Differences

This shows you the differences between two versions of the page.

Link to this comparison view

glfusion:whatsnew121 [2011/04/24 15:24] (current)
Mark created
Line 1: Line 1:
 +~~NOTOC~~
 +====== What's New in glFusion v1.2.1======
  
 +glFusion v1.2.1 continues our commitment to providing a secure and robust content management system. This releases contains a minor security fix, some significant stability updates and several small bug fixes.  All glFusion users are encouraged to upgrade as soon as possible.
 +
 +For those who are **upgrading**, please don't forget to run the **[[glfusion:upgrade|Upgrade Wizard]]** after you have loaded the files to your server.
 +
 +Some of the enhancements below required us to make some changes to the template files.  Be sure and check out the [[glfusion:template_changes|Template Changes]] page and update any of your **custom** templates.
 +====== Notable Enhancements for glFusion v1.2.1 ======
 +
 +**XSS Security Fix**
 +
 +The admin configuration screen did not properly filter all input variables, this resulted in the potential for a cross site scripting vulnerability.  Although the risk is very low since access to the administration section of a glFusion site requires admin authentication, we have fixed the filtering problem.
 +
 +**General Code Improvements**
 +
 +We continue to perform code reviews and make necessary adjustments to improve the overall security posture of the system.  There were several minor tweaks to ensure proper filtering and validation of user supplied data.
 +
 +**Enhancements**
 +
 +  * Updated / new German Language files for glFusion and all bundled plugins. Thanks to André for the translations
 +  * FileMgmt: Add max file size to information text on upload screen
 +  * Updated htmLawed to v1.1.9.4
 +  * Bad Behavior2: Updated to v2.0.39
 +  * Implement persistent (non-fading) system messaging
 +    * See: COM_showMessage(), COM_showMessageText(), COM_showMessageFromParameter()
 +  * All bundled Plugins: Allow custom language string overrides
 +  * Config setting Allow User Theme and Allow User Language to False on default installs
 +  * Allow forum plugin to find custom CSS in private/plugins/forum/css/custom
 +  * Let default content blocks auto-increment on install
 +  * Implement PLG_templatePath: plugin helper function to find templates
 +  * Extend ADMIN_simpleList -> ADMIN_arrayList, allows sortable columns
 +  * Rename ADMIN_sortList function to ADMIN_sortArray
 +  * Plugin Admin - allow sorting of columns in Plugin list
 +  * Replace/fix sort direction arrows in ADMIN_list and ADMIN_arrayList
 +
 +**Bug Fixes**
 +
 +  * Ensure $REMOTE_ADDR is properly set
 +  * Media Gallery: Fixed bug where user quota would reset to unlimited
 +  * Fixed issue where the MooRotator would not auto start in Chrome
 +  * Forum: Added permission check to forum notification emails
 +  * Media Gallery: Fixed bug when in Global Album Editor, the Display Image Skin setting was not being saved.
 +  * Calendar: Copying event from master calendar to personal calendar caused SQL error
 +  * Media Gallery: Fixed bug where mediagallery.admin members could not access admin page.
 +  * Fix width of Directory/File Permissions table in envcheck
 +  * submit.php was not providing new edit=x parameter to plugins
 +  * Calendar: Add permission check to auto tags
 +  * FileMgmt: Add permission check to auto tags
 +  * Staticpages: Add permission check to auto tags
 +  * Fix block id conflict between Blog Roll and Forum Menu blocks
 +  * MooSlide widget resize bugfix, implement custom css, autoscroll and mouseover capability, all code courtesy of Rowan
 +  * Fix filecheck_data - create missing nouveau custom template dirs
 +
 +
 +====== Full ChangeLog (all changes since original 1.2.0 release) ======
 +
