De kk2011

PmWiki: Release Notes

See also: Change log and Road map.

Version 2.2.24 (2011-02-15)

This version reverts the way existing Page Variables are processed, like version 2.2.21 or earlier, but it adds a special variable $authpage which can be used in Page Var? definitions. It is the same as the $page array, but exists only if the visitor has read permissions. For example, an administrator can set to config.php:

  $FmtPV['$LastModifiedSummary'] = '@$authpage["csum"]'; # instead of '@$page["csum"]'

Then, the edit summary metadata will only be available if the user has read permissions.

Version 2.2.23 (2011-01-25)

This version sets the default value of $EnablePageVarAuth to 0 until we investigate a reported problem with authentication.

Version 2.2.22 (2011-01-16)

This version adds the variable $EnableXLPageScriptLoad which, if set to 0, will prevent authors to load scripts from XL Page? and to accidentally change the encoding of the wiki. If you use it, make sure you include the required files, eg. xlpage-utf-8.php from local config files.

Page Variables should now respect authentications: without read permissions, the title, description, change summary, author of a protected page are unavailable. Page Variables that are computed without reading the page are still available (eg. $Group, $Namespaced, $Version etc.). Administrators can revert the previous behavior by adding to config.php such a line:

$EnablePageVarAuth = 0;

Version 2.2.21 (2010-12-14)

Due to a mis-configuration of a local svn repository, some of the changes intended for 2.2.20 didn't make it in the correct branch. This release corrects this.

Version 2.2.20 (2010-12-14)

This version fixes a potential XSS vulnerability, reported today. An Auth User bug with excluding users from authgroups was fixed. A new Inter Map prefix Pm L10n?: was added, it leads to the Localization section on Pm Wiki.org and should help the work of translators. A couple of other minor bugs were fixed and the documentation was updated.

Version 2.2.19 (2010-11-10)

This is a documentation-update release.

Version 2.2.18 (2010-09-04)

This version fixes 3 minor bugs, and updates the documentation.

Version 2.2.17 (2010-06-20)

This version adds a variable $PostConfig containing functions and scripts to be loaded after stdconfig.php. Tabindex was added as a valid form field attribute. Protected downloads now respect existing browser caches. Auth User now allows more flexible cookbook recipe integration. A couple of bugs were fixed and the documentation was updated.

Version 2.2.16 (2010-05-10)

This version fixes a bug with parsing html attributes which could allow XSS injection. Wikis allowing unprotected editing are encouraged to upgrade.

A bug with the "center" button of the GUI edit toolbar was corrected.

The "exists" conditional now accepts wildcards, for example:

  (:if exists Main.*:)There are pages in the Main group (:if:)

The documentation was updated.

Version 2.2.15 (2010-03-27)

This version adds some minor bugfixes and optimizations notably a bug with (:template none:) introduced in the last version 2.2.14.

Version 2.2.14 (2010-02-27)

This release corrects inline styles for Wiki Trail? links. Undefined include/template {$$variables} are now removed from the included section, like Page(Text)Variables, and can be used in conditional expressions. If needed, this change can be reverted by adding to config.php such a line:

  $EnableUndefinedTemplateVars = 1; # keep and display unset {$$variables}

Page List? templates now accept the sections !first and !last for markup to appear for every page in list except the first or last one.

"Title" attributes were added to external links. You can have tooltip titles on external links, including Inter Map and attachments, by adding the link title in double quotes after the URL:

  [[http://www.pmwiki.org"Home of PmWiki"| External link]]

For international wikis, Pm Wiki now automatically translates the titles of technical pages like Group Attributes? or Recent Changes -- just define these strings as usual in XL Page?, for example, in French:

  'All Recent Changes?' => 'Tous les changements récents',

Some minor optimizations were done and the documentation was updated.

Version 2.2.13 (2010-02-21)

This release fixes a bug with $DiffKeepNum introduced in 2.2.10 -- the count of revisions was incorrect and a page could drop more revisions than it should.

