Refbase2X/NEWS

This file presents a summary of the main fixes and enhancements.

See the 'ChangeLog' or the commit messages on SourceForge for a detailed
history:
  <http://refbase.svn.sourceforge.net/viewvc/refbase/>

Following sites list the refbase commit messages in chronological order
(allowing you to follow the refbase development progress):
  <http://cia.vc/stats/project/refbase/>
  <https://www.ohloh.net/projects/refbase/commits>

refbase-0.9.7
-------------
[DATE]

  Changes
---------

Security:

- Prevent refbase use when 'install.php' or 'update.php' are still present (a good practice anyway, but it works around CVE-2015-6008, CVE-2015-7381, CVW-2015-7382, and CVE-2015-7383 until we replace install.php with something better)

- Verify that referer is on the same site (fixes CVE-2015-6012 and partially addresses CVE-2015-6007)

- Prevent HTML injection attacks in more user-editable fields (fixes CVE-2008-6400 and CVE-2015-6010)

- Whitelist for XSL files (fixes CVE-2015-6011)

General:

- PHP7 compatibility

- Revise SQL files to meet new requirements of MySQL

- Allow logged-in users to search locations

- Increase default # of responses from 5 to 10

Miscellaneous:

- A lot of improvements to the MediaWiki plugin, including support for localization, HTTP AUTH, and MySQL/PDO

  Bug fixes
-----------

- Fixed localization of type field in list view




refbase-0.9.6
-------------
[28-FEB-2013]

  Feature additions
-------------------

Interface:

- Support for clickable links in cite_html

Localization:

- Localized user login

- Localized duplicate manager

- Localized query manager

- Added Russian localization

- Added Japanese localization


  Changes
---------

Security:

- Restrictions for non-admin users of search.php to prevent SQL injection

- quote_smart in query_modify.php

General:

- Removed functions deprecated in PHP 5.3.0

- Add parameter 'approved' to show.php

- Unify styling of show.php

- Re-arrange user detail fields by importance

Import:

- RIS import changes to follow the current spec

- File imports are improved by removing a BOM, if present

- Import of Endnote tagged files without requiring bibutils

- PubMed is now preferred over CrossRef for importing DOIs

- Improvements to CrossRef imports

- Improved import of references exported by refbase

- Minor improvements for RefWorks, Medline, and other formats

Export:

- COinS are now encoded as UTF-8, regardless of database encoding

- Change MODS export of theses to use the marcgt genre authority


  Bug fixes
-----------

- Fixed encoding special characters in MODS exporter

- CSS positioning fo quickSearch

- Fixed import of RIS tag "CP"

- Fixed file uploads to subdirectories that don't exist

- Timezone fixes in PHP 5.1 and above




refbase-0.9.5
-------------
[19-Nov-2008]

  Feature additions
-------------------

Import/Add Records:

- New resource types: Abstract, Conference Article, Conference Volume, Magazine
  Article, Manual, Miscellaneous, Newspaper Article, Patent, Report, Software

- Import from Endnote XML and SciFinder

- Direct import from arXiv IDs, DOIs and OpenURLs

- Direct upload of references from Bookends <http://www.sonnysoftware.com>

Search/Display:

- Improved interface:
	- Redesigned main page, page footer/header & forms on results pages
	- Quick Search form now always available in the page header
	- Search suggestions for text entered by the user
	- Forms on results pages can be hidden
	- Search results can be browsed & searched in three different views:
	  List view, Citations, Details
	- Additional record info (keywords, abstract, etc) and links to cite
	  or export the record can be displayed underneath each citation

- OpenSearch support (which e.g. enables Firefox & IE users to search refbase
  directly from their browser's toolbar)

- Initial support for searching & managing of duplicate records

- New query history with links to any previous search results

- New customizable "main fields" search option that allows to search across
  multiple fields at once

- New option to customize the default number of records per page

- Results can be dynamically included in foreign web pages

Export/Citation:

- New export formats: ADS, Atom XML, ISI Web of Science, OAI_DC XML, SRW_DC XML,
  Word XML

- New citation styles: AMA, APA, Chicago, Harvard (3 variants), MLA, Vancouver

- Output of citations in LaTeX bibliography (.bbl) format

- Cite, group or export ALL found records (instead of just the selected ones)

- For PDF output, US letter is now supported as page format

- The 'headerMsg' URL parameter adds a header to any of the citation formats

- Upon export, links to corresponding files are now included if the export
  format and user permissions allow so

Localization:

- Added chinese localization

Command Line Clients:

