Issue numbers (#x):
* As of 1.0.14: see https://github.com/usebb/UseBB/issues/x
* Before: see http://www.usebb.net/community/topic-x.html
UseBB 1.0.17 Changelog
------------------------------
- Fixed possible security issue with too loose unserialization of cookie.
UseBB 1.0.16 Changelog
------------------------------
- Fixed bug 'Fetching DB results returns array with pointer at end' (#118).
- Fixed bug 'Potential spammer status can be bypassed by inactivating account' (#117).
- Fixed bug with counting posts for activating users with potential spam status enabled.
- For usability/safety, put every user posted image in a white and bordered box.
UseBB 1.0.15 Changelog
------------------------------
- Fixed bug 'Search does not sort when collecting results' (#115).
- Fixed bug 'Configuration settings from config.php might miss backslashes in ACP' (#106).
- Fixed bug 'Date format from user settings is not cleared from extra backslashes' (#107).
- Fixed bug 'Server load values not read on OS X' (#111).
- CSS(3) adjustments/fixes to default template (#110).
UseBB 1.0.14 Changelog
------------------------------
- Added Google Analytics tracking code support (#93).
- Added re-sync statistics ACP module (#90).
- Added Stop Forum Spam API request ACP module (#91).
- Fixed potential spammer status not taken into account in RSS feeds (#103).
- Fixed invalid forum RSS feed when description contains named HTML entities.
- Fixed template variable notice in topic RSS feeds (development environment only).
- Automatically close other sessions for same user (#95).
- Breadcrumbs are now made with array -- can use different subsets in templates (#92).
- Allow global template variable to be unescaped through js_ prefix (for JS snippets).
- Potential spammer status and restrictions can now be applied to guests (#94).
- ACP modules can require minimal UseBB version.
- Replaced missing template config setting errors with debug output.
UseBB 1.0.13 Changelog
------------------------------
- Added potential spammer status for users, restrictions and auto unset.
- Added Stop Forum Spam API usage for email addresses.
- Added possibility to submit user info to Stop Forum Spam on deletion.
- Added possibility to ban last used IP address on user deletion.
- Added persistent connections for mysql(i).
- Added anti-spam information document.
- Member pruning can now delete profile spam accounts.
- Member pruning can now delete pruned members' posts.
- Can now search accounts by email address in ACP.
- Fixed database settings screen in ACP general config.
- Fixed invalid XHTML on member list.
- Make mail.php accessible to guests.
- Able "contact admin" feature to use the mail.php form, or a custom URL.
- Also perform DNSBL check for "edit profile" and "send email".
- Show locked button when topic locked and cannot reply.
- Show RSS feed locations in online list.
- Activation keys are no longer in the password format, but a longer random string.
- Reading remote URLs has a timeout of three seconds and recognizes failures better.
- ACP General Configuration settings related to anti-spam grouped together.
- ACP General Configuration panes can be reloaded thanks to URL hash usage.
- Profile edit form has a notice about profiles being invisible to guests.
- Username in edit and delete members ACP panes is now clickable.
- Added usebb_debug_output function for clean debug output.
UseBB 1.0.12 Changelog
------------------------------
- Added members/staff/guests filter on online user list.
- Added possibility to show new topic and post reply links to guests.
- Added possibility to only check DNSBL servers upon registering or posting as guest.
- Added max topic age setting for active topics.
- Added automatic and manual logout for Admin Control Panel.
- Added security token system against CSRF, fixing a security issue.
- Fixed a minor security issue with includes in ACP.
- Fixed a small issue with not properly checked new version information from server.
- Fixed possible bug with statistics table and updating.
- Fixed some bugs with anti-spam question posing timing.
- Fixed wrong error when could not connect to database.
- Fixed errors when getting config values before having config file loaded.
- Fixed bug where some new config settings did not get saved.
- Fixed error when curl_exec() has been disabled for security reasons.
- Fixed URL parsing errors when entities at front/end.
- Fixed bug with DNSBL banning recheck.
- Fixed bug with deprecated TYPE=MyISAM syntax on install.
- Fixed mysqli_error() error on failed connect.
- Passwords can now contain symbols, and must contain at least one letter and one number.
- Generated passwords now also contain symbols and are always checked to be valid.
- Removed mandatory usage of magic_quotes_runtime.
- Force expired sessions to be destroyed immediately, not only when cleaning up.
- Post new topic links removed from topic template (template variable still available).
- Hide PHP notices and deprecation warnings when in production environment.
- Added log hidden errors setting which still logs errors hidden in production environment.
- Halt execution if install directory is not removed and is in production environment.
- Reset debug level 2 to 1 when in production environment.
- Removed some old code for PHP < 4.3.0. PHP 4.3 is now a minimum requirement.
- Debug info can now show memory usage on PHP >= 5.2.
