author Thomas Waldmann <tw AT waldmann-edv DOT de>
Thu, 01 Jun 2017 18:10:19 +0200
changeset 6133 a6283e189869
parent 6132 df65dcf7daea
permissions -rw-r--r--
fixup: remove nonexisting passlib.utils._blowfish

this was removed by the passlib 1.7.1 upgrade.
     1 MoinMoin Version History
     2 ========================
     4 Please note: Starting from the MoinMoin version you used previously, you
     5 should read all more recent entries (or at least everything marked with HINT).
     7 This release has known bugs (see MoinMoin:MoinMoinBugs), but we think it is
     8 already better than the previous stable release. Our release policy is not
     9 trying to make a "perfect release" (as that release might NEVER get released),
    10 but to make progress and don't delay releases too much.
    12 Known main issues:
    14   * The GUI WYSIWYG editor has still some issues and limitations.
    15     If you can't live with those, you can simply switch it off by using:
    16     editor_force = True
    17     editor_default = 'text'  # internal default, just for completeness
    19 Version 1.9.10rc1 2017-06-xx
    21   Fixes:
    22   * fix wrong digestmod of calls (incorporate 1.9.9 patch)
    24   Other changes:
    25   * upgrade werkzeug to 0.12.2
    26   * upgrade passlib to 1.7.1
    29 Version 1.9.9 aka "The undead MoinMoin Halloween Release" 2016-10-31
    31   SECURITY HINT: make sure you have allow_xslt = False (or just do not use
    32   allow_xslt at all in your wiki configs, False is the internal default).
    33   Allowing XSLT/4suite is very dangerous, see HelpOnConfiguration wiki page.
    35   HINT: Python 2.7 is required! See docs/REQUIREMENTS for details.
    37   Fixes:
    38   * security: fix XSS in AttachFile view (multifile related) CVE-2016-7148
    39   * security: fix XSS in GUI editor's attachment dialogue CVE-2016-7146
    40   * security: fix XSS in GUI editor's link dialogue CVE-2016-9119
    41   * catch IOError for zipfile errors (sometimes triggered by zipfile.is_zipfile
    42     false positives, see ).
    44   Other changes:
    45   * update moin.spec, py27 only
    48 Version 1.9.9rc1:
    50   Fixes:
    51   * add meta "viewport" for small device viewports
    52   * add meta X-UA-Compatible IE=Edge, make IE happy on intranets
    54   New features:
    55   * AttachFile multifile operation: support copying multiple files to another page
    56   * cfg.xmlrpc_overwrite_user is a new setting to control whether the xmlrpc
    57     code overwrites an already authenticated user before processing a request.
    58     True (default): behaviour as in 1.9.8 and before
    59     False: use this if you want to use GivenAuth (e.g. http basic auth) for
    60            xmlrpc requests.
    62   Other changes:
    63   * upgraded bundled 3rd party code:
    64     * werkzeug 0.11.11
    65     * passlib 1.6.5
    66     * pygments 2.1.3
    67     * parsedatetime 2.1
    68     * FCKEditor 2.6.11
    69   * removed some bundled stuff we needed due to stdlib issues in older Pythons:
    70     *
    71     *
    72     * (-> email.header)
    73   * SubProcess: reimplement exec_cmd, remove our stdlib hacks
    74   * remove own usage of python_compatibility module which we needed to support
    75     older Pythons. the module is still there, in case some 3rd party moin
    76     extensions used it.
    79 Version 1.9.8:
    80   New features:
    81   * cfg.recovery_token_lifetime to determine how long the password recovery
    82     token will be valid, default is 12 [h]. Check this setting to be adequate
    83     before doing (global) password resets, so your users have enough time to
    84     react before the toke times out!
    85   * cfg.log_events_format can be used to configure the format of the records
    86     written to <data_dir>/event-log:
    87     0 = dot not create event-log entries (saves disk space, disk I/O)
    88     1 = standard (like in moin <= 1.9.7) [default]
    89     2 = extended (add infos about username, wikiname, url)
    90   * add a tool to output the contents of the event-log to CSV:
    91     moin export eventlog --file=output.csv
    92     Output encoding is utf-8, columns are in this order:
    93     time, event, username, ip, wikiname, pagename, url, referrer, ua
    94     time: UNIX timestamp (float)
    95   * reimplement cfg.log_timing - if True, emits INFO level log output like:
    97     TIME is in seconds, the slowness indicator is "." for sub-second requests
    98     or N times "!" for requests taking N seconds (so you easily can grep for
    99     slow stuff).
   100   * add "abuse" logging. this will log every attempt to login (successful ones
   101     as well as unsuccessful ones). abuse logging is configured via the logging
   102     configuration, see example in wiki/config/logging/abuse.
   103     Currently, abuse logging is implemented for:
   104     * authentication system
   105       * "moin" auth
   106       * "given" auth
   107       * setuid (when superuser switches to another user)
   108     * new user creation
   109     * some security/ACL violations (xmlrpc and perhaps others not implemented)
   110   * surge protection for authentication (currently only for MoinAuth):
   111     a) surge protect by IP
   112        This covers the case someone is trying to authenticate way too
   113        often - we don't look at the username here, just at the remote IP
   114        address. If surge protection kicks in for some specific IP, that IP
   115        won't be able to try to authenticate any more until surge_lockout_time
   116        is over.
   117        Note: be careful with users behind proxies or NAT routers - these are
   118              common and legitimate cases with (potentially lots of)
   119              authentication requests coming from same IP.
   120              if it is a trusted proxy, you can configure moin so it sees the
   121              real remote IP address (not just the proxy's address).
   122     b) surge protect by name
   123        This covers the case someone is trying to authenticate for a
   124        specific user name way too often (e.g. when someone tries to attack the
   125        wiki admin's account). We don't look at the IP here, just at the user
   126        name. If surge protection kicks in for some specific user name, that user
   127        name will not be able to try to authenticate any more until
   128        surge_lockout_time is over.
   129        Note: this even covers widely distributed attacks against a user, but
   130              you should only enable this if you are aware that the "real" user
   131              also won't be able to authenticate while surge protection is active
   132              (at least not using the account for that specific username).
   133              Thus, there is some denial-of-service danger with this if the
   134              attacker can guess or find your valid user names (which isn't too
   135              difficult if your wiki is publicly readable).
   136              This is bad, but technically hard to avoid.
   137     Configuration (allowing 10 authentication attempts per hour):
   138         surge_action_limits = {
   139             # ...
   140             'auth-ip': (10, 3600),  # same remote ip (any name)
   141             'auth-name': (10, 3600),  # same name (any remote ip)
   142          }
   143   * backlinks performance tuning: the pagename in the theme has historically
   144     been used to trigger a "linkto:ThisPage" search. While this is a nice
   145     feature for human users of the wiki (esp. on category pages), it has one
   146     big issue: as it is a normal link, stupid crawlers (ignoring "nofollow")
   147     follow it and cause a lot of unneccessary load.
   149     What moin shows in that "backlinks" place can now be configured in your
   150     wiki config:
   152     # always render the backlink as in moin < 1.9.8 (bad bots causing high load!):
   153     backlink_method = lambda cfg, req: 'backlink'
   155     # always render a simple link to same page, as in moin 2.0:
   156     backlink_method = lambda cfg, req: 'pagelink'
   158     # logged-in users get the backlink, anon users/bots get a pagelink (default):
   159     backlink_method = lambda cfg, req: 'backlink' if req.user.valid else 'pagelink'
   161     # logged-in users get the backlink, anon users/bots get simple text:
   162     backlink_method = lambda cfg, req: 'backlink' if req.user.valid else 'text'
   163   * AbandonedPages macro: check user agent to reduce load caused by bots
   164   * RSS feed: check for bots and rather give them empty results than waste a
   165     lot of time with them
   166   * ldap_auth: support placeholders for basedn also, e.g. you could use:
   167     base_dn='uid=%(username)s,ou=people,dc=company,dc=com'
   168   * move or delete multiple attachments (see checkboxes and buttons on the
   169     AttachFile view). Be careful: in the same way as you could delete a single
   170     attachment with one click, you can now delete all attachments of a page
   171     with one click (we don't ask for a 2nd confirmation, so think first).
   172   * mailimport: use relative attachment link markup instead of absolute links,
   173     enables some page renaming operations without needing to edit the markup.
   174   * better caching and lookup optimizations for userprofile data:
   175     * name, email, jid, openids -> userid lookups
   176     * page subscriptions for notifications (as a consequence, determination of
   177       subscribers when a page is saved is much faster now, esp. for wikis with
   178       many users) - see also MoinMoinBugs/GetSubscribersSlow
   179   * Notification template strings are now configurable via cfg.mail_notify_...
   180     * page_text (this puts together the pieces for the mail body, used for all
   181       changed / deleted / renamed page mail notifications)
   182     * page_changed_subject, page_changed_intro
   183     * page_deleted_subject, page_deleted_intro
   184     * page_renamed_subject, page_renamed_intro
   185     * att_added_subject, att_added_intro
   186     * att_removed_subject, att_removed_intro
   187     * user_created_subject, user_created_intro
   188     * Best is to read HelpOnConfiguration and look at MoinMoin.config.multiconfig
   189       to see the help text and the defaults.
   190     * The defaults are chosen to be the same as the old hardcoded values, so the
   191       translations keep working.
   192     * If you overwrite the strings in your configuration moin will still try to
   193       translate your strings, but it will only find translations if you add them
   194       to the gettext catalogs, too.
   195     * Examples:
   197       a) notification mail body: you don't want the rendered diff, you don't
   198          want to link to the diff, but to the full page view on your wiki.
   200       # original (default) value
   201       mail_notify_page_text = '%(intro)s%(difflink)s\n\n%(comment)s%(diff)s'
   202       # put this in your wiki config
   203       mail_notify_page_text = '%(intro)s%(pagelink)s\n\n%(comment)s'
   205       b) notification mail subject:
   206       # original (default) value
   207       mail_notify_page_changed_subject = '[%(sitename)s] %(trivial)sUpdate of "%(pagename)s" by %(username)s'
   209       c) notification mail intro:
   210       # original (default) value
   211       mail_notify_page_changed_intro = \
   212           ("Dear Wiki user,\n\n"
   213            'You have subscribed to a wiki page or wiki category on "%(sitename)s" for change notification.\n\n'
   214            'The "%(pagename)s" page has been changed by %(editor)s:\n')
   216       Note: if you change "*_page_changed_*", you likely also want to change
   217       "*_page_deleted_*" and "*_page_renamed_*", maybe even "*_att_added_*"
   218       and "*_att_removed_*".
   220   Fixes:
   221   * security fix: XSS in useragents stats
   222   * do not create empty pagedirs (with empty edit-log). To clean up all the
   223     trash pagedirs, use moin ... maint cleanpage.
   224   * page rename/delete, attachment add/remove email notifications work now
   225     (somehow we had an event for this, but no code handling it)
   226   * AttachFile do=get and do=view: send 404 status if file does not exist
   227   * link rel="Alternate" links: rather use page.url than request.href, so
   228     url_prefix_action gets used for the (print and raw) action URLs
   229   * fixed wrong detection of UI language from accept-language header for not
   230     logged-in users if the language identifier there was (partially) uppercase.
   231   * fix Python 2.7.4/5 compatibility issue with rss_rc action using handler._out
   232   * fix "moin import wikipage" timestamp confusion
   233   * use 302 http status for #redirect as some clients cache 301 redirects, but
   234     the #redirect might get changed or removed later (so it should not be
   235     cached and we also can't really say it is permanent)
   236   * fix crash when macro names contain non-ascii chars
   237   * CopyPage action: fix NameError exception when TextCha was answered wrong
   238   * docbook formatter: fix image URL generation, avoid script name duplication
   239   * fix caching scope of name2id/openid2id caches (was: "wiki", now:
   240     "userdir"). this is relevant for shared user_dir configurations.
   241   * moin maint cleancache: cleans up openid2id cache now also
   242   * "userdir" caching scope used for userid lookup caches (the previously used
   243     name2id cache with "wiki" caching scope could have outdated data if you
   244     share the user_dir between multiple wikis)
   245   * catch "filename too long" exception if some crap URL refers to a too long
   246     pagename that the filesystem can not represent. It is treated like a not
   247     existing page then, so you don't get a traceback in your log file.
   249   Other changes:
   250   * rss_rc action (RSS feed) is now much faster / much less resource consuming
   251     when requested for a specific single page. As we have a link to this in
   252     every page's html output, this likely also lightens the load caused by bots
   253     and search engine crawlers.
   254   * tuned - only open/read log if there is new stuff in it after
   255     last read position
   256   * improve python2.5 compatibility (with_statement)
   257   * add bingbot to ua_spiders
   258   * upgraded bundled werkzeug to 0.8.3
   259   * upgraded bundled passlib to 1.6.2
   260   * upgraded bundled pygments to 1.6
   263 Version 1.9.7:
   264   New features:
   265   * passlib support - enhanced password hash security. Special thanks go to
   266     the Python Software Foundation (PSF) for sponsoring development of this!
   268     Docs for passlib:
   270     If cfg.passlib_support is True (default), we try to import passlib and set
   271     it up using the configuration given in cfg.passlib_crypt_context (default
   272     is to use sha512_crypt with default configuration from passlib).
   274     The passlib docs recommend 3 hashing schemes that have good security, but
   275     some of them have additional requirements:
   276     sha512_crypt needs passlib >= 1.3.0, no other requirements.
   277     pbkdf2_sha512 needs passlib >= 1.4.0, no other requirements.
   278     bcrypt has additional binary/compiled package requirements, please refer to
   279     the passlib docs.
   281     cfg.password_scheme should be '{PASSLIB}' (default) to tell that passlib is
   282     wanted for new password hash creation and also for upgrading existing
   283     password hashes.
   285     For the moin code as distributed in our download release archive, passlib
   286     support should just work, as we have passlib 1.6.1 bundled with MoinMoin
   287     as MoinMoin/support/passlib. If you use some other moin package, please
   288     first check if you have moin AND passlib installed (and also find out the
   289     passlib version you have installed).
   291     If you do NOT want to (not recommended!) or can't use (still using python
   292     2.4?) passlib, you can disable it your wiki config:
   294         passlib_support = False  # do not import passlib
   295         password_scheme = '{SSHA}'  # use best builtin hash (like moin < 1.9.7)
   297     Please note that after you have used moin with passlib support and have user
   298     profiles with passlib hashes, you can't just switch off passlib support,
   299     because if you did, moin would not be able to log in users with passlib
   300     password hashes. Password recovery would still work, though.
   302     password_scheme always gives the password scheme that is wanted for new or
   303     recomputed password hashes. The code is able to upgrade and downgrade hashes
   304     at login time and also when setting / resetting passwords for one or all
   305     users (via the wiki web interface or via moin account resetpw script
   306     command).
   308     So, if you want that everybody uses strong, passlib-created hashes,
   309     resetting the passwords for all users is strongly recommended:
   310     First have passlib support switched on (it is on by default), use
   311     password_scheme = '{PASSLIB}' (also default), then reset all passwords.
   313     Same procedure can be used to go back to weaker builtin hashes (not
   314     recommended): First switch off passlib support, use password_scheme =
   315     '{SSHA}', then reset all passwords.
   317     Wiki farm admins sharing the same user_dir between multiple wikis must use
   318     consistent password hashing / passlib configuration settings for all wikis
   319     sharing the same user_dir. Using the builtin defaults or doing the
   320     configuration in is recommended.
   322     Admins are advised to read the passlib docs (especially when experiencing
   323     too slow logins or when running old passlib versions which may not have
   324     appropriate defaults for nowadays):
   328   * Password mass reset/invalidation support, see docs/resetpw/.
   329     This is useful to make sure everybody sets a new password and moin computes
   330     the password hash using the current configuration.
   332   * Customizable default password checker:
   333     Moin's default password checker used and still uses min_length=6 (minimum pw
   334     length) and min_different=4 (minimum count of different chars in the password).
   335     If you feel that you need to require better passwords from your users, you
   336     can customize it now like that in your wiki config:
   338     password_checker = lambda cfg, request, name, pw: multiconfig._default_password_checker(cfg, request, name, pw, min_length=10, min_different=7)
   340   * Removing/disabling inactive users (moin ... account inactive)
   341     Many wikis have a lot of inactive users, that never ever made a single edit.
   342     See help of the command for more details, be careful.
   343   * SystemAdmin user browser: show disabled user accounts at the bottom of
   344     the list
   345   * At startup, announce moin version and code path in log output (makes
   346     support and debugging easier).
   347   * AttachList: introduced search_term parameter (optional) for listing
   348     attachments filtered by a regular expression on their name.
   349   * sign release archive using GnuPG with the key of
   350     ID 31A6CB60 (main key ID FAF7B393)
   352   Fixes:
   353   * logging: if the logging config file can't be read, give a helpful error msg
   354   * logging: use info loglevel (not warning) for telling about using the builtin
   355     default logging config
   356   * moin script commands: warn if someone gave ... to the moin script, avoids a
   357     strange and unhelpful 'empty module name' error message
   358   * reorder html input fields in recoverpass form, to help browsers remember
   359     the user name and password (not erroneously the recovery token and password)
   360   * don't try to send password recovery email to user if email address in
   361     user profile is empty
   362   * cache action: fix 304 http status
   363   * rst parser: fix safe_import for level param in __import__ call of docutils 0.10
   364   * moin maint cleancache: also kill the i18n cache 'meta' pickle file
   365   * sendmail: catch unicode errors when E-Mail addr has non-ascii chars
   366   * redirect last visited: if last visited page is on same wiki, use a local
   367     redirect, do not compute via interwiki map (fixes https: usage)
   370 Version 1.9.6:
   372   Fixes:
   373   * fix remote code execution vulnerability in twikidraw/anywikidraw action
   374   * fix path traversal vulnerability in AttachFile action
   375   * fix XSS issue, escape page name in rss link
   376   * escape user- or admin-defined css url
   377   * make taintfilename more secure
   378   * use a constant time str comparison function to prevent timing attacks
   379   * Attachment handler: catch all Zip-related errors
   382 Version 1.9.5:
   384   Fixes:
   385    * Security fix: fix virtual group bug in ACL evaluation.
   386    * Avoid crash if #refresh processing instruction is used without arguments.
   387    * Fix issue with non-ASCII textchas.
   388    * Xapian indexing: remove copy.copy() that crashed on Windows/IIS/isapi-wsgi
   389      after page save.
   390    * Fix dictionary file reading crash under Windows.
   391    * Work around crash of AdvancedSearch macro rendering caused by non-ascii
   392      mimetypes.types_map entries.
   393    * Added migration script for moin 1.8.9.
   394    * rss_rc: Fix diffs added in RSS with diffs=1 (now they correspond to item
   395      listed in feed and not just last page diffs). Links generated with ddiffs=1
   396      also fixed.
   397    * rss_rc: fix double escaping issue.
   398    * rss_rc: respect show_names configuration option.
   399    * rss_rc: proper support of rename, revert, page creation.
   400    * modern/modernized theme: fix padding/width for editor preview
   401    * group/pagelinks formatters: avoid to create unnecessary output, redirect
   402      output of send_page call with the groups formatter, it must not be written
   403      to the output stream
   404    * rst parser: fix include and macro directives
   405    * wikisync: fix unicode pagename sending for python 2.7 httplib
   407   New features:
   408    * add a comment_required config option (default: False) to require a
   409      non-empty comment when saving a page
   410    * when a save error happens, show the editor again and highlight the error
   411    * rss_rc: several new options added: lines parameter gives ability to set
   412      maximum size of diffs showed in RSS. show_att parameter gives ability
   413      to show information aboout attachment-related items in RSS. page parameter
   414      gives ability to specify set of pages for which changes RSS feed should be
   415      generated. Configuration of defaults and limits can now be done via wiki
   416      configuration mechanism.
   417    * As soon as it is now possible to provide RSS for page change history,
   418      appropriate alternate link is now added for every page (controlled by
   419      rss_show_page_history_link configuration parameter).
   420    * Search: "no_highlight:" search query option provided for suppressing
   421      highlighting search results.
   422    * Search macros: new options for FullSearch, FullSearchCached and PageList
   423      available:
   424      * highlight_titles option controls highlighting of matches in search
   425        results provided by these macros. Default value is set in
   426        search_macro_highlight_titles configuration option)
   427      * highlight_pages option controls adding of highlight URL parameter to
   428        page links (so search term is highlighted when user goes to one of
   429        these pages via provided link) in search results. Default value is set
   430        in search_macro_highlight_pages configuration option.
   431      Usage of these options is disabled (via search_macro_parse_args
   432      configuration option) by default due to behavioural changes introduced
   433      in macro parameter parsing mechanism to support them. Related to
   434 .
   436   Other changes:
   437    * Remove 4suite dependency for docbook formatter, use minidom (included in
   438      Python).
   439    * Upgraded FCKeditor to 2.6.8.
   442 Version 1.9.4:
   444   HINT: Python >= 2.5 is maybe required! See docs/REQUIREMENTS for details.
   446   Fixes:
   447    * Fix XSS / remove javascript URL support in rst parser (CVE-2011-1058).
   448    * werkzeug: Removed a dummy import. Fixes Python 2.7 compatibility.
   449    * Fix linux-to-windows edit-log migration/upgrade issue (wrong line endings)
   450    * logfile: strip \n lineends from line data (\n is part of the file
   451      structure, not of the data)
   452    * Fix for MoinMoinBugs/SinglePageSlideShowAndParserMarkup.
   453    * Simplify auto scroll initialization; fix bug in IE init discovered when
   454      using IE7 on pages with wide tables.
   455    * Fix timestamp in edit lock message to show the time when edit-locking ends.
   456    * Updated from internal defaults, sync the one in
   457      toplevel dir and the one in wiki/server/ - fixes hostname setting.
   458    * SubProcess: make sure files are closed at the end (experimental change).
   459    * text plain formatter: fix bullet_list, see number_list.
   460    * Add some image mimetypes to MIMETYPES_MORE to fix windows issues.
   461    * Include page name in password reset URL.
   462    * Fix moin export dump to generate relative URLs.
   463    * Fix MonthCalendar mouseover for pages with ampersand in page name.
   464    * ldap_login: assign server early, it is used in exception handler.
   465    * OpenID server preferences: fix traceback related to request method.
   466    * Work around page.mtime_usecs() returning 0 for pages without edit-log.
   467    * revert action: catch and display all SaveErrors when revert failed.
   468    * Fixed bug in groups formatter which caused the last list item to be not in the group.
   469    * Avoid strange exception in for pre-1980 timestamps.
   470    * TableOfContents: fix for other markups than default wiki markup, e.g. rst
   471    * script.account.homepage: added wiki format to homepage_default_text
   472    * Enable webkit based browsers (try chrome/safari/konqueror now) for GUI
   473      editing (after fixing selection FCKeditor plugin for chrome).
   474    * Parsers: avoid crash when Parser.format() call gets inhibit_p kw arg.
   475    * advancedsearch: fix problem with non-ascii chars breaking up words for OR
   476      and NOT terms
   477    * fix globaledit script to keep comments on Homepage...Template pages
   479   New features:
   480    * Added print mode to action.SlideShow, see
   481      FeatureRequests/PrintableSinglePageSlideshows.
   482    * xmlrpc: new methods xmlrpc_getProcessingInstruction(Version)
   483    * Add support for other password hashes (all of them will get auto-upgraded
   484      to SSHA when user logs in):
   485      * {DES} (Unix crypt(3))
   486      * {MD5} (MD5-based crypt())
   487      * {APR1} (Apache .htpasswd). 
   488    * Experimental queued indexing support to work around memory leak - use it like this:
   489      # put all pages into indexer queue:
   490      python MoinMoin/script/ index build --mode=makequeue
   491      # take <count> pages out of the indexer queue and index them,
   492      # you need to repeat the following line respective to the total amount of pages
   493      # in your wiki (doing more indexer calls does no harm, doing less means an
   494      # incomplete index):
   495      python MoinMoin/script/ index build --mode=buildnewindexqueued --count=500
   496      python MoinMoin/script/ index build --mode=buildnewindexqueued --count=500
   497      python MoinMoin/script/ index build --mode=buildnewindexqueued --count=500
   498      # ...
   499      # switch to new index:
   500      python MoinMoin/script/ index build --mode=usenewindex 
   502   Other changes:
   503    * Raise exceptions as recommended in PEP 8.
   504    * Updated i18n / underlay pages.
   505    * Updated interwiki map.
   506    * Use logging.traceback to get more information if a indexing filter crashes.
   507    * u200b is not considered a space any more in unicode 4.0.1.
   508    * Improve textcha security, use some crypto and timing to make cheating
   509      harder - use cfg.textchas_expiry_time = 600 (default, seconds) to set the
   510      time a textcha is valid.
   511    * Upgraded bundled werkzeug to 0.8.1, pygments to 1.4, flup to repo tip.
   514 Version 1.9.3:
   515   Fixes:
   516   * Fix XSS in Despam action (CVE-2010-0828).
   517   * Fix XSS issues (see MoinMoinBugs/1.9.2UnescapedInputForThemeAddMsg):
   518     * by escaping template name in messages
   519     * by fixing other places that had similar issues
   520   * Make moin compatible to werkzeug 0.5 .. 0.6.2 (1.9.2 had issues
   521     with xmlrpc when used with werkzeug 0.6.x).
   522   * MoinMoin.util.filesys: disable usage of dircache, deprecate dc* functions,
   523     because the dircache stdlib module can't work correctly for fast updates of
   524     directories.
   525   * rss_rc and sisterpages actions: fix Content-Type header (mimetype)
   526   * Fix associating OpenID identity with user, wasn't adapted to werkzeug yet.
   527   * openidrp auth: fix undefined _ (gettext)
   528   * Fix auth.cas and userprefs.oidserv request object usage.
   529   * highlight parser: fixed MoinMoinBugs/LineNumberSpansForProcessInstructionsMissed
   530   * Pygments syntax highlighting: add missing code files
   531   * Notifications: use same email subject format for every notification
   532   * Fix docbook formatter crashing, see MoinMoinPatch/IncludeMacroWithDocBookFormatter
   533   * Fix regex content search for xapian search.
   534   * Get rid of the empty line at the end of code highlights.
   535   * GUI editor: compute editor height like the text editor does.
   536   * Added help texts for: standalone server and moin migration.
   537   * script.maint.cleancache: clean also i18n cache files
   538   * Improved formatter.text_plain, see FeatureRequests/TextPlainFormatterRewrite
   539     (fixes many issues of this formatter).
   540   * text_html_text_moin_wiki: fixed index error for width="", see also:
   541     MoinMoinBugs/GUI_convertor_list_index_out_of_range
   542   * xmlrpc: disable editor backup for putPage, renamePage and revertPage
   543     because if pages get uploaded by xmlrpc then the draft cache file can
   544     rapidly increase in size, causing high memory usage because it needs to
   545     get loaded into memory for updating/processing.
   546   * Emit Content-Type header (with charset) for SlideShow action and many other
   547     actions that just call send_title().
   548   * ActionBase: better compatibility to moin 1.8, use request.values by
   549     default, optionally use request.form data only
   551   New features:
   552   * RenamePage action: added ability to create redirect pages when renaming
   553     (turned off by default, see show_rename_redirect config option).
   554   * formatter/text_html: Added line number links to code blocks.
   555   * diff action:
   556     * Fixed whitespace in generated (html) diff view table so white-space: pre
   557       can be used (and whitespace in diffs preserved).
   558     * Added links to first/last revision.
   559   * MoinMoin.widget.browser: introduced feature for sorting tables, see:
   561   * SystemAdmin user and attachment browsers: sorting feature used there now
   562   * Scrolling the text editor to the double clicked line.
   563   * Enable double-click-editing by default.
   564   * WikiConfigHelp macro: make heading and description display optional,
   565     heading level as a parameter (default 2)
   566   * If edit ticket check fails, send the editor with the current content.
   567   * moin import wikipage - use this script to import local files as a wiki page
   569   Other changes:
   570   * upgraded pygments from 1.2.2 to 1.3.1
   571   * upgraded FCKeditor from to 2.6.6
   572   * added configuration snippet for ldap authentication against 2 servers
   573   * improved script help output
   575 Version 1.9.2:
   576   Fixes:
   577   * Fixed CVE-2010-0668: major security issues were discovered in misc. parts
   578     of moin.
   579     HINT: if you have removed superuser configuration to workaround the issue
   580     (following our security advisory), you may re-add it after installing this
   581     moin release. If you don't need superuser capabilities often, it might be
   582     wise to not have superusers configured all the time, though.
   583   * Fixed CVE-2010-0669: potential security issue due to incomplete user profile
   584     input sanitizing.
   585   * Improved package security: cfg.packagepages_actions_excluded excludes
   586     unsafe or otherwise questionable package actions by default now.
   587   * wiki parser: fixed transclusion of (e.g. video) attachments from other
   588     pages.
   589   * Fixed edit locking for non-logged in editors and cfg.log_remote_addr=False.
   590   * mailimport: fix missing wikiutil import for normalize_pagename
   591   * SubProcess: fix "timeout" AttributeError
   592   * "standalone" fixed calling non-existing os.getuid on win32
   593   * HTTPAuth deprecation warning moved from class level to __init__
   594   * Fixed MoinMoinBugs/1.9DiffActionThrowsException.
   595   * Fixed misc. session related problems, avoid unneccessary session file
   596     updates.
   597   * Fix/improve rename-related problems on Win32 (depending on Windows version).
   598   * Fixed spider / user agent detection.
   599   * Make sure to use language_default when language_ignore_browser is set.
   600   * diff action: fix for case when user can't revert page.
   601   * Fix trail size (was off by one).
   602   * Updated bundled flup middleware (upstream repo checkout), avoids
   603     socket.fromfd AttributeError on win32 if cgi is forced, gives helpful
   604     exception msg.
   605   * wikiutil: Fixed required_arg handling (no exception when trying to raise
   606     exception that choice is wrong).
   607   * Do not use* to import 3rd party code, give dist packages
   608     a chance.
   609   * wikiutil.clean_input: avoid crash if it gets str type
   610   * request: fixed for werkzeug 0.6 and 0.5.1 compatibility. Please note that
   611     we didn't do much testing with 0.6 yet. So, if you use 0.6, please do some
   612     testing and provide feedback to us.
   613   * AttachFile._build_filelist: verifies readonly flag for unzip file link
   614   * attachUrl: fix wrongly generated tickets (e.g. for AttachList macro)
   615   * http headers: fix duplicated http headers (e.g. content-type)
   617   New features:
   618   * info action: added pagination ability to revision history viewer.
   619     Use cfg.history_paging = True [default] / False to enable/disable it.
   620   * ldap_login auth: add report_invalid_credentials param to control wrong
   621     credentials error message (this is typically used when using multiple
   622     ldap authenticators).
   623   * Add RenderAsDocbook to actions_excluded if we have no python-xml.
   624   * Upgraded pygments to 1.2.2 (some fixes, some new lexers).
   625   * Text editor: if edit_rows==0 (user profile or config), we dynamically size
   626     the text editor height. This avoids double sliders for the editor page
   627     in most cases.
   629   Other changes:
   630   * New docs/REQUIREMENTS.
   631   * Added a less magic cgi/fcgi driver (moin.fcgi), added fixer middleware
   632     for apache2/win32 to it.
   635 Version 1.9.1:
   636   Bug fixes:
   637   * Fixed CVE-2010-0667: sys.argv security issue.
   638   * Fixed FileSessionService - use session_dir from CURRENT request.cfg (it
   639     mixed up session_dirs in farm setups).
   640     HINT: if you added the hotfix to your wikiconfig, please remove it now.
   641   * Fixed creation of lots of session files (if anon session were enabled and
   642     user agent did not support cookies).
   643   * Fixed session file storage for a non-ascii base path.
   644   * Fixed session cookie confusion for nested URL paths (like path=/ and
   645     path=/mywiki - for more info, see also "New features").
   646   * Handle cookie_lifetime / anonymous_session_lifetime upgrade issue
   647     gracefully: emit errors/warnings to log, use old settings to create
   648     cfg.cookie_lifetime as expected by moin 1.9.
   649   * flup based frontends: fixed SCGI and AJP (didn't work).
   650   * farmconfig example: remove wrong comment, add sample http/https entry.
   651   * Fixed password reset url (email content needs full URL).
   652   * Page: fixed adding of page contents (only data added now, without metadata) -
   653     fixes MoinMoinBugs/DeprecatedPageInclusionErrornousPageInstructionsProcessing
   654   * xmlrpc:
   655     * Process attachname in get/putAttachment similarly.
   656     * revertPage: convert pagename to internal representation.
   657     * Fixed auth calls used by jabberbot (needs more work).
   658   * Added missing config.umask support code (setting was not used), fixed
   659     config.umask usage for page packages.
   660   * Fixed browser language detection.
   661   * Fixed language pack generation/installation for pt-br, zh, zh-tw.
   662   * Fixed caching of formatted msgs, see MoinMoinBugs/1.9EditPageHelpLinksBroken.
   663   * Fixed usage of i18n.wikiLanguages() on class level (moved to method), failed
   664     when tools import the module (e.g. pydoc -k foo).
   665   * highlight parser:
   666     * fixed caching issue for "toggle line numbers" link.
   667     * added missing support for console/bash session
   668   * Fixed precedence of parsers: more special parsers now have precedence
   669     before moin falls back to using the HighlightParser (syntax highlighting).
