contributedbyline</a></td>
+ <td valign="top">1</td>
+ <td valign="top">Show author username to public, and enable search by
username (0=no, 1=yes)</td></tr>
+<tr>
+ <td valign="top"><a name="desc_hideviewscount">hideviewscount</a></td>
+ <td valign="top">0</td>
+ <td valign="top">Whether to show (= 0) or to hide (= 1) the number of
views
+ a story has had.</td></tr>
+<tr>
+ <td valign="top"><a name="desc_hideemailicon">hideemailicon</a></td>
+ <td valign="top">0</td>
+ <td valign="top">When set to 1, this will disable the ability to send a
story by email. It
+ will also hide the email icon from stories and the "Email Article
To a
+ Friend" from the Story Options block.</td></tr>
+<tr>
+ <td valign="top"><a name="desc_hideprintericon">hideprintericon</a></td>
+ <td valign="top">0</td>
+ <td valign="top">When set to 1, this will disable display of a story in
a "printer
+ friendly" format. It will also hide the printer icon from stories
and
+ the "View Printable Version" from the Story Options
+ block.</td></tr>
+<tr>
+ <td valign="top"><a
name="desc_allow_page_breaks">allow_page_breaks</a></td>
+ <td valign="top">1</td>
+ <td valign="top">Allow usage of the <code>[page_break]</code> tag in
stories (when set to 1), so that stories can spread over multiple
pages.</td></tr>
+<tr>
+ <td valign="top"><a
name="desc_page_break_comments">page_break_comments</a></td>
+ <td valign="top">last</td>
+ <td valign="top">When the <code>[page_break]</code> tag is allowed in
stories (see above), where should the story's comments be displayed:
<code>'last'</code> = on the story's last page only, <code>'first'</code> =
on the first page only, <code>'all'</code> = on every page.</td></tr>
+<tr>
+ <td valign="top"><a
name="desc_article_image_align">article_image_align</a></td>
+ <td valign="top">right</td>
+ <td valign="top">Which side of article the topic image should be shown
(right or left)</td></tr>
+<tr>
+ <td valign="top"><a name="desc_show_topic_icon">show_topic_icon</a></td>
+ <td valign="top">1</td>
+ <td valign="top">Default setting for new stories and story submissions:
Whether to show the topic icon (1) or not (0).</td></tr>
+<tr>
+ <td valign="top"><a name="desc_draft_flag">draft_flag</a></td>
+ <td valign="top">0</td>
+ <td valign="top">Default setting for new stories created by Story
Admins: Whether the story's draft flag should be set (1) or not
(0).</td></tr>
+<tr>
+ <td valign="top"><a name="desc_frontpage">frontpage</a></td>
+ <td valign="top">0</td>
+ <td valign="top">Default setting for new stories and story submissions:
Whether the story should appear on the site's frontpage (1) or only in its
topic's page (0). Please note that for stories submitted to the archive
topic, this setting will be ignored and the story will <em>not</em> appear
on the frontpage.</td></tr>
+<tr>
+ <td valign="top"><a
name="desc_hide_no_news_msg">hide_no_news_msg</a></td>
+ <td valign="top">0</td>
+ <td valign="top">When set to 1, hide the "No News To Display" message on
the index page (e.g. when viewing a topic without any stories in
it)</td></tr>
+<tr>
+ <td valign="top"><a
name="desc_hide_main_page_navigation">hide_main_page_navigation</a></td>
+ <td valign="top">0</td>
+ <td valign="top">When set to 1, this option will hide the "Google paging"
+ navigation from index.php, i.e. from the site's frontpage and all topic
+ pages. This may come in handy for more advanced layouts but will of
course
+ prevent people from easily reaching older articles.</td></tr>
+<tr>
+ <td valign="top"><a
name="desc_onlyrootfeatures">onlyrootfeatures</a></td>
+ <td valign="top">0</td>
+ <td valign="top">This restricts the featuring of stories to root
user(s). If you have several story admins who can create content that is
not visible to other story admins,
+ and such a content is featured, another admin might think its ok to
feature his own content. To prevent
+ that two admins unknowingly take features from each other away, only a
user who can see all content (= root)
+ should be able to feature a story.</td></tr>
+<tr>
+ <td valign="top"><a name="desc_aftersave_story">aftersave_story</a></td>
+ <td valign="top">'list'</td>
+ <td valign="top">Which page to go to after a story has been saved:
+ <ul>
+ <li>'item': display the story</li>
+ <li>'list': show admin's list of stories (default)</li>
+ <li>'home': display the site's homepage</li>
+ <li>'admin': go to the "Admin Home" page, i.e. Command &
Control</li>
+ </ul></td></tr>
+</table>
+
+<h3><a name="stories_trackback">Stories and Trackback: Trackback</a></h3>
+
+<table border="1" width="100%">
+<tr><th style="width:8%">Variable</th>
+ <th style="width:29%">Default Value</th>
+ <th style="width:63%">Description</th></tr>
+<tr>
+ <td valign="top"><a
name="desc_trackback_enabled">trackback_enabled</a></td>
+ <td valign="top">true</td>
+ <td valign="top">Enable (true) or disable (true) <a
href="http://en.wikipedia.org/wiki/Trackback">trackback</a> comments. This
applies to both sending and receiving trackback comments.</td></tr>
+<tr>
+ <td valign="top"><a name="desc_trackback_code">trackback_code</a></td>
+ <td valign="top">0</td>
+ <td valign="top">Default value for new stories: Trackback enabled (0) or
disabled (-1)</td></tr>
+<tr>
+ <td valign="top"><a
name="desc_trackbackspeedlimit">trackbackspeedlimit</a></td>
+ <td valign="top">300</td>
+ <td valign="top">Number of seconds between two trackbacks / pingbacks
from the same IP address.</td></tr>
+<tr>
+ <td valign="top"><a
name="desc_check_trackback_link">check_trackback_link</a></td>
+ <td valign="top">2</td>
+ <td valign="top">This option can be used to check the validity of a
trackback.
+ You can check if the URL in the trackback actually contains a link
back to
+ your site (otherwise, it's probably spam). You can also check if the
+ trackback was sent from the proper IP address, i.e. the IP of the site
in
+ the trackback URL (again, if they don't match, it's probably spam).
Note
+ that you can <strong>add up the values</strong> below to do more than
one
+ check (but using option 1 <em>and</em> 2 doesn't make sense and will be
+ treated as if you requested option 2).<br>
+ Options are: 0 = don't perform any checks, 1 = check only for your
site's main URL (<code>$_CONF['site_url']</code>), 2 = check for the exact
URL of the entry (e.g. an article) on your site, 4 = check IP address of
the sender of the trackback against the site referred to in the trackback
URL.<br>
+ <b>Example:</b> <code>$_CONF['check_trackback_link'] = 6; // check for
the exact URL (2) and proper IP address (4)</code></td></tr>
+<tr>
+ <td valign="top"><a
name="desc_multiple_trackbacks">multiple_trackbacks</a></td>
+ <td valign="top">0</td>
+ <td valign="top">How to handle multiple trackbacks and pingbacks from
the same source: 0 = keep only the first, reject any further trackbacks /
pingbacks; 1 = overwrite, i.e. only keep the latest trackback / pingback; 2
= allow multiple trackbacks / pingbacks, i.e. list them all</td></tr>
+</table>
+
+<h3><a name="stories_pingback">Stories and Trackback: Pingback</a></h3>
+
+<table border="1" width="100%">
+<tr><th style="width:8%">Variable</th>
+ <th style="width:29%">Default Value</th>
+ <th style="width:63%">Description</th></tr>
+<tr>
+ <td valign="top"><a
name="desc_pingback_enabled">pingback_enabled</a></td>
+ <td valign="top">true</td>
+ <td valign="top">Enable (true) or disable (true) <a
href="http://en.wikipedia.org/wiki/Pingback">pingback</a> support. This
applies to both sending and receiving pingbacks.</td></tr>
+<tr>
+ <td valign="top"><a
name="desc_pingback_excerpt">pingback_excerpt</a></td>
+ <td valign="top">true</td>
+ <td valign="top">Unlike Trackbacks, Pingback don't include an excerpt of
the
+ text from the site linking to us. When this option is enabled, Geeklog
will
+ try and create an excerpt by searching the backlink on the site that
sent
+ the Pingback, extract a piece of the text near the link, and use that
as
+ the excerpt for the Pingback.</td></tr>
+<tr>
+ <td valign="top"><a name="desc_pingback_self">pingback_self</a></td>
+ <td valign="top">0</td>
+ <td valign="top">Pingbacks are sent out automatically to <em>all</em> the
+ URLs linked from a story - which includes stories on your own site that
+ you may have linked in the article. This option lets you specify how
these
+ "self pingbacks" are to be handled: 0 = skip them, i.e. don't send
pingbacks
+ to stories on your own site; 1 = allow them, but obey the speed limit;
+ 2 = allow them and ignore the speed limit.<br>
+ If your article contains more than one link to other stories on your
site,
+ then option 1 is probably of limited use, as it would only pingback the
+ first linked story and run into the speed limit for the
others.</td></tr>
+<tr>
+ <td valign="top"><a name="desc_ping_enabled">ping_enabled</a></td>
+ <td valign="top">true</td>
+ <td valign="top">Enable (true) or disable (true) the ability to ping
weblog directory services like <a
href="http://technorati.com/">Technorati</a>.</td></tr>
+</table>
+
+
+<h2><a name="theme">Theme</a></h2>
+
+<h3><a name="theme_theme">Theme: Theme</a></h3>
+
+<table border="1" width="100%">
+<tr><th style="width:8%">Variable</th>
+ <th style="width:29%">Default Value</th>
+ <th style="width:63%">Description</th></tr>
+<tr>
+ <td valign="top"><a name="desc_theme">theme</a></td>
+ <td valign="top">professional</td>
+ <td valign="top">Default theme to use on the site</td></tr>
+<tr>
+ <td valign="top"><a name="desc_menu_elements">menu_elements</a></td>
+ <td valign="top"><code>array('contribute', 'calendar', 'search', 'stats',
+ 'directory', 'plugins')</code></td>
+ <td valign="top">Specifies which entries are displayed in the site's
menu bar
+ (if your theme uses the <code>{menu_elements}</code> variable to
display
+ the menu bar). Can be any combination of <tt>'home'</tt>,
+ <tt>'contribute'</tt>, <tt>'calendar'</tt>, <tt>'search'</tt>,
+ <tt>'directory'</tt>, <tt>'prefs'</tt>, <tt>'plugins'</tt>,
+ and <tt>'custom'</tt> where <tt>'plugins'</tt> is the same as the
+ <code>{plg_menu_elements}</code> variable, i.e. a list of the menu
entries
+ provided by plugins, and <tt>'custom'</tt> displays the entries
returned by
+ a custom function <code>CUSTOM_menuEntries</code> (see
+ <tt>lib-custom.php</tt> for details).</td></tr>
+<tr>
+ <td valign="top"><a name="desc_path_themes">path_themes</a></td>
+ <td valign="top">/path/to/geeklog/public_html/layout/</td>
+ <td valign="top">Directory where all themes reside</td></tr>
+</table>
+
+<h3><a name="theme_advanced">Theme: Advanced Settings</a></h3>
+
+<table border="1" width="100%">
+<tr><th style="width:8%">Variable</th>
+ <th style="width:29%">Default Value</th>
+ <th style="width:63%">Description</th></tr>
+<tr>
+ <td valign="top"><a
name="desc_show_right_blocks">show_right_blocks</a></td>
+ <td valign="top">false</td>
+ <td valign="top">If set to <tt>true</tt>, the right-side column of blocks
+ will be displayed on <em>all</em> pages (instead of only on the index
+ page).</td></tr>
+<tr>
+ <td valign="top"><a
name="desc_showfirstasfeatured">showfirstasfeatured</a></td>
+ <td valign="top">0</td>
+ <td valign="top">When set to 1, this will render the first story on
<em>any</em> page
+ using the templates for a featured story, even if that story is not
+ featured. This will even be applied to the first story on page 2 of a
+ topic page, for example.</td></tr>
+</table>
+
+
+<h2><a name="blocks">Blocks</a></h2>
+
+<h3><a name="blocks_admin">Blocks: Admin Block</a></h3>
+
+<table border="1" width="100%">
+<tr><th style="width:8%">Variable</th>
+ <th style="width:29%">Default Value</th>
+ <th style="width:63%">Description</th></tr>
+<tr>
+ <td valign="top"><a name="desc_sort_admin">sort_admin</a></td>
+ <td valign="top">false</td>
+ <td valign="top">If set to <tt>true</tt> will sort the entries in the
Admin's
+ block and the icons on the Submissions page (<tt>moderation.php</tt>)
+ alphabetically.</td></tr>
+<tr>
+ <td valign="top"><a
name="desc_link_documentation">link_documentation</a></td>
+ <td valign="top">1</td>
+ <td valign="top">Add a link to Geeklog's documentation to the Admin
block.
