1 # <a name="TWiki Release 4.0 (Dakar)"></a><a name=" TWiki Release 4.0 (Dakar)"></a> TWiki Release 4.0 (Dakar)
3 _Note: This is the release note for the previous major release version 4.0.X. It is included with 4.1.X because it contains valuable information for people upgrading from earlier versions. Both for the admin and the users. See [[TWikiReleaseNotes04x01]] for the 4.1.X release notes_
5 'Dakar' is the first major release of the TWiki Enterprise Collaboration Platform in over a year. The focus of this release has been on refactoring the code in the interests of **security**, **efficiency** and **maintainability**, though a range of powerful new features are also included. The refactoring work has included tightening up the specification of certain key TWiki behaviours, which has resulted in some specification changes. The impact on end users has been minimised as far as possible.
7 **_Major New Features_**
9 - Much simpler install and configuration
10 - Integrated session support
11 - Webserver-independent login/logout
12 - Security sandbox blocks all possible routes for remote command execution on the server
13 - New editing model allows freer collaboration, without fear of overwriting other people's changes
15 - E-mail confirmations for registration
17 - Hierarchical sub-webs
19 %M% See feature list at [[TWikiHistory#DakarRelease]]. TWiki 4.0 patch release details are at the end of this release notes document.
21 **_Note:_** In what follows, \{This\} (words in curly braces) refers to settings in the new 'configure' interface.
25 <li><a href="#Notes for end users"> Notes for end users</a><ul>
26 <li><a href="#Editing at the same time as othe"> Editing at the same time as other people</a></li>
27 <li><a href="#User Interface Internationalisat"> User Interface Internationalisation</a></li>
28 <li><a href="#New options on the editing scree"> New options on the editing screen</a></li>
29 <li><a href="#Change notification"> Change notification</a></li>
30 <li><a href="#E-mail addresses"> E-mail addresses</a></li>
31 <li><a href="#Parameterised Includes"> Parameterised Includes</a></li>
32 <li><a href="#Named Section Include"> Named Section Include</a></li>
33 <li><a href="#RSS Feeds"> RSS Feeds</a></li>
36 <li><a href="#Notes for _TWikiAdmins and _Wi"> Notes for TWikiAdmins and WikiMasters</a><ul>
37 <li><a href="#Upgrading"> Upgrading</a></li>
38 <li><a href="#Security"> Security</a></li>
39 <li><a href="#CPAN Requirements"> CPAN Requirements</a></li>
40 <li><a href="#Installation and configuration"> Installation and configuration</a><ul>
41 <li><a href="#setlib.cfg"> setlib.cfg</a></li>
42 <li><a href="#TWiki.cfg"> TWiki.cfg</a></li>
43 <li><a href="#=testenv= / =configure="> testenv / configure</a></li>
44 <li><a href="#=configure= optional features"> configure optional features</a></li>
45 <li><a href="#Improved support for shorter URL"> Improved support for shorter URLs</a></li>
48 <li><a href="#Preferences"> Preferences</a><ul>
49 <li><a href="#Changes to the evaluation order"> Changes to the evaluation order</a></li>
50 <li><a href="#Preferences Plugin"> Preferences Plugin</a></li>
51 <li><a href="#{_LocalSitePreferences} (was Mai"> {LocalSitePreferences} (was Main.TWikiPreferences)</a></li>
52 <li><a href="#=FAVICON="> FAVICON</a></li>
53 <li><a href="#=FORCENEWREVISIONCHECKBOX="> FORCENEWREVISIONCHECKBOX</a></li>
54 <li><a href="#=WEBLOGONAME=, <code>WEBLOGOIMG</code>, =WE"> WEBLOGONAME, WEBLOGOIMG, WEBLOGOURL, WEBLOGOALT</a></li>
55 <li><a href="#=WIKILOGOIMG=, <code>WIKILOGOURL</code>, =W"> WIKILOGOIMG, WIKILOGOURL, WIKILOGOALT</a></li>
58 <li><a href="#Final Preferences"> Final Preferences</a></li>
59 <li><a href="#=mod_perl= support improvements"> mod_perl support improvements</a></li>
60 <li><a href="#Plugins"> Plugins</a></li>
61 <li><a href="#Logins, Logouts, Sessions and Pa"> Logins, Logouts, Sessions and Passwords</a></li>
62 <li><a href="#Protections"> Protections</a><ul>
63 <li><a href="#Site Permissions Overview"> Site Permissions Overview</a></li>
66 <li><a href="#Frustrating Robots and Spammers"> Frustrating Robots and Spammers</a></li>
67 <li><a href="#New User Registration"> New User Registration</a></li>
68 <li><a href="#E-mail addresses"> E-mail addresses</a></li>
69 <li><a href="#Change notification support"> Change notification support</a></li>
70 <li><a href="#Site Changes Summary"> Site Changes Summary</a></li>
71 <li><a href="#What's a Web"> What's a Web</a></li>
72 <li><a href="#Disable script tags"> Disable <script> tags</a></li>
75 <li><a href="#Notes for _TWikiApplication Dev"> Notes for TWikiApplication Developers</a><ul>
76 <li><a href="#Space/Tab conversion"> Space/Tab conversion</a></li>
77 <li><a href="#Evaluation order of _TWikiVaria"> Evaluation order of TWikiVariables</a></li>
78 <li><a href="#Encoding of form-field values"> Encoding of form-field values</a></li>
79 <li><a href="#script tags in topics"> <script> tags in topics</a></li>
80 <li><a href="#verbatim tags in topics"> <verbatim> tags in topics</a></li>
81 <li><a href="#=ALLVARIABLES="> ALLVARIABLES</a></li>
82 <li><a href="#=IF="> IF</a></li>
83 <li><a href="#New <code>$count(reg-exp)</code> variable i"> New $count(reg-exp) variable in Formatted Search</a></li>
86 <li><a href="#Notes for Skin Developers"> Notes for Skin Developers</a><ul>
87 <li><a href="#Skin search path"> Skin search path</a></li>
88 <li><a href="#Supporting web names that are !"> Supporting web names that are WikiWords</a></li>
89 <li><a href="#Deprecation of %EDITTOPIC%"> Deprecation of %EDITTOPIC%</a></li>
90 <li><a href="#Template Parameters"> Template Parameters</a></li>
91 <li><a href="#HTTP and HTTPS"> HTTP and HTTPS</a></li>
92 <li><a href="#QUERYSTRING"> QUERYSTRING</a></li>
95 <li><a href="#Notes for Plugin Developers"> Notes for Plugin Developers</a><ul>
96 <li><a href="#Changes to variable parsing"> Changes to variable parsing</a></li>
97 <li><a href="#Internals"> Internals</a></li>
98 <li><a href="#Extensions to the Func API"> Extensions to the Func API</a></li>
101 <li><a href="#TWiki 4.0.1 Patch Release Detail"> TWiki 4.0.1 Patch Release Details</a><ul>
102 <li><a href="#TWiki 4.0.1 Fixes"> TWiki 4.0.1 Fixes</a></li>
105 <li><a href="#TWiki 4.0.2 Patch Release Detail"> TWiki 4.0.2 Patch Release Details</a><ul>
106 <li><a href="#TWiki 4.0.2 Fixes"> TWiki 4.0.2 Fixes</a></li>
107 <li><a href="#TWiki 4.0.2 Enhancements"> TWiki 4.0.2 Enhancements</a></li>
110 <li><a href="#TWiki 4.0.3 Patch Release Detail"> TWiki 4.0.3 Patch Release Details</a><ul>
111 <li><a href="#TWiki 4.0.3 Fixes"> TWiki 4.0.3 Fixes</a></li>
112 <li><a href="#TWiki 4.0.3 Enhancements"> TWiki 4.0.3 Enhancements</a></li>
115 <li><a href="#TWiki 4.0.4 Patch Release Detail"> TWiki 4.0.4 Patch Release Details</a><ul>
116 <li><a href="#TWiki 4.0.4 Fixes"> TWiki 4.0.4 Fixes</a></li>
117 <li><a href="#TWiki 4.0.4 Enhancements"> TWiki 4.0.4 Enhancements</a></li>
120 <li><a href="#TWiki 4.0.5 Patch Release Detail"> TWiki 4.0.5 Patch Release Details</a><ul>
121 <li><a href="#TWiki 4.0.5 Fixes"> TWiki 4.0.5 Fixes</a></li>
122 <li><a href="#TWiki 4.0.5 Enhancements"> TWiki 4.0.5 Enhancements</a></li>
128 ## <a name="Notes for end users"></a> Notes for end users
130 ### <a name="Editing at the same time as othe"></a> Editing at the same time as other people
132 Dakar release introduces a brand-new strategy for handling simultaneous changes to a topic by several people. Instead of one person locking the topic, and other having to wait until they are finished, Dakar allows multiple simultaneous edits of the same topic, and then _merges_ the different changes.
134 You probably won't even notice this happening unless you are changing existing text in the file at the same time as someone else. In this case, you may see TWiki inserting "change marks" into the text to highlight conflicts between your edits and another persons. These change marks are only used if you edit the same part of a topic as someone else, and they indicate what the text used to look like, what the other person's edits were, and what your edits were. For example, let's say you have a topic that contains this text:
137 <tr bgcolor="lightgrey">
141 <tr bgcolor="lightgrey">
144 Humphrey Bogart's finest film.
145 Of all the gin joints in all the world,
146 you had to walk into mine.
148 <td> Casablanca is Humphrey Bogart's finest film. Of all the gin joints in all the world, you had to walk into mine. </td>
151 <td colspan="2">and you start editing this text before going for coffee. Meanwhile, a colleague also starts editng the same topic and changes the text to:</td>
153 <tr bgcolor="lightgrey">
155 <b>The Maltese Falcon</b> is
156 Humphrey Bogart's finest film.
157 Of all the gin joints in all the world,
158 you had to walk into mine.
160 <td> The Maltese Falcon is Humphrey Bogart's finest film. Of all the gin joints in all the world, you had to walk into mine. </td>
163 <td colspan="2">When you get back from coffee, you finish your edit, changing the text to</td>
165 <tr bgcolor="lightgrey">
167 <b>To Have or Have Not</b> is
168 Humphrey Bogart's finest film.
169 <b>You know how to whistle, don't you Steve?
