Vanilla 1

Vanilla is an open-source, standards-compliant, multi-lingual, fully extensible discussion forum for the web. Anyone who has web-space that meets the requirements can download and use Vanilla for free!

Download Vanilla (386k)

All Future Change Logs

• http://lussumo.com/docs/doku.php?id=vanilla:releasenotes

Vanilla 1.1.4 Change Log

Security

• /ajax/sortcategories.php and /ajax/sortroles.php - added a check for permission and sanitized input (Thanks to Raz0r, InATeam).

Features

• Javascript files minified

Vanilla 1.1.3 Change Log

All issues resolved in 1.1.3.rc1 are included in the official 1.1.3 release, as well as the following bugs:

• Fixed parse errors when attempting to access account or discussion ids out of range.
• Fixed more IE7 css bugs.
• Fixed IE6 css bug.
• Fixed an Error Manager bug.
• Removed duplicate values in Head::Scripts.
• Controls are now passed by reference to page object.

Vanilla 1.1.3.rc1 Change Log

Security:

• Setting pages not displayed anymore after redirect (Thanks to oplek).
• Format discovery information for display.
• Fixed an XSS hole.

Bugs:

• Fix pagination bugs (Thanks to bjrn and dan39).
• AddConfigurationSetting check a the value doesn't exist or is new before adding it to sttings.php (thanks to little_peet).
• Removed css width of div#session.
• Cookie domains filtered or validated.
• Fixed remove user block bug.
• Fixed malformed redirect headers (Thanks to crazy-weasel).
• Fixed installer bugs during the database installation check.
• Configuration manager handles comments properly in conf/settings.php (Thanks to AlexL).
• Fixed delegation parameter bug in UserManager::AssignRole.
• Uploader's file extension check is now case-insensitive (Thanks Jazzman).
• Change installation CHMod Instructions.
• Fixed WriteEmail() function so that it doesn't use document.write to hide the email from spiders.
• Fixed IE 7 css glitches.

Features

• Added "X-Powered-By: Lussumo" header.
• Added Redirect(). All the redirect headers have been replaced with this function.
• Added phpDoc comments to the code.
• Added the ability to change the database table prefix during the install process (Thanks to Filer).
• Formatted all files to consistently use tab.
• Added session_name() configuration setting.
• Added css styling for blockquote and cite.
• Upgraded Prototype and Scriptaculous to the latest stable versions.

Vanilla 1.1.x Change Log

The patch for the CSRF exploit discovered and patched in Vanilla 1.1 caused a number of unforseen problems with various installations of Vanilla across the web. Some minor revisions were released in order to patch these glitches. These glitches included: account preferences failing to save, big/small input preference not saving, extensions with non-alpha-numeric characters in their name threw javascript errors when checking for updates.

Vanilla 1.1 Change Log

A new vulnerability was discovered in Vanilla whereby an attacker could use a CSRF attack to perform a role escalation on his/her account. A patch has been applied to the Vanilla core that prevents data being posted to Vanilla from any source other than itself.

A new applicant approval screen has been created so that membership applicants can be approved or declined in a batch process. The "check for updates" script has been upgraded so administrators can now also check for updates to their installed add-ons. A number of minor bugfixes and changes have been applied to the core as well.

Vanilla 1.0.3 Change Log

Security Patch

Another location for attack was discovered in the conf/extensions.php file. A one line fix was applied to prevent attacks. A warning is also going out to all extension authors that use the configuration array to include external files that they should all add a check for the IN_VANILLA constant to ensure that their extensions are not accessed directly in a register_globals attack.

Vanilla 1.0.2 Change Log

Security Patch

A vulnerability was discovered whereby a server configured with register_globals on in the php configuration could be exploited to gain access to the web server through Vanilla's appg/init* files. This patch prevents the attack by requiring the definition of a constant before any of the configuration array's path variables are used to include Vanilla libraries.

If you are manually upgrading from Vanilla 1.0.1, simply replace all of the files in your 1.0.1 appg folder with the new appg files in the 1.0.2 package.

Vanilla 1.0.1 Change Log

Bug Fixes

r514 | mark | 2006-08-15 09:43:02 -0600 (Tue, 15 Aug 2006)

Fixed a bug where database fields that get incremented aren't referenced properly by the DatabaseColumns array.

r510 | mark | 2006-08-14 15:21:30 -0600 (Mon, 14 Aug 2006)

Fixed a bug that caused searches with colons in them to fail. You will still need to put colon'd searches in quotes.

r509 | mark | 2006-08-14 15:08:22 -0600 (Mon, 14 Aug 2006)

Fixed a bug that caused sinking discussions to get bumped when the last comment in the discussion was edited.

r507 | mark | 2006-08-14 14:46:33 -0600 (Mon, 14 Aug 2006)

Fixed a bug that caused preferences to be erased when the profile is saved.

r503 | mark | 2006-08-08 09:57:22 -0600 (Tue, 08 Aug 2006)

Removed uncommented print_r debugging line.

r502 | mark | 2006-08-03 17:42:35 -0600 (Thu, 03 Aug 2006)

