Elgg

Non-critical bugfix release 2.3.1 is now available for download Contributors Steve Clay (8) Jerôme Bakker (5) Jeroen Dalsem (2) Ismayil Khayredinov (1) Yanwei Jiang (1) iionly (1) Bug Fixes access: use ignore access only when querying the ... [More] database (fb57c02c) admin: prevents simultaneous plugin (de)activation/reordering (907c9b67, closes #10706) ajax: elgg/Ajax now uses spinner if 2nd fetch occurs in done handler (afef3c4e) comments: use elgg/Ajax to load inline comment form (17d93a5b) discussions: river entries are once again visible to logged out users (65e6664d) embed: Inserting medium thumbnail size again instead of small on embedding images (aea45030) html: elgg_normalize_url() handles tel: links (48a51709, closes #10689) icons: detect image format for resizing (dd9af8a9) set correct filename for temp resizing file (aeed7060) menus: return to default of sorting menus by text (9636790f, closes #10737) security: random byte generation improved on some systems (03285ba7, closes #10750) uservalidationbyemail: unset emailsent after showing it once (4e16cc9b) views: elgg_view_field no longer leaves #type in attributes (e4e316e9, closes #10699) in table lists, rows now have IDs (e42fa636, closes #10696) [Less]

Non-critical bugfix release 2.3.1 is now available for download Contributors Steve Clay (8) Jerôme Bakker (5) Jeroen Dalsem (2) Ismayil Khayredinov (1) Yanwei Jiang (1) iionly (1) Bug Fixes access: use ignore access only when querying the ... [More] database (fb57c02c) admin: prevents simultaneous plugin (de)activation/reordering (907c9b67, closes #10706) ajax: elgg/Ajax now uses spinner if 2nd fetch occurs in done handler (afef3c4e) comments: use elgg/Ajax to load inline comment form (17d93a5b) discussions: river entries are once again visible to logged out users (65e6664d) embed: Inserting medium thumbnail size again instead of small on embedding images (aea45030) html: elgg_normalize_url() handles tel: links (48a51709, closes #10689) icons: detect image format for resizing (dd9af8a9) set correct filename for temp resizing file (aeed7060) menus: return to default of sorting menus by text (9636790f, closes #10737) security: random byte generation improved on some systems (03285ba7, closes #10750) uservalidationbyemail: unset emailsent after showing it once (4e16cc9b) views: elgg_view_field no longer leaves #type in attributes (e4e316e9, closes #10699) in table lists, rows now have IDs (e42fa636, closes #10696) [Less]

Non-critical bugfix releases are now available for download. 2.2.4  (2017-01-27) With the release of 2.3.0 this will be the last bugfix release on 2.2.Contributors Steve Clay (2) Ismayil Khayredinov (1) iionly (1) Bug Fixes ajax: elgg/Ajax view() ... [More] and form() set $vars as expected (abf8a9ce, closes #10667) core: Check existence of cache symlink without usage of readlink() (3e4dc6a1) files: mitigate issues with special chars in file names (4a7b74ea) web_services: handle string params with proper escaping (702ce46c) 1.12.15  (2017-01-25)Contributors Jerôme Bakker (3) Ismayil Khayredinov (1) Steve Clay (1) Bug Fixes core: outgoing email should have a message-id header (9953687f) _elgg_send_email_notification respects other email handlers (80bd413d) elgg_get_page_owner_entity will return ElggEntity (9f8e8dda) register: consistent forwarding upon login (a62410dd) relationships: ElggRelationship::save returns the ID (25754c76, closes #10373) [Less]

Elgg 2.3.0 is now available as a stable release suitable for production environments.Below is the list of fixes that were made to the release candidate. For a full list of changes and features since 2.2.x, please see ourearlier blog post about Elgg ... [More] 2.3.0 Release Candidate. Our community site has already been updated to Elgg 2.3.0.Contributors Ismayil Khayredinov (4) Steve Clay (3) Jerôme Bakker (2) iionly (2) Documentation core: Improve docs about creation of cache symlink (f984a051) Bug Fixes ajax: elgg/Ajax view() and form() set $vars as expected (abf8a9ce, closes #10667) core: Check existence of cache symlink without usage of readlink() (3e4dc6a1) entities: entity is now loaded from cache during save operations (009f74da, closes #10612) files: mitigate issues with special chars in file names (4a7b74ea) forms: fieldset with a legend no longer overrides the class (726cca18) http: elgg/Ajax error responses with 200 status use Ajax wrapper (1cae50cf) notifications: incorrect use statement no longer throws (2a6d782b) web_services: handle string params with proper escaping (702ce46c) [Less]