- Added support for all new export formats

- Added new options that allow to append found records to a local BibTeX or
  MODS/SRW XML file (if they don't yet exist in that file), and update existing
  records in that file if their modification date on the server is more recent

- Added new option to extract citation IDs from a file and retrieve matching
  records from refbase (supported file types: .aux, .bbl, .bib, .enw, .ris,
  .tex, (MODS|SRW|Endnote) .xml)

Miscellaneous:

- Added a refbase extension for MediaWiki which allows to place a serial number
  within <refbase>...</refbase>' markup tags; metadata for the reference is
  retrieved from refbase and marked-up according to a MediaWiki citation template

- Added support for the sitemaps.org protocol which allows for better indexing
  by search engines

- Added unAPI support for the new export formats 'atom', 'oai_dc' and 'srw_dc'


  Changes
---------

Security:

- Introduced measures to better prevent cross-site scripting (XSS) attacks

- For security reasons, HTML tags are now stripped from the 'headerMsg' URL
  parameter; string formatting can now be done using the refbase markup syntax

Installation/Update:

- Improved support for PHP installations running with 'safe_mode=On'

Import/Add Records:

- The 'edition' field now accepts string values

- After any add/edit/delete action, refbase now includes a link to the last
  multi-record search results list in the feedback message if the previous query
  resulted in a single record; Along with other changes, this obviates
  'receipt.php'

- When importing multiple records, ALL records are now imported by default

- Improved UTF-8 handling on import so that e.g. a best-effort conversion is
  done for UTF-8 data which are imported into a latin1-based database

- When importing (or exporting) RIS records, the type of thesis (such as
  "Masters thesis" or "Ph.D. thesis") is now taken from (or exported to) the
  'U1' field (as is supported by Bibutils v3.35 or greater)

- Upon import, if the given URL actually is a DOI prefixed with
  <http://dx.doi.org/>, we'll extract the DOI and move it to the 'doi' field

- Improved recognition of PubMed resource types

Search/Display:

- refbase now remembers many more search & display options while navigating or
  refining the results list

- Changed the HTTP transfer method in most forms from POST to GET; this helps to
  avoid warnings about re-sending POST data in some browsers (such as Firefox)

- When linking to particular records via 'show.php', one can now use consecutive
  serial number ranges as values of the 'records' URL parameter; examples:
  <show.php?records=123-131> or <show.php?records=123-141,145,147,150-152>

- One can now specify 'creation-date' as value for the 'citeOrder' parameter in
  'show.php' URLs (or the '--order' option of the 'refbase' CLI); this allows to
  sort records such that newly added/edited records get listed top of the list

- One can now specify 'Mobile' as value for the 'viewType' URL parameter (or the
  '--view' option of the 'refbase' CLI); this will return results in simple HTML
  suitable for mobile devices or any postprocessing

- Refined layout of 'user_receipt.php'

- Added many CSS attributes (id/class names) to HTML output where appropriate;
  this allows to easier refine the CSS styling of the refbase interface

Export/Citation:

- By default, export via the refbase GUI is now enabled for anonymous users

- By default, the SRU formats SRW_DC XML and SRW_MODS XML are now transformed to
  HTML via XSL stylesheets

- MODS XML exports include file links that Zotero is able to download

- Renamed the Bibutils 'xml2word' command line tool to 'xml2wordbib' according
  to the name changes in Bibutils v3.40; note that if you're using a Bibutils
  version prior to Bibutils v3.40, you must revert this change in file
  'export/bibutils/export_xml2word.php'

- The citation output options (previously located in the results footer) have
  been moved to the Display Options form of the results header in Citation view

Admin settings:

- The admin can now define any of the supported views (List view, Citations,
  Details) as the default view

- For each view, the admin can now define whether the results header & footer
  should be displayed open or closed by default, or whether they should be
  entirely hidden from the interface

- The admin can now customize the list of fields that are displayed by default
  in List & Details view; similarly, the list of fields that are available in
  dropdown menus of the results header can also be customized

- The admin can now define 'accesskey' values which allow for keyboard
  navigation of the main parts of the refbase interface

- The '$databaseBaseURL' in 'ini.inc.php' is now auto-generated by default

- The refbase logo image files have been updated to the new refbase logo, and
  the logo URL path & dimensions can now be customized easily via 'ini.inc.php'

- The session/temp dir path can now be specified explicitly in 'ini.inc.php';
  this allows you to define a custom directory path that's used on your server
  to save session data and to write any temporary files

Localization:

- Improved internationalization and added many additional localization strings

- Changed or merged some localization strings to allow for better translations
  to languages such as Spanish or Chinese

