Just released a new version of BoltWire that incorporates many fixes suggested by Danny in his wonderful Christmas "bomb". It also has some critically important security fixes. Contact me offlist if you have questions. Here is a list of the things in this release:
* Added two new options to the info function: find and inlist. The first returns the field based on the value, the second returns the key if a value is in its csv list. * Changed comm2func again from array_merge to + to preserve the numeric keys output by BOLTargs. * Minor fixes to source function, translation engine, info handling, the escape function, and other functions. * Repaired site.auth capabilities for commands & functions. Works more now as a banlist for specific pages. * Config option for codePages now used more consistently, and added a templatePages option. * Uppercase HTML entities are now allowed. * Removed auto login feature from core. Will make available as a plugin if desired. * Patched a serious security vulnerability. * Escapes do not now delete the next character. * Tidied up the action.join page. * Dropped auto login capabilities * Tightened security in saving multi-line data variables. * Fixed bug in blacklisting feature. * Fixed bug in comment regex pattern. * Fixed bug in html hypertext links. Note, I have not yet updated 3.3 or 3.2 with the security patch, but I plan to in the next day or two, if this release proves a successful patch. In the next release I want to strip out a few features from the core. Please let me know if doing so will be a major inconvenience to you. Otherwise they will likely be gone forever: * Multipage copy/rename * WikiWords (case sensitive page names) * Full toolset replacements Other changes likely to come up in the near future: * I'm seriously toying with the possibility of no longer escaping ANY markup in the page source (such as < => <) as it is becoming increasingly complicated, and just rely instead on proper escaping when that code is put into the page output. * As noted before, coming soon all commands will be activated only as session inputs, and the commands will be automatically renumbered as needed. * Move code.skin/style to a default skin in the farm/skins directory. I'm starting to feel BoltWire is a little overcooked right at the moment. I plan to do a thorough assessment sometime before we hit 3.4, and see if there are not any features we can't simplify or strip out or move to plugins, to try and consolidate our code and improve performance. Even as important as flexibility is, it's sometimes just easier and cleaner to restrict an option here and there. Special thanks to Danny for the major impetus behind this release. Because there are so many changes, please upgrade with care and test thoroughly. There may be an unanticipated bug or two in this release. I'd consider it slightly experimental. But prior versions do have a pretty big newly discovered security hole. So those are the pro's / con's. Cheers Dan -- You received this message because you are subscribed to the Google Groups "BoltWire" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/boltwire?hl=en.
