"blob" is practically used with the expectation of unlimited length, which is
true with PostgreSQL's bytea, but not with MariaDB's BLOB, which is limited to
64KiB.
So instead use LONGBLOB, which has a maximum of 4GiB, effectively unlimited.
This check made registration impossible when welcomeuser didn't have validation
as well.
And rename the "grandfatherCutoff" option to "exemptBefore".
"Grandfathering" is a relatively obscure term linked to the history of the
United States of America, so replace that with something self-descriptive.
Give priority to cookies over GET.
Make sure session ids have only expected characters
(PHP file session handler's limitation).
Replace a mostly useless log warning with a debug message.
On PostgreSQL:
- Parse defaults for strings and booleans properly.
- Parse the "serial" definition type properly.
- Get information on the "enum" definition type.
- Re-work getting information about keys/indices.
On MariaDB:
- Get information about lengths in indices.
- Get foreign key information separately from the rest as they can have
colliding names.
This adds a requirement for all definitions that have foreign keys to also
require indices for all source (local) attributes mentioned in foreign keys.
MariaDB/MySQL creates indices for source attributes automatically, so this
serves as a way to get rid of those automatic indices and create clean explicit
ones instead.
In PostgreSQL, most of the time, indices on the source are necessary to
decrease performance penalty of foreign keys (like in MariaDB), but they aren't
created automatically, so this serves to remove that difference between
PostgreSQL and MariaDB.
- getMessages() is now fetching from the Notice table as supposed
- every show{format}* method is properly updated to use Notice objects
- json and xml responses retrieve multi-recipients without compromising
backwards compatibility
Instead of relying on the MariaDB's ON UPDATE CURRENT_TIMESTAMP trigger update
"modified" attributes in Managed_DataObject. Every raw query that needs
adjusting is adjusted, as they won't update "modified" automatically anymore.
The main goal behind this change is to fix "modified" updates on PostgreSQL.
Password hashes are now stored in a TEXT attribute, not limited to 199 symbols.
That limitation makes no sense as password hashes are not the kind of
information to be indexed.
Actually replace crypt() with password_verify() for password checking, current
code left password_verify() unused.
Only update passwords when they use a different algorithm from the current
default. Previously "overwrite" meant rehashing every login.
Replace the "argon" boolean option with "algorithm" and "algorithm_options" for
better configurability.
The default remains whichever is default for PHP's password_hash.
Alexei Sorokin
t3nma
Diogo Cordeiro