Miscellaneous:

- Underline fontshape markup is now supported in various import and citation
  formats as well as in refbase markup (use: '__underlined text__')

- For the "Extract citations" functionality, refbase now checks whether the
  extracted serial numbers and cite keys exist in the database and report any
  missing record identifiers


  Bug fixes
-----------

- Fixed bug that prevented correct directory creation/renaming and/or file
  upload on some platforms

- Fixed 'preg_match()' compilation errors when importing BibTeX records into a
  refbase UTF-8 database

- Worked around an error in Internet Explorer when importing single records via
  the web interface

- When importing PubMed MEDLINE source data, refbase now extracts author
  information from the 'AU' field if the 'FAU' field is not available

- refbase now converts Endnote XML text style markup into appropriate refbase
  markup

- Upon RIS import, refbase now makes sure that HTML encoded source data (such as
  '&auml;', '&#xF6;' or '&#233;') get decoded before import

- Fixed an issue were it wasn't possible to correctly import (or cite) records
  which contained non-ASCII characters in author's given names

- Records of unrecognized resource type were omitted upon citation output; fixed

- When outputting to LaTeX or RIS, curly brackets are now escaped to avoid
  incorrect output

- Fixed an error when exporting data to ODF XML and when the user-specific
  fields were missing from the SQL query




refbase-0.9.0
-------------
[27-Oct-2006]

  Feature additions
-------------------

Installation/Update:

- Searches path and common locations for supporting binaries
  <http://install.refbase.net>

Import/Add Records:

- Import from Endnote, Reference Manager (RIS), RefWorks, BibTeX, MODS XML,
  ISI Web of Science, PubMed (MEDLINE or XML), Cambridge Scientific Abstracts
  and COPAC (with automatic detection of bibliographic format)
  <http://import.refbase.net>

- Import of multiple records

- Import from a file or from PubMed ID

- Automatic file renaming and creation of subdirectories via placeholders
  <http://placeholders.refbase.net>

- Command line client to batch import records <http://cli.refbase.net>

Search/Display:

- Improved query API with short, permanent links to records
  <http://linking.refbase.net>

- SRU/W (Search & Retrieve via URL) web service <http://sru.refbase.net>

- OpenURL support <http://openurl.refbase.net>

- Embedding of COinS metadata within HTML pages <http://coins.refbase.net>

- UnAPI support <http://unapi.refbase.net>

- Command line client to search & retrieve records <http://cli.refbase.net>

- "Show All" link

- Links that display all records which were added/edited since a user's last
  login

- "is within range" and "is within list" searching of numeric fields

- French localization

Export/Citation:

- ODF XML export for use with OpenOffice.org <http://openoffice.refbase.net>

- Formatted citation export (RTF, PDF, LaTeX, Markdown, ASCII)

- Automatic generation of user-specific cite keys and text citations

- Sort by resource type (i.e., peer-reviewed publications, monographs, book
  contributions, theses, etc) when outputting citations

- Better transliteration between character sets


  Changes
---------

- Masking of fields which may contain e-mail addresses to prevent spam

- The number of records that are returned by default can now be customized

- Improved localization support

- Better quoting of MySQL queries (user-inputted data can contain slashes and
  quotation marks)

- refbase will now work independent of the 'magic_quotes_gpc' setting in your
  PHP configuration file 'php.ini'.

- Improvements in session management

- Search queries may be submitted via GET rather than POST

- The admin can now control which links shall be displayed in List view and
  Citation view


  Bug fixes
-----------

- Improvements in protection against disallowed searches

- Fixes to MODS XML export

- Short opening tags have been replaced with '<?php' for compatibility

- The user-specific language setting is now honoured correctly

- The contents of the 'file' field will now only be revealed if the user has
  permission to view/download files

- refbase now issues a correct error message if the size of the uploaded file
  exceeds 'post_max_size'




refbase-0.8.0
-------------
[05-Apr-2005]

  Feature additions
-------------------

Installation:

- New 'update.php' script and 'update.sql' to update refbase-0.7 to 0.8.0.

- 'install.php' and 'update.php' both work on Windows servers.

Export/citation:

- Export to MODS XML: refbase can output records in MODS format, a bibliographic
  XML standard developed by the Library of Congress:
    <http://www.loc.gov/standards/mods/>

- Export to Endnote/Bibtex/RIS: refbase supports export of records to common
  bibliographic formats by use of bibutils:
    <http://www.scripps.edu/~cdputnam/software/bibutils/>

- User-specific cite keys: The new user-specific field "Cite Key" allows users
  to specify a custom identifier for each record. Cite keys will be supported
  in export formats (MODS XML & Bibtex) and text citations as well as when
  generating reference lists.

