Parent Directory
| 
Revision Log
| 
Revision Graph
| Links to HEAD: | (view) (download) (annotate) |
| Sticky Tag: |
- Patch #550488 by c960657: turn of mod_expires for all .php files.
- Patch #497736 by deekayen: code-style.sh is no more so it should not be part of .htaccess.
- Patch #352180 by Garret Albright, wrwrwr: better multi-site friendly 'www' addition/removal in .htaccess.
#328155 by cog.rusty: Allow third-party subdirectories with index.html or index.htm files.
- Patch #147310 by c960657 et al: better cache headers for reverse proxies.
174940 by gpk: avoid calling up the full Drupal bootstrap for nonexistent favicon.ico. Backport by matt@antinomia.
#289120 by jastern: Set magic_quotes_sybase = 0 to prevent default php.ini settings from double-quoting JavaScript in Drupal.
#28776 by Uwe Hermann, Morbus Iff, jvandyk: Protect *.test files and SVN metafiles from being exposed under Drupal
#28776 by Uwe Hermann, Morbus Iff, jvandyk: Protect *.test files and SVN metafiles from being exposed under Drupal
- Patch #281131 by Damien Tournoud: document the missing quote in .htaccess.
- Patch #281131 by Damien Tournoud: document the missing quote in .htaccess.
- Patch #308834 by c960657: move setting of magic_quotes_runtime out of settings.php because (i) we don't want a user to change it and (ii) it gets executed a bit earlier in the Drupal bootstrap.
- Patch #217170 by maartenvg, rbiffl: boolean PHP settings are best set with php_flag instead of php_value.
- Patch #28776 by lilou, Morbus Iff, Uwe Hermann: protect SVN files.
#174940 by gpk: avoid calling up the full Drupal bootstrap for nonexistent favicon.ico
- Patch #275730 by boombatower: protect .test files by .htaccess.
- Patch #174940 by gpk: fixed favicon.ico 404s.
- Patch #174940 by gpk: don't generate 404s for favicons. Work around broken browsers ...
- Patch #221364 by thehong: Drupal 7, now with less PHP4.
#118569 by bevan: document how should one set RewriteBase, if under a VirtualDocumentRoot. Backport by Bart Jansens.
- Patch #150245 by webchick, bjaspan, ralf, Arancaytar et al: move the .schema files into .install files to prevent mistakes.
- Patch #144634 by chx: fixed critical bug that prevented language negotiation to work after/when drupal_goto() is called.
#117151 by profix898 and thePanz: the second part of our FilesMatch list contained complete file names which should be protected (eg. Tag), but should not match parts of the file names (eg. Tagging.txt)
#118569 by bevan: document how should one set RewriteBase, if under a VirtualDocumentRoot
#117151 by profix898: the second part of our FilesMatch list contained complete file names which should be protected (eg. Tag), but should not match parts of the file names (eg. Tagging.txt)
#151634 by Ralf Stamm: protect .schema files from being read over the web, if .htaccess is parsed and adhered to
- Patch #109150 by ff1 and webernet: fix rewrite rule. Backport from HEAD.
- Patch #109150 by webernet: typo in documentation.
- Patch #109150 by ff1 and webernet: fix rewrite rule.
#87138: Disable mbstring encoding conversion in htaccess Backport from HEAD.
#87138: Disable mbstring encoding conversion in htaccess
- Patch #113377 by Gerhard: clean up .htaccess.
#104506, correct usage of mod_expires if available, backport
- Patch #104506 by m3vrick: better cache headers for static files.
#105851, backport, finish hiding CVS/* files in .htaccess
#105851, finish hiding CVS/* files in .htaccess, backport
#105851 by dww. Complete the list of CVS meta files.
#105300 by Gábor Hojtsy. Avoid serving .po files.
#93865 by Jax. More correct Order directive.
#81845 by Ralf Stamm. Add Apache .htaccess restriction for .info files.
#80861 by m3avrck. Avoid clobbering subdomains in the example code.
#73590 by Flanker, protect .profile files from prying eyes
#61082 by Uwe Hermann, Cosmetic fixes in .htaccess
#58647, don't show tpl.php files to people, patch by Morbus Iff
#56634, docs improvement, patch by JonBob
#56634: Resolve issues with varying $base_url - Fix locations links in watchdog - Fix repeated subdirectory in page cache CIDs
#54784, protect .install, .*sql files, patch by eafarris.
- #47711: Better PHP5 htaccess compatibility
- Patch #40393 by Richard: corrected permissions of menu/path settings on the content submission form.
