comparison docs/CHANGES @ 1767:df2e76ac7dee

updated CHANGES with 1.5 changelog
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Tue, 30 Jan 2007 23:06:56 +0100
parents 6e438de156d9
children 009e73eabc21
comparison
equal deleted inserted replaced
1766:2e640592bfd1 1767:df2e76ac7dee
460 identified as a spider (e.g. search engine bot) and do nothing in that 460 identified as a spider (e.g. search engine bot) and do nothing in that
461 case. Normal users won't see any difference. 461 case. Normal users won't see any difference.
462 * For AttachFile, you can now choose to overwrite existing files of same 462 * For AttachFile, you can now choose to overwrite existing files of same
463 name (nice for updating files). 463 name (nice for updating files).
464 464
465 Bugfixes:
466 * XSS Fixes:
467 * fixed unescaped page info display.
468 * fixed unescaped page name display in AttachFile, RenamePage and
469 LocalSiteMap actions
470 * WantedPages listed existing pages that are not readable for the user,
471 but are linked from pages that ARE readable for the user (so this is NOT
472 a privacy/security issue). We now don't list those pages any more as it
473 is pointless/confusing, the user can't read or edit there anyway.
474 * MoinMoin:MoinMoinBugs/TableOfContentsUsesNonExistingIncludeLinks
475 * MoinMoin:MoinMoinBugs/ActionsExcludedTriggerError
476 * GUI editor/converter:
477 * ignore <col>/<colgroup>/<meta> elements
478 * support <a> within blockquote
479 * Remove generated=... attribute from pagelink html output (this attr is
480 for internal use only). w3c validator is now happier again.
481 * Fixed css class "userpref" (not: "userprefs") of the Login form.
482 * Fixed the version number check in the xslt parser for 4suite >= 1.0.
483 * We reset the umask to the wanted value every request. This should fix
484 wrong file modes when used with Twisted (twistd uses a hardcoded 0077
485 umask in daemonize()).
486 * Avoid trouble when saving pages with antispam function when MoinMaster
487 wiki is having troubles (catch xmlrpc Fault).
488
489 Other changes:
490 * Standalone server does not do reverse DNS lookups any more (this is a
491 standard feature of BaseHTTPServer stdlib module, but we override this
492 now and just print the IP).
493 * We moved the IE hacks to theme/css/msie.css that gets included after all
494 other css files (but before the user css file) using a conditional
495 comment with "if IE", so it gets only loaded for MSIE (no matter which
496 version). The file has some standard css inside (evaluated on all MSIE
497 versions) and some * html hacks that only IE < 7 will read.
498 HINT: if you use custom themes, you want to update them in the same way.
499 * Improved ldap auth:
500 * cfg.ldap_name_attribute was removed because of new cfg.ldap_filter.
501 If you had ldap_name_attribute = 'sAMAccountName' before, just use
502 ldap_filter = '(sAMAccountName=%(username)s)' now.
503 * New cfg.ldap_filter used for the ldap filter string used in the ldap
504 search instead of the rather limited, partly hardcoded filter we used
505 before. This is much more flexible:
506 ldap_filter = '(sAMAccountName=%(username)s)'
507 You can also do more complex filtering expressions like:
508 '(&(cn=%(username)s)(memberOf=CN=WikiUsers,OU=Groups,DC=example,DC=org))'
509 * Added some processing to filter out result entries with dn == None.
510 * We set REFERRALS option to 0 before initializing the ldap server
511 connection (this seems to be needed for Active Directory servers).
512 * We support self-signed ssl certs for ldaps - completely untested.
513 * New cfg.ldap_surname_attribute (usually 'sn'), was hardcoded before.
514 * New cfg.ldap_givenname_attribute (usually 'givenName'), hardcoded before.
515 * New cfg.ldap_aliasname_attribute (usually 'displayName').
516 * For setting up moin's aliasname, we first try the ldap_aliasname_attribute
517 and in case that fails, we use givenname and surname to make it up.
518 * We only request the attributes we need from ldap (was: all attrs).
519 * We deny user login (and break out of auth chain) for the following cases:
520 * if a user is not found by ldap lookup
521 * if we find more than one matching entry
522 * if the password is empty or incorrect
523 * if some exception happens
524 * Please note that there is an updated ldap sample config in directory
525 wiki/config/more_samples/.
526 * Work around a IE7 rendering problem with long pages getting more and
527 more narrow. We just applied the same "fix" as we used for IE6, using
528 "display: none" for span.anchor for IE browsers.
529 * RSS feed related:
530 * We used to emit a <link> tag for the action=rss_rc RSS feed on any
531 page. This was changed, we now emit that link only on RecentChanges and
532 the current user's language translation of RecentChanges.
533 This was changed because Google Toolbar requests the RSS feed linked
534 by such a link tag every time it sees one. Thus, if you used the wiki
535 normally, it requested the RSS feed every few seconds and caused
536 problems due to surge protection kicking in because of that.
537 * HINT for custom theme users: if your theme code calls
538 rsslink(), then you need to change that to rsslink(d) for 1.5.7+.
539
540
465 Version 1.5.6: 541 Version 1.5.6:
466 A general security notice: 542 A general security notice:
467 Check your Python version, there was a buffer overflow issue in Python 543 Check your Python version, there was a buffer overflow issue in Python
468 recently! Details: http://moinmoin.wikiwikiweb.de/PythonUnicodeEscapeBug 544 recently! Details: http://moinmoin.wikiwikiweb.de/PythonUnicodeEscapeBug
469 545