ViPER Guestbook Version 1.2 FINAL

Changes in
Version 1.2 FINAL
--------------------------------------------------------------

ViPER
Guestbook Version 1.2 FINAL

New
or improved features:
+ Bugfix in index.php
Fixed possible
security holes concerning MySQL injections
+ Bugfix in URL validation
and activation
The following characters were not allowed: ?,-,] and %
+
Bugfix in function vgb_short
Zeros before the point were deleted
+
Bugfix in index.php
Decoding of private entries didn't worked in
Firefox
+ Bugfix in skin commands
Some inTAG parameters were not
evaluated
+ Bugfix in index.php
Skinfiles are no longer case
sensitive
+ Bugfix in sendmail.php
Notification mails were sent
twice on some servers
+ Optimized BBCode routine
+ Removed ViPER
Guestbook signature and link
----------------------------------------------------------------------
Changes
in Version 1.29
----------------------------------------------------------------------
+
Bugfix in parameter stripping
In array parameters were no slashes
stripped so that the
internal style.inc and lang.inc editor corrupted
some HTML
attributes when the files were saved.
+ Bugfix in link
activation alogrithm
Invalid links at the end of the text were
deleted and quotes and
other characters were accepted as part of the
link
+ Bugfix in entry limitation
New entries caused the deletion
of moderated entries if the
moderated mode was active and the number
of entries limited
+ Bugfix in BBCode routine
HTML img element was
printed when BBCode was allowed but the
code for the image element
deactivated
----------------------------------------------------------------------
Changes
in Version 1.28
----------------------------------------------------------------------
+
Bugfix in admin.php
Many forms in the administration used the GET
instead of
the POST method
+ Bugfix in install.php
Some varchar
columns were initialized with the wrong size
+ Bugfix in index.php
Maximum
picture size calculation was not correct
+ Bugfix in admin.php
Column
size of certain fields was not adjusted on maximum
length change
+
Bugfix in all files
scripts didn't worked if PHP short open tags
were deactivated
+ Bugfix in admin.php
New inputfields for numbers
were not accepted without a
preallocation value
+ Bugfix in all
scripts
Magic quotes directives could lead to trouble
+ Bugfix in
mail function
Some hosts refused to accept mails if Return-Path
wasn't set
via -f parameter of sendmail
+ Support for the new
MySQL 4.1 server functions and the new
authentication protocol
+
Added inputfield for the encoding
+ Full utf-8 support
+ Function
to send email directly via SMTP
+ Constant that determines the number
of IP bytes used to
identify logged in users
+ Name sorting
algorithm completely rewritten
+ Added ASCII checking where necessary
+
Search parameters are automatically extended by wildcards now
+
Direct login to new entries and comments if available
+ Added
constant for hostname resolving
+ Deactivated &#DEC; HEX; and
&entity; notation in inputs
+ Autofocusing of password fields in
login forms
+ Increased the width of the textareas in the
administration
+ Support for other PHP extension than .php
----------------------------------------------------------------------
Changes
in Version 1.27
----------------------------------------------------------------------
+
Bugifx in index.php
Some servers want the file path relative to
guestbook directory
instead relative to the MAINscript
+ Bugfix in
functions.php
If the last characters of the entry text coincidated
with the
start of an Emoticon code an error message appeared
+
Bugfix in entry/comment output
Unicode character entities in
&#DEC; and HEX; format were
ignored and special characters not
converted into entities
+ Bugifx in search function
Country field
was ignored if the entries were filtered by a
country in a former
search
+ Bugfix in password notification
Robots were able to
follow the send password link in admin.php
and screen.php
+ Bugfix
in entry rejection
Reason prompt appeared when it was not necessary
+
Bugfix for Fantastico users
Fantastico auto installer didn't save
the password in uppercase
+ Added ENCODING constant for better
language support
+ Added protection for the misuse of the formmailer
by a script
+ Include of langcountry.php only if needed
----------------------------------------------------------------------
Changes
in Version 1.26
----------------------------------------------------------------------
+
Bugfix in index.php
Rating inputfields in the form were initialized
with wrong
values if the singlepage mode was active
+ Bugfix in
singlepage mode
Error messages appeared in preview and after signing
the
guestbook
+ Bugfix in visitor comments
Output was not
ordered by date and time
+ Bugfix in admin.php
Invalid picture
routine and counter was confused by files that
were no images
+
Bugfix in picture routine
Deletion of pictures has lead to an error
if non-image files
were available in upload or upload/preview
+
Bugfix in EntryIfCustomPos() command
No value for a text field has
lead to an error
+ Fixed possible security hole
Password and
secret parameter were visible as plain text in
HTML referer field -
using sessionIDs now
+ Corrected pagelink output of entries in
administration
+ Added time output in the preview of unmoderated
entries/comments
+ Language and skin directory can now be set before
the inclusion
+ Improved security of admin sessions
+ Added line
numbering to internal style.inc and lang.inc editor
+ Time and date
of entries and comments are now editable
+ Added time and date output
in the entry/comment preview of the
entry management
----------------------------------------------------------------------
Changes
in Version 1.25
----------------------------------------------------------------------
+
Bugfix in user edit page
Buttons were not displayed if no custom
input field was defined
+ Bugfix in visitor comments
Password and
reserved names were ignored
+ Bugfix in visitor comment login
Redirect
didn't work if PHP header() function was disabled
+ Bugfix in
index.php
Warning messages were displayed when an entry picture
wasn't
found
+ Bugfix in functions.php
Empty string was
accepted as number in vgb_isNumber()
+ Bugfix in BBCode routine
Font