The page history layout was modified with a rough consensus in the community. The history now defaults to "source" view with word-level highlighting of the differences. Authors can see the changes in rendered output by clicking on the link "Show changes to output". Admins can switch back the default by adding such a line to config.php:

  $DiffShow['source'] = (@$_REQUEST['source']=='y')?'y':'n';

To disable word-level highlighting and show plain text changes:

  $EnableDiffInline = 0;

In the page history rendering, a few minor bugs were fixed and the code was slightly optimized.

The documentation was updated.

Version 2.2.12 (2010-02-17)

This release adds simple word-level highlighting of differences in the page history, when "Show changes to markup" is selected. To enable the feature, add to config.php such a line:

  $EnableDiffInline = 1;

This feature is like what the Inline Diff? recipe provides, but not exactly the same, and the implementation is simpler. It is enabled on Pm Wiki.org and can be improved -- your comments are welcome.

Version 2.2.11 (2010-02-14)

This release adds two new table directives for header cells, (:head:) and (:headnr:). They work the same way as (:cell:) and (:cellnr:) except that create <th> instead of <td> html tags.

The pagerev.php script was refactored into separate functions to allow easier integration of recipes displaying the page history.

A couple of minor bugs were fixed and the documentation was updated.

Version 2.2.9, 2.2.10 (2010-01-17)

Most important in this release is the official change of $EnableRelativePageVars to 1. The change is about how {$Variable} in included pages is understood by Pm Wiki.

So, if your wiki relies on page variables from included pages, and doesn't have $EnableRelativePageVars set to 1, after upgrading to 2.2.9, you can revert to the previous behavior by adding to config.php such a line:

  $EnableRelativePageVars = 0;

More information about page variables can be found at:

  http://www.pmwiki.org/wiki/PmWiki/PageVariables

This release adds a new variable $EnablePageTitlePriority which defines how to treat multiple (:title..:) directives. If set to 1, the first title directive will be used, and if a page defines a title, directives from included pages cannot override it. Pm Wiki default is 0, for years, the last title directive was used (it could come from an included page or Group Footer).

This release also adds a new variable $DiffKeepNum, specifying the minimum number (default 20) of edits that will be kept even if some of them are older than the limit of $DiffKeepDays.

A number of bugs were fixed and the documentation was updated.

Version 2.2.8 (2009-12-07)

This release fixes another PHP 5.3 compatibility issue with conditional markup. The Author field now handles apostrophes correctly. The documentation was updated.

Version 2.2.7 (2009-11-08)

This release fixes most PHP 5.3 compatibility issues. Unfortunately some specific builds for Windows may still have problems, which are unrelated to Pm Wiki. Notably, on Windows, all passwords need to be 4 characters or longer.

Upload names with spaces are now correctly quoted. The documentation was updated.

Version 2.2.6 (2009-10-04)

With this release it is now possible to display recently uploaded files to the Recent Changes pages -- if you have been using the Recent Uploads Log? recipe, please uninstall it and follow the instructions at http://www.pmwiki.org/wiki/Cookbook/RecentUploadsLog.

The release also introduces $MakeUploadNamePatterns to allow custom filename normalization for attachements. It is now possible to replace $PageListFilters and $FPLTemplateFunctions with custom functions. Notify should now work in safe_mode. Some bugs were fixed, among which one with conditional markup with dates. The documentation was updated.

Version 2.2.5 (2009-08-25)

This release adds a new markup for Pagelist templates, (:template none:) which allows a message to be set when the search found no pages. The FPL Template?() function was broken into configurable sub-parts to allow development hooks. A number of bugs were fixed, and the documentation was updated.

Version 2.2.4 (2009-07-16)

This release fixes a bug introduced earlier today with HTML entities in XL Pages?.

Version 2.2.3 (2009-07-16)

This release fixes six potential XSS vulnerabilities, reported by Michael Engelke. The vulnerabilities may affect wikis open for editing and may allow the injection of external Java Scripts? in their pages. Public open wikis should upgrade.