   670   * Added extensions to the rst, moin and creole parser (example.rst, example.moin and
   671     example.creole attachments are rendered now when viewed).
   672   * Fixed MoinMoinBugs/LineNumberSpansForProcessInstructionsMissed for
   673     moin_wiki, highlight and plain parser.
   674   * Fixed MoinMoinBugs/LineNumberAnchorsInPreformattedText for highlight and
   675     plain parser.
   676   * Fixed MoinMoinBugs/TableOfContentsBrokenForIncludedPages.
   677   * Exception raised on calling add_msg() after send_title(), which leads to 
   678     Internal Server Error on calling several actions (diff, preview) for 
   679     deprecated pages, is replaced with warning and call stack information in 
   680     the log.
   681   * AttachFile.move_file: send events (so e.g. xapian index update happens)
   682   * SubProcess: fixed win32-specific parts, fixed imports (fixes calling of
   683     external xapian index filters)
   684   * Fixed auth methods that use redirects (like OpenID).
   685   * OpenID client:
   686     * Add setting cfg.openidrp_allowed_op, default is [].
   687     * Fixed logging in with openid and associating with an existing account.
   688     * openidrp_sreg extension: handle UnknownTimeZoneError gracefully
   689   * OpenID server:
   690     * Fixed TypeError.
   691     * Fixed processing POSTed form data AND URL args.
   693   New features:
   694   * diff: Added displaying of information about revisions (editor, size, 
   695     timestamp, comment), added revision navigation.
   696   * text editor: added @TIMESTAMP@ variable for adding a raw time stamp
   697   * xmlrpc: added renamePage and deleteAttachment methods.
   698   * Accept "rel" attribute for links (moin wiki parser).
   699   * Generate session cookie names to fix cookie path confusion and enable port-
   700     based wiki farming.
   702     HINT: New setting cfg.cookie_name:
   704     None (default): use MOIN_SESSION_<PORT>_<PATH> as session cookie name. This
   705                     should work out-of-the-box for most setups.
   707     'siteidmagic': use MOIN_SESSION_<SITEID>, which is unique within a wiki farm
   708                    created by a single farmconfig (currently, cfg.siteid is just
   709                    the name of the wiki configuration module).
   711     'other_value': use MOIN_SESSION_other_value - this gives YOU control. Just
   712                    use same value to share the session between wikis and use a
   713                    different value, if you want a separate session.
   715     HINT: Please do not use cfg.cookie_path any more - it usually should not be
   716     needed any more, as we now always put path=/ into the cookie except if you
   717     explicitly configure something else (only do that if you know exactly what
   718     you're doing and if the default does not work for you).
   720     HINT: see also the HelpOnSessions page which shows some typical configs.
   721   * Store expiry into sessions, use moin maint cleansessions script to clean up.
   722     HINT: use moin ... maint cleansessions --all once after upgrading.
   723     HINT: you may want to add a cron job calling moin ... maint cleansessions
   724           to regularly cleanup expired sessions (it won't remove not expired
   725           sessions).
   727   Other changes:
   728   * Added rtsp, rtp, rtcp protocols to url_schemas.
   729   * Added more info about index building to xapian wikiconfig snippet.
   730   * Updated the wikicreole parser to version 1.1.
   733 Version 1.9.0:
   734   Note: This is a reduced CHANGES, ommitting details from rc/beta test and
   735         also less interesting minor changes and fixes. It shows changes
   736         relative to 1.8.6 release.
   737         If you want to see full detail, read it there:
   740   New features: ==============================================================
   741   * HINT: MoinMoin requires Python 2.4 now. If you only have Python 2.3 and
   742     you don't want to upgrade it, please use MoinMoin 1.8.x.
   743   * HINT: MoinMoin is now a WSGI application.
   744     Please read the new install docs about how to use it, see:
   746     You also have a local copy of that page as docs/INSTALL.html.
   747   * HINT: due to big changes in the request processing and the request
   748     object (related to the WSGI refactoring), many 3rd party plugins might
   749     need code updates to work with moin 1.9.
   750   * HINT: We now offer different sized sets of system/help pages and the default
   751     underlay just contains a single page: LanguageSetup. You need to be
   752     superuser, visit that page and then install the language packs you like
   753     (minimum is the essential set for English).
   754   * HINT: LanguageSetup is the default page_front_page, you need to change that
   755     after installing language packs (see above).
   757   * New modular group and dict data access, you can use group and dict 
   758     backend modules to access group and dict data stored anywhere you like.
   759     Currently we provide these backends:
   760       * WikiGroups and WikiDicts backends get data from wikipages. They work
   761         similar to old wikidicts code (but with less caching issues :).
   762       * ConfigGroups and ConfigDicts backends get data from a dictionary
   763         defined in the wiki config.
   764       * CompositeGroups and CompositeDicts compose several backends, so data
   765         may be retrieved from several sources. For example, groups may be
   766         defined in the wiki config and on wiki pages.
   767     * Using cfg.groups and cfg.dicts, you can define the backend to use to
   768       access group and dict information (default: WikiGroups / WikiDicts
   769       backend).
   770       See the wiki/config/more_samples/ directory (groups_wikiconfig_snippet
   771       and dicts_wikiconfig_snippet).
   772     * See also the new HelpOnDictionaries and HelpOnGroups pages.
   774   * Improved Xapian indexing / search:
   775     * Moin's Xapian based search code was refactored:
   776       * It is now based on the xappy library (see
   777       * Minimum Xapian requirement is 1.0.6 now.
   778       * Outdated and unmaintained xapwrap lib was removed.
   779       * regex search with Xapian enabled also is based on the xapian index now
   780     * Safe 2-stage xapian index rebuilding:
   781       moin index build --mode=buildnewindex  # slow, concurrent
   782       <stop wiki>
   783       moin index build --mode=usenewindex  # fast
   784       <start wiki>
   785     * Added wikiconfig snippet for xapian search.
   787   * Improved drawing support:
   788     * TWikiDraw:
   789       * Support code was refactored/moved to the twikidraw action.
   790       * Use drawing:example.tdraw to invoke it (drawing:example also still
   791         works for backwards compatibility)
   792       * Drawings are now stored as a single attachment foo.tdraw.
   793         We added a migration script that converts your existing drawings.
   794     * AnyWikiDraw:
   795       * Java applet added, source code see contrib/.
   796       * Support code for it is in anywikidraw action.
   797       * Use drawing:example.adraw to invoke it.
   798       * Drawings are stored in a similar way as foo.adraw.
   799     * cfg.extensions_mapping added for mapping of attachment file extensions
   800       to actions (currently used for anywikidraw/twikidraw action)
   802   * Themes / static files related:
   803     * Added modernized_cms theme (hides most wiki widgets from modernized if the
   804       user is not logged in).
   805     * Static file serving built-in (moved wiki/htdocs to MoinMoin/web/static/htdocs).
   806       MoinMoin.web.static has a static file serving wrapper that uses the files
   807       from htdocs subdirectory by default (docs=True).
   808       You can also give another path or switch off creation of that static wrapper.
   809       See the docstring of the static package for details.
   810     * Theme packages: do_copythemefile now copies theme files to
   811       MoinMoin/web/static/htdocs.
   813   * Syntax highlighting is based on the pygments library now, it does this for
   814     LOTS of stuff (programming languages, config files, ...) - use it like this:
   815     {{{#!highlight xxx
   816     ...
   817     }}}
   818     xxx is any of the markups pygments supports (see HelpOnParsers).
   819     Note: we still have some (deprecated) small wrappers around pygments,
   820     so the old syntax #!python/pascal/cplusplus/... still works.
   822   * Authentication improvements:
   823     * HTTP auth related (see also HelpOnAuthentication):
   824       * HTTPAuthMoin: http basic auth done by moin
   825       * HINT: auth.http.HTTPAuth is now auth.GivenAuth
   826         This was badly named from the beginning as for most servers, it just
   827         looked at REMOTE_USER environment variable and relied on the server
   828         doing the authentication (could be http basic auth or any other auth).
   829     * LDAP/AD auth: new name_callback param to create a custom wiki username (not
   830       the ldap login username)
   831     * OpenID auth:
   832       * Support for Simple Registration (SREG) extension.
   833         Basic profile fields can be copied from OpenID provider when logging in.
   834       * Support for Teams extension.
   835       * Ability to accept logins from specific OpenID providers.
   836         Login form changes based on configuration for better usability:
   837         * 0 providers: normal text input box for OpenID URL
   838         * 1 provider: hidden field, automatic form submission with JavaScript
   839         * 2+ providers: select field, uses directed identity
   841   * Sessions / cookies:
   842     * HINT: cfg.cookie_lifetime is now a tuple (anon, loggedin), giving the
   843       lifetime of the cookie in hours, accepting floats, for anon sessions and
   844       logged-in sessions. Default is (0, 12). 0 means not to use a session
   845       cookie (== not to establish a session) and makes only sense for anon users.
   846     * cfg.cookie_httponly is new and defaults to False. Please note that if you
   847       set it to True, TWikiDraw and similar stuff won't be able to use the session
   848       cookie. Thus, if your wiki page doesn't allow writing for everybody, saving
   849       a drawing will fail, because there is no session (== no logged in user) for
   850       the TWikiDraw applet's saving POSTs.
   852   * Macros:
   853     * WikiConfigHelp: added section keyword for selecting a subset of the
   854       description, e.g. <<WikiConfigHelp(section="xapian")>>
   855     * HighlighterList: show Pygments syntax highlighters (see HelpOnParsers)
   857   * Actions:
   858     * SlideShow action added (please use the "modernized" theme [default])
   859     * raw action mimetype support: ...?action=raw&mimetype=text/css
   860     * PackagePages: create package file on-the-fly in memory and send it to the
   861       client (do NOT create attachment)
   863   * Improved logging / debugging / developer support:
   864     * Main exception handler: include request url in log output.
   865     * Environment variable MOIN_DEBUGGER=off/web/external (default is "off").
   866     * Handle wikiserverconfig(_local) in the same way as wikiconfig(_local).
   868   * GUI editor: improved attachment dialog
   870   * "moin ... account homepage" script to create user homepages.
   873   Removed features: ==========================================================
   874   * Removed cfg.traceback_* settings (use logging configuration)
   875   * Removed old session code and settings:
   876     * Removed cfg.session_handler and session_id_handler (use cfg.session_service)
   877     * Removed cfg.anonymous_session_lifetime (use cfg.cookie_lifetime)
   880   Bug fixes: =================================================================
   881   * Xapian indexing:
   882     * Rely on xapian's locking (remove moin's additional and sometimes broken
   883       locking, that blocked index-rebuilds or updates sometimes).
   884     * Removed indexer threading.
   885     * Fixed (reimplemented) indexer queue.
   886     * Less disruptive xapian index rebuild.
   887   * AdvancedSearch: example didn't work, fixed
   889   * With the groups/dicts code rewrite, we fixed the caching problems that the
   890     old code (< 1.9) sometimes had.
   892   * Actions:
   893     * Abort RenamePage if renaming of main page fails (do not try to rename
   894       subpages).
   895     * AttachFile do=view: quote filename and pagename params for EmbedObject
   896       macro call
   897     * unsubscribe action: add msg types so icons get displayed
   899   * Parsers:
   900     * fixed MoinMoinBugs/LineNumbersWorkingBuggyWithHighlightParser
   902   * GUI editor: roundtripping works now for .pdf/doc/... attachment transclusion
   904   * AttachFile: added remove_attachment() and FileRemovedEvent (mail and xapian
   905     support, no jabber support yet).
   907   * Fix makeForbidden403() calls - is makeForbidden(403, ...) now.
   908   * sendmail: add more debug logging, check for empty recipients list
   909   * Fix MoinMoinBugs/MissingPageShouldn'tOfferToCreatePageForReadonlyUsers
   910   * Fix MoinMoinBugs/1.6XmlRpcPutPagePagenameEscape
   911   * Bug with "language:en" was fixed for the Moin search. Now language:
   912     behaves like described on HelpOnSearching.
   913   * Fixed MoinMoinBugs/DeprecatedIsNotRespected (search ranking, WantedPages).
   914   * OpenID: always return error messages with CancelLogin if OpenID process fails.
   915   * suid: simplify and fix, bigger selection box
   917   * patch werkzeug 0.5.1 to catch OverFlowError and ValueError so it doesn't
   918     crash when receiving invalid If-modified-since header from client.
   921   Other changes: =============================================================
   922   * 'modernized' theme:
   923     * use it by default (1.8 used 'modern')
   924     * move title_with_separators() from Modernized theme to ThemeBase
   925     * add a span with "pagepath" class to title_with_separators
   926   * add the sidebar() method from Mandarin and Gugiel themes to ThemeBase
   927   * updated flup to 1.0.2+ ( )
   928   * updated pygments to 1.1.1+ ( )
   929   * updated parsedatetime to 0.8.7
   930   * increase surge protection limits for AttachFile to avoid trouble with image galleries
   931   * HINT: simplify wikiserver configuration by using same names as werkzeug's
   932     run_simple() call.
   933   * Removed moin account check's --lastsaved option, it is default now
   934     (checking last use with trail file did not work in 1.9 anyway).
   935   * ImageLink page has been killed (ImageLink macro is gone since 1.6.1).
   936   * Allowed disabling of timezone and language user prefs if they are
   937     part of the user's login fields (i.e. OpenID SREG).
   938   * Added option to disable local registration links and direct user
   939     to registration page at an OpenID provider instead.
   941   Developer notes: ===========================================================
   942   * groups and dicts API changes:
   943     * request.groups and request.dicts provide access to groups and dicts.
   944     * MoinMoin.wikidicts is gone, please use MoinMoin.datastruct.
   945     * LazyGroup and LazyGroupsBackend base classes for implementing backends
   946       which potentially deal with huge amounts of data (like a LDAP directory).
   947       Use MoinMoin/datastruct/backends/ as a draft for
   948       new backends.
   949     * See for more details.
   950   * i18n: new approach for defining sets of system/help pages (see i18n.strings).
   951     CheckTranslation, page packager, wikiutil.isSystemPage() use those sets.
   952   * killed deprecated macro.form attribute (didn't work as expected anyway due
   953     to WSGI refactoring) - please use macro.request.{args,form,values}
   956 Version 1.8.8:
   957   Fixes:
   958     * Fixed XSS issues (see MoinMoinBugs/1.9.2UnescapedInputForThemeAddMsg).
   959     * Fixed XSS in Despam action (CVE-2010-0828).
   960     * wikiutil.clean_input: avoid crash if it gets str type
   961     * Add RenderAsDocbook to actions_excluded if we have no python-xml
   962     * AttachFile._build_filelist: verifies readonly flag for unzip file link
   963     * attachUrl: fix wrongly generated tickets (e.g. for AttachList macro)
   964     * MoinMoin.util.filesys.dc* (dircache can't work reliably):
   965       * disable usage of dircache, deprecate dc* functions
   966       * remove all calls to filesys.dc* (dclistdir, dcdisable)
   967     * Fixed crash, see MoinMoinPatch/IncludeMacroWithDocBookFormatter
   968     * Avoid hardly recoverable crashes if #format specification is invalid
   970   New features:
   971     * auth.ldap_login: add report_invalid_credentials param to control wrong
   972       credentials error message (typically used when using multiple ldap
   973       authenticators)
   976 Version 1.8.7:
   977   Fixes:
   978   * Fixed major security issues in miscellaneous parts of moin.
   979     HINT: if you have removed superuser configuration to workaround the issue
   980     (following our security advisory), you may re-add it after installing this
   981     moin release. If you don't need superuser capabilities often, it might be
   982     wise to not have superusers configured all the time, though.
   983   * Improved package security: cfg.packagepages_actions_excluded excludes
   984     unsafe or otherwise questionable package actions by default now.
   985   * wiki parser: fixed transclusion of (e.g. video) attachments from other
   986     pages.
   987   * Fixed edit locking for non-logged in editors and cfg.log_remote_addr=False.
   988   * xmlrpc:
   989     * Process attachname in get/putAttachment similarly.
   990     * revertPage: convert pagename to internal representation.
   991   * Fixed config.umask usage for page packages.
   992   * Fixed usage of i18n.wikiLanguages() on class level (moved to method),
   993     failed when tools import the module (e.g. pydoc -k foo).
   994   * SubProcess: fixed win32-specific parts, fixed imports (fixes calling of
   995     external xapian index filters)
   998 Version 1.8.6:
   999   Bug fixes:
  1000   * Xapian indexing / indexing filters:
  1001     * fix deadlocks with well- and misbehaving external filters
  1002     * work around indexing run crashing when encountering encoding problems
  1003       with non-ascii filenames
  1004     * OpenOffice/OpenDocument filters: catch UnicodeDecodeErrors (happens
  1005       with password protected files)
  1006   * i18n: check if languages is not initialized yet, don't crash
  1007   * http_redirect: use 301 redirect for some cases
  1008   * do not use httponly session cookies, makes trouble with twikidraw and ACLs
  1009   * GetText2 macro: fix for named placeholder
  1010   * Fix SHA -> SSHA password hash upgrade for old user profiles.
  1011   * abort RenamePage if renaming of main page fails (do not try to rename
  1012     subpages)
  1014   New features:
  1015   * search: improve search result ordering
  1016   * add MS Powerpoint indexing filter (needs catppt from catdoc package)
  1017   * migration scripts: make finding damaged edit-log entries easier
  1018   * SubscribeUser action: support username regexes and unsubscribing.
  1019     Usage (enter this into the input form field you get after invoking
  1020     SubscribeUser action from the "More Actions" menu:
  1021     [+|-][re:]username[,username,...] 
  1023     +username: subscribes user <username> (+ is optional/default)
  1024     -username: unsubscribes user <username>
  1025     +re:username_re: subscribes users who match <username_re> regex.
  1026     -re:username_re: unsubscribes users who match <username_re> regex.
  1029 Version 1.8.5:
  1030   Bug fixes:
  1031     * Attachment links: fix processing of attributes (e.g. 'target', 'title')
  1032     * Upgrade FCKeditor from 2.6.4 to
  1033     * PDF embedding: fix html, works better with PDF browser plugins now.
  1034     * Fix typo in rightsidebar CSS.
  1035     * Action revert: avoids reverting to a deleted current revision.
  1036     * Action diff: enable prev/next button only in the range of given revisions.
  1037     * Add a Auto-Submitted: auto-generated header to generated mails.
  1038     * Include comment in email notifies.
  1039     * mailimport: fix endless looping while trying to import a forwarded mail.
  1040     * fuid: keep same fake_mtime for intervals of max_staleness duration.
  1041     * Fixes a bug with empty list items in the GUI editor.
  1042     * Improve filesys.rename compatibility code (win32).
  1043     * Fix locking for CacheEntry.
  1044     * Xapian indexing: catch exception when a bad zip file is encountered.
  1045     * openidrp / botbouncer: fix param count for CancelLogin().
  1047   New features:
  1048     * Added CAS authentication.
  1049     * Added httponly cookie support and use it for session cookie.
  1051   Other changes:
  1052     * HTTP auth: added debug logging.
  1053     * Minor LDAP auth improvements.
  1054     * Data browser widget:
  1055       * Add (h)column<idx> css class to make it styleable.
  1056       * Include only necessary autofilter options.
  1057     * moin maint cleancache purges now drafts, too.
  1058     * Add gopher and apt protocols to url_schemas.
  1059     * Add .csv, .flv, .swf to MIMETYPES_MORE.
  1062 Version 1.8.4:
  1063   Bug fixes:
  1064     * ACL security: fix bug in hierarchical ACL processing, more restrictive
  1065       sub page ACLs did not work if the current user name did not give a match
  1066       within the sub page ACL (instead, the less restrictive parent page ACL
  1067       was used).
  1068       Non-hierarchical ACL processing (the default) is NOT affected.
  1069     * Creole parser: fix spaces in multiline elements.
  1070     * Use msie.css only for Internet Explorer older than version 8, fixes
  1071       e.g. the double rendering of link icons.
  1072     * http auth: do auth_type comparisons case-insensitively (spec-compliant)
  1074   New features:
  1075     * EmbedObject macro: changed default width value for PDF files to 100%
  1076                          (use a recent Adobe Reader to make this work).
  1077     * CopyPage action: added a TextCha for it
  1079   Other changes:    
  1080     * Creole parser: Add second license: BSD
  1083 Version 1.8.3:
  1084   Bug fixes:
  1085     * AttachFile XSS fixes: move escaping to error_msg / upload_form
  1086     * AttachFile move: add more escaping (maybe not XSS exploitable though)
  1087     * email attachments import with xapian indexing enabled: fix AttributeError
  1088     * fix wrong links in attachment notifications
  1089     * AttachFile do=view: quote filename and pagename params for EmbedObject
  1090       macro call
  1091     * AttachFile: fix exception when someone just clicks on upload, without
  1092       giving a file
  1093     * ldap_login: use None as default value for ssl certs/keys (using '' for
  1094       the pathes lets it fail with Connect Error)
  1095     * release edit lock if someone saves an unchanged page
  1096     * fix sendmail.encodeAddress (do not [QP] encode blanks, do not un-
  1097       necessarily use [QP] encoding for pure ascii mail addresses)
  1098     * Fixed docs bug: see HINT about secrets configuration at version 1.8.0
  1099       (1.8.0 Other changes).
  1100     * backup action: add 'self' dummy argument for backup_exclude function
  1101     * login action: fix formatting of error messages
  1102     * unsubscribe action: add msg types so icons get displayed
  1103     * fix quoting for pagehits stats (info action) - was not working for pagenames with blanks
  1104     * macro.TableOfContents: bug fix for MoinMoinBugs/TableOfContentsIgnoresSectionNumbersPragma
  1106   New features:
  1107     * added modernized_cms theme
  1108     * use url_prefix_fckeditor if you don't want to use the builtin FCKeditor
  1109       of moin, but a separate one at some specific url
  1110     * action.Load: added textcha feature
  1111     * add mumble protocol (nice and good quality F/OSS VOIP conference chat sw)
  1112     * ldap auth: new name_callback param to create a custom wiki username (not
  1113       the ldap login username).
  1115   Other changes:
  1116     * add compatibility code for set to xapwrap.index (fix py 2.6 warnings)
  1117     * wikiutil: MIMETYPES_MORE extended for .md5 as text/plain
  1120 Version 1.8.2:
  1121   Bug fixes:
  1122     * Fix AttachFile and antispam XSS issues.
  1123     * Modernized, modern and rightsidebar themes: make nonexistent or
  1124       badinterwiki links gray also when they are already visited.
  1125     * Fix anchor parsing for interwiki links and #redirect processing
  1126       instruction.
  1127     * user.apply_recovery_token: key must be of type string (for Python 2.6).
  1128     * Fix MoinMoinBugs/GuiEditorBreaksIndentedTable.
  1129     * Fix autofilter javascript breakage caused by including a databrowser
  1130       widget.
  1131     * Use per-wiki i18n cache (fixes wrong links to other farm wikis).
  1132     * Made cfg.interwikiname and cfg.user_homewiki unicode objects (str only
  1133       worked for ascii names).
  1134     * Xapian search: fixed historysearch.
  1135     * Xapian search indexing:
  1136       * Fix index updating for trivial changes.
  1137       * With history search enabled and in update mode, do not try to re-index
  1138         old page revisions again.
  1139       * With history search enabled, index page attachments only once.
  1140       * Fix last modified time of xapian index (shown on SystemInfo page).
  1141     * Make logging handlers defined in logging.handlers work (e.g.
  1142       class=handlers.RotatingFileHandler)
  1143     * Jabber notifications:
  1144       * Use an RFC compliant message type.
  1145       * Fix user creation notifications.
  1146     * OpenID: Compatibility fix for python-openid 2.x.x (also works with
  1147       1.x.x), fixes crash when trying to associate moin user to OpenID.
  1148     * Have a in wiki/server/ so copies it.
  1149     * Fixed inconsistent handling of fragments / anchor IDs:
  1150       * Fixed creole and wiki parser, other parsers might need similar fixes.
  1151       * IDs with blanks, non-ASCII chars etc. are now sanitized in the same way
  1152         for links as well as for link targets, so the user editing a page won't
  1153         have to bother with it.
  1154         E.g. [[#123 foo bar]] will link to:
  1155         * <<Anchor(123 foo bar)>> (moin) or {{#123 foo bar}} (creole)
  1156         * headline = 123 foo bar = (moin / creole)
  1157         Simple rule: if the link and the target are consistent, it should work.
  1158       * The creole wiki parser created non-human-readable sha1 heading IDs
  1159         before 1.8.2, now it creates same (sometimes readable) heading IDs as
  1160         the moin wiki parser.
  1161       * TitleIndex/WordIndex now also use IDs sanitized in that way internally.
  1162       HINT: if you manually worked around the inconsistencies/bugs before, you
  1163             likely have to remove those workarounds now. Same thing if you used
  1164             creole's sha1 heading IDs or IDs on TitleIndex/WordIndex.
  1166   Other changes:
  1167     * Updated FCKeditor to 2.6.4 (== many bug fixes in the GUI editor).
  1168     * Enhanced privacy by a new setting: cfg.log_remote_addr (default: True),
  1169       it controls whether moin logs the remote's IP/hostname to edit-log and
  1170       event-log. Use log_remote_addr = False to enhance privacy.
  1171     * Streamline attachment_drawing formatter behaviour.
  1172     * Search results: only redirect to a single search result for titlesearch
  1173       (fuzzy goto functionality), but not for fulltext search results.
  1177 Version 1.8.1:
  1178   Bug fixes:
  1179     * Workaround win32 locking problems (caused by spurious access denied
  1180       exceptions on that platform).
  1181     * Fix unicode errors that happened when password checker failed a password
  1182     * WikiConfig/WikiConfigHelp: fixed wrong language table headings
  1183     * Themes: make the margins around trail line work properly
  1184     * "modernized" theme:
  1185       * make broken links gray
  1186       * add new right/center/left/justify css classes
  1187       * don't force Arial
  1188     * Standalone server: be more specific when catching socket exceptions,
  1189       treat socket errors in http header emission in the same way.
  1190     * GUI editor:
  1191       * Fix heading levels when inserting new headings.
  1192       * Fix headers already sent exception when using e.g. edit LOCKing.
  1193     * Xapian indexing: fixed missing import for execfilter (only happened on
  1194       non-posix platforms like win32)
  1196   * New features:
  1197     * Themes:
  1198      * Make the TOC shrinkwrap, add white background to navigation macro.
  1199        The table of contents looked bad spanning the whole width of the page.
  1200        It's made to shrinkwrap now, so it will only get as wide, as the longest
  1201        heading. We use display:inline-table, so this won't work in MS IE6,
  1202        which still displays it the old way.
  1203        Navigation macro now has a white background, to make it more readable
  1204        when it's floating over a pre block or TOC.
  1205      * Make the numbers in lists in table of contents right-aligned.
  1206      * Refactored and extended theme.html_stylesheets() to make alternate
  1207        stylesheets possible. Stylesheet definitions now can either be:
  1208        2-tuples: (media, href)  # backwards compatibility
  1209        or:
  1210        3-tuples: (media, href, title)  # new, for defining alternate stylesheets
  1211        This works within themes as well as in the wiki config.
  1212        See also:
  1215 Version 1.8.0:
  1216   Note: This is a reduced CHANGES, ommitting details from rc/beta test and
  1217         also less interesting minor changes and fixes. It shows changes
  1218         relative to 1.7.2 release.
  1219         If you want to see full detail, read it there:
  1222   New Features: ==============================================================
  1223     * HINT: New "modernized" theme - if you use "modern" [default], try:
  1224       theme_default = 'modernized'
  1225       If you find problems with "modernized", please report them because we
  1226       want to use it as default theme in future.
  1227     * GUI Editor:
  1228       * upgraded to use FCKEditor version 2.6.3
  1229       * user can insert and modify various types of MoinMoin links
  1230     * New plugin_dirs setting to allow multiple plugin pathes (additional to
  1231       the automatically configured plugin_dir [default: data_dir/plugin]).
  1232     * @EMAIL@ expands to a MailTo macro call with the obfuscated email address
  1233       of the current user.
  1234     * New macros "WikiConfig" and "WikiConfigHelp".
  1235     * Per-parser quickhelp, 'quickhelp' class variable of parser class.
  1236     * Secure session cookies for https (see cfg.cookie_secure).
  1237     * Added left/center/right/justify css classes to builtin themes.
  1238       Use them like:
  1239       {{{#!wiki justify
  1240       this content is justified....
  1241       }}}
  1243   Removed Features: ==========================================================
  1244     * HINT: url_prefix setting (use url_prefix_static or just use the default)
  1245     * traceback_log_dir setting (we just use logging.exception)
  1246     * editor_quickhelp setting (replaced by per-parser quickhelp)
  1247     * Restoring backups with the backup action and related settings (while
  1248       creating backups is no big issue and should work OK, restoring them
  1249       had fundamental issues related to overwriting or not-overwriting of
  1250       existing files - thus we removed the "restore" part of the action and
  1251       recommend that you just contact the wiki server admin in case of trouble,
  1252       give him your wiki backup file and let him carefully restore it.)
  1253     * Removed unmaintained DesktopEdition (moin 1.5.x style) and phpwiki
  1254       migration scripts from contrib/ directory.
  1256   Bug Fixes: =================================================================
  1257     * GUI Editor - fixed lots of bugs.
  1258     * Fixing https detection for servers using HTTPS=1 and also for WSGI
  1259       servers not using HTTPS/SSL_ environment, but just wsgi.url_scheme.
  1260     * Search results: link to 'view' rendering of found attachments.
  1261     * Standalone server: fix serverClass and interface argument processing,
  1262       announce used serverClass in log output.
  1263     * mointwisted: fixed Twisted start script.
  1264     * Logging:
  1265       * Use logging framework for messages emitted by warnings module (e.g.
  1266         DeprecationWarning), silence some specific warnings.
  1267       * Removed superfluous linefeeds in timing log output.
  1268     * Bug fix for language not installed (MoinMoinBugs/WikiLanguageNotDefined).
  1269     * Fixed editbar hidden comment link cosmetics for sidebar themes (hide the
  1270       complete list element).
  1271     * MoinMoinBugs/DoubleScriptNameInSitemap (fixing urls given by sitemap
  1272       action, if the wiki does not run in the root url of the site)
  1273     * Fixed backup action configuration (broke on win32).
  1274     * Fixed MoinMoinBugs/PackagesAddRevision.
  1275     * SyncPages: add workaround for callers calling log_status with encoded
  1276       bytestrings.
  1277     * Fixed dbw_hide_buttons javascript.
  1278     * HINT: Jabber bot can now be configured to use an authentication realm
  1279       which is different from the server's hostname; the xmpp_node
  1280       configuration parameter can now contain a full JID and the xmpp_resource
  1281       parameter is no longer supported.
  1283   Other Changes: =============================================================
  1284     * HINT: new configuration for misc. secrets, please use either:
  1285           secrets = "MySecretLooongString!" # one secret for everything
  1286       or:
  1287           secrets = {
  1288               'xmlrpc/ProcessMail': 'yourmailsecret', # for mailimport
  1289               'xmlrpc/RemoteScript': 'yourremotescriptsecret',
  1290               'action/cache': 'yourcachesecret', # unguessable cache keys
  1291               'wikiutil/tickets': 'yourticketsecret', # edit tickets
  1292               'jabberbot': 'yourjabberbotsecret', # jabberbot communication
  1293           }
  1294       Secret strings must be at least 10 chars long.
  1295       Note: mail_import_secret setting is gone, use
  1296             secrets["xmlrpc/ProcessMail"] instead of it.
  1297       Note: jabberbot secret setting is gone, use
  1298             secrets["jabberbot"] instead of it.
  1299     * HINT: user_autocreate setting was removed from wiki configuration and
  1300       replaced by a autocreate=<boolean> parameter of the auth objects that
  1301       support user profile auto creation.
  1302     * moin import irclog: use irssi parser to format logs, mapped .irc
  1303       extension to text/plain mimetype.
  1304     * HINT: backup action: backup_exclude (default: "do not exclude anything")
  1305       is now a function f(filename) that tells whether a file should be
  1306       excluded from backup.
  1307       You can get the old regex exclusion functionality by using:
  1308       backup_exclude = re.compile(your_regex).search
  1309       Be careful with your regex, you might need to use re.escape() to escape
  1310       characters that have a special meaning in regexes (e.g.: \.[] etc.).
  1311       If in doubt, maybe just leave backup_exclude at the default and don't
  1312       exclude anything.
  1313     * Speed up javascript comments processing on IE by getElementsByClassName()
  1314     * Added sk (slovak) i18n, updated i18n.
  1317 1.7.3:
  1318   New features:
  1319     * Secure session cookies for https, see cfg.cookie_secure.
  1320     * Add left/center/right/justify classes to builtin themes.
  1322   Fixes:
  1323     * Python 2.3 compatibility fixes.
  1324     * Fixed https detection for servers using HTTPS=1 and also for wsgi servers
  1325       not using HTTPS/SSL_ environment, but just wsgi.url_scheme.
  1326     * GUI editor:
  1327       * Fix crash when editing a page with non-ASCII pagename and inserting a link
  1328       * Fix "headers already sent exception" with edit LOCKs.
  1329     * i18n.__init__: Bug fix for wiki language not installed.
  1330     * Fixed URLs given by sitemap action, if the wiki does not run at / URL.