Elgg 2.3.0 RC1 is released and is available for early testers. Elgg core team decided to make this pre-release due to a large number of new features that have been added to core, and we want to ensure that developers and site owners are given enough ... [More] time to hunt down and eliminate any potential issues.Please note that PHP 5.5 has reached end of life in July and in order to nudge site owners to stay secure, Elgg 2.3.0 will require PHP 5.6 for new installations. Existing sites may be able to continue using PHP 5.5, but we will not be able to ensure full backwards compatibility due to a number of our vendor libraries evolving towards higher PHP versions.Elgg 2.3.0 comes with a number of exciting new features: New API for handling HTTP responses, which embraces the power of Symfony's HTTP foundation Revamped notifications service, which makes it easier to collaborate on instant and subscription notifications New administration and site security utilities Improved usability of forms, including API for rendering fields and fieldsets, as well as deferred form footer rendering that make form views extendable New file upload and image manipulation services A number of client site improvements, including AJAX tabs component, more robust CKEditor A number of new tests, bug fixes and other nifty features With this release we were able to considerably improve our static test coverage and will continue working towards standardizing most of the legacy APIs and making them more testable. The core team has discussed a possibility of making an Elgg 3.0 release in the first quarter of 2017: our current focus is a slick new user interface and improved performance coupled with a database schema overhaul.Contributors Ismayil Khayredinov (74) Steve Clay (34) Jeroen Dalsem (18) jdalsem (8) iionly (6) Jerôme Bakker (3) Ismayil Khayredinov (2) Brett Profitt (1) Matt Beckett (1) Pete L (1) V. Lehkonen (1) Features account: login history is added to account statistics page (3e30ab26) admin: add memcache stats to server info page (6b19ced0) move plugin toggle buttons to title menu (5d75f6db) single plugin toggles done via Ajax (c46ccb80) makes it easier to navigate plugin dependencies (4caf7769) api: allow convenience methods to return ElggBatch as a result (5618d3c5, closes #6676) ckeditor: better control over ckeditor initialization and behavior (57ededb0, closes #9391) comments: entities can now inherit canComment permissions (b1614671) components: add inline tabs component with ajax support (4de1cd28) composer: brings back composer.lock (0b07d9a8, closes #9430) core: Use input/number input view for default_limit input field in basic settings form (3c6bce2d) css: input/button with disabled state is now styled as disabled (3aec56a6) elgg-state-disabled class now is applied to all buttons (bb70a507) developers: explorer entity information in developer tools (251f4067) add object full listing to theme sandbox (85b67b90) add object summary listing view to theme sandbox (878dbc8e) add custom attributes to image block sandbox view (92d86a67) entities: container logic is now checked before permissions (c87dc7d1, closes #9695) events: added elgg_clear_event_handlers function (110497b7) export: now triggers a generic to:object hook for annotation and metadata (5adc6771) files: adds new API for handling file uploads (09499677, closes #7778, #9876, #9934) forms: replaces elgg_view_input, adds support for fieldsets (100bd412) update login form to use new forms API (ef69171c) update registration form to use new forms API (5eb8ce25) adds input/number view for numeric values input fields (b7960635) makes form views extendable by deferring footer rendering (bbb392e0) groups: break down groups/all page in smaller views (c6de14c2) http: no longer sends HTTP headers to CLI requests (d95a5101) now triggers before and after events for HTTP responses (42839af3) adds API for handling HTTP responses (bfc860c8) adds a service for signing and validating URLs (15071018, closes #9884) images: adds a new image manipulation service (9dcd7fb2) js: add support for inline popup modules (e467a755) lists: list item views are now aware of their position in the list (9dab204b) menus: elgg_view_menu() can now render menus with custom views (1cd65c60) elgg_view_menu() now accepts an array of menu items (7a8dad2b) notifications: refactor notification system for improved usability (11dd562c) make it easier to alter core instant notifications (094d63b2) passwords: strengthen change password link with a HMAC signature (6ad8ff94) php: Require PHP 5.6+ (e35f3ed0) plugins: adds static config file for plugins (8bf14546, closes #5947) profile: profile fields can contain more than 250 characters (2b6a7497) river: Adds hook-based permissions for river item delete action (364d7e94, closes #8936) tests: make it easier to bootstrap PHPUnit (c3ea0173) users: unifies login and registration URL generation (9e499f6a, closes #9896) uservalidationbyemail: validation URLs are now signed with a HMAC key (111f72d8) view: function to get the extensions for a view (a0f39b3e, closes #9921) views: added elgg_parse_emails to output/longtext (c1a600ca, closes #7052) more flexible output/longtext view (6229f811) lists can be rendered as tables (d941fa83, closes #7684, #9629) adds function for extracting $vars['class'] more cleanly (b0dab038) object summary listing now accepts an icon (09649f57) image block wrapper attributes can now be passed with $vars (8f6a5753) improves usability of object listing views (8ae5b1da) walledgarden: convert walled garden JS to AMD (890b4a77) widgets: added a generic view for selecting 'number to display' (b845343f) Performance db: no longer queries DB when entity access is predictable (5c93f07d) Documentation core: Misc docs fixes (0c8e1acc) tutorials: updated Blog tutorial (9a813e86) Bug Fixes cli: Application::run() returns a value for PHP CLI server to serve static files (a4fa2749) comments: comment redirector URL no longer contain double fragments (37f578e4) discussions: reply form is now only rendered when container permissions are satisfied (6ac48700) entities: classnames for entity subtypes can be up to 255 chars (45d7abbd, closes #6802) icons: cropping mode is now determined by actual cropping coords (5e4742e8) output: switch to Misd\Linkify library for parsing urls in text (e2baa855) pages: do not show duplicate title on full view of a page (a049586a) Deprecations events: deprecates the pagesetup, system event (cf77fc07) metadata: metadata access control is deprecated (a9523d97)   [Less]