- Patch #29344 by Morbus: .htaccess file needs file protection update
- Patch #19126 by Uwe: fixed inconsistent whitespace in .htaccess.
- More improvements by Morbus, Goba, TDobes et al: Per TDobes' comments: * INSTALL.txt corrected to use 4.3.3, not 4.33. * .htaccess: removed allow_call_time_pass_reference. two confirmations that a) the setting was wrong in the first place, b) there were no adverse affects for the incorrect setting, c) the PHP docs say it is deprecated. * .htaccess: removed short_open_tag. Running grep -r "<? " * across the entire directory tree of both core and contributions only brought up contributions and no core. I agree that the fuller form is better. The following contributions will need to be updated: modules/edit_template/edit_template.module, sandbox/garym/themes/marvin_2k/templates/page.tpl.php, sandbox/killes/compare.php, sandbox/paolino/import/click.php, themes/spreadfirefox/block.tpl.php. For error's sake, I also did a manual verification for "<?" (no space) across core and came up against nothing in addition to the above contribs. Per Goba's comments: * .htaccess: Moved session.auto_start back. * sites/default/settings.php: Removed track_vars. Per mailing list comments: * INSTALL.txt: Added text about the files/ directory, creating it, and permissions. * INSTALL.txt: Added an example of why Drupal requires cron (the search.module) in an attempt to justify why a crontab is a good, nay, required step. And my own further analities: * .htaccess: cleaned up some whitespace valleys (i hate 'em, hate 'em!) and fixed a few stray colons. * settings.php: minor whitespace error.
- Patch #18641 by Morbus: .htaccess improvements. Modified a bit by me.
#5900: Fix mod_expire forcing page caching on the client side.
- Set the DirectoryIndex.
- Patch #17303 by tangent: moved the session settings into /sites/default/settings.php so that subsites can have better control over them. One of the advantages of the site specific settings.php file is that it will never get overwritten during upgrades and having these settings here should prove to be more friendly.
- Oops.
- Patch #10425 by ccourtne and walkah: added admin screens to maintain forums instead of forcing the user to add a taxonomy.
- Changed FollowSymLinks to +FollowSymLinks.
- Theme system changes. Please consult http://drupal.org/node/view/9576 for details.
- Direct 404s to Drupal. Suggested by Goba.
- Reworked 404 (page not found) handling. Patch by walkah. You can specify a custom 404 page in the administration page. As a result, error.php could be removed.
- Added some Apache 2 specific instructions.
- Added some Apache 2 specific instructions.
- Added a comment about 'RewriteBase'
- Gerhard's uid 0 patches. These patches bring various performance improvements. Requires a database update.
- Set session.gc_maxlifetime to something more sensible than the default 1440 seconds.
- Set some additional options to avoid installation pains.
- Bugfix: made request_uri() rewrite ( and ) with their entity equivalents to avoid XSS attacks! Patch by Al, Moshe, Marco, Kjartan and me. - Bugfix: the admin module does now import drupal.css prior to admin.css. Patch by me. - Bugfix: the admin module was still emitting a <base href=""> tag. I removed this as it is been taken care of by theme_head(); Patch by me. - Bugfix: made the tracker module's pager only consider published pages. Patch by Moshe. - Bugfix: cured some typos in the comment module's help function. Patch by Marco. - Bugfix: fixed a typo in the pager_display() that caused optional attributes to be discarded. - Bugfix: made the Xtemplate emit empty boxes like any other theme does. Patch by Al. - Bugfix: fixed broken link on the statistics module's log page. Reported by Kjartan. - CSS improvements: made the HTML output emitted by the tracker module look nicer. Patch by Moshe and Al. - CSS improvements: added CSS classes for form elements. Patch by Al. - CSS improvements: added a vertical gap between the last form item and the submit button. Patch by Al. Note that Opera 6 is not picking up this CSS but apparently others browsers such as Konqueror do. - Xtemplate improvements: changed the color of the selected day in the archive module's calendar. Patch by Al. - Usability improvements: made the "birthday" field of the profile module look nicer. Patch by Al. ------ - TODO: it might be a good idea to emit the following meta tag in the theme_head() function: <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> Currently, some themes (and modules!) emit this while others don't. This would also make it possible to change the charset site-wide. - TODO: now we added support for td.dark and td.light to drupal.css, maybe it can be removed from admin.css as well as xtemplate.css?
