2016-jun-16 - COMPAT BUSTER: PEAR::Log required for logentry() function to work
2014-May-23 - "attributes" are removed (essentially user variables stored in the db)
2012-Jul-12 - SECURITY: added call to sessionregenerateid() to login.php to protect against possible 'session fixation' attack. @see https://www.owasp.org/index.php/TestingforSessionFixation%28OWASP-SM-003%29 2012-Apr-09 - FEATURE: displayredirectpage() now accepts an array of stylesheet URIs which will have the SKINURL define prepended to them before being added to the html_page2 instance via addStyleSheet().
2012-Jan-03 - FEATURE: custom session handler using pgsql as datastore
FEATURE: additional "google friendly" url rewrite rules, this time for gfiles, have been added to the htaccess file
BUGFIX: fixed poll.php so it uses absolute instead of relative urls. in some cases, changed the urls so they are in "google friendly" format. this change makes some of the menu options and redirects actually function properly again.
BUGFIX: fixed gfile.php so it uses absolute instead of relative urls. in some cases, changed the urls so they are in "google friendly" format. this change makes some of the menu options and redirects actually function properly again.
BUGFIX: close a small hole in aolbonics module regarding partial searches which may allow an sql-injection attack.
COMPATBUSTER: go into common.php and adjust the function getsmarty() to suit. pay particular attention to the compile_dir property of the object being returned. I changed this value to point to a filesystem that is not mounted via nfs and noticed the template performance go up quite a bit. it's a compatability buster because the named directory has to be created by the sysadmin in order for things to work properly.
FEATURE: rewrite rules have been added to present a more "search engine friendly" set of links.
CLEANUP: updated poll module to use more "modern" techniques.
FEATURE: beginnings of integration of a WYSIWYG editor called "tinyMCE" into the system.
COMPATBUSTER: php5 is now required to use bbsengine because it now uses XMLFeedParser for parsing rss/atom/etc feeds.
FEATURE: make use of PEAR::HTML_Menu in displaysidebar()
SECURITY: preparestring() calls htmlentities() on all user input. this should make the code invulnerable to xss-type attacks, but I would appreciate an email if it is proven to not be effective enough. please be specific regarding which modules (or applications) are vulnerable.
CLEANUP: updated Makefile in templates directory
SECURITY: tightened up database permissions for the "www" group. thanks to folks on postgresql (freenode) for pointing out how much of a security risk this issue is.
BUGFIX: fixed a bug in rssfeed.php that was not correctly handling the "title" field. fixed another minor bug that displayed the form incorrectly because it was wrapped in the "leftcontent" div.
CLEANUP: moved validatecaptcha() from post.php and comment.php to common.php. this is so the code will be consistent and bugs only need to be fixed once. all that needs to be done to have CAPTCHA support is (1) put a form rule in the right place and point it to this function (2) add two fields to the form in question.. see post.php for an example.
CLEANUP: squashed a notice from php in the news.php module.
DOCS: updated INSTALL.txt and UPGRADE.txt
COMPAT: made proper use of references so that all code is compatible with php4. note that in php5 this calling convention is no longer needed, and in php6 it "might" become a fatal error. thanks to CelloG on #pear (efnet) for explaining this to me clearly.
CLEANUP: changed view mode of member.php so it uses a frozen form instead of a separate template.
FEATURE: changed article.tmpl show it shows what SIG an article has been posted in, if any.
CLEANUP: changed view mode of newscategory.php so it uses a frozen form instead of a separate template.
CLEANUP: note that forum.php and common_sig.php are going to be removed soon
CLEANUP, COMPATBUSTER: the poll table has had some fields added which the latest version of the library will take advantage of. there are some notes in UPGRADE.txt that will help bring the database up to date.
CLEANUP, COMPATBUSTER: the link table has had some constraints added which might throw errors if an old version of bbsengine is being upgraded. these issues can be resolved with a simple update query that is documented in UPGRADE.txt.
thanks to indigo on #postgresql (freenode) for assistance with adding a primary key on the mapmemberattribute table and a query that returns attributes for a specific member id.
fixed up some of the templates so they will work properly. in addition, removed some print statements from the php code.
changed view mode in link.php so it freezes the form instead of using link-view.tmpl.
all modules now make use of the new getsmarty() function instead of making the smarty instance by hand. this change allows a bit more flexibility in terms of what variables are available to all templates and where they can be stored.
added use of CAPTCHA to protect article comments and sig posts. the file "army.ttf" (or some other TrueType font) will need to be acquired and installed to the proper directory before this will work properly.
added smarty modifier that parses text through wppropeval. you'll need to install modifier.wpprop.php to a place where smarty can find it. see the file zoid.php and the append to the plugins_dir array in order to configure for your setup.
removed several print statements that did nothing more than print out a div tag with the 'leftcontent' class. the same functionality has been put into the templates which is where it should have been to begin with.
fixed some bugs regarding deleting and editing a sig.
fixed a bug regarding editing an existing post.
getsmarty() API function added to zoid.php
bbsengine aims to be a reasonably secure and feature-rich Web Application Platform that builds upon PHP, Postgresql, PEAR and the Smarty Template Engine. It can be used to build intranets, extranets, portals, "interactive business cards", "blogs" or other custom applications.
"forums" have been replaced with a feature that allows a post to go into any sig what-so-ever.
posts can now be marked "sticky" and/or "frozen". "sticky" means a post will appear at the top of a listing and "frozen" means no further replies to a post are possible. thanks to janet and rhk for their assistance with these features.
new "preferences" system (lib/commonpref.php) for members inspired by AuthPrefManager1, Auth_PrefManager2 from PEAR.
new preparestring() implementation that does not throw the kitchen sink at user input and hope for the best. testing to be sure that this change has not broken things is appreciated.
new "sidebar.tmpl" which, well, displays the sidebar on most pages of the system. this change is part of a project to virtually eliminate print statements from the php code and move all display operations into Smarty Templates.
this release has been tested with php 5.0.4 and might work with older versions.
'root' is no longer be required for a 'make install'.
API documentation is improving, but still needs work.
wpprop code for images ([img]) has been temporarily disabled for security reasons.
The css file has been cleaned up quite a bit, and the default theme is a little more interesting (in my opinion)
more of the output is xhtml compliant but this process is not yet complete.
new module, "rssfeed.php" and a poller script suitable for running from crontab that grabs rss feeds from remote locations and stores them in the system's database. the poller script is written in python and will also require the postgresql-python rpm to be installed.
the upgrade.py script is NOT fully tested and it may not work properly. please test it and let me know if there are any problems.
backend.php generates an xml file suitable for a mozilla "live bookmark", or it can be added to your rss reader.
made a fix to post.php which prevents anonymous users from editing anonymous posts.
this release has been tested with Smarty 2.6.12 and found to be working. please use at least that version with this code.
anonymous users can no longer edit or delete anonymous posts.
various modules now use DB's autoExecute() instead of making up the queries by hand. in theory this will make use of databases other than pgsql more likely and it should also improve performance.
a member password can no longer be the same as the handle.
changed various modules to use PEAR's Pager and a Smarty template (or two) for summaries instead of the previous implementation methods which are not nearly as clean.
the poll module requires the GD extension to render results correctly. I'm currently using the php-gd-5.0.4-10.5 rpm on a fedora core 4 installation.
changed the permissiondenied() function to it sets a "403" http status code instead of 200 (OK). see http://en.wikipedia.org/wiki/ListofHTTPstatuscodes for the list of status codes.
new directoryindex.php module for file listings. note that this module is custom to the specific set up on www.zoidtechnologies.com and will have to be modified a bit to get it working properly.