Fixed a bug in the SettingsHelp control that caused it to not call it's constructor. Also added a Constructor delegate. Also fixed the CommentGrid control to focus on search results properly.

r493 | mark | 2006-07-27 10:14:31 -0600 (Thu, 27 Jul 2006)

typo in banned email.

r486 | mark | 2006-07-04 13:38:26 -0600 (Tue, 04 Jul 2006)

the extension.php definition was added to the rewrite configuration settings.

r485 | mark | 2006-07-04 13:37:36 -0600 (Tue, 04 Jul 2006)

Some debugging code has been removed (echo'zero')

Feature Changes / Additions

r520 | mark | 2006-08-21 09:59:42 -0600 (Mon, 21 Aug 2006)

Added the user's name to the title on the role-change form.

r519 | mark | 2006-08-21 09:55:39 -0600 (Mon, 21 Aug 2006)

Added delegate to profile page.

r518 | mark | 2006-08-19 13:36:47 -0600 (Sat, 19 Aug 2006)

Took the TabOn class name out of the TabClass method of the Menu control and set it to use that as a default instead. You can now supply your own class name.

r517 | mark | 2006-08-16 16:54:53 -0600 (Wed, 16 Aug 2006)

Changed all copyright notices to reflect 2006

r516 | mark | 2006-08-15 14:26:50 -0600 (Tue, 15 Aug 2006)

Added some DelegateParameters to the Control so comment and discussion objects can be manipulated pre render.

r515 | mark | 2006-08-15 10:04:49 -0600 (Tue, 15 Aug 2006)

Found another definition that needed to change from hidden to deleted

r513 | mark | 2006-08-14 15:48:00 -0600 (Mon, 14 Aug 2006)

Updated the text on the readme.html

r512 | mark | 2006-08-14 15:45:09 -0600 (Mon, 14 Aug 2006)

Updated the text on the readme, installer, and upgrader.

r511 | mark | 2006-08-14 15:33:30 -0600 (Mon, 14 Aug 2006)

Added FRAMEWORK_VERSION constant.

r508 | mark | 2006-08-14 14:53:06 -0600 (Mon, 14 Aug 2006)

Added native utf-8 support to mysql queries.

r506 | mark | 2006-08-14 14:25:50 -0600 (Mon, 14 Aug 2006)

Added Alternate css classes to all lists.

r505 | mark | 2006-08-11 11:21:41 -0600 (Fri, 11 Aug 2006)

Updated Language definitions to get rid of "hide" and "hidden" and replaced with "delete" and "deleted". Added hcards to the account profile.

r504 | mark | 2006-08-08 12:55:14 -0600 (Tue, 08 Aug 2006)

Added a delegate to the registration form

r501 | mark | 2006-08-03 12:28:09 -0600 (Thu, 03 Aug 2006)

Added a delegate to the comment class and fixed the blank search results bug that caused it to repeat "there are no results"

r500 | mark | 2006-08-03 11:03:51 -0600 (Thu, 03 Aug 2006)

Fixed bug that caused invalid xhtml

r499 | mark | 2006-07-31 16:32:33 -0600 (Mon, 31 Jul 2006)

Added a configuration option for making email addresses visible by default.

r498 | mark | 2006-07-31 14:26:25 -0600 (Mon, 31 Jul 2006)

Added a delegate

r497 | mark | 2006-07-28 13:57:46 -0600 (Fri, 28 Jul 2006)

Got rid of the delegate parameters and made the Category object a property of the DiscussionGrid so it can be accessable to any other object attaching to the control AND in the custom themes.

r496 | mark | 2006-07-28 13:49:16 -0600 (Fri, 28 Jul 2006)

Another delegate

r495 | mark | 2006-07-28 13:46:50 -0600 (Fri, 28 Jul 2006)

Added delegates to the discussiongrid and CategoryList controls.

r494 | mark | 2006-07-27 13:01:49 -0600 (Thu, 27 Jul 2006)

Added some delegates to the Discussion Form Control

r492 | mark | 2006-07-26 21:38:59 -0600 (Wed, 26 Jul 2006)

Added some delegate parameters to the post formatting method of the discussion form control.

r491 | mark | 2006-07-25 11:36:38 -0600 (Tue, 25 Jul 2006)

Added some delegates. Fixed some minor js annoyances. Fixed a css glitch on account page. Made some fixes to defaults in appg/settings.php

r490 | mark | 2006-07-05 14:32:04 -0600 (Wed, 05 Jul 2006)

Updated revision number

r489 | mark | 2006-07-05 14:27:05 -0600 (Wed, 05 Jul 2006)

Added RowNumber as a delegateparameter to the comments.php theme.

r488 | mark | 2006-07-05 12:35:25 -0600 (Wed, 05 Jul 2006)

Added some delegates to the DiscussionManager and CommentManager classes which will allow for delettion of comments directly after hiding them (so you can substitute delete for hide).

r487 | mark | 2006-07-04 17:04:38 -0600 (Tue, 04 Jul 2006)

Added a delegate to make it easier to perform custom searches.