  1331     * Search results: link to 'view' rendering of found attachments
  1332     * Logging:    
  1333       * Removed superfluous linefeed in timing log output.
  1334       * Use logging framework for messages emitted by warnings module (e.g.
  1335         DeprecationWarning), silence some specific warnings.
  1336     * Fix dbw_hide_buttons javascript.
  1337     * Standalone server:
  1338       * fix serverClass argument processing
  1339       * fix --interface="" argument processing
  1340     * mointwisted:
  1341       * added missing pidFile parameter
  1342       * better use for pidFile to avoid conflicts and keep same
  1343         behaviour as in the past
  1344     * Jabber bot can now be configured to use an authentication realm which
  1345       is different from the server's hostname
  1348 Version 1.7.2:
  1349   Fixes:
  1350     * Fix leakage of edit-log file handles (leaked 1 file handle / request!).
  1351     * Fix for MoinMoinBugs/SystemAdminMailAccountData (using POST and forms)
  1352     * Wiki parser: avoid IndexError for empty #! line
  1353     * MonthCalendar macro: fix parameter parsing / url generation
  1354     * Xapian indexing filters (MoinMoin/filter/ or data/plugin/filter/):
  1355       Some indexing filter scripts (e.g. for MS Word documents or PDF files)
  1356       failed on windows because of the single-quote quoting we used (that
  1357       works on Linux and other Posix systems). The fix introduces platform-
  1358       dependant automatic quoting, using double-quotes on win32 and single-
  1359       quotes on posix.
  1360       HINT: if you use own filter plugins based on execfilter, you have to
  1361       update them as the filename quoting (was '%s') is now done automatically
  1362       and must not be part of the command string any more (now just use %s).
  1363       See MoinMoin/filter/ for some up-to-date code (esp. the PDF filter).
  1364     * Prevent CategoryTemplate being listed as a category (it is a Template,
  1365       but matched also the category regex) - added to sample wikiconfig.
  1366     * LDAP auth: fix processing of TLS options
  1367     * UpdateGroup xmlrpc server side: fix wrong arg count error
  1368     * UpdateGroup client: use multicall / auth_token, refactor code so that
  1369       updateGroup function is reusable.
  1370     * Improve Python 2.3 compatibility, add notes where 2.4 is required.
  1373 Version 1.7.1:
  1374   New features:
  1375     * New 'cache' action (see developer notes).
  1377   Fixes:
  1378     * Security fix: XSS fix for advanced search form
  1379     * Avoid creation of new pagedirs with empty edit-log files by just
  1380       accessing a non-existant page. If you used 1.7 before, you likely have
  1381       quite some trash pagedirs now and you can clean them up by using:
  1382       moin --config-dir=... --wiki-url=... maint cleanpage
  1383       This will output some shell script (please review it before running!)
  1384       that can be used to move trash pages into some trash/ directory and also
  1385       moves deleted pages into some deleted/ directory. Maybe keep a copy of
  1386       those directories for a while just for the case.
  1387     * Server specific fixes:
  1388       * standalone ( fix --pidfile and --group option, fix
  1389         operation without a (use builtin defaults).
  1390       * mod_python: work around mod_python 3.3.1 problems with file uploads.
  1391         Note: if you are still using mod_python, we strongly recommend you
  1392 	      try out mod_wsgi (in daemon mode) - it has less bugs, better
  1393 	      security, better separation, WSGI is a Python standard, and moin
  1394 	      developers also use WSGI. See HelpOnInstalling/ApacheWithModWSGI.
  1395     * revert action: fixed for deleted pages.
  1396     * Search:
  1397       * Xapian indexing: Removed crappy "hostname" tokenization.
  1398         Fixes MoinMoinBugs/1.7 XapianNotWorkingWithLeadingNumbersInTitle.
  1399         Also tokenize CamelCase parts of non-wikiwords.
  1400       * Make query parser reject more invalid input.
  1401       * If query parsing raises a BracketError, at least tell what the problem
  1402         is (and not just raise empty  ValueError).
  1403       * Category search: ignore traling whitespace after ----
  1404     * Argument parser:
  1405       * Fixed sort() usage in UnitArgument to be Python 2.3 compatible.
  1406       * Fixed MoinMoinBugs/TypeErrorInWikiutils.
  1407     * Macros:
  1408       * TableOfContents: skip outer-most <ol> levels when page isn't using
  1409         the biggest headings
  1410       * MonthCalendar: fix MoinMoinBugs/MonthCalendarBreaksOnApostrophe
  1411     * xslt parser: fix MoinMoinBugs/DoNotConvertUnicodeToUTF8ForXsltParser
  1412     * OpenID RP: make it compatible to python-openid 2.2.x
  1413     * PackagePages.collectpackage: removed encoding from file name of zipfile
  1414     * Surge protection: exclude localnet no matter whether user is known or not.
  1415     * Notifications: fix MoinMoinBugs/DuplicateNewUserNotification
  1416     * Script moin account create/disable/resetpw: checks for already existing
  1417       user now.
  1419   Other changes:
  1420     * Prevent CategoryTemplate being listed as a category (it is a Template)
  1421       by changing the default page_category_regex.
  1423   Developer notes:
  1424     * New MoinMoin.action.cache - can be used to cache expensively rendered
  1425       output, e.g. generated images). Once put into the cache, moin can emit
  1426       a http response for that content very fast and very efficient (including
  1427       "304 not changed" handling.
  1428     * New file-like API in MoinMoin.caching (good for dealing with medium
  1429       to large files without consuming lots of memory).
  1430     * wikiutil.importPlugin supports getting the whole plugin module object
  1431       by giving function=None.
  1434 Version 1.7.0:
  1435   Note: This is a reduced CHANGES, ommitting details from rc/beta test and
  1436         also less interesting minor changes and fixes. It shows changes
  1437         relative to 1.6.3 release.
  1438         If you want to see full detail, read it there:
  1441   New Features: ==============================================================
  1442     * HINT: we added generic UPDATE instructions as docs/UPDATE.html.
  1444     * HINT: Standalone server usage changed:
  1445       * Standalone server can now be started via the "moin" script command,
  1446         optionally backgrounding itself.
  1447         See: moin server standalone --help
  1448       * In the toplevel dir, we have renamed to (it was
  1449         often confused with the moin scripting command).
  1450         Now you have:
  1451         * - to start the standalone server
  1452         * - to configure the standalone server
  1453         * wikiserverlogging.conf - to configure logging for it (default config
  1454           is ok for all day use, but can easily be modified for debugging)
  1455         * - to configure the wiki engine
  1456       * Removed old moin daemonizing script (replaced by moin server standalone
  1457         --start/stop)
  1458       * We now provide the "moin" script command also for people not using
  1459, see wiki/server/moin.
  1461     * Logging
  1462       * New powerful and flexible logging, please see wiki/config/logging/ -
  1463         HINT: you have to upgrade your server adaptor script (e.g. moin.cgi)
  1464         and load a logging configuration that fits your needs from there, or
  1465         alternatively you can also set MOINLOGGINGCONF environment variable
  1466         to point at your logging config file.
  1467         If you use some of our sample logging configs, make sure you have a
  1468         look INTO them to fix e.g. the path of the logfile it will use.
  1469       * Moin now logs the path from where it loaded its configuration(s).
  1471     * Authentication / Sessions:
  1472       * HINT: New authentication plugin system, see HelpOnAuthentication. If
  1473         you do not use the builtin default for 'auth' list, you likely have to
  1474         change your configuration. See wiki/config/snippets/ for some samples.
  1475       * HINT: New session handling system (no moin_session any more, now done
  1476         internally and automatically), see HelpOnSessions for details.
  1477       * Added OpenID client and server support.
  1478         See: HelpOnAuthentication and HelpOnOpenIDProvider.
  1479       * cfg.trusted_auth_methods is a list of auth methods that put an
  1480         authenticated user into the "Trusted" ACL group.
  1482     * User profiles / password recovery / notification:
  1483       * New newacount action for creating new user accounts/profiles. If you
  1484         don't want users creating new accounts on their own, you can add this
  1485         action to actions_excluded list.
  1486       * New recoverpass action for password recovery:
  1487         If you forgot your password, recoverpass sends you an email with a
  1488         password recovery token (NOT the encrypted password) that is valid
  1489         for 12 hours.
  1490       * New moin account resetpw script for resetting a user's password by
  1491         the wiki admin.
  1492       * New preferences plugin system, see MoinMoin/userprefs/
  1493       * New notification system with an optional jabber notification bot, see
  1494         HelpOnNotification. HINT: wiki users have to check their notification
  1495         settings, esp. if they want to receive trivial update notifications.
  1497     * The diff action now has navigation buttons for prev/next change and also
  1498       a revert button to revert to the revision shown below the diff display.
  1499     * ThemeBase: support Universal Edit Button, see there for details:
  1501     * ?action=info&max_count=42 - show the last 42 history entries of the page.
  1502       max_count has a default of default_count and a upper limit of
  1503       limit_max_count - you can configure both in your wiki config:
  1504       cfg.history_count = (100, 200) # (default_count, limit_max_count) default
  1505     * The CSV parser can sniff the delimiter from the first CSV line so other
  1506       delimeters than ";" can be used.
  1507     * Admonition support. Added styling for tip, note, important, warning 
  1508       and caution in the modern theme. For more info see HelpOnAdmonitions.
  1509     * DocBook-formatter:
  1510       * supports HTML entities like &rarr; and &#9731;
  1511       * supports the FootNote macro
  1512       * supports bulletless lists
  1513       * support for admonitions
  1514       * will export the wiki page's edit history as the generated article's
  1515         revision history. Doesn't add history of included pages.
  1516       * supports for the MoinMoin comment element, though only inline comments
  1517         are likely to be valid since the DocBook remark is an inline element.
  1518     * New Hits macro: shows the total hits for the page it is used on.
  1520   Removed Features: ==========================================================
  1521     * HINT: Removed attachments direct serving (cfg.attachments - this was
  1522             deprecated since long!). Use AttachFile action to serve attachments.
  1523     * Duplicated file attachment upload code was removed from Load action (just
  1524       use AttachFile action to deal with attachments).
  1525     * Removed 'test' action. If you like to run unit tests, use py.test.
  1526     * Removed Login macro.
  1528   Bug Fixes: =================================================================
  1529     * Better handling of ImportErrors (farmconfig, macros, wikiserverconfig).
  1530     * Fix failure of detection of on-disk cache updates.
  1531     * Fix traceback in on Mac OS X when "import Carbon" fails.
  1533     * AttachFile action / file up- and download / zip support:
  1534       * WSGI: use wsgi.file_wrapper (or a builtin simple wrapper). Fixes memory
  1535         consumption for sending of large file attachments.
  1536       * FastCGI: flush often. Fixes memory consumption for sending of large
  1537         file attachments.
  1538       * Use the open temporary file for receiving file attachment uploads
  1539         (fixes big memory consumption for large file uploads).
  1540       * Catch runtime errors raised by zipfile stdlib modules when trying to
  1541         process a defective zip.
  1542       * When unzipping member files, decode their filenames from utf-8 and
  1543         replace invalid chars.
  1544       * Make error msg less confusing when trying to overwrite a file attachment
  1545         without having 'delete' rights.
  1547     * HINT: page_*_regex processing had to be changed to fix category search.
  1548       If you don't use the builtin (english) defaults, you will have to change
  1549       your configuration:
  1550         old (default): page_category_regex = u'^Category[A-Z]'
  1551         new (default): page_category_regex = ur'(?P<all>Category(?P<key>\S+))'
  1552       As you see, the old regex did work for detecting whether a pagename is
  1553       a category, but it could not be used to search for a category tag in the
  1554       page text. The new regex can be used for both and identifies the complete
  1555       category tag (match in group 'all', e.g. "CategoryFoo") as well as the
  1556       category key (match in group 'key', e.g. "Foo") by using named regex
  1557       groups. \S+ means the category key can be anything non-blank.
  1558       If you like to simultaneously support multiple languages, use something
  1559       like this: ur'(?P<all>(Kategorie|Category)(?P<key>\S+))'
  1560       HINT: after changing your configuration, please rebuild the cache:
  1561         * stop moin
  1562         * moin ... maint cleancache
  1563         * start moin
  1564       If you don't do this, your groups / dicts will stop working (and also
  1565       your ACLs that use those groups). You better do a test whether it works.
  1567     * Xapian search / indexing / stemming:
  1568       * Use text/<format> as mimetype for pages.
  1569       * Index also major and minor for mimetypes, so it will find 'text' or
  1570         'plain' as well as 'text/plain'
  1571       * Fix searching for negative terms.
  1572       * Improve result list ordering.
  1573       * Index filters: redirect stderr to logging system.
  1574       * Remove crappy num regex from WikiAnalyzer, improve tokenization.
  1575       * Fix AttributeError that happened when trying to access an attribute only
  1576         used with xapian search (but regex search is not done by xapian)
  1577       * Fix IndexErrors happening when pages are renamed/nuked after the index
  1578         was built.
  1579       * Fixed indexing of WikiWords (index "WikiWords", "Wiki" and "Words").
  1580       * Fix crash if default language is un-stemmable.
  1581       * xapian_stemming: removed some strange code (fixes search
  1582         title:lowercaseword with xapian_stemming enabled)
  1583       * Fixed category indexing (index CategoryFoo correctly as CategoryFoo, not
  1584         Foo - for all languages, see page_*_regex change above).
  1585     * Builtin search: support mimetype: search for pages for the builtin search
  1586       engine (using text/<format>).
  1588     * Parser fixes:
  1589       * Wiki: fix subscript parsing (was broken for cases like 'a,,1,2,,').
  1590       * Docbook: fixed detection of WikiWords.
  1591       * All: Add ssh protocol to url_schemas for ssh:... URLs.
  1593     * XMLRPC:
  1594       * Fix xmlrpc call to use content-length, if available,
  1595         fixes hangs with wsgiref server.
  1596       * Wiki xmlrpc getPageInfoVersion() fixed:
  1597         * works correctly now for old page versions (was unsupported)
  1598         * works correctly now for current page version (reported wrong
  1599           data when a page had attachment uploads after the last page
  1600           edit)
  1601         * returns a Fault if it did not find a edit-log entry
  1603   Other Changes: =============================================================
  1604     * Using better ACLs and comments on system/help pages now, just taking
  1605       away 'write' permission, but using default ACLs for everything else.
  1606     * HINT: If you want to use xapian based indexed search, you need to have
  1607       Xapian >= 1.0.0 (and you can remove PyStemmer in case you have installed
  1608       it just for moin - we now use the stemmer built into Xapian as it
  1609       supports utf-8 since 1.0.0).
  1610     * Changed default value of cfg.search_results_per_page to 25.
  1611     * Surge Protection: If a user is authenticated by a trusted authentication
  1612       (see also cfg.auth_methods_trusted) then he/she won't trigger surge
  1613       protection, but moin will just log a INFO level log msg with the user's
  1614       name so you can find the culprit in case he/she is overusing ressources.
  1615     * HINT: Added MyPages and CopyPage to actions_excluded because MyPages
  1616       doesn't work without special SecurityPolicy anyway and CopyPage has
  1617       questionable behaviour.
  1618     * Load action now just creates a new revision of the target page, the
  1619       target pagename defaults to the current page name and can be edited.
  1620       If the target pagename is empty, moin tries to derive the target pagename
  1621       from the uploaded file's name.
  1622       Load tries to decode the file contents first using utf-8 coding and, if
  1623       that fails, it forces decoding using iso-8859-1 coding (and replacing
  1624       invalid characters).
  1625     * HINT: cfg.show_login is gone, see code in theme/, this may
  1626       affect many themes!
  1627     * HINT: a new userprefs/ plugin directory will be created by the usual
  1628       "moin migration data" command.
  1629     * DocBook-formatter:
  1630       * generates a valid DOCTYPE
  1631       * table support has been improved
  1632       * handling of definitions and glossaries is more robust
  1633       * supports program language and line numbering in code areas
  1634     * HINT: ldap_login behaves a bit different now:
  1635       In previous moin versions, ldap_login tended to either successfully
  1636       authenticate a user or to completely cancel the whole login process in
  1637       any other case (including ldap server down or exceptions happening).
  1638       This made subsequent auth list entries rather pointless.
  1639       Now it behaves like this:
  1640         * user not found in LDAP -> give subsequent auth list entries a
  1641           chance to authenticate the user (same happens if it finds multiple
  1642           LDAP entries when searching - it logs an additional warning then).
  1643         * user found, but wrong password -> cancel login
  1644         * ldap server not reachable or other exceptions -> give subsequent
  1645           auth list entries a chance
  1646       So please make sure that you really trust every auth list entry you have
  1647       configured when upgrading or it might maybe change behaviour in a
  1648       unexpected or unwanted way.
  1649     * ldap_login now supports failover: if it can't contact your LDAP server
  1650       (e.g. because it is down or unreachable), it will just continue and
  1651       try to authenticate with other authenticators (if there are any in
  1652       cfg.auth list). So if you have some mirroring LDAP backup server, just
  1653       put another authenticator querying it there:
  1654           ldap_auth1 = LDAPAuth(server_uri='ldap://mainserver', ...)
  1655           ldap_auth2 = LDAPAuth(server_uri='ldap://backupserver', ...)
  1656           auth = [ldap_auth1, ldap_auth2, ]
  1658   Developer notes: ===========================================================
  1659     * Page.last_edit() is DEPRECATED, please use Page.edit_info().
  1660     * Page._last_edited() is GONE (was broken anyway), please use
  1661       Page.editlog_entry().
  1662     * New request.send_file() call, making it possible to use server-specific
  1663       optimizations.
  1664     * getText's (aka _()) 'formatted' keyword param (default: True in 1.6 and
  1665       early 1.7) was renamed/changed: it is now called 'wiki' and defaults to
  1666       False. Example calls:
  1667       _('This will NOT get parsed/formatted by MoinMoin!')
  1668       _('This will be parsed/formatted by MoinMoin!', wiki=True)
  1669       _('This will be used as a left side of percent operator. %s',
  1670         wiki=True, percent=True)
  1671     * Page.url 'relative' keyword param (default: True in 1.6 and early 1.7)
  1672       was changed to default False).
  1673     * The themedict no longer contains 'page_user_prefs' and 'user_prefs',
  1674       this may affect custom themes.
  1675     * The rst-parser's admonition class names are no longer prepended with
  1676       "admonition_". Instead the class names are now for example "note"
  1677       and not "admonition_note".
  1680 Version 1.6.3:
  1681   Fixes:
  1682     * Security fix: a check in the user form processing was not working as
  1683       expected, leading to a major ACL and superuser priviledge escalation
  1684       problem. If you use ACL entries other than "Known:" or "All:" and/or
  1685       a non-empty superuser list, you need to urgently install this upgrade.
  1686     * Security fix: if acl_hierarchic=True was used (False is the default),
  1687       ACL processing was wrong for some cases, see
  1688       MoinMoinBugs/AclHierarchicPageAclSupercededByAclRightsAfter
  1689     * For {{transclusion_targets}} we checked the protocol to be http(s),
  1690       this check was removed (because file: and ftp: should work also) and
  1691       it's not moin's problem if the user uses silly protocols that can't
  1692       work for that purpose.
  1693     * Fixed TableOfContents macro for included pages.
  1694     * server_fastcgi: added Config.port = None. If you want to use some port
  1695       (not a fd), you can set it now in your Config, e.g. port = 8888.
  1696     * category: search matches categories even if there are comment lines
  1697       between the horizontal rule and the real categories, e.g.:
  1698       ... some page text ...
  1699       ----
  1700       ## optionally some comments, e.g. about possible categories:
  1701       ## CategoryJustACommentNotFound
  1702       CategoryTheRealAndOnly
  1704       Note: there might be multiple comment lines, but all real categories
  1705             must be on a single line either directly below the ---- or
  1706             directly below some comment lines.
  1708   Other changes:
  1709     * Added 'notes' to config.url_schemas, so you can use notes://notessrv/...
  1710       to invoke your Lotus Notes client.
  1711     * After creating a new user profile via UserPreferences, you are logged
  1712       in with that user (no need to immediately enter the same name/password
  1713       again for logging in).
  1716 Version 1.6.2:
  1717   Fixes:
  1718     * Security fix: check the ACL of the included page for the rst parser's
  1719       include directive.
  1720     * Potential security/DOS fix: we removed cracklib / python-crack support
  1721       in password_checker as it is not thread-safe and caused segmentation
  1722       faults (leading to server error 500 because the moin process died).
  1723     * Fix moin_session code for auth methods other than moin_login (e.g. http).
  1724       If you have worked around this using moin_anon_session, you can remove
  1725       this workaround now (except if you want anon sessions for other reasons).
  1726     * Fix moin_session code to delete invalid session cookies and also create
  1727       a new session cookie if it got a valid user_obj at the same time.
  1728     * Fix xmlrpc applyAuthToken: give good error msg for empty token.
  1729     * Fixed category search, use category:CategoryFoo as search term.
  1730     * xapian_stemming = False (changed default) to workaround some problems
  1731       in the code enabled by it. Fixes the problems when searching for
  1732       lowercase or numeric titles or word fragments with the builtin search.
  1733     * Fix trail for anon users without a session, do not show a single page.
  1734     * Fix MoinMoinBugs/WikiSyncComplainsAboutTooOldMoin.
  1735     * Wiki parser: fixed strange insertion of unwanted paragraphs.
  1736     * Wiki parser: fix interwiki linking:
  1737       Free interwiki links did not change since 1.5 (they still require to match
  1738       [A-Z][A-Za-z]+ for the wikiname part, i.e. a ASCII word beginning with an
  1739       uppercase letter).
  1740       Bracketed interwiki links now behave similar to how they worked in 1.5:
  1741       Moin just splits off the part left of the colon - no matter how it looks
  1742       like. It then tries to find that in the interwiki map. If it is found,
  1743       a interwiki link gets rendered. If it is not found, moin will render a
  1744       link to a local wiki page (that has a colon in the pagename). It will
  1745       also render a local wiki page link if there is no colon at all, of course.
  1746       Examples:
  1747       [[lowercasewikiname:somepage]] does an interwiki link (if in the map).
  1748       [[ABC:n]] does a local link to page ABC:n (if ABC is NOT in the map).
  1749     * Wiki parser: fix interwiki linking for the case that there are query args
  1750       in the interwiki map entry and you give additional query args via link
  1751       markup (uses correct query arg separator now), e.g.:
  1752       [[Google:searchterm|search this|&foo=bar]]
  1753     * Creole parser: fixed bug that prevents images inside links.
  1754     * Python parser: catch indentation error.
  1755     * PageEditor: fixed copyPage for write restricted pages.
  1756     * GUI editor: fixed javascript error with too complex word_rule regex,
  1757       see MoinMoinBugs/GuiEditorSyntaxError.
  1758     * Fixed FCKeditor dialog boxes for FireFox3.
  1759     * NewPage macro/newpage action: fixed for non-ascii template pagenames.
  1760     * FootNote macro: Fix MoinMoinBugs/FootNoteNumbering.
  1761     * EmbedObject macro: bug fix for image mimetype
  1762     * WSGI:
  1763       * fix TWikiDraw saving a drawing by also evaluating the query args.
  1764       * work around unpythonic WSGI 1.0 read() API, fixing broken xmlrpc
  1765         putPage with mod_wsgi
  1766     * Fix highlighting (see MoinMoinBugs/SearchForPagesWithComments).
  1767     * Fix logfile code for EACCESS errors.
  1768     * Removed the "logging initialized" log messages because it was issued once
  1769       per request for CGI.
  1771   Other changes:
  1772     * Show "Comments" toggling link in edit bar only if the page really
  1773       contains comments.
  1774     * Made default configuration of surge protection a bit more forgiving,
  1775       especially for edit action which is currently also used for previews.
  1776     * Updated i18n, system/help pages, added Macedonian system text translation.
  1777     * Improved moin xmlrpc write command's builtin docs and auto-append
  1778       ?action=xmlrpc2 to the target wiki url given.
  1781 Version 1.6.1:
  1782   New features:
  1783     * Improved params for [[target|label|params]]:
  1784       Added accesskey link tag attribute, e.g.: [[target|label|accesskey=1]].
  1785       Additionally to specifying link tag attributes (like class=foo), you can
  1786       now also specify &key=value for getting that into the query string of
  1787       the link URL.
  1788       The "&" character is important, don't forget it or it won't get into the
  1789       query string!
  1790       E.g. for an attachment, you can use:
  1791       [[attachment:foo.pdf|Direct download of foo.pdf|&do=get]]
  1792       E.g. for linking to some specific diff, you can use:
  1793       [[SomePage|see that diff|&action=diff,&rev1=23,&rev2=42]]
  1794       See also the updated HelpOnLinking page!
  1795     * AdvancedSearch: make multipe categories/languages/mimetype selections possible
  1796     * Added a configuration directive to only do one bind to the LDAP server.
  1797       This is useful if you bind as the user the first time.
  1798       ldap_bindonce = False # default
  1800   Fixes:
  1801     * Fix XSS issue in login action.
  1802     * Fix wrong pagename when creating new pages on Mac OS X - that was a big
  1803       showstopper for moin 1.6.0 on Mac OS X.
  1804     * Fixed 1.6 migration script:
  1805       Make sorting python 2.3 compatible.
  1806       Just skip corrupted event log lines.
  1807       Fix link conversion by using data.pre160 as data_dir.
  1808       Fix bad /InterWiki pagenames when encountering interwiki links with bad
  1809       wiki names.
  1810       Improve ImageLink conversion by using its argument parser code.
  1811       Added STONEAGE_IMAGELINK (default: False) switch to wiki markup converter,
  1812       toggle it if you had a very old ImageLink macro in production and the
  1813       converter output has target and image interchanged.
  1814       Fixed UnicodeDecodeError for wrongly encoded attachment filenames.
  1815     * Wiki parser:
  1816       Fix parsing of link/transclusion description and params.
  1817       Fix relative attachment targets.
  1818       Fix supported URL schemes (some got lost since 1.5.8).
  1819       Showing an upload link for non-existing non-text/non-image transclusions
  1820       now (like e.g. *.pdf).
  1821     * RST parser: fix attachment: and drawing: processing
  1822     * Fix quickhelp when editing RST markup pages.
  1823     * Fix Despam action: editor grouping was broken, increase time interval
  1824       to 30 days.
  1825     * Fix AdvancedSearch domain:system search crashing.
  1826     * Only switch off xapian search if we didn't use it because of missing index.
  1827     * Fix saving twikidraw drawings by removing 'java' from spider regex.
  1828     * Fix classic theme's unsubscribe icon's action link.
  1829     * Fix AttachFile action: don't show unzip for packages, only show install
  1830       for superuser.
  1831     * Fix "su user" troubles on UserPreferences.
  1832     * Removed unit tests from ?action=test (due to changes in our test
  1833       environment, using py.test now, this was broken).
  1834     * Duplicated the top directories' to wiki/server/ so it gets
  1835       installed by
  1836     * Fix MoinMoinBugs/1.6.0LanguageIgnoreBrowserConfigurationError
  1837     * Fix MoinMoinBugs/MoveAttachmentNotWorkingWithModPython
  1838     * Fix MoinMoinBugs/1.6.0SupplementationAndAccessRights
  1839     * Fix MoinMoinBugs/RenamingUserAllowsOldUsernameToLogin
  1840     * Fix MoinMoinBugs/GuiEditorExcelPasteExpatErrorUnboundPrefix
  1842   Other changes:
  1843     * I18n texts, system and help pages updated, please update your underlay
  1844       directory (see wiki/underlay/...).
  1845     * Improved "moin" script help, invoke it with "moin ... package command --help".
  1846     * Added some .ext -> mimetype mappings missing on some systems (like Mac OS X).
  1847     * Removed ImageLink macro, as this can be easily done with moin wiki link
  1848       syntax now - see HelpOnMacros/ImageLink (the 1.6 migration scripts convert
  1849       all ImageLink calls to moin wiki link syntax).
  1850     * Updated EmbedObject macro.
  1853 Version 1.6.0:
  1854  * This is a reduced CHANGES, ommitting details from rc/beta test and also
  1855    less interesting minor changes and fixes. If you want to see full detail,
  1856    read it there:
  1858    It took MoinMoin development a lot of work and time to implement all the new
  1859    and fixed stuff, so please, before asking for support:
  1860    * take the time to read all the stuff below
  1861    * read the new help pages (copy them from wiki/underlay/ directory)
  1863  * HINT: If you are upgrading from a older moin version and want to keep your
  1864    existing data directory, it is essential that you read and follow
  1865    README.migration because the wiki markup and user profiles changed significantly.
  1866    See also more HINTs below...
  1868   New features: ==============================================================
  1870   User interface: ------------------------------------------------------------
  1871     * Removed "underscore in URL" == "blank in pagename magic" - it made more
  1872       trouble than it was worth. If you still want to have a _ in URL, just
  1873       put a _ into pagename.
  1874     * Discussion pages, see FeatureRequests/DiscussionAndOrCommentPages.
  1875     * cfg.password_checker (default: use some simple builtin checks for too
  1876       easy passwords and, if available, python-crack).
  1877       Use password_checker = None to disable password checking.
  1878     * We now have a drafts functionality (no */MoinEditorBackup pages any
  1879       more):
  1880       * If you edit a page and cancel the edit, use preview or save, a draft
  1881         copy gets saved for you to a internal cache area (data/cache/drafts/).
  1882       * If it is a save what you did and it succeeds, the draft copy gets
  1883         killed right afterwards.
  1884       * If you accidentally used cancel or your browser or machine crashes
  1885         after you used preview, then just visit that page again and edit it.
  1886         the editor will notify you that there is a draft of this page and you
  1887         will see a "Load draft" button. Click on it to load the draft into the
  1888         editor and save the page.
  1889       * The draft storage is per user and per page, but only one draft per page.
  1890     * cfg.quicklinks_default and cfg.subscribed_pages_default can be used to
  1891       preload new user profiles with configurable values.
  1892     * attachment links for non-existing attachments look different now:
  1893       the note about the non-existing attachment moved to the link title,
  1894       the link is shown with nonexistent class (grey).
  1895     * attachment embeddings for non-existing attachments show a grey clip
  1896     * The list of InterWiki sites is editable in the wiki (page InterWikiMap),
  1897       it is getting reloaded every minute.
  1898     * We support some new languages and also have new underlay pages, thanks
  1899       to all translators and people helping with the docs!
  1901   Actions: -------------------------------------------------------------------
  1902     * Synchronisation of wikis using the SyncPages action.
  1903     * Xapian (see based indexed search code.
  1904       To use this:
  1905       * Install xapian-core and xapian-bindings on your machine.
  1906         We used 0.9.4, but newer code should hopefully work, too.
  1907       * cfg.xapian_search = True
  1908       * Execute this to build the index:
  1909         $ moin ... index build   # indexes pages and attachments
  1910         $ moin ... index build --files=files.lst  # same plus a list of files
  1911         You should run those commands as the same user you use for your wiki,
  1912         usually this is the webserver userid, e.g.:
  1913         $ sudo -u www-data moin --config=... \
  1914                index build --files=files.lst
  1915     * New searches:
  1916         - LanguageSearch: language:de
  1917         - CategorySearch: category:Homepage
  1918         - MimetypeSearch: mimetype:image/png (for attachments/files)
  1919         - DomainSearch: domain:underlay or domain:standard
  1920         - History Search: available in advanced ui
  1921       Note: Some currently only available when Xapian is used.
  1922     * New config options and their defaults:
  1923         xapian_search        False  enables xapian-powered search
  1924         xapian_index_dir     None   directory for xapian indices
  1925                                     (can be shared for wiki farms)
  1926         xapian_stemming      True   toggles usage of stemmer, fallback
  1927                                     to False if no stemmer installed
  1928         search_results_per_page 10  determines how many hits should be
  1929                                     shown on a fullsearch action
  1930         xapian_index_history False  indexes all revisions of pages to
  1931                                     allow searching in their history
  1932     * Speeded up linkto search by avoiding read locks on the pagelinks file.
  1934     * The action menu now calls the actions for the revision of the page you
  1935       are currently viewing. If you are viewing the current page revision, you
  1936       get the same behaviour as in moin 1.5, but if you are viewing an old
  1937       page revision, action "raw" will now show you the raw text of this OLD
  1938       revision (not of the current revision as moin 1.5 did it).
  1939       Note that not every action does evaluate the rev=XX parameter it gets.
  1940       Also please note that the edit, info, ... links in the editbar do NOT
  1941       use the rev parameter, but operate on the latest page revision (as
  1942       they did in moin 1.5).
  1943     * Info action lost the links for "raw", "print" and "revert" actions,
  1944       because you can now just view an old revision and select those actions
  1945       from the menu there.
  1947     * ?action=sitemap emits a google sitemap (XML), listing all your wiki pages
  1948       and the wiki root URL.
  1949       Page                      Priority / Frequency / Last modification
  1950       --------------------------------------------------------------------
  1951       /                         1.0 / hourly / <now>
  1952       cfg.page_front_page       1.0 / hourly / page last edit
  1953       TitleIndex,RecentChanges  0.9 / hourly / <now>
  1954       content pages             0.5 / daily / page last edit
  1955       system/help pages         0.1 / yearly / page last edit
  1957     * Action DeletePage and RenamePage can now be used for subpages of a page, too.
  1958     * Added Action CopyPage so you can use now an existing page or page hierarchy
  1959       as template for a new page, see FeatureRequests/CloneOrCopyPages.