170 You just put your lips together and blow.</b>
172 <td> To Have or Have Not is Humphrey Bogart's finest film. You know how to whistle, don't you Steve? You just put your lips together and blow. </td>
175 <td colspan="2">and saving it. The topic will now look like this when you display it:</td>
177 <tr bgcolor="lightgrey">
179 <div ><b>CONFLICT</b> original 5:</div>
181 <div ><b>CONFLICT</b> version 6:</div>
182 The Maltese Falcon is
183 <div ><b>CONFLICT</b> version 7:</div>
184 To Have or Have Not is
185 <div ><b>CONFLICT</b> end</div>
186 Humphrey Bogart's finest film.
187 You know how to whistle, don't you Steve?
188 You just put your lips together and blow.
191 <div><b>CONFLICT</b> original 5:</div> Casablanca is <div><b>CONFLICT</b> version 6:</div> The Maltese Falcon is <div><b>CONFLICT</b> version 7:</div> To Have or Have Not is <div><b>CONFLICT</b> end</div> Humphrey Bogart's finest film. You know how to whistle, don't you Steve? You just put your lips together and blow. </td>
195 As you can see, your changes have been merged with your colleagues. The merge is done on a line-by-line basis, and if your changes do not overlap, then change marks will not be used (as is the case for the last line of the example).
197 Merging only applies to text fields. When there are conflicts in field data in forms such as checkboxes, radio buttons and selects, the most recent change (usually your change) always wins, even if someone else has changed the form since you started editing. Of course, all changes are available from the topic history.
199 Because there are cases where you actually want to avoid overlapping edits altogether (e.g. if you are changing forms data) TWiki will **warn** if you attempt to edit a topic that someone else is editing. It will also warn if a merge was required during a save.
201 ### <a name="User Interface Internationalisat"></a> User Interface Internationalisation
203 TWiki will now pick up the language you are using in your browser, and try to present system messages in that language, if it is available. If your preferred language is not available, TWiki will revert to English. You'll also have an option to choose a language different from that used in your browser.
205 User Interface Internationalisation support is optional and enabled by the \{UserInterfaceInternationalisation\} setting.
207 The translation is performed by the Perl standard internationalization framework. If you want to contribute a new language, it would be most welcome: see TWiki:Codev.UserInterfaceLocalisation for instructions on how to help.
209 ### <a name="New options on the editing scree"></a> New options on the editing screen
211 You will notice a couple of changes to the editing screen: first, there is no switch for releasing the edit lock any more (if locks are enabled, they are always released when an edit finishes). You will also notice a new "force new revision" checkbox. TWiki normally doesn't add a new revision if the same user re-edits a topic within a certain time period; this checkbox allows you to _force_ TWiki to add a revision for every change, regardless of how small it is.
213 ### <a name="Change notification"></a> Change notification
215 You now have much more control over _which_ topics in a web you are interested in changes to. You can choose to receive notifications about topics selected by name, or by their parent relationship. See [[MailerContrib]] for more details. Note that the `mailnotify` cron script has moved out of the `bin` directory and into the `tools` directory - active crontab entries needs to be updated accordingly.
217 ### <a name="E-mail addresses"></a> E-mail addresses
219 Because of the security risks inherent in publishing e-mail addresses in personal topics, the storage of user's emails has been moved to the password manager. For sites that use the `.htpasswd` password manager, e-mail addresses that new users provide during registration are stored in the `.htpasswd` file. To aid in migration, if TWiki can't find a registered e-mail address in `.htpasswd`, it will still look in the personal topic. All users should register a valid e-mail address at [[ChangeEmailAddress]].
221 If a different password manager is in use (e.g. LDAP, or 'none'), user e-mails will still be stored in personal topics. Sites that use other password systems (such as LDAP) should consider implementing a TWiki password manager, so that TWiki can look up email addresses, rather than storing them in personal topics.
223 ### <a name="Parameterised Includes"></a> Parameterised Includes
225 `%INCLUDE{}%` variables have a predefined set of parameters. In the past, any parameters not in this set were simply ignored. With Dakar, these parameters are now defined as [[TWikiVariables]] within the included topic - for example,
227 %INCLUDE{ "BugList" FAVOURITE="Damsel Flies" }%
229 will define `%FAVOURITE%` as `Damsel Flies` in the included topic, so if `BugList` contained the line
231 My favourite bugs are %FAVOURITE%
233 it will be expanded to
235 My favourite bugs are Damsel Flies
237 ### <a name="Named Section Include"></a> Named Section Include
239 The `%INCLUDE{}%` variable allows to include only a named section of the included topic. These sections are defined in the included topic using the `%STARTSECTION%` and `%ENDSECTION%` variables. For example, if the included topic has:
244 All news related to IT.
245 %STARTSECTION{"itnews"}%
246 * 2005-10-02 Final deployment of Dakar
247 * 2005-10-01 Moving platform to Dakar
248 %ENDSECTION{"itnews"}%
250 Using `%INCLUDE{ "AllNews" section="itnews" }%` will produce:
252 * 2005-10-02 Final deployment of Dakar
253 * 2005-10-01 Moving platform to Dakar
255 This syntax also allows for nested sections. For example, given the following topic:
257 %STARTSECTION{"outer"}%
259 %STARTSECTION{"inner"}%
261 %ENDSECTION{"inner"}%
263 %ENDSECTION{"outer"}%
265 Using `%INCLUDE{"SampleTopic" section="outer"}%` will produce:
271 And `%INCLUDE{"SampleTopic" section="inner"}%` will produce:
275 Overlapped sections are also allowed.
277 ### <a name="RSS Feeds"></a> RSS Feeds
279 RSS feeds have been enhanced to display links as links to make the feeds more useful. They also now use the web-specific logos.
281 ## <a name="Notes for _TWikiAdmins and _Wiki"></a> Notes for TWikiAdmins and WikiMasters
283 ### <a name="Upgrading"></a> Upgrading
285 See [[TWikiUpgradeGuide]] for help in upgrading an existing Cairo (Sep 2004) installation.
287 ### <a name="Security"></a> Security
289 Dakar Release introduces the use of 'safe pipes' to prevent any malicious request from executing code on the server. This strategy stops any of the known attacks dead in its tracks. The Dakar codebase has not been impacted by any of the recent security advisories in any way. Several public sites have been running Dakar code for some months now, and to the best of our knowledge none has been hacked.
291 ### <a name="CPAN Requirements"></a> CPAN Requirements
293 CPAN:Text::Diff is a prerequisite for the UpgradeTWiki script only. CPAN:URI is a prerequisite for `configure`. Other new prerequisites are CPAN:CGI::Session and CPAN:CGI::Cookie, if you want to take advantage of the new session support.
295 If you want user interface internationalization support, CPAN:Locale::Maketext::Lexicon and CPAN:Encode (in perl 5.8's core) are required, as well as perl 5.8 or higher. See TWiki:Codev.UserInterfaceLocalisation for details on TWiki internationalization support.
297 ### <a name="Installation and configuration"></a> Installation and configuration
299 The installation and configuration processes have been simplified.
301 #### <a name="setlib.cfg"></a> setlib.cfg
303 The installer should now provide a file called `LocalLib.cfg` that contains local path settings. `setlib.cfg` contains documentation of what has to be done. Old `setlib.cfg` files **will not work** with Dakar.
305 #### <a name="TWiki.cfg"></a> TWiki.cfg
307 `TWiki.cfg` now contains all the default configuration settings, and the installer should provide a file called `LocalSite.cfg` that contains just those settings that are different than the defaults. The syntax of the settings in the file has also changed. Old `TWiki.cfg` files **will not work** with Dakar. The UpgradeTWiki script can be used to automate most of the necessary changes.
309 #### <a name="=testenv= / <code>configure="></a> =testenv / `configure`
311 `testenv` has been removed, and replaced with the new `configure` interface. This interface performs all the checking functions of the old `testenv`, adds several new ones (including permissions checks) and also acts as a browser interface allowing you to do **all** TWiki configuration from the browser. `configure` is now the main installation interface for TWiki.
313 The `configure` script can be used like the old `testenv` for public review of the configuration of the site. Saving from the interface is password-protected, using a password set in the configuration files, so to ordinary users `configure` just looks like a posh version of `testenv`. If you want to hide your configuration from public view, you can restrict access to the script using webserver access controls (Apache users see the Apache documentation on the 'require' directive for more infomation on how to do this).
315 #### <a name="=configure= optional features"></a> `configure` optional features
317 New optional features include \{AutoAttachPubFiles\} and \{EnableHierarchicalWebs\}. Both are switched off by default but can be enabled in `configure`.
319 #### <a name="Improved support for shorter URL"></a> Improved support for shorter URLs
321 See TWiki:TWiki.ShorterUrlCookbook
323 ### <a name="Preferences"></a> Preferences
325 There have been some significant changes to the handling of preferences, aimed at making them more logical, consistent and easy to use.
327 #### <a name="Changes to the evaluation order"></a> Changes to the evaluation order
329 The rules for preference evaluation (whether the user setting overrides the topic setting etc) have always been a bit confusing and difficult to use. For example, a topic setting would override a user setting, but a user setting would override a web setting, making per-web settings awkward to use. Mainly due to the introduction of hierarchical webs, preferences are now evaluated in the following order:
333 3. Parent Web(s) (if appropriate. All parent webs are evaluated in bottom-up order)
336 6. Local Site (as set in \{LocalSitePreferences\}, typically =%MAINWEB%.TWikiPreferences))
337 7. Default (as set in \{SitePrefsTopic\}, typically =%TWIKIWEB%.TWikiPreferences))
339 This is a change from previous versions, where the User preferences were evaluated between the topic and the web.
341 Note that a user can still dictate preference values that can't be overridden by the topic or the web level settings, but they will now need to set those preferences as FINALPREFERENCES. You can use `%ALLVARIABLES%` in a topic to get a dump of all preferences set in that context.
343 Permissions controls are not affected by this change.
345 #### <a name="Preferences Plugin"></a> Preferences Plugin
347 TWiki:Plugins.PreferencesPlugin has been included to allow more convenient editing of preferences. This plugin provides input controls, such as menus, radio buttons, and checkboxes to select preference settings.
