glFusion v1.1.5 continues our commitment to providing a secure and robust content management system. This release release includes several enhancements and bug fixes.
This release does make configuration and database modifications, so you must run the Upgrade Wizard after you have loaded the files to your server.
We have continued our audit of the source code and added additional protections to prevent XSS (Cross Site Scripting) attacks and made several minor improvements in parameter filtering.
The FCKeditor bundled with glFusion has been updated to the latest release version which includes a few security fixes and enhancements.
Security of your web site is very important to us. If an vulnerability is found, we try to fix it immediately. The challenge is informing our users of the risk and the fix. We now offer the
glFusion Announce Mailing List that you can subscribe to. We will post all known issues and security issues to this list. We also offer a
Known Issues / Security Updates RSS feed you can subscribe to as well.
We strongly recommend that you subscribe to one of the items above to ensure you receive prompt notification of any security vulnerabilities and their solution.
We have made several small improvements throughout the entire glFusion suite to provide improved SEO.
Canonical URLs
Where appropriate, we now include canonical URLs for pages that may have multiple methods of reference. For example, when viewing a story, there may be several valid URLs to reference the story:
http://www.glfusion.org/article.php?story=storysid
http://www.glfusion.org/article.php/storysid
http://www.glfusion.org/article.php/storysid?query=highlighttext
Each of these URLs reference the same story. A canonical URL tells the search engines the 'preferred' URL so they will recognize that the multiple references to the page are not duplicate content. For example, the 'preferred' or canonical URL for the story referenced above might be:
http://www.glfusion.org/article.php/storysid
This puts you in control of how the search engines evaluate your site. Prior to canonical URLs, the search engines would try to derive (or guess) the preferred URL. Now, you control how your site is evaluated.
See Specify your canonical article for more details. Also, check out Demystifying the "duplicate content penalty" for some good information on the facts of duplicate content on a site.
Page Titles
We have also improved page titles to better reflect the page being viewed. For example, when viewing Forum posts, the topic subject is now the page title. In the FileMgmt plugin, we use the file name description as the page title. In Media Gallery, we use the album title as the page title when viewing an album and the media item title as the page title when viewing a media item. We have tried to include a content specific page title for every item in glFusion.
The underlying comment engine in glFusion did not work well with plugins. For example, a user has the ability to choose how many comments they wish to see at one time. glFusion will then add a navigation bar at the end of the comments to allow the user to page through them. This functionality did not work for plugins, only for stories. glFusion v1.1.5 fixes this and now all features of the comment engine work for all glFusion plugins.
The daily digest feature allows stories to be emailed to users who choose to receive them. Prior versions of glFusion would only include a text version of the story in the email. New in glFusion v1.1.5 is the ability to send the story in both HTML and TEXT mode. This allows users who receive the email to see the story in the same format they would online. For those users who do not have HTML capable email clients, they will still see the text version of the story as they have in the past.
Previous versions of glFusion only allowed usernames to be a maximum of 16 characters. glFusion v1.1.5 now supports usernames upto 32 characters in length.
In previous versions of glFusion, several core groups could not be edited by the site admin. This restriction was the cause of much grief for sites that wanted to enable a feature for all logged-in-users for example. With glFusion v1.1.5, the group membership and features of the core groups can now be modified.
Previous versions of glFusion did not provide hooks into the user preference (profile) screens. New with glFusion v1.1.5 is a full set of programming interfaces that allow plugin developers to seamlessly add new elements the various user preference screens.
The Forum plugin now adds a Forum Preferences tab to the user preference screen. The Media Gallery plugin has also moved its user preferences to a tab on the glFusion User Preference screens.
glFusion supports putting a site in “maintenance mode”, which allows an admin to access the full site while non-admins are re-directed to a sitedown page or message. This is useful when performing maintenance or staging a site during development, and you don't want folks to see the work in progress.
Previously you had to toggle a setting in public_html/siteconfig.php to enable maintenance mode, but now you can do it directly from the online configuration screen. If you accidentally logout of your site while it is in maintenance mode, there is an override setting that you can set in public_html/siteconfig.php that will let you log back in to your site.
