This file presents a summary of the main fixes and enhancements.
See the 'ChangeLog' or the commit messages on SourceForge for a detailed
history:
Following sites list the refbase commit messages in chronological order
(allowing you to follow the refbase development progress):
refbase-0.9.7
-------------
[DATE]
Changes
---------
Security:
- Prevent refbase use when 'install.php' or 'update.php' are still present (a good practice anyway, but it works around CVE-2015-6008, CVE-2015-7381, CVW-2015-7382, and CVE-2015-7383 until we replace install.php with something better)
- Verify that referer is on the same site (fixes CVE-2015-6012 and partially addresses CVE-2015-6007)
- Prevent HTML injection attacks in more user-editable fields (fixes CVE-2008-6400 and CVE-2015-6010)
- Whitelist for XSL files (fixes CVE-2015-6011)
General:
- PHP7 compatibility
- Revise SQL files to meet new requirements of MySQL
- Allow logged-in users to search locations
- Increase default # of responses from 5 to 10
Miscellaneous:
- A lot of improvements to the MediaWiki plugin, including support for localization, HTTP AUTH, and MySQL/PDO
Bug fixes
-----------
- Fixed localization of type field in list view
refbase-0.9.6
-------------
[28-FEB-2013]
Feature additions
-------------------
Interface:
- Support for clickable links in cite_html
Localization:
- Localized user login
- Localized duplicate manager
- Localized query manager
- Added Russian localization
- Added Japanese localization
Changes
---------
Security:
- Restrictions for non-admin users of search.php to prevent SQL injection
- quote_smart in query_modify.php
General:
- Removed functions deprecated in PHP 5.3.0
- Add parameter 'approved' to show.php
- Unify styling of show.php
- Re-arrange user detail fields by importance
Import:
- RIS import changes to follow the current spec
- File imports are improved by removing a BOM, if present
- Import of Endnote tagged files without requiring bibutils
- PubMed is now preferred over CrossRef for importing DOIs
- Improvements to CrossRef imports
- Improved import of references exported by refbase
- Minor improvements for RefWorks, Medline, and other formats
Export:
- COinS are now encoded as UTF-8, regardless of database encoding
- Change MODS export of theses to use the marcgt genre authority
Bug fixes
-----------
- Fixed encoding special characters in MODS exporter
- CSS positioning fo quickSearch
- Fixed import of RIS tag "CP"
- Fixed file uploads to subdirectories that don't exist
- Timezone fixes in PHP 5.1 and above
refbase-0.9.5
-------------
[19-Nov-2008]
Feature additions
-------------------
Import/Add Records:
- New resource types: Abstract, Conference Article, Conference Volume, Magazine
Article, Manual, Miscellaneous, Newspaper Article, Patent, Report, Software
- Import from Endnote XML and SciFinder
- Direct import from arXiv IDs, DOIs and OpenURLs
- Direct upload of references from Bookends
Search/Display:
- Improved interface:
- Redesigned main page, page footer/header & forms on results pages
- Quick Search form now always available in the page header
- Search suggestions for text entered by the user
- Forms on results pages can be hidden
- Search results can be browsed & searched in three different views:
List view, Citations, Details
- Additional record info (keywords, abstract, etc) and links to cite
or export the record can be displayed underneath each citation
- OpenSearch support (which e.g. enables Firefox & IE users to search refbase
directly from their browser's toolbar)
- Initial support for searching & managing of duplicate records
- New query history with links to any previous search results
- New customizable "main fields" search option that allows to search across
multiple fields at once
- New option to customize the default number of records per page
- Results can be dynamically included in foreign web pages
Export/Citation:
- New export formats: ADS, Atom XML, ISI Web of Science, OAI_DC XML, SRW_DC XML,
Word XML
- New citation styles: AMA, APA, Chicago, Harvard (3 variants), MLA, Vancouver
- Output of citations in LaTeX bibliography (.bbl) format
- Cite, group or export ALL found records (instead of just the selected ones)
- For PDF output, US letter is now supported as page format
- The 'headerMsg' URL parameter adds a header to any of the citation formats
- Upon export, links to corresponding files are now included if the export
format and user permissions allow so
Localization:
- Added chinese localization
Command Line Clients:
- Added support for all new export formats
- Added new options that allow to append found records to a local BibTeX or
MODS/SRW XML file (if they don't yet exist in that file), and update existing