  1960     * "Package Pages" action supports attachments now.
  1961     * Added SisterPages support:
  1962       * action=sisterpages will generate a list of url pagename lines for all
  1963         pages in your moin wiki.
  1964       * action=pollsistersites will poll all sister sites listed in
  1965         cfg.sistersites = [(wikiname, fetchURL), ...]
  1966         The fetch URL for the sistersites depends on the wiki engine, e.g.:
  1967         # moin based wiki:
  1968         ('MoinExample', '')
  1969         # oddmuse based wiki:
  1970         ('EmacsWiki', '')
  1971         # JspWiki based wiki:
  1972         ('JspWiki', '')
  1973       * If the current page exists on some sister wiki, a link to it will be
  1974         added to the navibar.
  1975       You can use sister wikis for adding another dimension to your wiki UI: use
  1976       it for simple multi language support, or for comments, or anything else
  1977       "related" you need.
  1978       TODO: add sistersites_force with sister sites we link to even if they do not
  1979             have the page yet (will work only for moin as we don't know
  1980             pagename>url transformation of other wikis)
  1981     * showtags action that lists all tags related to a page.
  1982     * action=view does use mimetypes of EmbedObject too and text files will be shown
  1983       by using their colorized parsers
  1985   Macros: --------------------------------------------------------------------
  1986     * RecentChanges:
  1987       * If a change has happened after your bookmark, the updated/new/renamed
  1988         icon links to the bookmark diff.
  1989       * If a page does not exist any more (because it was deleted or renamed),
  1990         we link the deleted icon to the diff showing what was deleted (for the
  1991         delete action). For the rename action, we just show the deleted icon.
  1992     * Conflict icon in RecentChanges is shown if a edit conflict is detected.
  1993     * Enhanced SystemAdmin's user browser, so a SuperUser can enable/disable
  1994       users from there.
  1995     * Included EmbedObject macro for embedding different major mimetypes:
  1996       application, audio, image, video, chemical, x-world. 
  1997       You are able to change the defaults of allowed mimetypes in the config
  1998       var mimetypes_embed. The config var mimetypes_xss_protect is used to deny
  1999       mimetypes. The order of both variables is Allow, Deny (mimetypes_embed,
  2000       mimetypes_xss_protect).
  2001     * Added support for @SELF to the NewPage macro.
  2002     * GetText2 macro that allows to translate messages that contain data.
  2003     * Make the FootNote macro filter duplicates and display a list of numbers
  2004       instead of a list of identical footnotes. Thanks to Johannes Berg for the
  2005       patch.
  2007   Parsers: -------------------------------------------------------------------
  2008     * Moin Wiki parser: Changed markup for links, images and macros, see these
  2009       wiki pages: HelpOnLinking, HelpOnMacros
  2010     * New wiki markup for /* inline comments */ - they get rendered as a span
  2011       with class="comment", see next item:
  2012     * There is a new item in the edit bar: "Comments". If you click it, the
  2013       visibility of all class "comment" tags will be toggled. There is a user
  2014       preferences item "show_comments" to set if the default view shows them or not.
  2015     * The wiki parser can be used with css classes now:
  2016       {{{#!wiki comment
  2017       This will render output within a div with class "comment".
  2018       You can use any wiki markup as usual.
  2019       }}}
  2020       You can also combine multiple css classes like this:
  2021       {{{#!wiki red/dotted/comment
  2022       This will render a red background, dotted border comment section.
  2023       }}}
  2024       The same thing will work for any other css classes you have.
  2025       If the css classes contain the word "comment", they will trigger some
  2026       special feature, see next item:
  2027     * Wiki nested parser/pre sections work now, using this syntax:
  2028       a) just use more curly braces if you have 3 closing in your content:
  2029          {{{{
  2030          }}} <- does not terminate the section!
  2031          }}}}
  2032       b) use {{{ + some magic string:
  2033          {{{somemagicstring
  2034          }}} <- does not terminate the section!
  2035          somemagicstring}}}
  2036       c) {{{whatever#!python
  2037          # py code
  2038          whatever}}}
  2039       Pitfall: stuff like below does not work as it did in 1.5:
  2040          {{{aaa
  2041          bbb}}}
  2042       Solution:
  2043          {{{
  2044          aaa
  2045          bbb
  2046          }}}
  2047     * Added support for ircs: URLs (secure IRC).
  2048     * New text/creole parser that allows you to use WikiCreole 1.0 markup,
  2049       use #format creole.
  2050     * HTML parser (called "html") that allows you to use HTML on the page.
  2051       Thanks to the trac team for the nice code.
  2052     * Added the diff parser from ParserMarket, thanks to Emilio Lopes, Fabien
  2053       Ninoles and Juergen Hermann.
  2055   XMLRPC: --------------------------------------------------------------------
  2056     * actions_excluded now defaults to ['xmlrpc'] - this kind of disables the
  2057       built-in wiki xmlrpc server code (not completely: it will just answer
  2058       with a Fault instance for any request). If you want to use xmlrpc v1 or
  2059       v2, you have to remove 'xmlrpc' from the actions_excluded list (for
  2060       example if you want to use wikisync, mailimport or any other feature
  2061       using xmlrpc). If you enable xmlrpc, it will be possible that someone
  2062       changes your wiki content by using xmlrpc (it will of course honour ACLs).
  2063     * New XMLRPC methods (see doc strings for details):
  2064       * getMoinVersion
  2065       * system.multicall -- multicall support
  2066       * Authentication System: getAuthToken/appyAuthToken
  2067       * getDiff -- method to get binary diffs
  2068       * mergeDiff -- method to local changes remotely
  2069       * interwikiName -- method to get the IWID and the interwiki moniker
  2070       * getAllPagesEx -- method to get the pagelist in a special way (revnos,
  2071         no system pages etc.)
  2072       * getAuthToken -- make and authentication token by supplying username/password
  2073       * applyAuthToken -- set request.user for following xmlrpc calls (within the
  2074                           same multicall)
  2075       * getUserProfile -- method to get user profile data for request.user
  2076     * Added XMLRPC methods for attachment handling. Thanks to Matthew Gilbert.
  2077     * XMLRPC putPage method adjusted to new AuthToken, config vars 
  2078       xmlrpc_putpage_enabled and xmlrpc_putpage_trusted_only removed.
  2080   Scripts / Commandline interface: -------------------------------------------
  2081     * moin export dump now better conforms to the theme guidelines.
  2082     * Added a --dump-user option to the moin export dump command.
  2083       Thanks to Oliver O'Halloran.
  2085   Security / Auth / AntiSpam / etc.: -----------------------------------------
  2086     * Hierarchical ACLs are now supported, i.e. pages inheriting permissions
  2087       from higher-level pages. See HelpOnAccessControlLists.
  2088     * If you have "#acl" (without the quotes) on a page, this means now:
  2089       "this page has own (empty) ACLs, so do not use acl_rights_default here"
  2090       Please note that this is COMPLETELY DIFFERENT from having no ACL line at
  2091       all on the page (acl_rights_default is used in that case).
  2092     * Antispam master url is now configurable via cfg.antispam_master_url.
  2093       The default is to fetch the antispam patterns from MoinMaster wiki.
  2094     * Antispam now checks the edit comments against BadContent also.
  2095     * TextCHAs (text-form CAPTCHAs).
  2096       Due to increasingly annoying wiki spammers, we added the option to use
  2097       TextCHAs (for page save (not for preview!), for attachment upload, for
  2098       user creation (not for profile save)).
  2099       This function is disabled by default. If you run a wiki that is editable
  2100       by anonymous or non-approved users from the internet (i.e. All: or Known:
  2101       in ACL terms), you should enable it in your wiki config by:
  2102       textchas = { # DO NOT USE EXACTLY THESE QUESTIONS!!!
  2103           'en': {
  2104               u'H2O is ...': u'water', # bad: too common
  2105               u'2 apples and three bananas makes how many fruits?': ur'(five|5)', # good
  2106               u'2 apples and three pigs makes how many fruits?': ur'(two|2)', # good
  2107               u'2+3': ur'5', # bad: computable
  2108               u'
  2109           },
  2110           'de': { # for german users
  2111               u'H2O ist ...': u'wasser',
  2112           },
  2113       }
  2114       This means that english users will get some random question from the 'en'
  2115       set, german users will get some from the 'de' set. If there is no 'de'
  2116       set configured, moin will fallback to language_default and then to 'en',
  2117       so make sure that you at least have a 'en' set configured (or whatever
  2118       you have set as language_default).
  2119       You need to use unicode for the questions and answers (see that u"...").
  2120       For the answer, you need to give a regular expression:
  2121       * In the easiest case, this is just some word or sentence (first en
  2122         example). It will be matched in a case-insensitive way.
  2123       * For more complex stuff, you can use the power of regular expressions,
  2124         e.g. if multiple answers are correct (second en example). Any answer
  2125         matching the regular expression will be considered as correct, any
  2126         non-matching answer will be considered as incorrect.
  2128       Tipps for making it hard to break for the spammers and easy for the users:
  2129       * Use site-specific (not too common) questions.
  2130       * Don't use too hard questions (annoys legitimate users).
  2131       * Don't use computable questions.
  2132       * Don't reuse textchas from other sites.
  2134       textchas_disabled_group = None # (default)
  2135       Set this to some group name and noone in this group will get textchas.
  2136       E.g.: textchas_disabled_group = u'NoTextChasGroup'
  2138     * The login page gives now the possibility to recover a lost password, thanks to 
  2139       Oliver Siemoneit. This is especially useful for wikis where access to user 
  2140       preferences is restricted by acl.
  2141     * Session handling for logged-in users and (not by default due to expiry
  2142       problems) anonymous users.
  2143     * Updated the ldap_login code from 1.5 branch, supports TLS now.
  2144       See MoinMoin/config/ for supported configuration options
  2145       and their defaults (and please just change what you need to change,
  2146       in your wikiconfig).
  2147     * Interwiki auth: You need to define cfg.trusted_wikis and
  2148        cfg.user_autocreate to use it. Logging in works by entering:
  2149       Name: RemoteWikiName RemoteUserName
  2150       Password: remotepass
  2151       Then moin contacts RemoteWikiName after looking it up in the interwiki
  2152       map and tries to authenticate there using RemoteUserName and remotepass.
  2153       If it succeeds, the remote wiki will return the remote user profile items
  2154       and your local moin will autocreate an account with these values.
  2156   Server / Network / Logging: ------------------------------------------------
  2157     * The standalone server script moved to the toplevel directory. This makes
  2158       it possible to directly start without additional configuration
  2159       to run a MoinMoin DesktopEdition like wiki setup.
  2160       Be careful: DesktopEdition uses relaxed security settings only suitable
  2161       for personal and local use.
  2162     * Added TLS/SSL support to the standalone server. Thanks to Matthew Gilbert.
  2163       To use TLS/SSL support you must also install the TLSLite library
  2164       ( Version 0.3.8 was used for development and
  2165       testing.
  2167     * cfg.log_reverse_dns_lookups [default: True] - you can set this to False
  2168       if rev. dns lookups are broken in your network (leading to long delays
  2169       on page saves). With False, edit-log will only contain IP, not hostname.
  2170     * Added support for "304 not modified" response header for AttachFile get
  2171       and rss_rc actions - faster, less traffic, less load.
  2173     * Added logging framework, using stdlib's "logging" module. Just do
  2174       import logging ; logging.debug("your text"). Depending on configuration
  2175       in the server Config class, your stuff will be written to screen (stderr),
  2176       to a moin logfile, to apache's error.log, etc.:
  2177       logPath = None # 'moin.log'
  2178       loglevel_file = None # logging.DEBUG/INFO/WARNING/ERROR/CRITICAL
  2179       loglevel_stderr = None # logging.DEBUG/INFO/WARNING/ERROR/CRITICAL
  2180       NOTE: this is NOT in wikiconfig, but e.g. in moin.cgi or or ...
  2182     * Added some experimental and disabled code, that uses x-forwarded-for
  2183       header (if present) to get the right "outside" IP before a request
  2184       enters our chain of trusted (reverse) proxies.
  2185       This code has the problem that we can't configure it in wikiconfig, so
  2186       if you want to use it / test it, you have to edit the moin code:
  2187       MoinMoin/request/ - edit proxies_trusted (near the top).
  2188       We will try to make this easier to configure, but there was no time left
  2189       before 1.6.0 release for doing bigger code refactorings needed for that.
  2191   Mail: ----------------------------------------------------------------------
  2192     * You can send email to the wiki now (requires xmlrpc), see:
  2193       FeatureRequests/WikiEmailIntegration, HelpOnConfiguration/EmailSupport
  2195     * Mail notifications contain a link to the diff action so the user
  2196       can see the coloured difference more easily. Thanks to Tobias Polzin.
  2198   Other changes: =============================================================
  2199     * HINT: please copy a new version of your server script from the wiki/server/
  2200       directory and edit it to match your setup.
  2201     * HINT: instead of "from MoinMoin.multiconfig import DefaultConfig" you
  2202       need to use "from MoinMoin.config.multiconfig import DefaultConfig" now.
  2203       You need to change this in your or file.
  2204       See MoinMoin/ for an alternative way if you can't do that.
  2205     * HINT: you need to change some imports (if you have them in your config):
  2206       Old: from MoinMoin.util.antispam import SecurityPolicy
  2207       New: from import SecurityPolicy
  2208       Old: from MoinMoin.util.autoadmin import SecurityPolicy
  2209       New: from import SecurityPolicy
  2210     * HINT: you need to change your auth stuff, the new way is:
  2211       from MoinMoin.auth import moin_login, moin_session
  2212       from MoinMoin.auth.http import http
  2213       auth = [http, moin_login, moin_session]
  2214       Do it in a similar way for other auth methods.
  2215     * HINT: you need to change your url_prefix setting in 2 ways:
  2216       1. The setting is now called url_prefix_static (to make it more clear
  2217          that we mean the static stuff, not the wiki script url).
  2218       2. The strongly recommended (and default) value of it is '/moin_static160'
  2219          for moin version 1.6.0 (and will be ...161 for moin 1.6.1). It is
  2220          possible and recommended to use a very long cache lifetime for static
  2221          stuff now (Expires: access plus 1 year), because we require to change
  2222          the URL of static stuff when the static stuff changes (e.g. on a
  2223          version upgrade of moin) to avoid problems with stale cache content.
  2224          Your moin will be faster with lower load and traffic because of this.
  2225          For standalone server, we use 1 year expiry for static stuff now.
  2226          For Apache, Lighttpd and other "external" servers, you have to care
  2227          for configuring them to use a long expiry and change url_prefix_static
  2228          related configuration on upgrade.
  2229       HINT: if you run standalone or Twisted server, the easiest way to get a
  2230             working configuration (with server configuration matching wiki
  2231             configuration) is to NOT set url_prefix_static at all. Moin will
  2232             use matching configuration defaults in this case.
  2233     * url_prefix_action ['action'] was introduced for lowering load and traffic
  2234       caused by searchengine crawlers. Up to now, crawlers where causing a high
  2235       load in internet moin wikis because they tried to get about everything,
  2236       including all actions linked from the user interface.
  2237       Known crawlers only get 403 for most actions, but nevertheless they first
  2238       tried. There was no means keeping them away from actions due to the rather
  2239       braindead robots.txt standard. You can only disallow pathes there, but
  2240       moin's actions were querystring based, not path based (this would need
  2241       regex support in robots.txt, but there is no such thing).
  2242       This changed now. Moin is able to generate action URLs you can handle in
  2243       robots.txt, like /action/info/PageName?action=info. So if you don't want
  2244       bots triggering actions, just disallow /action/ there. Keep in mind that
  2245       attachments are handled by /action/AttachFile, so if you want attached
  2246       files and pictures indexed by search engine, don't disallow
  2247       /action/AttachFile/ in your robots.txt. In order to use this feature,
  2248       set url_prefix_action in your wikiconfig to e.g. "action".
  2249     * We use (again) the same browser compatibility check as FCKeditor uses
  2250       internally, too. So if GUI editor invocation is broken due to browser
  2251       compatibility issues or a wrong browser version check, please file a bug
  2252       at FCKeditor development or browser development.
  2253     * HINT: We removed Lupy based indexed search code. If you were brave enough
  2254       to use cfg.lupy_search, you maybe want to try cfg.xapian_search instead.
  2256   Developer notes: ===========================================================
  2257     * We moved the IE hacks to theme/css/msie.css that gets included after all
  2258       other css files (but before the user css file) using a conditional
  2259       comment with "if IE", so it gets only loaded for MSIE (no matter which
  2260       version). The file has some standard css inside (evaluated on all MSIE
  2261       versions) and some * html hacks that only IE < 7 will read.
  2262       HINT: if you use custom themes, you want to update them in the same way.
  2263     * autofilters for databrowser widget. Thanks to Johannes Berg for the patch.
  2264     * changed formatter.attachment_link call (it is now more flexible,
  2265       because you can render the stuff between link start and link end yourself)
  2266     * Page.url() does not escape any more. You have to use wikiutil.escape()
  2267       yourself if you want to write the URL to HTML and it contains e.g. &.
  2268     * The testing wikiconfig moved to tests/, the testing wiki
  2269       is now created in tests/wiki/...
  2270     * HINT: Killed "processors" (finally), formatter method changed to:
  2271       formatter.parser(parsername, lines)
  2272     * Refactored some actions to use ActionBase base class.
  2273     * Moved "test" action from wikiaction to MoinMoin/action/
  2274       (and use ActionBase).
  2275     * Moved MoinMoin/ to MoinMoin/config/
  2276     * Moved MoinMoin/ to MoinMoin/config/
  2277     * Moved "SystemInfo" macro from wikimacro to MoinMoin/macro/.
  2278     * Moved stuff to MoinMoin/action/
  2279     * Moved stuff to MoinMoin/macro/
  2280     * Moved stuff to MoinMoin/xmlrpc/
  2281     * Moved stuff to action/ (only used from there).
  2282     * Moved formatter/ to formatter/ (FormatterBase).
  2283     * Moved util/ to parser/
  2284     * Moved / splitted into MoinMoin/request/*.
  2285       Most stuff will be broken, please help fixing it (usually some imports
  2286       will be missing and the adaptor script will need a change maybe):
  2287       Tested successfully: CGI, CLI, STANDALONE, FCGI, TWISTED
  2288     * Moved to security/
  2289     * Moved to security/
  2290     * Moved logfile/ to logfile/
  2291     * Moved to mail/
  2292     * Moved util/ to mail/
  2293     * Moved to auth/
  2294       Moved util/ to auth/
  2295       teared auth code into single modules under auth/* - moin_session handling
  2296       and the builting moin_login method are in auth/
  2297     * Added wikiutil.MimeType class (works internally with sanitized mime
  2298       types because the official ones suck).
  2299     * Renamed parsers to module names representing sane mimetypes, e.g.:
  2300 -> parser.text_moin_wiki
  2301     * Added thread_monitor debugging aid. It can be activated using:
  2302       from MoinMoin.util import thread_monitor; thread_monitor.activate_hook()
  2303       and then triggered by requesting URL ...?action=thread_monitor - please
  2304       be aware that monitoring threads has a big performance impact on its own,
  2305       so you only want to temporarily enable this for debugging.
  2306       By default, it dumps its output to the data_dir as tm_<timestamp>.log,
  2307       you can change this at bottom of action/ if you want to
  2308       see output in your browser.
  2309     * Introduced scope parameter to CacheEntry() - if you specify 'farm', it
  2310       will cache into a common directory for all wikis in the same farm, if you
  2311       specify 'wiki', it will use a cache directory per wiki and if you specify
  2312       'item', it will use a cache directory per item (== per page).
  2313       Creating a CacheEntry without explicit scope is DEPRECATED.
  2314     * Smileys moved from MoinMoin.config to MoinMoin.theme.
  2315     * Removed all _ magic in URLs and filenames.
  2316     * request.action now has the action requested, default: 'show'.
  2317     * Cleaned up duplicated http_headers code and DEPRECATED this function
  2318       call (it was sometimes confused with setHttpHeaders call) - it will
  2319       vanish with moin 1.7, so please fix your custom plugins!
  2320       The replacement is:
  2321           request.emit_http_headers(more_headers=[])
  2322       This call pre-processes the headers list (encoding from unicode, making
  2323       sure that there is exactly ONE content-type header, etc.) and then
  2324       calls a server specific helper _emit_http_headers to emit it.
  2325       Tested successfully: CGI, STANDALONE, FCGI, TWISTED
  2326     * setResponseCode request method DEPRECATED (it only worked for Twisted
  2327       anyway), just use emit_http_headers and include a Status: XXX header.
  2328       Method will vanish with moin 1.7.
  2329     * cfg.url_prefix is DEPRECATED, please use cfg.url_prefix_static.
  2330     * d['title_link'] is not supported any more. You can easily make that link
  2331       on your own in your theme, see example in MoinMoin/theme/,
  2332       function "title".
  2333     * There is a new Page method called Page.get_raw_body_str that returns
  2334       the encoded page body. This is useful if you just deal with byte data
  2335       (e.g. while generating binary diffs).
  2336     * The TagStore/PickleTagStore system is used to store the syncronisation tags.
  2337     * XMLRPC functions may return Fault instances from now on
  2338     * Moin got multicall support, including a module that makes it usable on the
  2339       client-side without requiring Python 2.4
  2340     * Added no_magic to text_html formatter to disable tag autoclosing.
  2341     * MOIN_DEBUG can be set in the environment to let MoinMoin ignore exceptions
  2342       that would lead to a traceback in the browser. Thanks to Raphael Bossek.
  2343     * There is a new MoinMoin.Page.ItemCache class now with automatic cache
  2344       invalidation based on global edit-log. We currently use it to cache page
  2345       acls, speedup Page.get_rev and reading the page local edit-log.
  2346     * Added wikiutil.renderText parse and format raw wiki markup with all page elements.
  2347     * The user file format has changed, old files will be read correctly but
  2348       will silently be upgraded to the new format so old versions will not
  2349       read the new files correctly (this only affects 'subscribed_pages' and
  2350       'quicklinks' which will be lost when downgrading.)
  2353 Version 1.5.8:
  2354   New features:
  2355     * Added timing.log to help performance debugging. Use cfg.log_timing = True
  2356       to update <data_dir>/timing.log (default is False, meaning no logging).
  2358       Example log entries:
  2361       Timestamp       PID   Timing Flag action     URL
  2362       -----------------------------------------------------------------------------
  2363       20070512 184401 22690 vvv         None
  2364       20070512 184401 22690 0.267s    - show
  2366       Timestamp: YYYYMMDD HHMMSS (UTC)
  2367       PID: the process ID of the moin process
  2368       Timing: when action starts, it will be "vvv"
  2369               when it ends, it logs the total time it needed for execution
  2370       Flag (some are only logged at end of action):
  2371       +   Page exists
  2372       -   Page does not exist
  2373       B   user agent was recognized as bot / spider
  2374       !x! Action took rather long (the higher the x, the longer it took - this
  2375           makes it easy to grep for problematic stuff).
  2376       Action: action name (None is when no action was specified, moin assumes
  2377               "show" for that case)
  2378       URL: the requested URL
  2380       For more information about tuning your moin setup, see:
  2382     * Added support for ircs, webcal, xmpp, ed2k and rootz protocols - we
  2383       moved all protocols to config.url_schemas, so this is not empty any more.
  2384       It is possible to use these protocols now on wiki pages and in the
  2385       navi_bar. We just generate the URLs, it is up to your browser what it
  2386       does when clicking on those links.
  2387     * cfg.traceback_show (default: 1) can be used to disable showing tracebacks.
  2388       cfg.traceback_log_dir (default: None) can be used to set a directory
  2389       that is used to dump traceback files to. Your users will get a notice to
  2390       which (random) file in that directory the traceback was been written.
  2391       NOTE: while you can feel free to set traceback_show = 0 and
  2392       traceback_log_dir = None, we will also feel free to reject bug reports
  2393       when you (or your site's users) don't give us enough information (like a
  2394       traceback file) to debug the problem. If you set traceback_show = 0,
  2395       we recommend pointing traceback_log_dir to a directory with reasonable
  2396       free space and putting a page onto your wiki that describes who has to
  2397       get contacted (usually the wiki server admin) in case a traceback happens.
  2398       The admin can then locate the traceback file and submit it to moin
  2399       development, if the bug is not already known (see MoinMoin:MoinMoinBugs).
  2400       Of course we will also need all the other details of a bug report, not
  2401       only the traceback file.
  2403   Other changes:
  2404     * Updated spider agents list.
  2405     * Reduce bot/spider cpu usage for SystemInfo, OrphanedPages, WantedPages,
  2406       PageHits, PageSize, WordIndex macros (we just return nothing for bots).
  2408   Bugfixes:
  2409     * XSS fixes, see (item 1 and 2).
  2410     * ACL security fixes:
  2411       * MonthCalendar respects ACLs of day pages now.
  2412       * Check the ACL for the rst markup include directive.
  2413     * Fixed cleaning of edit comments (control chars in there could damage
  2414       edit-log).
  2415     * Fixed in-process caching of antispam patterns (didn't update the cache
  2416       for multi-process, persistent servers).
  2417     * Correct encoding/decoding for surge-log data, fixes leftover
  2418       surge-logXXXXXXX.tmp files in data/cache/surgeprotect.
  2419     * Fixed mode of cache files (mkstemp creates them with 0600 mode).
  2420     * Symbolic entities with numbers (like &sup2;) did not work, fixed.
  2421     * We open data/error.log earlier now and we also use it for FastCGI.
  2422     * Fixed unicode cfg.page_group_regex.
  2423     * Fixed moin.spec to use english date format.
  2424     * GUI converter: fixed conversion of relative wiki links.
  2425     * Fixed NewPage macro button label to not be formatted as wiki text.
  2427 Version 1.5.7:
  2428   New features:
  2429     * added url_prefix_local which is used for stuff that must be loaded from
  2430       same site as the wiki engine (e.g. FCKeditor GUI editor applet), while
  2431       url_prefix can be a remote server serving the static files (css/img).
  2432       If not set (or set to None), url_prefix_local will default to the value
  2433       of url_prefix.
  2434     * We save some CPU and disk I/O by having EditTemplates and LikePages macro
  2435       (both used on MissingPage) check whether the requesting entity was
  2436       identified as a spider (e.g. search engine bot) and do nothing in that
  2437       case. Normal users won't see any difference.
  2438     * For AttachFile, you can now choose to overwrite existing files of same
  2439       name (nice for updating files).
  2441   Bugfixes:
  2442     * XSS Fixes:
  2443       * fixed unescaped page info display.
  2444       * fixed unescaped page name display in AttachFile, RenamePage and
  2445         LocalSiteMap actions
  2446     * WantedPages listed existing pages that are not readable for the user,
  2447       but are linked from pages that ARE readable for the user (so this is NOT
  2448       a privacy/security issue). We now don't list those pages any more as it
  2449       is pointless/confusing, the user can't read or edit there anyway.
  2450     * MoinMoin:MoinMoinBugs/TableOfContentsUsesNonExistingIncludeLinks
  2451     * MoinMoin:MoinMoinBugs/ActionsExcludedTriggerError
  2452     * GUI editor/converter:
  2453       * ignore <col>/<colgroup>/<meta> elements
  2454       * support <a> within blockquote
  2455     * Remove generated=... attribute from pagelink html output (this attr is
  2456       for internal use only). w3c validator is now happier again.
  2457     * Fixed css class "userpref" (not: "userprefs") of the Login form.
  2458     * Fixed the version number check in the xslt parser for 4suite >= 1.0.
  2459     * We reset the umask to the wanted value every request. This should fix
  2460       wrong file modes when used with Twisted (twistd uses a hardcoded 0077
  2461       umask in daemonize()).
  2462     * Avoid trouble when saving pages with antispam function when MoinMaster
  2463       wiki is having troubles (catch xmlrpc Fault).
  2465   Other changes:
  2466     * Standalone server does not do reverse DNS lookups any more (this is a
  2467       standard feature of BaseHTTPServer stdlib module, but we override this
  2468       now and just print the IP).
  2469     * We moved the IE hacks to theme/css/msie.css that gets included after all
  2470       other css files (but before the user css file) using a conditional
  2471       comment with "if IE", so it gets only loaded for MSIE (no matter which
  2472       version). The file has some standard css inside (evaluated on all MSIE
  2473       versions) and some * html hacks that only IE < 7 will read.
  2474       HINT: if you use custom themes, you want to update them in the same way.
  2475     * Improved ldap auth:
  2476       * cfg.ldap_name_attribute was removed because of new cfg.ldap_filter.
  2477         If you had ldap_name_attribute = 'sAMAccountName' before, just use
  2478         ldap_filter = '(sAMAccountName=%(username)s)' now.
  2479       * New cfg.ldap_filter used for the ldap filter string used in the ldap
  2480         search instead of the rather limited, partly hardcoded filter we used
  2481         before. This is much more flexible:
  2482         ldap_filter = '(sAMAccountName=%(username)s)'
  2483         You can also do more complex filtering expressions like:
  2484         '(&(cn=%(username)s)(memberOf=CN=WikiUsers,OU=Groups,DC=example,DC=org))'
  2485       * Added some processing to filter out result entries with dn == None.
  2486       * We set REFERRALS option to 0 before initializing the ldap server
  2487         connection (this seems to be needed for Active Directory servers).
  2488       * We support self-signed ssl certs for ldaps - completely untested.
  2489       * New cfg.ldap_surname_attribute (usually 'sn'), was hardcoded before.
  2490       * New cfg.ldap_givenname_attribute (usually 'givenName'), hardcoded before.
  2491       * New cfg.ldap_aliasname_attribute (usually 'displayName') - if this
  2492         attribute is not there or empty (in the results of the ldap lookup for
  2493         the user), we just make up the aliasname from surname and givenname
  2494         attribute.
  2495       * We only request the attributes we need from ldap (was: all attrs).
  2496       * We deny user login (and break out of auth chain) for the following cases:
  2497         * if a user is not found by ldap lookup
  2498         * if we find more than one matching entry
  2499         * if the password is empty or incorrect
  2500         * if some exception happens
  2501       * Please note that there is an updated ldap sample config in directory
  2502         wiki/config/more_samples/.
  2503       * Added experimental LDAP SSL/TLS support (untested, please help testing),
  2504         see also the sample config.
  2505     * Work around a IE7 rendering problem with long pages getting more and
  2506       more narrow. We just applied the same "fix" as we used for IE6, using
  2507       "display: none" for span.anchor for IE browsers.
  2508     * RSS feed related:
  2509       * We used to emit a <link> tag for the action=rss_rc RSS feed on any
  2510         page. This was changed, we now emit that link only on RecentChanges and
  2511         the current user's language translation of RecentChanges.
  2512         This was changed because Google Toolbar requests the RSS feed linked
  2513         by such a link tag every time it sees one. Thus, if you used the wiki
  2514         normally, it requested the RSS feed every few seconds and caused
  2515         problems due to surge protection kicking in because of that.
  2516       * HINT for custom theme users: if your theme code calls
  2517         rsslink(), then you need to change that to rsslink(d) for 1.5.7+.
  2520 Version 1.5.6:
  2521   A general security notice:
  2522       Check your Python version, there was a buffer overflow issue in Python
  2523       recently! Details:
  2525   Bugfixes:
  2526     * Fix AttributeError traceback with Standalone server (if_modified_since)
  2527     * Fix AttachFile "304 not modified" and redirect status code for Twisted
  2528     * http auth: we now decode username and password to unicode (using
  2529       config.charset == utf-8). Same for SSL client cert auth and CN.
  2530     * Avoid infinite recursion in Page.parsePageLinks.
  2531     * Fixed standalone server failing to shutdown if interface == "".
  2532     * Now MoinMoin does not think anymore that every page links to various user
  2533       homepages.
  2534     * Made the irssi parser more tolerant (Thanks to "TheAnarcat").
  2535     * Now multiple formatters can be used per request, the send_page code was
  2536       not reentrant to this regard. Fixes "empty" search results.
  2537     * Fixed problem with "=" in ImageLink macro links.
  2538     * Not a moin bug, but a silly stdlib os.tempnam function made trouble to
  2539       some people because it lets you override the path given in the code
  2540       by setting the environment variable TMP(DIR). We now use a different
  2541       function to avoid renaming trouble when TMP(DIR) points to a different
  2542       file system.
  2543     * Fixed antispam update on every save (Thanks to "TheAnarcat").
  2544     * GUI converter: don't throw away rowclass for tables.
  2545     * GUI editor formatter: allow height for table cells.
  2546     * GUI editor formatter: comment texts are output using the formatter now. 
  2548   New features:
  2549     * Mail notifications contain a link to the diff action so the user
  2550       can see the coloured difference more easily. Thanks to Tobias Polzin.
  2551     * FeatureRequests/MoveAttachments - you can move attachments from one
  2552       page to another (and also rename the attachment at the same time).
  2553       Thanks to Reimar Bauer.
  2554     * Added support for linking to attachment: and inline: URLs with ImageLink.
  2555     * Added UNIX socket support for FastCGI, just set the port to some (socket)
  2556       filename. Details see: MoinMoin:FeatureRequests/FastCgiUnixSocket
  2557     * [[Attachlist(pagename,mimetype)]] lists attachments of pagename (default:
  2558       current page) with optional mimetype restriction (default: all).
  2559       Thanks to Reimar Bauer.
  2561   Other changes:
  2562     * Minor performance improvements (might be noticeable if you have many
  2563       custom navi_bar entries and high server load).