- Updated (better) sorting on member list and search results.
- Now impossible for admin to delete own account in ACP.
- E-mail address to ban is now editable on user removal in ACP.
- Show specific error for malformed passwords on several forms.
- Activate member upon requesting new password if awaiting email activation.
- Show correct error message upon login with not yet admin-activated account.
- Show general error message for wrong username/email address combinations on send pw form.
- Hide ban reason on send pw form, and only show on login form when correct password given.
- Denote HTML enabled fields in ACP forms.
- Adjusted input and text area field sizes all over the system (generally bigger).
- System now links to application root instead of index.html with friendly URLs.
- Place HTML title after character encoding meta tag as it should be.
- Small style improvements, no custom styles anymore on most input fields.
- Session ID and IP address removed from session information in default template.
- User level is now shown as tooltip over custom rank in topics.
- Show config section names for missing labels of incorrect values.
- Show newlines in question answers and current question for FAQ.
- Ensure unique IDs for FAQ questions.
- Show member edit link after registering member in ACP.
- Version check can now display full text messages.
- Enable DNSBL bans setting moved to General Configuration.
- Mass email now also sends to submitting admin's email address.
- RSS feed settings in ACP General Config in separate section.
UseBB 1.0.11 Changelog
------------------------------
- Added possibility to remove user's posts upon removing user in ACP.
- Added possibility to ban user's email address or domain upon removing user in ACP.
- Added preview feature for member pruning in ACP.
- Added setting to enable/disable PHP's error log.
- Added user delete link for admin on profiles.
- Fixed security issue with forum/topic RSS feeds with "read" forum permission.
- Fixed bug that didn't update stats on full forum delete.
- Fixed bug that didn't adjust posts from certain members upon member pruning.
- Fixed bug #2492: never logged in users are always pruned with member pruning.
- Fixed bug #2488: CSS overflow for post contents.
- Fixed bug #2451: 403 error for active topics feed when no topics available.
- Fixed new/missing settings' wrong default values in ACP.
- SQL toolbox now prints usable HTML table for results instead of textbox.
- Removed ICQ status icons from profile.
- Hide "deprecated" warnings from PHP 5.3 (temporary solution).
- Forum select boxes are larger.
- "Remember me" now unchecked on login form.
- Single error for unexisting user and wrong password on login form.
UseBB 1.0.10 Changelog
------------------------------
- Fixed an issue generating infinite loops with the BBCode parsing on some input.
- Fixed bug #2367: SQL error on search sorted by author.
- Fixed bug with remembering guest auth settings on adding new forum.
- Changed RSS feed code so per forum and topic feeds can be shown.
- Fixed malfunctioning RSS Feed when friendly URLs are enabled.
- Fixed quirky or wrong entity handling in RSS feeds.
- Mass email in board default language and only to unique email addresses.
- Personal emails now sent in correct (recipient's) language.
- Redirect to the previously selected pane on activating member in ACP.
- Added email address tooltip on profile link in ACP activate members pane.
- Translate IP address ::1 in session to 127.0.0.1 for consistency.
- Made usernames in IP address lookup clickable.
- Show a warning (unsupported) on the ACP index with UTF-8 translations.
- Board image is now added to RSS feeds.
UseBB 1.0.9 Changelog
------------------------------
- Fixed bug #2001: BBCode in links breaks XML well-formedness.
- Fixed bug #1962: RSS feed fails to validate.
- Fixed bug #1935: Redirect URLs containing backslashes on some platforms (Windows).
- Fixed bug #1983: Jabber link on profile needs "xmpp" as protocol, not "jabber".
- Made smiley image tags refer to the path using ROOT_PATH.
UseBB 1.0.8 Changelog
------------------------------
- Fixed a few full path disclosure vulnerabilities (reported by Ilia Alshanetsky).
- Fixed bug #1700: "From" in e-mail messages gets split.
- Fixed an SQL error when passing negative "page" GET variable.
- Fixed a few potential "Array to string conversion" notices.
- Fixed Undefined index NoSuchUser on user activation.
- Allow terms of use text to contain HTML markup.
- Added moderator info to member edit pane in ACP.
- Give visual notice when accessing 403 Forbidden RSS feed.
- Moved 403 and 404 headers to constants HEADER_40x.
- Renamed MSN to Windows Live Messenger and changed profile URLs (spaces.live.com).
UseBB 1.0.7 Changelog
------------------------------
- Added an (random math based or custom) anti-spam question feature against spam bots.
- Added a security measure which generates a new session ID when logging in/out.
- Fixed bug #1663: DST settings not saved to new accounts.
- Fixed bug #1641: Global text color missing.
- Fixed bug #1591: CSS for BBCode [code] blocks in IE and Safari.
- Fixed faulty HTTP_HOST reassembling when running on port other than 80.
