Change notes for individual versions of Simple Comments. Versions prior to .902 were for private evaluation/beta and are undocumented. Version: .962 Date: 07/29/2008 Comments: Bug fix ======================================================== - CHANGED FILES: * CHANGES.TXT * README.TXT * lib/Comments.pm lib/CommentOpenID.pm * = only the version number/dates changed - Bug fix: On OP Identifiers (where the user chooses the OpenID to use at the OpenID Provider's site), replace the original normalized user supplied id with the ID the user chose at the OP. This will prevent the originally supplied ID from being used as the user's initial display name (or anywhere else we may have used it, for that matter). Version: .961 Date: 07/15/2008 Comments: Bug fix ======================================================== - CHANGED FILES: CHANGES.TXT README.TXT lib/Comments.pm - Bug fix: Must call the substitution to replace non ASCII chars with entities in to_entities twice; once with utf8 enabled on older perls and once without, to work around a Perl 5.6.1 bug that left some high-numbered characters un-encoded. Version: .960 Date: 07/08/2008 Comments: Major version release to support OpenID logins, display name-based logins, unique display names, and improved templating for site branding, among other changes. ======================================================== - NEW FILES: lib/CommentOpenID.pm openid/transactions.txt openid/nonces.txt openid/associations.txt openid/whitelist.txt icons/openid.gif tmpl/openid_redirect.tmpl tmpl/html_header.tmpl tmpl/html_footer.tmpl tmpl/page_header.tmpl tmpl/admin_article_lock.tmpl tmpl/admin_notify_openid.tmpl tmpl/generic_response.tmpl tmpl/xref_verify.tmpl tmpl/welcome_openid.tmpl CONFIGREF.TXT TMPLREF.TXT USERREF.TXT - CHANGED FILES: CHANGES.TXT README.TXT config.xml tmpl/visitor_login.tmpl tmpl/display_comment.tmpl tmpl/display.tmpl tmpl/admin_main.tmpl tmpl/admin_process.tmpl tmpl/add_success.tmpl tmpl/register_profile.tmpl tmpl/registration_form.tmpl tmpl/edit_comment.tmpl tmpl/registration_blurb.tmpl tmpl/add_error.tmpl tmpl/general_error.tmpl perl/admin_comments.pl perl/comments.pl lib/Comments.pm lib/CommentVisitors.pm lib/CommentCaptchas.pm * tmpl/addkey_verify.tmpl * tmpl/admin_approve.tmpl * tmpl/admin_approve_profile.tmpl * tmpl/admin_delete_verify.tmpl * tmpl/admin_list.tmpl * tmpl/admin_list_profile.tmpl * tmpl/admin_process_profile.tmpl * tmpl/admin_search.tmpl * tmpl/admin_search_profile.tmpl * tmpl/edit_ipblock.tmpl * tmpl/edit_profile.tmpl * tmpl/edit_template.tmpl * tmpl/invalid_action.tmpl * tmpl/profile_confirmed.tmpl * tmpl/profile_registered.tmpl * tmpl/redirect.tmpl * tmpl/review.tmpl * tmpl/review_profile.tmpl * tmpl/submit.tmpl * tmpl/unauthorized_user.tmpl * tmpl/visitor_login.tmpl (Files marked with an asterisk had the new HTML header, page header, and HTML footer templates applied but were not changed in any other way.) - NEW CONFIG PARAMETERS: openid_enabled openid_transaction_path openid_nonce_path openid_association_path visitor_captcha_bypass article_lock_days unique_display_names xref_id_file store_email_in_comments admin_notify_openid_template admin_article_lock_template generic_response_template xref_verify_template page_header_template html_header_template html_footer_template openid_redirect_template welcome_openid_template openid_whitelist_path openid_blacklist_path - Added the ability to toggle whether or not E-mail addresses are stored literally in comments. The default is now NO; whereas prior to this version of SC email addresses were always stored. The default templates never use the literal E-mail address, so this change only effects you if you've changed the default templates to utilize the E-mail addresses or if you are using the addresses in your own applications. - Added the publish_on_submit flag to the add_success template and admin_notify_templates - Added the visitor_captcha_bypass flag and processing (see the new parameter entry in CONFIGREF.TXT). - Display user display names in profile processing result messages instead of IDs. - Added support for unique display names (see the new parameter entry in CONFIGREF.TXT). Note that the supporting xref_id_file parameter is now a REQUIRED entry in the configuration file. - Added the CONFIGREF.TXT, TMPLREF.TXT, and USEREF.TXT files; which is the configuration file (config.xml), template parameter, and users.xml reference documentation formerly located in the README.TXT. - Fixed the usual round of typos in the README.TXT and added a few clarifications - Added the ability to lock comment