  2564     * Avoid usage of no-cache because it breaks attachment download on IE6.
  2565       This is a IE bug, not a moin bug.
  2566     * Added XHTML to the unsafe list.
  2567     * Changed the rst parser to be compatible to the new docutils interface
  2568       for directives.
  2569     * Updated EmbedObject macro.
  2572 Version 1.5.5a:
  2573   Bugfixes:
  2574     * fixed ticket creation to only use constant values
  2576 Version 1.5.5:
  2577   HINT: read docs/README.migration.
  2578   HINT: there was NO change in the underlay/ pages since 1.5.4.
  2579   HINT: If you experience problems with the reStructured Text (rst) parser,
  2580         please downgrade docutils to "0.4" because there were major interface
  2581         breaking API refactorings on the docutils trunk.
  2583   Bugfixes:
  2584     * GUI editor fixes:
  2585       * Fixed MoinMoinBugs/GuiEditorModifiesInterwikiPreferred.
  2586       * Fixed MoinMoinBugs/TableAlignmentProbsWithGUI.
  2587     * Not a moin bug, but it severely annoyed IE users and also was less
  2588       comfortable for users of other browser: since about 1.5.4, we served
  2589       attachments with Content-Disposition: attachment - so that the user has
  2590       to save them to disk. This was to fix a possible XSS attack using attached
  2591       HTML files with Javascript inside for stealing your moin cookie or doing
  2592       other nasty things. We improved this by using different behaviour depending
  2593       on the potential danger the attached file has when served inline:
  2594       mimetypes_xss_protect = ['text/html', 'application/x-shockwave-flash', ]
  2595       This is the default value. If you know more dangerous stuff, please just
  2596       add the mimetypes there to protect your users and file a bug report
  2597       telling us what we missed.
  2598     * Fixed MoinMoinBugs/ReStructuredTextRelativeLinksBroken, thanks to Stefan
  2599       Merten.
  2600     * Make tickets used for some actions more safe.
  2602   New features:
  2603     * edit_ticketing [True] - we protect page save by a ticket (same stuff we
  2604       already use for DeletePage and RenamePage action).
  2605       NOTE: If you don't use your browser for editing, but some tool like
  2606             "editmoin" or "MoinMoin plugin for jEdit", you'll need an update
  2607             of them supporting the ticket.
  2608             Alternatively, you can use edit_ticketing = False setting - this
  2609             is not recommended for internet wikis as it will make spamming them
  2610             easier.
  2611     * If we detect some spammer, we kick him out by triggering surge protection
  2612       (if surge protection is not disabled).
  2614 Version 1.5.5rc1:
  2615   Bugfixes:
  2616     * Fixed MoinMoinBugs/XmlRpcBrokenForFastCgi - thanks to Johannes Berg.
  2617     * Fixed gui editor converter confusing of `` and {{{}}} markup.
  2618     * Fixed emission of HTTP headers (esp. Vary: Cache-Control:).
  2619     * Fixed a bad crash that happens (on ANY page!) when you put a *Dict
  2620       page's name as a member into a *Group page.
  2621     * Fix MyPages action title to use an unformatted string.
  2622     * Fix double quoted-printable encoding in generated emails (note: this is
  2623       not a moin bug - this just works around bugs in python stdlib).
  2624     * Fix mode of drawing files (use config.umask).
  2625     * Fix trouble with /?action= urls by dropping getPageNameFromQueryString
  2626       code. 
  2627     * Fixed sre unpickle issues seen on some machines by avoiding to pickle
  2628       the regex.
  2629     * Fix Clock code, add more timers.
  2630     * Worked around FastCGI problem on Lighttpd: empty lines in the error log.
  2631     * Fix (add) locking for caching's .remove() call, small fixes to lock code.
  2632     * Print error message when --target-dir=path is missing from moin export
  2633       dump command.
  2635   New features:
  2636     * Added support for "304 not modified" response header for AttachFile get
  2637       and rss_rc actions - faster, less traffic, less load.
  2638     * Limit rss with full diffs to 5 items.
  2639     * Allow surge_action_limits = None to disable surge protection.
  2640     * moin.fcg improved - if you use FastCGI, you must use the new file:
  2641       * can self-terminate after some number of requests (default: -1, this
  2642         means "unlimited lifetime")
  2643       * the count of created threads is limited now (default: 5), you can use
  2644         1 to use non-threaded operation.
  2645       * configurable socket.listen() backlog (default: 5)
  2646     * Added indonesian i18n (id).
  2647     * Some measures against spammers trying to brute force their spam into moin.
  2648     * EmbedObject macro: added mov, mpg and midi support
  2649     * moin ... export dump --target-dir=PATH --page=PAGENAME_REGEX
  2650       You must specify --target-dir (where dump will write the html files to)
  2651       and you may specify --page and either a page name or a regex used to
  2652       match all pages you want to export. Default is to export all pages.
  2654   Other changes:
  2655     * Tuning:
  2656       * more efficient locking code on POSIX platforms, we do much less I/O
  2657         for locking now
  2658       * removed most chmod calls in favour of a single os.umask call
  2659     * Improved Python 2.5 compatibility. Note: if you think that MoinMoin
  2660       is using too much RAM, you might want to look at Python 2.5 because
  2661       of its improved memory management.
  2662     * Throw away SAVE comments longer than 200 chars (you can't enter those by
  2663       the user interface, so only spammer using automatic POSTs do them).
  2664     * Updated spider user agent list.
  2665     * BadContent and LocalBadContent now get noindex,nofollow robots header,
  2666       same as POSTs.
  2667     * Standalone opens it logfile unbuffered from now on, thanks to
  2668       Carsten Grohmann.
  2669     * Avoid trouble when request.write() data contains None, just skip it -
  2670       thanks to Juergen Hermann.
  2671     * Instead of showing a ConfigurationError, moin now emits "404 Not found"
  2672       http headers and a hint about what could be wrong. This won't fill up
  2673       your logs just because of typos and spiders still trying old URLs.
  2676 Version 1.5.4:
  2677     HINT: read docs/README.migration.
  2678 Version 1.5.4-current:
  2679     * increased maxlength of some input fields from 80 to 200
  2681 Version 1.5.current:
  2682   Developer notes:
  2683     * We switched to Mercurial SCM, see here for more infos:
  2686   Bugfixes:
  2687     * fix MonthCalendar macro for non-ASCII pagenames (thanks to Jonas Smedegaard)
  2688     * remove 'search' and 'google' from bot user agent list and add some more
  2689       specific terms
  2690     * Fix the forgotten password email login URL and also properly encode the
  2691       email body. Thanks to Robin Dunn for the patch.
  2692     * Applied a patch by Matthew Gilbert for increased compatiblity with
  2693       latest docutils.
  2696 Version 1.5.3:
  2697   New Features:
  2698     * Added CSS classes for TableOfContents macro.
  2700   Bug Fixes:
  2701     * GUI editor / GUI editor converter:
  2702       * Fixed missing GUI editor link in edit bar.
  2703       * Fixed table/row/cell style spaces.
  2704       * Changed <p> generation for macros.
  2705       * Fixed handling of subpages.
  2706       * Fixed processing of complex list elements (thanks to Craig Markwardt).
  2707       * Fixed processing of html \n (thanks to Craig Markwardt).
  2708       * Fixed joining of comment lines with text below them.
  2709       * Fixed table height attribute crash.
  2710     * Fixed sslclientcert auth.
  2711     * Added some missing files to i18n processing, translatable strings more
  2712       complete now.
  2713     * Change <p> generation from self-closing (<p />) to auto-closing (only
  2714       emit <p>, let browser find place for </p>).
  2715     * Fix eating of newline before tables.
  2716     * Fixed incorrect login hint for not logged-in users trying a disallowed
  2717       action.
  2718     * Fixed nasty missing or double </a> formatter bug (mostly happening when
  2719       user has enabled questionmarks for nonexisting pages).
  2721   Other Changes:
  2722     * We catch and ignore html to wiki conversion errors in case of hitting
  2723       the cancel button, so you can get out of the error screen.
  2725 Version 1.5.3-rc2:
  2726   New Features:
  2727     * Modified SystemInfo macro to give human readable units and disk usage
  2728     * cfg.editor_quickhelp makes the quick help below the editor configurable
  2729       (at least as far as the default_markup is concerned). If set to None,
  2730       it doesn't display any quickhelp. Thanks to Seth Falcon for the patch.
  2732   Bugfixes:
  2733     * Fixed double class attribute for nonexistent links
  2734     * Fixed double </a> with qm_noexist option
  2735     * Fixed table xxx="yyy" style attribute parsing
  2736     * If not (editor_force and editor_default == 'text') then display GUI mode
  2737       switch button (this is only a partial fix, but enough to deny the GUI
  2738       mode to your users completely)
  2739     * Fixed XSS issue which could lead to cookie theft etc.
  2740     * Fixed definition list "same level" indenting.
  2741     * Fixed pagename in log for PackagePages action.
  2742     * Made <p> self-closing and line-anchors more well-behaved, thanks to
  2743       Martin Wilck for the patch. I didn't apply the <ol> patch, because this
  2744       is no real problem, just a problem of a bad standard.
  2745     * Fixed gui editor *bgcolor crash.
  2746     * Support/Fix tableclass attr with gui editor.
  2748   Other changes:
  2749     * Moved back UserPreferences action link from menu to top of page (renaming
  2750       it to "Preferences"), added "Cancel" button to make it possible to return
  2751       to the previous page without saving preferences.
  2752     * Removed formatter.url "attrs" keyword arg that took premade html, we use
  2753       separate kw args per attribute now.
  2754     * Moved broken tests to MoinMoin/_tests/broken (= disabling them).
  2755       All "active" tests run ok now.
  2756       If you want to compare, I included the output of this test run:
  2757       $ make test >tests/make_test.out
  2760 Version 1.5.3-rc1:
  2762   New features:
  2763     * HINT: please read README.migration
  2764     * Login and Logout are actions now, therefore you stay on the page where
  2765       you were before.
  2766     * UserPreferences is also an action now and moved from top border (in
  2767       modern theme) to the "more actions" dropdown menu. You also stay on the
  2768       same page.
  2769     * There is also a [[Login]] macro now. You can put it on any page you want
  2770       and if the user is not logged in, it renders the login form. If the user
  2771       is logged in, it doesn't render anything.
  2772     * We check cfg.superuser to be a list of user names (as documented) and
  2773       deny superuser access if it is not. This avoids security issues by
  2774       wrong configuration.
  2775     * auth methods changed:
  2776       HINT: if you wrote own auth methods, please change them as you see in
  2777             MoinMoin/ and test them again before relying on them.
  2778       * now get a user_obj kw argument that is either a user object returned
  2779         from a previous auth method or None (if no user has been made up yet).
  2780         The auth method should either return a user object (if it has
  2781         determined one) or what it got as user_obj (being "passive") or None
  2782         (if it wants to "veto" some user even if a previous method already has
  2783         made up some user object).
  2784       * return value of continue_flag is now True in most cases (except if
  2785         it wants to "veto" and abort).
  2786       * moin_cookie auth method now logs out a user by deleting the cookie and
  2787         setting user_obj.valid = 0. This makes it possible to still get the
  2788         user's name in subsequent auth method calls within the same request.
  2789       * added ldap_login and smb_mount auth methods, see MoinMoin/ and
  2790         wiki/config/more_samples/
  2791     * MonthCalendar now takes an additional argument for specifying a template
  2792       to use to directly invoke the page editor when clicking on non-existing
  2793       day pages.
  2794     * Added ImageLink macro. Thanks to Jeff Kunce, Marcin Zalewski, Reimar
  2795       Bauer and Chong-Dae Park for working on it.
  2796     * Lupy stuff (still experimental, partly broken and disabled by default):
  2797       * Attachment search using lupy (lupy_search = 1 in your config)
  2798         Title search will also search attachment filenames.
  2799         Full text search will also search attachment contents.
  2800       * Indexing filter plugins, see MoinMoin:FiltersForIndexing
  2801         Some filters depend on external converters that might not be available
  2802         for any platform (see Depends: line in filter plugin).
  2803         Feel free to contribute more filter plugins, especially if you wrote
  2804         some nice platform independant filter in Python for some popular file
  2805         format! Filters implemented so far (depending on):
  2806         MS Word, RTF, MS Excel (antiword, catdoc)
  2807         PDF (pdftotext)
  2808 XML based data formats (-)
  2809         XML, HTML (-)
  2810         text/* (-)
  2811         JPEG's EXIF data (-)
  2812         Binary generic (-)
  2813       * As you might know, Lupy is "retired" (that means it isn't developped
  2814         by its authors any more). We are currently evaluating Xapian as new
  2815         indexing search engine in moin.
  2816         If we succeed, we will replace Lupy stuff by some Xapian interface
  2817         code in moin.
  2818         But: the filters will likely stay, as we also need them with Xapian.
  2820     * A new MoinMoin script interface was introduced:
  2822       Syntax: moin [options] <cmdmodule> <cmdname> [options]
  2824       For example:
  2825       moin --config-dir=/my/cfgdir \
  2826            export dump --page=WikiSandBox
  2828       This will call the "moin" script, which will use the --config-dir and
  2829       --wiki-url options to initialize, then it will go to MoinMoin.script
  2830       module, import the export.dump module from there and run it, providing
  2831       the additional --page value to it.
  2833       The old scripts that have not been migrated to this new interface can
  2834       still be found in MoinMoin/script/old/ - including the old migration
  2835       scripts.
  2836     * moin ... account create --name=JoeDoe
  2837     * moin ... account disable --name=JoeDoe
  2838     * moin ... acount check     <-- this is what usercheck script was before
  2839     * moin ... maint cleancache <-- this is what cachecleaner script was
  2840     * moin ... maint cleanpage  <-- this is what pagescleaner script was
  2842   Bugfixes:
  2843     * cookie_lifetime didn't work comfortable for low values. The cookie was
  2844       created once on login and never updated afterwards. So you got logged
  2845       out cookie_lifetime hours later, no matter whether you were active at
  2846       that time or not. This has been changed, we update the cookie expiry now
  2847       on every request, so it will expire cookie_lifetime after your last
  2848       request (not after login).
  2849     * Fixed logout problems when using cfg.cookie_path.
  2850     * Fixed cookie_path for root url wikis.
  2851     * Lupy search now behaves a bit less funky. Still no guarantees...
  2852     * We lowered the twisted server timeout to 2 minutes now (was: 10) because
  2853       it just used up too many files (open TCP connections until it timeouts)
  2854       on our farm.
  2855     * The algorithm used for processing the farmconfig.wikis list was changed
  2856       to work for big farms (>= 50 wikis), too. This works around the python
  2857       "re" module limitation of having a maximum of 100 named groups in a RE.
  2858     * Fixed a TypeError which occurred for formatters that dislike None values.
  2859       (cf.
  2860     * Fixed GUI editor converter error for https:... image URLs.
  2861     * ThemeBase (use by modern/rightsidebar): removed duplicate AttachFile from
  2862       actions menu (we already have it in editbar).
  2863     * Speedup group/dicts scanning for persistent servers.
  2864     * Implemented HEAD requests for standalone server, this should fix some of
  2865       the strange effects happening when using "Save as" on attachments.
  2866     * Not a moin bug, but rather a workaround for non-standard non-ASCII DNS
  2867       hostnames: we just use the IP instead of crashing now.
  2868     * Spurious cyclic usage error in i18n fixed.
  2869     * Fixed antispam for python 2.5a xmlrpclib.
  2870     * I18n for linenumber toggle in listings.
  2871     * All action menu entries are translatable now.
  2873   Other:
  2874     * Added css classes for the rst admonitions. Thanks to TiagoMacambira!
  2876 Version 1.5.2:
  2878   New features:
  2879     * Added FullSearchCached macro which is statically cached.
  2880       Use it if you do not depend on fresh search results but prefer raw speed.
  2881     * Added surge protection, see HelpOnConfiguration/SurgeProtection.
  2882     * Allow hex and symbolic entities.
  2883     * If there is a user with empty password, we just generate a random one
  2884       when he requests it getting sent by mail. Thanks to Reimar Bauer.
  2885     * The superuser now can switch to another user using UserPreferences -
  2886       nice to help your users when they forgot their password or need other
  2887       help. You need to logout/relogin to use your own userid afterwards.
  2888       This function only works correctly if you use moin_cookie authentication.
  2889       Thanks to Reimar Bauer.
  2890     * Add new markup for bulletless lists: just use a "." instead of "*".
  2892   Other changes:
  2893     * Added "voyager" to bot useragent list.
  2894     * Added locking for caching subsystem.
  2895     * Deron Meranda's formatter API cleanup.
  2896     * Added div and span to formatter API.
  2897     * Removed old unfinished form and export code.
  2898     * updated i18n
  2900   Fixes:
  2901    * Fixed table attribute parsing.
  2902    * Fixed cookie handling wrt properties adherance.
  2903    * The new "." list markup makes it possible to have a bulletless list with
  2904      elements on the same level. Before this change and only using indentation
  2905      with blanks, that would get merged into a single paragraph.
  2906    * It is possible now to have multiple paragraphs in the same list element,
  2907      just leave an empty line in between the paragraphs.
  2908    * Fixed GAP processing for ordered lists.
  2909    * Fix text_gedit formatter's invalid list nesting.
  2910    * Fixed hr crash in blockquote (but needs more work).
  2911    * Fixed FootNote's formatter usage.
  2912    * Fixed rst's headline levels.
  2913    * Fixed MoinMoinBugs/WikiParserThinksItIsInsidePreWhenItIsNot
  2914    * Fixed MoinMoinBugs/ListItemGeneratedOutsideList
  2915    * Fixed that macros were followed by a wrong <p>.
  2916    * Added <blockquote> to the block elements in the text_html formatter,
  2917      so it does not close it erratically when you close a inner <p>.
  2918    * GUI editor converter now also accept http: urls without // (relative or
  2919      same server urls).
  2920    * Fixed the DocBook parser in cases where the pagename was non-ascii.
  2921    * Fixed MoinMoinBugs/ProcessInlineDontSupportUlElement
  2924 Version 1.5.1:
  2926   Fixes:
  2927     * Fixed rst parser docutils version check
  2928     * Repaired attachment unzipping feature.
  2929     * Fixed the AddRevision command of the PackageInstaller.
  2930     * improved the migration scripts (used to migrate pre-1.3 wikis to 1.3+):
  2931       * do not crash on empty lines in event log
  2932       * fix edit log format for very old moin data (like 0.11)
  2933       * workaround for an ugly win32 operating system bug leading to wiki text
  2934         file mtime not matching edit logs timestamp values if there was some
  2935         timezone change since last edit (e.g. a daylight saving tz switch),
  2936         but differing 3600s.
  2937         This affected pre-1.3 moin wiki servers running on win32 OS only.
  2938         We now try to correct those inconsistencies in mig05 by fuzzy matching.
  2939     * fixed bracketed link scheme icon (css class)
  2940     * we included a modified copy of Python 2.4.2's as some previous
  2941       python versions seem to have problems (2.3.x, x < 5 and also 2.4[.0]),
  2942       see:
  2943       Our own was slightly modified to run on 2.3.x and 2.4.x.
  2944     * Fixed the problem of not being able to change the date/time format back
  2945       to "Default" (UserPreferences).
  2946     * We generate the GUI editor footer now the same way as the text editor
  2947       footer.
  2948     * Include a CSS workaround for yet another IE bug, see:
  2949       MoinMoinBugs:InternetExplorerPeekABooBugInRightSideBar
  2950     * classic theme: added GUI editor link
  2951     * classic theme: added pagename header to editor screen
  2952     * the "mail enabled" check now also checks whether mail_from is set
  2954   Other changes:
  2955     * Updated FCKeditor to current CVS (2006-01-08 == 2.2+)
  2956     * Split up show_hosts into show_hosts and show_names
  2957     * attachment:file%20with%20spaces.txt in attachment list
  2958     * added support for file:// in GUI editor link dialogue, see also:
  2959       MoinMoin:FileLinks
  2960     * cfg.mail_smarthost now supports "server:port" syntax, the default port
  2961       is 25, of course.
  2962     * removed unused kwargs showpage/editable/form from wikiutil.send_footer
  2963     * updated i18n (translation texts, additional languages)
  2964     * removed interwiki:pagename from print view's top of page, added it to
  2965       the "lasted edited" line at bottom right.
  2968 Version 1.5.0:
  2969   HINT: 1.5.0 uses the same data/pages format as 1.3.x. The only thing you want
  2970         to check is whether the 1.5.x version you are upgrading to has NEW mig
  2971         scripts compared to the version you are running now (e.g. in 1.3.5 we
  2972         added some scripts that fixed some small problems).
  2973         See the MoinMoin/scripts/migration/ directory.
  2974         You must run every mig script in sequence and only ONCE ever.
  2975   Fixes:
  2976     * Fix <x=y> table attributes parsing. Thanks to Reimar Bauer.
  2977     * Fixed a few bugs in the reStructured text parser. Note that you
  2978       need to install docutils 0.3.10 or newer (snapshot from December 2005
  2979       or newer) to make reStructuring parsing work:
  2980      * Case preservation for anonymous links
  2981      * MoinMoin links get the appropriate CSS class
  2982      * Images do not get special CSS markup anymore
  2983      Thanks to Matthew Gilbert.
  2984     * Fixed a bug in the WSGI code which led to incorrect exception handling.
  2985     * Removed all nationality flags. They used to be used for indicating some
  2986       specific language (NOT nationality) and this was simply wrong and a bad
  2987       idea.
  2988     * Fixed some header rendering issues (CSS).
  2989     * SystemAdmin macro now checks against cfg.superuser list.
  2991   Other changes:
  2992     * Added turkish i18n. To be considered as alpha as it got in last minute.
  2995 Version 1.5.0rc1:
  2996   This is the first release candidate of MoinMoin 1.5.0.
  2998   Fixes:
  2999     * fixed broken logs when a DeletePage (maybe also RenamePage) comment
  3000       contained CR/LF characters (could happen when using copy&paste)
  3001     * fixed GUI editor MoinEditorBackup page containing HTML instead of wiki
  3002       markup
  3003     * fixed invalid HTML in FootNotes
  3004     * fixed HTML source in EditorBackup after canceling GUI editor
  3005     * Footnotes of included pages are not shown at the bottom of the including page.
  3006     * Bug in Dict handling that often breaks first entry
  3008 Version 1.5.0beta6:
  3009   Authentication:
  3010     * Added SSO module for PHP based apps. Currently supported: eGroupware 1.2.
  3011       No need to login in two systems anymore - MoinMoin will read the PHP session
  3012       files.
  3014   Fixes:
  3015     * Improved rendering of bullet lists and external links in Restructured text.
  3016       Thanks to Matthew Gilbert.
  3017     * Fixed modern theme rendering, including some fixes and workarounds for
  3018       broken MS IE.
  3019     * When checking for email uniqueness, do not compare with disabled user
  3020       profiles.
  3021     * Fix sending of HTTP headers for Despam action.
  3022     * Add some margin left and right of the link icons.
  3024   Other changes:
  3025     * Made it easier for auth methods needing a user interface (like ldap or
  3026       mysql stuff). Unlike http auth, they usually need some "login form".
  3027       We made UserPreferences login form values (name, password, login, logout)
  3028       available as kw args of the auth method, so it is easy and obvious now.
  3029     * Make login and logout show at the same place. Is only shown when
  3030       show_login is True (default).
  3031     * Disabled login using &uid=12345.67.8910 method. Please use name/password.
  3032     * Made builtin moin_cookie authentication more modular: the cookie is now
  3033       touched by MoinMoin.auth.moin_cookie only, with one minor discomfort:
  3034       When creating a user, you are not automatically logged in any more.
  3035     * We now use the packager for additional help and system pages in all other
  3036       languages except English. The packages are attached to SystemPagesSetup
  3037       page and can be installed from there after getting "superuser" powers.
  3038       The "extra" package contains a collection of orphan pages not listed on
  3039       some SystemPagesIn<Language>Group page.
  3042 Version 1.5.0beta5:
  3043   Fixes:
  3044     * Fixed a minor user interface bug: it showed RenamePage and DeletePage
  3045       actions in the menu if you only had write rights and then complained
  3046       when you really tried when you had no delete rights additionally.
  3047     * We don't remove RenamePage and DeletePage from menu any more if user is
  3048       unknown. This stuff is only driven by ACLs now.
  3049     * Some fixes to Despam action.
  3050     * Fixed moin_dump (broken by some recent theme init change).
  3051     * Fixed a few tests by moving the theme init from moin_dump to RequestCLI.
  3052     * removed old_onload reference from infobox.js
  3053     * Fixed MoinMoin logo for IE.
  3054     * search: fixed whitespace handling in linkto: search terms
  3055     * Increased stability of the tests system by outputting results to sys.stdout
  3056       instead of request. Note that this changes the semantics for e.g. mod_py or
  3057       mod_fcgi.
  3058     * Fixed packaging system in the case of AddRevision that does not alter the page.
  3059     * Fixed a few bugs in the XML formatters (dom_xml, text_xml, xml_docbook).
  3060     * Fixed link icons. We now just use where xxx is the link scheme,
  3061       e.g. a.http.before. See theme's common.css.
  3062     * Hopefully fixed some issue with non-ASCII attachment filenames.
  3063     * Workaround for Opera 8.5 making silly "No addition" categories.
  3064     * Do not show GUI editor for non-wiki format pages, because we only have a
  3065       converter from html to wiki right now.
  3066     * Fix the modern CSS issues for editbar, when it shifted content far right.
  3067       Also removed the absolute height value that never was right.
  3068     * Fix mod_python adaptor bugs failing to handle Location correctly.
  3069       See:
  3071   Other changes:
  3072     * Added irc:// to the builtin supported link schemas. You can remove it
  3073       from config.url_schemas in case you have patched it in there.
  3074     * Added cfg.user_autocreate (default: False). Use True to enable user
  3075       profile autocreation, e.g. when you use http authentication, so your
  3076       externally authenticated users don't need to create their moin profile
  3077       manually. The auth method (see cfg.auth list) must check this setting
  3078       if it supports auto creation.
  3079     * Added user_autocreate support for auth.http and auth.sslclientcert.
  3080     * Added "." and "@" to allowed characters in usernames. This is needed
  3081       e.g. when using mod_pubcookie for authentication. mod_pubcookie returns
  3082       userids like "geek@ANDREW.CMU.EDU" (e.g. the Kerberos domain is part of
  3083       the id). Thanks to Brian E. Gallew for his patch, which we used for
  3084       inspiration for user autocreation changes.
  3085     * Changed auth method to return a tuple (user_obj, continue_flag), see
  3086       comments in
  3087     * auth methods now create user objects with kw args auth_method and
  3088       auth_attribs, so that moin knows later how the user was authenticated
  3089       and which user object attributes were determined by the auth method.
  3090     * Added MoinMoin/scripts/import/ to import supybot's
  3091       IRC logs into a moin wiki. We use MonthCalendar compatible page names,
  3092       so you can use the calendar for showing / navigating the logs.
  3093     * Removed packager binary from FCKeditor (fixing a Debian policy problem).
  3094     * Worked around .png transparency bugs of IE with the new logo. We ship
  3095       two logos: moinmoin.png without an alpha channel (IE compatible) and
  3096       moinmoin_alpha.png which has an alpha channel and looks better on
  3097       browsers with full .png support.
  3098     * Allow a .zip file to have a directory in it if it is the only one.
  3100 Version 1.5.0beta4:
  3101   Fixes:
  3102     * use <span class="anchor"> instead of <a> for line-xxx anchors, this
  3103       fixes some rendering problems on IE
  3104     * Fixed the ReStructured text parser when it was used with non-HTML
  3105       formatters. Increased compatiblity with new docutils code.
  3106       (Thanks to Matt Gilbert.)
  3107   Other changes:
  3108     * cfg.stylesheets = [] (default). You can use this on wiki or farm level
  3109       to emit stylesheets after the theme css and before the user prefs css.
  3110       The list entries must be ('screen', '/where/ever/is/my.css') style.
  3111     * Added sample code for auth using an external cookie made by some other
  3112       program. See contrib/auth_externalcookie/*. You need to edit it to
  3113       fit whatever cookie you want to use.
  3115 Version 1.5.0beta3:
  3116   Fixes:
  3117     * fixed editor preview throwing away page content for new pages
  3118     * require POST for userform save and create* action
  3119     * use request.normalizePagename() while collecting pagelinks
  3120     * do not offer gui editor for safari
  3121   Other changes:
  3122     * tell user if account is disabled
  3123     * added support for linking to .ico and .bmp
  3124     * attachment methods for the text_xml and xml_docbook formatters
  3125     * new favicon
  3126     * updated i18n (fixed nl, did nobody notice this?) and underlay
  3127     * changed show_interwiki default to 0
  3129 Version 1.5.0beta2:
  3130   Fixes:
  3131     * fix wrong _ in title links (MoinMoinBugs/AddSpaceWikiNameAtHead)
  3132     * fix gui editor (converter) crash on save
  3133     * MoinMoinBugs/PageHitsFails
  3134     * MoinMoinBugs/PackagePagesFailsBecauseAllowedActionsMissing
  3135     * Avoid destroying existing page content if editor is called with
  3136       template parameter for an existing page.
  3137     * fix countdown javascript for browser status line in editor
  3138     * added page title display for editor
  3139     * added header div for classic theme
  3141   Authentication and related:
  3142     * Added a wiki xmlrpc plugin to check whether auth works
  3143       correctly for xmlrpc. There is a counterpart script that
  3144       uses http auth when calling the xmlrpc plugin, so you can use it to
  3145       check http auth.
  3147 Version 1.5.0beta1:
  3148     * Requirements changed to require Python >= 2.3. We recommend that
  3149       you use the latest Python release you can get. The reason we
  3150       dropped 2.2.2 support is because no developer or tester uses this
  3151       old version any more, so incompatibilities crept in the code
  3152       without anybody noticing. Using some recent Python usually is no
  3153       real problem, see there for some hints in case you still run an
  3154       old python:
  3155       The hint also does apply to other POSIX style operating systems,
  3156       not only Linux.
  3157     * We recommend you use MoinMoin/scripts/ to clean the
  3158       wiki's cache (see comments at top of the script).
  3159       The cache will automatically be rebuilt (some operations may take
  3160       some time when first being used, e.g. linkto: search, so be patient!).
  3162   Config Changes:
  3163      * there is a file CHANGES.config with just the recently changed stuff
  3164        from
  3165      * new defaults:
  3166        * page_front_page old: u"FrontPage" new: u"HelpOnLanguages"
  3167          please just read the help page in case you see it :)
  3168        * bang_meta old: 0 new: 1
  3169        * show_section_numbers old: 1 new: 0
  3170        * some regexes that used to be [a-z]Uxxxx$ are now [a-z0-9]Uxxxx$
  3171        * navi_bar has no page_front_page as first element any more
  3172      * removed settings and code [new behaviour]:
  3173        * acl_enabled [1]
  3174        * allow_extended_names [1]
  3175        * allow_numeric_entities [1]
  3176        * backtick_meta [1]
  3177        * allow_subpages [1]
  3178      * new settings:
  3179       * cfg.mail_sendmail = "/usr/sbin/sendmail -t -i" can be used if sending
  3180         via SMTP doesn't work on your server. Default is None and that means
  3181         using SMTP.
  3182       * language_default replaces the old default_lang setting (just renamed).
  3183       * language_ignore_browser = True can be used to let moin ignore the
  3184         user's browser settings (e.g. if you run a local-language only wiki
  3185         and your users use misconfigured or buggy browsers often). Default is
  3186         False. Don't forget to set language_default when using this.
  3188     * Wiki Editor changes / new WYSIWYG editor
  3189      * fully imported the javascript based LGPLed FCKeditor (many thanks
  3190       to Fred CK for his great work). See for details.
  3191      * config for FCKeditor is at wiki/htdocs/applets/moinfckeditor.js
  3192      * added cfg.interwiki_preferred (default = []) to set a list of wikis to
  3193        show at the top of the wiki selection list when inserting an
  3194        interwiki link (just use the same wiki name as in interwiki
  3195        map). If the last list item is None, then the preferred wikis
  3196        will not be followed by the entries of the interwiki map.
  3197     * moved save/preview/... buttons to the top so that they can be
  3198       easily reached
  3199     * reduced edit_rows default to 20 lines
  3200     * Added support for edit by doubleclick in the diff view
  3202     * Improved wiki farm support
  3203      * make user files sharable between several wikis in a farm
  3204       * allow/use interwiki subscriptions
  3205       * use interwiki links in page trail
  3206       * save bookmark per wiki name
  3207      * cfg.cookie_domain can be used to set a cookie valid for a complete
  3208        domain (default: None == only for this host). If you use '.domain.tld',
  3209        the cookie will be valid for all hosts *.domain.tld - good for host
  3210        based wiki farms.
  3211      * cfg.cookie_path can be used to set a cookie valid for a wiki farm under
  3212        some base path (default: None == only for this wiki's path). If you use
  3213        '/wikifarm',  the cookie will be valid for all wikis
  3214        server.tld/wikifarm/* - good for path based wiki farms.
  3215      * Interwiki user homepage (if you have MANY users)
  3216        Generated links for usernames are interwiki now, use cfg.user_homewiki
  3217        (default: 'Self') to specify in which wiki the user home pages are
  3218        located. Note: when pointing this to another wiki, the /MoinEditorBackup
  3219        functionality will be disabled.
