Differences

This shows you the differences between two versions of the page.

Link to this comparison view

glfusion:whatsnew [2011/04/24 15:25]
Mark
glfusion:whatsnew [2014/04/01 15:05] (current)
Mark
Line 1: Line 1:
 ~~NOTOC~~ ~~NOTOC~~
-====== What's New in glFusion v1.2.2======+====== What's New in glFusion v1.4.0======
  
-glFusion v1.2.2 continues our commitment to providing a secure and robust content management system. This releases contains some significant stability updates and several small bug fixes.  All glFusion users are encouraged to upgrade as soon as possible.+===== Major Changes =====
  
-For those who are **upgrading**, please don't forget to run the **[[glfusion:upgrade|Upgrade Wizard]]** after you have loaded the files to your server. 
  
-There were no template changes in v1.2.2.+With glFusion v1.4.0, we are making a shift to HTML input as the standard input type.  For comments, contacting users, mailing stories, HTML is now the default.  You can select text mode input, but you no longer have the ability to toggle between input methods at the time you are entering text.  To better support this change, we have replaced the old FCKeditor with a more modern WYSIWYG editor, CKEditor. We also offer TinyMCE as a plugin if you prefer that WYSIWYG editor.  This has also driven significant updates to how HTML input is filtered. We've fixed a security issue in the filtering and also expanded the ability for you to define what HTML elements you will allow
  
-====== Notable Enhancements for glFusion v1.2.2 ======+The Media Gallery SWFUpload feature has always been problematicIt worked, but not always very well.  SWFUpload has been removed and replaced with an HTML 5 drag and drop uploader.
  
-  * Updated Czech language files from Ivan +Menu Builder has seen some more updates. The code has been completely rewritten to be much more efficient.  HTML used to build the menus is now template driven, which gives you unlimited flexibility in creating menus.
-  * Fixed hard coded language string (Groups) in admin/user.php +
-  * Mail to user (admin user edit screen) did not work properly +
-  * German language update from André +
-  * FileMgmt - Display max allowed filesize in admin upload screen +
-  * Updates to better support MySQL 5.+
-  * Do not show Awaiting Verification in user edit as an option when user does not enter their own password +
-  * Fixed bug where user's password was not properly checked to determine if blank when registering a new user+
  
-====== Full ChangeLog (all changes since original 1.2.1 release) ======+===== Functional Changes =====
  
-  * Updated Bad Behavior Plugion to v2.0.43 
-  * Fixed typo in lib-security 
-  * Fixed issue with token expiration when in admin functions 
-  * Fixed permission check for story edit 
-  * Calendar: Fixed permission check for anon users adding master calendar events 
-  * Fixed performance issue with forum lists when user rating enabled 
-  * Fixed bug where validation email requests would fail 
-  * Fixed issue deleting comments 
-  * FileMgmt: Expand autotags when displaying comments 
-  * Implemented global autotag recursion checks 
-  * Advanced story editor has some 'quirks' in IE 
-  * Fixed SQL error when creating FileMgmt content syndication 
-  * Updated MSN IPs for Bad Behavior2 Plugin 
-  * Bad Behavior provides an option to allow cross-site POST requests; these are meant to be blocked by default as most sites do not need to receive form data submitted from other sites. However, the option to enable it for those sites which do need it had inverted logic, resulting in cross-site requests being allowed when the option was set to disallow them, and vice versa. 
-  * Fixed missing call to CUSTOM_userEdit() in user profile panel 
-  * Fixed an issue with the plugin uploader where it could overwrite existing configuration files during plugin updates. 
-  * Fixed issue with URL parser retrieving URL parameters when only $_SERVER['orig_path_info'] is set. 
-  * Removed global <li> style from SiteTailor stylesheet. 
-  * Added some safety checks to dvlpupdate.php 
-  * Security Fix - bbcode implementation suffered from several XSS vulnerabilities.  Reported by Saif El-Sherei 
-  * Fixed plugin uninstall to not crash if plugin directory is missing 
-  * Removed unneeded log message in user create 
  
