PEAR: Latest releases for mahono

LiveUser 0.16.14

2010-10-15T14:32:00-05:00

QA release
Bug #9517 Config Parameter permContainer=>storage=>PDO=>prefix doesn't work dufuz
Bug #13014 PHP Warning on setcookie() dufuz
Bug #13154 Example 4:schema validation error dufuz
Bug #13391 example 5 - MDB2_Schema Error in demodata.xml dufuz
Bug #13650 Examples (demodata script) problem dufuz
Doc Bug #14954 mention ACL in the description/documention kguest
Bug #15126 Assigning the return value of new by reference is deprecated doconnor
Bug #15127 Parse error: syntax error, unexpected T_RETURN in ./LiveUser/Perm/Storage/Cache doconnor
Bug #17723 Patch: Avoid ereg in favor of preg_match olleolleolle

LiveUser_Admin 0.4.0

2010-10-05T16:24:42-05:00

QA release
Bug #13233 Example1 error when importing data in DB
Bug #11051 Seems class variable is not declared
Bug #8424 incorrect handling of single column joins

LiveUser 0.16.13

2008-01-28T03:29:59-05:00

- #9418: Initialization for example 5 wrong
- #9575: Example trips over MySQL boolean/int
- #9581: Add support for session.cookie_httponly

LiveUser_Admin 0.3.9

2006-08-22T13:35:40-05:00

- pass debug parameter by ref to the constructor since it can be an object instance
- updated API calls of getBeforeId() and getAfterId() in the storage classes
- refactored decryptPW() and encryptPW() into static methods in the LiveUser class
- force null instead of false for PDO fetch() calls that return empty sets
- added static error push when a non array is passed to setSelectDefaultParams() (Request #7779)
- use empty() instead of array_key_exists() in setSelectDefaultParams()
- update of auth_user_id not possible via LiveUser_Admin::updateUser() (Bug #7975; thx to Matthias)
- fixed incorrect handling of single column joins (Bug #8424)
- better handling of '*' inside the field list together with explicit fields (Bug #7955)

LiveUser 0.16.12

2006-08-22T13:34:20-05:00

- wrong use of pdo fetch method, when no result could be fetched it returns
false with no error. Swith to using fetchAll and check for an empty array
- we cannot decrypt most of the encryption method used by the hash extension so
we default to returning the unmodified string
- the wrong variable was used to report the type of permission container when an
error occured
- push an error on the stack when the encryption method cannot be found
- make sequence columns primary key
- properly disconnect the pdo object
- make it possible to set the status message mapping
- register options for create (Bug #7704)
- use the hash extension if it is present for the password encryption
- refactored decryptPW() and encryptPW() into static methods in the LiveUser class
- force null instead of false for PDO fetch() calls that return empty sets
- fixed logging into example1
- debug => false in conf doesn't work (Bug #7564; thx to Matthias)
- added support for user defined handle fields
in DB, MDB, MDB2 and PDO containers you can set a list of fields in your auth
container storage config, default is 'handle', example:
'handles' => array('handle', 'auth_user_id', 'email')
these fields are now used to find the right user on login (Request #7781)
- fixed LiveUser::decryptPW(): added missing third parameter 'secret'
- check if safe_mode is enabled in fileExists() to determine what algo to use (Bug #8296)

LiveUser_Admin 0.3.8

2006-04-19T04:46:01-05:00

- wrong parameter used in getUsers('auth', ..) (report by gregory)
- fixed usage of outdated getUsers() API in init()
- phpdoc fix in outputRightsConstants() (bug #7037)
- removed bogus parameter from phpdoc in getRights() in medium/complex container
- added support for selectable_tables in the param array in get*() methods
- fixed updating of implied right field in umimplyRight() (bug #7050)
- made stack property public
- remove artificial limitation that prevented groups to have multiple parents
- fixed PDO storage layer queryAll() method (bug #7213)
- expanded error handling in Log instance creation
- fixed outdated API call to getRights() in _getInheritedRights() (bug #7236)
- made translations columns wider for example1
- replace isset() with array_key_exists() where applicable
- added link to area admin area test to the menu in example1
- reworked getRights() and getGroups() API for recursive reads
(related to bug #7241) *BC break*
Set the filter parameters for the recursion explicitly. For getGroups() in the
'subgroups', 'hierarchy' keys (note that hierarchy is now no longer specified
by setting 'subgroups' => 'hierarchy'). For getRights() 'inherited', 'implied'
and 'hierarchy' (note that hierarchy is now no longer specified by setting
'implied' => 'hierarchy';).
- expanded outputRightsConstants() filtering
- changed the getUsers(), addUser() and updateUser() API to be more in line
with the container APIs *BC break* (req #7025)
- added LiveUser_Admin_Storage::setSelectDefaultParams() to centralize default setting
- added selectable_tables property to auth backend
- fixed typos in 'with' handling in the perm container
- prevent duplictate entries in the fields not yet linked array

LiveUser 0.16.11

2006-04-19T04:44:56-05:00

- parse error typo fix in PEARAuth container (bug #6968)
- minor improvements to the phpdoc comments in PEARAuth container
- use ugly fopen() hack in fileExists()
http://marc.theaimsgroup.com/?l=pear-dev&m=114148949106207&w=2
- changed API for readuserData(), auth_user_id parameter now contains the
auth_user_id to use
- login() now supports passing in an auth_user_id instead of the handle/password
- made stack property public
- typo fix in PDO container readImplyingRights() method (bug #7195)
- expanded error handling in Log instance creation
- handle if no proper credentials where passed to readUserData() (bug #7262)
- replace isset() with array_key_exists() where applicable
- disable __autoload() in class_exists() calls (bug #7304)
- brought property names in line s/rights/right_ids *BC break*
- MDB2_Schema 0.5 and MDB2 2.0.1 handles nulls in schema files properly so
there is no need to disable MDB2_PORTABILITY_EMPTY_TO_NULL in the installer