records in that file if their modification date on the server is more recent
- Added new option to extract citation IDs from a file and retrieve matching
records from refbase (supported file types: .aux, .bbl, .bib, .enw, .ris,
.tex, (MODS|SRW|Endnote) .xml)
Miscellaneous:
- Added a refbase extension for MediaWiki which allows to place a serial number
within ...' markup tags; metadata for the reference is
retrieved from refbase and marked-up according to a MediaWiki citation template
- Added support for the sitemaps.org protocol which allows for better indexing
by search engines
- Added unAPI support for the new export formats 'atom', 'oai_dc' and 'srw_dc'
Changes
---------
Security:
- Introduced measures to better prevent cross-site scripting (XSS) attacks
- For security reasons, HTML tags are now stripped from the 'headerMsg' URL
parameter; string formatting can now be done using the refbase markup syntax
Installation/Update:
- Improved support for PHP installations running with 'safe_mode=On'
Import/Add Records:
- The 'edition' field now accepts string values
- After any add/edit/delete action, refbase now includes a link to the last
multi-record search results list in the feedback message if the previous query
resulted in a single record; Along with other changes, this obviates
'receipt.php'
- When importing multiple records, ALL records are now imported by default
- Improved UTF-8 handling on import so that e.g. a best-effort conversion is
done for UTF-8 data which are imported into a latin1-based database
- When importing (or exporting) RIS records, the type of thesis (such as
"Masters thesis" or "Ph.D. thesis") is now taken from (or exported to) the
'U1' field (as is supported by Bibutils v3.35 or greater)
- Upon import, if the given URL actually is a DOI prefixed with
, we'll extract the DOI and move it to the 'doi' field
- Improved recognition of PubMed resource types
Search/Display:
- refbase now remembers many more search & display options while navigating or
refining the results list
- Changed the HTTP transfer method in most forms from POST to GET; this helps to
avoid warnings about re-sending POST data in some browsers (such as Firefox)
- When linking to particular records via 'show.php', one can now use consecutive
serial number ranges as values of the 'records' URL parameter; examples:
or
- One can now specify 'creation-date' as value for the 'citeOrder' parameter in
'show.php' URLs (or the '--order' option of the 'refbase' CLI); this allows to
sort records such that newly added/edited records get listed top of the list
- One can now specify 'Mobile' as value for the 'viewType' URL parameter (or the
'--view' option of the 'refbase' CLI); this will return results in simple HTML
suitable for mobile devices or any postprocessing
- Refined layout of 'user_receipt.php'
- Added many CSS attributes (id/class names) to HTML output where appropriate;
this allows to easier refine the CSS styling of the refbase interface
Export/Citation:
- By default, export via the refbase GUI is now enabled for anonymous users
- By default, the SRU formats SRW_DC XML and SRW_MODS XML are now transformed to
HTML via XSL stylesheets
- MODS XML exports include file links that Zotero is able to download
- Renamed the Bibutils 'xml2word' command line tool to 'xml2wordbib' according
to the name changes in Bibutils v3.40; note that if you're using a Bibutils
version prior to Bibutils v3.40, you must revert this change in file
'export/bibutils/export_xml2word.php'
- The citation output options (previously located in the results footer) have
been moved to the Display Options form of the results header in Citation view
Admin settings:
- The admin can now define any of the supported views (List view, Citations,
Details) as the default view
- For each view, the admin can now define whether the results header & footer
should be displayed open or closed by default, or whether they should be
entirely hidden from the interface
- The admin can now customize the list of fields that are displayed by default
in List & Details view; similarly, the list of fields that are available in
dropdown menus of the results header can also be customized
- The admin can now define 'accesskey' values which allow for keyboard
navigation of the main parts of the refbase interface
- The '$databaseBaseURL' in 'ini.inc.php' is now auto-generated by default
- The refbase logo image files have been updated to the new refbase logo, and
the logo URL path & dimensions can now be customized easily via 'ini.inc.php'
- The session/temp dir path can now be specified explicitly in 'ini.inc.php';
this allows you to define a custom directory path that's used on your server