+ Set this to 0 if you don't want that link to show up.</td></tr>
+<tr>
+ <td valign="top"><a
name="desc_link_versionchecker">link_versionchecker</a></td>
+ <td valign="top">1</td>
+ <td valign="top">Add a link "GL Version Test" to the Admin block so that
you
+ can easily check if your Geeklog version is up to date. Set this to 0
if
+ you don't want that link to show up.<br>
+ <strong>Note:</strong> The link is only displayed to members of the
Root
+ group anyway.</td></tr>
+</table>
+
+<h3><a name="blocks_topics">Blocks: Topics Block</a></h3>
+
+<table border="1" width="100%">
+<tr><th style="width:8%">Variable</th>
+ <th style="width:29%">Default Value</th>
+ <th style="width:63%">Description</th></tr>
+<tr>
+ <td valign="top"><a name="desc_sortmethod">sortmethod</a></td>
+ <td valign="top">sortnum</td>
+ <td valign="top">alpha = Sort topics in topic list
alphabetically<br>sortnum = Sort topics in topic list by sort
number</td></tr>
+<tr>
+ <td valign="top"><a name="desc_showstorycount">showstorycount</a></td>
+ <td valign="top">1</td>
+ <td valign="top">Show the number of stories in a topic in the Sections
block (0=no, 1=yes)</td></tr>
+<tr>
+ <td valign="top"><a
name="desc_showsubmissioncount">showsubmissioncount</a></td>
+ <td valign="top">1</td>
+ <td valign="top">Show the number of story submissions for a topic in the
Sections block (0=no, 1=yes)</td></tr>
+<tr>
+ <td valign="top"><a name="desc_hide_home_link">hide_home_link</a></td>
+ <td valign="top">0</td>
+ <td valign="top">Hide the "Home" link from the Sections block (0=no,
1=yes)</td></tr>
+</table>
+
+<h3><a name="blocks_who">Blocks: Who's Online Block</a></h3>
+
+<table border="1" width="100%">
+<tr><th style="width:8%">Variable</th>
+ <th style="width:29%">Default Value</th>
+ <th style="width:63%">Description</th></tr>
+<tr>
+ <td valign="top"><a
name="desc_whosonline_threshold">whosonline_threshold</a></td>
+ <td valign="top">300</td>
+ <td valign="top">How long, in seconds, users can be idle before removing
them from the whosonline block</td></tr>
+<tr>
+ <td valign="top"><a
name="desc_whosonline_anonymous">whosonline_anonymous</a></td>
+ <td valign="top">0</td>
+ <td valign="top">If enabled (i.e. set to 1), anonymous users will only
see the number of registered users currently online in the Who's Online
block but not their names. Only logged-in users will see the names of other
users that are currently online.</td></tr>
+</table>
+
+<h3><a name="blocks_what">Blocks: What's New Block</a></h3>
+
+<table border="1" width="100%">
+<tr><th style="width:8%">Variable</th>
+ <th style="width:29%">Default Value</th>
+ <th style="width:63%">Description</th></tr>
+<tr>
+ <td valign="top"><a
name="desc_newstoriesinterval">newstoriesinterval</a></td>
+ <td valign="top">86400</td>
+ <td valign="top">Stories are "new" if they are this many seconds
old.</td></tr>
+<tr>
+ <td valign="top"><a
name="desc_newcommentsinterval">newcommentsinterval</a></td>
+ <td valign="top">172800</td>
+ <td valign="top">Comments are "new" if they are this many seconds
old.</td></tr>
+<tr>
+ <td valign="top"><a
name="desc_newtrackbackinterval">newtrackbackinterval</a></td>
+ <td valign="top">172800</td>
+ <td valign="top">Trackback comments are "new" if they are this many
seconds old.</td></tr>
+<tr>
+ <td valign="top"><a name="desc_hidenewstories">hidenewstories</a></td>
+ <td valign="top">0</td>
+ <td valign="top">Set to 1 to hide new stories from the What's New
block.</td></tr>
+<tr>
+ <td valign="top"><a name="desc_hidenewcomments">hidenewcomments</a></td>
+ <td valign="top">0</td>
+ <td valign="top">Set to 1 to hide new comments from the What's New
block.</td></tr>
+<tr>
+ <td valign="top"><a
name="desc_hidenewtrackbacks">hidenewtrackbacks</a></td>
+ <td valign="top">0</td>
+ <td valign="top">Set to 1 to hide new trackback comments from the What's
New block.</td></tr>
+<tr>
+ <td valign="top"><a name="desc_hidenewplugins">hidenewplugins</a></td>
+ <td valign="top">0</td>
+ <td valign="top">Set to 1 to hide new entries by plugins from the What's
New
+ block.</td></tr>
+<tr>
+ <td valign="top"><a
name="desc_title_trim_length">title_trim_length</a></td>
+ <td valign="top">20</td>
+ <td valign="top">Max. length of the title of items listed in the What's
New
+ block.</td></tr>
+</table>
+
+
+<h2><a name="users">Users and Submissions</a></h2>
+
+<h3><a name="users_users">Users and Submissions: Users</a></h3>
+
+<table border="1" width="100%">
+<tr><th style="width:8%">Variable</th>
+ <th style="width:29%">Default Value</th>
+ <th style="width:63%">Description</th></tr>
+<tr>
+ <td valign="top"><a
name="desc_disable_new_user_registration">disable_new_user_registration</a></td>
+ <td valign="top">false</td>
+ <td valign="top">When set to <tt>true</tt> completely disables all
options
+ to sign up as a new user.</td></tr>
+<tr>
+ <td valign="top"><a
name="desc_allow_user_themes">allow_user_themes</a></td>
+ <td valign="top">Can be 1 or 0</td>
+ <td valign="top">If set to 1, users can set their own theme that the
site uses</td></tr>
+<tr>
+ <td valign="top"><a
name="desc_allow_user_language">allow_user_language</a></td>
+ <td valign="top">Can be 1 or 0</td>
+ <td valign="top">If set to 1, users can select the language for the site
navigation</td></tr>
+<tr>
+ <td valign="top"><a
name="desc_allow_user_photo">allow_user_photo</a></td>
+ <td valign="top">Can be 1 or 0</td>
+ <td valign="top">If set to 1, users can upload a photo to their
profile</td></tr>
+<tr>
+ <td valign="top"><a
name="desc_allow_username_change">allow_username_change</a></td>
+ <td valign="top">0</td>
+ <td valign="top">If set to 1, users will be allowed to change their
username
+ (login name). Stories and comments posted under the old username will
+ automatically show the new username.</td></tr>
+<tr>
+ <td valign="top"><a
name="desc_allow_account_delete">allow_account_delete</a></td>
+ <td valign="top">0</td>
+ <td valign="top">If set to 1, users will be allowed to delete their
accounts. Stories and comments posted under that account will be kept and
show up as being posted by "Anonymous".</td></tr>
+<tr>
+ <td valign="top"><a
name="desc_hide_author_exclusion">hide_author_exclusion</a></td>
+ <td valign="top">Can be 1 or 0</td>
+ <td valign="top">If set to 1, the option to to exclude certain authors
from being seen is hidden from the user's preferences.</td></tr>
+<tr>
+ <td valign="top"><a name="desc_show_fullname">show_fullname</a></td>
+ <td valign="top">0</td>
+ <td valign="top">Whether to display a user's full name (= 1) or only
their
+ username (= 0). For users that haven't entered their full name, Geeklog
+ will always display the username.</td></tr>
+<tr>
+ <td valign="top"><a
name="desc_show_servicename">show_servicename</a></td>
+ <td valign="top">true</td>
+ <td valign="top">If you allow users to log in with accounts on remote
services
+ (like LDAP or LiveJournal), this option will at the service's name to
+ the username to avoid confusion with local users of the same name. Set
to
+ <tt>false</tt> to disable.</td></tr>
+<tr>
+ <td valign="top"><a
name="desc_custom_registration">custom_registration</a></td>
+ <td valign="top"><code>false</code></td>
+ <td valign="top">When set to <code>true</code>, Geeklog will let you use
+ your own signup form for new user registrations. Please see the file
+ <tt>lib-custom.php</tt> that ships with Geeklog for an
example.</td></tr>
+<tr>
+ <td valign="top"><a name="desc_login_method_standard">standard</a></td>
+ <td valign="top"><code>true</code></td>
+ <td valign="top">Whether to allow normal logins into the site, i.e. with
+ a user account that only exists in your site's database.</td></tr>
+<tr>
+ <td valign="top"><a name="desc_login_method_openid">openid</a></td>
+ <td valign="top"><code>false</code></td>
+ <td valign="top">Whether to allow logins using <a
href="http://openid.net/">OpenID</a>. This will display a special OpenID
login below the normal login field.<br>
+ <strong>Note:</strong> Currently only OpenID 1.1 is
supported.</td></tr>
+<tr>
+ <td valign="top"><a name="desc_login_method_3rdparty">3rdparty</a></td>
+ <td valign="top"><code>false</code></td>
+ <td valign="top">Allow (when set to <tt>true</tt>) users who already have
+ an account with some other service to log into your Geeklog site with
the
+ login for that service. Currently supported: LDAP and LiveJournal.<br>
+ Please note that to enable login for a specific service, you need an
+ authorization class in <tt>system/classes/authentication</tt>. If you
only
+ want to allow LDAP but not LiveJournal users (or vice versa), simply
+ remove the class file for the unwanted service(s).<br>
+ See <a
href="http://www.geeklog.net/article.php/remote-authentication">Remote
Authentication in Geeklog</a> for more information.</td></tr>
+<tr>
+ <td valign="top"><a name="desc_aftersave_user">aftersave_user</a></td>
+ <td valign="top"><code>'item'</code></td>
+ <td valign="top">Which page to go to after a user has been saved:
+ <ul>
+ <li>'item': display the user's profile</li>
+ <li>'list': show admin's list of users (default)</li>
+ <li>'home': display the site's homepage</li>
+ <li>'admin': go to the "Admin Home" page, i.e. Command &
Control</li>
+ </ul></td></tr>
+</table>
+
+<h3><a name="users_spamx">Users and Submissions: Spam-X</a></h3>
+
+<table border="1" width="100%">
+<tr><th style="width:8%">Variable</th>
+ <th style="width:29%">Default Value</th>
+ <th style="width:63%">Description</th></tr>
+<tr>
+ <td valign="top"><a name="desc_spamx">spamx</a></td>
+ <td valign="top">128</td>
+ <td valign="top">Tells Geeklog's <a href="spamx.html"
rel="nofollow">Spam-X</a> plugin what to do when a spam post has been
detected. The value is the sum
+ of all values that uniquely identify the Spam-X modules that should be
+ executed. E.g. the "delete" action module uses 128, the "email admin"
+ module uses 8, so if both modules should be executed, this option
should
+ be set to 128 + 8 = 136.</td></tr>
+</table>
+
+<h3><a name="users_login">Users and Submissions: Login Settings</a></h3>
+
+<table border="1" width="100%">
+<tr><th style="width:8%">Variable</th>
+ <th style="width:29%">Default Value</th>
+ <th style="width:63%">Description</th></tr>
+<tr>
+ <td valign="top"><a name="desc_lastlogin">lastlogin</a></td>
+ <td valign="top"><code>true</code></td>
+ <td valign="top">Whether to keep track of when a user last logged in
+ (<code>= true</code>) or not (<code>= false</code>).</td></tr>
+<tr><td valign="top"><a name="desc_loginrequired">loginrequired</a></td>
+ <td valign="top">0</td>
+ <td valign="top">Login is required to access <em>any</em> part of the
site. When
+ set to 1, this overrides the following settings. When you only want
to
+ block access to certain parts of the site, set this to 0 and select
+ from the following settings.</td></tr>
+<tr><td valign="top"><a
name="desc_submitloginrequired">submitloginrequired</a></td>
+ <td valign="top">0</td>
+ <td valign="top">When set to 1, only registered users can submit
stories
+ and items handled by plugins, e.g. links and events</td></tr>
+<tr><td valign="top"><a
name="desc_commentsloginrequired">commentsloginrequired</a></td>
+ <td valign="top">0</td>
+ <td valign="top">When set to 1, only registered users can submit
comments</td></tr>
+<tr><td valign="top"><a
name="desc_statsloginrequired">statsloginrequired</a></td>
+ <td valign="top">0</td>
+ <td valign="top">When set to 1, only registered users can access the
site stats</td></tr>
+<tr><td valign="top"><a
name="desc_searchloginrequired">searchloginrequired</a></td>
+ <td valign="top">0</td>
+ <td valign="top">When set to 1, only registered users can use the
advanced search. When
+ set to 2, the simple search is blocked for anonymous users,
too.</td></tr>
+<tr><td valign="top"><a
name="desc_profileloginrequired">profileloginrequired</a></td>
+ <td valign="top">0</td>
+ <td valign="top">When set to 1, only registered users can view another
user's profile</td></tr>
+<tr><td valign="top"><a
name="desc_emailuserloginrequired">emailuserloginrequired</a></td>
+ <td valign="top">0</td>
+ <td valign="top">When set to 1, only registered users can use the
email submission
+ form to send an email to another user</td></tr>
+<tr><td valign="top"><a
name="desc_emailstoryloginrequired">emailstoryloginrequired</a></td>
+ <td valign="top">0</td>
+ <td valign="top">When set to 1, only registered users can email
stories</td></tr>
+<tr><td valign="top"><a
name="desc_directoryloginrequired">directoryloginrequired</a></td>
+ <td valign="top">0</td>
+ <td valign="top">When set to 1, only registered users can access the
list of past articles</td></tr>
+<tr>
+ <td valign="top"><a
name="desc_passwordspeedlimit">passwordspeedlimit</a></td>
+ <td valign="top">300</td>
+ <td valign="top">Minimum delay between two requests for a new password,
in seconds.</td></tr>
+<tr>
+ <td valign="top"><a name="desc_login_attempts">login_attempts</a></td>
+ <td valign="top">3</td>
+ <td valign="top">Max. number of login attempts before the speedlimit (see
+ below) kicks in and further logins are blocked for the given amount of
+ time.</td></tr>
+<tr>
+ <td valign="top"><a
name="desc_login_speedlimit">login_speedlimit</a></td>
+ <td valign="top">300</td>
+ <td valign="top">How many seconds have to pass before another login
attempt
+ can be made after <code>$_CONF['login_attempts']</code> (see above)
login
+ attempts have failed.</td></tr>
+</table>
+
+<h3><a name="users_usersub">Users and Submissions: User Submission</a></h3>
+
+<table border="1" width="100%">
+<tr><th style="width:8%">Variable</th>
+ <th style="width:29%">Default Value</th>
+ <th style="width:63%">Description</th></tr>
+<tr>
+ <td valign="top"><a name="desc_usersubmission">usersubmission</a></td>
+ <td valign="top">0</td>
+ <td valign="top">Enable (1) or disable (0) the user submission queue
(i.e.