Adding/editing/deleting of records:

- Unicode support: You can now set the default character set to 'utf8' (Unicode)
  when installing refbase on MySQL 4.1.x or greater. This provides support for
  double-byte languages.

- RSS support: Users can now track queries using RSS, i.e. users are able to
  convert any query into a dynamic RSS feed and subscribe to it using their
  favorite news aggregator. The feed will display all newly added records
  matching the users query.
  
- Print view: Added a print-friendly view which eases printing or copying of
  records.

- Includes an Endnote style file and PHP script to ease the manual batch import
  of bibliographic records.
  
- Started localization: Provided core structure to support web interfaces in
  different languages. Note that the localization feature isn't finished nor
  enabled yet and will be available in a future release.

Admin features:

- User-specific permissions: The admin can now assign access rights individually
  for each user. Permission settings are provided for basic actions like
  add/edit/delete records or file upload/download as well as other features like
  import, export or cite.

- Reference types, citation styles and export formats can be enabled/disabled by
  the admin for each user individually. The user, in turn, can choose which of
  the enabled types/styles/formats shall be visible.

- User- and criteria-specific file downloads: Download links can be made
  available to either everyone, logged-in users only or on a user-specific
  basis. In addition, you can optionally specify a condition where files will
  be always made visible.

- The admin interface now allows to group particular database users.

User customization:

- User-specific groups: Users can now add records to user-specific groups. A
  drop-down menu on the main page (or any search results list) provides quick
  access to all records belonging to a particular group.

- Saved queries: It is now possible to permanently save any search query
  together with the current display settings. Saved queries can be easily
  recalled or edited from the main page.

- Link records: A new user-specific field ("Related") enables users to link
  records to other records in the database. Links can be either static (by
  explicitly linking to particular record serials) or dynamic (by entering
  queries like "author:lee; title:ecosystem").


  Changes
---------

- The MySQL database used by refbase has undergone some significant changes.
  Please use the 'update.php' script to update any old refbase MySQL database.

- refbase will now work independent of the 'register_globals' setting in your
  PHP configuration file 'php.ini'.

- Links to particular pages/features will be only made visible if the user has
  appropriate access rights.

- Re-designed the "Search within Results" form.

- Users can now choose on every search results page which fields and how many
  records shall be displayed.

- Logged-in users can now use user-specific cite keys (instead of serial
  numbers) as record identifiers when generating a reference list using
  'extract.php'.

- Citation style and export format definitions now reside in individual files
  (within the 'cite/' and 'export/' sub-directories, respectively) and are
  managed via MySQL tables. This enables users to develop custom styles and/or
  formats.

- Added support for fields 'keywords', 'notes', 'marked' and 'language' within
  the admin interface.

- Custom CSS style sheets can be specified within 'ini.inc.php' to change the
  visual appearance of the served web pages.

- You can now define (in 'initialize/ini.inc.php') what will be searched by
  script 'library_search.php'.

- Added variables to the database configuration file ('initialize/db.inc.php')
  which allow to use custom names for the refbase MySQL tables.

- Renamed the v0.7 'Export' feature to 'Cite' to better reflect its purpose and
  to make room for the new export capabilities.

- Include files and configuration files were moved to separate sub-directories.

- refbase now tries harder to prevent a malicious user from hacking the database
  by use of a custom SQL query.

- A lot of internal code re-structuring.


  Bug fixes
-----------

- When adding records, entered values will be reloaded correctly if an error
  occurs.




refbase-0.7
-----------
[11-Jan-2004]

  Feature additions
-------------------

Installation:

- Provided a web interface ('install.php') as well as a MySQL dump file for
  installation. This should make it a lot easier to setup the database. Besides
  the database structure, the MySQL dump file includes a temporary admin user
  and twelve sample records.

User customization:

- The database now offers six user-specific fields. These fields are stored
  individually for each user within a separate table. You can use these fields
  to store personal information for a particular record (for example your
  personal keywords or notes). These fields are only provided to logged-in users
  and can't be viewed by other users.

- After login, a 'Show My Refs' form will allow you to easily display all of
  your own literature. This form also offers a quick way of searching your own
  literature by your personal fields (such as your personal keywords or notes).

Display features:

- Provided display support for rich text (like italics, super-/subscript or
  greek symbols) within the title, keywords and abstract fields by use of a
  configurable, extensible and human readable markup syntax.