to save session data and to write any temporary files
Localization:
- Improved internationalization and added many additional localization strings
- Changed or merged some localization strings to allow for better translations
to languages such as Spanish or Chinese
Miscellaneous:
- Underline fontshape markup is now supported in various import and citation
formats as well as in refbase markup (use: '__underlined text__')
- For the "Extract citations" functionality, refbase now checks whether the
extracted serial numbers and cite keys exist in the database and report any
missing record identifiers
Bug fixes
-----------
- Fixed bug that prevented correct directory creation/renaming and/or file
upload on some platforms
- Fixed 'preg_match()' compilation errors when importing BibTeX records into a
refbase UTF-8 database
- Worked around an error in Internet Explorer when importing single records via
the web interface
- When importing PubMed MEDLINE source data, refbase now extracts author
information from the 'AU' field if the 'FAU' field is not available
- refbase now converts Endnote XML text style markup into appropriate refbase
markup
- Upon RIS import, refbase now makes sure that HTML encoded source data (such as
'ä', 'ö' or 'é') get decoded before import
- Fixed an issue were it wasn't possible to correctly import (or cite) records
which contained non-ASCII characters in author's given names
- Records of unrecognized resource type were omitted upon citation output; fixed
- When outputting to LaTeX or RIS, curly brackets are now escaped to avoid
incorrect output
- Fixed an error when exporting data to ODF XML and when the user-specific
fields were missing from the SQL query
refbase-0.9.0
-------------
[27-Oct-2006]
Feature additions
-------------------
Installation/Update:
- Searches path and common locations for supporting binaries
Import/Add Records:
- Import from Endnote, Reference Manager (RIS), RefWorks, BibTeX, MODS XML,
ISI Web of Science, PubMed (MEDLINE or XML), Cambridge Scientific Abstracts
and COPAC (with automatic detection of bibliographic format)
- Import of multiple records
- Import from a file or from PubMed ID
- Automatic file renaming and creation of subdirectories via placeholders
- Command line client to batch import records
Search/Display:
- Improved query API with short, permanent links to records
- SRU/W (Search & Retrieve via URL) web service
- OpenURL support
- Embedding of COinS metadata within HTML pages
- UnAPI support
- Command line client to search & retrieve records
- "Show All" link
- Links that display all records which were added/edited since a user's last
login
- "is within range" and "is within list" searching of numeric fields
- French localization
Export/Citation:
- ODF XML export for use with OpenOffice.org
- Formatted citation export (RTF, PDF, LaTeX, Markdown, ASCII)
- Automatic generation of user-specific cite keys and text citations
- Sort by resource type (i.e., peer-reviewed publications, monographs, book
contributions, theses, etc) when outputting citations
- Better transliteration between character sets
Changes
---------
- Masking of fields which may contain e-mail addresses to prevent spam
- The number of records that are returned by default can now be customized
- Improved localization support
- Better quoting of MySQL queries (user-inputted data can contain slashes and
quotation marks)
- refbase will now work independent of the 'magic_quotes_gpc' setting in your
PHP configuration file 'php.ini'.
- Improvements in session management
- Search queries may be submitted via GET rather than POST
- The admin can now control which links shall be displayed in List view and
Citation view
Bug fixes
-----------
- Improvements in protection against disallowed searches
- Fixes to MODS XML export
- Short opening tags have been replaced with '
- Export to Endnote/Bibtex/RIS: refbase supports export of records to common
bibliographic formats by use of bibutils:
- User-specific cite keys: The new user-specific field "Cite Key" allows users
to specify a custom identifier for each record. Cite keys will be supported
in export formats (MODS XML & Bibtex) and text citations as well as when
generating reference lists.
Adding/editing/deleting of records:
- Unicode support: You can now set the default character set to 'utf8' (Unicode)
when installing refbase on MySQL 4.1.x or greater. This provides support for
double-byte languages.
- RSS support: Users can now track queries using RSS, i.e. users are able to
convert any query into a dynamic RSS feed and subscribe to it using their
favorite news aggregator. The feed will display all newly added records
matching the users query.