+ new users must be approved before they receive their
password)</td></tr>
+<tr>
+ <td valign="top"><a name="desc_allow_domains">allow_domains</a></td>
+ <td valign="top">''</td>
+ <td valign="top">When the user submission queue is enabled this can
contain a
+ comma-separated list of domain names from which user submissions will
not
+ be queued (but approved automatically). Regular expressions are also
allowed
+ and interpreted.<br><strong>Example:</strong>
+ <tt>'mycompany.com,myothercompany.com'</tt></td></tr>
+<tr>
+ <td valign="top"><a
name="desc_disallow_domains">disallow_domains</a></td>
+ <td valign="top">''</td>
+ <td valign="top">This is the opposite of
<code>$_CONF['allow_domains']</code>
+ (see above): A list of domain names that are <em>not</em> allowed in
email
+ addresses of new users. Note that this list is <em>always</em> used,
even
+ when the user submission queue has been switched off. Again, regular
+ expression can be used.<br><strong>Example</strong> disallow email
addresses
+ with a certain domain name and from any ".edu" domain:
+ <tt>'somebaddomain.com,\.edu$'</tt></td></tr>
+</table>
+
+<h3><a name="users_submission">Users and Submissions: Submission
Settings</a></h3>
+
+<table border="1" width="100%">
+<tr><th style="width:8%">Variable</th>
+ <th style="width:29%">Default Value</th>
+ <th style="width:63%">Description</th></tr>
+<tr>
+ <td valign="top"><a name="desc_storysubmission">storysubmission</a></td>
+ <td valign="top">1</td>
+ <td valign="top">Enable (1) or disable (0) the story submission
queue</td></tr>
+<tr>
+ <td valign="top"><a
name="desc_listdraftstories">listdraftstories</a></td>
+ <td valign="top">0</td>
+ <td valign="top">When set to 1, this will display an additional block on
the
+ submissions page (<tt>moderation.php</tt>) that lists all the stories
that
+ have the 'draft' flag set.</td></tr>
+<tr>
+ <td valign="top"><a name="desc_postmode">postmode</a></td>
+ <td valign="top">plaintext</td>
+ <td valign="top">Sets the default submission mode to 'html'
or 'plaintext'</td></tr>
+<tr>
+ <td valign="top"><a name="desc_speedlimit">speedlimit</a></td>
+ <td valign="top">45</td>
+ <td valign="top">Minimum delay between submissions in seconds. This
helps prevent Denial of Service (DOS) attacks</td></tr>
+<tr>
+ <td valign="top"><a name="desc_skip_preview">skip_preview</a></td>
+ <td valign="top">0</td>
+ <td valign="top">If 1, allows submission of stories and comments without
previewing (i.e. the submission form will always have a Preview
<em>and</em> a Submit button).</td></tr>
+<tr>
+ <td valign="top"><a name="desc_advanced_editor">advanced_editor</a></td>
+ <td valign="top">false</td>
+ <td valign="top">Enable (if set to <code>true</code>) a WYSIWYG editor
for
+ story and comment submissions and static pages. Geeklog ships with <a
+ href="http://www.fckeditor.net/">FCKeditor</a>.</td></tr>
+<tr>
+ <td valign="top"><a name="desc_wikitext_editor">wikitext_editor</a></td>
+ <td valign="top">false</td>
+ <td valign="top">Allow using wiki syntax in stories. This adds a third
+ option, "Wiki-style format", to the Post Mode dropdown in the story
editor
+ (implemented using the <a
href="http://pear.php.net/package/Text_Wiki">PEAR::Text_Wiki</a>
package).</td></tr>
+</table>
+
+<h3><a name="users_comments">Users and Submissions: Comments</a></h3>
+
+<table border="1" width="100%">
+<tr><th style="width:8%">Variable</th>
+ <th style="width:29%">Default Value</th>
+ <th style="width:63%">Description</th></tr>
+<tr>
+ <td valign="top"><a
name="desc_commentspeedlimit">commentspeedlimit</a></td>
+ <td valign="top">45</td>
+ <td valign="top">Number of seconds between posting a comment for the
user</td></tr>
+<tr>
+ <td valign="top"><a name="desc_comment_limit">comment_limit</a></td>
+ <td valign="top">100</td>
+ <td valign="top">Most number of comments to show at any one
time</td></tr>
+<tr>
+ <td valign="top"><a name="desc_comment_mode">comment_mode</a></td>
+ <td valign="top">threaded</td>
+ <td valign="top">How to display comments (threaded, nested, flat or
nocomments)</td></tr>
+<tr>
+ <td valign="top"><a name="desc_comment_code">comment_code</a></td>
+ <td valign="top">0</td>
+ <td valign="top">Default value for new stories: Comments enabled (0) or
disabled (-1)</td></tr>
+</table>
+
+
+<h2><a name="images">Images</a></h2>
+
+<h3><a name="images_imagelib">Images: Image Library</a></h3>
+
+<table border="1" width="100%">
+<tr><th style="width:8%">Variable</th>
+ <th style="width:29%">Default Value</th>
+ <th style="width:63%">Description</th></tr>
+<tr>
+ <td valign="top"><a name="desc_image_lib">image_lib</a></td>
+ <td valign="top">None</td>
+ <td valign="top">Set this to either 'imagemagick', 'netpbm', or 'gdlib'
if
+ images should be resized during upload. Leave as 'None' if you don't
want
+ images to be resized or if you don't have those packages
available.</td></tr>
+<tr>
+ <td valign="top"><a name="desc_path_to_mogrify">path_to_mogrify</a></td>
+ <td valign="top"><i>(disabled)</i></td>
+ <td valign="top">If you chose 'imagemagick' for
+ <code>$_CONF['image_lib']</code> above, then this should hold the
+ <strong>complete path</strong> to the mogrify executable (from the
+ ImageMagick package), e.g. '/usr/bin/mogrify'.<br>
+ You will need a fairly recent version of <a
+ href="http://www.imagemagick.org/">ImageMagick</a> for this to work
+ (version 5.4.9 or newer is recommended).</td></tr>
+<tr>
+ <td valign="top"><a name="desc_path_to_netpbm">path_to_netpbm</a></td>
+ <td valign="top"><i>(disabled)</i></td>
+ <td valign="top">If you chose 'netpbm' for
<code>$_CONF['image_lib']</code>
+ above, then this should hold the complete path to the
<em>directory</em>
+ where the binaries from the Netpbm package are kept, e.g.
+ <code>'/usr/bin/netpbm/'</code>. Note that the path must end in a
slash.<br>
+ Precompiled binaries for various platforms can be downloaded from the
<a
+ href="http://netpbm.sourceforge.net/">Netpbm homepage</a>.</td></tr>
+</table>
+
+<h3><a name="images_upload">Images: Upload</a></h3>
+
+<table border="1" width="100%">
+<tr><th style="width:8%">Variable</th>
+ <th style="width:29%">Default Value</th>
+ <th style="width:63%">Description</th></tr>
+<tr>
+ <td valign="top"><a
name="desc_keep_unscaled_image">keep_unscaled_image</a></td>
+ <td valign="top">0</td>
+ <td valign="top">Set this to 1 if you want Geeklog to keep the original,
unscaled images after upload. The smaller image will then be used as a
thumbnail and will link to the original image. Note that this may use a lot
of disk space (depending on the size of your images).</td></tr>
+<tr>
+ <td valign="top"><a
name="desc_allow_user_scaling">allow_user_scaling</a></td>
+ <td valign="top">1</td>
+ <td valign="top">When unscaled images are kept (see above), this option
lets
+ the user chose between using the scaled or unscaled image in the
story, i.e.
+ enables the <code>[unscaled<i>X</i>]</code> image tag (in addition to
the
+ <code>[image<i>X</i>]</code> tag).</td></tr>
+<tr>
+ <td valign="top"><a
name="desc_debug_image_upload">debug_image_upload</a></td>
+ <td valign="top"><code>false</code></td>
+ <td valign="top">When set to <code>true</code>, this option enables
debugging
+ output to be written into Geeklog's <tt>error.log</tt> file during the
+ upload of an image. This is useful to track down problems with the
image
+ upload.</td></tr>
+</table>
+
+<h3><a name="images_articles">Images: Images in Articles</a></h3>
+
+<table border="1" width="100%">
+<tr><th style="width:8%">Variable</th>
+ <th style="width:29%">Default Value</th>
+ <th style="width:63%">Description</th></tr>
+<tr>
+ <td valign="top"><a name="desc_max_image_width">max_image_width</a></td>
+ <td valign="top">160</td>
+ <td valign="top">Max. width of an image in pixels. If it exceeds this,
it is
+ either rejected or resized (depending on the setting of
+ <code>$_CONF['image_lib']</code> above).</td></tr>
+<tr>
+ <td valign="top"><a
name="desc_max_image_height">max_image_height</a></td>
+ <td valign="top">120</td>
+ <td valign="top">Max. height of an image in pixels. If it exceeds this,
it is
+ either rejected or resized (depending on the setting of
+ <code>$_CONF['image_lib']</code> above).</td></tr>
+<tr>
+ <td valign="top"><a name="desc_max_image_size">max_image_size</a></td>
+ <td valign="top">1048576 <i>(equals 1 MB)</i></td>
+ <td valign="top">Max. size of an image in bytes. If it exceeds this, it
is
+ is rejected (even if you're using a graphics package to resize
images).</td></tr>
+</table>
+
+<h3><a name="images_topic">Images: Topic Icons</a></h3>
+
+<table border="1" width="100%">
+<tr><th style="width:8%">Variable</th>
+ <th style="width:29%">Default Value</th>
+ <th style="width:63%">Description</th></tr>
+<tr>
+ <td valign="top"><a
name="desc_max_topicicon_width">max_topicicon_width</a></td>
+ <td valign="top">48</td>
+ <td valign="top">Max. width of a topic icon in pixels. If it exceeds
this,
+ it is either rejected or resized (depending on the setting of
+ <code>$_CONF['image_lib']</code> above).</td></tr>
+<tr>
+ <td valign="top"><a
name="desc_max_topicicon_height">max_topicicon_height</a></td>
+ <td valign="top">48</td>
+ <td valign="top">Max. height of a topic icon in pixels. If it exceeds
this,
+ it is either rejected or resized (depending on the setting of
+ <code>$_CONF['image_lib']</code> above).</td></tr>
+<tr>
+ <td valign="top"><a
name="desc_max_topicicon_size">max_topicicon_size</a></td>
+ <td valign="top">65536 <i>(equals 64 KB)</i></td>
+ <td valign="top">Max. size of a topic icon in bytes. If it exceeds this,
it
+ is rejected (even if you're using a graphics package to resize
images).</td>
+</table>
+
+<h3><a name="images_photos">Images: Photos</a></h3>
+
+<table border="1" width="100%">
+<tr><th style="width:8%">Variable</th>
+ <th style="width:29%">Default Value</th>
+ <th style="width:63%">Description</th></tr>
+<tr>
+ <td valign="top"><a name="desc_max_photo_width">max_photo_width</a></td>
+ <td valign="top">128</td>
+ <td valign="top">Max. width of a user photo in pixels. If it exceeds
this, it
+ is either rejected or resized (depending on the setting of
+ <code>$_CONF['image_lib']</code> above).</tr>
+<tr>
+ <td valign="top"><a
name="desc_max_photo_height">max_photo_height</a></td>
+ <td valign="top">128</td>
+ <td valign="top">Max. height of a user photo in pixels. If it exceeds
this,
+ it is either rejected or resized (depending on the setting of
+ <code>$_CONF['image_lib']</code> above).</td></tr>
+<tr>
+ <td valign="top"><a name="desc_max_photo_size">max_photo_size</a></td>
+ <td valign="top">65536 <i>(equals 64 KB)</i></td>
+ <td valign="top">Max. size of a user photo in bytes. If it exceeds this,
it
+ is rejected (even if you're using a graphics package to resize
images).</td></tr>
+<tr>
+ <td valign="top"><a
name="desc_force_photo_width">force_photo_width</a></td>
+ <td valign="top"><i>(disabled)</i></td>
+ <td valign="top">This option, when enabled, will only apply when
+ <em>displaying</em> a user photo. The <code><img></code> tag for
the
+ user photo will be emitted with a max. width, as specified by this
option.
+ This means that the actual photo can still be larger, but will only be
+ displayed smaller. This is useful for cases where you don't want oddly
+ shaped user photos to break your page's layout (e.g. in a
forum).</td></tr>
+<tr>
+ <td valign="top"><a name="desc_default_photo">default_photo</a></td>
+ <td valign="top"><i>(disabled)</i></td>
+ <td valign="top">When enabled, this option should point to an image
(full URL
+ required!) that should be displayed for users without a user photo.
When
+ this option is not set and a user does not have a user photo (or an
avatar)
+ then Geeklog will simply not display anything.</td></tr>
+</table>
+
+<h3><a name="images_gravatar">Images: Gravatar</a></h3>
+
+<table border="1" width="100%">
+<tr><th style="width:8%">Variable</th>
+ <th style="width:29%">Default Value</th>
+ <th style="width:63%">Description</th></tr>
+<tr>
+ <td valign="top"><a name="desc_use_gravatar">use_gravatar</a></td>
+ <td valign="top">false</td>
+ <td valign="top">If enabled (set to <tt>true</tt>), a user's avatar
image will
+ be requested from <a href="http://gravatar.com/">gravatar.com</a> if
the
+ user didn't upload a user photo (i.e. an uploaded photo always takes
+ priority).<br>
+ Please note that this option may slow down your site on pages that
display
+ a lot of userphotos for different users (e.g. forum threads).</td></tr>
+<tr>
+ <td valign="top"><a name="desc_gravatar_rating">gravatar_rating</a></td>
+ <td valign="top"><i>(disabled)</i></td>
+ <td valign="top">Avatars submitted to gravatar.com are rated with the
rating
+ system used for movies (in the U.S.), i.e. the letters G, PG, R, or X.
This
+ option will let you chose the <em>maximum</em> allowed rating for an
avatar.
+ For example, a max. rating of R will make sure that no X-rated avatars
will
+ be displayed on your site (only G, PG, and R).</td></tr>
+</table>
+
+
+<h2><a name="languages">Languages and Locale</a></h2>
+
+<h3><a name="languages_language">Languages and Locale: Language</a></h3>
+
+<table border="1" width="100%">
+<tr><th style="width:8%">Variable</th>
+ <th style="width:29%">Default Value</th>
+ <th style="width:63%">Description</th></tr>
+<tr>
+ <td valign="top"><a name="desc_language">language</a></td>
+ <td valign="top">english</td>
+ <td valign="top">Name of your language file. Additional language files
may be
+ available for download at <a
href="http://www.geeklog.net/">http://www.geeklog.net</a>.