submissions on specific pages. See the new article_lock_days, as well as the new article locking and unlocking feature in the administration script (based on a suggestion from david) - Added main html header and footer templates to simplify site deployments. These templates will be included ONLY in those templates that are displayed as full pages (suggestion from david). - Changed default display template to provide a "No comments to display" message for no comment pages. - Added threaded_display to the parameters passed to the comment display, so that smarter decisions can be made in regards to reply-to processing. - Fix: In the distribution file, moved users.xml into the users/admins subdirectory, to match what is described in the documentation - Fix: If the article name cannot be retrieved (the title of the article) use the unencoded article key when article name is called for instead of the _2F version (thanks to david) - Fix: Allow hyphens and underscores in reCAPTCHA public/private keys (thanks to Al Patrick) - Fixed an HTML typo in the admin_process template - Automatically set access rights on new comment files (in the xml subdirectory) to 0600. - Bug fix: Block visitor profile edits if the user is in 'blocked' or 'deleted' status - Bug fix: When approving visitor profiles, always copy over the most recently posted comment list and post count from the live record, since these may have changed since the profile change was requested. - Bug Fix: utf8 was not being properly applied on older perls. See the release notes for more details. - Bug fix: dashes were supposed to be allowed in user display names, but they weren't actually accepted in the form. - Bug Fix: visitor_id and sent_to parameters were not properly cleared in profile_login when they were not properly set. The same type of problem prevented the user_email address from automatically being reset in profile registration processing. - Bug Fix: The action parameter was not checked in check_login before being compared to a string; resulting in error log warnings - Provide error message immediately when attempting to edit a profile when a pending (not yet approved by the adminsitrator) profile already exists. - Changed add_error and general_error templates to accept and display from_email by default, instead of admin_email. Those forms can potentially be seen by anyone (they're called in various situations from comments.pl) so from_email is probably the better choice. - Allow multi-line titles in get_article_name (thanks nicku) - Bug fix: Only allow visitors with an 'active' status to login. This should allow for some simplification in downstream routines that are specifically checking the visitor status (i.e., if the visitor is logged in their status can be assumed to be active) which I'll hopefully clean up in a later release. Version: .950 Date: 11/09/2007 Comments: ======================================================== - NEW FILES: lib/CommentVisitors.pm tmpl/admin_approve_profile.tmpl tmpl/admin_list_profile.tmpl tmpl/admin_notify_confirm.tmpl tmpl/admin_process_profile.tmpl tmpl/admin_search_profile.tmpl tmpl/edit_profile.tmpl tmpl/invalid_action.tmpl tmpl/notify_visitor_approved.tmpl tmpl/profile_confirmation.tmpl tmpl/profile_confirmed.tmpl tmpl/profile_registered.tmpl tmpl/redirect.tmpl tmpl/register_profile.tmpl tmpl/registration_blurb.tmpl tmpl/registration_form.tmpl tmpl/reset_password.tmpl tmpl/review_profile.tmpl tmpl/view_profile.tmpl tmpl/visitor_login.tmpl - CHANGED FILES: CHANGES.TXT README.TXT config.xml lib/Comments.pm lib/CommentCaptchas.pm tmpl/submit_form.tmpl tmpl/submit.tmpl tmpl/display_comment.tmpl tmpl/display.tmpl tmpl/admin_main.tmpl tmpl/unauthorized_user.tmpl perl/comments.pl perl/admin_comments.pl - Added support for visitor registration, including a host of new configuration file parameters: visitor_registration_enabled visitor_registration_required max_visitor_interest_chars max_visitor_info_chars max_visitor_location_chars notify_admin_on_visitor_confirm publish_visitor_comments_on_submit require_registration_approval date_format visitor_profile_directory visitor_waiting_directory visitor_profile_link visitor_profile_umask short_comment_length visitor_recent_comment_maximum visitor_leafs_per_branch visitor_sessions visitor_session_timeout maximum_visitor_sessions site_name notify_visitor_on_approve from_email as well as new templates: admin_approve_profile_template admin_list_profile_template admin_notify_confirm_template admin_process_profile_template admin_search_profile_template edit_profile_template