  3220        @SIG@ also uses interwiki when needed.
  3222     * Authentication, ACLs and related
  3223      * Modular authentication: cfg.auth is a list of functions that return a
  3224        valid user or None, use it like this:
  3225            from MoinMoin.auth import http, moin_cookie
  3226            auth = [http, moin_cookie]
  3227      * cfg.auth_http_enabled was removed, please use cfg.auth instead.
  3228      * http auth now supports "Negotiate" scheme, too
  3229      * Added sslclientcert auth method (Apache: untested, Twisted: not
  3230        implemented, IIS: no idea). See MoinMoin/ for details.
  3231        Submit a patch if you have improvements.
  3232      * cfg.superuser is a list of unicode usernames. It is used by some
  3233        critical operations like despam action or PackageInstaller.
  3234      * removed allowed_actions, we now use actions_excluded only and it
  3235        defaults to [], that means, no action is excluded, everything is
  3236        allowed (limited by ACLs). In case of RenamePage and DeletePage,
  3237        this shouldn't be a problem as both can be reverted. In case you
  3238        did not allow attachments, you now have to use:
  3239        actions_excluded = ['AttachFile']
  3240      * special users (All, Known, Trusted) in Groups are now supported
  3241      * SecurityPolicy added
  3242        When using this security policy, a user will get admin rights on his
  3243        homepage (where pagename == username) and its sub pages. This is needed
  3244        for the MyPages action, but can also get used for manual ACL changes.
  3245        It can also be used for Project page auto admin functionality, see the
  3246        comments in the script for details.
  3247        Further it can automatically create the user's group pages when the
  3248        user saves his homepage.
  3249      * there is a UpdateGroup xmlrpc call, see MoinMoin/xmlrpc/ -
  3250        you can use this to update your *Group pages e.g. when generating them
  3251        from an external group database.
  3253     * UserPreferences changes
  3254      * Alias name: is used for display purposes, when "name" is cryptic. It is
  3255        shown e.g. in the title attribute of userid links (displayed when
  3256        moving the mouse over it).
  3257      * "Publish my email (not my wiki homepage) in author info" - use this
  3258        if you don't have a wiki homepage, but if you want to be contactable
  3259        by email. When you edit a page, your email address will be published
  3260        as mailto: link on RecentChanges, at bottom of page (last editor) and
  3261        in page info. If the wiki runs publically on the internet, be careful
  3262        using this or your email address might be collected by spammers.
  3263      * Preferred Editor: whether you want to use the text editor (as in
  3264        previous moin versions), the gui editor (new!) or both (you will get
  3265        2 edit links in that case).
  3266      * a user can add/remove the current page to/from his quicklinks with an
  3267        appropriate action now
  3268      * if cfg.user_email_unique = False, we don't require user's email
  3269        addresses to be unique
  3270      * removed show_fancy_links user preferences setting to simplify code and
  3271        caching. Displaying those icons is now done by CSS styles (see
  3272        common.css). Maybe needs fixing for non-standard themes and RTL langs.
  3274     * Markup
  3275      * added strikethrough markup: --(striked through text here)--
  3276      * @ME@ expands to just the plain username (no markup added) on save
  3278     * User homepages
  3279      * when a user accesses his own non-existing homepage (pagename ==
  3280        username), the wiki will present the MissingHomePage system page
  3281        content, explaining what a user homepage is good for and offer
  3282        one-click editing it with content loaded from HomepageTemplate
  3283      * creation of homepage subpages is assisted by the MyPages action, which
  3284        offers rw, ro page creation (and a related group) or creation of private
  3285        pages. If you are not in the user_homewiki, you will get redirected
  3286        there first.
  3288   Other changes/new features:
  3289     * Added PackageInstaller and unzipping support (see wiki page
  3290       HelpOnActions/AttachFile for further details).  PackageInstaller requires
  3291       the user to be in cfg.superuser list.
  3292      * Added an PackagePages action to simplify the package creation.
  3293     * Added location breadcrumbs - when you are on some subpage, the page
  3294       title parts link to the corresponding parent pages, the last part does
  3295       the usual reverse linking.
  3296     * added WSGI server support, thanks to Anakim Border, see:
  3297       wiki/server/ (moin as WSGI app, uses the flup WSGI server,
  3298                                see
  3299       MoinMoin/server/ (adaptor code)
  3300     * added a "Despam" action to make de-spamming a wiki easy (mass revert
  3301       bad changes done by a single author or bot). You need to be in
  3302       cfg.superuser to use it.
  3303     * Better diffs with links to anchors to the changed places
  3304     * Enhanced table support in the DocBook formatter.
  3305     * Added 'moin' daemon script, that let you run moin standalone
  3306       server as daemon and control the server with simple command line
  3307       intreface: moin start | stop | restart | kill
  3308     * Add 'restart' option to mointwisted script
  3309     * Add properties option to standalone server config. Allow
  3310       overriding any request property like in other server types.
  3311     * Add support for running behind proxy out of the box with out
  3312       manual url mapping.
  3313       See HelpOnConfiguration/IntegratingWithApache
  3314     * added a WikiBackup action, configure it similar to this:
  3315       data_dir = "/path/to/data"
  3316       backup_include = [data_dir, ] # you can add other dirs here
  3317       backup_users = ["BackupUserName", ] # only TRUSTED users!
  3318       You usually don't need to change the default backup_exclude setting.
  3319       The default backup_include list is EMPTY and so will be your
  3320       backup in case you don't configure it correctly.
  3321       If you put your data_dir there, the backup will contain private
  3322       user data like email addresses and encrypted passwords.
  3323     * Added a SubscribeUser action which allows the administrator to subscribe users to the
  3324       current page.
  3325     * Added thread count to SystemInfo macro.
  3326     * Added Petr's newest patch against the DocBook code. It allows you to use macros (esp. the include macro) in DocBook pages in order to build larger documents.
  3327     * Added a RenderAsDocbook action which redirects to the DocBook formatter.
  3328     * Added searching for wiki-local words lists under <data_dir>/dict/.
  3329       They are used additionally to the global lists in MoinMoin/dict/.
  3330     * moin_dump now also dumps attachments referenced from the page.
  3331       It doesn't dump stuff that is just attached, but not referenced!
  3332     * On RecentChanges we now force the comment to be breakable, this improves
  3333       rendering of over-long words or on narrow browser windows - especially
  3334       for themes with limited content width like rightsidebar.
  3335     * We now have the "new" icon on RecentChanges clickable, just links to the
  3336       page.
  3337     * Print view now shows "interwikiname: pagename" (for show_interwiki = 1).
  3339   International support:    
  3340     * mail_from can be now a unicode name-address 
  3341       e.g u'Jürgen wiki <>'
  3343   Theme changes:
  3344     * logo_string is now should be really only the logo (img).
  3345       If you included your wiki's name in logo_string you maybe want to remove
  3346       it now as it is shown as part of the location display now anyway (if
  3347       you set show_interwiki = 1).
  3348     * You maybe want to remove page_front_page from your navi_bar - we link to
  3349       that page now from the logo and (new, if you set show_interwiki = 1) from
  3350       the interwiki name displayed in location display, so you maybe don't need
  3351       it in navi_bar, too.
  3352     * If you have a custom theme, you should / may:
  3353      * sync modern/css/screen.css #pagelocation #pagetrail stuff to your
  3354        screen.css or pagelocation display (title()) will look strange (like a
  3355        list).
  3356      * remove "#title h1 ..." CSS (or any other CSS assuming h1 is a page
  3357        title and not just a first level heading), it is not used any more.
  3358      * we now render = heading = as <h1> (was <h2> before 1.5),
  3359        == heading == as <h2> (was <h3>), etc.
  3360      * maybe move both title() and trail() to header area, like the builtin
  3361        themes do it.
  3362      * there is a new interwiki() base theme method that optionally (if
  3363        show_interwiki = 1) shows the interwiki name of this wiki and links to
  3364        page_front_page. The css for it is #interwiki.
  3366   Developer notes:    
  3367     * Plugin API was improved. When plugin module is missing,
  3368       wikiutil.PluginMissingError is raised. When trying to import a
  3369       missing name from a plugin module, wikiutil.PluginMissingError is
  3370       raised. You must update any code that use wikiutil.importPlugin.
  3371       Errors in your plugin should raise now correct tracebacks. See
  3373     * pysupport.importName was changed, it does not check for any
  3374       errors when trying to import a name from a module. The calling
  3375       code should check for ImportError or AttributeError. Previous
  3376       code used to hide all errors behind None.
  3377     * Its easier now to customize the editbar by overriding
  3378       editbarItems() in your theme, and returning a list of items to
  3379       display in the editbar. To change a single editbar link, override
  3380       one of the xxxLink methods in your theme.
  3382   Internal Changes:
  3383     * request.formatter (html) is available for actions now
  3384     * theme API's d['page_home_page'] is gone (sorry) and replaced by
  3385       d['home_page'] which is either None or tuple (wikiname,pagename).
  3386       It is better to use the base classes function for username/prefs anyway.
  3387     * introduced cfg.hacks for internal use by development, see comment in
  3388 and file HACKS.
  3389     * added IE7 (v0.9) from Dean Edwards (see -
  3390       that should fix quite some IE bugs and annoyances (on Win32).
  3391       * for enabling IE7, use cfg.hacks = { 'ie7': True }
  3392     * reducewiki now also copies all attachments (we use that to make underlay
  3393       directory from moinmaster wiki's data_dir)
  3395   Fixes:  
  3396     * Fixed a typo in which led to a traceback instead of an
  3397       error message in case of disabled XSLT support.
  3398     * Fixed crash in twisted server if twisted.internet.ssl is not
  3399       available.
  3400     * Fixed wrong decoding of query string, enable wiki/?page_name urls
  3401       with non ascii page names.
  3402     * Fixed wrong display of non ascii attachments names in
  3403       RecentChanges and page revision history.
  3404     * Fixed a crash when trying to run standalone server on non posix os.
  3405     * Fixed highlight of misspelled words in Check Spelling action.
  3406     * Fixed case insensitivity problems on darwin (Mac OS X). See
  3407       MoinMoinBugs/MacHfsPlusCaseInsensitive
  3408     * Added RecentChanges (only the english one) to the pages getting
  3409       html_head_index headers
  3410     * text_html cache files written with this code will invalidate themselves
  3411       if they detect to be older than the wikiconfig. Note: you should remove
  3412       all old text_html cache files once after upgrading, they will then be
  3413       rebuilt automatically with the new code.
  3414     * Fixed MoinMoinBugs/12_to_13_mig10_Walk
  3415     * Fixed the word_rule: a word like AAAbbAbb isn't teared into two parts
  3416       any more (was: AA<link>AbbAbb</link>)
  3417     * Fixed false positive InterWiki markup for languages like Finnish.
  3418       InterWiki links are only rendered if the left side has an appropriate
  3419       entry in the interwiki map, otherwise it is rendered as simple text.
  3420     * Fixed unicode error when uploding non-ascii file name using mod
  3421       python.
  3422     * Fixed error handling of wikirpc requests, should give more
  3423       correct errors and prevent no error output and blocking the
  3424       client in some cases.
  3425     * Fixed the "lost password" mail processing. If a user entered some email
  3426       address unknown to the system, he was not notified of this, but just got
  3427       a useless mail with no account data in it. Now the system directly tells
  3428       the user that he entered an unknown email address.
  3429     * Fixed SystemInfo, it now also lists parsers in data/plugin/parser dir.
  3430     * Fix error handling on failure, improved error display
  3431     * Fix error handling when importing plugins or importing modules
  3432       dynamically. The fix is not backward compatible with older plugins.
  3433     * Fix chart action, returns a page with error message when chart
  3434       can not be created.
  3435     * Fixed formatter usage in the ShowSmileys macro.
  3436     * Fixed updating pagelinks cache for [:page:text] or [wiki:Self:page text],
  3437       fixes display of LocalSiteMap and rendering of such links.
  3438     * Hopefully fixed urllib problems (esp. with py 2.4.2, but also before) by
  3439       using our own urllib wrapper that handles encoding/decoding to/from
  3440       unicode, see Also made a similar fix for making and parsing
  3441       query strings.
  3442     * Fixed MonthCalendar tooltips when containing special chars like quotes.
  3443     * Added html escaping for diff text for RSS feed with diff=1.
  3444     * The distance between page content beginning and the first = heading =
  3445       was much too much. Fixed.
  3447 Version 1.4:
  3449     We used that version number for an internal and early development version
  3450     for what will be called moin 2.0 at some time in the future.
  3451     There will never be a 1.4.x release.
  3454 Version 1.3.5 (2005-08-04, Revision moin--main--1.3--patch-883)
  3456 Fixes:
  3457     * small CSS fix for rightsidebar theme
  3458     * applied some Debian patches (thanks to Jonas!):
  3459       * de i18n spelling fixes
  3460       * AttachFile fix, we strip CR in .draw files now
  3461       * when loading spellcheck dictionaries, we want utf-8, but we make
  3462         a 2nd try with iso-8859-1 encoding.
  3464 New Features:
  3466     * enabled using https with the Twisted server:
  3467       You need to use port 443, have PyOpenSSL (+ ssl libs it depends on)
  3468       installed and have some site key and certificate PEM files configured in
  3469       your file:
  3470       sslcert = ('/whereever/cert/sitekey.pem', '/whereever/cert/sitecert.pem')
  3473 Version 1.3.5rc1 (2005-07-31, Revision moin--main--1.3--patch-865)
  3475 Fixes:
  3477     * Fixed security bug when acl of deleted page was ignored. See:
  3479     * AttachFile did not display the original filename plus there
  3480       was a confusion in input field labelling ('Rename to').
  3481     * Fixed shortcut link non-existent page detection.
  3482     * Fixed non-working bookmark function on python 2.2.x.
  3483     * Fixed wikirpc getPageInfo call on python 2.2.x.
  3484     * Fixed the failing import of plugins from the data/plugin/
  3485       directories if run in zipimport environments.
  3486     * Fixed traceback which occurred on negated searches.
  3487     * Fixed crash when trying to render error message on twisted, fast
  3488       cgi and modpy.
  3489     * Fixed error message with modpy, used to show wrong errors below
  3490       the real message.
  3491     * Fixed search and goto text fields for better compatibility with
  3492       dark themes and better control through css.
  3493     * Show an edit link if MissingPage is missing and a warning in the
  3494       server log.
  3495     * Fixed missing footer in the editor.
  3496     * Fixed indented (invalid) headings with broken links in table of
  3497       contents.
  3498     * Fixed crash when file name is too long, show standard error message.
  3499     * Save trail file in a safe way, should be enough for normal use.
  3500     * Fixed remember_last_visit user preferences option when show_trail
  3501       is not selected.
  3502     * Fixed the tests for Standalone, Twisted, FastCGI and Mod_Python.
  3503       Run with ?action=test from any page.
  3504     * Fixed rare bug when wrong search type was performed when pasting
  3505       search term in Safari.
  3506     * Fixed crash for custom formatters and dom_xml (which occurred if
  3507       smileys were in the page).
  3508     * Editor opens on double click in pages with single quote in the
  3509       name, like "Ben's Wiki".
  3510     * '/.' in page names are not replaced any more by '/(2e)'
  3511     * Fixed the long delays while saving pages using RequestCLI.
  3512     * Fixed variable expanding for users with non WikiName.
  3513     * Fixed MonthCalendar's calculation of "today" to use the user's
  3514       time zone setting.
  3515     * Fixed moin_dump script, use same configuration options as other
  3516       scripts.
  3517     * Fixed url_mappings to work in proxied setups and sent mails
  3518       again. Also fixed for image links. Thanks to JohannesBerg.
  3519     * Fixed page shown after saving a drawing (esp. when saved from a
  3520       sub page). Fixed help link for drawings.
  3521     * Fixed mig10 script to run on Python < 2.3.
  3522     * The twisted server defaulted to a socket timeout of 12 hours!
  3523       We reduced that to a more sane 10 minutes, that should still be more
  3524       than enough. This fixed the "too many open files" problem we
  3525       encountered quite often recently. Thanks to Helmut Grohne!
  3527 Other Changes:
  3529     * Added {hu} flag.
  3530     * Added cz, pt and pt-br i18n.
  3531     * We send a 404 http status code for nonexisting wiki pages now,
  3532       maybe this will repell some search engines from requesting gone
  3533       pages again and again. The wiki user still sees the MissingPage
  3534       wiki stuff, so a user usually won't notice this change.
  3535     * Return 500 error code on failure and exceptions.
  3536     * Added some more bot / leech tool user agent strings.
  3537     * Prevent page floating elements from floating out of the page over
  3538       the footer, in modern, rightsidebar and classic themes.
  3539     * Encode URLs in a safer way
  3540     * We allow usernames with ' character in them now (like Tim O'Brian).
  3541     * Added support for the new security flags in docutils 0.3.9.
  3542     * @MAILTO@ expands now to safer [[MailTo()]] macro.
  3543     * Clarified and i18ned lost password mails.
  3544     * Added 'TitleIndex' and 'SiteNavigation' (+ translation) to the
  3545       list of pages that use html_head_index (so that robots
  3546       "index,follow").  Please make sure to have either FindPage,
  3547       TitleIndex or SiteNavigation in your navi_bar or in your
  3548       page_front_page content if you want search engines to find all
  3549       your pages.
  3550     * Make it possible to send account data when being logged in (for
  3551       future reference or whatever purpose).
  3552     * Speed up when running with persistent servers, the wiki config
  3553       does only get loaded once and misc. stuff is being cached between
  3554       requests now.
  3555     * The unit tests are disabled when using multi threading, because
  3556       the wiki configuration is shared between diffrent threads.
  3557     * The main code path (using standalone server) of MoinMoin runs on
  3558       PyPy now.
  3559     * Formatters do automatically transform HTML to plain text if they are
  3560       called with raw HTML code.
  3561     * Using larger socket backlog on Standalone and FastCGI servers
  3562       should be more reliable on high load.
  3563     * We now strip leading path from attachments uploaded by IE (this is
  3564       a bug in IE, not in MoinMoin). Better use a sane browser, like Firefox.
  3565     * added "teleport" to the user agent blacklist
  3567 New Features:
  3569     * Integrated Lupy indexer for better search performance. It is disabled
  3570       by default as of 1.3.5 as it still has known issues.
  3571       See if you want to test it.
  3572     * Integrated MonthCalendar 2.1, with some new features:
  3573       * a mouseover bubble that shows first level headlines of the linked
  3574         day page
  3575       * all calendars with same pagename move when using cal navigation,
  3576         thanks to Oliver Graf
  3577       * included AnnualMonthlyCalendar patch of Jonathan Dietrich
  3578         (use [[MonthCalendar(Yearly,,,+1,,6,1)]] syntax for birthdays and
  3579         other annually repeating stuff)
  3580       Make sure you remove old MonthCalendar.* from data/plugin/macro so that
  3581       moin will use the new code in MoinMoin/macro/
  3582       Maybe also clear the text_html cache.
  3583     * Added the new XSLT parser and the DocBook parser. This should increase
  3584       the 4suite compatiblity. See HelpOnXmlPages for details.
  3585       It now should run on 4suite 1.0a4 and 1.0b1. Thanks to Henry Ho!
  3586     * Added the DocBook formatter. This will let you generate DocBook markup
  3587       by writing simple wiki pages. It needs PyXML.
  3588     * It is now possible to customize parts of the UserPreferences page in
  3589       your wikiconfig (changing defaults, disabling fields, removing fields):
  3590       * Use user_checkbox_* for the checkboxes.
  3591       * Use user_form_* for other fields.
  3592       * See MoinMoin/ for the built-in defaults.
  3593     * New standalone server classes: ThreadPoolServer using pool of
  3594       threads, ThreadingServer with thread limit and ForkingServer.
  3595     * New standalone server configuration options: serverClass,
  3596       threadLimit, requestQueueSize.
  3597     * Use "PythonOption Location" in mod_python setup to solve script_name
  3598       problems.
  3600 Developer notes:
  3602     * Theme can now override maxPagenameLength() method to control page
  3603       name shortening.
  3604     * A search Match now provides access to the full re match via
  3605       the re_match attribute (use to access groups of the match)
  3606     * Underlay is not managed by arch any more. The tree contains an
  3607       underlay tarball, and you should untar after you update from main.
  3608     * "make update-underlay" will untar underlay
  3609     * "make merge" will star-merge main into your tree
  3610     * "make test" will now create and run in a fresh testwiki instace
  3611     * "make clean" options added
  3612     * _tests module does not have a global request any more. To refer to
  3613       the current request in a test, use self.request.
  3614     * _tests.TestConfig class require a request in the constructor.
  3615     * "python tests/ test_module" will run only test_module
  3616     * request.cfg stays between requests (for persistent servers).
  3619 Version 1.3.4 (2005-03-13, Revision moin--main--1.3--patch-666)
  3621 Fixes:
  3623     * Fixed ACL check in LikePages macro that caused links to unreadable 
  3624       pages to show.
  3625     * Fixed ACL check in newpage action.
  3626     * Fixed a security problem when admin policy defined in a custom
  3627       SecurityPolicy class was ignored.
  3628     * Fixed ACL check in action=show so that a user who may not read a page
  3629       also can't find out WHEN the protected page was updated.
  3630     * Workaround on Windows 95, 98, ME in order to clear the dircache.
  3631       This fixes some bugs related to an outdated page list and newly created
  3632       pages that did not appear immediately.
  3633     * Fixed decoding issues of page names on Windows, finally.
  3635     * Fixed traceback on IIS.
  3637     * Fixed wikirpc for standalone server.
  3638     * Other fixes (encoding and str/unicode data type related) to wikirpc
  3639       server, fixing some non-ascii issues hopefully.
  3640     * Fixed broken query strings for Standalone installations.
  3641     * Fixed backlinks - the result did not always show all links, often it 
  3642       showed too many irrelevant matches (MoinMoinBugs/BacklinksAreBroken).
  3643     * Fixed the acceptance of the show_hosts setting. Now you should be able
  3644       to hide any IP or host name from being published by MoinMoin by enabling
  3645       this option.
  3646     * Fixed wrong line endings on email messages.
  3647     * Fixed MoinMoinBugs/StandaloneUnquotesTooMuch.
  3648     * Fixed crash when trail file is missing.
  3649     * Fixed a traceback when searching for single ( or ).
  3650     * Added mig10 script to fix crashes with uncoverted edit-locks and file
  3651       attachments. Just use it as you did with mig1..mig9 before.
  3652     * Added mig11 script to add files to data/plugin (and below).
  3653     * added some fixes for the xslt parser (thanks to fanbanlo), it might be
  3654       still broken, but someone with deeper knowledge about xslt should fix it.
  3655     * Replaced image link with W3C's "html 4.01 compliance" icon by a simple
  3656       text link to avoid https: or config trouble.
  3657     * Catch OverflowError backtrace when illegal date strings (e.g. <1970 or
  3658       >2038) are fed to moinmoin's time routines. It will just output current
  3659       date / time in those cases.
  3660     * UserPreferences now also set a date_fmt preference and Date macro
  3661       honours it. You may have to reset your UserPreferences value for that.
  3662     * Fixed free parent and subpage links in interwiki notation.
  3664     * Fixed a traceback for invalid ReST markup.
  3665     * Fixed UnicodeError in SystemAdmin's Attachment Browser.
  3667 Other Changes:
  3669     * Optimized the IRC parser.
  3670     * Support for zipimport of the MoinMoin package. This allows you to use
  3671       py2exe and similar programs.
  3672     * Show the editor's name in the mail subject.
  3673     * Added the pragmas description and keywords. They will add <meta> headers
  3674       if used.
  3675     * Added MoinMoin/scripts/xmlrpc-tools/ example script, useful
  3676       as a starting point for importing data using wiki xmlrpc.
  3677     * Optimised display on Opera browser.
  3679 New features:
  3681     * The search modifier "linkto:" was introduced. You can use it to search
  3682       for links.
  3683     * The NewPage macro now can take a PageTemplate parameter, see HelpOnMacros.
  3684     * New config settings (so you don't need to edit any more):
  3685       xmlrpc_putpage_enabled = 0 (if 1, enables writing to arbitrary page names)
  3686       xmlrpc_putpage_trusted_only = 1 (if 0, doesn't require users to be
  3687        authenticated by http auth - DANGEROUS, DO NOT SET TO 0!!!)
  3688     * Added support for Digest and NTLM authentication with CGI (e.g. if you
  3689       use those Apache modules)
  3690     * The datetime string accepted by Date and DateTime macros was extended to
  3691       accept a timezone specification, so now +/-HHMM is also valid, e.g.:
  3692       2005-03-06T15:15:57Z (UTC, same as +0000)
  3693       2005-03-06T15:15:57+0000 (UTC)
  3694       2005-03-06T16:15:57+0100 (same time given as local time for time zone
  3695                                 with offset +0100, that is CET, e.g. Germany)
  3696       2005-03-06T10:15:57-0500 (same time given as local time for time zone
  3697                                 with offset -0500, EST, US Eastern Std. Time)
  3698       The values given as macro argument will be transformed to UTC internally
  3699       and then adapted again according to viewing user's UserPreferences, so
  3700       the user will see the same moment in time but shown in his local time
  3701       zone's time (at least if he set his UserPreferences correctly and didn't
  3702       forget changing them twice a year for DST and non-DST).
  3703     * Readded (now optional) editlink footer to Include macro. Add
  3704       ',editlink' to call to enable this.
  3705     * star "smileys" e.g. {*}{*}{*}{o}{o}
  3708 Version 1.3.3 (2005-01-24, Revision moin--main--1.3--patch-595)
  3710 Fixes:
  3712     * fixed ACL security problem in search
  3713     * fix for IIS with CGI allowing page names that contain chars
  3714       that are not in the system code page
  3715     * fixed MoinEditorBackup revisions to start with 1 now
  3716     * improved page locking ('current' file)
  3717     * Unittests (normally shown at end of action=test output) are currently
  3718       disabled for everything except CGI, because they only work reliably with
  3719       CGI, giving wrong results for other request methods.
  3722 Version 1.3.2 (2005-01-23, Revision moin--main--1.3--patch-587)
  3724 Fixes:
  3726     * ACL bugfix for deleted pages with ACL protection.
  3727     * ACL bugfix for "Default" acl.
  3728     * Fixed updating of groups and dicts
  3729     * Python 2.2.x related fixes (worked on 2.3+)
  3730       * Fixed traceback in RecentChanges.
  3731       * Fixed traceback with links browser.
  3732     * Fixed 0 revision display in 'Show changes'.
  3733     * Fixed traceback in Antispam which occurred when it could not connect
  3734       to MoinMaster. Log the errors to stderr or error.log.
  3735     * Fixed bug in Page init (no date, use rev). Fixes problem with
  3736       #deprecated PI.
  3737     * Fixed empty lists in empty search results.
  3738     * Cosmetic fix for modern theme (when viewed with Internet Explorer).
  3739     * Fixed migration 9 script, do not drop newline, do not drop error.log, 
  3740       note about missing error.log.
  3741     * Fixed script, keep ending newline on revisions.
  3742     * Show headings and macro content in correct direction when mixing content 
  3743       in several directions in the same page and using caching.
  3744     * Fixed bug in standalone re farmconfig.
  3745     * Fixed DOS condition in antispam code.
  3746     * Use smaller margin in print mode to get better results with 
  3747       Mozilla/Firefox.
  3748     * Fixed some user input escaping issues.
  3749     * Fixed a problem when one wiki plugin override other wikis plugins in 
  3750       same farm.
  3751     * Fixed some broken tests.
  3752     * Fixed recursive include in pstats.
  3753     * Fixed bug in standalone - HTTP result code was 200 even when the access
  3754       was forbidden.
  3755     * Fixed traceback when trying to login with non-ascii password.
  3756     * Fixed traceback when xml is not available, reported on Python 2.2.?
  3757     * Fixed slideshow to show slides in sorted order again.
  3758     * Fixed serving multiple wikis on same IP/different ports with twisted and
  3759       farmconfig.
  3760     * It is possible to run with data_underlay_dir = None for special
  3761       application, but be aware that the wiki won't be usable unless you have
  3762       at least some of the system pages from underlay/ available.
  3763     * Files with Unicode characters in their filename are possible now.
  3764     * Bugfix for broken [:page#anchor:text] links.
  3765     * Workaround an instability of the gdchart module leading to
  3766       stalled servers etc.
  3767     * Fixed some event-log decoding issues that affect charts rendering.
  3769 Other changes:
  3771     * Major speed improvement over 1.3.1. Many times faster title search,
  3772       creating new page, opening page editor and any operation that list pages.
  3773       See
  3774     * Improved README.migration.
  3775     * Cleaner design for login/register interface, login is always the default
  3776       button when the user click Enter.
  3777     * If there are problems found in the configuration, log the error
  3778       and display helpful error messages in the browser.
  3779     * More forgiving unicode configuration policy, you must use the u'string' 
  3780       format only for unicode values.
  3781     * Added profiling to CGI.
  3782     * The content of is similar to now.
  3783     * Unexpected errors while loading cache files are logged.
  3784     * i18n for icon ALT tags.
  3785     * Include request initialization code in the profile in standalone server.
  3786     * When creating new theme, style sheets are inherited correctly, no need
  3787       to override style sheets just to get them working.
  3788     * Many times faster plugin system. Typical pages are about 35% faster, 
  3789       pages with many plugins can be many times faster. 
  3790     * Spiders are allowed to fetch attachments.
  3791     * Old user files containing password hash encoded in pre 1.3 charset
  3792       are auto repaired on first login.
  3793     * data_dir defaults to './data', underlay_data_dir to './underlay' now.
  3794       It is a good idea to replace those by absolute pathes in
  3795     * Renamed "Refresh" to "Delete Cache" - it was misused by users. The action 
  3796       was also moved into the action menu in the modern and rightsidebar themes.
  3797     * Added a workaround for TableOfContents missing some links by making it
  3798       uncacheable via a "time" dependency.
  3799     * Removed interwiki icon and title attribute for wiki:Self:... links.
  3800     * Unittests (normally shown at end of action=test output) are currently
  3801       disabled because they worked unreliably, giving wrong results sometimes.
  3803 New features:
  3805     * Create new pages easily using configurable interface and page templates 
  3806       with the new NewPage macro.
  3807     * ReStructuredText (rst) support is built-in now. See HelpOnParsers.
  3808     * New experimental feature in - each interface may 
  3809       specify a port: ''. Without a port, the port option
  3810       is used.
  3812 API changes:
  3814     * For a complete list of changes, see MoinMoin:ApiChanges.
  3815     * wikiutil.importPlugin's first argument is now a wiki config instance 
  3816       (request.cfg) and there is no path keyword.
  3817     * Wiki plugins always override MoinMoin plugins. wikiutil.importPlugin
  3818       implements this override.
  3819     * util.pysupport.importName does not accept path - you should call 
  3820       it with correct module name, e.g '' for 
  3821       wiki plugins, or ''. 
  3822     * wikiutil.extensionPlugin was renamed to wikiPlugins and it gets config 
  3823       instance instead of path.
  3824     * New function wikiutil.importWikiPlugin used to import wiki plugins 
  3825       using a cache in a thread safe way.
  3826     * New config option config.use_threads is used to activate thread 
  3827       safe code.
  3828     * New keyword arguments for getPageList, enable 10X faster operation
  3829       for common cases by controlling page filtering.
  3830     * New up to 100X times faster getPageCount
  3833 Version 1.3.1 (2004-12-13, Revision moin--main--1.3--patch-434)
  3835 Fixes:
  3837     * Fixed "Error Cyclic usage" crash when user had Italian (it), Korean
  3838       (ko), Serbian (sr) or Vietnamese (vi) as user interface language.
  3839     * Fall back to en (instead of crashing) when user uses a language moin
  3840       does not support / does not support any more (like pt,sv,fi,sr).
  3841     * In 1.3.0, people accidentally put iso-8859-1 chars into wiki configs,
  3842       but those where expected to be pure utf-8 and thus it crashed.
  3843       Fixed by using unicode strings (varname = u'whatever'), a matching
  3844       encoding setting (see top of script comment) and, when decoding strings,
  3845       using decode to ASCII with replace mode (this replaces non-ASCII chars,
  3846       but at least it won't crash - and you get a warning to better use
  3847       Unicode strings).
  3848     * Fixed long time broken table formatting. ||<style="see css spec" a||b||
  3849       Now even generates valid HTML! The old markup for align, valign, width,
  3850       bgcolor still works, but synthesizes style attribute data.
  3851     * SystemAdmin macro shows attachments of ALL pages now.
  3852     * Users without write acl rights will be able to see attachments again and
  3853       also have AttachFile action in menu.
  3854     * Fixed wrong match count in search results, find all matches in page 
  3855       titles, show all matches in contents in some rare cases.
  3856     * Run about 200% faster with long running processes (standalone, Twisted), 
  3857       about 20% faster with cgi, by better internal data handling in wikidicts.
  3858     * On SF, the dict files use utf-8 encoding now. We included them also in
  3859       distribution, see contrib/dict/.
  3860     * Fixed permissions to shared template stuff.
  3861     * Speeded up search, fixed wrong match counts.
  3862     * Speeded up internal data handling (wikidicts).
  3863     * Fixed rare unicode error after deleting a page (reported only on SuSE
  3864       Linux 9.0 / Python 2.3.0).
  3865     * Fixed file permissions of files in the data dir.  
