add access to admin tags

[bse.git] / Changes.txt

BSE 0.21 - unreleased
========

 - verbose output of generate.pl is now based on the template
   admin/generate.tmpl

 - add the referer tag to all dynamic pages

 - added [undeletable articles] to bse.cfg as a supplement to
   @NO_DELETE.  @NO_DELETE is now deprecated and may be removed in a
   future release of BSE.
   https://rt4.develop-help.com/Ticket/Display.html?id=1209

 - iterator inlines can now be filtered (Adrian Oldham)

 - added some more extension to content type mappings for video
   formats (Adrian Oldham)

Bug fixes:

 - thumb.pl would return content types with doubled image/ prefixes,
   eg. image/image/jpeg

 - update BSE::AdminUsers, BSE::ChangePW to use more modern admin tags
   https://rt4.develop-help.com/Ticket/Display.html?id=1234 (partial)
   (Adrian Oldham for BSE::ChangePW)

 - with [site].secureadmin enabled, refreshes to the secure admin url
   could cause a 500 error.

 - check nomatch fields even for blank fields.  Otherwise a field with
   a LF or CR would not be caught by the dh_one_line validation rule.

BSE 0.20 - 22 Dec 2011
========

Please read any NOTES below carefully.

 - store a truncated card number for credit card payments (both online
   and email).  Reinstate storage of the card holder name in ccName.
   ccNumberHash is no longer populated.

 - ifNeedDelivery (checkoutnew_base.tmpl) wasn't being reset on order
   submission.

 - the site_users table has been refactored into the bse_siteusers
   table, removing the bill* fields and adding deliv* fields.  Other
   obsolete fields have also been removed.

   NOTE: To preserve your registered users on upgrade, run the
   provided schema/site_users_to_members.sql SQL through the mysql
   tool.  This will create entries in bse_siteusers corresponding to
   those in your original site_users table.  You MUST start with an
   empty bse_siteusers table or the script will throw an error.

   NOTE: Any configuration such as report definitions, query group
   definitions should now refer to bse_siteusers instead of
   site_users.

 - Data::UUID 1.148 is now required

 - remove target entry for the shop confirm action, which was
   otherwise removed years ago. RT #1280.

 - logon now starts a new session, preserving the cart.  As a
   side-effect this logs out the admin user, though this may
   change.  RT #1279.

 - passing a new session id between the SSL and non-SSL versions of
   the site is now validated.  RT #1279.

   NOTE: This requires that [site].secret be set to a value specific
   to your site.  Running:

     openssl rand -base64 32

   generates a suitable value.

 - delete the session data for a site users session when they logoff.
   As a side effect this will log out the admin user.

 - allow dynamic content pages to display flashed messages with the
   message tag.  Note that not all actions flash a message.

Template updates:

 - checkoutpay_base.tmpl - the name of the cardHolder payment field is
   now ccName.

 - admin/order_detail.tmpl - order ccPAN can be used to display the
   truncated card number.

 - user/options_billing_base.tmpl and its generated template have been
   renamed with s/billing/delivery/ since it now contains delivery
   details.  The link to it from user/options(_base).tmpl has also
   been updated.

 - user/options_base.tmpl, user/register_base.tmpl,
   admin/users/(add,edit,view).tmpl have been updated to match the new
   site users schema.

 - user/logon_base.tmpl, user/register_base.tmpl - updated the
   "nothing is more permanent that a temporary solution" link text for
   logon, register and recover password.

 - shopitem.tmpl - display the flashed message, if any.

 - removed the unused checkoutcard and checkoutconfirm templates

Internals:

 - Squirrel::Table->make now looks for default_I<colname> when looking
   for default values for a column.