The Forum plugin received the most attention during this release cycle adding several new features and user experience improvements.
Community Moderation is the brain child of Marco Belmonte. Marco sponsored the development of this cool feature. Josh Pendergrass did the development work. Community Moderation allows the Forum users to self-moderate the forums. For more details see the Community Moderation documentation.
Eric Kingsley developed a modification to the Forum plugin that allows users to receive the full text of the forum post in the subscription notification emails. Eric was kind enough to share his work with us and it has been included in the Forum code base.
We're finding more and more sites that would prefer to use a true WYSIWYG editor instead of the standard BBcode editor included with the Forum plugin. We have added the ability to now use the bundled glFusion advanced editor (FCKeditor) as the default editor for forum posts.
Another feature found in many other bulletin board and forum systems is the ability for users to create a customized signature that supports images and various text formatting (such as bold, italics, etc.). We have added the ability for users to create their own customized Forum signature will full support for the BBcode attributes currently available in the Forum plugin. See the BBCode Signature documentation for more details.
For those folks who are migrating from phpBB3 to glFusion, we now have the ability to import both users and all existing forum posts into the glFusion system.
Thanks to Jon Deliz, Media Gallery now supports including remote hosted JPG and GIF images. Jon even added the ability to create the local thumbnail, but this does require that your hosting provider includes CURL support.
A missing feature for some time, Media Gallery now supports the ability to change the media owner. Site Admins can now edit the owner of any media item.
Media Gallery now supports the Tag Plugin, which allows you to have a tag cloud on your site.
Moved maintenance_mode to the online configuration (Mark)
Added default sitedown.html page (Eric)
Fixed typo in install script example path and clarified help text (Eric)
Comments did not properly retain the post mode setting (Mark)
Fixed issue with
URL rewrite that appears on some hosting services where the parameter array is not properly recognized (Mark)
Reworked daily digest code to support both
HTML and text messages. It is now template driven (Mark)
Rename signature (in user profile) to Tag Line (Mark)
Email did not honor the priority flag (Mark)
Ability to use remote IP instead of referring
URL for security tokens (Mark)
Fixed censor mode select (Mark)
Add option for user to select search result format (Mark)
Add block name to the admin list of blocks (Mark)
Updated htmLawed to v1.1.8.1 (Mark)
Implemented new profile APIs (Mark)
New configuration option to hide the 'Content' tab in the Account Settings (Mark)
Fixed incorrect field type for
SMTP host (Mark)
Updated FCKeditor to v2.6.4.1 (Mark)
Search dates were not properly validated prior to use (Mark)
Fixed several E_ALL errors (Mark)
Multi-page comment support was broken for plugins (Mark)
Support usernames upto 32 characters in length (Mark)
Installation - Now support migrating Geeklog v1.4.1+ sites, including 1.6.0 (Mark)
Improved SEO support throughout the system (Mark)
Core groups can now be edited. (Mark)
Plugin auto installer did not display correct installed version number (Mark)
Display default glFusion topic icon if no icon is specified (Mark)
Allow user edit for remote users (Mark)
glFusion v1.1.4pl4
Fixed bug where you could not use the image insert in the advanced editor in the mail user form (Mark)
Fixed another
XML issue with the web services routines (Mark)
Added width:100% in submitstory_advanced.thtml template to ensure the
WYSIWYG editor uses the full width of the page (Mark)
Removed the maxlength for the admin password prompt (Mark)
Ensure extra whitespace is properly removed in search strings (Mark)
Leap year fix in calendar.class.php (Mark)
Uploads fails to upload files when 1 file in the bunch errors (Mark)
Webservices did not properly escape all
HTML entities (Mark)
glFusion v1.1.4pl3
-
Trim spaces from username and email when creating a new user (Mark)
When custom registration is enabled, the user cannot select a login link to display the login screen (Mark)
Added cache_templates field to fusionrescue.php (Mark)