  3866     * Fixed some cosmetic problems in migration scripts and use sys.path.insert
  3867       to get latest moin code when executing them.
  3869 Other Changes:
  3871     * Improved docs, system and help pages.
  3872     * Updated translation files.
  3874 Known Bugs:
  3876     * Internet Explorer renders our HTML/CSS in a suboptimal way.
  3877       (MoinMoin:MoinMoinBugs/InternetExplorer)
  3878       Workaround: use a non-broken browser like FireFox / Mozilla.
  3879       Fixed in MoinMoin 1.3.2.
  3880     * Passwords using non-ascii do not work.
  3881       (MoinMoin:MoinMoinBugs/NonAsciiPasswordsBroken)
  3882     * The TOC macro is broken partly.
  3883       (MoinMoinBugs/TableOfContentsBrokenForIncludedPages,
  3884        MoinMoinBugs/TableOfContentsLacksLinks)
  3885     * See also:
  3888 Version 1.3.0 (2004-12-06, Revision moin--main--1.3--patch-400)
  3890     As you see from the length of the 1.3 changes below, 1.3 is a major(!)
  3891     upgrade. We could have also named it "2.0", but we decided against.
  3892     So take the time for reading the informations thoroughly and do the
  3893     migration exactly as we tell you - this is no 5 minutes upgrade!
  3895     !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
  3896     !!! We heavily changed configuration, data encoding, dir layout:    !!!
  3897     !!!  * the default encoding changed to utf-8.                       !!!
  3898     !!!  * also, we changed the escaping for special chars to %XX%YY in !!!
  3899     !!!    URL and (xxyy) in file system.                               !!!
  3900     !!!  * layout of data dir changed completely                        !!!
  3901     !!! If you upgrade an existing wiki, you must run the migration     !!!
  3902     !!! scripts or you will get data corruption or other problems.      !!!
  3903     !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
  3905     HINT: Upgrading your wiki - critical information
  3907       If you are NOT starting from scratch, you MUST convert your existing
  3908       data - see README.migration for details.
  3910       If you use ##language: xx comments on your OWN pages, you should also run
  3911       repair_language script. Not needed for help/system pages as we already
  3912       have done that for you.
  3914       MoinMoin uses Unicode internally now (UCS-2 with 16 bits or UCS-4 with
  3915       32 bits, depending on your Python installation). The encoding used
  3916       for page files and html output is set by config.charset.
  3918       Moin 1.3 uses utf-8 encoding only, there is NO SUPPORT for using a
  3919       charset different from utf-8 with 1.3. If you try, you are on your own.
  3921     Directory layout
  3923       Directory layout was heavily changed. Each page now is a directory,
  3924       containing page revisions, attachments, cache files and edit-log.
  3926       You can delete a page or move a page from one wiki to another
  3927       easily. Look at the wiki/data directory to see.
  3929       Example:
  3930         old: data/text/FrontPage
  3931         new: data/pages/FrontPage/revisions/00000042
  3932              data/pages/FrontPage/current (contains: 00000042)
  3933         old: data/backup/FrontPage.xxxxxxxx
  3934         new: data/pages/FrontPage/revisions/00000023
  3936       For cleaning up cache files, use MoinMoin/scripts/ 
  3937       (see comments in script).
  3939    Python / Libs
  3941       * For using RSS, you need to have PyXML installed:
  3942         Python 2.4*   -> PyXML 0.8.4 (cvs version)
  3943         Python 2.3.x  -> PyXML 0.8.3
  3944         Python 2.2.2+ -> ???
  3945         This will also make "Live Bookmarks" of Mozilla Firefox working.
  3946         New: if you don't have PyXML installed, the RSS icon on RecentChanges
  3947         will not be displayed any more. Python with no PyXML installed
  3948         generates invalid RSS XML.
  3950    Page names handling
  3952       * Handling of special characters in file names changed from _xx format
  3953         to (xx...) format.
  3954       * In URLs, moin now uses %xx%yy quoting, (because this is supported by 
  3955         browsers), and sub pages use "/" instead of the ugly "_2f".
  3956       * Underscore character "_" is used now as a space character " " both 
  3957         in file names and URLs. " " and "_" will be handled equivalent at most
  3958         places in the future (represented as "_", rendered as " ").
  3959       * To prevent wiki abuse and user typing errors, page names are normalized 
  3960         in URLs, query strings, the "go" box and when renaming pages. This 
  3961         include leading, trailing and multiple slashes and white space. Certain 
  3962         invisible unicode characters are removed from page names.
  3963       * Group page names are restricted even more, any non unicode alpha-numeric
  3964         character is removed. This is done to enable changing acl syntax in 
  3965         the future. The restriction might be loosen on future versions.
  3966       * You can edit config.page_invalid_chars_regex to control which characters
  3967         are allowed in page names (Changing it is not supported).
  3968       * When you enter page name, it is normalized and you are redirected to
  3969         the normalized page, or if nothing left (e.g '/////'), to FrontPage.
  3970       * When renaming a page to a name that can be normalized to an empty string,
  3971         the new page name will be "EmptyName" and the user will not get an
  3972         error message.
  3974    Underlay directory
  3976      * Pages (especially system and help pages) are now located in an underlay
  3977        directory (data_underlay_dir). You will see the pages there if they are
  3978        NOT covered (overlayed) by a page in the normal pages directory
  3979        (as set using data_dir).
  3980        MAKE SURE THAT data_underlay_dir IS CORRECT OR YOU WILL SEE MANY EMPTY
  3981        PAGES ONLY IN A NEW WIKI.
  3982      * If you edit a page that is shown from underlay directory, it will be
  3983        copied to the normal page directory on save (copy-on-write).
  3984      * You can use one copy of the underlay directory shared by many
  3985        wiki instances. Each wiki will then have only your local, self-made
  3986        wiki pages in its data directory, and only system and help pages in the
  3987        single, shared underlay directory - this simplifies upgrades a lot.
  3988      * It is recommended to keep your underlay system and help pages immutable
  3989        using acl, so you can upgrade your wiki easily. The default help and
  3990        system pages already have those ACLs (using MoinPagesEditorGroup).
  3991      * Do not forget to remove your old help and system pages after migrating
  3992        your wiki. We don't provide a script for that as that would be
  3993        dangerous for edited pages. Just use some file manager (e.g. mc) to
  3994        clean the data/pages/ directory. As soon as you have removed the
  3995        system pages there, you will see the new pages in the underlay dir.
  3996        See the EditedSystemPages page for a list of pages that exist in both
  3997        data and underlay directory (use this page as admin!).
  3999        When updating from 1.2 or lower to 1.3 or higher, you will want to
  4000        clean out the copies of the system pages in your {{{wiki/data}}}
  4001        directory. All of these pages will now reside in the underlay
  4002        directory. If you have system pages from 1.2 or lower in your
  4003        wiki/data/ directory, they will overshadow the more up-to-date
  4004        documentation. This can be done using the following manual procedure:
  4005        1. You have just converted from 1.2 or lower to post-1.3.
  4006        2. Go to your wiki's EditedSystemPages.
  4007        3. Find all the pages that are MoinMoin system or help pages. You will
  4008           know if it is one of those pages because it is not your page.
  4009        4. Check if it is okay to delete by either:
  4010           1. Using the this page "info" link and check the Revision History to
  4011              see if it is greater than 1. If so, there are modifications, so do
  4012              not delete the page and evaluate the modifications to see if they
  4013              are necessary.
  4014           2. Using your file browser (Windows Explorer, etc) to go to your
  4015              wiki/data/<<systemPage>>/revisions/ directory and to see if there
  4016              are no modifications. If there are, do not delete the page and
  4017              evaluate the modifications to see if they are necessary.
  4018        5. Delete that wiki/data/<<systemPage>> using your file browser.
  4020     Multiple languages
  4022       * New file name quoting method allow 50% longer page names in languages
  4023         that use more than one byte per character, like Hebrew, Korean etc.
  4024       * Configuration file uses 'utf-8' encoding now. Certain values that are
  4025         marked with [Unicode] can use any character in your language. Examples 
  4026         are page names in navi_bar, page types regular expressions and site name.
  4027       * For configuration examples adopted to your language, check ConfigMarket 
  4028         in the MoinMoin wiki.
  4029       * The system and help pages that come with moin are now in utf-8.
  4030       * MissingPage system page localized, should display in your language.
  4031       * We did many i18n (translation) updates.
  4032       * CSS file use utf-8 encoding. User css is also expected to be utf-8.
  4033         This is relevant only if you use non-ASCII values in the CSS file.
  4034       * config.upperletters and config.lowerletters were removed.
  4035         We now use a pre-made ucs-2 spanning set and you usually don't have to
  4036         change it. See MoinMoin/util/ if you're interested.
  4037       * ACL works with any user name or group name in any language, even names 
  4038         with spaces.
  4039       * Now you can use any charset in config.charset. Note: only utf-8 is 
  4040         a supported configuration!
  4041       * Improved url handling, now creating pages directly from the browser 
  4042         url box with non-ascii names works in most cases, even when 
  4043         config.charset is not utf-8.
  4044       * When using non-utf-8 config.charset, characters in URLs that does
  4045         fit in the charsets are replaced with "?" (instead of crashing).
  4046       * All themes and most macros and actions are Right to Left friendly.
  4047         Full RTL support planned for 1.3 release.
  4048       * If page language is specified with #language processing instruction
  4049         the page is displayed in the correct direction. Pages without
  4050         language are displayed using the wiki default_lang.
  4052     Multiple configurations
  4054       * You can run multiple wikis from the same wiki directory or server. 
  4055         For example, you can run one Twisted server that serve multiple wikis, 
  4056         instead of running multiple servers. Samples of the new configuration
  4057         are supplied in wiki/config/*.
  4058       * You can't just use your old file. It is now called
  4059 and the config variables now have to be in a class
  4060         "Config" and that class must inherit from
  4061         MoinMoin.multiconfig.DefaultConfig - see the provided
  4062         sample for details.
  4063         This is very useful, e.g. you could derive a GermanConfig from
  4064         DefaultConfig. After that, you can derive configs for wikiA and wikiB
  4065         from that GermanConfig.
  4066       * contains a mapping attribute called "wikis" with pairs of
  4067         wikiconfig module name and regular expression. The regular expression
  4068         is matched against the URL of the request and the first matching entry
  4069         determines the config module to be imported by MoinMoin.
  4070       * If you use's "wikis" mapping, then any wiki has a private
  4071         config module, named after the wiki - e.g. wiki named moinmoin would
  4072         use
  4073       * If you only have a single wiki, you do not need just make 
  4074         a and it will be used no matter what URL is requested. 
  4075       * There is one common global "config" that holds sitewide settings (like
  4076         umask or charset) - you do not need to change settings there.
  4077         This file is located in the MoinMoin code: MoinMoin/
  4079     General configuration
  4081       * SecurityPolicy now uses "write" instead of "edit" (so it is may.write
  4082         now). This is to get it in sync with ACLs.
  4083       * SecurityPolicy now automatically can use everything in acl_rights_valid.
  4084       * There is a new config option "config_check_enabled". It will warn about
  4085         any unknown variable name (probably typo) to stderr or error.log. 
  4086         If something doesn't work at all and changing the config does no 
  4087         difference, switch it on and look at the error message. 
  4088       * The sample config file comes with config_check_enabled = 1. If you 
  4089         introduce additional variables yourself, you definitely want to switch 
  4090         that check off or it will fill your log.
  4091       * If you define "page_front_page" variable, this name will show in the 
  4092         navigation bar now, instead of the default "FrontPage".
  4094     New search engine
  4096      * Full text and title search do support multiple search terms now - 
  4097        see HelpOnSearching for details.
  4098      * Regular expressions are still supported but have to be turned on per
  4099        search term. Search terms in macros using regular expressions will have
  4100        to be fixed.
  4101      * The URL interface of the search engine has also changed. Links that 
  4102        point directly to search actions may be broken.
  4104     User names
  4106       * User names can not use group names, even if ACLs are not enabled.
  4107         This will prevent error later, if you start to use acl in the future
  4108         (acl is going to be mandatory in 1.5).
  4109       * User names are not restricted any more to only CamelCase. 
  4110       * To prevent imposing as other users, leading, trailing and multiple 
  4111         whitespace in user names is not allowed. Only Unicode alpha numeric 
  4112         characters are allowed, with optional one space character between 
  4113         words.
  4114       * When a user name with a group name or "bad" name is trying to 
  4115         access the wiki, he is redirected to the UserPreferences page and 
  4116         asked to create a new account.
  4117       * When trying to login or create a new account with a bad name, 
  4118         correct error message is displayed in all cases.   
  4120     CGI
  4122       * You can not use your old moin.cgi file, as we removed 
  4123         (was deprecated since 1.2). Copy the new file from the server dir.     
  4125     Moin servers - Twisted and standalone
  4127       * Configuration self checking on startup. Will raise an error in case
  4128         of bad configuration or non-accessible directories.
  4129       * Both use shorter and identical configuration options.
  4130       * Server scripts contain detailed comments and examples.
  4131       * Configuration defaults changed to fit most users.
  4132       * There is memory profiler option for debugging, switched off by default.
  4133       * If you perform a standard install, server scripts should run out
  4134         of the box or with minimal change.
  4136     Twisted server
  4138       * All code moved into the new server package, the server script
  4139         contains only configuration options.
  4140       * Listen to more than one interface with "interfaces" list.
  4141       * Code updated to new Twisted API.
  4142       * Use mointwisted script to start and stop the server, using 
  4143         "mointwisted start" and "mointwisted stop".
  4144       * The Twisted server runs as daemon by default.
  4145       * All moin Twisted files are called now mointwisted instead of 
  4146         moin_twisted.
  4147       * Fixed getting username from Twisted request (http auth)
  4149     Standalone server
  4151       * Configuration moved from to
  4152       * If run as root, you can set both user and group for the server.
  4153       * Can use logfile instead of logging to stderr.
  4154       * Fixed missing unquoting of query string (caused problems in rare cases).
  4156     mod_python server
  4158      * moin_modpy server files renamed to moinmodpy.
  4160     Wiki Markup
  4162      * '''strong''', ''em'' and __underline__ have now paragraph scope. You can
  4163        set these attributes on words level. For multiple paragraphs, wrap each 
  4164        with needed markup.
  4165      * If you leave unclosed ''', '' and __  markup, its is closed when the 
  4166        paragraph ends.
  4168     User interface
  4170      * Due to many changes in CSS files, the wiki may look "broken" until
  4171        your reload once or twice, or empty your browser cache.
  4172      * The "Send mail notification" checkbox is replaced by "Trivial change"
  4173        checkbox. The default behavior did not change - regular edit is not
  4174        a trivial change, and mail will be sent to subscribes. If you check
  4175        trivial change, mail will be sent only to users who selected to 
  4176        get trivial changes in their user preferences.
  4177      * New theme "modern" has been added, and used as default theme. 
  4178      * classic and rightsidebar improved.
  4179      * viewonly theme removed, as any theme can be use now as viewonly
  4180        by using #acl All:read in the wikiconfig.
  4181      * All themes use new navibar, displaying both wiki links, user links
  4182        and the current page.
  4183      * navibar and pagetrail use now shortened page names, so very long
  4184        names does not break the interface visually.
  4185      * All themes have improved search interface at the top of the window.
  4186      * Only avaiable actions are displayed, so most situations when a user
  4187        try to do something he can't do are prevented.
  4188      * When creating a new page, no action is available until the page 
  4189        is created. You can't attach files to non-existing page any more.
  4190      * Non registered users get a "login" link. Registered uses get
  4191        "username" link to their home page, and "user preferences" link.
  4192      * Messages more clear using bold type, designed by css.
  4193      * Few useless messages removed (but there are many more)
  4194      * Default wiki logo uses the wiki name instead of the MoinMoin troll 
  4195        logo.
  4197     Other fixes and changes
  4199      * Most generated html code is valid "html 4 strict". There are still
  4200        some problems that still have to be fixed, mainly macros, table
  4201        attributes, and inline markup crossing (<a><b></a></b>).
  4202      * WantedPages can include and exclude system pages, which makes it 
  4203        much more useful.
  4204      * Fixed a bug in TitleIndex where not all system pages are excluded.    
  4205      * RenamePage action now renames everything, including backups, page
  4206        history, attachments. It does not change toplevel editlog, though.
  4207        After you rename a page, you are redirected to the new page.
  4208      * Syntax colorization supports more languages (Java, C++, Pascal)
  4209      * Inline: display of attachments was extended. A Parser now knows which
  4210        extensions it can handle.
  4211      * TableOfContents and Include macros now cooperate a bit better. There
  4212        are still problems with multiple Includes of the same page.
  4213      * Excluded actions at bottom of page are not displayed any more.   
  4214      * Editor: removed the columns size setting, just using 100% of browser
  4215        window width (it didn't work because of that anyway). Also removed that
  4216        "reduce editor size" link at top of editor as you would lose your
  4217        changes when using it.
  4218      * Removed the option to choose text smileys instead of images, this made
  4219        more trouble than it was worth. The text version is still given in ALT
  4220        attribute.
  4221      * Moved stuff from contribution/ to MacroMarket page on MoinMoin wiki
  4222      * Some nasty people try to use a running moin as a proxy (at least they
  4223        did on, maybe due to the magic port
  4224        number). We changed the code to check for that and just return 403
  4225        in that case. Moin can not be used as a proxy anyway.
  4226      * moin.cgi?test was removed in favor of a new buildin test
  4227        action. It works for all deployments, just use ?action=test.
  4228      * Sending mail does use tls if server supports it.
  4230     3rd party developer notes
  4232      * Themes should be now sub class of MoinMoin.theme.ThemeBase. Sub
  4233        classes will get automatically all new improved user interface
  4234        elements for free.
  4235      * Theme authors should update their theme for 1.3. Some keys removed
  4236        from them dict. See ThemeBase class in MoinMoin/theme/ 
  4237      * Actions writers should call request.setContentLangauge with the 
  4238        correct language used by the action. This enable themes and other
  4239        code to use correct direction.
  4240      * The Formatter interface was changed. Formatters and parsers using 
  4241        the formatter interface have to be adjusted.
  4242      * started deprecation of Processors: they are still recognized, but
  4243        implementors should start to rewrite their Processors as Parsers.
  4244        A processor with the same name as a parser in a pre #! section is
  4245        currently preferred. This will change in the next release.
  4247     Deprecation notes
  4249      * Processors are deprecated, see section above.
  4251      * Using the cookie (or the login url with ID) only and not setting (or
  4252        setting and not remembering) your email/password in UserPreferences
  4253        is DEPRECATED. Those quite unsecure methods will likely be dropped
  4254        in next moin version.
  4256      * Operating with acl_enabled = 0 is also DEPRECATED. Due to some other
  4257        improvements planned, we will have to operate with ACLs enabled ONLY
  4258        in a future moin version, so this setting will likely be dropped.
  4259        So clean up your user accounts (see and switch ACLs
  4260        on NOW.
  4261        There are no drawbacks, so you will like it. Having ACLs enabled
  4262        doesn't mean you really have to USE them on wiki pages...
  4264      * allow_extended_names = 0 is deprecated (default was/is 1).
  4265        Future versions will be able to use extended names (aka free links) in
  4266        any case and the config setting will be removed.
  4268      * allow_subpages = 0 is deprecated (default was/is 1).
  4269        Future versions will be able to use subpages in any case and the config
  4270        setting will be removed.
  4272      * attachments = {...} - we would like to remove that setting because of
  4273        several reasons:
  4274        * when not being extremely careful, this can easily lead to security
  4275          problems (like when uploading a .php exploit and then executing it
  4276          by accessing it directly via web server)
  4277        * makes code more complicated - code that we want to change completely
  4278          in next version
  4279        If you need that feature, speak up now and tell us your reasons WHY you
  4280        need it.
  4283 Version 1.2.4 (2004-10-23, Revision 1.187)
  4285 This will probably be the last 1.2.x release as we are soon doing release
  4286 candidates for 1.3 release (with big internal changes) and are expecting
  4287 release 1.3 in december 2004.
  4289 Fixes:
  4290     * fixed "None" pagename bug in fullsearch/titlesearch
  4291     * fixed projection CSS usage
  4292     * the compiled page is removed when a page is deleted, so no ghost page
  4293       appears after deletion
  4294     * fixed AbandonedPages day-break problem
  4295     * fixed [[GetVal(WikiDict,key)]]
  4296     * the msg box is now outside content div on PageEditor, too
  4297     * privacy fix for email notifications: you don't see other email addresses
  4298       in To: any more. mail_from is now also used for To: header field, but
  4299       we don't really send email to that address.
  4300     * privacy fix for /MoinEditorBackup pages that were made on previews of
  4301       pages that were not saved in the end
  4302     * fix double content div on PageEditor preview
  4304 Other changes:
  4305     * workaround for broken Microsoft Internet Explorer, the page editor now
  4306       stops expanding to the right (e.g. with rightsidebar theme).
  4307       Nevertheless it is a very good idea to use a non-broken and more secure
  4308       browser like Mozilla, Firefox or Opera!
  4310     * from import SecurityPolicy in your
  4311 will protect your wiki from at least the known spammers.
  4312       See MoinMoin:AntiSpamGlobalSolution for details.
  4314     * xmlrpc plugin for usage logging, currently used for antispam accesses
  4316     * (re-)added configurable meta tags:
  4317         * html_head_queries = '''<meta name="robots" content="noindex,nofollow">\n'''
  4318         * html_head_posts   = '''<meta name="robots" content="noindex,nofollow">\n'''
  4319         * html_head_index   = '''<meta name="robots" content="index,follow">\n'''
  4320         * html_head_normal  = '''<meta name="robots" content="index,nofollow">\n'''
  4322     * i18n updates/fixes
  4324     * New UserPreferences switch:
  4325       you may subscribe to trivial changes (when you want to be notified about ALL
  4326       changes to pages, even if the author deselected to send notifications).
  4328     * New AttachList and AttachInfo macros - thanks to Nigel Metheringham and
  4329       Jacob Cohen.
  4331 Version 1.2.3 (2004-07-21, Revision 1.186)
  4333 Fixes:
  4334     * fixed NameError "UnpicklingError" in
  4335     * fixed version number in moin.spec
  4336     * reverts done by bots or leechers
  4337       There was a bad, old bug that triggered if you did not use ACLs. In that
  4338       case, moin used some simple (but wrong and incomplete) function to
  4339       determine what a user (or bot) may do or may not do. The function is now
  4340       fixed to allow only read and write to anon users, and only delete and
  4341       revert to known users additionally - and disallow everything else.
  4342     * avoid creation of unneccessary pages/* directories
  4343     * removed double content divs in general info and history info pages
  4344     * fixed wiki xmlrpc getPageHTML
  4345     * fixed rightsidebar logout URL, also fixed top banner to link to FrontPage
  4346     * use config.page_front_page and .page_title_index for robots meta tag
  4347       (whether it uses index,follow or index,nofollow), not hardcoded english
  4348       page names
  4349     * ACL security fix for PageEditor, thanks to Dr. Pleger for reporting
  4350     * default options for new users are same as for anon users
  4352 Version 1.2.2 (2004-06-06, Revision 1.185)
  4354 Fixes:
  4355     * python related:
  4356      * own copy of difflib removed
  4357        Until moin 1.2.1 we had our own copy of python 2.2.3's difflib coming
  4358        with moin. This was to work around some problems with broken older 2.2
  4359        python installations. We removed this now because if you have py 2.3,
  4360        there is even a better difflib coming with python (and that fixes an
  4361        extremely slow diff calculation happening in some rare cases).
  4362        So the good news is that when you run python 2.3, you don't need to do
  4363        anything and it will run great. If you run python 2.2.3, it will mostly
  4364        work good and you also don't need to do anything. The bad news is that
  4365        if you run an old and broken 2.2 installation (2.2.1, maybe 2.2.2) you
  4366        will have to fix it on your own (just copy from python 2.2.3
  4367        over to your python 2.2.x installation).
  4368        But better upgrade to python 2.3 (for debian woody, there's a backport),
  4369        as 2.3 generally runs better and faster than 2.2.
  4370      * scripts changed to use #!/usr/bin/env python (not /usr/bin/python2.2)
  4372     * user accounts and ACLs:
  4373      * we now require the user to specify a password for a new account (you
  4374        were not able to login without a password anyway)
  4375      * it is not allowed any more to create user accounts with user names
  4376        matching config.page_group_regex - please check manually that you do
  4377        not already have such users existing (like a user named "AdminGroup"):
  4378        cd data/user ; grep name=.*Group *  # there should be no output!
  4379      * subscription email sending now honours ACLs correctly
  4381     * markup / rendering / user interface fixes:
  4382      * fixed merging multiple lines indented by the same amount of blanks
  4383      * ## comments don't break tables in two parts
  4384      * added a "remove bookmark" link to RecentChanges
  4385      * fixed action=titleindex (added \n after each entry)
  4387     * RSS fixes:
  4388      * non-ASCII characters should work now
  4389      * RSS feed (Recentchanges?action=rss_rc) gives UTC timestamps now
  4390      * removed attribute breaking RSS feed on RecentChanges
  4392     * better email generation:
  4393      * if you use python >=2.2.2, we add a Message-ID header to emails
  4394      * if you use python 2.2.1, there is no email.Header. Instead of crashing
  4395        (like previous moin 1.2.x releases), we just use the subject "as is" in
  4396        that case. If it is not ASCII, this is not standards compliant.
  4397      * If you have >=2.2.2 it will use email.Header to make standards compliant
  4398        subject lines.
  4399      * use config.mail_from as sender address when sending "lost my password"
  4400        emails
  4402     * file attachments:
  4403      * fixed for standalone server
  4404      * attachment URLs (when handled by moin) don't include server name
  4405      * fixed some wrong &amp;amp; in html src
  4407     * better themeability:
  4408      * some entries in dict "d" where only present in header theme calls, some
  4409        only in footer theme calls. Now almost all is present in both calls.
  4410      * added some missing "content" divs so sidebar themes look better
  4412     * fixed some crashes producing backtraces:
  4413      * no IOError when diffing against deleted page
  4414      * no backtrace in xml footnote generation
  4415      * no SystemInfo crash when no editlog exists in new wikis
  4416      * xmlrpc.getRecentChanges fixed
  4418     * MoinMoin.util.filesys.rename is now a wrapper around os.rename that
  4419       fixes os.rename on broken win32 api semantics
  4421 Other Changes:
  4422     * saving traffic and load by improved robot meta tag generation:
  4423      * "noindex,nofollow" on queries and POSTs
  4424      * "index,follow" on FrontPage and TitleIndex (give robots a chance ;))
  4425      * "index,nofollow" on all other pages (hopefully saving lots of senseless
  4426        requests for page?action=...) 
  4427      * removed config.html_head_queries (was used for same stuff)
  4428     * added russian i18n (utf-8)
  4429     * misc. other translation updates / fixes
  4430     * added rightsidebar theme
  4431     * TitleIndex now folds case, so "APage" and "anotherPage" are both under
  4432       letter "A".
  4433     * added macro/ - it calculates the hits each page gets since
  4434       beginning of logging
  4437     * Full text and title search do now support multiple search terms - 
  4438       see HelpOnSearching for details
  4440     * The Formatter interface was changed. Formatter and parser using 
  4441       the formatter interface have to be adjusted.
  4443 Version 1.2.1 (2004-03-08, Revision 1.184)
  4445 Fixes:
  4446     * minimum requirement to run moin 1.2/1.2.1 is python 2.2.2
  4447      * not: 2.2(.0), as this does not have True/False
  4448      * not: 2.2.1, as this does not have email.Header. You maybe can work
  4449        around that one by:
  4450       * getting the python 2.2.x (x>=2) /usr/lib/python2.2/email directory
  4451       * putting it into directory 'x' (whereever you like)
  4452       * doing a sys.path[0:0] = ['x'] in moin.cgi [or other appropriate place]
  4453       No guarantee, this is untested.
  4454     * Twisted: the http headers missed the charset data, fixed
  4455     * mod_python: fixes for mod_python 2.7
  4456     * wiki/data/plugin/ added - fixes not working plugin modules
  4457     * plugin processors work now, too
  4458     * fixed displaying non-existent translations of SiteNavigation in footer
  4459     * fixed zh-tw iso name (wrong zh_tw -> correct zh-tw)
  4460     * fixed reversed diffs in RecentChanges RSS
  4461     * fixed "last change" info in footer (wasn't updated)
  4462     * fixed event.log missing pagename (and other) information
  4463     * fixed horizontal line thickness >1
  4464     * fixed running from CVS workdir
  4465     * fixed crash when doing action=info on first revision of a page
  4466     * fixed hostname truncation in footer
  4467     * minor css fixes
  4468     * fixed clear msg links (they missed quoting, leading to strange page
  4469       names when you click on some of them)
  4470     * fixed python colorizer processor
  4471     * fixed quoting of stats cache filenames
  4472     * catched "bad marshal data" error when switching python versions
  4474 Other changes:
  4475     * updated danish (da) i18n
  4476     * updated japanese (ja) i18n
  4477     * added serbian (sr) i18n
  4478     * added chinese (zh) i18n
  4479     * added a simple "viewonly" theme based on classic theme - you can use
  4480       this as default theme, so anonymous users won't get the usual wiki stuff,
  4481       but a far simpler (and less powerful) user interface.
  4482       It also displays the navibar at the left side.
  4483     * added moin.spec for building RPMs
  4484     * included MoinMoin/i18n/* into distribution archive (nice for translators)
  4485     * included some stuff under MoinMoin/scripts - xmlrpc-tools and account
  4486       checking stuff. removed some version control clutter from the dist
  4487       archive, too.
  4489     * code colorization was refactored and some new languages (Java, C++,
  4490       Pascal) where added.
  4491     * inline: display of attachments was extended. A Parser now knows which
  4492       extensions it can handle.
  4494 Version 1.2 (2004-02-20, Revision 1.183)
  4496 New features:
  4497     * MoinMoin now requires Python >=2.2.2., we recommend to use Python >=2.3.2
  4498       (with 2.3.x, MoinMoin runs about 20-30% faster).
  4499     * by refactoring request processing, we made it possible to run moin under
  4500       persistent environments:
  4501         * twisted-web (
  4502         * (use for starting this mini server)
  4503         * mod_python
  4504         * FastCGI
  4505       Of course, CGI is still possible.
  4506     * wiki pages will be compiled to bytecode now (by default), so no need for
  4507       slow parsing/formatting on every view ("WASP", see caching_formats)
  4508     * when using a persistent environment (like twisted) and WASP, you get up
  4509       to 20x speed - compared to CGI and moin 1.1
  4510     * added support for diffs between arbitrary revisions.
  4511     * removed requirement of the external diff utility
  4512     * config.auth_http_enabled (defaults to 0) - use this to enable moin
  4513       getting your authenticated user name from apache (http basic auth,
  4514       htpasswd) - if you enable this, your basic auth username has to be the
  4515       same as your wiki username.
  4516       Should work with CGI, FCGI and maybe even with mod_python.
  4517       Does not change behaviour of moin under twisted or standalone server.
  4518     * config.tz_offset = 0.0 sets a default timezone offset (in hours
  4519       from UTC)
  4520     * config.cookie_lifetime (int, in hours, default 12) sets the lifetime of
  4521       the MOIN_ID cookie:
  4522         == 0  --> cookie will live forever (no matter what user has configured!)
  4523         > 0   --> cookie will live for n hours (or forever when "remember_me")
  4524         < 0   --> cookie will live for -n hours (forced, ignore "remember_me"!)
  4525     * added themeing and some themes (if you improve the existing themes or
  4526       make nice new ones, please contribute your stuff!). The default theme is
  4527       set by config.theme_default (and defaults to 'classic').
  4528     * now supporting plugin directory for parsers, processors, themes, xmlrpc.
  4529     * action=info now defaults to showing page revision history again
  4530     * all actions accessing the logfile (as RecentChanges or history) are now
  4531       much faster
  4532     * #refresh processing instruction, config.refresh
  4533         * config.refresh = (minimum_delay, target_allowed)
  4534             * minimum delay is the minimum waiting time (in seconds) allowed
  4535             * target_allowed is either 'internal' or 'external', depending on
  4536               whether you want to allow only internal redirects or also
  4537               external ones. For internal redirects, just use the Wiki pagename,
  4538               for external, use http://... url.
  4539         * #refresh 3                    == refresh this page every 3 seconds
  4540         * #refresh 5 FrontPage          == internal redirect to FrontPage in 5s
  4541         * #refresh 5 == redirect to google in 5s
  4542       Use very carefully! Allowing a low minimum_delay and putting a #refresh
  4543       on RecentChanges might slow down your wiki significantly, when some
  4544       people just let their browser refresh and refresh again. Also, it does
  4545       cause quite some traffic long-term. So better do not use this without
  4546       good reason! Default is None (switched off).
  4547     * hide most UserPreferences options before user has logged in, less
  4548       confusing for new users
  4549     * "config.page_dict_regex" defines what pages are dictionary definitions
  4550       Currently dictionaries are used for UserHomePage/MyDict where you can
  4551       define key:: value pairs that get processed like @DATE@ expansion when
  4552       saving a page. The 2 "@" will be added to your keys automatically.
  4553       Please do not use @xxx@ strings on the right side (value), results may
  4554       vary if you do.
  4555       You can also access wiki dictionaries by using the internal macro
  4556       [[GetVal(page,key)]]" - that will go to page "page" and return the
  4557       value (right side) corresponding to "key".