notify_visitor_approved_template profile_confirmation_template profile_confirmed_template profile_registered_template redirect_template register_profile_template registration_blurb_template registration_form_template reset_password_template review_profile_template view_profile_template visitor_login_template See especially the new "Visitor Registration" section of the README.TXT and the confix.xml reference for more details - Note especially the new "from_email" parameter in the config.xml file; this is now the From address that will be used by default on all outbound E-mail messages sent by the script. from_email is now a required parameter; you must add it to your config.xml if you are upgrading. - Added support for the no_html parameter (if set, all HTML is converted to a literal representation, even the basic 'b,' 'i,' 'pre,' and 'a' tags). This conversion is performed only when data is retrieved from the XML file; so that all comments (past and present) will follow the current setting of the flag and the data is always stored in the file with the same algorithm regardless of the flag's setting. - Moved the default location of users.xml to an 'admins' subdirectory of the users directory, to avoid confusion with the new visitors files. - Added support for recaptcha captchas (see http://recaptcha.net). This included new config file parameters: captcha_system recaptcha_use_javascript recaptcha_public_key recaptcha_private_key recaptcha_theme recaptcha_tabindex - Changed the administrator password encoding to be salted with the admin_user name itself, to offer slightly better protection to the users should the users.xml file be compromised. Also added the 'no_salt' configuration parameter option to override this behavior for convenience. Note that the use of no_salt is discouraged (better is to update the password encodings in the users.xml file to the new encoding) and the no_salt option may be removed in a future version of Simple Comments. - Added the invalid_action_template and action checking in comments.pl; i.e., now if you provide an invalid action to comments.pl it will report it as such using the invalid_action_template, instead of simplying defaulting to 'display.' - Added the submit_threshold feature, which uses a file specified in the submit_log configuration parameter. Users cannot post profile and/or comment data faster than the submit_threshold. - Removed the footer in the unauthorized access template; so that the admin E-mail address is not included in that template by default (You can always put it back in if you don't mind the E-mail address showing there; the parameters passed to the template remain the same). - Bug fix: Limit max_comment_chars and max_subject_chars to a maximum of 32,766 characters; else they (probably) exceed Perl's quantifier value maximum - Bug fix: Fixed typo in the unauthorized_user.tmpl that was preventing it from being displayed properly in Internet Explorer Version: .932 Date: 05/21/2007 Comments: ======================================================== - CHANGED FILES: CHANGES.TXT README.TXT perl/admin_comments.pl lib/Comments.pm - Corrected and removed several "Use of uninitialized variable warnings;" primarily, these were the result of a faulty assumption that the subject field and/or reply-to would have something in it when in fact it didn't (necessarily). - Bug fix: Allow URLs with trailing slashes Version: .931 Date: 05/04/2007 Comments: ======================================================== - CHANGED FILES: CHANGES.TXT tmpl/submit_form.tmpl - Bug fix: Somehow some garbage characters had been inserted into the submit_form.tmpl; I've removed them and reposted the script Version: .930 Date: 04/25/2007 Comments: ======================================================== - ADDED FILES: lib/CommentCaptchas.pm captchas captchas/captcha_data.txt tmpl/rss.tmpl icons/feed-icon-14x14.png icons/feed-icon-28x28.png - CHANGED FILES: CHANGES.TXT README.TXT lib/Comments.pm perl/comments.pl perl/admin_comments.pl tmpl/submit_form.tmpl tmpl/admin_approve.tmpl tmpl/admin_list.tmpl tmpl/edit_comment.tmpl tmpl/display.tmpl tmpl/display_comment.tmpl - Bug fix: Allow plus signs in the local portion of E-mail addresses - Bug fix: "Clear" button in submission form now works as expected (all form values are cleared). - Slightly tighter checking on URLs (check the domain portion of the URL for format validity) - Tighter checking on split HTML tags in comments; i.e., now tags must match (opening and closing) to be allowed. Mis-matched tags (opening and no closing, closing but no