- FIX: Silenced compact() in e107Test::testInitCore()
- FIX: Null check in e_db_pdo::makeTableDef()
- FIX: Null check in e_db_mysql::makeTableDef()
- FIX: userlogin::login() had this warning on line 148:
"continue" targeting switch is equivalent to "break". Did you mean to use "continue 2"?
- FIX: Removed pointless (and invalid) destructor in LinkedIn::__destruct()
- FIX: All files that trigger this deprecation notice in PHP 7.4:
"Array and string offset access syntax with curly braces is deprecated"
- FIX: Null check during child recursion of e_tree_model::flattenTree()
- FIX: TreeModelTest::testTreeParentsAreAssignedCorrectly() apparently never worked until now because the wrong index was used
- FIX: e107::getTemplate() could be run without the necessary plugin LANs
- FIX: e107Test::testGetInstance() included e107_config.php too many times
- FIX: Empty check in e107Test::testGetTemplate()
- MOD: e107::getTemplate() now accepts blank strings for the plugin name to mean
that a core template should be loaded
- FIX: e_form::progressBar() now supports input values that already have % at the end
- FIX: Null check for $options['list'] in e_form::progressBar()
- NEW: Test rounding in e_formTest::testProgressBar()
- FIX: Do not redefine e_ADMIN_AREA in parser.php
- FIX: Null checks for e107TinyMceParser
- FIX: Array type check for e_bbcode::imgToBBcode()
- FIX: Optional query string in e_parse::thumbUrlDecode()
- FIX: Don't redefine TINYMCE_UNIT_TEST
- FIX: e107::coreLan() now loads the lan_admin.php file if the $admin argument is true
- FIX: Variable scope of $eplug_folder in e107plugin::uninstall()
- FIX: isset() check order in pluginsTest::makePluginReport()
- FIX: class2.php: Missing ADMINPERMS constant in CLI mode
\Helper\Unit::_beforeSuite() now sets E107_DEBUG_LEVEL so that
debug_handler.php sets the debug mode.
Also fixed E_NOTICE if E107_DEBUG_LEVEL is set beforehand
error_handler now only runs set_error_handler in web mode.
E_ALL notices, warnings, and errors are now reported, which causes
the test harness to fail.
Fixes: #4054
This is a better fix for #4054. HTML code injection can no longer occur in URLs generated by
e107::url() thanks to htmlspecialchars(). The previous implementation only addressed:
& => &
Now, quotation marks and alligator brackets are also escaped, so:
<a href=""></html>"></a>
is now rendered as:
<a href=""></html>"></a>