- Print view: Added a print-friendly view which eases printing or copying of
records.
- Includes an Endnote style file and PHP script to ease the manual batch import
of bibliographic records.
- Started localization: Provided core structure to support web interfaces in
different languages. Note that the localization feature isn't finished nor
enabled yet and will be available in a future release.
Admin features:
- User-specific permissions: The admin can now assign access rights individually
for each user. Permission settings are provided for basic actions like
add/edit/delete records or file upload/download as well as other features like
import, export or cite.
- Reference types, citation styles and export formats can be enabled/disabled by
the admin for each user individually. The user, in turn, can choose which of
the enabled types/styles/formats shall be visible.
- User- and criteria-specific file downloads: Download links can be made
available to either everyone, logged-in users only or on a user-specific
basis. In addition, you can optionally specify a condition where files will
be always made visible.
- The admin interface now allows to group particular database users.
User customization:
- User-specific groups: Users can now add records to user-specific groups. A
drop-down menu on the main page (or any search results list) provides quick
access to all records belonging to a particular group.
- Saved queries: It is now possible to permanently save any search query
together with the current display settings. Saved queries can be easily
recalled or edited from the main page.
- Link records: A new user-specific field ("Related") enables users to link
records to other records in the database. Links can be either static (by
explicitly linking to particular record serials) or dynamic (by entering
queries like "author:lee; title:ecosystem").
Changes
---------
- The MySQL database used by refbase has undergone some significant changes.
Please use the 'update.php' script to update any old refbase MySQL database.
- refbase will now work independent of the 'register_globals' setting in your
PHP configuration file 'php.ini'.
- Links to particular pages/features will be only made visible if the user has
appropriate access rights.
- Re-designed the "Search within Results" form.
- Users can now choose on every search results page which fields and how many
records shall be displayed.
- Logged-in users can now use user-specific cite keys (instead of serial
numbers) as record identifiers when generating a reference list using
'extract.php'.
- Citation style and export format definitions now reside in individual files
(within the 'cite/' and 'export/' sub-directories, respectively) and are
managed via MySQL tables. This enables users to develop custom styles and/or
formats.
- Added support for fields 'keywords', 'notes', 'marked' and 'language' within
the admin interface.
- Custom CSS style sheets can be specified within 'ini.inc.php' to change the
visual appearance of the served web pages.
- You can now define (in 'initialize/ini.inc.php') what will be searched by
script 'library_search.php'.
- Added variables to the database configuration file ('initialize/db.inc.php')
which allow to use custom names for the refbase MySQL tables.
- Renamed the v0.7 'Export' feature to 'Cite' to better reflect its purpose and
to make room for the new export capabilities.
- Include files and configuration files were moved to separate sub-directories.
- refbase now tries harder to prevent a malicious user from hacking the database
by use of a custom SQL query.
- A lot of internal code re-structuring.
Bug fixes
-----------
- When adding records, entered values will be reloaded correctly if an error
occurs.
refbase-0.7
-----------
[11-Jan-2004]
Feature additions
-------------------
Installation:
- Provided a web interface ('install.php') as well as a MySQL dump file for
installation. This should make it a lot easier to setup the database. Besides
the database structure, the MySQL dump file includes a temporary admin user
and twelve sample records.
User customization:
- The database now offers six user-specific fields. These fields are stored
individually for each user within a separate table. You can use these fields
to store personal information for a particular record (for example your
personal keywords or notes). These fields are only provided to logged-in users
and can't be viewed by other users.
- After login, a 'Show My Refs' form will allow you to easily display all of
your own literature. This form also offers a quick way of searching your own
literature by your personal fields (such as your personal keywords or notes).
Display features:
- Provided display support for rich text (like italics, super-/subscript or
greek symbols) within the title, keywords and abstract fields by use of a
configurable, extensible and human readable markup syntax.
- A direct download link to any file that's associated with a particular
record will be shown to logged in users.
- By default, exported records will now feature a 'show details' link to the
right.
- Export output can now optionally list records in blocks sorted by year.