349 The following standard preferences have been removed: [MAILTHISTOPIC](http://www.dementia.org/twiki/search?scope=text&web=all&order=topic&search=%25MAILTHISTOPIC%25&casesensitive=on&limit=all), [MAILTHISTOPICTEXT](http://www.dementia.org/twiki/search?scope=text&web=all&order=topic&search=%25MAILTHISTOPICTEXT%25&casesensitive=on&limit=all), [TOPICURL](http://www.dementia.org/twiki/search?scope=text&web=all&order=topic&search=%25TOPICURL%25&casesensitive=on&limit=all), [READTOPICPREFS](http://www.dementia.org/twiki/search?scope=text&web=all&order=topic&search=%25READTOPICPREFS%25&casesensitive=on&limit=all), [TOPICOVERRIDESUSER](http://www.dementia.org/twiki/search?scope=text&web=all&order=topic&search=%25TOPICOVERRIDESUSER%25&casesensitive=on&limit=all) (click on the name to search for occurrences on this site). If they are in use on your site, you can restore them to their Cairo settings by simply cutting and pasting the old definitions.
351 #### <a name="{_LocalSitePreferences} (was Mai"></a> \{LocalSitePreferences\} (was Main.TWikiPreferences)
353 Customized site preferences can now be saved in the \{LocalSitePreferences\} topic which will override settings in \{SitePrefsTopicName\}. This simplifies upgrades as you can overwrite the \{SitePrefsTopicName\} topic and gain any new or updated preference settings without losing your local customizations.
355 #### <a name="=FAVICON="></a> `FAVICON`
357 `favicon.ico` is a small graphic that _can_ appear in a variety of places in the browser: the titlebar, the taskbar, the address bar, bookmarks/favourites, and page tabs. Each web browser has a unique user interface, and as a result uses the Favicon in different ways. _Most_ browsers display it in _most_ of the locations listed.
359 Out of the box, TWiki is configured to easily customise the `favicon.ico` for each web. To switch to a new `favicon.ico`, upload it to the desired web's WebPreferences.
361 - - Set FAVICON = <http://www.dementia.org/twiki//view/%WEB%/WebPreferences/favicon.ico>
363 To provide a single, site-wide `favicon.ico`, hardcode a specific web, for example:
365 - - Set FAVICON = <http://www.dementia.org/twiki//view/TWiki/WebPreferences/favicon.ico>
367 #### <a name="=FORCENEWREVISIONCHECKBOX="></a> `FORCENEWREVISIONCHECKBOX`
369 Normally, if you make another edit within a one hour period (was `$editLockTime` in `lib/TWiki.cfg`, now `{ReplaceIfEditedAgainWithin}`), TWiki will fold together your changes. This is often the "right thing to do", as it can reduce the visual clutter of diffs.
371 The "Force New Revision" checkbox is a way to force it to create a separate revision each time you save.
373 The [[TWiki.TWikiPreferences|TWiki/TWikiPreferences]] variable `FORCENEWREVISIONCHECKBOX` controls whether this is checked by default or not.
375 On a related note, you can force **_every_** save to be a new revision number by editing `lib/TWiki.cfg` and setting <code>**\{ReplaceIfEditedAgainWithin\}**</code> to 0.
377 NOTE: Although this feature is being introduced in this release, it is also being deprecated at the same time. TWiki:Codev.EdinburghRelease is planned to provide the ability to elide revisions at the GUI level, rather than the Store level, thus obviating the need for this stopgap measure.
379 #### <a name="=WEBLOGONAME=, <code>WEBLOGOIMG</code>, <code>WE"></a> =WEBLOGONAME, `WEBLOGOIMG`, `WEBLOGOURL`, `WEBLOGOALT`
381 Each web can have its own customised logo. The simplest way is to upload a `logo.gif` to a web's WebPreferences, and it will appear in the top-left corner.
383 To change the logo's filename, set the `WEBLOGONAME` variable. You'll especially need to do this if you use a different logo file format:
385 - - Set WEBLOGONAME = MyLogo.jpg
387 If you don't want to have custom logos on a per-web basic, but instead want to use a single, site-wide logo, hardcode a specific web in the `WEBLOGOURL` variable. For example:
389 - - Set WEBLOGOURL = %PUBURLPATH%/Main/WebPreferences/logo.png
391 #### <a name="=WIKILOGOIMG=, <code>WIKILOGOURL</code>, <code>W"></a> =WIKILOGOIMG, `WIKILOGOURL`, `WIKILOGOALT`
393 These variables are now more closely associated with `WIKITOOLNAME`. If you change `WIKITOOLNAME`, you'll probably want to change these variables, too. `WIKILOGOIMG`, `WIKILOGOURL`, `WIKILOGOALT`, and `WIKITOOLNAME` are now used more consistently together.
395 ### <a name="Final Preferences"></a> Final Preferences
397 The `FINALPREFERENCES` setting prevents particular preference settings from being over-ridden at a lower level. The hierarchy of how `FINALPREFERENCES` settings are applied has been clarified/formalized as reflected in the following chart:
399 <table border="1" cellpadding="0" cellspacing="0">
401 <th bgcolor="#99CCCC"><strong> Level </strong></th>
402 <th bgcolor="#99CCCC"><strong> Set By </strong></th>
403 <th bgcolor="#99CCCC"><strong> Local site examples </strong></th>
406 <td> default site </td>
407 <td> %TWIKIWEB%.TWikiPreferences or %WIKIPREFSTOPIC% </td>
408 <td>[[TWiki/TWikiPreferences]]</td>
411 <td> local site </td>
412 <td> %MAINWEB%.TWikiPreferences or %LOCALSITEPREFS% </td>
413 <td>[[Main/TWikiPreferences]]</td>
417 <td> WebPreferences </td>
418 <td> %WEB%.WebPreferences </td>
422 <td> In one's user topic </td>
423 <td> Main.admin </td>
427 <td> "Edit topic preferences settings" under "More topic actions" </td>
428 <td> %WEB%.%TOPIC% </td>
432 By default, the site level `FINALPREFERENCES` are set in [[Main.TWikiPreferences|Main/TWikiPreferences]] so as not to conflict with preference settings in that topic.
434 ### <a name="=mod_perl= support improvements"></a> `mod_perl` support improvements
436 TWiki no longer uses global variables other than for constants. Each CGI script creates a new "session object" that holds all session-specific information.
438 There is still an issue with the `@INC` path in `mod_perl`, that mainly impacts plugins that lazy-load modules. You should use the `PerlSetEnv` directive that `mod_perl` provides to make sure that your TWiki `lib` directory is permanently on the path, if you are using `mod_perl`.
440 ### <a name="Plugins"></a> Plugins
442 Plugins are no longer searched for every time a TWiki script is run. Instead they are automatically discovered in `configure`. To enable and disable plugins, use the `configure` interface. The entire @INC path is searched for plugins, so you can easily point at plugins outside the installation. However only the first instance of a plugin on the @INC path will be found (it is a path, after all).
444 `%INSTALLEDPLUGINS%` and `%DISABLEDPLUGINS%` are no longer supported in TWikiPreferences. If you have set `%INSTALLEDPLUGINS%` in TWikiPreferences, you need to move that setting into the `{PluginsOrder}` configuration key, using the `configure` interface. To disable plugins, uncheck them in the `configure` interface, and save the changes.
446 %X% Whenever you install a plugin, make sure you check [[TWikiPlugins#FAILEDPLUGINS]]. Several handlers have been deprecated, and updates of the plugins may be required. Contact the plugin author directly to get an update if none is available on the web.
448 ### <a name="Logins, Logouts, Sessions and Pa"></a> Logins, Logouts, Sessions and Passwords
450 TWiki:Plugins.SessionPlugin and TWiki:Plugins.AuthPagePlugin have been integrated into the core. TWiki now supports cookied sessions, in the context of a much improved authentication architecture. The setup for authentication is now much simpler, and for most sites can be done entirely from the `configure` interface. There are some incompatibilities with TWiki:Plugins.SessionPlugin, with resepect to the in-line variables. See [[TWikiUserAuthentication]] in the release for full details of how authentication works now. TWiki also now supports the concept of pluggable password managers, making the integration of corporate authentication services much simpler.
452 Administrators, especially of public sites, need to be aware of the security implications of cookied sessions, and the potential risks of cross-site scripting attacks that may be used to steal user sessions. See [[TWikiUserAuthentication]] for more details.
454 ### <a name="Protections"></a> Protections
456 The evaluation of protections has been re-worked to make it more naturally understandable, and also fill a number of holes in the protection scheme, These holes meant that it was relatively easy to _deny_ access to a topic, but rather difficult to subsequently _restore_ access without either compromising other topics, or compromising old revisions.
458 When deciding whether to grant access, TWiki now evaluates the following rules in order (read from the top of the list; if the logic arrives at **PERMITTED** or **DENIED** that applies immediately and no more rules are applied). You need to read the rules bearing in mind that VIEW and CHANGE access may be granted/denied separately.
460 1. If the user is a [[super-user|Main/WebHome#SuperAdminGroup]]
461 - access is **PERMITTED**.
462 2. If DENYTOPIC is set to a list of wikinames
463 - people in the list will be **DENIED**.
464 3. If DENYTOPIC is set to _empty_ ( i.e. `Set DENYTOPIC =` )
465 - access is **PERMITTED** _i.e._ no-one is denied access to this topic
466 4. If ALLOWTOPIC is set
467 1. people in the list are **PERMITTED**
468 2. everyone else is **DENIED**
469 5. If DENYWEB is set to a list of wikiname
470 - people in the list are **DENIED** access
471 6. If ALLOWWEB is set to a list of wikinames
472 - people in the list will be **PERMITTED**
473 - everyone else will be **DENIED**
474 7. If you got this far, access is **PERMITTED**
476 In addition, permissions set on a specific revision of a topic now _always_ apply to that revision, even if access to the topic is relaxed in a later revision. This change was necessary to prevent accidentally permitting access to sensitive data in old revisions.
478 The major impact of this change is that WebPreferences topics shipped with earlier releases of TWiki will have excessively restrictive controls, as the default settings were:
482 - This will now _deny_ view access to everyone _not_ in the list (i.e. everyone except admins)
483 - Set DENYWEBCHANGE =
484 - Set ALLOWWEBCHANGE =
485 - This will now _deny_ change access to everyone _not_ in the list (i.e. everyone except admins)
486 - Set ALLOWTOPICCHANGE =
487 - This will now _deny_ change access to everyone _not_ in the list (i.e. everyone except admins)
489 The standard webs shipped with this release have these settings disabled. However you are likely to have inherited the old default settings in your user webs. The easiest way to deal with this is to simply insert a # sign in these settings; for example:
492 - #Set ALLOWWEBVIEW =
495 %RED%Note:%ENDCOLOR% For security reasons, the [[Trash|Trash/WebHome]] web is shipped with `ALLOWWEBVIEW` set to empty (so it is only viewable by admins).
