Flask-SQLAlchemy is an extension for Flask that adds support for
SQLAlchemy to your application. It requires SQLAlchemy 0.6 or
higher. It aims to simplify using SQLAlchemy with Flask by providing
useful defaults and extra helpers that make it easier to accomplish
common tasks.
Flask-Login provides user session management for Flask. It handles
the common tasks of logging in, logging out, and remembering your
users' sessions over extended periods of time.
Werkzeug is a WSGI utility library for Python. It's widely used
and BSD licensed.
Werkzeug started as a simple collection of various utilities for
WSGI applications and has become one of the most advanced WSGI
utility modules. It includes a powerful debugger, fully featured
request and response objects, HTTP utilities to handle entity tags,
cache control headers, HTTP dates, cookie handling, file uploads,
a powerful URL routing system and a bunch of community contributed
addon modules.
It does Unicode and doesn't enforce a specific template engine,
database adapter or anything else. It doesn't even enforce a specific
way of handling requests and leaves all that up to the developer.
* Hungarian and Slovenian language files are added, too.
Version 3.0.2 (2013-01-07)
--------------------------
### Fixed
Throw an error if FileTree or PageTree widgets are left blank although they are
marked as mandatory in the DCA (see #5131).
### Fixed
Modules and Hybrids included via content element were shown even if the content
element was invisible or not published (see #5203).
### Fixed
Do not try to limit the template selection to a particular theme but show all
available themes instead (see #5095).
### Fixed
Correctly build the comments subscription confirmation URL (see #5201).
### Fixed
Update the database if a file is being uploaded in the front end (see #5137).
### Fixed
Do not send a 404 header if an enclosure is requested and cannot be find by a
module; there might be another module which can (see #5178).
### Fixed
Consider the `save_callback` of the password field in `tl_user` when a back end
user is forced to change his password (see #5138).
### Fixed
Random images now open in the lightbox if configured (see #5191).
### Fixed
Find e-mail addresse like `a@b.com` in `String::encodeEmail()` (see #5175).
### Fixed
Make sure there is a minimal MooTools core version for the command scheduler
(see #5195).
### Fixed
Made `Model::getPk()` and `Model::getTable()` static (see #5128).
### Fixed
Do not move resources in the file manager if the targets exist. Otherwise the
database might get out of sync with the file system (see #5145).
### Fixed
Convert automatically generated article alias names if the page uses folder URL
style alias names (see #5168).
### Fixed
The newsletter system did not yet handle file ID attachments (see #5118).
### Fixed
The gallery and downloads element now support using the user's home directory
again (see #5113).
### Fixed
Added an option to load models uncached (see #5102).
### Fixed
Added support for `CURRENT_DATE`, `CURRENT_TIME` and `CURRENT_TIMESTAMP` to the
database installer (see #5089).
### Fixed
Store the whole database row in `Calendar::addEvent()` so e.g. RSS feeds with
the event text instead of just the teaser are being rendered (see #5085).
### Fixed
Purge the internal cache after a module has been (de)activated (see #5016).
### Fixed
Do not cache the `system/cron/cron.txt` file (see #5105).
### Fixed
Do not create content elements for news and events which redirect to articles,
pages or external URLs during the version 3 update (see #5117).
### Fixed
Handle incorrectly closed indexer comments (see #5119).
### Fixed
The table content element did not assign the correct CSS class names when there
was only one row and one column (see #5140).
### Fixed
Consider the dynamic ptable when copying/deleting content elements (see #5041).
### Fixed
Scan templates in the autoload creator even if there are no classes (see #5158).
### Fixed
Corrected the main column margin when using the layout builder in combination
with the responsive grid (see #5170).
### Fixed
Consider the sorting order of external style sheets (see #5038).
### Fixed
The numeric file mounts of a user were overridden by the real paths (see #5083).
Version 2.11.8 (2013-01-07)
---------------------------
### Fixed
Make sure entered dates map to an existing date (see #5086).
### Fixed
Fixed the MySQLi field count (see #5182).
### Fixed
The Date class should return `00:00` for `Date(0)->time` (see #4249).
### Reverted
Handle dependencies when updating extensions (see #3804).
### Fixed
Fixed the unprefixed CSS gradient output (see #4569).