- Provided support for custom header messages within database queries: by
including the 'headerMsg' parameter within query URLs it is now possible to
include any information string within a link. As an example, a query URL
pointing to articles written by a particular author can now include the
appropriate author information (e.g. "Articles by Matthias Steffens:") which
will show up as a header message on every results page.
User management:
- 'Search within Results' functionality now also works when managing users.
- It is now possible to delete any non-admin user via the user management
interface.
- Two new fields will store information about the date & time of the last login
as well as the total number of logins for a particular user.
Admin features:
- The admin user is allowed to execute custom SQL statements other than SELECT
queries (according to his GRANT privileges). This will enable him to make
batch changes to the database.
Adding/editing/deleting of records:
- Added record announcement capabilities: If a new record has been added to the
database a short email announcement can be sent to a mailing list email
address.
- Provided some magic that figures out what do to depending on the state of the
new 'is Editor' check box and the content of the 'author', 'editor' and 'type'
fields.
- Introduced a new field 'thesis' which enables you to specify the type of
degree ("Bachelor's thesis", "Master's thesis", "Ph.D. thesis", "Diploma
thesis", "Doctoral thesis" or "Habilitation thesis") that was achieved by a
publication.
- Provided support for online publications by the introduction of two new
database fields: 'online_publication' & 'online_citation'. If the field
'online_publication' is set to 'yes' by marking the appropriate checkbox, the
export view will display the doi number as well as any string that was entered
into the 'online_citation' field.
- Introduced a new field 'contribution_id'. By marking the appropriate checkbox
within the 'record' form your institutional abbreviation will be added to the
contents of the 'contribution_id' field. This serves as an easy method to tag
all those records that were published by your own institution.
- 'record.php' now enables you to upload a file that's associated with a
particular record entry. If the root directory where your files will be stored
(specified in 'ini.inc.php') contains a sub-directory whose name matches the
string provided within the 'abbrev_journal' field (after converting the string
to lowercase and stripping all characters but ascii letters) the uploaded file
will be placed inside that sub-directory. As an example, if you've created a
sub-directory named 'polarbiol' within your files root directory, any uploaded
file will be copied to that sub-directory if its accompanying record contains
the string 'Polar Biol.' within its 'abbrev_journal' field.
- Depending on the value of the 'locationSelector' drop-down, the user's name
and email address will be added/removed from the 'location' field
automatically.
Changes
---------
- The format of the MySQL tables has changed (added & renamed some fields and
changed some field types). You'll need to update your table definitions in
order to use this version! See the online documentation for further help:
- File 'db.inc': Removed 'root' as default value for '$username' (the use of a
separate mysql user with more restrictive permissions is highly recommended).
- Non-admin users will be only shown their own call number information. This is
done to ease data entry and to prevent non-admin users from messing with other
user's call number information. The data entered by the user will be
automatically completed with the user's correct call number prefix.
- Instead of deleting data, deleted records will now be moved to the 'deleted'
table. Data will be stored within the 'deleted' table until they are removed
manually. This is to provide the admin with a simple recovery method in case
a user did delete some data by accident.
Bug fixes
-----------
- Fixed a (potentially disastrous) security hole where non-admin users were
allowed to execute custom queries other than SELECT queries.
- When adding/updating a record the fields 'created_date', 'created_time',
'created_by', 'modified_date', 'modified_time', 'modified_by' will be set
correctly now.
- Similarly, when adding/updating a record, the calculation fields
'first_author', 'author_count' and 'first_page' will be setup correctly now.
- Modifying the SQL query of a particular search result now also works properly
for details and export view.
The following known issues have been fixed:
- If you clicked on login/logout within the first of any query results pages
before clicking somewhere else, you did get an 'Error 1065: Query was empty'.
- Export as 'Text Citation' didn't work properly on records that were added via
the web interface.
refbase-0.6.1b1
---------------
[30-Jun-2003]
- Fixes a bug which made it impossible to setup the first user of the database.
- A user management interface is provided to admins.
- Users can now change their password later on.
- Variable settings from 'ini.inc.php' are now honoured correctly.
- Provided a search form that shows up on the main page after successful login
which will allow a user to easily search his *own* literature only.