- MOD: Replaced e107::getPref('social_login') with
SocialLoginConfigManager::getValidConfiguredProviderConfigs()
- FIX: signup_shortcodes updated with new social login providers
- MOD: e107::filter_request() code de-duplication: HTTP 400 exits
- MOD: Deprecated e107::getHybridAuth() to discourage direct access to
third-party dependency Hybridauth
- FIX: Updated e_user_provider for Hybridauth 3
- FIX: e_user::tryProviderSession() and Hybridauth 3
- NEW: Dynamic auth provider support in social_adminarea
- NEW: Database migration for social plugin's social_login pref
- NEW: Added \e107\Shims\Internal\StrptimeTrait, which implements PHP internal function
strptime(). On not-Windows, the built-in function is called. If that function fails
or if the operating system is Windows, the alternative pure PHP implementation is
attempted. The first successful call is returned, or false if none are successful.
- MOD: Deprecated e_date::strptime() in favor of eShims::strptime()
- FIX: License misatributed for e_date::strptime() (now eShims::strptime()). The library
used was public domain, not CC BY-NC-SA 2.0 FR by Lionel Sauron.
- MOD: Removed STRPTIME_COMPAT constant now that eShims::strptime() exists
- MOD: Removed support for calling e_date::strptime() with:
- a localized full month name
- a localized abbreviated month name
- AM or PM
- am or pm
because these features were only implemented in Windows mode (STRPTIME_COMPAT).
- MOD: php_compatibility_handler.php now defines global strptime() using the
eShims::strptime() implementation
- NEW: Test all(?) the possibilities of eShims::strptime()
- MOD: Silently ignore failures to e_db_mysql::close(); if it's failing, it's probably already closed
- FIX: Close the PDO or mysqli connection after each e_db_abstractTest test
- MOD: Changed class2.php's $sql variable to be hinted as an e_db instead of e_db_mysql
- FIX: Don't redefine MYSQL_* constants in e_db_pdo_class.php
- FIX: e_db_mysql::rowCount() could try to use mysql_num_rows() to count rows of a non-resource
- FIX: e_db_mysql::delete() stores the number of deleted rows in e_db_mysql::$mySQLrows
- FIX: e_db_abstractTest::testDb_Query() was fetching in PDO mode but shouldn't have been
- FIX: Typos in e_db_abstractTest::testDelete()
- MOD: Moved PDO-exclusive testBackup() from e_db_abstractTest to e_db_pdoTest
- FIX: e_db_mysqlTest now works in PHP 5.6 if the main e_db instance was in PDO mode but the test
class initializes in legacy mode
- MOD: e_db_mysqlTest now asserts that PDO mode is not in use
- FIX: e_db_mysqlTest::testGetServerInfo() should now actually get a version number
- FIX: e_db_mysqlTest::testGetLastErrorNumber() has a different error code compared to PDO
- FIX: e_db_mysqlTest::testEscape() should actually get something from mysql_real_escape_string()
- FIX: Silenced compact() in e107Test::testInitCore()
- FIX: Null check in e_db_pdo::makeTableDef()
- FIX: Null check in e_db_mysql::makeTableDef()
- FIX: userlogin::login() had this warning on line 148:
"continue" targeting switch is equivalent to "break". Did you mean to use "continue 2"?
- FIX: Null check during child recursion of e_tree_model::flattenTree()
- FIX: TreeModelTest::testTreeParentsAreAssignedCorrectly() apparently never worked until now because the wrong index was used
- FIX: e107::getTemplate() could be run without the necessary plugin LANs
- FIX: e107Test::testGetInstance() included e107_config.php too many times
- FIX: Empty check in e107Test::testGetTemplate()
- MOD: e107::getTemplate() now accepts blank strings for the plugin name to mean
that a core template should be loaded
- FIX: e_form::progressBar() now supports input values that already have % at the end
- FIX: Null check for $options['list'] in e_form::progressBar()
- NEW: Test rounding in e_formTest::testProgressBar()
- FIX: Do not redefine e_ADMIN_AREA in parser.php
- FIX: Null checks for e107TinyMceParser
- FIX: Array type check for e_bbcode::imgToBBcode()
- FIX: Optional query string in e_parse::thumbUrlDecode()
- FIX: Don't redefine TINYMCE_UNIT_TEST
- FIX: e107::coreLan() now loads the lan_admin.php file if the $admin argument is true
- FIX: Variable scope of $eplug_folder in e107plugin::uninstall()
- FIX: isset() check order in pluginsTest::makePluginReport()
- FIX: class2.php: Missing ADMINPERMS constant in CLI mode
Fixes: #4054
This is a better fix for #4054. HTML code injection can no longer occur in URLs generated by
e107::url() thanks to htmlspecialchars(). The previous implementation only addressed:
& => &
Now, quotation marks and alligator brackets are also escaped, so:
<a href=""></html>"></a>
is now rendered as:
<a href=""></html>"></a>
- FIX: e107::url() now puts "&" in the query string instead of "&" for compliance with the older,
looser definition of ambiguous ampersands in the HTML specification.
Fixes: #4054
- FIX: Typo in comment
- FIX: Clear the core/e107/addons/e_url registry (cache) because if a plugin is installed after that
cache is initialized, the cache is not updated anymore. The plugin's e_url is therefore not
loaded, so SEF URLs won't be generated for that plugin until the cache is regenerated.
- NEW: Test for #4054
- FIX: e_pluginTest::testGetFields() expects the initial condition of the "forum" plugin to be
uninstalled.
Increased possible random strings for unique fields in e_db_pdo::copyRow() from 1000 to 59^11 (UserHandler::generateRandomString() "alphanumeric" should have 59 characters to choose from)
If a collision still happens, e_db_pdo::copyRow() retries up to 3 times for a successful copy.
Fixes: #3678
- MOD: PHPDoc for e_file::unzipGithubArchive()
- NEW: e_file::unzipGithubArchive(): Added exclusions for files that don't exist in production
- NEW: e_file::unzipGithubArchive(): Accept a destination path argument for a custom extraction location
- NEW: Restored unimplemented skipped list in e_file::unzipGithubArchive()
- FIX: e_file::unzipGithubArchive(): Extraction fails if parent directory of file doesn't exist
- MOD: Type hint for Base::$deployer
- NEW: Basic test for e_file::unzipGithubArchive()
e_LEGACY_MODE caused the query results from e_db_pdo and e_db_mysql to return different styles (MYSQL_BOTH and MYSQL_ASSOC, respectively).
To resolve this inconsistency, e_LEGACY_MODE has been removed from the e107 core.