+ If you translate a language file, please send it to us. Also see <a
+ href="#Localization">Localization</a> below.</td></tr>
+<tr>
+ <td valign="top"><a name="desc_language_files">language_files</a></td>
+ <td valign="top"><i>(disabled)</i></td>
+ <td valign="top">For multi-lingual setups only: A list mapping language
+ shortcuts ('en', 'de', etc.) to the Geeklog language files to
use.</td></tr>
+<tr>
+ <td valign="top"><a name="desc_languages">languages</a></td>
+ <td valign="top"><i>(disabled)</i></td>
+ <td valign="top">For multi-lingual setups only: A list mapping language
+ shortcuts ('en', 'de', etc.) to the language's native name ("English",
+ "Deutsch", etc.).</td></tr>
+</table>
+
+<p>Also see <a
href="http://wiki.geeklog.net/wiki/index.php/Multi-Language_Support">Multi-Language
Support</a> in the Geeklog Wiki.</p>
+
+<h3><a name="languages_locale">Languages and Locale: Locale</a></h3>
+
+<table border="1" width="100%">
+<tr><th style="width:8%">Variable</th>
+ <th style="width:29%">Default Value</th>
+ <th style="width:63%">Description</th></tr>
+<tr>
+ <td valign="top"><a name="desc_locale">locale</a></td>
+ <td valign="top">en_GB</td>
+ <td valign="top"><a
href="http://en.wikipedia.org/wiki/Locale">Locale</a> for
+ the system. This defines both the language and the country that PHP
+ will use when deciding how to display localized information such as
+ dates (e.g. for the names of months).</td></tr>
+<tr>
+ <td valign="top"><a name="desc_date">date</a></td>
+ <td valign="top">%A, %B %d %Y @ %I:%M %p %Z</td>
+ <td valign="top">Date format used for most of the site, including story
displays. See <a
+ href="#date_formats">date formats</a> below.</td></tr>
+<tr>
+ <td valign="top"><a name="desc_daytime">daytime</a></td>
+ <td valign="top">%m/%d %I:%M%p</td>
+ <td valign="top">Date format used when a shorter date is needed. See <a
+ href="#date_formats">date formats</a> below.</td></tr>
+<tr>
+ <td valign="top"><a name="desc_shortdate">shortdate</a></td>
+ <td valign="top">%x</td>
+ <td valign="top">Date format this is the shortest date. See <a
href="#date_formats">date
+ formats</a> below.</td></tr>
+<tr>
+ <td valign="top"><a name="desc_dateonly">dateonly</a></td>
+ <td valign="top">%d-%b</td>
+ <td valign="top">Short date format (day and month only), to be used e.g.
in the
+ Upcoming Events and Older Stories blocks. See <a
href="#date_formats">date
+ formats</a> below.</td></tr>
+<tr>
+ <td valign="top"><a name="desc_timeonly">timeonly</a></td>
+ <td valign="top">%I:%M %p %Z</td>
+ <td valign="top">Format string for the time only, to be used e.g. on the
Event Details
+ page. See <a href="#date_formats">date formats</a> below.</td></tr>
+<tr>
+ <td valign="top"><a name="desc_week_start">week_start</a></td>
+ <td valign="top">Sun</td>
+ <td valign="top">First day of the week in the calendar. Can be either
<tt>'Sun'</tt> (Sunday) or <tt>'Mon'</tt> (Monday).</td></tr>
+<tr>
+ <td valign="top"><a name="desc_hour_mode">hour_mode</a></td>
+ <td valign="top">12</td>
+ <td valign="top">Which format to use when submitting or editing an object
+ with a time setting (e.g. the publish time of a story). Can be 12 (for
the
+ 12 hour am/pm format) or 24 (for the 24 hour format).</td></tr>
+<tr>
+ <td valign="top"><a
name="desc_thousand_separator">thousand_separator</a></td>
+ <td valign="top"><code>,</code></td>
+ <td valign="top">Character to use between every group of
thousands.</td></tr>
+<tr>
+ <td valign="top"><a
name="desc_decimal_separator">decimal_separator</a></td>
+ <td valign="top"><code>.</code></td>
+ <td valign="top">Character to use before decimals.</td></tr>
+<tr>
+ <td valign="top"><a name="desc_decimal_count">decimal_count</a></td>
+ <td valign="top">2</td>
+ <td valign="top">How many decimal places to display.</td></tr>
+<tr>
+ <td valign="top"><a name="desc_timezone">timezone</a></td>
+ <td valign="top"><i>(disabled)</i></td>
+ <td valign="top">If your server is located in a different timezone, use
this
+ option to set your local (i.e. your own) timezone, so that the time and
+ date on the site match your own.<br>
+ This option is known as the "<a
href="http://www.geeklog.net/forum/viewtopic.php?showtopic=21232">timezone
hack</a>" and may not work on some
+ servers.</td></tr>
+</table>
+
+
+<h2><a name="misc">Miscellaneous</a></h2>
+
+<h3><a name="misc_cookies">Miscellaneous: Cookies</a></h3>
+
+<p>These variables define the names of all of Geeklog's cookies. They can
easily be changed in case there's a name collision with the cookies used by
some other software package that you may use on your site.</p>
+
+<table border="1" width="100%">
+<tr><th style="width:8%">Variable</th>
+ <th style="width:29%">Default Value</th>
+ <th style="width:63%">Description</th></tr>
+<tr>
+ <td valign="top"><a name="desc_cookie_session">cookie_session</a></td>
+ <td valign="top">gl_session</td>
+ <td valign="top">Name of the cookie that stores the session ID.</td></tr>
+<tr>
+ <td valign="top"><a name="desc_cookie_name">cookie_name</a></td>
+ <td valign="top">geeklog</td>
+ <td valign="top">Name of the permanent cookie.</td></tr>
+<tr>
+ <td valign="top"><a name="desc_cookie_password">cookie_password</a></td>
+ <td valign="top">password</td>
+ <td valign="top">Name of the password cookie.</td></tr>
+<tr>
+ <td valign="top"><a name="desc_cookie_theme">cookie_theme</a></td>
+ <td valign="top">theme</td>
+ <td valign="top">Name of the theme cookie.</td></tr>
+<tr>
+ <td valign="top"><a name="desc_cookie_language">cookie_language</a></td>
+ <td valign="top">language</td>
+ <td valign="top">Name of the language cookie.</td></tr>
+<tr>
+ <td valign="top"><a name="desc_cookie_tzid">cookie_tzid</a></td>
+ <td valign="top">timezone</td>
+ <td valign="top">Name of the timezone cookie.</td></tr>
+<tr>
+ <td valign="top"><a name="desc_cookie_ip">cookie_ip</a></td>
+ <td valign="top">0</td>
+ <td valign="top">Session ID to contain IP address of user as well as
random number. This is more secure but will more than likely require dialed
up users to login each and every time. (0=no, 1=yes)</td></tr>
+<tr>
+ <td valign="top"><a
name="desc_default_perm_cookie_timeout">default_perm_cookie_timeout</a></td>
+ <td valign="top">28800</td>
+ <td valign="top">Permanent cookie timeout in seconds (28800 = 8
hours).</td></tr>
+<tr>
+ <td valign="top"><a
name="desc_session_cookie_timeout">session_cookie_timeout</a></td>
+ <td valign="top">7200</td>
+ <td valign="top">Session cookie timeout in seconds (7200 = 2
hours).</td></tr>
+<tr>
+ <td valign="top"><a name="desc_cookie_path">cookie_path</a></td>
+ <td valign="top">/</td>
+ <td valign="top">Cookie path (see the <a
href="http://www.php.net/manual/en/function.setcookie.php">PHP manual</a>
for details).</td></tr>
+<tr>
+ <td valign="top"><a name="desc_cookiedomain">cookiedomain</a></td>
+ <td valign="top"><i>(empty)</i></td>
+ <td valign="top">The domain that the cookie is available. Geeklog will
attempt to guess the correct value for this setting (based on
the 'site_url' variable). See the <a
href="http://www.php.net/manual/en/function.setcookie.php">PHP manual</a>
for details.</td></tr>
+<tr>
+ <td valign="top"><a name="desc_cookiesecure">cookiesecure</a></td>
+ <td valign="top">0</td>
+ <td valign="top">Only set to 1 if your site uses HTTPS (see the <a
href="http://www.php.net/manual/en/function.setcookie.php">PHP manual</a>
for details).</td></tr>
+</table>
+
+<h3><a name="misc_misc">Miscellaneous: Miscellaneous</a></h3>
+
+<table border="1" width="100%">
+<tr><th style="width:8%">Variable</th>
+ <th style="width:29%">Default Value</th>
+ <th style="width:63%">Description</th></tr>
+<tr>
+ <td valign="top"><a name="desc_pdf_enabled">pdf_enabled</a></td>
+ <td valign="top">0</td>
+ <td valign="top">PDF conversion of stories has not been fully implemented
+ yet. Leave this option switched off to prevent unfinished options from
+ showing up on your site.</td></tr>
+<tr>
+ <td valign="top"><a name="desc_notification">notification</a></td>
+ <td valign="top">array()</td>
+ <td valign="top">Send an email notification to
<tt>$_CONF['site_email']</tt>
+ when a new story, comment, trackback or pingback has been submitted
+ or a new user has registered with the site. The <tt>array()</tt> can
hold
+ any combination of the strings <tt>'story'</tt>, <tt>'comment'</tt>,
+ <tt>'trackback'</tt>, <tt>'pingback'</tt>, and <tt>'user'</tt>
(separated
+ by commas), depending on which notification(s) you want.<br>
+ <strong>Example:</strong> <code>array('story','user');</code> would
+ send notifications when a new story has been submitted or a new user
has
+ registered. No notifications would be sent, for example, for new
+ comments.</td>
+<tr>
+ <td valign="top"><a
name="desc_cron_schedule_interval">cron_schedule_interval</a></td>
+ <td valign="top">86400</td>
+ <td valign="top">Geeklog can emulate a <a
href="http://en.wikipedia.org/wiki/Cronjob">cronjob</a>, i.e. trigger a
certain action at a given time. The code
+ to be executed can be provided by a plugin or through the
+ <code>CUSTOM_runScheduledTask</code> function in your
+ <tt>lib-custom.php</tt>. The value given is in seconds and specifies
the
+ interval in which the code should be executed.<br>
+ Please note that to trigger this action, you will need to have someone
+ visit your site at around the specified time. On a site with few
visitors,
+ the code may only be executed with considerable delay.<br>
+ Set to 0 to disable.</td></tr>
+<tr>
+ <td valign="top"><a
name="desc_disable_autolinks">disable_autolinks</a></td>
+ <td valign="top">0</td>
+ <td valign="top">If set to 1, disables the autolinks. I.e. links using
the
+ [story:] etc. syntax are not interpreted any more.</td></tr>
+</table>
+
+<h3><a name="misc_debug">Miscellaneous: Debug</a></h3>
+
+<table border="1" width="100%">
+<tr><th style="width:8%">Variable</th>
+ <th style="width:29%">Default Value</th>
+ <th style="width:63%">Description</th></tr>
+<tr>
+ <td valign="top"><a name="desc_rootdebug">rootdebug</a></td>
+ <td valign="top"><code>false</code></td>
+ <td valign="top">When a PHP error occurs, Geeklog's error handler will
only
+ display the actual error message to members of the Root group (to
prevent
+ leakage of possibly sensitive information). When set to
<code>true</code>,
+ this information will be displayed to <em>all</em> users. <strong>Use
only
+ for debugging purposes!</strong></td></tr>
+</table>
+
+<h3><a name="misc_digest">Miscellaneous: Daily Digest</a></h3>
+
+<table border="1" width="100%">
+<tr><th style="width:8%">Variable</th>
+ <th style="width:29%">Default Value</th>
+ <th style="width:63%">Description</th></tr>
+<tr>
+ <td valign="top"><a name="desc_emailstories">emailstories</a></td>
+ <td valign="top">0</td>
+ <td valign="top">Let users get stories e-mailed to them (0=no, 1=yes),
aka Daily Digest.
+ Please note that this requires cron and the use of PHP as a shell
script.</td></tr>
+<tr>
+ <td valign="top"><a
name="desc_emailstorieslength">emailstorieslength</a></td>
+ <td valign="top">1</td>
+ <td valign="top">When emailstories (above) is enabled, send only the
title and the
+ link to the new stories (0), or send the entire introtext (1) or send
+ the first <i>n</i> characters from the introtext (where <i>n</i> = any
other number)</td></tr>
+<tr>
+ <td valign="top"><a
name="desc_emailstoriesperdefault">emailstoriesperdefault</a></td>
+ <td valign="top">0</td>
+ <td valign="top">When set to 1, new users will be subscribed to the
daily digest
+ automatically when they register with the site.</td></tr>
+</table>
+
+<h3><a name="misc_html">Miscellaneous: HTML Filtering</a></h3>
+
+<table border="1" width="100%">
+<tr><th style="width:8%">Variable</th>
+ <th style="width:29%">Default Value</th>
+ <th style="width:63%">Description</th></tr>
+<tr>
+ <td valign="top"><a name="desc_user_html">user_html</a></td>
+ <td valign="top"><p>, <b>, <i>, <a>, <em>,
<br>, <tt>, <hr>, <ol>, <ul>, <li>,
<code>, <pre></td>
+ <td valign="top">HTML tags and attributes that normal users are allowed
to
+ use in story submissions and comments.</td></tr>
+<tr>
+ <td valign="top"><a name="desc_admin_html">admin_html</a></td>
+ <td valign="top">additional HTML tags, e.g. for tables</td>
+ <td valign="top">HTML tags and attributes that admin users are allowed to
+ use (in addition to those from user_html). Redefining a tag with
+ additional attributes will overwrite the definition from
user_html.</td></tr>
+<tr>
+ <td valign="top"><a
name="desc_skip_html_filter_for_root">skip_html_filter_for_root</a></td>
+ <td valign="top">0</td>
+ <td valign="top">When set to 1, this will allow members of the Root group
+ to use <em>all</em> HTML in their posts. <strong>Use at your own
risk!</strong></td></tr>
+<tr>
+ <td valign="top"><a
name="desc_allowed_protocols">allowed_protocols</a></td>
+ <td valign="top">array ('http', 'https', 'ftp');</td>
+ <td valign="top">Defines which protocols are allowed in links (i.e. HTML
+ <code><a></code> tags).</td></tr>
+</table>
+
+<h3><a name="misc_censoring">Miscellaneous: Censoring</a></h3>
+
+<table border="1" width="100%">
+<tr><th style="width:8%">Variable</th>
+ <th style="width:29%">Default Value</th>
+ <th style="width:63%">Description</th></tr>
+<tr>
+ <td valign="top"><a name="desc_censormode">censormode</a></td>
+ <td valign="top">1</td>
+ <td valign="top">Censor submissions and comments (0 = Disabled, 1 =
Enabled, exact matches, 2 = Enabled, match start of word, 3 = Enabled,
match fragment)</td></tr>
+<tr>
+ <td valign="top"><a name="desc_censorreplace">censorreplace</a></td>
+ <td valign="top">*censored*</td>
+ <td valign="top">Text to replace a censored word with</td></tr>
+<tr>
+ <td valign="top"><a name="desc_censorlist">censorlist</a></td>
+ <td valign="top">array(<i>a list of "bad" words goes here ...</i>)</td>
+ <td valign="top">An array of censored words</td></tr>
+</table>
+
+<h3><a name="misc_ip_lookup">Miscellaneous: IP Lookup</a></h3>
+
+<table border="1" width="100%">
+<tr><th style="width:8%">Variable</th>
+ <th style="width:29%">Default Value</th>
+ <th style="width:63%">Description</th></tr>
+<tr>
+ <td valign="top"><a name="desc_ip_lookup">ip_lookup</a></td>
+ <td valign="top"><i>not set</i></td>