497 #### <a name="Site Permissions Overview"></a> Site Permissions Overview
499 The [[SitePermissions]] topic gives you a quick view of the permissions on each web - i.e. it aggregates ALLOWWEB\* etc. into a handy table. It is also installed on TWiki.org as TWiki:TWiki.SitePermissions.
501 ### <a name="Frustrating Robots and Spammers"></a> Frustrating Robots and Spammers
503 Standard TWiki incorporates some simple measures to protect e-mail addresses and control the activities of benign robots. These should be enough to handle intranet requirements. Administrators of public (internet) sites are **strongly** recommended to investigate the TWiki:Plugins/BlackListPlugin.
505 ### <a name="New User Registration"></a> New User Registration
507 The new user registration process has been extensively reworked to improve usability and security of the registration process.
509 1. FirstName and LastName are recorded separately and tabulated. See [[UserListByLocation]]
510 2. Sends a e-mail that the user has to respond to; registration data is staged until this is done
511 3. Populates a form in the user topic, if there is one in the NewUserTemplate. If there is no form, then bullets are used, as in pre-Dakar TWiki.
512 4. Sends different e-mails to the WIKIWEBMASTER and the USER, with the users containing the password unless \{HidePasswdInRegistration\} is set.
513 5. There is now a mechanism for bulk registration, with callbacks for augmentation (e.g. from other sources).
514 6. Absorbed TWiki:Codev.ResetPasswordByEmail.
515 7. Obsoleted TWiki:Codev.InstallPassword
517 ### <a name="E-mail addresses"></a> E-mail addresses
519 E-mail addresses for new users are no longer stored in home topics. Instead, the password manager API has been extended to support storing e-mails.
521 The default password manager stores e-mails in the `.htpasswd` file - you can safely edit this file with a text editor to modify the info field that contains the e-mail addresses (the format of each line in this file is `<username>:<password>:<info>`, and TWiki expects the info field to be a ;-separated list of e-mail addresses). Password managers for other systems e.g. LDAP can esily be extended to support the new API. If the password manager does not have an e-mail address for a user, then TWiki will still look in the users' personal topic.
523 The script `tools/upgrade_emails.pl` can be used to extract e-mail addresses for existing TWiki users from personal topics, and add them to the password manager.
525 - You are strongly recommended to run this script if you are running a public site.
526 - It will not modify existing personal topics.
527 - The script will tell you if any users are found that don't have an e-mail.
528 - You can re-run the script as many times as you like; once the password manager has an e-mail for a user, the e-mail in their personal topic is ignored.
530 You should also advise all your registered users to make sure they have a valid e-mail. They can do this by logging in and visiting [[ChangeEmailAddress]].
532 ### <a name="Change notification support"></a> Change notification support
534 The old `mailnotify` script has been retired in favour of the MailerContrib. See [[MailerContrib]] for information about functional changes.
536 ### <a name="Site Changes Summary"></a> Site Changes Summary
538 The [[SiteChanges]] topic mimics TWiki.org's TWiki:Codev:WebChangesForAllWebs - i.e. it shows a [[WebChanges]] view across a whole site. It's name was chosen to parallel SiteMap; at some point you can expect the arrival of SiteStatistics too.
540 ### <a name="What's a Web"></a> What's a Web
542 Old versions of TWiki would consider all subdirectories of the TWiki data directory to be webs. This behaviour has changed; now only subdirectories that contain a web preferences topic (`WebPreferences.txt`) will be considered to be webs. This may result in directories that used to return search matches no longer doing so.
544 ### <a name="Disable script tags"></a> Disable <script> tags
546 In recognition of security concerns around <script> tags, the administrator has the choice whether to allow users to add script to topics or not. See the `{AllowInlineScript}` setting in the **Security** section of <code>[configure](http://www.dementia.org/twiki/configure)</code>.
548 ## <a name="Notes for _TWikiApplication Deve"></a> Notes for TWikiApplication Developers
550 ### <a name="Space/Tab conversion"></a> Space/Tab conversion
552 Previous TWiki versions would automatically convert three spaces at the start of lines to a tab when the topic was saved. This meant that the saved topic was _not_ the same as the edited topic, which could result in considerable confusion. This conversion has been disabled, and the saved topic is now exactly what you see in the editor. One impact of this change is that any add-on scripts you may have developed that rely on bulleted list lines starting with a tab will no longer work. They must be adapted to treat groups of three spaces and single tabs as equivalent.
554 ### <a name="Evaluation order of _TWikiVariab"></a> Evaluation order of TWikiVariables
556 In previous TWiki versions the evaluation order of `%VARIABLE%s` depended on where they were expanded in the code. The parser was somewhat crude, and could easily be confused when embedded variables (variables embedded in the parameters of other variables) were used.
558 The parser has been replaced in Dakar with a deterministic variable parser with predictable behaviour. Specifically, variables are now always evaluated left to right and inside out. For example, consider `%VAR2{ "%VAR1{ "%VAR0{ "params" }%" }%" }% %VAR3%`. Previously, the expansion order would have depended on the order of expressions in the code, so the expansion may have proceeded VAR3 - VAR0 - VAR2 - VAR1. If you were lucky, this was the intended order. In Dakar, the order is now guranteed to be VAR0 - VAR1 - VAR2 - VAR3 (i.e. inside out and left to right).
560 The main impact of this is that some TWikiApplications may cease to work if they have been written to take advantage of the old chaotic order. There is no way to predict which will work and which will fail, so you will have to deal with this on a case-by-case basis. In most cases TWikiApplication authors will have worked hard to do the "sensible thing" so instances of this problem should be rare.
562 Note that because the TWiki spec allows double quotes within double-quoted strings in certain variable parameters it has been impossible to make the parser 100% deterministic. There may still be pathological cases where the parser may fail. In these cases, consider how open and close curly brackets are matched up.
564 ### <a name="Encoding of form-field values"></a> Encoding of form-field values
566 The encoding used to escape characters in form-field values has had to change. The old encoding could very easily be confused by text strings in data values. Existing topics with the old encoding will still be loaded into TWiki as before, but if edited they will be saved with the new encoding. This should not affect you unless you have searches that look for the old encodings; specifically, the %\_G\_%, %\_Q\_%, and %\_P\_% character sequences. Any such searches will not work any more, and need to be converted to search for the new encoding. Assuming they are `regex` type searches, you can use `(%_G_%|%0A)` to match encoded newlines in field data in both old and new format topics, `(%_Q_%|%22)` to match quotes, and `(%_P_%|25)` for percent signs.
568 ### <a name="script tags in topics"></a> <script> tags in topics
570 Previous releases of TWiki would attempt to interpret the content of <script> tags in topics as TWiki formatting language, often resulting in non-functional scripts. This release protects script sections from expansion by TWiki. Note that this means that [[TWikiVariables]] will **not** be expanded in script tags - they are passed through _verbatim_.
572 In recognition of security concerns around <script> tags, the administrator has the choice whether to allow users to add script to topics or not. Check the setting of `{AllowInlineScript}` in <code>[configure](http://www.dementia.org/twiki/configure)</code> to see if it is allowed on your site. If not, script sections will simply disappear from topics.
574 ### <a name="verbatim tags in topics"></a> <verbatim> tags in topics
576 Previous releases required `verbatim` tags to be on their own line. TWiki can now deal with inline verbatim blocks such as
578 blah<verbatim>inside</verbatim>after
588 **NOTE:** VARIABLES are still Set within verbatim tags (this is a historical peculiarity)
590 ### <a name="=ALLVARIABLES="></a> `ALLVARIABLES`
592 You can use `%ALLVARIABLES%` in a topic to get a dump of all variables set in that context. Invaluable for debugging those tricky TWikiApplications!
594 ### <a name="=IF="></a> `IF`
596 The new `%IF()%` variable defines simple conditional statements that are evaluated at view time. This allows you to include content conditionally based on environmental factors. See [[IfStatements]] for more information on usage.
598 ### <a name="New <code>$count(reg-exp)</code> variable i"></a> New `$count(reg-exp)` variable in Formatted Search
600 This new variable for [[FormattedSearch]] returns the number of instances a specified [[RegularExpression]] occur in a topic. This is useful for such things as counting the number of comments on a page (assuming they are marked my a unique heading level).
602 ## <a name="Notes for Skin Developers"></a> Notes for Skin Developers
604 ### <a name="Skin search path"></a> Skin search path
606 Earlier releases of TWiki only allowed for a single skin, so customising a single template in a skin meant deriving a whole new skin. Dakar introduces the concept of a skin search path, which lets you combine skins additively. For example, you can customise just the view template by defining a new `view.mylocalskin.tmpl` and then setting
608 - `Set SKIN = mylocalskin,pattern`
610 Since you have defined a view template for `mylocalskin`, it will be picked up when you view a topic because `mylocalskin` is first on the search path. But you didn't define `edit.mylocalskin.tmpl`, so when you edit the next skin on the search path will be used instead (in this case `edit.pattern.tmpl`). You can put as many skins on the search path as you like.
612 As with older releases, setting SKIN (or the `skin` parameter in the URL) replaces the existing skin path setting. Dakar supports _extension_ of the path as well, using _covers_.
614 - `Set COVER = mylocalskin`
616 pushes a different skin to the front of the skin search path. There is also an equivalent `cover` URL parameter. For example, [[http://www.dementia.org/twiki/view/%WEB%/WhatIsWikiWiki?cover=print.pattern|%WEB%/WhatIsWikiWiki?cover=print.pattern]]. This gives you an extra level of flexibility when defining skins.
618 See [[TWikiSkins]] for more information.
620 ### <a name="Supporting web names that are _W"></a> Supporting web names that are WikiWords
622 Although web names have been [[permitted to be WikiWords|TWiki:Codev/WebNameAsWikiName]] since the TWiki:Codev.CairoRelease, the base templates have been [[fixed|TWiki:Codev/DefaultTemplatesSupportWebNameAsWikiWord]] for Dakar.
624 Skins should be upgraded if they have standalone `%WEB%` variables; only standalone `%WEB%` text that potentially could be turned into a link (because of a [[WikiWord]]) needs to be escaped. Same for `%MAINWEB%` and `%TWIKIWEB%`.
