glFusion Wiki

Site Tools


glfusion:whatsnew:v121

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

glfusion:whatsnew:v121 [2011/04/24 10:25]
glfusion:whatsnew:v121 [2016/09/13 19:47] (current)
Line 1: Line 1:
 +~~NOTOC~~
 +====== What's New in glFusion v1.2.1======
  
 +glFusion v1.2.1 continues our commitment to providing a secure and robust content management system. This releases contains a minor security fix, some significant stability updates and several small bug fixes. ​ All glFusion users are encouraged to upgrade as soon as possible.
 +
 +For those who are **upgrading**,​ please don't forget to run the **[[glfusion:​upgrade|Upgrade Wizard]]** after you have loaded the files to your server.
 +
 +Some of the enhancements below required us to make some changes to the template files. ​ Be sure and check out the [[glfusion:​template_changes|Template Changes]] page and update any of your **custom** templates.
 +====== Notable Enhancements for glFusion v1.2.1 ======
 +
 +**XSS Security Fix**
 +
 +The admin configuration screen did not properly filter all input variables, this resulted in the potential for a cross site scripting vulnerability. ​ Although the risk is very low since access to the administration section of a glFusion site requires admin authentication,​ we have fixed the filtering problem.
 +
 +**General Code Improvements**
 +
 +We continue to perform code reviews and make necessary adjustments to improve the overall security posture of the system. ​ There were several minor tweaks to ensure proper filtering and validation of user supplied data.
 +
 +**Enhancements**
 +
 +  * Updated / new German Language files for glFusion and all bundled plugins. Thanks to André for the translations
 +  * FileMgmt: Add max file size to information text on upload screen
 +  * Updated htmLawed to v1.1.9.4
 +  * Bad Behavior2: Updated to v2.0.39
 +  * Implement persistent (non-fading) system messaging
 +    * See: COM_showMessage(),​ COM_showMessageText(),​ COM_showMessageFromParameter()
 +  * All bundled Plugins: Allow custom language string overrides
 +  * Config setting Allow User Theme and Allow User Language to False on default installs
 +  * Allow forum plugin to find custom CSS in private/​plugins/​forum/​css/​custom
 +  * Let default content blocks auto-increment on install
 +  * Implement PLG_templatePath:​ plugin helper function to find templates
 +  * Extend ADMIN_simpleList -> ADMIN_arrayList,​ allows sortable columns
 +  * Rename ADMIN_sortList function to ADMIN_sortArray
 +  * Plugin Admin - allow sorting of columns in Plugin list
 +  * Replace/fix sort direction arrows in ADMIN_list and ADMIN_arrayList
 +
 +**Bug Fixes**
 +
 +  * Ensure $REMOTE_ADDR is properly set
 +  * Media Gallery: Fixed bug where user quota would reset to unlimited
 +  * Fixed issue where the MooRotator would not auto start in Chrome
 +  * Forum: Added permission check to forum notification emails
 +  * Media Gallery: Fixed bug when in Global Album Editor, the Display Image Skin setting was not being saved.
 +  * Calendar: Copying event from master calendar to personal calendar caused SQL error
 +  * Media Gallery: Fixed bug where mediagallery.admin members could not access admin page.
 +  * Fix width of Directory/​File Permissions table in envcheck
 +  * submit.php was not providing new edit=x parameter to plugins
 +  * Calendar: Add permission check to auto tags
 +  * FileMgmt: Add permission check to auto tags
 +  * Staticpages:​ Add permission check to auto tags
 +  * Fix block id conflict between Blog Roll and Forum Menu blocks
 +  * MooSlide widget resize bugfix, implement custom css, autoscroll and mouseover capability, all code courtesy of Rowan
 +  * Fix filecheck_data - create missing nouveau custom template dirs
 +
 +