+ <td valign="top">The IP addresses of comment posters are logged and
displayed for admin users. When this variable is set to point to a service
that can do IP address lookups, it's possible to lookup the owner of an IP
address by clicking on it, making it easier to report abuse to ISPs,
etc.<br>
+<code>$_CONF['ip_lookup']</code> should hold the complete URL to the
lookup service, with a '<code>*</code>' marking the place where the IP
address should go. It's also possible to use Tom Willet's <a
href="http://sourceforge.net/project/showfiles.php?group_id=68255&package_id=95743">NetTools</a>
package, in which case the correct setting would be
<code>$_CONF['ip_lookup'] =
$_CONF['site_url'] . '/nettools/whois.php?domain=*';</code></td></tr>
+</table>
+
+<h3><a name="misc_ip_webservices">Miscellaneous: Webservices</a></h3>
+
+<table border="1" width="100%">
+<tr><th style="width:8%">Variable</th>
+ <th style="width:29%">Default Value</th>
+ <th style="width:63%">Description</th></tr>
+<tr>
+ <td valign="top"><a
name="desc_disable_webservices">disable_webservices</a></td>
+ <td valign="top">false</td>
+ <td valign="top">Set this to <code>true</code> to disable the
webservices.</td></tr>
+<tr>
+ <td valign="top"><a
name="desc_restrict_webservices">restrict_webservices</a></td>
+ <td valign="top">false</td>
+ <td valign="top">Set this to <code>true</code> to restrict webservices
usage
+ to users with the <tt>webservices.atompub</tt> permission (e.g. those
in
+ the predefined "Webservices Users" group).</td></tr>
+<tr>
+ <td valign="top"><a
name="desc_atom_max_stories">atom_max_stories</a></td>
+ <td valign="top">10</td>
+ <td valign="top">Max. number of stories returned when an Atom feed is
+ requested through the webservices API.</td></tr>
+</table>
+
+<p>Also see <a
href="http://wiki.geeklog.net/wiki/index.php/Using_the_Webservices">Using
the Webservices</a> in the Geeklog Wiki.</p>
+
+
+<h2><a name="db-config.php">db-config.php</a></h2>
+
+<p>As the name implies, the file <tt>db-config.php</tt> contains the
database
+configuration. This information is put there during the initial install and
+you should not normally have to edit this file.</p>
+
+<table border="1" width="100%">
+<tr><th style="width:8%">Variable</th>
+ <th style="width:29%">Default Value</th>
+ <th style="width:63%">Description</th></tr>
+<tr><td valign="top">_DB_host</td>
+ <td valign="top">localhost</td>
+ <td valign="top">Database Server (to be entered in the form:
<i>hostname:port:unixsocket</i>). In most cases you won't need to change
the default value.</td></tr>
+<tr><td valign="top">_DB_name</td>
+ <td valign="top">geeklog</td>
+ <td valign="top">Database Name</td></tr>
+<tr><td valign="top">_DB_user</td>
+ <td valign="top">root</td>
+ <td valign="top">Database User Account</td></tr>
+<tr><td valign="top">_DB_pass</td>
+ <td valign="top">null</td>
+ <td valign="top">Database User Password</td></tr>
+<tr><td valign="top">_DB_table_prefix</td>
+ <td valign="top">gl_</td>
+ <td valign="top">Prefix to put in front of all of Geeklog's table
names (to
+ avoid name collisions with tables used by other
applications)</td></tr>
+<tr><td valign="top">_DB_dbms</td>
+ <td valign="top">mysql</td>
+ <td valign="top">This option tells Geeklog which type of database it's
+ running on. Can be either <code>'mysql'</code> (for MySQL) or
+ <code>'mssql'</code> (for Microsoft SQL Server).</td></tr>
+</table>
+
+
+<h2><a name="siteconfig.php">siteconfig.php</a></h2>
+
+<p>The <tt>siteconfig.php</tt> file holds configuration data that can not
be
+stored in the database. Again, most of this information is put there during
+the installation and you should not normally have to edit this file.</p>
+
+<table border="1" width="100%">
+<tr><th style="width:8%">Variable</th>
+ <th style="width:29%">Default Value</th>
+ <th style="width:63%">Description</th></tr>
+<tr><td valign="top"><a name="desc_path">path</a></td>
+ <td valign="top">/path/to/geeklog/</td>
+ <td valign="top">Base file system path for your site (trailing slash
necessary)</td></tr>
+<tr><td valign="top"><a name="desc_path_system">path_system</a></td>
+ <td valign="top">/path/to/geeklog/system/</td>
+ <td valign="top">Path to your system directory for your site (trailing
slash necessary). This directory holds the code libraries used throughout
Geeklog</td></tr>
+<tr>
+ <td valign="top"><a name="desc_site_enabled">site_enabled</a></td>
+ <td valign="top">true</td>
+ <td valign="top">A Geeklog site can be disabled quickly (e.g. for
maintenance)
+ by setting this to 'false'.<br>
+ Also see the <a href="#desc_site_disabled_msg">site_disabled_msg</a>
+ configuration option.</td></tr>
+<tr>
+ <td valign="top"><a name="desc_default_charset">default_charset</a></td>
+ <td valign="top">iso-8859-1</td>
+ <td valign="top">Character encoding used by Geeklog when serving HTML
pages or
+ sending email. Only used if the language file did not already set
+ another character encoding.<br>
+ For <a
href="http://wiki.geeklog.net/wiki/index.php/Multi-Language_Support">multi-language</a>
setups, using <code>'utf-8'</code> as the default character
+ set is recommended.</td></tr>
+</table>
+
+
+<h2><a name="url-rewrite">URL Rewriting</a></h2>
+
+<p>Geeklog includes a simple but useful URL rewriting feature which can
help
+make your site more crawler friendly (i.e. the URLs of your site are more
+likely to be picked up by the search engine's indexing bots). This feature
is
+supported for URLs to stories, static pages, the article directory, and
links.
+</p>
+<p>URL rewriting means that your URLs will look like this</p>
+<p
style="margin-left:4em;"><tt>http://www.geeklog.net/article.php/20021022234959146</tt></p>
+<p>instead of like this</p>
+<p
style="margin-left:4em;"><tt>http://www.geeklog.net/article.php?story=20021022234959146</tt></p>
+<p>While some search engines will pick up the second form, Google seems to
+prefer the first format and often ignores the second format.</p>
+<p><strong>Note:</strong> This feature may not work with all web servers.
It
+is known to work with Apache (all versions) and known <em>not</em> to work
+with IIS (at least some versions). Please try it out before you go public
+with your site.</p>
+
+
+<h2><a name="Localization">Localization</a></h2>
+
+<p>Localizing Geeklog is fairly easy. All strings are contained in a
+language file. The default file that ships with the tarball is english.php.
+People interested in translating Geeklog to other languages are encouraged
+to join the <a
+href="http://lists.geeklog.net/listinfo/geeklog-translations">geeklog-translations</a>
+mailing list. All important information concerning translating Geeklog will
+be posted there.
+
+<h3><a name="date_formats">Locale and Date Formats</a></h3>
+
+<p>You can set the locale and date format in the configuration. To set the
+locale, set the variable to the proper string or if you leave it blank it
+will pull the default locale from the operating system. The date formats
+are handled by your locale. Isn't that smart? Locale names are OS
+dependent. On most UNIX hosts, you can find locale codes in the
+<i>/usr/share/locale/locale.alias</i> file and on some systems the command
+<i>locale -a</i> will display all available locales on a system. If a
+locale doesn't exist you can create it using the <i>localedef</i> command.
+
+<p>More info on locale: <a
+href="http://www.opengroup.org/onlinepubs/7908799/xbd/locale.html">http://www.opengroup.org/onlinepubs/7908799/xbd/locale.html</a><br>
+More info on localdef: <a
+href="http://www.opengroup.org/onlinepubs/7908799/xcu/localedef.html">http://www.opengroup.org/onlinepubs/7908799/xcu/localedef.html</a>
+
+<h3>Date Format Syntax</h3>
+
+<ul>
+ <li><tt>%a - abbreviated weekday name according to the current
locale</tt></li>
+ <li><tt>%A - full weekday name according to the current locale</tt></li>
+ <li><tt>%b - abbreviated month name according to the current
locale</tt></li>
+ <li><tt>%B - full month name according to the current locale</tt></li>
+ <li><tt>%c - preferred date and time representation for the current
locale</tt></li>
+ <li><tt>%C - century number (the year divided by 100 and truncated
to an integer, range 00 to 99)</tt></li>
+ <li><tt>%d - day of the month as a decimal number (range 00 to
31)</tt></li>
+ <li><tt>%D - same as %m/%d/%y</tt></li>
+ <li><tt>%e - day of the month as a decimal number, a single digit is
preceded by a space (range ' 1' to '31')</tt></li>
+ <li><tt>%h - same as %b</tt></li>
+ <li><tt>%H - hour as a decimal number using a 24-hour clock (range 00 to
23)</tt></li>
+ <li><tt>%I - hour as a decimal number using a 12-hour clock (range 01 to
12)</tt></li>
+ <li><tt>%j - day of the year as a decimal number (range 001 to
366)</tt></li>
+ <li><tt>%m - month as a decimal number (range 1 to 12)</tt></li>
+ <li><tt>%M - minute as a decimal number</tt></li>
+ <li><tt>%n - newline character</tt></li>
+ <li><tt>%p - either `am' or `pm' according to the given time value, or
the corresponding strings for the current locale</tt></li>
+ <li><tt>%r - time in a.m. and p.m. notation</tt></li>
+ <li><tt>%R - time in 24 hour notation</tt></li>
+ <li><tt>%S - second as a decimal number</tt></li>
+ <li><tt>%t - tab character</tt></li>
+ <li><tt>%T - current time, equal to %H:%M:%S</tt></li>
+ <li><tt>%u - weekday as a decimal number [1,7], with 1 representing
Monday</tt></li>
+ <li><tt>%U - week number of the current year as a decimal number,
starting with the first Sunday as the first day of the first week</tt></li>
+ <li><tt>%V - The ISO 8601:1988 week number of the current year as a
decimal number, range 01 to 53, where week 1 is the first week that has at
least 4 days in the current year, and with Monday as the first day of the
week.</tt></li>
+ <li><tt>%W - week number of the current year as a decimal number,
starting with the first Monday as the first day of the first week</tt></li>
+ <li><tt>%w - day of the week as a decimal, Sunday being 0</tt></li>
+ <li><tt>%x - preferred date representation for the current locale
without the time</tt></li>
+ <li><tt>%X - preferred time representation for the current locale
without the date</tt></li>
+ <li><tt>%y - year as a decimal number without a century (range 00 to
99)</tt></li>
+ <li><tt>%Y - year as a decimal number including the century</tt></li>
+ <li><tt>%Z - time zone or name or abbreviation</tt></li>
+ <li><tt>%% - a literal `%' character</tt></li>
+</ul>
+
+<div class="footer">
+ <a href="http://wiki.geeklog.net/">The Geeklog Documentation
Project</a><br>
+ All trademarks and copyrights on this page are owned by their
respective owners. Geeklog is copyleft.
+</div>
+
+</body>
+</html>
Added: externals/geeklog-1.5.2sr2/public_html/docs/docstyle.css
==============================================================================
--- (empty file)
+++ externals/geeklog-1.5.2sr2/public_html/docs/docstyle.css Sun Apr 5
18:13:13 2009
@@ -0,0 +1,106 @@
+body {
+ margin: 1em 5%;
+ background: white;
+ color: black;
+ font-family: Verdana, Arial, Helvetica, sans-serif;
+ font-size: smaller;
+}
+
+h1 {
+ font-size: 1.4em;
+}
+
+h2 {
+ font-size: 1.2em;
+ padding-top: 1.2em;
+}
+
+h3 {
+ font-size: 1.0em;
+}
+
+h4 {
+ font-size: 0.8em;
+}
+
+img {
+ border:0px;
+}
+
+p, ul, ol, li {
+ margin-top: 0.6em;
+ margin-bottom: 0.6em;
+}
+ul, ol {
+ margin-left: 0.9em;
+ padding-left: 0.9em;
+}
+
+code, kbd, var {
+ font-family: Courier, "Courier New", monospace;
+}
+
+table {
+ width: 100%;
+}
+
+td, th {
+ vertical-align: top;
+ padding: 4px;
+ line-height: 128%;
+ font-size: smaller;
+}
+
+th {
+ text-align: left;
+ background: silver;
+}
+
+.r2 {
+ background: rgb(240,240,240);
+}
+
+dt {
+ font-weight: bold;
+}
+
+
+.usual {
+ font-size: 100%;
+}
+
+.menu {
+ background: #dddddd;
+ color: black;
+ padding:5px;
+}
+
+.footer {
+ font-size: 90%;
+ background: #dddddd;
+ color: black;
+ padding:5px;
+ margin-top:4ex;
+}
+
+.comment {
+ font-size: 80%;
+}
+
+.codeheader { font-family: Courier, "Courier New", monospace; }
+
+a:link { color: #2222FF; background: transparent; }
+a:visited { color: #2222FF; background: transparent; }
+a:hover { color: #5252FF; background: transparent; }
+/*a:hover { color: #333366; background: #AAAADD; }*/
+a:active { color: #2222FF; background: transparent; }
+
+/* this is to prevent Mozilla from applying :hover on <a name="..."> */
+a[name] { color: black; background: transparent; }
+
+a.wikipedia {
+ text-decoration:none;
+ color:black;
+ border-bottom:1px dotted black;
+}
+
Added: externals/geeklog-1.5.2sr2/public_html/docs/history
==============================================================================
--- (empty file)
+++ externals/geeklog-1.5.2sr2/public_html/docs/history Sun Apr 5 18:13:13
2009
@@ -0,0 +1,4918 @@
+Geeklog History/Changes:
+
+Apr 4, 2009 (1.5.2sr2)
+-----------
+
+This release addresses the following security issue:
+
+Bookoo of the Nine Situations Group posted an SQL injection exploit for
glFusion
+that also works with Geeklog. This issue allowed an attacker to extract the
+password hash for any account and is fixed with this release.
+
+
+Mar 30, 2009 (1.5.2sr1)
+------------
+
+This release addresses the following security issue:
+
+Fernando Munoz reported a possible XSS in the query form on most admin
panels
+that we are fixing with this release (bug #0000841).
+
+
+Feb 8, 2009 (1.5.2)
+-----------
+
+- The default replacement text for censored text was supposed to read
+ "censored", not "censormode" [Dirk]
+- Fixed problem with extra backslashes appearing in a story's title during
the
+ story preview when magic_quotes_gpc = On (bug #0000790) [Mike, Dirk]
+- Added missing page title when viewing a single comment [Dirk]
+- Sort groups in the group dropdowns non-case sensitive [Dirk]
+- Display a message when sending the email to report an abusive comment
failed
+ [Dirk]
+- Display a message when sending the email for a new password failed [Dirk]
+
+- Updated Estonian language file for the Calendar plugin, provided by
Artur R�pp
+- Updated Japanese language file, provided by the Geeklog.jp group
+
+Static Pages plugin
+-------------------
+- Fixed parse error when saving a static page (reported by greenteagod).