Non-critical bugfix releases are now available for download.  2.2.3 (2016-11-08) Contributors Jerôme Bakker (5) Steve Clay (4) Ismayil Khayredinov (1) Jeroen Dalsem (1) jdalsem (1) Bug Fixes blog: correctly check if owner is a group in ... [More] owner_block menu (7f253c58) cache: ElggFileCache now handles arbitrary cache keys (e60b8368) ckeditor: ensure basepath is set before CKeditor is loaded (d60389d2, closes #10304) composer: composer post-update script no longer crashes (be4235a0) groups: multiple membership requests don't trigger messages (287e6448) js: bind to correct element for inline comment edit (e15cba9d) likes: notification subject too long (fc5667dc) check for a valid entity in menu setup (9ae99e84) profile: allow admin menu items to be toggled (ba20ce42) reportedcontent: show spinner during ajax delete/archive (5de1c90a)   1.12.14 (2016-11-08) Contributors Jerôme Bakker (3) Ismayil Khayredinov (1) Steve Clay (1) core: outgoing email should have a message-id header (9953687f) _elgg_send_email_notification respects other email handlers (80bd413d) elgg_get_page_owner_entity will return ElggEntity (9f8e8dda) register: consistent forwarding upon login (a62410dd) relationships: ElggRelationship::save returns the ID (25754c76, closes #10373) [Less]

It's recommended that site owners upgrade to 2.2.2 or 1.12.13 to mitigate an information disclosure vulnerability:An attacker could uncover a few general details (name, icon, short description) about groups that are usually hidden from him/her. This ... [More] would not expose the group's description, content, or membership, and a probe would require knowledge of Elgg internals. This weakness exists in all previous Elgg versions.There were a few other fixes. Notably 2.2.2 is now compatible with MySQL 5.7. See the changelogs for 1.12.13 and 2.2.2. [Less]