-====== What's New Archives ====== 
  
 +==== Menu Builder Updates ====
 +
 +
 +Menu Builder has gone through another rewrite. The code is now much more efficient.  Previous versions of Menu Builder, the HTML that controls the menu look and feel was hard coded.  It has been rewritten to use templates, which now gives you much more flexibility to customize how the menus work.
 +
 +Styling is still done through the menu classes in the style.css file.
 +
 +For more details on Menu Builder's updates - see the [[glfusion:upgrade:menu-builder-140|Menu Builder Update Notes]] page.
 +
 +==== What You See is What You Get (WYSIWYG) Editor ====
 +
 +In previous releases, you had the ability to toggle between plain text and HTML entry, with the option to also use the //advanced// editor.  This approach adds a significant complexity to the glFusion code, but it also puts some limitations in place as well.  Toggling between text and HTML can have devasting effects on formatting.
 +
 +You now choose whether you want text or HTML entry via a configuration setting.  If you select HTML, then HTML will be the mode you use.  
 +
 +The out-dated FCKEditor has been removed from the code base.  WYSIWYG editors are now provided as glFusion plugins.  glFusion ships with the CKEditor WYSIWYG editor bundled.  You can also download and install the TinyMCE editor if you prefer.
 +
 +Both CKEditor and TinyMCE have been integrated very tightly with glFusion to ensure what you see in the editor is what you actually get when you view the page through glFusion.  
 +
 +==== HTML Filtering ====
 +
 +
 +With the move to more HTML based inputs, it is very important that we have a secure method to filter user entered content.  The previous HTML filtering solution was good, but there was a significant security hole that needed to be plugged.  We've also implemented the ability for you to fine tune what HTML elements will be allowed depending on the operation being performed.  For example, you may allow more HTML tags in a story, but limit what HTML can be used in a comment.  The HTML will be parsed by the HTML filter to ensure only the HTML elements you are allowed are saved. The content is also filtered for any malicious content and it will be removed.
 +
 +There are new configuration options where you can specify which HTML tags you will allow in stories, comments, etc. Please review the default settings in **Command & Control** -> **Configuration** -> **Miscellaneous** -> **HTML Filtering**.
 +
 +
 +===== Configuration Changes =====
 +
 +The following new configuration option changes:
 +
 +Removed Configuration Settings:
 +
 +^Configuration Item  ^Description  ^
 +| menu_elements  |removed legacy menu elements |
 +|mailstory_postmode  |no longer set postmode of the mailstory function  |
 +|comment_editor  |No longer select type of editor - Now select whether you have the WYSIWYG editor or a standard text box in the WYSIWYG editor configuration screen. |
 +|advanced_editor  |Now select whether you have the WYSIWYG editor or standard text box in the WYSIWYG editor configuration screen.  |
 +
 +Added the following configuration settings:
 +
 +^Configuration Item  ^Description  ^
 +|mailuser_postmode  |Post mode (HTML or Text) to use when mailing a user or story | 
 +|htmlfilter_default  |HTML that will be allowed if no other HTML defined  |
 +|htmlfilter_story  |HTML allowed in story editor (applied to both admins and normal users)  |
 +|htmlfilter_comment  |HTML allowed in comment editor  |
 +|htmlfilter_root  |HTML that only root users can use  |
 +
 +Forum Plugin
 +
 +^Configuration Item  ^Description  ^
 +|allowed_html  |allowed HTML in a forum post - if HTML is enabled.  |
 +
 +===== Template Changes =====
 +
 +
 +Removed the following templates:
 +
 +  * profiles/contactauthorform_advanced.thtml
 +  * profiles/contactuserform_advanced.thtml
 +
 +Modified the following templates:
 +
 +^Template ^Location ^Description  ^
 +|languagetask.thtml | public_html/admin/install/templates | Removed GL migration|
 +|contactauthorform.thtml | public_html/layout/nouveau/profiles | One template to handle both WYSIWYG and plain text|
 +|editor.thtml | private/plugins/staticpages/templates/admin | Support for WYSIWYG|
 +|posteditor.thtml | private/plugins/forum/templates | Support for WYSIWYG|
 +|ckeditor_forum.thtml | private/plugins/forum/templates | Support for CKEditor| 
 +|ckeditor_story.thtml | private/plugins/ckeditor/templates | Support for CKEditor in story editor|
 +|commentform.thtml | public_html/layout/nouveau/comment | WYSIWYG support|
 +|submitstory.thtml | public_html/layout/nouveau/submit | User submitted story WYSIWYG support|
 +|contactuserform.thtml | public_html/layout/nouveau/profiles | WYSIWYG support|
 +|storyeditor.thtml | public_html/layout/nouveau/admin/story | Admin user entry WYSIWYG support|
 +|mailform.thtml | public_html/layout/nouveau/admin/mail | WYSIWYG support|
 +|blockeditor.thtml | public_html/layout/nouveau/admin/block |WYSIWYG support|
 +|tinymce_forum.thtml | private/plugins/forum/templates | TinyMCE editor support for Forum Plugin |
 +|ckeditor_submitstory.thtml | private/plugins/ckeditor/templates | user submitted story|
 +|ckeditor_email.thtml | private/plugins/ckeditor/templates | mail user / article|
 +|ckeditor_sp.thtml | private/plugins/ckeditor/templates | static pages|
 +|ckeditor_comment.thtml | private/plugins/ckeditor/templates |CKEditor template for comments |
 +|ckeditor_contact.thtml | private/plugins/ckeditor/templates |CKEditor template for contact user |
 +|ckeditor.thtml | private/plugins/ckeditor/templates |General CKEditor template |
 +|htmlheader.thtml | public_html/layout/nouveau |Changed **st_** variables to use new menu builder vars|
 +|upload.thtml | private/plugins/mediagallery/templates |Removed SWF Upload|
 +|html5upload.thtml | private/plugins/mediagallery/templates |HTML 5 upload |
 +|menu_vertical_simple.thtml | public_html/layout/nouveau/menu |Menu Builder template for simple vertical menus |
 +|menu_vertical_cascading.thtml | public_html/layout/nouveau/menu |Menu Builder template for vertical cascading menus |
 +|menu_horizontal_cascading.thtml | public_html/layout/nouveau/menu |Menu Builder template for horizontal cascading menus |
 +|menu_horizontal_simple.thtml | public_html/layout/nouveau/menu |Menu Builder template for simple horizontal menus |
 +|header.thtml | public_html/layout/nouveau |Uses new Menu Builder menu variables (replaced **st_** template variables |
 +|footer.thtml | public_html/layout/nouveau |Uses new Menu Builder menu variables (replaced **st_** template variables  |
 +|editmenu.thtml | public_html/layout/nouveau/admin/menu | Menu editor|
 +
 +
 +====== What's New Archives ======
 +[[glfusion:whatsnew:v130|v1.3.0]]\\
 +[[glfusion:whatsnew:v122|v1.2.2]]\\
 [[glfusion:whatsnew:v121|v1.2.1]]\\ [[glfusion:whatsnew:v121|v1.2.1]]\\
 [[glfusion:whatsnew:v120|v1.2.0]]\\ [[glfusion:whatsnew:v120|v1.2.0]]\\
glfusion/whatsnew.1303658700.txt.gz · Last modified: 2011/04/24 15:25 by Mark
 
Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3