This
+ problem was only introduced in 1.5.2rc1 [Dirk]
+
+
+Jan 24, 2009 (1.5.2rc1)
+------------
+
+- Fixed various issues with COM_makeClickableLinks (bug #0000767, #0000793,
+ #0000796) [Sami]
+- The comment submission form didn't show the user's full name when
+ $_CONF['show_fullname'] was enabled [Dirk]
+- Comments were always showing the username, even when
$_CONF['show_fullname']
+ was enabled (reported and patch provided by mystral-kk, bug #0000800)
+- Fixed story preview losing the story when the sid already existed (bug
+ #0000789) [Dirk]
+- Fixed wrong use of str_replace in STORY_extractLinks (bug #0000794)
[Dirk]
+- Added "Send Pings" to the Story Options block (if enabled and allowed
for the
+ current user) [Dirk]
+- Don't let the user enable plugins when there's no functions.inc for the
+ plugin [Dirk]
+- When the install script can't find db-config.php, that message was always
+ displayed in English, i.e. you could not change the language for that
screen
+ [Dirk]
+- When upgrading from a Geeklog version prior to 1.5.0, the plugin
config.php
+ files are no longer renamed [Dirk]
+- Admin lists allowed non-sortable columns to be sortable (reported and
patch
+ provided by hiroron, bug #0000791)
+- Fixed STORY_getItemInfo - need to check the draft flag and for a publish
date
+ in the future [mystral-kk, Dirk]
+- Fixed wrong use of COM_isAnonUser in COM_getPermSQL (since 1.5.0) [Dirk]
+- When calling COM_getYearFormOptions with a $startoffset parameter, the
list
+ of years was off by one (bug #0000783; patch provided by hiroron)
+- Fixed updating feeds after changing topic permissions (bug #0000779)
[Dirk]
+- The security token was missing from the trackback editor template file
+ (reported and patch provided by hiroron, bug #0000778)
+- Removed rel="tag" from topic links in lib-story.php as that would
indicate a
+ Microformat with a slightly different meaning [Dirk]
+- Don't include X-Originating-IP header in emails sent from the site's
admin
+ area (bug #0000701) [Dirk]
+- Check if COM_errorLog exists before using it in the config class (for
possible
+ problems during installation, bug #0000768) [Dirk]
+- Fixed filling out the Site Email / No-Reply Email fields in the install
+ script, which was overwriting the correct values from config.php during
+ upgrades (bug #0000759) [Dirk]
+- Set language direction in templates for printable versions of articles
and
+ static pages. Also set $LANG_DIRECTION to 'ltr' now if the language file
does
+ not already define it (bug #0000762) [Dirk]
+- Removing an element from the middle of the censorlist caused the
censoring
+ to act up (bug #0000763) [Dirk]
+- Saving a story tried to update a feed of type 'geeklog' instead
of 'article'
+ (reported by Tom Homer)
+- Delete a feed's file when deleting a feed (bug #0000758) [Dirk]
+- When using gdlib, use imagecopyresampled instead or imagecopyresized to
scale
+ images. This should result in better image quality (part of Feature
request
+ #0000720) [Dirk]
+- The {start_storylink_anchortag} variable in the story templates was
missing
+ a '>' (reported by Michael Brusletten) [Dirk]
+- Display a "Service" column in the Admin's list of users when remote auth
is
+ activated [Dirk]
+- Introduced new function COM_showMessageText to display a free-form text
in a
+ "System Message" box (feature request #0000676) [Dirk]
+- Introduced new function COM_showMessageFromParameter for easy and
consistent
+ display of messages passed in the URL, including plugin messages (second
+ attempt to fix bug #0000618) [Dirk]
+- Display confirmation message when emailing a story (feature request
#0000689)
+ [Dirk]
+- Implemented new function COM_renderWikiText to convert wiki-formatted
text
+ to (X)HTML (feature request #0000643) [Dirk]
+- Added support for CUSTOM_formatEmailAddress and CUSTOM_emailEscape
functions
+ (feature request #0000727) [Dirk]
+- Fixed 'cookiedomain' being reported as changed in the Configuration
+ (bug #0000638) [Dirk]
+- Reverted fix for bug #0000618 (COM_showMessage automatically picking up a
+ 'plugin' parameter) as it's causing problems when displaying more than
one
+ message on the same page [Dirk]
+- Added missing check for allowed IP addresses in downloader class
+ (bug #0000709) [Dirk]
+- Force a refresh after uninstalling a plugin so that the plugin's entry
+ disappears from the Admins block [Dirk]
+- Fixed an issue with story expiry dates on PHP 4/Windows (reported by zeb)
+ [Mike]
+
+- Updated Hebrew language file for the install script and Spam-X plugin,
+ provided by LWC
+- Updated Japanese language files, provided by the Geeklog.jp group
+- Updated Polish language files, provided by Robert Stadnik
+- Updated Slovenian language file for the Links plugin, provided by gape
+
+Calendar plugin
+---------------
+- Fix for calendar plugin - unable to add personal event [Blaine]
+- Make {event_url} available in eventdetails.thtml [Dirk]
+
+Links plugin
+------------
+- Missing parentheses my have resulted in incorrect search results [Dirk]
+- Added urlencoded versions of {link_actual_url} and {link_name} [Dirk]
+- Prevent overwriting existing links when changing the link ID [Dirk]
+
+Polls plugin
+------------
+- Lowered the default number of questions per poll to 5 and the number of
+ answers per question to 8 to avoid running into Suhosin's default
+ post.max_vars limit (for new installs only) [Dirk]
+- Fixed SQL error when poll questions contained single quotes (bug
#0000756)
+ [Dirk]
+- Fixed handling of poll IDs in Polls editor (bug #0000753) [Dirk]
+
+Spam-X
+------
+- Fixed compatibility check in the plugin install script [Dirk]
+
+Static Pages plugin
+-------------------
+- The owner of a static page changed to the user who last edited it
+ (bug #0000777) [Dirk]
+- Fixed call to WS_makeId when sp_id was longer than
STATICPAGE_MAX_ID_LENGTH
+ (found by Marc Maier) [Dirk]
+
+
+Sep 22, 2008 (1.5.1)
+------------
+
+- Fixed protection against direct execution in various include files which
may
+ have failed on non-case sensitive file systems (reported by Mark Evans)
[Dirk]
+- Saving a story as someone other than the owner will revert the story to
your
+ ownership. (bug #0000742) [Mike]
+- Fixed searching for non-installed plugins when open_basedir restrictions
are
+ in effect (bug #0000741)
+- Fix for first change of password issue (bug #0000724) [Mike]
+- Fixed failure to switch language with new query highlighting URLs
+ (bug #0000733) [Dirk]
+- Fixed bug with HTML Encoding of default comment title for articles
+ (bug #0000737) [Mike]
+- Fixed another case where a duplicate of a story submission was left in
the
+ submission queue after approving the story [Mike]
+- Fixed problem with the MySQL class not recognizing UTF-8 when the
character
+ set name was written in uppercase (bug #0000731) [Dirk]
+
+- Updated Hebrew language files, provided by LWC
+- Updated Estonian language files, provided by Artur R�pp
+- Updated Japanese language files, provided by the Geeklog.jp group
+- Updated Slovenian language files, provided by gape
+
+
+Sep 7, 2008 (1.5.1rc1)
+-----------
+
+- Added missing slash in the install script (bug #0000715) [Dirk]
+- CSRF token not passed to draft list (bug #0000726) [Ted Powell]
+- If root debugging is enabled, hide anything in the array stack that has
a key
+ containing 'cookie' or 'pass'. And added option to override this.
+ (bug #0000722) [Mike]
+- Prevent direct execution of the FCKeditor upload script (reported by
t0pP8uZz) [Dirk]
+- Renamed the "Restore" option in the Configuration to "Enable" [Dirk]
+- Provided better error handling for database backups (bug #0000714) [Mike]
+- Provided auto-detection of -left and -right overrides for any given block
+ template. This allows any block to auto-style to left and right for
themes
+ without the need for the theme to work it out, or talk to the database.
+ ("Bug" #0000684) [Mike]
+- Fixed handling of corrupted config value db entries, e.g. after importing
+ Calendar event_types with the wrong character set (bug #0000690) [Dirk]
+- Fixed handling of HTML entities in the Configuration (bug #0000710)
+ [Sami, Dirk]
+- Story image upload: Only add a link to the unscaled image if such an
image
+ actually exists [Dirk]
+- Removed unused code from lib-story.php [Dirk]
+- COM_siteFooter no-longer creates two sets of right blocks. (bug #0000698)
+ [Mike]
+- Microsummaries work in topics, reported by Joe. [Mike]
+- Added DB_checkTableExists and changed INST_checkTableExists to use it.
[Mike]
+- Changed REPLACE INTO for DB_save for MSSQL compat [Mike]
+- Re-introduced function get_SP_Ver in the install script, which is still
needed
+ when upgrading from old Geeklog releases (reported by libexec) [Dirk]
+- Fixed issue where you can post a comment to an unpublished story (bug
+ #0000705) [Mystral_KK/Mike]
+- Fixed make clickable links with quotes (bug #0000691) plus truncated long
+ urls. [Sami]
+- Fixed table prefix issues with constraints (bug #0000702) [Mike/Sami]
+- Fixed error when attempting to highlight a search query that contained a
+ slash [Dirk]
+- Updated FCKeditor to v2.6.3 [Blaine]
+- Moved remove() (config JavaScript) to gl_cfg_remove (bug #0000681) [Mike]
+- Change for CUSTOM_usercreate to support passing in $batchimport,
+ set true if called via the Admin->Users Batch_Add [Blaine]
+- Fix for date formatting in RSS fields (bug #0000696) [mystral_kk]
+- A small tweak to the Professional theme's commentbar to make the "Post a
+ comment" option easier to find [Dirk]
+- Renamed the syndication feed type "geeklog" to "article" since that's
what
+ they are nowadays [Dirk]
+- New option "All Frontpage Stories" for article feeds: skip stories that
have
+ the "Show only in topic" option set (feature request #0000652) [Dirk]
+- If there is a feed for a topic, there will now be a "Subscribe to ..."
option
+ in the Story Options block for every story for that topic (feature
request
+ #0000154) [Dirk]
+- Cop-out fix for bug #0000671: Don't display the icon for external links
when
+ the text direction is 'rtl' (e.g. Hebrew) [Dirk, Mike]
+- Keep letter case intact when highlighting a search query string (patch
+ provided by Sami Barakat)
+- Provide nicer URLs to story search results when URL rewriting is enabled
+ (bug #0000665, based on a patch by Sami Barakat) [Dirk]
+- Better support for plugin messages (bug #0000618) [Blaine]
+- Introduced new variable {page_title_and_site_name} for header.thtml so
that
+ we can have "Site Name - Site Slogan" in the frontpage's title again
[Dirk]
+- Fixed SQL error(s) for story submissions by users with story.submit but
no
+ further Story Admin permissions (reported by Orion) [Dirk]
+- End a user's session when they are being banned [Dirk]
+- Signatures in HTML-formatted comments weren't XHTML compliant [Dirk]
+- Minor cleanups in style.css - no actual layout changes (bug #0000683)
[Dirk]
+- Allow creation of banned users, i.e. ban the user on account creation
[Dirk]
+- Minor improvements in the error handling, e.g. preventing Geeklog from
+ creating error.log files outside the logs directory [Dirk]
+- Send a HTTP status code 503 "Service Unavailable" when the site is
disabled
+ [Dirk]
+- Hide the database password when the database backup failed and we're
logging
+ the mysqldump command [Dirk]
+- Disable OpenID login when new registrations are disabled [Dirk]
+- Allow to unset Configuration options again after they have
been "restored",
+ i.e. enabled (bug #0000664) [Dirk]
+- Adopted hack to allow multilingual blocks (bug #0000626) [Dirk]
+- Fixed SQL error in story submissions (reported by Chase) [Mike]
+- Stories with a publishing date in the future and stories with the draft
flag
+ set were accessible if you knew their story id (bug #0000678) [Mike]
+- Enabled siteconfig.php to override database config in core, primarily for
+ rootdebug. [bug 0000673] [Mike]
+- Allow remote users to use the webservices (bug #0000640). Due to the
+ authentication method it is not possible for OpenID users to use the
+ webservices. Other remote users will have to use username @ servicename for
+ their username when logging in through the webservices [Dirk]
+- Fix to template.class to better handle full path being passed in [Blaine]
+- Updated PLG_uninstall to supress errors for table drop. [bug 0000668]
[Mike]
+- Fixed INST_checkTableExists for MS SQL Support. [bug 0000668] [Mike]
+- Hardcode an ltr div around HTML tags in the allowed html tag list. Plus
minor
+ HTML compliance issues. [bug 0000669] [Mike]
+- Plaintext stories have nl2br applied in syndication feeds to provide
correct
+ formatting in feed readers. [bug 0000662] [Mike]
+- Changed SEC_createToken so that it will only return one token per page
+ (effectively making it a singleton). This fixes the problem of not being
able
+ to delete comments when you also have trackbacks for the same article
+ [Mike, Dirk]
+- Approving a story submission by saving it from the Admin's story editor
left
+ a duplicate in the submission queue, unless you changed the story ID at
the
+ same time [Dirk, Mark Evans]
+- Fixed user submission queue (reported by greenteagod) [Dirk]
+
+- Updated Hebrew language files, provided by LWC
+
+Calendar plugin
+---------------
+- Fixed <brXHTML> tags in the German language files for the Calendar [Dirk]
+- Fixed date comparison ("End date is before start date.", bug #0000703)
[Dirk]
+- Fixed Admin delete links in day and week view (bug #0000680) [Dirk]
+- Search for an event's "author" didn't work [Dirk]
+- Calendar block now includes events from the current day (in progress or
all
+ day events, bug 0000604, patch from forums) (really) [Mike]
+
+Links plugin
+------------
+- Fixed passing the category on multi-page link lists [Dirk]
+- Fixed new category silently overwriting an existing category if they had
the
+ same id (part 2 of bug #0000659) [Dirk]
+- Fixed SQL error when trying to change a category id to an already
existing id
+ (part 1 of bug #0000659) [Dirk]
+
+Polls plugin
+------------
+- For multi-question polls, make the "Vote" button read "Start Poll" in the
+ polls block (bug #0000633) [Dirk]
+- Fixed display of "Results" link while a poll is open [Dirk]
+
+Static Pages plugin
+-------------------
+- Menu entries were not language-aware (in multi-language setups), i.e.
all the
+ menu entries were always displayed (bug #0000713) [Dirk]
+- Removed unused 'config_data' entry from the plugin uninstall function
+ (bug #0000666) [Dirk]
+- Fixed printer friendly version of a static page not working when
url_rewrite
+ is enabled (bug #0000661) [Dirk]
+
+
+June 15, 2008 (1.5.0)
+-------------
+
+Geeklog 1.5.0 incorporates the following projects implemented during
+the 2007 Google Summer of Code:
+
++ New user-friendly install script by Matt West
++ New Configuration GUI (replacing config.php) by Aaron Blankstein
++ New Webservices API based on the Atom Publishing Protocol by Ramnath R.