- Fixed hexadecimal entities + smilies parsing problem.
- Fixed fatal error for phpBB converter using mysqli.
- Admin accounts are no longer deactivated when e-mail address has changed.
- Made the sendmail -f parameter for emails an on/off setting.
- Now always stop when superglobals are (tried to be) defined via GET/POST/COOKIE.
- Faster processing times thanks to rewritten functions::get_config().
UseBB 1.0.6 Changelog
------------------------------
- Fixed full path disclosure vulnerability (reported by Jesper Jurcenoks, netVigilance, Inc.)
- Fixed bug #1505: User timezone not always saved correctly.
- Fixed bug in SQL toolbox with mysqli extension.
- Another (hopefully always working) fix for Undefined index: PATH_TRANSLATED.
- Automatically set admin e-mail address when installing.
- Stop when request variables of the form _XYZ are found and register_globals is enabled.
UseBB 1.0.5 Changelog
------------------------------
- Fixed bug #1469: BLOB/TEXT column [...] can't have a default value.
- Fixed bug with BBCode URL parsing and asterisks.
- Fixed bug with uppercase BBCode tags and incorrect nesting.
- Fixed bugs with the Abyss Web Server (wrong HTTPS detection and redirection).
- Fixed bug with undefined variable errtype.
- Display error upon impossible (> 3) level value of member.
- Avatars are now resized only when needed (using JavaScript).
- Random passwords by "forgot password" now respect the password minimum length.
- Changed method to show e-mail addresses "spam proof", now using HTML entities.
- Now count topic views as unique view per user per session.
- Show raw e-mail address on profile and mail form when user may view hidden ones.
- Remove square brackets from username in quote tag when quoting post.
UseBB 1.0.4 Changelog
------------------------------
- Fixed bug #1358: Undefined index: PATH_TRANSLATED on module upload.
- Fixed bug #1377: Make the BBCode controls valid.
- Fixed bug with crippled rtl ...; entities.
- Fixed bug with httpOnly cookies not set on IE with empty cookie domain.
- Fixed bug with missing rel attribute on www. URL's.
- Fixed bug with topic title rtrim on forum index.
- Major performance improvements throughout the board and template parser.
- Mass email messages are now sent in chunks of 100 recipients (by default).
- Members on stats box now have a last update time tooltip.
- Shortened topic titles on forum index now have full title tooltip.
- Version check is now also possible through cURL.
- Some minor usability improvements throughout the board.
- Updated copyright (2007) and FSF's address.
- Documentation (Readme) and installer updates (ie MySQL collations).
- Removed DNSBL wildcard IP address banning (useless).
UseBB 1.0.3 Changelog
------------------------------
- Fixed bug #1322: BBCode parsing bug with spaces in quote tags.
- Fixed bug #1296: use MTA -f argument when necessary (patch by Tadashi Jokagi).
- Fixed db_mysql to use new_link parameter while connecting.
- Will now set cookies with the httpOnly flag, when enabled (by default).
- Custom setcookie function always sets right past expiry value when needed.
- Don't allow posts only containing BBCode tags to be posted.
- Allow guests to edit all guest postings when permissions are set up like this,
but don't allow them to edit guest posts otherwise.
UseBB 1.0.2 Changelog
------------------------------
- Added possibility to use Reply-To header for user emails.
- Added security fix for the PHP Zend_Hash_Del_Key_Or_Index vulnerability.
- Fixed bug #1279: BBCode parsing bug within [ ... ].
- Fixed bug with fread() error for server load on some servers.
- Fixed bug with partial IP address matching for DNSBL whitelist.
- Performance improvements with less queries for post edit info.
- Disable registration log when log file setting is empty.
- Improvement/fix to external link JS, properly detect rel attribute value.
- Display server load values always as float with 2 decimals.
- Show month names in month selection box for the birthday profile field.
UseBB 1.0.1 Changelog
------------------------------
- Fixed bug #1231: multiple quotes get parsed as identical ones.
- Fixed bug #1208: unreplaced %s with Log Out on detailed online list.
- Fixed bug making logging out with auto login present impossible.
- Fixed bug not stripping slashes in mass email message.
- Fixed bug: include exclamation mark and brackets in IMG and URL BBCode.
- Fixed bug setting content type of RSS feed to text/html.
- Strip BBCode from post preview on search results instead of showing them raw.
- "Target blank" now works with JS instead of deprecated target attribute.
- Added info about default language and template in ACP general config.
- Sample ACP modules are removed from the distribution.
UseBB 1.0 Changelog
------------------------------
- Fixed bug #1190: wrong mbstring usage (patch by Tadashi Jokagi).
- Fixed bug #1169: include single quote in IMG and URL BBCode.
- Fixed bug #1161: fopen and safe mode restriction.
- Fixed bug with undefined $_SERVER['HTTP_HOST'].