A new variable $EnableUploadGroupAuth was added; if set to 1, it allows password-protected uploads to be checked against the Group password.

It is now possible to use @_site_edit, @_site_read, @_site_admin or @_site_upload global passwords in Group Attributes? pages.

A number of other small bugs were fixed, and the documentation was updated.

Version 2.2.2 (2009-06-21)

The major news in this release is a fix of an Auth User vulnerability.

The vulnerability affects only wikis that (1) rely on the Auth User core module for User:Password authentication, -AND- (2) where the PHP installation runs with the variable "magic_quotes_gpc" disabled.

All Pm Wiki 2.1.x versions from pmwiki-2.1.beta6 on, all 2.2.betaX, 2.2.0, and 2.2.1 are affected.

The Pm Wiki SiteAnalyzer? can detect if your wiki needs to upgrade:

  http://www.pmwiki.org/wiki/PmWiki/SiteAnalyzer

If your wiki is vulnerable, you should do one of the following at the earliest opportunity:

Alternatively, you can temporarily disable Auth User until you upgrade.

Note that even if your wiki does not have the Auth User vulnerability at the moment, you are strongly encouraged to upgrade to Pm Wiki version 2.2.2 or later, as some future configuration of your hosting server might put you at risk.

This release also comes with minor updates in the local documentation; fixes were applied for international wikis - notably global variables in xlpage-utf-8.php and a new variable $EnableNotifySubjectEncode, which allows e-mail clients to correctly display the Subject header; and a number of other small bugs were fixed.

Version 2.2.1 (2009-03-28)

This release comes with an updated local documentation; wiki trails now work cross-group; guiedit.php now produces valid HTML, and other small bugs were fixed. We also added $EnableRedirectQuiet, which allows redirects to take place without any mention of "redirected from page ....".

Version 2.2.0 (2009-01-18)

This is a summary of changes from 2.1.x to 2.2.0.

$SiteAdminGroup = $SiteGroup;
when carrying out this upgrade inspect your config files for lines such as
$BlocklistDownload['Site.Blocklist-Pm Wiki'] = array('format' => 'pmwiki');
as you may wish to fix then, eg
$BlocklistDownload[$SiteAdminGroup . '.Blocklist-Pm Wiki'] = array('format' => 'pmwiki');
When migrating a wiki you will have to manually modify the permission or by a script replace in all the page concerned passwdread=nopass: by passwdread=@nopass (see PITS:00961) --isidor
$EnableWikiWords = 1;
$LinkWikiWords = 0;

  • We now have a new {*$var} form of page variable, which always refers to "the currently displayed page". Pages such as Site.Page Actions and Site.Edit Form that are designed to work on "the currently browsed page" should generally switch to using {*$FullName} instead of {$FullName}.
  • The $EnableRelativePageLinks and $EnableRelativePageVars settings control the treatment of links and page variables in included pages. However, to minimize disruption to existing sites, $EnableRelativePageVars defaults to disabled. This will give existing sites an opportunity to convert any absolute {$var} references to be {*$var} instead.
  • Eventually $EnableRelativePageVars will be enabled by default, so we highly recommend setting $EnableRelativePageVars = 1; in local/config.php to see how a site will react to the new interpretation. Administrators should especially check any customized versions of the following:
    Side Bar? pages with ?action= links for the current page
    Page lists that refer to the current group or page, etc in sidebars, headers, and footers
  • The (:include:) directive now has a basepage= option whereby an author can explicitly specify the page upon which relative links and page variables should be based. If no basepage= option is specified, the included page is assumed to be the base.

Version 2.1.27 (2006-12-11)

This version backports from 2.2.0-beta a bugfix for $TableRowIndexMax and also support for the {*$Variable} markup.

Version 2.1.26 (2006-09-11)

This version fixes a bug in feeds.php that would cause feed entries to be mixed up.

Version 2.1.25 (2006-09-08)

This release fixes a bug in authuser.php introduced by the 2.1.24 release.

The skin template code has also been extended to allow <!--XMLHeader--> and <!--XMLFooter--> as aliases for <!--HTMLHeader--> and <!--HTMLFooter-->.