628 - `%WEB%` -- needs to be escaped with `<nop>%WEB%`
629 - `(%WEB%)` -- needs to be escaped because of parenthesis
630 - `"%WEB%"` -- no need to escape, does not get linked
631 - `<b>%WEB%</b>` -- no need to escape, does not get linked
632 - `%WEB%.%TOPIC%` -- no need, is a `Web.TopicName`
633 - `(%WEB%.%TOPIC%)` -- no need, is a `Web.TopicName`
635 Basically, any prefix other then space and parenthesis needs to be looked at. `%WEB%` in a `%SEARCH%` should not be escaped.
637 ### <a name="Deprecation of %EDITTOPIC%"></a> Deprecation of %EDITTOPIC%
639 In Cairo release (and earlier) the only way to have an edit link that changed with the context was to use `%EDITTOPIC%`. This was only available in view templates, and had no flexibility in formatting. It was also impossible to disable other active links, such as Attach.
641 Dakar release includes new support for "context if" parameters to the `%TMPL:P%` construct. See [[TWikiTemplates]] for details. The default templates shipped with Dakar have been modified to use this support. %EDITTOPIC has been deprecated, though it is still available as a simple edit link, defined in [[TWikiPreferences]]. Skin authors are strongly recommended to replace this link with context-if conditionals.
643 ### <a name="Template Parameters"></a> Template Parameters
645 `%TMPL:P%` now accepts parameters. Values passed in these parameters will be expanded when the `%TMPL:DEF%` is instantiated. See [[TWikiTemplates]] for full details. (Remember, this happens at template expansion time, which is usually very early in the rendering process.)
647 ### <a name="HTTP and HTTPS"></a> HTTP and HTTPS
649 These two new TWikiVariables give access to the HTTP headers sent by your browser. For example, your browser says your browser is %HTTP:\{"User-Agent"\}% (this will be filled in if you are running Dakar).
651 ### <a name="QUERYSTRING"></a> QUERYSTRING
653 This new TWikiVariable gives access to the full query string from the URL sent to your browser. For example, for the URL `http://www.dementia.org/twiki/view/%WEB%/%TOPIC%?make=Reliant&model=Robin`, the query string is `?make=Reliant;model=Robin` (yes, the semicolon is correct!)
655 ## <a name="Notes for Plugin Developers"></a> Notes for Plugin Developers
657 ### <a name="Changes to variable parsing"></a> Changes to variable parsing
659 In earlier TWiki versions there was considerable confusion over the syntax and semantics of Preferences, TWiki Variables, and Plugin variables. The documentation suggested that all %VARIABLES% were equal, but in fact some were more equal than others.
661 The syntax and semantics of preferences and [[TWikiVariables]] has been made consistent. `%VARIABLE%` has been made semantically identical to `%VARIABLE()%`, so if you set a preference named `%VARIABLE%` it will automatically be instantiated in place of `%VARIABLE{}%`. This is an elegant solution in several ways: first, it allows an administrator to electively disable TWikiVariables, simply by defining an overriding preference. Second, it rationalises the semantics in line with the common syntax. Third, it allows a single parser to do all the work, allowing localised optimisation. Fourth, it prevents a plugin from accidentally kidnapping system [[TWikiVariables]] (while this can still be done by registering a tag handler, it's a much more explicit process). Fifth, the ground rules are set for a possible future extension to support parameterised [[TWikiVariables]] e.g.
663 - `Set CAR{make model accessory} = I drive %make% %model% with %accessory% in my dreams`
665 `%CAR{make="an Aston Martin" model="DB9" accessory="a gorgeous blonde"}%`
667 ### <a name="Internals"></a> Internals
669 A lot of the TWiki internals have changed. As a result, plugins that bypass the `TWiki::Func` API and call core functions directly are unlikely to work.
671 The restructuring of the code internals is such that there are no 1:1 equivalents for the old core functions. Only the TWiki::Func API is guaranteed to work.
673 You should convert your plugins to call the `TWiki::Func` API. If you have called unpublished functions that have no equivalent in `TWiki::Func`, then you may still be able to call the function via the TWiki "session" object, `$TWiki::Plugins::SESSION`. See the implementation of the `TWiki::Func` module for ideas on how to do this. However calling internals is **not** recommended, even using this new mechanism, as they are liable to change without prior notice.
675 ### <a name="Extensions to the Func API"></a> Extensions to the Func API
677 - The `TWiki::Func` API has been extended to expose a number of new core functions. Review [[TWikiFuncDotPm]] for details.
678 - The `TWiki::Meta` API, which was previously for internal core use only, has now been exposed and may be used in plugins. See [[TWikiMetaDotPm]] for full details.
679 - Plugins which observed the existing published API (TWiki::Func) should continue to work.
681 ## <a name="TWiki 4.0.1 Patch Release Detail"></a> TWiki 4.0.1 Patch Release Details
683 The following fixes have been addressed in this release:
685 ### <a name="TWiki 4.0.1 Fixes"></a> TWiki 4.0.1 Fixes
687 <table border="1" cellpadding="0" cellspacing="0">
689 <td>[[BUGS/Item1597]]</td>
690 <td> configure shows text outside the text boxes - thanks KoenMartens </td>
693 <td>[[BUGS/Item1592]]</td>
694 <td> Whoops, deprecated syntax was both alive and documented, trying something else </td>
697 <td>[[BUGS/Item1592]]</td>
698 <td> Killing some never documented syntax, allowing for more flexibility in explicit external [[]]-style links </td>
701 <td>[[BUGS/Item1591]]</td>
702 <td> Friendly fallback added to meta->getParent() </td>
705 <td>[[BUGS/Item1591]]</td>
706 <td> small fix to parent search but bug remains </td>
709 <td>[[BUGS/Item1590]]</td>
710 <td> Don't loose old TOPICPARENT on save </td>
713 <td>[[BUGS/Item1589]]</td>
714 <td> Don't report cfg-files as non-executable </td>
717 <td>[[BUGS/Item1587]]</td>
718 <td> Including upgrade_emails.pl in distro </td>
721 <td>[[BUGS/Item1583]]</td>
722 <td> Cairo compatibility for rev argument syntax </td>
725 <td>[[BUGS/Item1579]]</td>
726 <td> corrected spanish access key. </td>
729 <td>[[BUGS/Item1574]]</td>
730 <td> Net.pm: Tidying up e-mail split </td>
733 <td>[[BUGS/Item1574]]</td>
734 <td> Net.pm: Split only on , not on spaces when sending e-mail </td>
737 <td>[[BUGS/Item1572]]</td>
738 <td> made optional - thus removing the horrible slowdown it causes from the main loop </td>
741 <td>[[BUGS/Item663]]</td>
742 <td> Fix %MAINWEB%.TWikiPreferences to %LOCALSITEPREFS%; remove %TWIKIWEB% prefix where not needed </td>
745 <td>[[BUGS/Item663]]</td>
746 <td> TWiki.org doc merge: GNU patch requirement </td>
749 <td>[[BUGS/Item240]]</td>
750 <td> layout of more screen; added line "Current parent" with 2 searches inside IF - must be a more efficient way but how? </td>
753 <td>[[BUGS/Item240]]</td>
754 <td> just to be sure: replacing MAKETEXT text with English, to be translated later. </td>
757 <td>[[BUGS/Item240]]</td>
758 <td> removes unwanted left border in non-view pages </td>
762 <td> replaced 9 tabs by 9 x 3 spaces </td>
766 <td> Typo in ClassicSkin.pm </td>
770 <td> Committed a whole lot of local setup by accident, reverting - sorry folks </td>