### Fixed
Fixed a small formatting issue in the Music Academy theme (see #5160).
### Fixed
Show all extensions in the log when updating multiple at once (see #5144).
### Fixed
Standardize RSS feed aliases (see #5096).
### Fixed
Make the `FileUpload` constructor public (see #5054).
### Fixed
Use `isset()` in the `Database::fetch*()` methods (see #4990).
### Fixed
Changed the `System::getReadableSize()` algorithm to powers of two (see #4283).
### Fixed
Removed Tahiti and the Netherlands Antilles from the countries list (see #3791).
### Fixed
Also adjust the `be_navigation.html5` template to the new "getUserNavigation"
hook changes (see #3411).
Tue Dec 25 16:16:30 CET 2012
Releasing libmicrohttpd 0.9.24. -CG
Tue Dec 18 21:18:11 CET 2012
Given both 'chunked' encoding and 'content-length',
ignore the 'content-length' header as per RFC. -ES
Thu Dec 6 10:14:44 CET 2012
Force adding "Connection: close" header to response if
client asked for connection to be closed (so far, we
did close the connection, but did not send the
"Connection: close" header explicitly, which some clients
seem to dislike. (See discussion on mailinglist).
Also, if there is already a transfer-encoding other
than 'chunked' set by the application, we also now close
the connection if the response is of unknown size. -CG
Wed Dec 5 19:22:26 CET 2012
Fixing parameter loss of POST parameters with IE8 and Chrome
in the PostProcessor as the code failed to properly handle
partial data. -MM
= Changes in 2.3.2 =
January 5, 2013 - version 2.3.2
* Changes
* #138 Revert Timeout change unintentionally included in v2.3.1. It's
reported that the change causes background processes not terminated
properly.
= Changes in 2.3.1 =
January 1, 2013 - version 2.3.1
* Changes
* #137 Signing key is expiring for cacert_sha1.p7s.
Deleted p7s signature check for default cacerts. Sorry for many troubles
in the past. This feature is not useful without having online/real-time
CA certs update but I don't think I can implement it in near future.
Users depend on this signature check (who puts cacert.p7s in R/W
filesystem and ssl_config.rb in R/O filesystem) should take care the
tampering by themself.
* Bug fixes
* #122 Support IPv6 address in URI
= Changes in 2.3.0 =
October 10, 2012 - version 2.3.0
* Features
* Added debug mode CLI. bin/httpclient is installed as CLI.
Usage: 1) % httpclient get https://www.google.co.jp/ q=ruby
Usage: 2) %httpclient
For 1) it issues a GET request to the given URI and shows the wiredump
and the parsed result. For 2) it invokes irb shell with the binding
that has a HTTPClient as 'self'. You can call HTTPClient instance
methods like;
> get "https://www.google.co.jp/", :q => :ruby
* #119 Addressable gem support (only if it exists); should handle IRI
properly.
* Bug fixes
* #115 Cookies couldn't work properly if the path in an URI is ommited.
* #112, #117 Proper handling of sized IO (the IO object that responds to
:size) for chunked POST. HTTPClient did read till EOF even if the
given IO has :size method.
* Handle '303 See Other' properly. RFC2616 says it should be redirected
with GET.
* #116 Fix "100-continue" support. It was just ignored.
* #118 Support for boolean values when making POST/PUT requests with
multiipart/form Content-Type.
* #110 Allows leading dots in no_proxy hostname suffixes.
---------------
- /usr/bin/env police
Upstream Changes:
-----------------
Version 1.9.6:
SECURITY HINT: make sure you have allow_xslt = False (or just do not use
allow_xslt at all in your wiki configs, False is the internal default).
Allowing XSLT/4suite is very dangerous, see HelpOnConfiguration wiki page.
HINT: Python >= 2.5 is maybe required! See docs/REQUIREMENTS for details.
Fixes:
* fix remote code execution vulnerability in twikidraw/anywikidraw action
* fix path traversal vulnerability in AttachFile action
* fix XSS issue, escape page name in rss link
* escape user- or admin-defined css url
* make taintfilename more secure
* use a constant time str comparison function to prevent timing attacks
* Attachment handler: catch all Zip-related errors
Version 1.9.5:
Fixes:
* Security fix: fix virtual group bug in ACL evaluation.