opening, or cross-placed) will be displayed as literal angle brackets. - Added CAPTCHA processing and related configuration file variables (all start with captcha_; see the README.TXT for details). - Fixed some typos in the README. - Some general optimizations; replacing many ternary operators with simpler ORs. - Added "Toggle All" option in admin approval and list screens - Added rss (by default, can be changed by user) output format support; this includes the comments_per_rss and rss_template configuration parameters - Added ability to reply to a comment from directly within the admin approval screen Version: .920 Date: 12/22/2006 Comments: ======================================================== - Added support for subject lines, including the max_subject_chars parameter - Added support for reply-to processing, and threaded displays (via the threaded_display configuration parameter, and thread_level/threadleveln parameters in the display template) - Added admin_flag - Added the ability to ban IP addresses from the admin processing screen - Added the delete verification, and addkey verification templates (addkey is purely a transitional function from previous versions) - Do not replace double line breaks with [p] tags; just use two [br] tags. This to hopefuly make formatting of the resulting comment more predictable for styling - Added data scrubbing for a few configuration variables that were not being scrubbed previously - More tweaking for white space in pre blocks, to allow paragraph breaks to display properly in Internet Explorer - Added permanent comment keys and the routine to add them (needed for reply-to functionality) - Added sequence id so that a consistent "Comment Number" can be displayed with comments (the above mentioned comment key adding routine will also add sequence ids to existing comments) - Bug fix: Only the last IP in the block file was actually being blocked properly--all others were almost guaranteed not to match - Security fix: Do not allow the MD5 hash for an empty string to be used as a password; and also change the password logic such that unicode characters can be used in passwords. See the README.TXT for more details. -------------------------------------------------------- Version: .910 Date: 9/15/2006 Comments: ======================================================== - Bug fix: allowed multiple admin_users, per the documentation (specifying multiple admin_users in previous version would cause all authentications to fail). - Bug fix: Allow the passing in of a configuration file name to the "get_configuration" routine. This undocumented feature was previously available (to-date it's unused) though unusable due to a bug (|= instead of ||=). Now fixed. - Bug fix: relative directories (single . or .. entries) were supposed to be unallaowed in pathname configuration settings; but in fact were allowed if they were the last directory in the path. This has been fixed. - Bug fix: Comments could not be deleted after they were published (now fixed). - Bug fix: Several calls to general_error were incorrect. - Bug fix: space removal in submitted comments was too aggressive; it was interfering with the user's desired layout in PRE blocks. - Bug fix: Force XML::Simple to use XML::Parser, to avoid problems with differences in character entity encoding between parsers - Removed the webroot configuration variable; replace it with $ENV{"DOCUMENT_ROOT"} instead - Allowed drive designations on full path names in the configuration file - Added cached configuration entries support for mod_perl scenarios. - Added support for site sections throughout the scripts. - Added built-in support for user authentication and granular rights assignments in admin_comments - Added publish_on_submit flag - Added recent_comments_first flag - Added date_time_format parameter - Added password_file parameter - Added the header xml declaration to published xml storage file (but not to the waiting file). Also changed the topmost tag in the file to "comments" (instead of "opt"). - Various optimizations - Added edited_by, edit_date, approved_by, and pub_date to the display template. - Use local variable directly instead of Symbol::gensym for definition of lexical file handles (supported since 5.6) - For consistency, use three parameter form of open and use single quotes whenever possible -------------------------------------------------------- Version: .902 Date: 7/5/2006 Comments: ======================================================== Initial public release. See http://www.webreference.com/programming/perl/comments