774 <td> Typo fix in Search.pm </td>
778 <td> Untainting the tainted title </td>
782 The 4.0.1 release was built from SVN <http://svn.twiki.org/svn/twiki/branches/TWikiRelease04x00> revision **8740**.
784 ## <a name="TWiki 4.0.2 Patch Release Detail"></a> TWiki 4.0.2 Patch Release Details
786 The following fixes and minor enhancements have been addressed in this release:
788 ### <a name="TWiki 4.0.2 Fixes"></a> TWiki 4.0.2 Fixes
790 <table border="1" cellpadding="0" cellspacing="0">
792 <td>[[BUGS/Item2004]]</td>
793 <td> Syntax error in DelimitedFile.pm </td>
796 <td>[[BUGS/Item1983]]</td>
797 <td> Search box bust when searching for WikiWords </td>
800 <td>[[BUGS/Item1978]]</td>
801 <td> Form.pm fails when the name field is [[Topic][fieldname]] for controls </td>
804 <td>[[BUGS/Item1971]]</td>
805 <td> Not possible to INCLUDE javascript from external sites </td>
808 <td>[[BUGS/Item1963]]</td>
809 <td> "public" in WEBLIST should include all webs if the user is an admin </td>
812 <td>[[BUGS/Item1961]]</td>
813 <td> LANGUAGES variable very slow </td>
816 <td>[[BUGS/Item1958]]</td>
817 <td> RSS feed mentions the TWikiAdministrator as creator </td>
820 <td>[[BUGS/Item1951]]</td>
821 <td> Excluding topic from SEARCH does not exclude WebHome (Doc improvement) </td>
824 <td>[[BUGS/Item1950]]</td>
825 <td> Denial of Service attack very easy on both Cairo and Dakar </td>
828 <td>[[BUGS/Item1944]]</td>
829 <td> Add Comment to Configure Page - AuthScripts section </td>
832 <td>[[BUGS/Item1937]]</td>
833 <td> rename script doesn't honour access control restrictions </td>
836 <td>[[BUGS/Item1935]]</td>
837 <td> preview script ignores access control settings </td>
840 <td>[[BUGS/Item1925]]</td>
841 <td> rdiff and changes scripts ignore access settings </td>
844 <td>[[BUGS/Item1921]]</td>
845 <td> Merging 3part duplicates the text screwing up the page </td>
848 <td>[[BUGS/Item1920]]</td>
849 <td> Hide form twisty gives poor usability for TWiki apps that use the form </td>
852 <td>[[BUGS/Item1912]]</td>
853 <td> 3-way merge doesn't call the plugins merge handler </td>
856 <td>[[BUGS/Item1911]]</td>
857 <td> Small typo correction in MANIFEST for upgrade_emails.pl </td>
860 <td>[[BUGS/Item1909]]</td>
861 <td> TWiki.pot should be included in distribution </td>
864 <td>[[BUGS/Item1903]]</td>
865 <td> Special chars not escaped in registration </td>
868 <td>[[BUGS/Item1902]]</td>
869 <td> New chars to escape during registration </td>
872 <td>[[BUGS/Item1900]]</td>
873 <td> Compatibility issue: variables only work when upper case. </td>
876 <td>[[BUGS/Item1899]]</td>
877 <td> statistics ignore pages with dashes and underscores </td>
880 <td>[[BUGS/Item1898]]</td>
881 <td> configure is unhelpful if rcs is not installed </td>
884 <td>[[BUGS/Item1897]]</td>
885 <td> Simultaneous edit feature is not at all reliable. </td>
888 <td>[[BUGS/Item1896]]</td>
889 <td> Skin fallback not working </td>
892 <td>[[BUGS/Item1895]]</td>
893 <td> $topic not substituted right in INCLUDEWARNING </td>
896 <td>[[BUGS/Item1882]]</td>
897 <td> "Plural to singular" unmarked breaks documentation </td>
900 <td>[[BUGS/Item1878]]</td>
901 <td> FORMLIST in ChangeForm.pm generates invalid html </td>
904 <td>[[BUGS/Item1871]]</td>
905 <td> Attachment table broken with version history </td>
908 <td>[[BUGS/Item1864]]</td>
909 <td> "Modify search" link in search results not working </td>
912 <td>[[BUGS/Item1863]]</td>
913 <td> missing oopslanguagechanged template </td>
916 <td>[[BUGS/Item1853]]</td>
917 <td> Sandbox doesn't report full errors for command execution on Windows </td>
920 <td>[[BUGS/Item1850]]</td>
921 <td> checkPassword not checkPasswd </td>
924 <td>[[BUGS/Item1849]]</td>
925 <td> Typo in code: checkPassword not checkPasswd, so remove user does not work </td>
928 <td>[[BUGS/Item1848]]</td>
929 <td> .htaccess.txt internal documentation unclear </td>
932 <td>[[BUGS/Item1840]]</td>
933 <td> Inadequate upgrade documentation </td>
936 <td>[[BUGS/Item1838]]</td>
937 <td> commonTagHandler garbles square bracket links in WebTopBar </td>
940 <td>[[BUGS/Item1830]]</td>
941 <td> Rename web does not work </td>
944 <td>[[BUGS/Item1829]]</td>
945 <td> the templates for SEARCH are broken </td>
948 <td>[[BUGS/Item1820]]</td>
949 <td> Reproducible case of not being able to log out </td>
952 <td>[[BUGS/Item1819]]</td>
953 <td> tainted username prevents exec() </td>
956 <td>[[BUGS/Item1803]]</td>
957 <td> Sorting bugs by merge field causes an internal error </td>
960 <td>[[BUGS/Item1789]]</td>
961 <td> User::isAdmin can create an empty SuperAdminGroup </td>
964 <td>[[BUGS/Item1788]]</td>
965 <td> Formatted search does not return values that are zero </td>
968 <td>[[BUGS/Item1787]]</td>
969 <td> I18N: Translation updates for 4.0.2 / new PatternSkin </td>
972 <td>[[BUGS/Item1781]]</td>
973 <td> Allow admin users to change passwords and mail addresses </td>
976 <td>[[BUGS/Item1778]]</td>
977 <td> Registration gives strange TWiki vars in user topic </td>
980 <td>[[BUGS/Item1771]]</td>
981 <td> Error message 'Oh dear' in warnyyyymm.txt isn't helpful </td>
984 <td>[[BUGS/Item1743]]</td>
985 <td> Attachment sort order is cockeyed </td>
988 <td>[[BUGS/Item1729]]</td>
989 <td> Better localisation of variable in Net.pm </td>
992 <td>[[BUGS/Item1724]]</td>
993 <td> Attach: FILENAME AND FILEPATH not showing the file name with non-alpha characters </td>
996 <td>[[BUGS/Item1720]]</td>
997 <td> Save script fails on old topic when sole argument is topicparent and there's a mandatory field in the form. </td>
1000 <td>[[BUGS/Item1714]]</td>
1001 <td> quotes in attachment comment break manage form </td>
1004 <td>[[BUGS/Item1687]]</td>
1005 <td> Must set TWiki::Plugins::SESSION before invoking registered tag handler </td>
1008 <td>[[BUGS/Item1677]]</td>
1009 <td> STARTSECTION/ENDSECTION variables being stripped from templates </td>
1012 <td>[[BUGS/Item1672]]</td>
1013 <td> Change PatternSkin to use non-table based layout </td>
1016 <td>[[BUGS/Item1657]]</td>
1017 <td> RenderListPlugin broken. The case where you draw a tree view does not work </td>
1020 <td>[[BUGS/Item1654]]</td>
1021 <td> mailnotify does not enter the command_line context </td>
1024 <td>[[BUGS/Item1652]]</td>
1025 <td> REVINFO{$time} should display time, not date - time </td>
1028 <td>[[BUGS/Item1649]]</td>
1029 <td> TWikiJavascripts prototype.js causes crash on Internet Explorer. </td>
1032 <td>[[BUGS/Item1645]]</td>
1033 <td> Someweb.WebTopicEditTemplate topic does not exist </td>
1036 <td>[[BUGS/Item1636]]</td>
1037 <td> ResetPasswd deletes email entry in .htpasswd </td>
1040 <td>[[BUGS/Item1634]]</td>
1041 <td> Pattern Skin in Dakar: verbatim text and large images makes everything wider than the screen. </td>
1044 <td>[[BUGS/Item1624]]</td>
1045 <td> FORMFIELD variable always expands to value of most recent topic revision </td>
1048 <td>[[BUGS/Item1623]]</td>
1049 <td> PatternSkin: WebLeftBar border margin </td>
1052 <td>[[BUGS/Item1621]]</td>
1053 <td> beforeSaveHandler not functioning correctly </td>
1056 <td>[[BUGS/Item1619]]</td>
1057 <td> Label form field content destroyed </td>
1060 <td>[[BUGS/Item1616]]</td>
1061 <td> inaccurate password_changed message </td>
1064 <td>[[BUGS/Item1611]]</td>
1065 <td> Generic doc work for TWiki 4.0.2 </td>
1068 <td>[[BUGS/Item1610]]</td>
1069 <td> Configure script corrupts NameFilter (Unmatched Bracket in Regex) </td>
1072 <td>[[BUGS/Item1608]]</td>
1073 <td> TOC{"MyTopic" web="MyWeb" } no longer forwards </td>
1076 <td>[[BUGS/Item1599]]</td>
1077 <td> "Upgrading a Beta" documentation errors </td>
1080 <td>[[BUGS/Item1595]]</td>
1081 <td> WebTopicCreator disallows topic names containing numbers </td>
1084 <td>[[BUGS/Item1587]]</td>
1085 <td> upgrade_emails.pl script missing in TWiki 4 distro </td>
1088 <td>[[BUGS/Item1583]]</td>
1089 <td> INCLUDE of a topic of a specific revision is not backwards compatible. </td>
1092 <td>[[BUGS/Item1579]]</td>
1093 <td> Incorrect properties in the Discard button in the action bar for the spanish translation </td>
1096 <td>[[BUGS/Item1574]]</td>
1097 <td> Registration process tries to send extra emails </td>
1100 <td>[[BUGS/Item1566]]</td>
1101 <td> DakarReleaseNotes.html and TWikiDocumentation.html not included in distribution of TWiki4.0 </td>
1104 <td>[[BUGS/Item1553]]</td>
1105 <td> Clean up "oops attention: merge_notice" </td>
1108 <td>[[BUGS/Item1515]]</td>
1109 <td> Localise formatting help </td>
1112 <td>[[BUGS/Item1430]]</td>
1113 <td> inconsistent width constraints on topbar and content area </td>
1117 ### <a name="TWiki 4.0.2 Enhancements"></a> TWiki 4.0.2 Enhancements
1119 <table border="1" cellpadding="0" cellspacing="0">
1121 <td>[[BUGS/Item1964]]</td>
1122 <td> Configurable user homepage layout </td>
1125 <td>[[BUGS/Item1960]]</td>
1126 <td> WebRss lacks search options </td>
1129 <td>[[BUGS/Item1956]]</td>
1130 <td> Cleaned up Plugins.EmptyPlugin </td>
1133 <td>[[BUGS/Item1926]]</td>
1134 <td> Usability: Add tabindex + setfocus to template login form in TWiki.PatternSkin </td>