Version 2.1.24 (2006-09-06)

This release makes some improvements and fixes to the AuthUser capability.

A bug in authuser.php that had trouble dealing with non-array values in $AuthUser has been fixed.

It is now possible to specify group memberships from local/config.php (remember that such entries must come before including the authuser.php script):

    # alice and bob's passwords
    $AuthUser['alice'] = crypt('alicepassword');
    $AuthUser['bob'] = crypt('bobpassword');

    # members of the @writers and @admins groups
    $AuthUser['@writers'] = array('alice',  'bob');
    $AuthUser['@admins'] = array('alice', 'dave');

    # carol is a member of @editors and @writers
    $AuthUser['carol'] = array('@editors', '@writers');

Auth User can now read from Apache-formatted .htgroup files. The location of the .htgroup file can be done either in local/config.php or Site.AuthUser

    # local/config.php:
    $AuthUser['htgroup'] = '/path/to/.htgroup';

    # Site.Auth User
    htgroup: /path/to/.htgroup

Versions 2.1.21, 2.1.22, 2.1.23 (2006-09-05, 2006-09-06)

This release closes a potential security vulnerability for sites that are running with 'register_globals' set to on. Details of the vulnerability will be forthcoming on the mailing list and site.

Sites that are running with PHP 'register_globals' and 'allow_url_fopen' set to 'On' should upgrade to this release at the earliest opportunity. If upgrading isn't an option, contact Pm for a patch to older versions.

There is now a tool available to analyze Pm Wiki sites for security and other configuration settings, see PmWiki:SiteAnalyzer.

Version 2.1.23 also corrects a bug that prevented Pm Wiki from being able to read pagefiles created by versions of Pm Wiki before 0.5.6.

Version 2.1.20 (2006-09-04)

More minor bugfixes:

Version 2.1.19 (2006-08-30)

This release provides a number of very minor bugfixes and enhancements:

The next release(s) may have a number of substantial code enhancements and changes, so this release simply closes out a few items before introducing those changes.

Version 2.1.18 (2006-08-28)

This release closes a potential cross-site scripting vulnerability that could allow authors to inject Javascript code through the various table markups.

The release also adds a new (:input image:) markup to generate image input tags in forms.

Finally, this release corrects a problem with ?action=print failing to properly set the {$Action} page variable.

Version 2.1.17 (2006-08-26)

This release fixes a long-standing bug with $EnableIMSCaching (PITS:00573), whereby login/logout operations wouldn't invalidate browser caches, causing some people to see versions of a page prior to the login/logout taking place.

The new IMS caching code maintains a "imstime" cookie in the visitor's browser that keeps track of the time of last login, logout, author name change, or site modification. This cookie is then used to determine the proper response to browser requests containing If-Modified-Since headers. (Previously only the time of the last site modification was available.)

Browsers which do not accept cookies will effectively act as though IMS caching is disabled.

Version 2.1.16 (2006-08-26)

This release makes some improvements to skin handling -- primarily this improves the capability of relocating skin files to other locations, and to provide the ability for recipes to insert items at the end of HTML output.

This release introduces a <!--HTMLFooter--> directive into skin templates, which allows recipes and local customizations to insert output near the end of a document using a $HTMLFooterFmt array from PHP.

Also, the <!--HeaderText--> directive, which inserts the contents of $HTMLHeaderFmt into the output, has now been renamed to <!--HTMLHeader-->. Pm Wiki will continue to recognize <!--HeaderText--> to preserve compatibility with existing skins, but <!--HTMLHeader--> is preferred.

A new $SkinLibDirs array has been introduced which allows the source locations and urls for skins to be specified from a customization file. By default $SkinLibDirs is set as

  $SkinLibDirs = array("./pub/skins/\$Skin"      => "$PubDirUrl/skins/\$Skin",
                  "$FarmD/pub/skins/\$Skin" => "$FarmPubDirUrl/skins/\$Skin");

The keys (on the left) indicate the places to look for a "skin .tmpl file" in the filesystem, while the values (on the right) indicate the url location of the "skin css file". Modifying the value of $SkinLibDirs allows a skin .tmpl file to be located anywhere on the filesystem.

