v0.9.9.7 (Late March 2007) - the notes from the 0.9.9.7 readme. * NEW OR IMPROVED FEATURES: - Archive Search. - Article replies to comments now sends IM notification to article editor. - Instant messages "Next" and "Previous" symbols added to single message view. - Instant Messages delete move to next limited to single message mode. * SECURITY PATCHES AND OTHER SECURITY-RELATED WORK: - Edit profiles input checking flaw corrected. - Load user information added more checking, including cookie checking. - Load user no longer sets username until after input filtering. - Random Cookie Password allowed to empty the cookie file for unauthorized persons. - Random Cookie Password check added against same IP and/or Host as last visit by any user (if CAPTCHA is turned on). - Random Cookie Password check and error for blank password cookie. - Resetting of user settings to default when cookies are cleared. - Site can be set to allow admin access only from one or more IPs as set in admin panel. - Login, admin profile edit, reminder, edit profile, profile view, gallery view, gallery comment, gallery feedback - all added checks for username existing in memberlist. - Added logging of rank and status at time of visit for any user. - Added logging of more detailed IP info. - Query string limited to valid URL characters. - Forum post authorization missing definition added. - Forum thread display usernames shown underneath "real name" to help prevent impersonation. - Instant messages move "to" folder set hard coded value instead of using query string value. - Instant message "From" information removed from inputs. - Personal settings array name "@settings" changed to "@memsettings" where appropriate. - Search pages links URL encoded. - Edit banned IP list variable had a typo. - Delete banned IP hash variable had a typo. - Administration for poll, profiles, IP bans, forums - added referrer check to prevent accidental deletion due to XSS redirects or tricky links. - Create forum board input id filter tightened. - Topics create category input checking added. - Data error log viewer privacy filters on certain logged form inputs. - Statistics log viewer displays rank and status at time of visit and more detailed IP info. - New member signup info log for IP and email at time of joining. - Statistics log viewer added field sorting on older stats pages. * BUG FIXES: - Block edit error due to characters now checked in URL string. - Site admin setting for max_log_days_old in wrong area. - Calendar delete event referrer check dysfunction due to client side javascript. - Calendar inputs sending double values. - Calendar CAPTCHA visible when no form is open. - Duplicate block titles possible. - Block editor location redirect strings using variable that could be a relative URL. - Welcome message bar and border visible when welcome message option is turned off. - Move links 0.9.9.6 typo bug. - Login bug from missing CAPTCHA verification on instant signup registration method. - Attempt to move download with only one category existing caused deletion. - Attempt to move link with only one category existing caused deletion. - Statistics viewers were using hard coded "index.cgi". - Topics category modify/delete bug from 0.9.9.6 duplicate categories fix. - Poll error on empty action=poll with no id given. - Poll error message was reading first poll number. - Gallery admin allow private printed URL was triggering the referrer check. - Whos On intermittent error. - Calendar was accepting blank submissions. - English language file require for user-lib had old path variables. - Theme and Language chooser reloading of current page was not working on mods or admin cgi pages. - Referrer log viewer bottom links were not updated. - Backup page navigation bar link was incorrect. - Articles had links to profiles of no-longer-existing members. - Forum 'find IP' admin feature had a missing definition for first post in a thread. - Forum modify message was saving the editor's IP in place of that of the original poster. - Downloads and download info pages were causing error on old links if the category had been removed. - Links and link info pages were causing error on old links if the category had been removed. - Search was trying to open files that might not exist. - Search was redefining username variable and showing email links to non-members. - Downloads was causing an error on old links when the download had been removed from the database. - Links was causing an error on old links when the link had been removed from the database. - Polls were not requiring a valid poll ID. - Forum Poll IP check had a mistyped variable name. - Articles "other articles by" had a paging error due to an incorrect variable name. - Profile view page had a typo in the input hash keys checking. - The HTML escape routine was doing double escapes of ampersands. - Setting of the default lib directory for local Perl modules was outside of the BEGIN block. - Profile view page had a typo in loop. - "fatals to browser" bug in old versions of CGI::Carp was causing errors on some servers. Version checking added. - URL string in admin panel had a mistyped variable. - Forum modify message was using the name variable before it was defined. - Link info was not reading the database. - Gallery language file was not catching the image max size value before printing error message. - Menu Manager navigation bar had no link back to site admin. - Who's On for Admins had problem with metacharacters in URL string. - Who's Online page had typo in variable name. * CODING IMPROVEMENTS: - Fixes for accumulated Perl warnings throughout. - Instant messages over-limit inbox - whole list no longer loads when each single message is viewed. - Moved forum polls input processing to a separate area. - Old CAPTCHA lines set to expire and be removed. - File locking added to admin panel save configuration settings. - Removed unused linkinfo class from downloads and links. - Forum thread display changed to use real name from member file when available. - Error pages now set a variable for page title and other future uses. - Forum display unused contact variables removed. - Articles "other articles by" now uses real name from file in place of passing in query string. - Member list repeated validity check on member files removed. - Gallery added check and error for links to nonexistent galleries. - Added new subs to clear cookies and set user defaults to save repeating code. - Removed repeated member settings from Login. - Removed old subs editpb and editpb2. - Removed first of two definitions of password variable in Profile Edit. - Removed old sub find from Search. - Limited search to 4 character mininum per phrase or word. - Changed double quotes to single around strings in Search. - Removed unused key from checkbox list in admin site config panel. - In emailer, removed the SetSender key from the sendmail data as it was generating a Perl warning in the Mime::Lite module. - Updated check on username characters in Reminder. - Archive display subroutines updated to match current forums code. - Jos's Theme and Language Chooser hack moved from sub loaduser to its own sub. - Search character coding updated on recent searches links. - Set local variables for logging of environment variables for statistics. - In Search, HTML encoding and decoding for "search again" input. - CAPTCHA configuration settings reading now done by one subroutine. - Random Cookie Password folder db/cookie moved to db/members/cookie for shared sites. * HTML, DISPLAY, AND LANGUAGE ISSUES: - Menu link lists Firefox display problem fixed. - Code block text size Firefox problem fixed. - HTML in instant signup login page fixed. - Error message typo "due a compilation error" fixed. - Forum poll "Vote" language tag added. - Topics list and excerpts of articles in a topic HTML encoding corrected. - Calendar language tags added to update current record. - Contact page no longer prints empty labels in the address section when that information is not given. - Archive posts language tag changed from "Edit Messages" to "Archive Old Posts". - View Profile Navigation bar phrase corrected. - Topics category missing error message language tag added. - In forum board indexes, added language tag for " at ".