LiveUser 0.16.10

2006-02-27T13:17:51-05:00

- Do not include Cache.php since its only a concept and not implemented yet
- fixed serious issue with right reading in the Medium and Complex container
- right_level may not be null in schema (use default if not explicitly set)
- phpdoc improvements
- bumped dependency for MDB2 to first stable release
- added missing optional dependency on mcrypt
- made admin user a superadmin in example4
- bumped copyright to 2006

LiveUser_Admin 0.3.7

2006-02-21T14:39:09-05:00

- fix "No rights for a user if the user only has inherited rights" (bug #6374)
- do not overwrite all filters in _get*() helper methods
- minor issue with 'alias' position in the config array in example1
- make sure that tables required as intermediate join steps are listed in the from
- add depth parameter to createJoinFilter (may be used to determine shortest join path eventually)
- fixed detection if list of tables has been reduced or not
- do not push an error on the stack for a possible recursion because it may just
be one possible path we are evaluating
- added "by_group" optional parameter to params getRights() which determines if
the userrights table should be used or rather the grouprights and groupupsers tables
- incorrect handling of filters inside unimplyRights() (bug #6592)
- renamed "connection" config option to "dbc" *BC BREAK*
- cleaned up and unified init() in the storage classes
- added support for '*' in fields list as an alias to fetch all fields in the root table
- made LiveUser_Admin::getUsers() API as flexible as in the containers *BC BREAK*
- fixed serious issue in join filter handling that caused join filters to be ignored
- removed allowDuplicateHandles and allowEmptyPasswords options, they are now
handled through the table definition in the given Globals.php (overwriteable
via the config array) *BC BREAK*
- typo fix in extended module loading in the MDB2 storage container
- fixed inherited and implied handling in getRights() when fetching only 2 columns
- added initial version of a PDO storage container (needs more testing)
- removed setCurrentApplication()/getCurrentApplication() methods since they are
no longer relevant *BC BREAK*

LiveUser 0.16.9

2006-02-21T14:38:18-05:00

This releases fixes a minor security issue that is limited to the optional
remember me feature. This issue was report to us by GulfTech Security Research.

The issue would allow an attacker to determine the existance of files inside the
file system, as well as being able to delete files:
- if the relativ path is shorter than 32 characters (including a null
byte)
- if null bytes are handled inside the "_COOKIE" superglobal, for example
through usage of magic_quotes_gpc, the issue becomes essentially limited to
files ending with ".lu".

All installations using the remember me feature are strongly urged to update.
This release also changes some other aspects including a BC break so developers
can optionally patch their current installations from the changes in the
following commit:
http://cvs.php.net/viewcvs.cgi/pear/LiveUser/LiveUser.php?r1=1.148&r2=1.149&diff_format=u

- fixed major bug in PEARAuth container: auth_user_id is not an optional property
- added passwordEncryptionMode and secret to phpdoc comment
- made cryptRC4() method public to match usage in auth common in the client and admin api
- fixed handling of the secret user defineable property (bug #6551)
- added support for user_group_ids (bug #6517)
- allow grouprights and groupusers table to join eachother
- updateProperty doesn't update the session (bug #6612)
- renamed "connection" config option to "dbc" *BC BREAK*
- cleaned up and unified init() in the storage classes
- added example for dumping SQL to a file to installer
- add support for force_seq to installer
- removed allowDuplicateHandles and allowEmptyPasswords options, they are now
handled through the table definition in the given Globals.php (overwriteable
via the config array) *BC BREAK*
- initial untested support for PDO in the installer
- added examples for setting length and defaults to installer
- use overwrite when unlink is enabled in the installer
- reworked handling of merging user with group rights *BC BREAK*
When using the Medium or Complex container a user may gain rights through direct
assignment or through membership in a group that has rights assigned. The user
and group rights are merged with the following logic:
* if the right is only assigned to a member group but not the user the right is
available to the user at the level at which the group has the right
* if the right is only assigned to the user at a level greater than zero but not
to a member group the right is available to the user at the level at which
user has the right
* if the right is only assigned to the user at a level equal to zero but not
to a member group the right is available to the user at the level at which
user has the right
* if the right is only assigned to the user at a level lower than zero but not
to a member group then the right is unavailable to the user
* if the is assigned to a member group and the user and the level at which the
user has the right is greater than zero, then the right is available to the
user at higher level of the two
* if the is assigned to a member group and the user and the level at which the
user has the right is equal to zero, then the right is unavailable to the user
* if the is assigned to a member group and the user and the level at which the
user has the right is lower than zero, then the right is available to the
user at the minimum of the group assigned level and the addition of the
negativ user level and the maximum level
Example:
The user as the following right_id => level pairs
array
1 => 3
2 => -2
3 => 0
5 => -1

The groups he is a member of have the following right_id => level pairs
array
1 => 1
2 => 3
3 => 3
4 => 2

The final right_id => level pairs are as follows
array
1 => 3 // user has a higher level (3) than the group level (1)
2 => 1 // 3 - 2 means a maximum possible level of 1
4 => 2 // only group has the right at level 2
5 => 2 // only user has the right at level 3 - 1 = 2