- A direct download link to any file that's associated with a particular
  record will be shown to logged in users.

- By default, exported records will now feature a 'show details' link to the
  right.

- Export output can now optionally list records in blocks sorted by year.

- Provided support for custom header messages within database queries: by
  including the 'headerMsg' parameter within query URLs it is now possible to
  include any information string within a link. As an example, a query URL
  pointing to articles written by a particular author can now include the
  appropriate author information (e.g. "Articles by Matthias Steffens:") which
  will show up as a header message on every results page.

User management:

- 'Search within Results' functionality now also works when managing users.

- It is now possible to delete any non-admin user via the user management
  interface.

- Two new fields will store information about the date & time of the last login
  as well as the total number of logins for a particular user.

Admin features:

- The admin user is allowed to execute custom SQL statements other than SELECT
  queries (according to his GRANT privileges). This will enable him to make
  batch changes to the database.

Adding/editing/deleting of records: 

- Added record announcement capabilities: If a new record has been added to the
  database a short email announcement can be sent to a mailing list email
  address.

- Provided some magic that figures out what do to depending on the state of the
  new 'is Editor' check box and the content of the 'author', 'editor' and 'type'
  fields.

- Introduced a new field 'thesis' which enables you to specify the type of
  degree ("Bachelor's thesis", "Master's thesis", "Ph.D. thesis", "Diploma
  thesis", "Doctoral thesis" or "Habilitation thesis") that was achieved by a
  publication.

- Provided support for online publications by the introduction of two new
  database fields: 'online_publication' & 'online_citation'. If the field
  'online_publication' is set to 'yes' by marking the appropriate checkbox, the
  export view will display the doi number as well as any string that was entered
  into the 'online_citation' field.

- Introduced a new field 'contribution_id'. By marking the appropriate checkbox
  within the 'record' form your institutional abbreviation will be added to the
  contents of the 'contribution_id' field. This serves as an easy method to tag
  all those records that were published by your own institution.

- 'record.php' now enables you to upload a file that's associated with a
  particular record entry. If the root directory where your files will be stored
  (specified in 'ini.inc.php') contains a sub-directory whose name matches the
  string provided within the 'abbrev_journal' field (after converting the string
  to lowercase and stripping all characters but ascii letters) the uploaded file
  will be placed inside that sub-directory. As an example, if you've created a
  sub-directory named 'polarbiol' within your files root directory, any uploaded
  file will be copied to that sub-directory if its accompanying record contains
  the string 'Polar Biol.' within its 'abbrev_journal' field.

- Depending on the value of the 'locationSelector' drop-down, the user's name
  and email address will be added/removed from the 'location' field
  automatically.


  Changes
---------

- The format of the MySQL tables has changed (added & renamed some fields and
  changed some field types). You'll need to update your table definitions in
  order to use this version! See the online documentation for further help:
    <http://sourceforge.net/docman/?group_id=64647>

- File 'db.inc': Removed 'root' as default value for '$username' (the use of a
  separate mysql user with more restrictive permissions is highly recommended).

- Non-admin users will be only shown their own call number information. This is
  done to ease data entry and to prevent non-admin users from messing with other
  user's call number information. The data entered by the user will be
  automatically completed with the user's correct call number prefix.

- Instead of deleting data, deleted records will now be moved to the 'deleted'
  table. Data will be stored within the 'deleted' table until they are removed
  manually. This is to provide the admin with a simple recovery method in case
  a user did delete some data by accident.


  Bug fixes
-----------

- Fixed a (potentially disastrous) security hole where non-admin users were
  allowed to execute custom queries other than SELECT queries.

- When adding/updating a record the fields 'created_date', 'created_time',
  'created_by', 'modified_date', 'modified_time', 'modified_by' will be set
  correctly now.

- Similarly, when adding/updating a record, the calculation fields
  'first_author', 'author_count' and 'first_page' will be setup correctly now.

- Modifying the SQL query of a particular search result now also works properly
  for details and export view.

The following known issues have been fixed:

- If you clicked on login/logout within the first of any query results pages
  before clicking somewhere else, you did get an 'Error 1065: Query was empty'.

- Export as 'Text Citation' didn't work properly on records that were added via
  the web interface.




refbase-0.6.1b1
---------------
[30-Jun-2003]

- Fixes a bug which made it impossible to setup the first user of the database.

- A user management interface is provided to admins.

- Users can now change their password later on.

- Variable settings from 'ini.inc.php' are now honoured correctly.

- Provided a search form that shows up on the main page after successful login
  which will allow a user to easily search his *own* literature only.