Wedge

(I don't think the avatar fix is complete; it's complete on my other site but I couldn't find more data to move over. Needs some testing, then!)

[Commit revision 6de24f9]
Author: Nao
Date: Fri, 21 Oct 2016 13:45:05 +0200
Stats: 1 file changed; +2 (insertions), -1 (deletion)

• Safari 9+ implemented :matches into their CSS engine, so I should adapt the script to use that. Safari users please tell me if Safari's implementation is broken... (Subs-Cache.php)

[Commit revision 608035c]
Author: Nao
Date: Sun, 23 Oct 2016 15:55:21 +0200
Stats: 1 file changed; +1 (insertion), -1 (deletion)

• "You had one job!!" -- Fixed a regex whose delimiter was making it impossible for /~name/ profile URLs to work. Looks like nobody ever used those, eh..? Well I do now. (QueryString.php)

[Commit revision 60d3de9]
Author: Nao
Date: Sun, 23 Oct 2016 16:02:45 +0200
Stats: 2 files changed; +113 (insertions), -112 (deletions)

• Ah, I knew I'd forgotten to post a change for secure avatars... Hopefully they should work now. (Load.php)
• Spacinazi + making a detail simpler to grasp. (ScheduledTasks.php)

[Commit revision 316a6c6]
Author: Nao
Date: Mon, 24 Oct 2016 01:08:06 +0200
Stats: 1 file changed; +2 (insertions), -2 (deletions)

• Fixed two bugs in the query string cleaner code... (QueryString.php)
•  (1) I introduced a typo that probably broke some stuff on some installs using PHP as an Apache mod. This was my fault, dating back to April 2012, and was not caught until tonight.
•  (2) parse_str() actually does an implicit urldecode() on the query string, so if $_GET was getting a value of '%2B', it would first be turned into '+' by the first urldecode(), then into a space by the second implicit one. Yes, definitely unwanted. I was going to mention this bug to the SMF guys, but it appears they fixed it on their side back in 2011. Well, good for them! As for me, this was the cause of an OpenID authentication problem, as signatures returned by the remote server would sometimes have a urlencoded '+' sign in them... So logins would randomly be refused. Nice, eh?

[Commit revision 119f001]
Author: Nao
Date: Mon, 24 Oct 2016 01:16:23 +0200
Stats: 1 file changed; +4 (insertions), -0 (deletion)

• If spamProtection is disabled ($timeLimit == 0), then we don't need to perform log queries. Should make things a little bit faster; also we don't get errors saying that the last request was 0 seconds ago. (Subs.php) (Thanks C3realGuy!)

Interesting note--
http://dev.simplemachines.org/mantis/view.php?id=2669

I actually made a commit in 2010 to the SMF codebase (that was later reverted in 2011) adding the urldecode(), so it was partly me ahah. But this was only to help Thorsten who apparently had webmail problems that were fixed with that. Basically: these webmails would turn semicolons into their url-encoded versions, so they wouldn't be spotted by SMF/Wedge at the time of analyzing the query string. So, the real culprits were:
- the original PHP authors, for putting an implicit (and illogical) urldecode() into parse_str()
- the PHP.net documentation writers, for not mentioning it...
- the original SMF writers, for not noticing it (I couldn't blame them for that!)
- German webmails (?) that didn't correctly apply encoding standards on URLs. (In my view, these are the worse offenders...)
- and SMF developers (mostly Thorsten, Norv and I, since we all looked into this), for relying on double-urldecoding to fix that, without ever considering that it could break strings that were urlencoded for a reason on the sender's side.

So yeah, it's a shared blame I guess. Due to this mess, SMF was broken for a while due to improperly decoded $_GET strings... And this probably had *many* consequences on the codebase for the years that came, e.g. creating bugs that weren't spotted in that place but 'hastily fixed' in another, and that hopefully this revert won't re-trigger. Just incredible.

[Commit revision a9ce176]
Author: Nao
Date: Thu, 10 Nov 2016 17:04:17 +0100
Stats: 2 files changed; +2 (insertions), -2 (deletions)

• Typonazi. (Profile-Actions.php)
• This database error message should be slightly more helpful. (Class-DB.php)

---

[Commit revision d7369ba]
Author: Nao
Date: Thu, 10 Nov 2016 17:11:37 +0100
Stats: 2 files changed; +25 (insertions), -1 (deletion)

• Added a generically generic template for the generic purpose of showing generic text in the usual generic place. Basically, if you don't really adhere to the MVC principles of separating output from the rest of the code (yes, I'm one of those -- stop staring at me like that, at least I don't vote for fucked up lunatics!), you can do your math, then when you're ready to show it, just call loadTemplate(function () { put your echo's in there }), and voilà, you don't have to bother creating an extra template. If anyone has a cleaner solution to that problem, be my guest. I think that doing it in half a dozen lines of code is simple, safe and helpful. (Generic.template.php, Subs-Template.php)

[Commit revision 9e65369]
Author: Nao
Date: Fri, 11 Nov 2016 00:45:12 +0100
Stats: 1 file changed; +2 (insertions), -2 (deletions)

• Naughty mistake in the loadTemplate override! (Subs-Template.php)

[Commit revision c8e81fa]
Author: Nao
Date: Fri, 11 Nov 2016 00:50:15 +0100
Stats: 1 file changed; +1 (insertion), -1 (deletion)

• Grmmblbl, I'm always unhappy with details in my skins every time I switch browsers... (Wilde/extra.css)

[Commit revision 17de122]
Author: Nao
Date: Wed, 14 Dec 2016 10:15:09 +0100
Stats: 2 files changed; +9 (insertions), -6 (deletions)

• Tweaked the select box replacement to avoid shrinking the box too much, which can be bothersome if there's a long subtitle right below a short title. You don't get it? Don't worry, you don't need to. (sbox.js)
• Spacinazi. (Subs-Template.php)

[Commit revision ff49935]
Author: Nao
Date: Mon, 19 Dec 2016 16:47:06 +0100
Stats: 2 files changed; +6 (insertions), -7 (deletions)

• Tweaked page title code to allow $context['page_title'] to be set while the page is being output. (Subs-Template.php, index.template.php)

[Commit revision 3802cca]
Author: Nao
Date: Wed, 04 Jan 2017 21:06:42 +0100
Stats: 1 file changed; +7 (insertions), -4 (deletions)

• In server admin pages, if settings_message was ever set (e.g. in cache management pages), it would overwrite the error message that should pop up if Settings.php's file rights are incorrectly set. Way to go... (ManageServer.php)

[Commit revision 4137fe0]
Author: Nao
Date: Sun, 08 Jan 2017 21:33:00 +0100
Stats: 1 file changed; +1 (insertion), -1 (deletion)

• Deprecated warning at install time when using PHP 7. (install.php)