- Fixed a typo in the PostgreSQL database scheme. Patch by Michael Frankowski. - Fixed a typo in the MSSQL database scheme. Patch by Michael Frankowski. - Removed dependency on "register_globals = on"! Patches by Michael Frankowski. Notes: + Updated the patches to use $foo["bar"] instead of $foo['bar']. + Updated the INSTALL and CHANGELOG files as well. - Tiny improvement to the "./scripts/code-clean.sh" script.
- Some .htaccess file fixes/improvements. Thanks Ax.
- The .htaccess file will now correct the majority of the external referers that still use the old URL scheme! Thanks Ax and Gerhard for providing a better upgrade path.
- Bugfix: made the pager work when clean URLs are enabled. Patch by Ax.
- Clean URLs.
- fixing a typo in the RewriteRule
- Fixed blog.module to accept blog/name URLs as well as blog/id - Changed the RewriteRule in .htaccess. - Fixed form_select() matching incorrectly. - Added missing $Id$ to menu.inc
- Added 'php_value arg_separator.output "&"' as suggested by Curtis.
- Made sure session.cache_limiter is set to "none" as suggested by Moshe and Ax.
- Made sure session.cache_limiter is set to "none" as suggested by Moshe and Ax.
- Made sure session.cache_limiter is set to "none" as suggested by Moshe and Ax.
- Added "short_open_tag 1" to the PHP settings.
- Added "short_open_tag 1" to the PHP settings.
- setting magic_quotes_gpc to 0 (off). IF it causes any problems please report.
- changing php_register_globals to register_globals which is the correct setting.
- small update .htaccess, fixed the blog link. - some interface changes in block admin page.
- applying patches from Axel Kollmorgen. See http://list.drupal.org/drupal-devel/2002-February/thread.html#6678 http://list.drupal.org/drupal-devel/2002-February/thread.html#6629 - removed references to $this->user() from themes. - removed $BaseTheme->user(). It was deprecated a while back. NOTE: this update will break custom themes, so make sure you update your themes before updating!
- Made the "http://foo.com/blog/username" URL syntax work again. Patch by Foxen.
- tweaked some of the php settings.
- cleaned up .htaccess. Removed some php settings and made the deny filters more specific.
- added the CVS keyword $Id$ to all files to make future version tracking easier. Also changed the <? tag to <?php in some cases.
- set session.save_handler to user. required to use session_set_save_handler() in user.module.
- Adding the rewrite rule for blog until a better system can be implemented.
- Renamed syndication.module to import.module.
- Removed headline.module: it became obsolete.
- Removed backend.class: it became obsolete.
- Added export.module.
For now, you can use:
1. http://drupal/export.php?headlines.rss
2. http://drupal/export.php?headlines.rdf
- Renamed export to export.php.
For now, you can use:
1. http://drupal/export.php?headlines.rss
2. http://drupal/export.php?headlines.rdf
Renaming this file has main 3 advantages:
1. We no longer rely on .htaccess for being able to export.
2. It is more conform with the general naming conventions.
3. It removes a pseudo-hack with formatting the URI.
- Made import.module export blocks with feeds.
- Fixed regexp bug in <Files>. This used to work on older versions of Apache, but seems that the latest versions are not as forgiving.
- fixed bug in common.inc: throttle() - streamlined method invocation in node.inc - added node_status() function to modules - added NEW (mostly static) page module - added NEW settings module
- tidyied up .htaccess a bit
- various updates, bugfixes and improvements
- here a bunch of changes to make "drupal" (for now) work with PHP 4.0.4 - tidied up some of the code and mainly working on the documentation
- syndication changes
- finilized syndication / My Netscape channel stuff:
http://drop.org/syndication.rdf -> returns RDF backend
- intermediate commit: some bugfixes, changes and some drastic changes to block and module support
- again, a more rock solid .htaccess - should be OK now
- a better .htaccess
Again, a large batch of updates - I'm twisting things around here:
1. improved .htaccess to be more "secure": to keep prying
eyes out
2. rewrote the administration section from scratch using a
modular approach
3. improved the information gathered by error.php - we can
now (hopefully) track what bots are crawling us.
4. fixed a bug in submit.php, fixed a bug in theme zaphod,
fixed a bug in theme marvin.
5. rewrote cron from scratch - it now interfaces with
modules as it should have been from the beginning.
Very cool if you ask me - it can use UNIX/Linux
crontabs.
6. updated widget.inc to be module aware - needs more
work though - maybe this afternoon?