As far as I can see, none of the changes introduced by this release should have any sort of negative impact on existing sites, so it should be safe to upgrade. (If I'm wrong, please let me know.)

Version 2.1.15 (2006-08-25)

This release includes a number of feature enhancements and code cleanups as reported or requested by administrators.

First, Auth User's LDAP authentication system now allows the use of a ?filter parameter, consistent with urls used for mod_auth_ldap authorization in Apache. See the newly updated LDAP section of the AuthUser documentation for more details.

A chicken-and-egg problem with the @_site_* authorization groups has been resolved. It's now possible to have a page's read authorization refer to things such as _site_edit.

Also, the Retrieve Auth Page?() function -- used for retrieving pages only if the visitor is authorized to do so -- now recognizes a special level parameter of 'ALWAYS', which means to always authorize access regardless of the browser or visitors current permissions. This may be useful for allowing certain operations to take place from within trusted scripts without having to grant full authorization to the browser.

Hardcoded instances of the local/ directory now use a customizable $LocalDir variable. This variable controls where Pm Wiki looks for local/config.php and per-group customization files. It may be useful for some Wiki Farm contexts. Note that this does not change or affect the location of $FarmD/local/farmconfig.php.

Some minor internal changes have been made to scripts/wikistyles.php to better accommodate the wikipublisher recipe. It's probably better if we don't try to explain them. :-)

Version 2.1.13, 2.1.14 (2006-08-15, 2006-08-16)

This release fixes a bug in handling numeric passwords, and also allows ldaps:// authentication sources.

Version 2.1.12 (2006-08-07)

This version introduces the ability to nest divs and tables. The standard (:table:) and (:div:) markups are still available, except that a (:div:) may contain a (:table:) and vice-versa.

As in previous versions of Pm Wiki, the (:div:) markup automatically closes any previous (:div:). However, there are now (:div1:), (:div2:), etc. markups (and the corresponding (:div1end:), (:div2end:), ...) which can be used to uniquely distinguish divs for nesting purposes.

To restore Pm Wiki's previous "non-nested" div behavior, set $Transition['nodivnest'] = 1; in a local customization file.

Other changes in this release:

Version 2.1.11 (2006-06-09)

This is a minor update that prevents %define=% wikistyles from generating empty paragraphs in the HTML output. Prior to this release, markup lines containing only wikistyle definitions would often generate empty paragraphs (<p></p>), this release changes things so that a markup line beginning with %define= and containing only wikistyle definitions will not initiate a new paragraph.

Version 2.1.10 (2006-06-03)

Version 2.1.4 introduced an {$Action} page variable that would contain the current ?action= value. Unfortunately, this page variable conflicted with a pre-existing $Action global variable that was being used by skins to display a human-friendly form of the current action. Since there's not really a clean way to resolve this, I've decided to keep {$Action} as a page variable with the current action value (as introduced in 2.1.4), and change the global for skins to be $ActionTitle. This will require updating skins to use $ActionTitle instead of $Action. I apologize for the conflict.

This release adds a Site.Local Templates? page for the fmt=#xyz option in pagelist and search results. The list of pages to be searched can be customized via the $FPLTemplatePageFmt variable. The fmt=#xyz option will now also search the current page for a matching template before searching Site.Local Templates? and Site.Page List Templates.

The 'pmwiki' skin now places a <span> around the "Recent Changes" link in the header to make it somewhat easier to style.

Version 2.1.9 (2006-06-02)

This release fixes a long-standing and difficult-to-find bug with the handling of [[~Author]] links.

Version 2.1.8 (2006-06-01)

This release simply changes the $NotifyListFmt variable to be $NotifyListPageFmt (more descriptive), and adds a $NotifyList array that can be used to specify notification entries from a configuration file.