Elgg 2.2.1 is now available, with fixes to several issues.Worth noting, the "Discussions" site menu item has been removed so that sites upgrading from previous minor versions do not end up with a new site menu item. The menu item can be easily added ... [More] via admin if you need it.Contributors Steve Clay (16) iionly (5) Ismayil Khayredinov (2) Wouter van Os (1) Documentation license: clarifies dual licensing in LICENSE.txt (1db4994f) support: updates support policy and tentative release schedule (71aab2c6) Bug Fixes access: updates no longer mistakenly blocked in some scenarios (01f4f1df) boot: boot cache now respects system cache setting (f90b1eb1) make sure boot cache updated when subtype data changes (c80f6e64) core: boot no longer throws DB exception in some edge cases (c7c44763, closes #10119) discussions: removes site “Discussions” menu item added in 2.2.0 (34678299, closes #9731) js: output deprecation messages to admins in browser console only (a8052f9c) popup no longer reopens after a second click on the trigger (6dc8012b, closes #10063) likes: don’t emit notice if a listing’s $vars['list_class'] isn’t set (f2882158) members: Don’t rely on newest members tab set as default tab in pagehandler for members page (a78aa354) pages: operations keep track of more than 10 child pages (bc5f414b) plugins: Make activate/deactivate all plugins to work also on Firefox (915865b9) reportedcontent: Reported Content admin widget works again (739259fc, closes #10151) river: ensure unique comment form id (80e508ae) ui: hover menus no longer open outside viewport (edd3740a, closes #10214) views: input/select view can select options more reliably (af103c7e, closes #10154) some functions that use views fallback to default viewtype (5a58317e, closes #10114) web_services: create_api_user() and create_user_token() work again (1ee8fe96) [Less]

Join the core team for 2 days of concentrated effort on the next generation of the Elgg framework.When: Friday, September 23rd - Saturday, September 24thWhere: Online (http://gitter.im/Elgg/Elgg)What: Resolve issues on the interim and ... [More] 3.0 milestonesWho: Developers interested in contributing to Elgg coreWe will have much of the core team available on these days so that pull requests (PRs) can be reviewed quickly and merged. We hope to make significant progress paying down technical debt and making Elgg a more modern, testable, lower-maintenance PHP framework.If you’re new to open source development this is a great time to jump in and get assistance through the process of making your first PR. We have a list of easy tickets that we think would be good fits for newcomers.Claim your issue now if you already know what you want to work on. You can self-assign or just request to be assigned on the issue itself and someone will assign it to you. This way we can avoid duplication of effort on the days of the hackathon and gauge interest in participation. Some of the tickets might even require preparation/design beforehand, so it may help to post your plans for how to address the issue before the hackathon to get some early feedback and make sure the core team agrees with your direction.We would also like to give some love to our community site. We have some pending PRs, and we are open to other contributions. Feedback and ideas from the community members are more than welcome.I’m not a developer. Can I still participate?Yes, please! We’d really appreciate your help in:Testing open issues to see if they’re still reproducible/valid, or adding more information that would help us get them resolved quickerReviewing our documentation to make sure it is up-to-date, thorough, and helpful. Report any bugs that you find or suggestions for improvement, missing docs. Maybe even write some of your own!Bumping open pull requests and issues that you’d like to see get more attention  [Less]

