You are here: start » glfusion » whatsnew » v116

What's New in glFusion v1.1.6

glFusion v1.1.6 continues our commitment to providing a secure and robust content management system. This release release includes a few minor enhancements, security updates, and bug fixes.

This release does make configuration and database modifications, so you must run the Upgrade Wizard after you have loaded the files to your server.

Security Enhancements

glFusion now supports cookies with the HTTPOnly flag. The cookie is accessible only through the HTTP protocol. This means that the cookie won't be accessible by scripting languages, such as JavaScript. This setting can effectively help to reduce identity theft through XSS attacks (although it is not supported by all browsers).

The installation scripts have been reworked to be a bit more secure. We still recommend you either rename or remove the public_html/admin/install/ directory once you have completed the installation or upgrade.

Security of your web site is very important to us. If an vulnerability is found, we try to fix it immediately. The challenge is informing our users of the risk and the fix. We now offer the glFusion Announce Mailing List that you can subscribe to. We will post all known issues and security issues to this list. We also offer a Known Issues / Security Updates RSS feed you can subscribe to as well.

We strongly recommend that you subscribe to one of the items above to ensure you receive prompt notification of any security vulnerabilities and their solution.

Other Enhancements

Full German Translations

Tony Kluever provided full German translations for glFusion and all bundled plugins.

showblock auto tag

glFusion v1.1.6 added a new auto tag that allows you to display blocks inside other content such as static pages. This opens up the ability to develop some interesting and unique page designs.

Search Improvements

Previous versions of glFusion did not support search comments for anything other than stories. Now comments are searched for all plugins.

RSS Feed Improvements

glFusion now includes the author in the RSS v2.0 feeds.

Bad Behavior2 Updated to v2.0.29

Bad Behavior's author has released Bad Behavior v2.0.29, which has now been integrated into glFusion v1.1.6.

Full ChangeLog

glFusion v1.1.6

  • Added min-height property to #gl_wrapper in style.css
  • Added accordion style toggles to configuration screens for “progressive disclosure”
  • New showblock auto tag
  • Added CUSTOM_css() hook
  • Spruced up the search results for comments show type of comment (i.e.; Story > Comment or FileMgmt > Comment)
  • Search using date range did not always work properly across all plugins
  • Ensure topic selection is presistent when viewing admin story list
  • Allow plugin comments to be included in search results
  • Tweaks to contact user / author templates; consistent widths and display
  • Allow custom/functions.php in theme directory
  • Ensure enabling / removing configuration options clears the config cache file
  • Moved documentation into language directories
  • Added PLG_getConfigElementHelp API call
  • Full support for PLG_itemSaved() and PLG_itemDeleted() APIs
  • Add author to RSS 2.0 syndication feeds for articles
  • Do not error when trying to upgrade a disabled bundled plugin
  • Security enhancements to the installation scripts
  • Better support for legacy plugins
  • Ensure template class if available when logging errors
  • Ensure character encoding is properly passed to all htmlentities calls
  • Add custom_registration field to allowed fields in fusionrescue.php
  • Replaced ereg functions for improved PHP 5.3.0 support
  • Accessibility updates
  • Updated German Language files
  • Added the ability to pass additional parsers and code handlers to lib-bbcode.
  • Fixed issue when daily digest is enabled and user changes their password, all topics are marked as no-access
  • Ensure root user is properly set when deleting a user
  • Fixed a crash in html2text when [b]$ combinations existed in the forum post or the story. (Mark).

Bad Behavior2 Plugin

  • Updated to v2.0.29
    • Users authenticating to a Bad Behavior-protected site using a third party OpenID were blocked with a message stating that: “Data may not be posted from offsite forms.”
    • A few specialized web crawlers use an unusual form of the Range: HTTP header in their requests, requesting a range starting with 0. This behavior, while technically permitted by the HTTP specification, is most often seen with malicious crawlers; web browsers and major search engines do not use it. Bad Behavior will now block these requests only when strict mode is enabled.

Calendar Plugin

  • Maintain the owner of events placed in the submission queue

FileMgmt Plugin

  • FileMgmt did not honor the comment setting for each file and always displayed the comment bar.
  • Do not display the upload form for anonymous users if upload public set to false.

Forum Plugin

  • Finally resolved the issue with the Active Forum icon would not always display when there were new posts in a forum. Thanks to LeeG for providing me enough details to resolve this bug.
  • Fixed issue where the index page would incorrectly display Today as the last post date when in fact that wasn't true.
  • Fixed invalid index on rating_assoc table (bumped version to 3.1.5)
  • Fix to allow Smiley plugin to work with WYSIWYG editor
  • Ensure the profile edit functions return the proper value
  • Filter memberslist to ensure only registered users are shown
  • Fixed issue where moderators were unable to edit forum posts.
  • Updated the topic-left.thtml with community moderation variables.
  • Fixed story migration to set postmode to 'html' instead of 'HTML' which caused problems when using the WYSIWYG editor.

Links Plugin

  • If login is required and user is not logged in, display a message that login is required instead of simply redirecting to the index page.
  • Improved error messages displayed when there is a problem submitting a link.
  • Loosened up the URL checking routines

Media Gallery Plugin

  • Increased z-index of lightbox to compensate for z-index fix with Site Tailor menu auto tags
  • RSS feeds were not being referenced in the correct directory
  • When using the destination block on auto tags, the auto tag counter was not properly initialized.
  • Expand auto tags in title when used in Random Image block

Site Tailor Plugin

  • Fixed issue where quotes were not properly filtered when magic_quotes_gpc is enabled in PHP.
  • New element type * Label * allows you to have a non-link label as a menu element
  • Made field order consistent between create element & edit element
  • Properly delete menu config entries when deleting a menu (fix provided by Mark Howard)
  • Fixed z-index issue when multiple menus are on the same page (fix provided by Mark Howard)
  • Fixed a bug with the vmenu auto tag where it did not properly trim whitespaces from the menu name, thus it didn't actually work.
  • Menu builder did not always honor the URL rewrite setting when building links for static pages
  • When using the [hmenu] auto tag, cascading menus did not render properly

Static Pages Plugin

  • 'Last updated' date does not use same format as other dates

Language File Updates

German Translation updates to:

  • Bad Behavior
  • Media Gallery
  • Site Tailor
  • Links
  • Captcha
  • FileMmgt
  • Calendar
  • Forum
  • Spamx
  • Polls

What's New Archives

v1.1.5
v1.1.4
v1.1.3
v1.1.2
v1.1.1
v1.1.0
v1.0.1
v1.0.0

glfusion/whatsnew/v116.txt · Last modified: 2010/02/02 02:12 (external edit)
 
Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3