7. updated most modules: small bugfixes, improvements, and
even the documentation
8. removed diary.php and made it a module - you can now
run a drop.org site without a diary system if someone
would prefer so
9. updated all themes to use the new modules where
appropriate
10. added a robots.txt because the error message in the
watchdog become annoying.
11. added the new configuration system (mutliple vhosts
on the same source tree) - use hostname.conf instead
of config.inc
12. removed calendar.inc and made it a module
13. added format_interval() to functions.inc (UnConeD)
14. whatever I forgot ...
- small update
* fixes the current login problem
Just trying to change some config settings.. hope it will work :)
increased it even more just to make sure .)
increased the cach expire to see if that fixed the logout problem
Just trying a different setting to check whether this fixes the session timout (cookie expires to fast) problem ... *fingers crosses*
Changelog --------- - improved the user information page. - improved the story submission page. - fixed comments score bug: '.00' --> 'x.00' - tried fixing the calendar wrapping - UnConeD, is it fixed now? - provided a link back to the submission queue after having voted for a story. - fixed comment subject bug (and security flaw) by replacing quotes by ". - updated theme 'zaphod': fixed 2 bugs. - updated theme 'marvin': fixed 1 bug and improved the layout so things wrap (hopefully) better in Windows. - comments have by default no subject pre-set - if no subject is provided, the user is warned and when a comment eventually got submitted without a subject, a subject is composed using the x first characters of the comment's body. - improved comments on submit.php - corrected a typo in the FAQ. UnConeD ------- - replace 'article.php' by 'discussion.php' - comment() still uses old references to account.php: the parameters you supply to account.php does no longer hold. You have to update those links to the new syntax. - commentcontrol() is outdated - copy paste the one of theme 'marvin' and adjust it to your likings.
I just commit everything what was queued in my backlog: - Added a basic implementation of comment moderation - Updated and renamed my 2 themes: I removed redundant boxes and tried to work towards simplicity. - Disabled the other themes as they are broken (I gave you sufficent time to update them). - Removed redundant files. - Added security checks with regard to the usage of HTML tags.
Over the last 2 days I redid and reorganized an afwul lot of code and made quite a lot of additions. The most remarkable addition is the diary server, which I slapped together in less then 40 minutes. Most of the other changes are however `unvisible' for the user but add much value to a better maintainability from a developer's objective. Like always, I fixed quite a number of small bugs that creeped into the code so we should have a bigger, better and more stable drop.org. Unfortunatly, some theme update _are_ required: REQUIRED THEME UPDATES: ======================= * use format_username() where usernames are used * use format_date() where timestamps/dates are used * use format_email() where e-mail addresses are displayed * use format_url() where url are displayed * replace 'formatTimestamp' with format_date * replace 'morelink_*' with 'display_morelink' [most of these functions are in function.inc or template.inc] ___PLEASE___ (<- this should get your attention ;) update your themes as soon as possible - it only takes 30 min. to get in sync with the other themes. Don't start whining about the fact you don't know what to change ... either eat the source cookie, or ask me to elaborate on a few changes. Just let me know what's puzzling you and I'll try to help you out! TODO LIST FOR NEXT WEEK ======================= * Add checks for max. text length in textarea's? Is there an HMTL attribute for this or ...? * Comment moderation + mojo * Edit/admin user accounts: block, delete, change permissions, ... * E-mail password, change password, change e-mail address -> extra checks and routines to validate such `special' changes. * Input checking - input filter: bad words, html tags, ...
* Added extra PHP variables to .htaccess as discussed earlier this week.
* Enhancement: protect the themes/-directory (and subdirectory) from prying eyes.
Changing the httpd conf so the sessions are stored longer and use DROPID as the cookie name :)
* The CVS directories (automatically created by the CVS repository) can no longer be accessed from the web. Let's keep lurking eyes out. ;) * I'm still idling (except for these kind of tidbits) until Natrak commited the new user system. *evil grin*
sorry - small typoe
Fixed a security flaw: .inc files can be read from the web including `config.inc' which contains the account information (login, password) to the MySQL database. Apache has now been setup to deny access to all *.inc files from the web.
* Added the foundations to create customized error pages. http://beta.drop.org/foobar.php (The customized error pages need to be beautified.)
This form allows you to request diffs between any two revisions of this file. For each of the two "sides" of the diff, select a symbolic revision name using the selection box, or choose 'Use Text Field' and enter a numeric revision.
| ViewVC Help | |
| Powered by ViewVC 1.1.2 |