Iyer
+
+Changes since 1.5.0rc2:
+- Users that used a different theme than the site default would see the
site
+ switch temporarily back to the site's default theme when changing a
config
+ option. This was a side effect of the fix for bug #0000648 [Dirk]
+- In a tradeoff between security and convenience, we decided to go with
+ security: The install script will no longer display the database
credentials
+ from db-config.php. The downside is that you will have to enter them
again
+ when doing a database upgrade or re-running the install (reported by Mark
+ Evans) [Dirk]
+- Links plugin: The word "Root" wasn't taken from the language file for
the page
+ title of the public list of links (reported by Markus Wollschl�ger)
[Dirk]
+- Fixed remaining places where the Admin panels had inconsistent layouts:
+ Calendar list of events, Polls editor (bug #0000650) [Dirk]
+
+- Updated Hebrew language file, provided by LWC
+- Updated German language files, provided by Markus Wollschl�ger
+- Some Korean language files had a mixture of CR/LF and LF as line
separators
+ (bug #0000655) [Dirk]
+
+
+June 8, 2008 (1.5.0rc2)
+------------
+
+Changes since 1.5.0rc1:
+- Hide the | separator for static pages with page format "blank page"
(reported
+ by Tetsuko Komma) [Dirk]
+- Hardcoded all URL entry fields in the templates and the date selection
in the
+ calendar plugin to dir="ltr" (reported by LWC) [Dirk]
+- Fixed handling of UTF-8 languages in the install script (reported by
Tetsuko
+ Komma) [Dirk]
+- Ensure consistent display of the admin lists (bug #0000650) [Dirk]
+- Sanitize the language in the install help (reported by Mark Evans) [Dirk]
+- Moved the hard-coded CSS for the System Message to the stylesheet [Dirk]
+- Added a workaround for the Yulup Atompub client that sometimes sends Text
+ nodes within XHTML nodes [Dirk]
+- Made the Install / Upgrade buttons in the install script a bit wider to
+ provide more space for the Japanese and German translations [Dirk]
+- Fixed bug #0000647: All modifications of usersettings should go through
+ CUSTOM_usercheck [Blaine]
+- Removed hard-coded <ul> tags from the functions for the Admin, User, and
+ Topics blocks. Added new blockheader-list.thtml, blockfooter-list.thtml
+ template files for those blocks [Blaine]
+- Removed the fake {blockid} for the block templates as it was actually
derived
+ from the block title, resulting in layout changes when you changed the
block
+ title. It also didn't work properly with non-ASCII languages. Updated
+ style.css and the block templates accordingly [Blaine]
+- Fixed setting the site's default language and default theme (bugs
#0000646
+ and #0000648) [Aaron, Dirk]
+- The bundled plugins don't need to read their config.php any more. This
also
+ avoids confusion if renaming the old config.php failed during the upgrade
+ [Dirk]
+- Fixed SQL error in the Mail Utility when using the option to override
user
+ settings (reported by Michael Brusletten) [Dirk]
+- Fixed problems with the text direction in the install script (reported
by LWC)
+ [Dirk]
+
+- Updated Estonian language files, provided by Artur R�pp
+- Updated Hebrew language files, provided by LWC
+- Updated Japanese language files, provided by Takahiro Kambe, Tetsuko
Komma,
+ and the Geeklog.jp group
+ Note: Only the UTF-8 versions of the Japanese language files are
supported
+ from now on. The euc-jp versions have been removed from the distribution.
+- Updated Polish language files, provided by Robert Stadnik
+- Updated Slovenian language file, provided by gape
+
+
+May 25, 2008 (1.5.0rc1)
+------------
+
+Changes since 1.5.0b2:
+- Fixed story date/time when using the timezone hack (bug #0000639) [Dirk]
+- Fixed MS SQL upgrade [Mike]
+- Added code to beautify the language names in the install script [Dirk]
+- Ensure the "After Saving ..." options work as advertised [Dirk]
+- Fixed handling of empty form submission and display of error messages in
the
+ batch user import [Dirk]
+- Fixed text for the account reminder emails [Dirk]
+- Display value in the "Months since registration" column on the Batch User
+ Admin screen without decimals again (as in 1.4.1) [Dirk]
+- Removed unused poll-vote, poll-vote-results classes from the Professional
+ theme's stylesheet; added empty required-field, missing-field classes for
+ future use (cf. bug #0000635) [Dirk]
+
+- Updated Chinese language files, provided by Samuel M. Stone
+- Updated Estonian language files, provided by Artur R�pp
+- Updated Slovenian language file, provided by gape
+
+Calendar plugin
+---------------
+- Fixed missing ] in the headline of the day and week view [Dirk]
+- Fixed the template for the personal event editor (extra <td> tag) [Dirk]
+- Bugfix: In some cases, personal events would end up in the submission
queue
+ for site events [Dirk]
+- Fixed "Delete old entries" option (delete checkboxes were missing) [Dirk]
+
+
+May 20, 2008 (1.5.0b2)
+------------
+
+Changes since 1.5.0b1:
+- {story_title} is now available in the article.thtml template file [Dirk]
+- Bugfix: When saving a (new) topic with one or more required fields
missing,
+ don't go back into the topic editor as that would cause a
confusing "access
+ denied" message [Dirk]
+- Hard-coded the text direction as "ltr" for some input fields and the
date/time
+ selection in the story editor (bug #0000150). Also
removed "text-align:left"
+ for the HTML body from the Professional theme's style sheet as it
interferes
+ with the ability to switch the text direction (reported by LWC) [Dirk]
+- Removed references to config.php from the documentation, some READMEs,
and
+ some source files (bug #0000627) [Dirk]
+- Don't include the (internal) 'subgroup' and 'fieldset' entries in the
$_CONF
+ arrays [Dirk]
+- COM_numberFormat wouldn't handle decimals correctly (bug #0000624) [Dirk]
+- Make sure the XHTML constant is defined if the theme doesn't already
define
+ it (bug #0000622) [Dirk]
+- Fixed invalid <brXHTML> tags in some language files (bug #0000621) [Dirk]
+- The URL sent in a user registration notification contained an &
where it
+ should have been a simple & [Dirk]
+
+- Updated German language files, provided by Markus Wollschl�ger
+
+Links plugin
+------------
+- Fixed the "Validate Links" link from the list of categories [Dirk]
+
+Polls plugin
+------------
+- Bugfix: When saving a (new) poll with one or more required fields
missing,
+ don't go back into the polls editor as that would cause a
confusing "access
+ denied" message [Dirk]
+- Renamed 'open' column in the gl_polltopics table to 'is_open' as "open"
is
+ a reserved keyword in MS SQL server [Matt]
+- Fixed duplicate sort_order value in the Polls config [Dirk]
+- Cosmetic changes in the Polls topic and results (bug #0000625) [Dirk]
+
+Static Pages plugin
+-------------------
+- Moved the print and edit icons to the bottom of a static page in the
default
+ staticpage.thtml template file. Also removed the icons from the default
+ centerblock.thtml template file and defined the {lastupdate} and {hits}
+ variables there (bug #0000628) [Dirk]
+- Removed an extra } from the Static Pages staticpage.thtml template file
+ (reported by Markus Wollschl�ger) [Dirk]
+
+
+
+May 5, 2008 (1.5.0b1)
+-----------
+
+- Updated FCKeditor to v2.6 [Blaine]
+- LDAP remote authentication module, provided by Jessica Blank / MTV
Networks
+- The {lang_attribute} can only properly be set in a multi-language setup
+ (bug #0000616) [Dirk]
+- Removed Blogger remote authentication option. Blogger.com have changed
their
+ authentication process, so this module no longer works.
+- Emails sent from Geeklog now have an X-Originating-IP header to help
track
+ spam or abuse [Dirk]
+- The topic editor allowed you to enter topic IDs with more than 20
characters
+ (reported by Markus Wollschl�ger) [Dirk]
+- Ease restriction that email addresses have to be unique: Remote accounts
can
+ have non-unique addresses, on-site accounts can't [Dirk]
+- Bug: Email user form doesn't display correctly with " in subject when
sending
+ is failed due to incomplete fields. [Mike]
+- Bugs: Ensure that site_url, site_admin_url, layout_url and xhtml
available to
+ all templates. [Mike]
+- Support for [raw][/raw] tag in HTML post mode. All the benefits of code
and
+ pre, with none of the ugly styling. [Mike]
+- Added an Atom self-link to RSS feeds. Sounds odd, but it is recommended
by
+ <http://feedvalidator.org/docs/warning/MissingAtomSelfLink.html> [Mike]
+- Improved support for podcasts in portal blocks and fixed an error where
REALLY
+ long syndication feeds could blow portal blocks up. [Mike]
+- Only use the multi-byte string functions when the current character set
is
+ UTF-8 (reported by Rick78) [Dirk]
+- COM_hit() is now called from COM_siteFooter() instead of doing the
UPDATE SQL
+ directly (reported by Joe Mucchiello) [Dirk]
+- New function SEC_encryptPassword() to be used when we have to encrypt a
+ password. This is only a wrapper for md5() for now but should it make
easier
+ for us to use some other method in the future [Dirk]
+- Incorporated patches by Joe Mucchiello for places in the code where the
+ template library was used incorrectly.
+- By defining the constant XHTML as ' /', themes can now be XHTML compliant
+ (patches provided by dengen from geeklog.jp)
+- Added batch admin feature to send out account reminders [Blaine]
+- Hide "Create Account" link in the story submission form when new account
+ registration has been disabled (reported by Markus Wollschl�ger) [Dirk]
+- Updated COM_startBlock to set a unique {blockid} template variable
[Blaine]
+- Fixed checking of "Show Admin lists" in Group Admin when going to 2nd
page of
+ results [Oliver]
+- Created new function for Admin-Menu display and removed that
functionality
+ from ADMIN_list-functions. [Oliver]
+- Fixed missing N/A display when no plugin version number was available
+ (reported by Machinari) [Dirk]
+- Avoid division by zero error when $_CONF['limitnews'] == 0
+ (reported by Samuel M. Stone) [Dirk]
+- Bugfix: Atom always assumes 0.3 and doesn't handle article dates.
(Reported by
+ mystral kk on the forums). [Mike]
+- Added OpenID 1.1 support, provided by Choplair
+- Pass site_name into story templates so advanced linking to items like
digg.com
+ can be templated cross-site. [Mike]
+- Revamped DB Backups option. It now lists all backups (all .sql files),
and
+ lets you download and delete backups from there [Dirk]
+- Fixed checking for errors when sending Pingbacks or Pings [Mike, Dirk]
+- When receiving a Pingback, optionally create an excerpt from the text of
the
+ site that sent the Pingback [Dirk]
+- Portal blocks now use the HTTP Last-Modified and ETag headers to only
request
+ feeds when they have changed [Dirk]
+- The {read_more_class} variable now contains class="story-read-more-link"
(if
+ defined) for consistency with the class name used in {readmore_link}
[Dirk]
+- Changed the Security Check to only check if any Root users have their
password
+ as "password" [Dirk]
+- Made admin/sectest.php recognize 403 status codes (reported by THX100)
[Dirk]
+- All plugin API's, where not doing very, very plugin specific activities
now
+ call a matching CUSTOM_ function. [Mike]
+- Integrated support for passing parameters to phpblock functions (Patch
#643 by
+ Joe Mucchiello) [Mike]
+- Fixed numerous HTML errors in admin pages [Oliver]
+- Added a missing blank between the day's name and the date in the Older
Stories
+ block (reported by Jeruvy's girlfriend, via IRC) [Dirk]
+- fixed bug [#648] sending new password email returns "Ok" message although
+ it fails when SMTP Server cannot be reached [Oliver]
+- Need to include parameters in the URL when sending Pingbacks, e.g. to
+ Serendipity [Dirk]
+- When sending Pingbacks, also search for <link rel="pingback"> if the
linked
+ site does not send an X-Pingback header [Dirk]
+- When sending Pingbacks for a story that had identical link texts for
different
+ URLs, only the last of those links was pinged [Dirk]
+- Implemented new Autouninstall for plugins. Plugins runs a function that
passes
+ a specific array to a core function that removes all given element of the
+ plugin. The function inside the plugin can handle aditional removals
that
+ the core code cannot [Oliver]
+- Fixed search by date in Calendar (reported and patch provided by Jeffrey
Hare)
+- Only allow autotags in normal blocks (bug #653) [Dirk]
+- Added {story_topic_image_no_align} and
{story_anchortag_and_image_no_align}
+ in stories so that you have access to the topic image without the
alignment
+ (feature request #410) [Dirk]
+- Show autotags in story editor to Admin even if all HTML is allowed
[Oliver]
+- Allow comments to be closed, i.e. display the existing comments but don't
+ accept any new ones [Dirk]
+- Introduced COM_getCharset which returns the currently used character set
(to
+ avoid code duplication). It should be save to simply use $LANG_CHARSET in
+ most cases, though [Dirk]
+- Added optional Wikitext postmode for stories [Oliver]
+- Added optional noreply-email address option to config.php to prevent
+ spammers retrieving the admin's email address from registering online
[Oliver]
+- Added support for "Microsummaries" to index.php.
+ See (http://wiki.mozilla.org/Microsummaries) [Mike]
+- Story "Rewrite" - significant re-structure of story code to fix all
issues
+ with posting HTML special characters etc. [Mike]
+- Added ability to have Body Text in user submitted stories. To deactivate,
+ edit layout\theme\submit\submitstory.thtml and submitstory_advanced.thtml
+ [Mike]
+- fixing the dimension-resizing of uploaded images. If an image would be
within
+ the max width after resizing, the max height might still be off. This is
+ solved with the new code. [Oliver]
+- Removed tzcode table and started using PEAR::Date instead since all
timezone
+ information is stored in there. [Oliver]
+- Added timezone selector to preferences page [Oliver]
+- Fixed COM_getLangSQL() to escape the underscore character '_' which
happens
+ to be a wildcard character when used with LIKE. In a multi-language
setup,
+ this may accidentally display unwanted items (reported by Kenji Ito)
[Dirk]
+- Addressed problems with the text direction (ltr/rtl) and the hard-coded
+ English text in admin/sectest.php (reported by LWC) [Dirk]
+- Due to a language file change, the login form in users.php ("Try Logging
in
+ Again") now asked for a "new password" (reported by Laugh) [Dirk]
+- Remove the "Are you secure?" (getBent) block from the database as its
+ functionality has been moved to admin/sectest.php (reported by LWC)
[Dirk]
+- Added config option what should be displayed after user saving [Oliver]
+- Added config option what should be displayed after story saving [Oliver]
+- Images in articles (inc. topic icon) aligned with float [Oliver]
+
+- New Czech language file for the Calendar and Links plugins, provided
+ by Ondrej Rusek
+- New Danish language file for the Calendar plugin, provided by dirtyjensen
+- Updated Dutch language files, provided by Ronald Edelschaap
+- New Dutch language file for the Calendar plugin, provided by John van
Gaal
+- Updated French Canadian language files for Geeklog and the Static Pages
plugin
+ and new language files for the Calendar, Links, and Polls plugins,
provided
+ by Jean-Francois Allard
+- Updated Hebrew language file, provided by LWC
+- Updated Japanese language files for Geeklog and all the plugins, provided
+ by the Geeklog Japanese group
+- New Korean language files for Geeklog and most of the plugins, provided
+ by Tetsuko Komma and Kim Younghie
+- Updated Spanish (UTF-8) language file and new Spanish (UTF-8) language
files
+ for all the plugins, provided by Jose R. Valverde
+
+Calendar plugin (1.0.2)
+---------------
+- Calendar block now includes events from the current day (in progress or
all
+ day events, bug 0000604, patch from forums)
+- Fixed deleting events submissions from the Events editor [Dirk]
+- The global $_STATES has been removed from Geeklog. The state in an
event's
+ details is now a simple text entry field.