code was ignored if the font name included whitespaces
+ Bugfix in
admin.php
The online date wasn't accepted if the date of entries was
changed
in the database - automatic reset now.
+ Added thumbnail preview of
picture in the administration
----------------------------------------------------------------------
Changes
in Version 1.24
----------------------------------------------------------------------
+
Bugfix in index.php and functions.php
include path didn't work on
some servers and ht_lock.php wasn't
found
+ Bugfix in admin.php
Variables
in ht_lock.php are global now
+ Bugfix in EntryIfCustomPos() command
No
value for a drop-down-box has lead to an error
+ Bugfix in OS and
Browser statistics
warning message was generated on some servers due
to
uninitialized $browsers and $systems arrays
+ Added another
inclusion warning
----------------------------------------------------------------------
Changes
in Version 1.23
----------------------------------------------------------------------
+
Bugfix in style.inc and lang.inc concept
The inclusion of these
files in noFrames.php lead to warnings
or strange guestbook outputs
if the PHP SAFE MODE was activated
and/or the includes were limited
by the INCLUDE_PATH directive.
Both files are included directly into
index.php now.
+ Bugifx in Revision 1.23 Skins
All invalid
includes were removed
+ Added new Skin command insertSkinCSS()
+
Added new fields STYLEINC and LANGINC to skininfo array
----------------------------------------------------------------------
Changes
in Version 1.22
----------------------------------------------------------------------
+
Bugfix in index.php
Guestbook inclusion didn't work if the PHP
INCLUDE_PATH had
no . path defined
+ Bugfix in ICQ-checking
routine
Numbers with less than 10 digits weren't accepted
+ Bugfix
in admin.php
Empty Email was saved as empty string instead of null
+
Bugfix in screen.php
IP/hostname wasn't hideable in the visitor
comments
+ Bugfix in user management
Add button was not visible if
no custom fields were defined
+ Bugfix in admin.php
Entries were
not ordered by date and time
+ Bugfix in screen.php
Link to
example image was wrong
+ Bugifx in login screen
Requirements were
not displayed if no Email was given
+ Bugfix in index.php
Most
If-commands had no predefined FALSE string
+ Bugfix in browser
detection routine
Warning was printed if 'Use browscap.ini' was
activated and
the browscap directive wasn't set in php.ini
+
Bugfix in Revision 1.21 Skins
include of style.inc and lang.inc
didn't work on some servers
+ Added wrong inclusion warning in
index.php
----------------------------------------------------------------------
Changes
in Version 1.21
----------------------------------------------------------------------
+
Bugfix in index.php
Function call has lead to a time out when the
PHP Safemode was
active
+ Bugfix in the parameter pass-through
Array
parameters enclosed by [] were not recognized
+ Bugfix in the
picture text
Title attribute was missing so that the picture text
wasn't
displayed in some browsers
+ Bugfix in the administration
Mozilla
and Opera didn't like & within a javascript-URL
+ Bugfix in
screen.php
The title of the search page was wrong
+ Bugfix in
entry filter
Search by name has lead to error if statistics are shown
+
Bugfix in EntryIfEmail()
A { at position 0 of the TRUE string was
ignored
+ Bugfix in admin.php
Emoticons in new visitor comment
weren't clickable
+ Fixed possible security hole in the internal
session management
+ Bugfix in the preview
The email address was
clickable
+ Bugfix in the preview
Value of the 'hide
Email'-checkbox was set to 1 every time
after a 'send preview'
+
Bugifx in the administration
Replacement info for ::text:: was
missing
+ Bugfix in the browser detection
HTTP_USER_AGENT wasn't
found on some servers
+ Removed XHTML doctype in the emoticons IFrame
to avoid
vertical scrollbars in the Internet Explorer
+ Removed
NOCscript tag from the email address output since
that could lead to
invalid XHTML code
+ Replaced single page mode skin command
insertContent() by
insertSkinContent()
+ Added new skin command
insertSkinInputmask() for the single
page mode
+ Email address
notation for tooltip text is now configurable
+ New replacement in
EntryIfEmail(): §3 by spam bot secure email
address for tooltip text
+
Added empty lines limiter
+ IP/hostname banlist
+ Inputfields for
ratings and custom fields in the search form
+ Search robots can be
banned from the guestbook and are not
counted as visitors any more
+
Added thumbnail mode for pictures
+ Most of the internal functions
have now a prefix to avoid name
conflicts while the inclusion
+
Notification only about every first new entry since the last
login is
possible now
+ From address in the Email header is customizable
+
Support for HTML notification mails
+ Added notification mails for
user comments
+ Mass deletion via checkboxes in the administration
+
User management and name reservation
+ style.inc and lang.inc are
editable in the administration
+ Strict ICQ number checking
----------------------------------------------------------------------
Changes
in Version 1.2
----------------------------------------------------------------------
+
Functions got outsourced to functions.php
+ Added screens.php to
manage the additional pop-up screens
+ Text output flow completely
rewritten
+ Added formmailer for Email contact
+ Email address can
now be hidden and the address output is
Spam-Bot secure
+ Private
entries
+ Preallocation for Country and custom inputfields possible
now
+ Moderated mode
+ Added search function
+ Configurable
BBCode
+ Picture text input
+ Spam protection can now be
deactivated
+ Picture filename editable
+ Emoticons in admin
comments possible
+ Badword filter rewritten and can be used on all
text inputs now
+ Visitor comments
+ Optional IFrame for the
Emoticons in the form
+ Emoticons are now displayed beside a textarea
in the
administration
+ Added Servertime adjustment
+
Administration redesigned
+ Guestbook can be deactivated
+
Notification Emails fully customizable
+ Email broadcast function
+
Link to main index can be displayed
+ New date format
(Month/Day/Year)
+ Online date editable
+ Added Navigation links
for the administration
+ Linebreak with whitespace or