A fresh batch of Elgg releases are now available. The new 2.2.0 has some handy, new developer features.Though I made a 2.1.3 release, 2.1 releases are no longer supported. Users should upgrade to 2.2.0 as soon as possible.1.12.12 is also released for ... [More] 1.12 users.Changelog for 2.2Contributors Juho Jaakkola (3) jdalsem (8) Ismayil Khayredinov (43) Steve Clay (40) Jeroen Dalsem (22) Wouter van Os (2) Brett Profitt (1) Jerôme Bakker (1) V. Lehkonen (1) lehkonev (1) Features iconservice: it is possible to save unaltered version of an image (7157a33f, closes #9970) Bug Fixes js: add missing elgg/lightbox#resize method (4f6a0174) correctly report success in admin profile field reorder action (b63396a7) Features ajax: better elgg/Ajax handling of form data and URLs (8795b9f4, closes #9534, #9564) Ajax service now loads required AMD modules (292dc391) avatar: user avatars are now served by serve-file handler (a55d746a) cache: allow admin to attempt an automatic symlink to cache (b06a1cb3, closes #8639, #8638) allows specifying cache directory in settings.php (4b2ed514) ckeditor: improved elgg/ckeditor AMD module (a0ff70ec) added editor autogrow plugin (771abac8) allowed resizing of editor window (f43a6565) core: added a CONFIG flag to control auto-disabling plugins (17363a50) added a new function to check if system_cache is enabled (f3bbff32) cron: improved cron logging (5305b60d, closes #9474) db: access sql parts are named in the clauses array (50ffcf24) allows using parameterized queries in core DB functions (a9e51682) developers: add view_vars hook to views inspector (41e9e1ef) discussions: added a site menu item for discussion/all (79809b78) allow plugins to use custom discussion reply object class (ac55f8f4) embed: adds elgg/embed AMD module (1f1dad12) adds serve-icon page handler (e4d09f82, closes #9582) entities: adds user capabilities service (81f05058) file: adds ElggFile::transfer() for reliable renaming of files (bf50c5d0) more consistency in mime and simple type values (3e09fa15, closes #9614) files: update file plugin to new file serving API (a9d409ee) filestore: bootstrap default filestore early in the boot sequence (c85fa0ee, closes #9873) adds API to reliably set file modification time (476b6d29) forms: Add new user now has an option to autogenerate the password (ee4758d3) input/checkbox is now usable with elgg_view_input() (82bbf49b, closes #9808) gatekeeper: entity gatekeeper result can now be filtered (75af2fd5) groups: group icons are now handled by the new icon service (e809f5fd) introduced a hook to influence group tool options (b6617e5e) allow the group river to be filtered by content type (0d8f9364) group avatars now use serve-file handler (ac57e990) html: allows cleaner elgg_format_element usage (425f57d7, closes #9766) moves favicon registration to a hook (a4a35362) http: allow use of X-Sendfile/X-Accel web server feature (a88db207, closes #4898) icons: udpate file plugin to use new icon service (2c9f5c0a) user avatars are now handled by the icon service (36c8b465) adds a service for handling entity icons (72b8a2c7) js: Adds hooks to pass site and page-level data client-side (cec6b42b, closes #8997) elgg/Ajax users get more access to underlying resources (39a3fbce, closes #9767) elgg/spinner now supports optional text to be displayed (da5c5b06) adds elgg/lightbox AMD module, loaded on all pages (9135ad26, closes #7895, #8309, #6991) user hover menu now uses elgg/popup module (d0dffca6) adds elgg/popup AMD module (fd75da60) requiresConfirmation now returns false if not confirmed (cac5c0fd) menus: elgg_register_title_button() can now check entity type and subtype (a0c118ad) required AMD modules can now be defined at item registration (46c3ead8) adds menu service for more orderly menu construction (38ecfc6b, closes #9508) reportedcontent: only load javascript when needed (29c39cd7) river: convert river JS to AMD modules (790a1a00) thewire: allow multiple add forms to exist on the same page (9f72e287) ui: Allows modifying system messages/errors (eee183c5) views: view_vars handlers can preset view output (68fde7b6) elgg_get_excerpt output now comes from a view (4d6ec3f2) allows changing relative URLs in CSS files (70d3aab7) allow multiple paths in views.php files (7672d754) web_services: allows API function to be given an associative array (cd80863a, closes #9411) widgets: widget types can now be extended with a hook (3c76194c) widget title and description can be autodetected (3c61e2f0) added a helper class and factory for defining widgets (bc56fafd) widget layout owner can now be set explicitly (b3bd2a84, closes #7023) added isset on \ElggWidget objects to check settings (7b095208) added unset on \ElggWidget objects to remove settings (f99e4f5d) Performance db: improved session write db query for InnoDB (3b55226d) reportedcontent: only load JS if menu item is rendered (ececa98d) Documentation core: fixes docs for ElggFilestore::seek return value (fe310c31) faqs: fixed typo in IDE section (a1ed1305) tutorials: updated Hello world (dc5a4ade, closes #9875) widgets: updated the widget registration documentation (3410e1ec) Bug Fixes avatars: avatars are no longer served with public URLs in a walled garden mode (4c8a7ced) core: get class from subclass instead of base (8b3e17fa) allows ElggFile to append files not yet existing (ac0ba3f2) file: ElggFile::delete() now removes target files if filename is a symlink (facc13fe) files: use actual file modification time as an etag value (17c5dcaf) js: ui bindings now wait for system init event to fire (5794e027) mime: fall back to detection based on extension for octet-stream (0b1f4539) reportedcontent: forward to address if not submitted in lightbox (ee63b1d8) views: elgg_view_form now accepts class to be an array in form_vars (4133b516) Deprecations db: deprecates many methods on the Application::getDb object (2ba9a876) entities: adds entityCache service and deprecates old global (9fa45b62) deprecate can_write_to_container (ee473b37) file: new file service deprecates file download and thumbnail handlers (90925fab) groups: groups/js view deprecated by groups/navigation AMD module (975014bb) new file service deprecated avatar/view resource (5c535271) new file service deprecated groupicon page handler (0721023b) [Less]