+- The form to add an event to the personal calendar was missing the site
footer
+ (reported by Mark Evans) [Dirk]
+- Fixed Calendar feeds: The first parameter to the getFeedContent function
is
+ the feed's ID, not the feed limit (bug #659) [Dirk]
+- Highlight search queries [Dirk]
+- Autouninstall implemented [Oliver]
+- Added Batch-Delete functionality [Oliver]
+- Added config option what should be displayed after event saving [Oliver]
+
+Links plugin (2.0.0)
+------------
+- Fixed deleting link submissions from the Links editor (didn't work in at
least
+ all 1.4.x versions) [Dirk]
+- Added owner_id field to submissions to record submitter and align with
+ stories behavior [Oliver]
+- Autouninstall implemented [Oliver]
+- Added "Report Broken Link" function [Oliver]
+- Added Link Verification to Link Admin [Oliver]
+- Added config option what should be displayed after link saving [Oliver]
+- Added Link sub-category options [Euan]
+
+Polls plugin (2.0.1)
+------------
+- Autouninstall implemented [Oliver]
+- Added Support for multiple questions grouped into a survey [Oliver]
+- Added Support for closing polls [Oliver]
+- Added Support for hiding poll results of open polls [Oliver]
+- Added config option what should be displayed after event poll [Oliver]
+
+Spam-X plugin (1.1.1)
+-------------
+- Fixed the "edit" modules not working with the French language files
(reported
+ bye Joe) [Dirk]
+- Autouninstall implemented [Oliver]
+- Fixed an error with the SLV module when $_CONF['site_url'] was empty
+ (reported by AA6QN) [Dirk]
+- Added support for blocking entire IP ranges, using either CIDR notation
or
+ simple x.x.x.x-y.y.y.y ranges [Dirk]
+
+Static Pages plugin (1.5.0)
+-------------------
+- Bugfix: In a multi-language setup, we need to be able to see all topics
for
+ the centerblock option [Dirk]
+- Bugfix: Allow the static pages "page format" setting to override
+ $_CONF['show_right_blocks'] (reported by Simon Lord) [Dirk]
+- New Static pages Autotag: staticpage_content to return the contents of a
+ static page instead of a link to a static page [Oliver]
+- Now using a template to display static pages [Oliver]
+- Autouninstall implemented [Oliver]
+- The static pages editor was looking for the advanced editor template in
the
+ wrong place, due to an uninitialized variable (reported by k74) [Dirk]
+- Allow static pages to replace tags also on PHP-generated content [Oliver]
+- Added config option what should be displayed after page saving [Oliver]
+- Added comments feature [Oliver]
+
+
+Dec 31, 2006 (1.4.1)
+------------
+
+- Changed the default character set in config.php back to iso-8859-1 [Dirk]
+- Removed display of the site URL from admin/sectest.php. On sites not
installed
+ in the webroot, it did not display the site's actual URL, which only
causes
+ confusion (reported by Dazzy) [Dirk]
+- Fixed conflict between the Spam-X DeleteComment and SLVreport action
+ modules which prevented the count of deleted spams from being incremented
+ [Dirk]
+- Fixed max. allowed length for a user's homepage (128) and location (96)
in the
+ preferences/profile.thtml template file (reported by burjans) [Dirk]
+- Fixed page title after a successful batch import of users (which
read "Error")
+ [Dirk]
+- Back in Geeklog 1.4.0, a counter was added to the Spam-X plugin to count
all
+ deleted spam posts. The counter was only added in fresh installs of
1.4.0,
+ though, but not when upgrading from an earlier version. Fixed that [Dirk]
+- In lists created from the Links and Calendar plugins,
use "links-new-plugin"
+ as the CSS class name [Oliver]
+
+- Updated Estonian language file, provided by Artur R�pp
+- Updated Russian language file, provided by Alexander Yurchenko
+- New Russian language file for the Calendar plugin, provided by Alexander
+ Yurchenko
+- Updated Turkish language file, provided by Kemal Cellat
+
+
+Dec 17, 2006 (1.4.1rc1)
+------------
+
+- Improved handling of UTF-8 feeds (feature request #631) [Mike, Dirk]
+- Fixes for the remaining MS SQL issues (bugs #620, #621, #622, #624)
+ [Randy Kolenko, Dirk]
+- Initialize SQL request arrays to prevent PHP errors (e.g. with static
pages),
+ reported by ldfoo [Dirk]
+- Escape the '#' sign in spam checks since we're using it as the separator
+ character for the regexp [Dirk]
+- Mark Evans provided a set of patches that let plugins hook into the user
+ registration, story and comment submission as well as the contact user
and
+ email story forms. These hooks can be used to add CAPTCHAs to those
forms,
+ but may also come in handy for other plugin applications.
+ Also modified several template files to include a {captcha} variable to
ease
+ installation of Mark's CAPTCHA plugin.
+- Update the timestamp for the last run of PLG_runScheduledTask before
calling
+ the function to minimize the risk of the call being triggered more than
once
+ (bug #628) [Dirk]
+- In a multi-language setup, allow one static page per language to take
over
+ the index page (bug #625) [Dirk]
+- sectest.php didn't perform the test for the install script and default
+ passwords on some setups (reported by Christian Weiske) [Dirk]
+- Fixed "delete account" option (reported by Paul Lelgemann) [Dirk]
+- Fixed counting of comments in several places where comments were counted
+ without taking the type of the parent object into account (e.g. when a
story
+ and a poll happened to use the same id, their comment counts would have
been
+ messed up) [Dirk]
+- Editing a story did reset the trackback count (reported by T. Marquez)
[Dirk]
+- In the admin's story editor, set the debug option for the image upload
only
+ when $_CONF['debug_image_upload'] = true (thus avoiding the "Warning:
File #x
+ on the HTML form was empty" messages in error.log) [Dirk]
+- Renamed [calendar:] autotag back to [event:] for backward compatibility.
It
+ also makes more sense this way, since it does provide a link to an
event, not
+ a link to a calendar (bug #619) [Dirk]
+- Need to check if field 'etids' is NULL (for MySQL 4) for the Daily Digest
+ (bug #595) [Dirk]
+- Removed the outer table from the layout and merged several style
declarations
+ into the body-tag declaration [Oliver]
+- The spam check for comment posts did not include the comment title
(reported
+ by Laugh) [Dirk]
+- When multi-language support is enabled, allow language-specific overrides
+ of the locale settings, e.g. $_CONF['date_en'] and $_CONF['date_de'] to
+ overwrite $_CONF['date'] depending on the current language [Dirk]
+- When installing the Geeklog database using InnoDB tables, create a
+ 'database_engine' entry in gl_vars, so that plugins know to use InnoDB
for
+ their tables. Updated the bundled plugins to act accordingly [Dirk]
+- DB_query will now (optionally) accept an array of SQL request strings
from
+ which it will pick the one applicable for the currently used database
type
+ [Vinny, Dirk]
+- Provide some more meta information in header.thtml [Dirk]
+ + added optional {lang_id} variable and lang attribute
+ + added a hreflang attribute to the feed links
+ + added <link rel="home">, <link rel="search">, <link rel="contents">
links
+ (via the {rel_links} variable)
+- COM_isFrontpage has been deprecated, as it had its return values inverted
+ (returns false when on the site's index page). Use COM_onFrontpage
instead
+ from now on [Dirk]
+- Fixed check for new stories from archive topic [Dirk]
+- Call PLG_templateSetVars() from STORY_renderArticle() so we can have
custom
+ variables in the story templates [Dirk]
+
+- Updated Chinese language files (traditional and simplified), provided by
+ Samuel M. Stone
+- Updated Japanese language files for Geeklog and all the plugins, provided
+ by the Geeklog Japanese group
+- Updated Ukrainian language files (Windows-1251, KOI8-U, and UTF-8
encoding)
+ for Geeklog and all the plugins, provided by Vitaliy Biliyenko
+
+
+Nov 5, 2006 (1.4.1b2)
+-----------
+
+- Fixed potential SQL injection in the story editor preview (required Story
+ Admin permissions) [Dirk]
+- Added multi-language support in static pages centerblocks and search
[Dirk]
+- When cloning a static page, keep the original's "wrap in a block" setting
+ [Dirk]
+- Spam-X stats: Removed MT-Blacklist entry, added SLV whitelist entry
[Dirk]
+- Don't add empty "No Title" links in portal blocks when the feed has less
than
+ the configured max. number of entries (bug #610) [Dirk]
+- Added support for COM_mail to use a parm for a CC: distribution list
[Blaine]
+- Fixed bug #603, hardcoded mysql_error() [Oliver]
+- Fixed bug #604, delete trackbacks of a story when story is deleted
[Oliver]
+- Allow users to switch the language again, even when the default
character set
+ is not UTF-8. It is, however, not possible to mix UTF-8 and other
charsets.
+ Also, "UTF-8" is not displayed in the language dropdown any more [Dirk]
+- Corrected SQL for group counting in Admin menu for root admin to fix bug
#573
+ [Oliver]
+- Properly encode non-ASCII characters in email headers (subject, names),
+ loosely based on patch #489 and code from Cal Henderson's book [Dirk]
+- Removed the Calendar styles and moved them to a dedicated file in the
+ plugin's directory [Oliver]
+- Sorted all stylesheet definitions alphabetically and split semantics and
+ classes [Oliver]
+- When making a topic the archive topic, update all existing stories in
that
+ topic to "archived" status (and likewise revert that status if the topic
+ loses its archive topic status) [Dirk]
+- Don't count archived stories as new stories in the What's New block
[Dirk]
+- Moved the defines for STORY_ARCHIVE_ON_EXPIRE and STORY_DELETE_ON_EXPIRE
to
+ lib-story.php (from config.php) where they make more sense [Dirk]
+- COM_getPermSQL was using the current user's group information when
called for
+ another user. In Geeklog, this only happens for the Daily Digest, though
+ (bug #594) [Dirk]
+- When comments are disabled for a story, don't show any existing comments
in
+ the What's New block, in search results or via comment.php (bug #597)
[Dirk]
+- When trackbacks are disabled for a story, don't list any existing
trackbacks
+ in the What's New block [Dirk]
+- In the Admin's User Editor, disabled the checkboxes for the All Users,
+ Logged-in Users, and Remote Users groups to prevent accidental change of
+ group membership [Dirk]
+- When deleting a topic, also delete all Trackbacks attached to stories in
that
+ topic and update the Older Stories block and the feeds [Dirk]
+- Fixed approve / delete of draft stories from moderation.php [Dirk]
+- Strip blanks from the name of a PHP block function when saving a PHP
block
+ [Dirk]
+- Fixed / added multi-language support in the article directory, What's New
+ block, and the search for stories and comments [Dirk]
+- Fixed an SQL error when changing a story's ID [Dirk]
+- Call SET NAMES 'utf8' when using UTF-8 as the site's character set (with
+ MySQL), as pointed out by several people [Dirk]
+- Removed wrong parameter when calling up the comment form again when the
+ comment's title was missing. This bug existed for both story and polls
+ comments. (bug #591) [Dirk]
+- Users who were only in the Syndication Admin group didn't have access to
+ Command and Control (moderation.php) [Dirk]
+- For Block, Group, Polls, Story and Topic Admins only display the number
of
+ the respective entries they can actually see (instead of the number of
all
+ entries, e.g. topics, in the system) [Dirk]
+- Fixed highlighting parse error when the search term contained an
apostrophe
+ (bug #590) [Dirk]
+- Improved (and subsequently fixed) Pingback spam detection which now also
uses
+ the $_CONF['check_trackback_link'] settings [Dirk]
+- directory.php was still using $LANG30 instead of $LANG_MONTH (bug #583)
[Dirk]
+- When upgrading the database from 1.4.0, only update those plugins that
are
+ actually installed (disabled or not) [Dirk]
+- CSS Changes to support better scaling of Font size - using browser
Text-Size
+ adjustment. Removed many extra font-size declarations. [Blaine]
+- Don't allow viewing of a Banned user profile unless user admin [Blaine]
+- Only call CUSTOM_loginErrorHandler when custom_registration is enabled
+ (bug #584) [Blaine]
+- Fixed SQL error with some older MySQL versions when calling up the Batch
User
+ Delete option [Oliver]
+- Comments always displayed the comment author's full name, even when
+ $_CONF['show_fullname'] was set to 0 [Dirk]
+- Fixed 404 (caused by a request for a file named '(none)') in the user
profile
+ display when a user doesn't have a userphoto [Dirk]
+
+- New Estonian language files for Geeklog and most of the plugins, provided
+ by Artur R�pp
+- Updated Hebrew language file, provided by LWC
+- Updated Japanese language files for Geeklog and all the plugins, provided
+ by the Geeklog Japanese group
+- New Russian language files for the Spam-X plugin, provided by Pavel
Kovalenko
+- Updated Slovenian language files for Geeklog and all the plugins,
provided
+ by gape
+
+Calendar plugin
+---------------
+- Created a dedicated stylesheet file and include the file only if the URL
+ contains the word 'calendar' [Oliver]
+- Tweaked the Calendar search result listing: Removed the Event Description
+ (usually too long for the result listing), replaced Location (which is
only a
+ part of the address and not very helpful) with Event Type, minimized
Date &
+ Time display for events lasting only one day (don't list date twice)
[Dirk]
+
+Links plugin
+------------
+- Renamed classes block-vote-results to poll-vote-results and block-vote to
+ poll-vote [Oliver]
+- Removed duplicate "Other" entry from the Link submission form [Dirk]
+- In the Admin's list of links, only display an edit icon for links that
the
+ current user can actually edit (they did get a proper error message when
+ trying to edit such a link, though) [Dirk]
+- Don't return the number of links in the links submission queue if the
+ current user does not have links.moderate permissions [Dirk]
+- Filter out special characters from link IDs. They were properly escaped
+ before storing them in the database but caused problems when using them
+ (bug #565) [Dirk]
+
+
+Sep 17, 2006 (1.4.1b1)
+------------
+
+- Changes to templates and CSS to remove deprecated HTML (align= and
valign=)
+ Removed un-used CSS declarations, redundant font-family declarations
+ Removed use of font-size percentage and used more acceptable EM units
[Blaine]
+- Don't display an "edit" link in a story if the current user doesn't have
+ edit permissions for the story's topic (bug #558) [Dirk]
+- Added a new script to check the site's security (admin/sectest.php). This
+ replaces the "get bent" PHP block, but also performs additional checks
[Dirk]
+- Created a Batch Delete function for users that easily identifies
inactive or
+ old users and allows mass-deletion of those [Oliver]
+- Updated FCKeditor to versio
==============================================================================
Diff truncated at 200k characters