- Fixed bug causing strange server errors with &new.
- Fixed bug sometimes redirecting to wrong page for new posts.
- Removed \n with each for BBCode.
- Unset auto login cookie when data is invalid.
- Also recognize application/xml as XHTML templates.
- Added {lp_author} and {lp_date} for listing templates.
- Fix some wrong config settings in config.php.
- Order usernames by registration date in Activate Members.
- Disable BCC to own address on own mail form.
- Database configuration is now hidden in ACP by default.
- Added possibility to perform SET NAMES latin1 on connect for mysqli.
- Take care of bad serialized auto login data in cookie.
- Small template improvements.
UseBB 1.0 RC3 Changelog
------------------------------
- Fixed minor XSS issue in ACP's edit member feature.
- Fixed bug #1140: open_basedir restriction in effect.
- Fixed bug in BBCode parsing removing whitespace in quote.
- Fixed bug where feature links were hidden for admins when closed.
- Fixed bug where board name was not unhtml'ed in footer.
- Minor changes in db_* to disable query log for convertors.
- Added HTML enabled field notice for forum description.
- Added disable XHTML content-type config setting.
UseBB 1.0 RC2 Changelog
------------------------------
- Fixed SQL injection issue with member list search.
- Fixed minor XSS issue with user date format.
- Fixed bug Undefined index: post_time on deleting post.
- Fixed bug with XML parsing errors on bad ASCII characters.
- Fixed bug in BBCode parsing.
- Fixed notice Implicit cloning (zend.ze1_compatibility_mode).
- Fixed Dutch translation errors.
- BBCode URLs now contain title attributes.
- ACP general configuration Javascript navigable.
- Various template improvements.
UseBB 1.0 RC1 Changelog
------------------------------
- Added to ACP:
- Member pruning.
- Badword filter controls.
- Mass email feature.
- Banning management.
- Added rProtect security features:
- Automatic DNSBL powered IP banning.
- Registration logging.
- Setting to hide never activated members from member list.
- Minimum and maximum length for usernames.
- Email address DNS (MX records) checking.
- Added minimum access levels for search and active topics.
- Added searching and detailed sorting on member list.
- Added forum pruning by locking topics.
- Added sorting options on search form.
- Added possibility to show search results as posts.
- Added possibility to use exact author name match and guests filter.
- Added message editing timeout for users.
- Added settings to enable/disable IP bans and badwords filter.
- Added setting to hide contact info in profiles for guests.
- Added possibility for admins to use hidden/disabled template sets.
- Added setting to show raw entities between [code].
- Added load average values to ACP index when possible.
- Added username and password info on registration form in ACP.
- Added some more rel="nofollow" attributes at various places.
- Added error upon lost saltcode when registering.
- Added RSS feed icon support.
- Fixed possible XSS issue with not unhtml'ed avatar URL.
- Fixed bug #1001: Edit this member link visible in own profile.
- Fixed bug #992: RSS feed redirects on restricted board.
- Fixed bug #988: default timezone for members not set.
- Fixed bug #971: Undefined index: id upon creating forum.
- Fixed bug #964: white space in IE before tables in ACP.
- Fixed bug where a user cannot set his displayed name equal to his
username that matches a ban mask.
- Fixed unwanted smiley parsing on HTML entities.
- Fixed not unhtml'ed query in ACP SQL toolbox textarea.
- Fixed unused quick_reply_textarea_cols.
- Fixed BBCode parsing to create well-formed XHTML.
- Fixed broken entity displaying at end of 255 chars string.
- Fixed missing info on move topic form with two visible forums.
- Fixed undefined index error in installation on Windows.
- Fixed 'Field x doesn't have a default value' error on strict MySQL.
- Fixed bug that used admin's settings for new users registered in ACP.
- Removed obsolete hide_undefined_config_setting_warnings setting.
- Removed warning on unwanted output.
- New session management, saving up to 3 queries per request.
- Automatically login after activation.
- Changed ACP config to contain many additional info.
- ACP config now also checks for valid session name.
- config.php must no longer be writable by PHP.
- Now serving application/xhtml+xml (text/html on IE et al).
- Made Skype info in profile callto: link.
- All trigger_error() errors are now E_USER_ERROR.
- Hide debug info and page links for banned IP's.
- Cookie path is now always auto-detected as "/".
- Easier navigation in ACP general configuration.
- Rewritten method for finding server load values.
- Cleaner ACP IP lookup.
- Guest usernames can again contain all characters and entities.
- Reintroduced forumlist_topic_rtrim_length for forum index.
- Various fixes to the install wizard.
- Flood protection message contains remaining seconds.
- Hide "Moderators: Nobody".
- Updated docs files and added HTML readme file.
- Removed UseBB version in footer for security.
- Changed SQL error notices to better indicate installation.
- Various template improvements.
-