* Avoid crash if #refresh processing instruction is used without arguments.
* Fix issue with non-ASCII textchas.
* Xapian indexing: remove copy.copy() that crashed on Windows/IIS/isapi-wsgi
after page save.
* Fix dictionary file reading crash under Windows.
* Work around crash of AdvancedSearch macro rendering caused by non-ascii
mimetypes.types_map entries.
* Added migration script for moin 1.8.9.
* rss_rc: Fix diffs added in RSS with diffs=1 (now they correspond to item
listed in feed and not just last page diffs). Links generated with ddiffs=1
also fixed.
* rss_rc: fix double escaping issue.
* rss_rc: respect show_names configuration option.
* rss_rc: proper support of rename, revert, page creation.
* modern/modernized theme: fix padding/width for editor preview
* group/pagelinks formatters: avoid to create unnecessary output, redirect
output of send_page call with the groups formatter, it must not be written
to the output stream
* rst parser: fix include and macro directives
* wikisync: fix unicode pagename sending for python 2.7 httplib
New features:
* add a comment_required config option (default: False) to require a
non-empty comment when saving a page
* when a save error happens, show the editor again and highlight the error
* rss_rc: several new options added: lines parameter gives ability to set
maximum size of diffs showed in RSS. show_att parameter gives ability
to show information aboout attachment-related items in RSS. page parameter
gives ability to specify set of pages for which changes RSS feed should be
generated. Configuration of defaults and limits can now be done via wiki
configuration mechanism.
* As soon as it is now possible to provide RSS for page change history,
appropriate alternate link is now added for every page (controlled by
rss_show_page_history_link configuration parameter).
* Search: "no_highlight:" search query option provided for suppressing
highlighting search results.
* Search macros: new options for FullSearch, FullSearchCached and PageList
available:
* highlight_titles option controls highlighting of matches in search
results provided by these macros. Default value is set in
search_macro_highlight_titles configuration option)
* highlight_pages option controls adding of highlight URL parameter to
page links (so search term is highlighted when user goes to one of
these pages via provided link) in search results. Default value is set
in search_macro_highlight_pages configuration option.
Usage of these options is disabled (via search_macro_parse_args
configuration option) by default due to behavioural changes introduced
in macro parameter parsing mechanism to support them. Related to
http://moinmo.in/FeatureRequests/FullSearchResultsWithoutHighlight .
Other changes:
* Remove 4suite dependency for docbook formatter, use minidom (included in
Python).
* Upgraded FCKeditor to 2.6.8.
grappelli_safe was created to provide a snapshot of the Grappelli
admin skin for Django, to be referenced as a dependency for the
Mezzanine CMS for Django.
Bleach is an HTML sanitizing library that escapes or strips markup
and attributes based on a white list. Bleach can also linkify text
safely, applying filters that Django's ``urlize`` filter cannot,
and optionally setting ``rel`` attributes, even on links already
in the text.
Tiny Tiny RSS is an open source web-based news feed (RSS/Atom)
reader and aggregator, designed to allow you to read news from any
location, while feeling as close to a real desktop application as
possible.
Geeklog History/Changes:
Dec 30, 2012 (1.8.2)
------------
- A remote service user now bypasses current password check when account is
deleted (bug #0001417) [Tom]
- Fixed Twitter OAuth login error after Twitter deactived some old URLs (bug
#0001497) [Tom]
- $dbconfig_path was not escaped in the install script (bug #0001457, patch
provided by mystral-kk)
- COM_stripslashes will now handle arrays; this was a problem during
re-authentication after a security token expired (bug #0001413) [suprsidr]
- The comment count for a story could be wrong if there was a different object
with the same id and a comment (bug #0001414) [Tom]
- Feeds with the full story text still had a '...' at the end (bug #0001431)
[Jeff Rivett, Tom]
- Allow MIME type application/x-gzip-compressed when uploading a plugin for
installation (bug #0001405) [Dirk]
- Fixed compatibility with MySQL 5.5 (bugs #0001410, #0001456). This also
raises the minimum supported MySQL version to 4.1.2 [Dirk, Tom]