1137 <td>[[BUGS/Item1801]]</td>
1138 <td> Improved doc </td>
1141 <td>[[BUGS/Item1728]]</td>
1142 <td> increase security by defaulting "send password" in email off </td>
1145 <td>[[BUGS/Item1689]]</td>
1146 <td> Add more colors for text ink in Plugins.WysiwygPlugin </td>
1149 <td>[[BUGS/Item1148]]</td>
1150 <td> Consistent buttons in edit and editsettings </td>
1153 <td>[[BUGS/Item1147]]</td>
1154 <td> "Raw view" should turn into "Normal View" in raw mode </td>
1157 <td>[[BUGS/Item1146]]</td>
1158 <td> Two "Create" buttons </td>
1162 The 4.0.2 release was built from SVN <http://svn.twiki.org/svn/twiki/branches/TWikiRelease04x00> revision **9626**.
1164 ## <a name="TWiki 4.0.3 Patch Release Detail"></a> TWiki 4.0.3 Patch Release Details
1166 The following fixes and minor enhancements have been addressed in this release:
1168 ### <a name="TWiki 4.0.3 Fixes"></a> TWiki 4.0.3 Fixes
1170 <table border="1" cellpadding="0" cellspacing="0">
1172 <td>[[BUGS/Item668]]</td>
1173 <td> _default web gives include error for WebLeftBar but the topic does exist </td>
1176 <td>[[BUGS/Item444]]</td>
1177 <td> oops upload message with empty file is not intelligent </td>
1180 <td>[[BUGS/Item2530]]</td>
1181 <td> Prevent infinite recursion in TMPL:INCLUDE when including generic templates </td>
1184 <td>[[BUGS/Item2528]]</td>
1185 <td> Support for shortest view URLs </td>
1188 <td>[[BUGS/Item2524]]</td>
1189 <td> Make templates independent on TablePlugin </td>
1192 <td>[[BUGS/Item2509]]</td>
1193 <td> Render::getRenderedVersion converts translation token </td>
1196 <td>[[BUGS/Item2487]]</td>
1197 <td> Re-introducing attachment table list count </td>
1200 <td>[[BUGS/Item2481]]</td>
1201 <td> Need a configure data type to select a pluggable class (like TWiki::Store::*) </td>
1204 <td>[[BUGS/Item2476]]</td>
1205 <td> Topic action buttons shown with search result </td>
1208 <td>[[BUGS/Item2472]]</td>
1209 <td> Get user web name from config and not from registration form </td>
1212 <td>[[BUGS/Item2469]]</td>
1213 <td> TWikiAdminGroup definition topic must be called TWikiAdminGroup (not configurable) </td>
1216 <td>[[BUGS/Item2467]]</td>
1217 <td> Non-existing abbreviations in other than current web have web part stripped (AAA.BBB.FFF renders as FFF) </td>
1220 <td>[[BUGS/Item2464]]</td>
1221 <td> Definition of a group always requires "Group" in the group name </td>
1224 <td>[[BUGS/Item2463]]</td>
1225 <td> rdiff should show HTML comments </td>
1228 <td>[[BUGS/Item2441]]</td>
1229 <td> Func::getWikiToolName documentation is incorrect </td>
1232 <td>[[BUGS/Item2439]]</td>
1233 <td> Rename TWikiRelease04x00x00.html to TWikiRelease04x00.html </td>
1236 <td>[[BUGS/Item2436]]</td>
1237 <td> PatternSkin does not support PAGEBGCOLOR </td>
1240 <td>[[BUGS/Item2427]]</td>
1241 <td> viewfile delivers .tgz files as text (wrong mime type) </td>
1244 <td>[[BUGS/Item2426]]</td>
1245 <td> ICONTOPIC variable: Incorrect value deadlocks topic (no edit possible) </td>
1248 <td>[[BUGS/Item2422]]</td>
1249 <td> Inconsistent LocalSite.cfg.txt settings </td>
1252 <td>[[BUGS/Item2421]]</td>
1253 <td> Rename: Referrer topics need to be linked explicit </td>
1256 <td>[[BUGS/Item2409]]</td>
1257 <td> Form field checkbox option lost on topic edit </td>
1260 <td>[[BUGS/Item2402]]</td>
1261 <td> Sandbox not aware of I18N for user names </td>
1264 <td>[[BUGS/Item2399]]</td>
1265 <td> statistics does not like date variable sent to it because its tainted </td>
1268 <td>[[BUGS/Item2395]]</td>
1269 <td> Always show e-mail addresses to admins (USERINFO / HideUserDetails setting) </td>
1272 <td>[[BUGS/Item2394]]</td>
1273 <td> Allow registration without a running e-mail service (error during registration using TWiki::Net::_sendEmailBySendmail) </td>
1276 <td>[[BUGS/Item2390]]</td>
1277 <td> beforeAttachmentSaveHandler is broken on Solaris and RedHat </td>
1280 <td>[[BUGS/Item2380]]</td>
1281 <td> Logins / logouts with template login does not work with I18N topic names </td>
1284 <td>[[BUGS/Item2379]]</td>
1285 <td> Inconsistent meta data in registration </td>
1288 <td>[[BUGS/Item2369]]</td>
1289 <td> WIKIUSERNAME incorrectly expanded </td>
1292 <td>[[BUGS/Item2365]]</td>
1293 <td> Email address handling for registration and in users homepage is confusing and not working </td>
1296 <td>[[BUGS/Item2356]]</td>
1297 <td> in sequential rdiff a changed region is classified as twikiDiffAdd* </td>
1300 <td>[[BUGS/Item2353]]</td>
1301 <td> Cannot lock out re-registration by using htpasswd file anymore </td>
1304 <td>[[BUGS/Item2352]]</td>
1305 <td> Support secret values in configure (display stars for passwords) </td>
1308 <td>[[BUGS/Item2347]]</td>
1309 <td> Statistics without params updates only Main web </td>
1312 <td>[[BUGS/Item2339]]</td>
1313 <td> Unable to cleanly turn off WEBHEADERART completely causing unexpected major problems </td>
1316 <td>[[BUGS/Item2338]]</td>
1317 <td> Improve doc on session vars to preclude override of perms </td>
1320 <td>[[BUGS/Item2336]]</td>
1321 <td> Using htpasswd on the command line wipes out email address in .htpasswd file </td>
1324 <td>[[BUGS/Item2333]]</td>
1325 <td> TWiki::Func::readAttachment my line shows wrong parameters </td>
1328 <td>[[BUGS/Item2332]]</td>
1329 <td> GoodStyle talks about "Initials"; obsolete </td>
1332 <td>[[BUGS/Item2331]]</td>
1333 <td> Calling a speedy-fied view cgi from the commandline breaks template login </td>
1336 <td>[[BUGS/Item2327]]</td>
1337 <td> TWiki on Apache 2.0 hangs (Diab's TWikiOnApache2dot0Hangs patch) </td>
1340 <td>[[BUGS/Item2324]]</td>
1341 <td> PatternSkin menu layout issue with MS Internet Explorer 7 </td>
1344 <td>[[BUGS/Item2322]]</td>
1345 <td> Comment box should have ability to be disabled by skin template </td>
1348 <td>[[BUGS/Item2321]]</td>
1349 <td> Performance improvements to Users.pm implementation (large user bases) </td>
1352 <td>[[BUGS/Item2318]]</td>
1353 <td> Links in square brackets breaks if there is a space in front of chars like - and ( </td>
1356 <td>[[BUGS/Item2317]]</td>
1357 <td> ChangePassword confirms change without password-handler </td>
1360 <td>[[BUGS/Item2315]]</td>
1361 <td> Template file permissions more restrictive in tgz dist </td>
1364 <td>[[BUGS/Item2309]]</td>
1365 <td> Prevent change password to empty string (add MinPasswordLength configuration option) </td>
1368 <td>[[BUGS/Item2302]]</td>
1369 <td> Restore Using Forms for Settings Feature </td>
1372 <td>[[BUGS/Item2298]]</td>
1373 <td> TWiki::Data::DelimitedFile is not as robust as it could be </td>
1376 <td>[[BUGS/Item2297]]</td>
1377 <td> Lock down TWiki.TWikiPreferences to admin group </td>
1380 <td>[[BUGS/Item2293]]</td>
1381 <td> Registration fails if no mail available </td>
1384 <td>[[BUGS/Item2292]]</td>
1385 <td> SMTP mail fails if the server requires auth </td>
1388 <td>[[BUGS/Item2287]]</td>
1389 <td> When printing a view page, the print style is not called </td>
1392 <td>[[BUGS/Item2286]]</td>
1393 <td> When you move an attachment the rename screen shows all topics that refers to the topic name </td>
1396 <td>[[BUGS/Item2278]]</td>
1397 <td> userToWikiName broken </td>
1400 <td>[[BUGS/Item2274]]</td>
1401 <td> I18N: Non US-ASCII chars in usernames breaks groups </td>
1404 <td>[[BUGS/Item2271]]</td>
1405 <td> Cannot "put back" a moved non-wikiword topic </td>
1408 <td>[[BUGS/Item2261]]</td>
1409 <td> Error in Apache log due to TWikiWebPreferences (File does not exist / ATTACHEDFILELINKFORMAT preference) </td>
1412 <td>[[BUGS/Item2259]]</td>
1413 <td> TWiki::UI::Save::buildNewTopic does not treat onlywikiname as a Boolean </td>
1416 <td>[[BUGS/Item2247]]</td>
1417 <td> Unclosed DIV in viewprint.pattern.tmpl </td>
1420 <td>[[BUGS/Item2244]]</td>
1421 <td> Documented METASEARCH parameter defaults are not the actual defaults </td>
1424 <td>[[BUGS/Item2234]]</td>
1425 <td> natlogon broken due to recent changes in Client.pm </td>
1428 <td>[[BUGS/Item2227]]</td>
1429 <td> PatternSkin CSS updates for IE 7 </td>
1432 <td>[[BUGS/Item2226]]</td>
1433 <td> When you delete an attachment the rename screen shows all topics that refers to the topic name </td>
1436 <td>[[BUGS/Item2225]]</td>
1437 <td> Attachments are being named the full path name instead of the filename only </td>
1440 <td>[[BUGS/Item2223]]</td>
1441 <td> Empty textarea generated in raw mode (VIEW_TEMPLATE issue) </td>
1444 <td>[[BUGS/Item2214]]</td>
1445 <td> WebTopicCreator not stripping some disallowed characters </td>
1448 <td>[[BUGS/Item2186]]</td>
1449 <td> TWiki.SiteChanges shows oldest (not latest) changes </td>
1452 <td>[[BUGS/Item2163]]</td>
1453 <td> Groups should be defined in UsersWebName only (performance improvement) </td>
1456 <td>[[BUGS/Item2158]]</td>
1457 <td> TWiki leaks memory - mod_perl processes continually grow </td>
1460 <td>[[BUGS/Item2157]]</td>
1461 <td> Rendering of links containing periods does not work properly </td>
1464 <td>[[BUGS/Item2151]]</td>
1465 <td> Delete usecase broken in PatternSkin </td>
1468 <td>[[BUGS/Item2142]]</td>
1469 <td> Add option to write email into user topic </td>
1472 <td>[[BUGS/Item2141]]</td>
1473 <td> Error.pm not in sync with CPAN state </td>
1476 <td>[[BUGS/Item2140]]</td>
1477 <td> AUTHORS missing translators' credits </td>