  4558       Implementation note: groups are a subset of the dictionary functionality.
  4559     * standalone server should work now (see server/, so you don't
  4560       need to setup apache or twisted for a local personal wiki, you only need
  4561       python and moin for that now, no additional stuff any more!
  4562     * if you run your wiki with charset = "utf-8" (the default is still
  4563       iso8859-1), you might want to have a look at contributions/utf8-pages/
  4564       to see if there are already translated system pages for your language.
  4566 Fixes:
  4567     * new importPlugin routine (the old one didn't work correctly)
  4568     * removed 0xA0 characters breaking utf-8
  4569     * system page recognition now uses wiki groups (see AllSystemPagesGroup),
  4570       fixing the long-time broken system page exclusion on TitleIndex.
  4571     * mostly HTML 4.01 Strict compliant HTML
  4572     * design is done by CSS now, HTML is semantic markup only 
  4573     * removed target attribute from links, also [^NewWindow] markup - this
  4574       is a HTML 3.2 feature and not valid in HTML 4.01
  4575     * updated TWikiDrawPlugin to 20021003 version, with further modifications
  4576       including source. It can draw imagemaps now and saves PNG. On display a
  4577       GIF will be searched if no PNG is found. We recommend changing all GIFs
  4578       to indexed PNGs cause this fallback might disappear in later versions.
  4580       Sample code using bash and ImageMagick (be sure you know what you do):
  4581       for draw in `find /path/to/wiki/data -name \*.draw`; do
  4582         file=`dirname $draw`/`basename $draw .draw`
  4583         if [ -e "${file}.gif" ]; then
  4584           echo "Converting ${file}.gif to ${file}.png"
  4585           convert "${file}.gif" "${file}.png"
  4586         fi
  4587       done
  4589     * fixed email headers and encoding
  4590     * Changed moin-usercheck to adhere to scripting standards; no
  4591       proprietary config changes needed any more (added --config);
  4592       --wikinames is now part of the usage message.
  4593     * config.umask now defaults to 0770 - if you give world r/w access, ACLs
  4594       could be rather pointless...
  4596 Removed config variables:
  4597     * external_diff (not needed any more, we have internal diff now)
  4598     * shared_metadb (wasn't implemented for long - we will re-add it, when it is)
  4599     * title1/2 (please use page_header1/2)
  4600     * page_icons_up
  4602 Changed config variables:
  4603     * changed_time_fmt (removed some html and brackets around time from default)
  4604     * html_head (default is empty string now)
  4605     * page_footer1/2 (default is empty string now)
  4606     * page_icons (is now a list of icon names, not html any more)
  4607     * umask (default is 0770 now, not world r/w any more == more secure)
  4609 New config variables (see MoinMaster:HelpOnConfiguration):
  4610     * cookie_lifetime
  4611     * mail_login
  4612     * page_credits
  4613     * page_dict_regex
  4614     * page_group_regex
  4615     * page_header1/2
  4616     * page_iconbar 
  4617     * page_icons_table
  4618     * page_license_enabled
  4619     * page_license_page
  4620     * theme_default
  4621     * theme_force
  4622     * tz_offset 
  4624 Other:
  4625     * lots of internal code refactoring and optimization
  4626     * began moving src code documentation to epydoc, see "make epydoc"
  4627     * the URL for the RecentChanges RSS feed changed. It now only works with
  4628       ...?action=rss_rc.
  4630 Known problems:
  4631     * theme support is neither complete (although covering most important
  4632       stuff) nor perfect - work on that will continue...
  4633     * we removed some html from system messages (the boxes at top of page you
  4634       get after some actions), so it currently looks less nice than before.
  4635     * html is not completely validating and it is not xhtml - this will be
  4636       fixed as soon as we have the infrastructure for that (other parser, DOM)
  4637     * problems with rtl (right-to-left) languages, will be fixed in 1.3
  4638     * if you change moin_config or switch themes, moin will still use already
  4639       cached page content. For the config this can be fixed by touching
  4640       MoinMoin/ (or simply deleting everything in
  4641       data/cache/ If you get more annoyed by this than pleased by
  4642       caching speedup, you can also switch off caching (see docs on
  4643       caching_formats).
  4645 Themeing and HTML/CSS cleanup:
  4646     * Browsers with completely broken CSS support (like e.g. Netscape 4.x) are
  4647       no longer supported. If you still need to support them, do not upgrade to
  4648       moin 1.2. If you still use these browsers, we recommend that you upgrade
  4649       your browser first (Mozilla 1.5 has nice and standards compliant HTML and
  4650       CSS support and is available as Free Software for Windows, Linux and Mac).
  4651     * If you changed any html in code or by config you will have to check if it
  4652       still works. For the usual stuff, look into `MoinMoin/theme/`
  4653       and `classic/css/screen.css`. For config defaults of the html fragments,
  4654       read `MoinMoin/`. If you want to modify a theme, don't simply
  4655       change classic, but copy or subclass it under a new theme name.
  4656     * because of the new theme support the layout of the `htdocs` directory
  4657       changed:
  4658       * Instead of using icons under `img/` and css under `css/`, there will
  4659         be an additional `themename/` directory in between, e.g. `classic/img/`
  4660         and `classic/css/`. If you added own icons, you may have to copy them
  4661         to the themes directory.
  4662       * The filename of the CSS file has changed to the media type, so the
  4663         normal one used for screen output has changed name from `moinmoin.css`
  4664         to `screen.css`. There also were quite some changes and enhancements to
  4665         the CSS files, so better use the new ones.
  4666     * config.css_url was removed
  4668 Plugins:
  4669   * we use a new plugin loader that requires a correct `` file in
  4670     the plugin directories. See the directory `wiki/data/plugin/` in the
  4671     distribution archive and just copy it over to your wiki's plugin directory.
  4674 Version 1.1 (2003-11-29, Revision 1.178)
  4676 Version 1.1 requires Python 2.0 or higher, we recommend to use Python 2.2
  4677 (version 2.2.2 if that is available on your host) or even better >= 2.3.2
  4678 (with 2.3.x, MoinMoin runs about 20-30% faster).
  4680 New features:
  4681   Configuration:
  4682     * config.default_lang lets you set a default language for users not
  4683       having specified language in their browser or UserPreferences
  4684     * "config.page_category_regex" defines what pages are categories
  4685     * replaced `config.page_template_ending` by a more flexible setting
  4686       named `config.page_template_regex`
  4687     * the same with config.page_form_regex (was: page_form_ending)
  4688     * "config.page_group_regex" defines what pages are group definitions
  4689       Currently groups are used for "user groups" (see ACLs) and "page
  4690       groups" (see AllSystemPagesGroup).
  4691     * robot exclusion from all pages except the standard view action,
  4692       via the config.ua_spiders regex (reduces server load)
  4693     * "maxdepth" argument for the TableOfContents macro
  4694     * config.title1, config.title2, config.page_footer1,
  4695       config.page_footer2 can now be callables and will be called with
  4696       the "request" object as a single argument (note that you should
  4697       accept any keyword arguments in order to be compatible to future
  4698       changes)
  4699     * "config.html_pagetitle" allows you to set a specific HTML page
  4700       title (if not set, it defaults to "config.sitename")
  4701     * navi_bar / quicklinks can now contain free-form links, i.e.
  4702       entries of the form "[url linktext]" just like in wiki pages
  4703     * if a quick link starts with '^', it opens in a new window; help
  4704       now opens in a new window also
  4705     * `config.smileys` for user-defined smileys (default: `{}`) - a dict
  4706       with the markup as the key and a tuple of width, height, border, image
  4707       name as the value).
  4708     * `config.hosts_deny` to forbid access based on IP address
  4709     * `config.mail_login` can be set to username and password separated by
  4710       a space, e.g. "username userpass", if you need to use SMTP AUTH
  4711     * `config.edit_locking` can be set to None (old behaviour, no
  4712       locking), 'warn <timeout mins>' (warn about concurrent edits, but
  4713       do not enforce anything), or 'lock <timeout mins>' (strict locking)
  4714     * optionally showing a license text on editor page, use:
  4715       config.page_license_enabled = 1
  4716       Optionally use these to customize what is shown there:
  4717       config.page_license_text = "... your text ..."
  4718       config.page_license_page = "MyLicensePage"
  4719       See the default values in MoinMoin/ for details and
  4720       override them in, if needed.
  4721     * `config.shared_intermap` can be a list of filenames (instead of a
  4722       single string)
  4723     * If you have added your own `SecurityPolicy`, the class interface for
  4724       that has changed (see ``).
  4726   Authenticaton / Authorization:
  4727     * added ACL support, written by Gustavo Niemeyer of Conectiva and
  4728       Thomas Waldmann. See HelpOnAccessControlLists for more infos.
  4729       You should use MoinMoin/scripts/ before activating
  4730       ACLs or some users with bad or duplicate accounts might get into
  4731       trouble.
  4732     * A user account can be disabled using or
  4733       UserPreferences page. Disabling, but keeping it is good for edit
  4734       history.
  4735     * changed security default: deletion only available to known users
  4736     * support for Basic authentication (Apache style: AUTH_TYPE="Basic",
  4737       REMOTE_USER="WikiUserName"). If authentication is there, user
  4738       will be in ACL class "Trusted".
  4739     * support for username / password login
  4740       The username / password login will ONLY work, if you define a
  4741       password. With an empty password, username / password login is not
  4742       allowed due to security reasons. Passwords are stored encrypted
  4743       (format similar to Apache SHA) and can also be entered in the
  4744       UserPreferences form in this format. When requesting login
  4745       information by email, the password is also sent in this encrypted
  4746       format (use copy&paste to fill it in the form).
  4747       ...?action=userform?uid=<userid> is still possible, so if you have
  4748       bookmarks, they will still work). The input field for the ID was
  4749       dropped.
  4750       NOTE: using the userid for login purposes is DEPRECATED and might
  4751             be removed for better security soon.
  4752     * after logging in, you will get a cookie valid until midnight.
  4753       The next day, the cookie will expire and you will have to login
  4754       again. If you don't want this, you can check the "remember me
  4755       forever" option in UserPreferences.
  4756     * if the page file is read-only, you get a message (i.e. you can now
  4757       protect pages against changes if you're the wiki admin).
  4758       Note: you can do that easier using ACLs.
  4760   Markup / Macros / Actions:
  4761     * RandomQuote macro (and even parses Wiki markup now)
  4762     * `[[Navigation]]` macro for slides and subpage navigation
  4763     * [[ShowSmileys]] displays ALL smileys, including user-defined ones
  4764     * the Include macro has new parameters (from, to, sort, items) and
  4765       is able to include more than one page (via a regex pattern)
  4766     * `MailTo` macro for adding spam-safe email links to a page
  4767     * if a fancy link starts with '^' (i.e. if it has the form
  4768       "[^http:... ...]"), it's opened in a new window
  4769      * because of that, the NewWindow macro was removed from contrib
  4770     * "#pragma section-numbers 2" only displays section numbers for
  4771       headings of level 2 and up (similarly for 3 to 6)
  4772     * ../SubPageOfParent links
  4774   User interface:
  4775     * new fancy diffs
  4776     * Page creation shows LikePages that already exist
  4777     * editor shows the current size of the page
  4778     * editor returns to including page when editing an included page
  4779     * Visual indication we're on the editor page (new CSS style)
  4780     * selection to add categories to a page in the editor (use preview
  4781       button to add more than one category)
  4782     * if user has a homepage, a backup of save/preview text is saved as
  4783       a subpage UsersHomePage/MoinEditorBackup
  4784     * added "revert" link to PageInfo view (which makes DeletePage more
  4785       safe in public wikis, since you can easily revive deleted pages
  4786       via revert)
  4787     * Selection for logged in users (i.e. no bots) to extend the listing
  4788       of recent changes beyond the default limits
  4789     * Activated display of context for backlinks search
  4790     * Subscriber list shown on page info
  4791     * LikePages shows similar pages (using difflib.get_close_matches)
  4792     * last edit action is stored into "last-edited" file, and
  4793       displayed in the page footer
  4794     * reciprocal footnote linking (definition refers back to reference)
  4795     * "Ex-/Include system pages" link for title index
  4796       Note: system/help pages algorithm is still mostly broken.
  4797     * list items set apart by empty lines are now also set apart
  4798       visually (by adding the CSS class "gap" to <li>)
  4799     * "save" check for security.Permissions
  4800     * Added Spanish, Croatian and Danish system texts
  4801     * Added flag icons for the languages supported in "i18n"
  4802     * updated help and system pages, more translations, see also
  4803       AllSystemPagesGroup
  4804     * there was quite some work done on wiki xmlrpc v1 and v2 - it
  4805       basically works now.
  4807   Tools and other changes:
  4808     * moin-dump: New option "--page"
  4809     * there are some scripts MoinMoin/scripts/* using wiki xmlrpc for
  4810       backup and wiki page copying applications
  4811     * Updated the XSLT parser to work with 4Suite 1.0a1
  4812     * more infos in cgi tracebacks
  4813     * UPDATE.html is a HTML version of MoinMaster:HelpOnUpdating
  4815 Unfinished or experimental features:
  4816     * user defined forms
  4817     * XML export of all data in the wiki
  4818     * RST parser (you need to install docutils to use this)
  4819     * SystemAdmin macro
  4821 Privacy fixes:
  4822     * do not use / display user's email address in public places
  4825     * Removed two cross-site scripting vulnerabilities reported by "office"
  4827 Bugfixes:
  4828     * Bugfix for PageList when no arguments are given
  4829     * Disallow full-text searches with too short search terms
  4830     * [ 566094 ] TitleIndex now supports grouping by Hangul Syllables
  4831      * fix for multibyte first char in TitleIndex
  4832     * Footnotes were not HTML escaped
  4833     * Numbered code displays are now in a table so that you can cut the
  4834       code w/o the numbers
  4835     * Bugfix for wrong mail notifications
  4836     * Create unique anchors for repeated titles
  4837     * [ 522246 ] Transparently recode localized messages
  4838     * [ 685003 ] Using "preview" button when editing can lose data
  4839     * use gmtime() for time handling
  4840     * fixed negative gmtime() arguments
  4841     * [[Include]] accepts relative page names
  4842     * fixed ||NotInterWiki:||...||
  4844 -----------------------------------------------------------------------------
  4845 Version 1.0 (2002-05-10, Revision 1.159)
  4848 should occur, a maintenance release will fix them.
  4850 Some optional features (like statistics) already require Python 2.0.
  4852 New features:
  4853     * security fix: "allow_xslt" has to be set to 1 in order to enable
  4854       XSLT processing; note that this defaults to 0 because XSLT is able
  4855       to insert arbitrary HTML into a wiki
  4856     * "action=content" for transclusion into static web pages; emits the
  4857       pure page content, without any <html>, <head>, or <body> tags
  4858     * "?action=links&mimetype=text/plain" works like MeatBall:LinkDatabase
  4859     * "Preferred language" and "Quick links" user settings
  4860     * Added "processor" concept, processors work on the data in "code
  4861       displays" and are called by a bangpath in the first line of data
  4862     * Processors: Colorize, CSV (see HelpOnProcessors)
  4863     * New icons: "{OK}", "(./)", "{X}", "{i}", "{1}", "{2}" and "{}"
  4864       (see HelpOnSmileys)
  4865     * FullSearch now displays context information for search hits
  4866     * DeletePage offers a textentry field for an optional comment
  4867     * Email notifications are sent in the user's language, if known from
  4868       the preferences
  4869     * @PAGE@ is substituted by the name of the current page (useful
  4870       for template pages)
  4872 Unfinished features:
  4873     * user defined forms
  4874     * XML export of all data in the wiki
  4875     * RST parser (you need to install docutils to use this)
  4876     * XMLRPC interface
  4878 Bugfixes:
  4879     * Syntax warning with Python 2.2 fixed
  4880     * Macro-generated pagelinks are no longer added to the list of links
  4881     * error codes returned by "diff" are reported
  4882     * fix for attachments on pages with non-USASCII names
  4883     * correct handling of spaces in attachment filenames and URLs
  4885 -----------------------------------------------------------------------------
  4886 Version 0.11 (2002-03-11, Revision 1.151)
  4888 Most important new features: file attachments, definition list markup
  4889 (glossaries), change notification via email, variable substitution when
  4890 saving pages, edit preview, and improved documentation.
  4892 Note that the RSS features require a recent PyXML (CVS or 0.7) due to
  4893 bugs in the namespace handling of xml.sax.saxutils in earlier versions.
  4894 This is (hopefully) automatically detected on every installation.
  4896 Statistical features are NOT designed to work with Python 1.5.2 and
  4897 require Python 2.0 or higher. Overall, MoinMoin 0.11 is not explicitely
  4898 tested for 1.5.2 compatibility.
  4900 New features:
  4901     * XML formatting now (most often) produces well-formed, and, depending
  4902       on proper layout of the wiki page, valid StyleBook XML
  4903     * Headers are now automatically numbered, unless you set the config
  4904       item 'show_section_numbers' to 0
  4905     * "#pragma section-numbers off" (or "0") switches that off explicitely,
  4906       and "on" or "1" enables numbering 
  4907     * Added a "contributions" directory for 3rd party extensions
  4908     * AttachFile action, contributed by Ken Sugino; note that you have
  4909       to enable this action because of the possibility of DoS attacks
  4910       (malicious uploads), by adding this to your moin_config:
  4911             allowed_actions = ['AttachFile']
  4912     * "attachment:" URL scheme allows access to attachments, to get files
  4913        from other pages use "attachment:WikiName/filename.ext".
  4914     * New macros: Date(unixtimestamp) and DateTime(unixtimestamp) to
  4915       display a timestamp according to system/user settings
  4916     * Variable substitution when a page is saved, note that saving
  4917       template pages does NOT expand variables. Supported are:
  4918         @DATE@      Current date in the system's format
  4919         @TIME@      Current date and time in the user's format
  4920         @USERNAME@  Just the user's name (or his domain/IP)
  4921         @USER@      Signature "-- loginname"
  4922         @SIG@       Dated Signature "-- loginname date time"
  4923         @MAILTO@    A fancy mailto: link with the user's data  
  4924     * Copied some new emoticons from PikiePikie
  4925         || {{{ :-? }}} || :-? || tongue.gif ||
  4926         || {{{ :\  }}} || :\  || ohwell.gif ||
  4927         || {{{ >:> }}} || >:> || devil.gif  ||
  4928         || {{{ %)  }}} || %)  || eyes.gif   ||
  4929         || {{{ @)  }}} || @)  || eek.gif    ||
  4930         || {{{ |)  }}} || |)  || tired.gif  ||
  4931         || {{{ ;)) }}} || ;)) || lol.gif    ||
  4932     * AbandonedPages macro
  4933     * Added definition list markup: {{{<whitespace>term:: definition}}}
  4934     * Added email notification features contributed by Daniel Sa�    * SystemInfo: show "Entries in edit log"
  4935     * Added "RSS" icon to RecentChanges macro and code to generate a
  4936       RecentChanges RSS channel, see
  4938       for details
  4939     * Added config.sitename and config.interwikiname parameter
  4940     * Better WikiFarm support:
  4941       * <datadir>/plugin/macro and <datadir>/plugin/action can be used
  4942         to store macros and actions local to a specific wiki instance
  4943       * config.shared_intermap can contain a pathname to a shared
  4944         "intermap.txt" file (i.e. one stored outside the datadir)
  4945     * added `backtick` shortcut for {{{inline literal}}} (has to be
  4946       enabled by "backtick_meta=1" in the config file); note that ``
  4947       is then a shorter replacement for '''''' escaping
  4948     * added inline search fields (at the bottom of each page)
  4949     * Added preview to the editor, including spell checking
  4950     * New languages: Chinese (Changzhe Han) and Portuguese (Jorge
  4951       Godoy), updated French (Lucas Bruand), added Korean (Hye-Shik
  4952       Chang) and Italian (Lele Gaifax)
  4953     * New SystemAdmin macro
  4954     * `[[Anchor(anchorname)]]` macro to insert anchors into a page,
  4955       and [#anchorname Anchor Links].
  4956     * User option to open editor view via a double-click
  4957     * Added commentary field to editor, recent changes and page info
  4958     * Page trails (user option)
  4959     * UserPreferences: checkboxes for double-click edit, page trail,
  4960       fancy links, emoticons, jump to last page visited, and some
  4961       other yes/no options
  4962     * "config.nonexist_qm" is now the default for a user setting
  4963     * `[[GetText(text)]]` macro loads I18N texts (mainly intended
  4964       for use on Help pages)
  4965     * table attributes via "||<attrlist> ... ||", more details on
  4967     * PythonFaq interwiki tag and support for $PAGE placeholder
  4968     * event logging, as the basis for future statistics
  4969     * "moin-dump" command line tool to create a static copy of
  4970       the wiki content
  4971     * "config.external_diff" allows to set an exact path to the
  4972       command, or change the name to for example "gdiff" if GNU
  4973       diff is not a native command in your UNIX flavour
  4974     * `[[PageSize]]` macro
  4975     * the interwiki name "Self" now always points to the own wiki
  4976     * config.title1 and config.title2 are inserted into the output
  4977       right before and after the system title html code (title1
  4978       is right after the <body> tag and normally undefined, title2
  4979       defaults to the "<hr>" above the page contents)
  4980     * Additional link on diff pages to ignore whitespace changes
  4981     * Subpages (config.allow_subpages, config.page_icons_up)
  4982     * super^script^, sub,,script,, and __underline__ markup
  4983     * `[[FootNote]]` macro
  4984     * many other new config options, see HelpOnConfiguration for
  4985       a complete list
  4986     * [[StatsChart(type)]] shows statistical charts (currently
  4987       defined types: hitcounts, pagesize, useragents)
  4988     * 'inline:' scheme works like 'attachment:', but tries to
  4989       inline the content of the attachment into the page;
  4990       currently knows about "*.py" sources and colorizes them
  4991     * support for Java applet "TWikiDrawPlugin" via
  4992       drawing:<drawingname> URL scheme (you need to activate
  4993       the AttachFile action if you want drawings)
  4994     * numeric entities (&#nnnnn;) are now optionally NOT escaped,
  4995       which allows you to insert more characters into a Latin-1
  4996       page, especially the Euro symbol
  4997     * navi_bar is now a list of page names which should be linked
  4998       on every page
  4999     * test.cgi is now rolled into moin.cgi, and can be called
  5000       by adding "?test" to the wiki base URL. Also, as a security
  5001       feature, the server's environment is only shown for requests
  5002       local to the web server.
  5004 Unfinished features:
  5005     * user defined forms
  5006     * XML export of all data in the wiki
  5008 Documentation:
  5009     * extended the online help ("Help*" pages)
  5010     * German help pages (thanks to Thomas Waldmann)
  5012 Bugfixes:
  5013     * #425857: python Parser bug on the second call
  5014     * #424917: Caching control
  5015     * #465499: Two HTTPS problems
  5016     * #491155: FrontPage hardcoded
  5017     * Handling of inbound UTF-8 encoded URIs (only with Python >= 2.0)
  5018     * Fix for subtle changes in "re" of Python 2.2
  5019     * User-provided URLs are now never URL-escaped, which allows appending
  5020       #anchors and using %20 for spaces in InterWiki links
  5022 -----------------------------------------------------------------------------
  5023 Version 0.10 (2001-10-28, Revision 1.134)
  5025 This version is still Python 1.5.2 compatible, but it's not extensively
  5026 tested for that version and some parts of the system might not work
  5027 there, especially seldom used macros and actions. Bug reports welcome!
  5029 New features:
  5030     * "#deprecated" processing instruction
  5031     * config entry "SecurityPolicy" to allow for customized permissions
  5032       (see "" for more)
  5033     * added distutils support
  5034     * though not extensively tested, the standalone server now does POST
  5035       requests, i.e. you can save pages; there are still problems with
  5036       persistent global variables! It only works for Python >= 2.0.
  5037     * "bang_meta" config variable and "!NotWikiWord" markup
  5038     * "url_mappings" config variable to dynamically change URL prefixes
  5039       (especially useful in intranets, when whole trees of externally
  5040       hosted documents move around)
  5041     * setting "mail_smarthost" and "mail_from" activates mailing
  5042       features (sending login data on the UserPreferences page)
  5043     * very useful for intranet developer wikis, a means to view pydoc
  5044       documentation, formatted via a XSLT stylesheet, for details see
  5046       or MoinMoin/macro/
  5047     * "LocalSiteMap" action by Steve Howell <>
  5048     * Added FOLDOC to intermap.txt
  5050 Bugfixes:
  5051     * Full config defaults, import MoinMoin now works w/o
  5052     * Better control over permissions with config.umask
  5053     * Bugfix for a UNIX time billenium bug (affecting RecentChanges
  5054       sorting and page diffs)
  5055     * data paths with directory names containing dots caused problems
  5057 -----------------------------------------------------------------------------
  5058 Version 0.9 (2001-05-07)
  5060 New features:
  5061     * XML page input (pages that start with "<?xml") and XSLT formatting
  5062     * Page caching, for now limited to XSLT processing (where it's
  5063       absolutely needed); new code & API to add the "RefreshCache" link
  5064     * Selection of common date/time formats in UserPreferences
  5065     * New action "titleindex" to support wiki introspection (MetaWiki);
  5066       see the new links below the index bar in "TitleIndex"
  5067     * UserPreferences: editable CSS URL for personal styles
  5068     * PageInfo: the editor's name or IP is shown for each change
  5069     * WantedPages: a new macro that lists links to non-existent pages
  5070     * OrphanedPages: a new macro that lists pages no other page links to
  5071     * Extensions to the FullSearch macro (see HelpOnMacros)
  5072     * Python syntax highlighting
  5073     * "DeletePage" action (has to be activated, see MoinMoinFaq)
  5074     * "Remove trailing whitespace from each line" option in the editor
  5075     * I18N (currently German and Swedish)
  5076     * Config option "url_schemas" to extend the supported URL types
  5077     * Improved tracebacks by using Ka-Ping's "cgitb"
  5079 Bugfixes:
  5080     * The editor now sends a "no-cache" HTTP header
  5081     * "PageList" results are now sorted
  5082     * New config parameter "html_head_queries": send additional header
  5083       for all pages EXCEPT the "normal" view; main usage is to have
  5084       only the normal pages indexed by a spider, not the edit, print,
  5085       etc. views (which cause multiple hits on the same information)
  5086     * Store the modification time of the page file in the editlog, not
  5087       the current time when the log entry is created
  5089 -----------------------------------------------------------------------------
  5090 Version 0.8 (2001-01-23)
  5092 New features:
  5093     * Page templates (create a new page using a template page, by Richard)
  5094     * Pluggable actions (by Richard)
  5095     * Added "diff since bookmark"
  5096     * Only "normal" URLs (outside of brackets) are converted to inline images
  5097     * Show number of backups in SystemInfo macro
  5098     * Show info on installed extension macros and actions
  5099     * New macro: [[BR]] for line breaks
  5100     * New action "LikePages" (again, Richard)
  5101     * Highlighting of search results, and of bad words when spellchecking
  5102     * Support for "file:" URLS
  5103     * "SpellCheck" action (Richard, me, and Christian)
  5104     * [[Include]] macro (you guessed it, Richard)
  5106 Bugfixes:
  5107     * Update bookmark with load time, not click time
  5108     * Changed CSS styles to better suit Netscape's broken handling of CSS
  5110 -----------------------------------------------------------------------------
  5111 Version 0.7 (2000-12-06)
  5113 New features:
  5114     * RecentChanges bookmarking
  5116 Bugfixes:
  5117     * SECURITY FIX
  5118     * Non-greedy extended WikiNames
  5120 -----------------------------------------------------------------------------
  5121 Version 0.6 (2000-12-04)
  5123 New features:
  5124     * [[UserPreferences]] macro and associated functions
  5125     * [[TableOfContents]] macro
  5126     * Mechanism for external macros (user extensions)
  5127     * Numbered list types and start offsets
  5129 Bugfixes:
  5130     * Search dialogs did not work on the FrontPage
  5131     * Add newline to text if last line has none (better diffs)
  5133 -----------------------------------------------------------------------------
  5134 Version 0.5 (2000-11-17)
  5136 New features:
  5137     * Major refactoring: code is now broken up into modules within the
  5138       "MoinMoin" package
  5139     * Diagnosis of installation via a "test.cgi" script
  5140     * Smileys
  5141     * "#format" processing instruction
  5142     * "##comment"
  5143     * [[RandomPage]] and [[RandomPage(number)]] macro
  5144     * configurable footer ("page_footer1" and "page_footer2")
  5145     * "#redirect" processing instruction
  5147 Bugfixes:
  5148     * Bugfix for broken CGI environment of IIS/4.0
  5149     * URLs and InterWiki links are now less greedy (punctuation at the end
  5150       is excluded, and "<" ends them, too)
  5152 -----------------------------------------------------------------------------
  5153 Version 0.4 (2000-11-01)
  5155 New features:
  5156     * Table markup "||a||b||c||"
  5157     * Headlines "= H1 =", "== H2 ==", and so on up to H5
  5158     * [[PageCount]] macro
  5159     * Added [[Icon(image)]] macro and macro arguments
  5160     * [[PageList(title-regex)]] macro
  5161     * New help system (set of help pages describing all features)
  5163 Bugfixes:
  5164     * Create complete URL for "Clear message" link
  5165     * Inline code spans needed cgi.escape
  5166     * Better fix for Python 1.6 "re" problems
  5167     * Fix for uppercase extensions in inline images ("foo.JPG")
  5168     * Fixed colspan in RecentChanges
  5169     * HR size is now limited to 8
  5170     * "}" ends an URL pattern (fixes URLs right at the end of code displays)
  5172 -----------------------------------------------------------------------------
  5173 Version 0.3 (2000-10-25)
  5175 New features:
  5176     * Check for inline images with InterWiki links (Spam:eggs.gif)
  5177     * New config variable "allow_extended_names", which enables markup for
  5178       wiki names containing ANY character like this: ["any chars"] 
  5179     * New config variable "html_head"
  5180     * New macro [[SystemInfo]]
  5181     * Added inline code ("{{{" and "}}}" on the same line)
  5182     * Support for new config variable "max_macro_size"
  5184 Bugfixes:
  5185     * Don't treat sequences with a double colon (CPP::Namespace) as an
  5186       InterWiki link
  5187     * The local part of InterWiki links is now correctly URL-escaped
  5188     * Quickfix for a bug in 1.6's regular expressions
  5189     * Fixed "SpamSpamSpam" bug (multiple entries in word list)
  5190     * Anchor names get quoted in WordIndex and TitleIndex
  5191     * Filtering of filenames in page_list() corrected
  5192     * Escape &, <, > when sending the editor
  5193     * Final(?) fix for japanese wiki names
  5195 -----------------------------------------------------------------------------
  5196 Version 0.2 (2000-08-26)
  5198 New features:
  5199     * When saving, a datestamp saved in the form and that of the file are
  5200       compared now; so, accidently saving over changes of other people is
  5201       not possible anymore (saving still needs file locking though, for
  5202       race conditions)
  5203     * if the directory "backup" exists in the data dir, pages are saved
  5204       there before a new version is written to disk
  5205     * Removed the "Reset" button from EditPage
  5206     * Added "Reduce editor size" link
  5207     * Added Latin-1 WikiNames (JürgenHermann ;)
  5208     * Speeded up RecentChanges by looking up hostnames ONCE while saving
  5209     * Show at most 14 (distinct) days in RecentChanges
  5210     * Added icons for common functions, at the top of the page
  5211     * Added a printing preview (no icons, etc.)
  5212     * Added bracketed (external) URLs
  5213     * Added support for quoted URLs ("http://...")
  5214     * Added styles for :visited links to CSS
  5215     * Embed image if an URL ends in .gif/.jpg/.png
  5216     * No markup detection in code sections
  5217     * Grey background for code sections
  5218     * Added handling for numbered lists
  5219     * the edit textarea now grows in width with the browser window
  5220       (thanks to Sebastian Dau�for that idea)
  5221     * Added page info (revision history) and viewing of old revisions
  5222     * Added page diff, and diff links on page info
  5223     * Added InterWiki support (use "wiki:WikiServer/theirlocalname"; the list
  5224       of WikiServers is read from "data/intermap.txt")
  5225     * Added "normal" InterWiki links
  5226     * Added "action=raw" to send the raw wiki markup as text/plain (e.g. for
  5227       backup purposes via wget) 
  5229 Bugfixes:
  5230     * Removed an exception when saving empty pages
  5231     * Fixed bold nested into emphasis ('''''Bold''' Italic'')
  5233 -----------------------------------------------------------------------------
  5234 Version 0.1 (2000-07-29)
  5236 Improvements over PikiPiki 1.62:
  5237     * Moved configuration to ""
  5238     * Added "edit_rows" setting
  5239     * Added navigation bar
  5240     * Improved HTML formatting
  5241     * Added timing comment (page created in xx secs)
  5242     * ISO date and time formats by default
  5243     * Formatted RecentChanges with HTML tables
  5244     * Uppercase letters for the index pages
  5245     * Added PythonPowered logo
  5247 Bugfixes:
  5248     * Javadoc comments now get formatted properly in {{{ }}} sections
  5249     * Remove \r from submitted pages (so we get PORTABLE wiki files)
  5250     * chmod(0666) eases manual changes to the data dir
  5252 -----------------------------------------------------------------------------