 +**glFusion v1.2.1**
 +
 +  * Updated / new German Language files for glFusion and all bundled plugins. Thanks to André for the translations (Mark)
 +  * Ensure $REMOTE_ADDR is properly set (André)
 +  * FileMgmt: Add max file size to information text on upload screen (André)
 +  * Media Gallery: Fixed bug where user quota would reset to unlimited (Mark)
 +  * Fixed issue with XSS in configuration (Mark)
 +  * Fixed issue where the MooRotator would not auto start in Chrome (Mark)
 +  * Forum: Added permission check to forum notification emails (Mark)
 +  * Media Gallery: Fixed bug when in Global Album Editor, the Display Image Skin setting was not being saved. (Eric - Fix by Walter Rowe)
 +  * Calendar: Copying event from master calendar to personal calendar caused SQL error (Mark)
 +  * Updated htmLawed to v1.1.9.4 (Mark)
 +  * Media Gallery: Fixed bug where mediagallery.admin members could not access admin page.
 +  * Bad Behavior2: Updated to v2.0.38 (Mark)
 +  * Fix width of Directory/File Permissions table in envcheck (Mark H.)
 +  * Implement persistent (non-fading) system messaging (Mark H.)
 +    * See: COM_showMessage(), COM_showMessageText(), COM_showMessageFromParameter()
 +  * All bundled Plugins: Allow custom language string overrides (Mark H.)
 +  * Config setting Allow User Theme and Allow User Language to False on default installs (Eric)
 +  * submit.php was not providing new edit=x parameter to plugins (Mark H.)
 +  * Calendar: Add permission check to auto tags (mark)
 +  * FileMgmt: Add permission check to auto tags (mark)
 +  * Staticpages: Add permission check to auto tags (mark)
 +  * Allow forum plugin to find custom CSS in private/plugins/forum/css/custom
 +  * Let default content blocks auto-increment on install (Eric)
 +  * Fix block id conflict between Blog Roll and Forum Menu blocks (Eric)
 +  * MooSlide widget resize bugfix, implement custom css, autoscroll and mouseover
 +  * capability, all code courtesy of Rowan (Eric)
 +  * Implement PLG_templatePath: plugin helper function to find templates (Mark H.)
 +  * Extend ADMIN_simpleList -> ADMIN_arrayList, allows sortable columns (Mark H.)
 +  * Rename ADMIN_sortList function to ADMIN_sortArray (Mark H.)
 +  * Fix filecheck_data - create missing nouveau custom template dirs (Mark H.)
 +  * Plugin Admin - allow sorting of columns in Plugin list (Mark H.)
 +  * Replace/fix sort direction arrows in ADMIN_list and ADMIN_arrayList (Mark H.)
 +
 +**glFusion v1.2.0.pl5**
 +
 +  * Add option for admins to set story author (Lee / Mark)
 +  * Reset login speedlimit check on successful login (Mark)
 +  * Forum: Fix ambiguous use of uid in query (Lee)
 +  * Forum: Ensure all notifications are sent from no_reply address (Mark)
 +  * Fixed published date bug when using Chrome browser (Mark)
 +  * Forum: Now process autotags before processing smilies (Mark)
 +  * Fixed preg_replace compilation failure when non UTF-8 used in search (Mark)
 +  * Updated htmLawed HTML filter module (Mark)
 +  * Allow user / root element overrides for HTML filtering (Mark)
 +  * Add user id column to user list (Mark)
 +  * Static Pages: Add support for custom language files (Lee / Mark)
 +  * Media Gallery: Display full setting was reversed when viewing media item (Lee / Mark)
 +  * Media Gallery: Admin user edit did not properly retrieve / set Media Gallery user preference settings (Lee / Mark)
 +  * Media Gallery - Batch import could fail if the source album does not have views properly set. (Lee / Mark)
 +  * CUSTOM user form was not called if password validation failed when using custom registration (Mark)
 +  * FileMgmt: Files with embedded spaces outside of webroot would not d/l (Mark H)
 +  * Admin user edit photo upload missing (Mark)
 +  * Batch Admin interface did not keep settings when paging through results (Mark)