Version 2.1.7 (2006-05-31)

This release introduces a variety of improvements and bugfixes.

Vspace paragraphs are now divs: Version 2.1.7 changes the way that Pm Wiki handles vertical space in output (the infamous <p class='vspace></p> sequence). Instead of using paragraphs, Pm Wiki now generates <div class='vspace'></div> for vertical space sequences. In addition, Pm Wiki is able to collapse the vspace <div> with any subsequent paragraph tags, such that a sequence like

    <div class='vspace></div><p>...paragraph text...</p>

is automatically converted to

    <p class='vspace'>...paragraph text...</p>

This allows for better control over paragraph spacing. It is expected that this change in vspace handling will not have any detrimental effects on existing sites. Sites that have set custom values for $HTMLVSpace will continue to use the custom value. A site that wants to restore Pm Wiki's earlier handling of vspace can do so by adding the following to local/config.php:

    $HTMLVSpace = "<p class='vspace'></p>";

Improved email notifications of changes: Version 2.1.7 incorporates a notify.php script that provides improved capabilities for sending email notifications in response to page changes. This script is intended to replace the previous MailPosts capability, which is now deprecated (but will continue to be supported in Pm Wiki 2.1.x). Details and instructions for using notify.php are in the PmWiki.Notify page.

Added 'group home page' syntax: A group name followed by only a dot or slash is automatically treated as a reference to the group's home page, whatever it happens to be. This simplifies some pagelist templates as well as a number of other items. In particular, group links in pagelist output now points to the correct locations (instead of being a page in the current group).

Several bugs and vulnerabilities have been fixed:

Version 2.1.6 (2006-05-22)

The primary improvement in this release is the addition of a pagename argument to the (:if auth:) conditional markup. Thus one can display markup based on a visitor's authorization to a page other than the current one. For example, to test for edit privileges to Main.WikiSandbox, one would use (:if auth edit Main.WikiSandbox:). As before, if the pagename is omitted the directive tests authorization to the current page.

This release also restores the ability to have hyphens in Inter Map link names.

Lastly, the release closes a potential cross-site scripting vulnerability in the Wiki Trail? markup, and provides some small performance improvements.

Version 2.1.4, 2.1.5 (2006-03-29)

This release fixes a few more bugs:

The release also adds a couple of items:

Version 2.1.3 (2006-03-17)

This release fixes a bug that prevents the lines= option from working on sites running PHP 5.1.1 or later. It also re-fixes a bug involving empty passwords and LDAP authentication.

Version 2.1.2 (2006-03-16)

This release fixes a bug with handling "nopass" passwords. It also makes some speed improvements to large web feeds, and fixes a couple of minor HTML tag mismatches.

Version 2.1.1 (2006-03-13)

This release primarily fixes a bug with passwords containing multiple authorization groups, and in the process slightly liberalized the formatting of "@group" and "id:name" handling. This release also adds a new mechanism for managing and displaying FAQ pages.

Version 2.1.0 (2006-03-12)

This set of release notes is fairly lengthy, as it chronicles all of the changes since 2.0.13 (four months of development). A lot remains the same, but some changes warrant extra care when upgrading from a 2.0.x version to 2.1.0 (thus the major revision number change). As always, questions and issues can be mailed to the pmwiki-users mailing list.

Here's the list:

    span.wikiword a.createlink { display:none; }
    span.wikiword a.createlinktext 
      { border-bottom:none; text-decoration:none; color:inherit; }

Wiki administrators should note that from this release on Pm Wiki defaults to having Wiki Words disabled.

To make sure Wiki Words are enabled, use $LinkWikiWords = 1; in the local/config.php file.


Bugs and other requests can be reported to the Pm Wiki Issue Tracking System at http://www.pmwiki.org/wiki/PITS/PITS. Any help in testing, development, and/or documentation is greatly appreciated..

Release Notes archive - notes for versions older than 2.1.0.

Originário de http://kk2011.confabulando.org/index.php/PmWiki/ReleaseNotes
Pagina modificada em 15 de February de 2011, às 11h44