Added [story_introtext:##storyid##] Auto tag (Mark)
Adding groups to user in user edit could fail under certain conditions (Mark)
New PLG_getwhatsnewcomment()
API to allow plugins to list new comments in the What's New block (Mark)
Installation - ensure siteconfig.php was successfully created (Mark)
glFusion v1.1.4.pl2
glFusion v1.1.4.pl1
Improved data validation to ensure values are properly set before attempting to use them. (Mark)
Fixed potential XSS issue when invalid data is presented during add / edit event (Mark)
Fixed issue where calendar submissions were not placed on the proper calendar (Mark)
Improved searching of personal calendars (Mark)
Improved page titles (Mark)
Implemented multi-page comment support (Mark)
Apply file permissions for admin uploads too (Mark)
Fixed issue where new files did not always show up in the What's New list (Mark)
Added Permlink feature to icon_minipost.gif in forum posts (Eric)
Implemented
WYSIWYG editor (Mark)
Fixed bug where deleting a category did not delete all the forum posts associated with the forums in that category (Mark)
Moved BBcode signature to the About You profile panel (Mark)
Streamlined the BBcode editor bar (Mark)
Implemented Eric Kingsley's forum notification mod - option to include full post in notification email (Mark)
Implemented a hook for Eric Kingsley's Medals plugin (Mark)
Query optimization on topic list page - reduced server load and overall performance improvement (Mark)
Implemented BBcode signature support (Mark)
Moved user preferences to user profile (Mark)
Implemented Community Moderation System (Mark)
Added forum.html feature (auto assigned to Forum Admin group) - allows owners to use
HTML in forum posts. (Mark)
Added phpBB3 migration utility (Mark)
Improved page titles (Mark)
Added support for new glFusion PM plugin (Mark)
Clear the centerblock cache after importing story (Mark)
Fixed a potential XSS issue when invalid data is entered during link add / edit (Mark)
Fixed issue where children categories would become orphaned if the parent category changed category id (Mark)
Added support for auto tags in the link descriptions (Mark)
Improved
SQL security (Mark)
Implemented the PLG_itemSaved()
API (Mark)
Fixed issue where the default album theme was not being used on new albums (Mark)
Fixed issue where the parent album's group ownership was not always properly inherited by new child albums (Mark)
Added {search_album} template variable to the search output, allowing the album an item resides to be included in the search results display (Mark)
Renamed the 'Graphics Package' tab in the MG admin screen to 'Host Environment' to better reflect the real meaning of the tab (Mark)
Added new command line interface for batch imports into Media Gallery (Mark)
Added new option to allow media owner to edit media item (Mark)
Added new feature to allow mediagallery.admin to edit media owner (Mark)
Moved user preferences to user profile (Mark)
Fixed comment handling - multi-page comments did not work and user could not select comment order. (Mark)
Fixed issue where the media item date/time did not use local time when editing (Mark)
Fix issue processing large FLV files (Mark)
Modify album create to use the parent's group if no user specified group available (Mark)
Media Gallery does not always honor 'parent' album permissions when going directly to a sub-album. (Mark)
Coppermine import now pulls the user who uploaded the image from the Coppermine database and imports into Media Gallery (Mark)
Fixed issue where the image rotate option was not available in the media edit screen (Mark)
Fixed permission issue where non-members could view the full image using the popup.php script. (Mark)
Added ability for random image block to go directly to an image in the album view. (Mark)
Removed check for rss/ directory after configuration save (Mark)
Fixed comment handling - multi-page comments did not work and user could not select comment order. (Mark)
Fixed division by zero errors (Mark)
Special characters are not preserved in the remarks field (Mark)
Fixed issues where comments were not properly deleted, did not change when the polls id changed, and did not show up in the what's new block. (Mark)
Implemented PLG_itemSaved()
API (Mark)
Fixed comment handling - allow multi-page comments (Mark)
Fixed issues where comments were not properly deleted, did not change when the static page id changed, and did not show up in the what's new block. (Mark)