1480 <td>[[BUGS/Item2133]]</td>
1481 <td> Editform templates are missing some save parameters (templatetopic and text) </td>
1484 <td>[[BUGS/Item2126]]</td>
1485 <td> Bulk register shouldn't change passwords of existing users </td>
1488 <td>[[BUGS/Item2116]]</td>
1489 <td> I18N: updated translations for TWiki 4.0.3 </td>
1492 <td>[[BUGS/Item2109]]</td>
1493 <td> Add css classes to PreferencesPlugin buttons </td>
1496 <td>[[BUGS/Item2105]]</td>
1497 <td> A form field defined as [[Main/Topic]] assumes that the topic is in the same web as the form </td>
1500 <td>[[BUGS/Item2102]]</td>
1501 <td> Clicking Upload without choosing a file gives error </td>
1504 <td>[[BUGS/Item2097]]</td>
1505 <td> Plugin API / Store.pm: beforeAttachmentSaveHandler broken </td>
1508 <td>[[BUGS/Item2096]]</td>
1509 <td> New topic missing from notification when renamed </td>
1512 <td>[[BUGS/Item2090]]</td>
1513 <td> Default values for fields not picked up in new form (TWIKI4 only) </td>
1516 <td>[[BUGS/Item2088]]</td>
1517 <td> PatternSkin MANIFEST is missing PatternSkin.pm </td>
1520 <td>[[BUGS/Item2057]]</td>
1521 <td> TMPL:P parameters broken </td>
1524 <td>[[BUGS/Item2054]]</td>
1525 <td> JSCalendarContrib only works with IE in PatternSkin </td>
1528 <td>[[BUGS/Item2050]]</td>
1529 <td> Easier overriding of PatternSkin </td>
1532 <td>[[BUGS/Item2048]]</td>
1533 <td> Mailto links written as <a href="mailto:address">mailto:address</a> causes flooding with warning messages about uninitialized value </td>
1536 <td>[[BUGS/Item2032]]</td>
1537 <td> Some UTF8 characters in form values broken (CGI.pm interaction) </td>
1540 <td>[[BUGS/Item2029]]</td>
1541 <td> Build script: New topics added to distribution are not versioned correctly </td>
1544 <td>[[BUGS/Item2019]]</td>
1545 <td> Add tracing to Client.pm (login scenarios) </td>
1548 <td>[[BUGS/Item2012]]</td>
1549 <td> Break RCS locks on topics automatically when saving (Cairo upgrade issue) </td>
1552 <td>[[BUGS/Item2010]]</td>
1553 <td> Email address in the email field for the user is not turned into a link </td>
1556 <td>[[BUGS/Item2009]]</td>
1557 <td> Email addresses are not fully padded with the NOSPAM </td>
1560 <td>[[BUGS/Item2003]]</td>
1561 <td> lib/CPAN/lib/Error.pm has debugging print enabled </td>
1564 <td>[[BUGS/Item1989]]</td>
1565 <td> Latest CGI::Session is broken </td>
1568 <td>[[BUGS/Item1982]]</td>
1569 <td> Sequence of form fields in topics do not follow form definition </td>
1572 <td>[[BUGS/Item1980]]</td>
1573 <td> Login text remains untranslated </td>
1576 <td>[[BUGS/Item1941]]</td>
1577 <td> If REPEATs are munged in templates, RDiff bombs out </td>
1580 <td>[[BUGS/Item1939]]</td>
1581 <td> Inconsistent handling of non-wikiword topic names when creating new topic </td>
1584 <td>[[BUGS/Item1890]]</td>
1585 <td> Wysiwyg plugin in infinite loop </td>
1588 <td>[[BUGS/Item1869]]</td>
1589 <td> Clarify security docs in configure </td>
1592 <td>[[BUGS/Item1843]]</td>
1593 <td> A 1.2 version of a topic cannot be deleted (spam) with cmd=delRev </td>
1596 <td>[[BUGS/Item1651]]</td>
1597 <td> Extract UserMapping and GroupMapping code out of User.pm and Users.pm (enable non-TWikiTopic based User and Groups definititions) </td>
1600 <td>[[BUGS/Item1613]]</td>
1601 <td> Renaming the Main web breaks several links to users </td>
1604 <td>[[BUGS/Item1602]]</td>
1605 <td> link to TWikiUpgradeGuide needed from TWiki Installation Guide </td>
1608 <td>[[BUGS/Item1560]]</td>
1609 <td> Non-existing favicon.ico is referenced in upgraded Cairo webs </td>
1613 ### <a name="TWiki 4.0.3 Enhancements"></a> TWiki 4.0.3 Enhancements
1615 <table border="1" cellpadding="0" cellspacing="0">
1617 <td>[[BUGS/Item2452]]</td>
1618 <td> mime.types lacks some widely used file types </td>
1621 <td>[[BUGS/Item2301]]</td>
1622 <td> Put {linkProtocolPattern} into configure </td>
1625 <td>[[BUGS/Item2282]]</td>
1626 <td> SpreadSheetPlugin with SETIFEMPTY </td>
1629 <td>[[BUGS/Item2155]]</td>
1630 <td> Remove hardcoded fonts from twiki's default content </td>
1633 <td>[[BUGS/Item2125]]</td>
1634 <td> Add format parameter to META{"parent"} </td>
1638 The 4.0.3 release was built from SVN <http://svn.twiki.org/svn/twiki/branches/TWikiRelease04x00> revision **10706**..
1640 ## <a name="TWiki 4.0.4 Patch Release Detail"></a> TWiki 4.0.4 Patch Release Details
1642 The following fixes and minor enhancements have been addressed in this release:
1644 ### <a name="TWiki 4.0.4 Fixes"></a> TWiki 4.0.4 Fixes
1646 <table border="1" cellpadding="0" cellspacing="0">
1648 <td>[[BUGS/Item2578]]</td>
1649 <td> SECURITY HOTFIX: Improved protection against attaching php scripts that can be executed afterwords by simple view </td>
1652 <td>[[BUGS/Item2568]]</td>
1653 <td> Fix potential script error when attachment twisty is removed </td>
1656 <td>[[BUGS/Item2558]]</td>
1657 <td> TWiki 4.0.3 distributed LocalSite.cfg.txt uses incorrect syntax </td>
1660 <td>[[BUGS/Item2546]]</td>
1661 <td> Handmade twisty buttons has underline under them </td>
1665 ### <a name="TWiki 4.0.4 Enhancements"></a> TWiki 4.0.4 Enhancements
1669 The 4.0.4 release was built from SVN <http://svn.twiki.org/svn/twiki/branches/TWikiRelease04x00> revision **10799**
1671 ## <a name="TWiki 4.0.5 Patch Release Detail"></a> TWiki 4.0.5 Patch Release Details
1673 Note that TWiki 4.0.5 contains all fixes previously released at hotfixes 1 to 4 for TWiki 4.0.4.
1675 The following fixes have been addressed in this release:
1677 ### <a name="TWiki 4.0.5 Fixes"></a> TWiki 4.0.5 Fixes
1679 <table border="1" cellpadding="0" cellspacing="0">
1681 <td>[[BUGS/Item2609]]</td>
1682 <td> Func.pm API function wikiToEmail has a coding error. </td>
1685 <td>[[BUGS/Item2602]]</td>
1686 <td> AfterEditHandler only called by preview, not save </td>
1689 <td>[[BUGS/Item2595]]</td>
1690 <td> Emails are not stored in user topic when TWiki setup in a corporate environment </td>
1693 <td>[[BUGS/Item2573]]</td>
1694 <td> %META{"formfield" name="formfieldname"}% broken (returns nothing) </td>
1697 <td>[[BUGS/Item2518]]</td>
1698 <td> INCLUDE from external url with filename breaks relative links of included content </td>
1701 <td>[[BUGS/Item2607]]</td>
1702 <td> Crash TWiki with IF variable. </td>
1705 <td>[[BUGS/Item2619]]</td>
1706 <td> TOC Link URI References are not Relative </td>
1709 <td>[[BUGS/Item2322]]</td>
1710 <td> Incomplete fix for Comment box should have ability to be disabled by skin template </td>
1713 <td>[[BUGS/Item2594]]</td>
1714 <td> Hierarchical webs and WEBLIST can make things excruciatingly slow </td>
1717 <td>[[BUGS/Item2666]]</td>
1718 <td> Javascript errors caused by twiki.js </td>
1721 <td>[[BUGS/Item2669]]</td>
1722 <td> Configure robustness update </td>
1725 <td>[[BUGS/Item2565]]</td>
1726 <td> SEARCH parameter newline not documented. </td>
1729 <td>[[BUGS/Item2631]]</td>
1730 <td> Reset Password does not work when $TWiki::cfg{MapUserToWikiName} = 0. </td>
1733 <td>[[BUGS/Item2684]]</td>
1734 <td> EditTablePlugin Don't complain on lock taken if taken by one self </td>
1737 <td>[[BUGS/Item2714]]</td>
1738 <td> SECURITY ISSUE! - Topics with ALLOWTOPICVIEW defined in "Edit Settings" (META) can be read by anyone with a specially crafted SEARCH. </td>
1741 <td>[[BUGS/Item2758]]</td>
1742 <td> Updated TWiki.TWikiVariables so that the variable precedence includes both TWiki.TWikiPreferences and Main.TWikiPreferences </td>
1745 <td>[[BUGS/Item2780]]</td>
1746 <td> Rename to non wikiword name gives empty message </td>
1749 <td>[[BUGS/Item2806]]</td>
1750 <td> Security Alert CVE-2006-4294 - viewfile doesn't follow rules for mapping attachment names </td>
1753 <td>[[BUGS/Item2821]]</td>
1754 <td> Potential bugs from parsing settings in topics when the following line contains white space. </td>
1757 <td>[[BUGS/Item2825]]</td>
1758 <td> Potential source of error related to code that checks access permissions. </td>
1761 <td>[[BUGS/Item2823]]</td>
1762 <td> SMTP recipient name format issue </td>
1765 <td>[[BUGS/Item2829]]</td>
1766 <td> EditTablePlugin select drops selected item if cell has whitespace </td>
1769 <td>[[BUGS/Item2625]]</td>
1770 <td> %SEARCH% does not work when non-wikiword used in topic="" parameter </td>
1773 <td>[[BUGS/Item2859]]</td>
1774 <td> Attachments are being named the full path name instead of the filename only </td>
1777 <td>[[BUGS/Item2746]]</td>
1778 <td> Disable tag parameter issue in preview </td>
1781 <td>[[BUGS/Item2856]]</td>
1782 <td> make TWikiForms defined in another web clickable in "changeform" </td>
1785 <td>[[BUGS/Item2721]]</td>
1786 <td> Newly created topics have wrong version number when using RcsLite </td>
1789 <td>[[BUGS/Item2928]]</td>
1790 <td> Mailto links in brackets [[Main/WebHome]] contain visible when text is upper case </td>
1793 <td>[[BUGS/Item2884]]</td>
1794 <td> EditTablePlugin does not honour ALLOWTOPICCHANGE (bug introduced in 4.0.4 hotfix 3) </td>
1797 <td>[[BUGS/Item2980]]</td>
1798 <td> TWiki::Func::checkAccessPermission issue with '' vs. undef </td>
1802 ### <a name="TWiki 4.0.5 Enhancements"></a> TWiki 4.0.5 Enhancements
1806 The 4.0.5 release was built from SVN <http://svn.twiki.org/svn/twiki/tags/TWikiRelease04x00x05> revision **11821**...
git://git.openafs.org / openafs-wiki.git / blob