The site-wide social login system is now backwards-compatible with how
the social_login_active core pref worked since commit
3b2d8333b6.
social_login_active's least significant bit is now treated as a global
bit, so if it's not set, no other bits are allowed to be set. This
un-breaks all existing checks for whether social_login_active is empty.
Except in themes, the social_login_active check has been replaced with
an e_user_provider API to check if social login is enabled site-wide.
- MOD: Replaced e107::getPref('social_login') with
SocialLoginConfigManager::getValidConfiguredProviderConfigs()
- FIX: signup_shortcodes updated with new social login providers
- MOD: e107::filter_request() code de-duplication: HTTP 400 exits
- MOD: Deprecated e107::getHybridAuth() to discourage direct access to
third-party dependency Hybridauth
- FIX: Updated e_user_provider for Hybridauth 3
- FIX: e_user::tryProviderSession() and Hybridauth 3
- NEW: Dynamic auth provider support in social_adminarea
- NEW: Database migration for social plugin's social_login pref
- NEW: Added \e107\Shims\Internal\StrptimeTrait, which implements PHP internal function
strptime(). On not-Windows, the built-in function is called. If that function fails
or if the operating system is Windows, the alternative pure PHP implementation is
attempted. The first successful call is returned, or false if none are successful.
- MOD: Deprecated e_date::strptime() in favor of eShims::strptime()
- FIX: License misatributed for e_date::strptime() (now eShims::strptime()). The library
used was public domain, not CC BY-NC-SA 2.0 FR by Lionel Sauron.
- MOD: Removed STRPTIME_COMPAT constant now that eShims::strptime() exists
- MOD: Removed support for calling e_date::strptime() with:
- a localized full month name
- a localized abbreviated month name
- AM or PM
- am or pm
because these features were only implemented in Windows mode (STRPTIME_COMPAT).
- MOD: php_compatibility_handler.php now defines global strptime() using the
eShims::strptime() implementation
- NEW: Test all(?) the possibilities of eShims::strptime()
codecept_output_dir() might not exist when the PHP-serialized coverage
report is being generated. phpunit/php-code-coverage >= 6.0.8 fix this
by creating that directory before writing the coverage report.
PHP 5.6 can only get phpunit/php-code-coverage up to version 4.0.8,
which does not have this fix. A workaround has been introduced in this
commit to allow PHP-serialized coverage reports to be stored with PHP
5.6.
- MOD: Silently ignore failures to e_db_mysql::close(); if it's failing, it's probably already closed
- FIX: Close the PDO or mysqli connection after each e_db_abstractTest test
- MOD: Changed class2.php's $sql variable to be hinted as an e_db instead of e_db_mysql
- FIX: Don't redefine MYSQL_* constants in e_db_pdo_class.php
- FIX: e_db_mysql::rowCount() could try to use mysql_num_rows() to count rows of a non-resource
- FIX: e_db_mysql::delete() stores the number of deleted rows in e_db_mysql::$mySQLrows
- FIX: e_db_abstractTest::testDb_Query() was fetching in PDO mode but shouldn't have been
- FIX: Typos in e_db_abstractTest::testDelete()
- MOD: Moved PDO-exclusive testBackup() from e_db_abstractTest to e_db_pdoTest
- FIX: e_db_mysqlTest now works in PHP 5.6 if the main e_db instance was in PDO mode but the test
class initializes in legacy mode
- MOD: e_db_mysqlTest now asserts that PDO mode is not in use
- FIX: e_db_mysqlTest::testGetServerInfo() should now actually get a version number
- FIX: e_db_mysqlTest::testGetLastErrorNumber() has a different error code compared to PDO
- FIX: e_db_mysqlTest::testEscape() should actually get something from mysql_real_escape_string()
- FIX: Silenced compact() in e107Test::testInitCore()
- FIX: Null check in e_db_pdo::makeTableDef()
- FIX: Null check in e_db_mysql::makeTableDef()
- FIX: userlogin::login() had this warning on line 148:
"continue" targeting switch is equivalent to "break". Did you mean to use "continue 2"?
- FIX: Null check during child recursion of e_tree_model::flattenTree()
- FIX: TreeModelTest::testTreeParentsAreAssignedCorrectly() apparently never worked until now because the wrong index was used
- FIX: e107::getTemplate() could be run without the necessary plugin LANs
- FIX: e107Test::testGetInstance() included e107_config.php too many times
- FIX: Empty check in e107Test::testGetTemplate()
- MOD: e107::getTemplate() now accepts blank strings for the plugin name to mean
that a core template should be loaded
- FIX: e_form::progressBar() now supports input values that already have % at the end
- FIX: Null check for $options['list'] in e_form::progressBar()
- NEW: Test rounding in e_formTest::testProgressBar()
- FIX: Do not redefine e_ADMIN_AREA in parser.php
- FIX: Null checks for e107TinyMceParser
- FIX: Array type check for e_bbcode::imgToBBcode()
- FIX: Optional query string in e_parse::thumbUrlDecode()
- FIX: Don't redefine TINYMCE_UNIT_TEST
- FIX: e107::coreLan() now loads the lan_admin.php file if the $admin argument is true
- FIX: Variable scope of $eplug_folder in e107plugin::uninstall()
- FIX: isset() check order in pluginsTest::makePluginReport()
- FIX: class2.php: Missing ADMINPERMS constant in CLI mode
\Helper\Unit::_beforeSuite() now sets E107_DEBUG_LEVEL so that
debug_handler.php sets the debug mode.
Also fixed E_NOTICE if E107_DEBUG_LEVEL is set beforehand
error_handler now only runs set_error_handler in web mode.
E_ALL notices, warnings, and errors are now reported, which causes
the test harness to fail.
Fixes: #4054
This is a better fix for #4054. HTML code injection can no longer occur in URLs generated by
e107::url() thanks to htmlspecialchars(). The previous implementation only addressed:
& => &
Now, quotation marks and alligator brackets are also escaped, so:
<a href=""></html>"></a>
is now rendered as:
<a href=""></html>"></a>