 +  * Calendar: auto tag was broken (Mark)
 +  * Do not include summary when contentlength = 0 in syndication (Mark)
 +  * Fixed issue where you could not delete blocks (Mark)
 +  * Forum: Fixed footer formatting issue (Mark)
 +  * Fixed daily digest issue where it did not honor the emailstorieslength configuration setting (Mark)
 +
 +**glFusion v1.2.0.pl4**
 +
 +  * Add patch level to version checker (Mark)
 +  * Plugin user preferences were not properly saved in admin user editor (Mark)
 +  * Fixed date calculation error (Mark)
 +  * Comment disclaimer displayed when no comments had been entered yet. (Mark)
 +  * htmlspecialchars_decode() is a PHP5 only function. Updated lib-common to load the compatible function when running PHP4. (Mark)
 +  * Forum: footer.thtml template did not work with custom/ directory (Mark)
 +  * Setting comment edit time to 0 did not allow unlimited time to edit comments - instead it prevented comments from being edited (Mark)
 +  * When story.admin user selects contribute, the redirect was broken that took them to the admin story editor (Mark)
 +  * Do not allow default blocks to be deleted (Mark)
 +  * linksrc: was not included in allowed autotag options for the MG media Browser (Mark)
 +
 +**glFusion v1.2.0.pl3**
 +
 +  * Forum: Smiley display did not wrap properly if using wide icons (Mark)
 +  * Demo mode tweaks - remove some advanced features from demo mode (i.e.; allow multiple logins from same userid) (Mark)
 +  * Forum: Use noreply email address for notifications (Mark)
 +  * Polls: Comment view did not default to user preferences (Mark)
 +  * Media Gallery: Comment view did not default to user preferences (Mark)
 +  * FileMgmt: Comment view did not default to user preferences (Mark)
 +  * Block Editor did not allow you to un-check allow auto tags (Mark)
 +  * Media Gallery: SWFUpload did not enforce user quotas (Mark)
 +  * Database backup would fail if password contained certain special characters (Mark)
 +  * Media Gallery: SWFUpload referenced SWFUpload Button in wrong directory if glFusion is installed in a sub-directory. (Mark).
 +  * Database backup would always fail with 0 byte file message on Windows hosts. (Mark)
 +  * Delete story from admin list did not work (result of a fix done in pl2) (Mark)
 +  * Plugin API bug - PLG_callFunctionForAllPlugins() did not cycle through all the plugins - returned after first hit. (Mark)
 +
 +**glFusion v1.2.0.pl2**
 +
 +  * When using embedded images in a story, if you select an image to delete and save, the story is deleted. (Mark)
 +  * Save button text disappears if submitting a story and it contains missing fields. (Mark)
 +  * Always use the title attribute in What's New (Mark)
 +  * Fixed issue with Gallery Remote2 not properly logging into the site (Mark)
 +
 +**glFusion v1.2.0.pl1**
 +
 +  * COM_checkWords() was trimming spaces when it should not. (Mark)
 +  * Links: Invalid multibyte string would cause crash. (Mark)
 +  * showblock: auto tag did not honor block permissions. (Mark)
 +  * COM_onFrontPage() and COM_whatsNew() had a global variable conflict with $newstories (Mark)
 +  * fs_multilanguage configuration field was misspelled in new install (Mark)
 +
 +
 +====== What's New Archives ======
 +
 +[[glfusion:whatsnew:v120|v1.2.0]]\\
 +[[glfusion:whatsnew:v118|v1.1.8]]\\
 +[[glfusion:whatsnew:v117|v1.1.7]]\\
 +[[glfusion:whatsnew:v116|v1.1.6]]\\
 +[[glfusion:whatsnew:v115|v1.1.5]]\\
 +[[glfusion:whatsnew:v114|v1.1.4]]\\
 +[[glfusion:whatsnew:v113|v1.1.3]]\\
 +[[glfusion:whatsnew:v112|v1.1.2]]\\
 +[[glfusion:whatsnew:v111|v1.1.1]]\\
 +[[glfusion:whatsnew:v110|v1.1.0]]\\
 +[[glfusion:whatsnew:v101|v1.0.1]]\\
 +[[glfusion:whatsnew:v100|v1.0.0]]\\
glfusion/whatsnew121.txt · Last modified: 2011/04/24 15:24 by Mark
 
Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3