 +====== Full ChangeLog (all changes since original 1.2.0 release) ======
 +
 +**glFusion v1.2.1**
 +
 +  * Updated / new German Language files for glFusion and all bundled plugins. Thanks to André for the translations (Mark)
 +  * Ensure $REMOTE_ADDR is properly set (André)
 +  * FileMgmt: Add max file size to information text on upload screen (André)
 +  * Media Gallery: Fixed bug where user quota would reset to unlimited (Mark)
 +  * Fixed issue with XSS in configuration (Mark)
 +  * Fixed issue where the MooRotator would not auto start in Chrome (Mark)
 +  * Forum: Added permission check to forum notification emails (Mark)
 +  * Media Gallery: Fixed bug when in Global Album Editor, the Display Image Skin setting was not being saved. (Eric - Fix by Walter Rowe)
 +  * Calendar: Copying event from master calendar to personal calendar caused SQL error (Mark)
 +  * Updated htmLawed to v1.1.9.4 (Mark)
 +  * Media Gallery: Fixed bug where mediagallery.admin members could not access admin page.
 +  * Bad Behavior2: Updated to v2.0.38 (Mark)
 +  * Fix width of Directory/​File Permissions table in envcheck (Mark H.)
 +  * Implement persistent (non-fading) system messaging (Mark H.)
 +    * See: COM_showMessage(),​ COM_showMessageText(),​ COM_showMessageFromParameter()
 +  * All bundled Plugins: Allow custom language string overrides (Mark H.)
 +  * Config setting Allow User Theme and Allow User Language to False on default installs (Eric)
 +  * submit.php was not providing new edit=x parameter to plugins (Mark H.)
 +  * Calendar: Add permission check to auto tags (mark)
 +  * FileMgmt: Add permission check to auto tags (mark)
 +  * Staticpages:​ Add permission check to auto tags (mark)
 +  * Allow forum plugin to find custom CSS in private/​plugins/​forum/​css/​custom
 +  * Let default content blocks auto-increment on install (Eric)
 +  * Fix block id conflict between Blog Roll and Forum Menu blocks (Eric)
 +  * MooSlide widget resize bugfix, implement custom css, autoscroll and mouseover
 +  * capability, all code courtesy of Rowan (Eric)
 +  * Implement PLG_templatePath:​ plugin helper function to find templates (Mark H.)
 +  * Extend ADMIN_simpleList -> ADMIN_arrayList,​ allows sortable columns (Mark H.)
 +  * Rename ADMIN_sortList function to ADMIN_sortArray (Mark H.)
 +  * Fix filecheck_data - create missing nouveau custom template dirs (Mark H.)
 +  * Plugin Admin - allow sorting of columns in Plugin list (Mark H.)
 +  * Replace/fix sort direction arrows in ADMIN_list and ADMIN_arrayList (Mark H.)
 +
 +**glFusion v1.2.0.pl5**
 +
 +  * Add option for admins to set story author (Lee / Mark)
 +  * Reset login speedlimit check on successful login (Mark)
 +  * Forum: Fix ambiguous use of uid in query (Lee)
 +  * Forum: Ensure all notifications are sent from no_reply address (Mark)
 +  * Fixed published date bug when using Chrome browser (Mark)
 +  * Forum: Now process autotags before processing smilies (Mark)
 +  * Fixed preg_replace compilation failure when non UTF-8 used in search (Mark)
 +  * Updated htmLawed HTML filter module (Mark)
 +  * Allow user / root element overrides for HTML filtering (Mark)
 +  * Add user id column to user list (Mark)
 +  * Static Pages: Add support for custom language files (Lee / Mark)
 +  * Media Gallery: Display full setting was reversed when viewing media item (Lee / Mark)
 +  * Media Gallery: Admin user edit did not properly retrieve / set Media Gallery user preference settings (Lee / Mark)
 +  * Media Gallery - Batch import could fail if the source album does not have views properly set. (Lee / Mark)
 +  * CUSTOM user form was not called if password validation failed when using custom registration (Mark)
 +  * FileMgmt: Files with embedded spaces outside of webroot would not d/l (Mark H)
 +  * Admin user edit photo upload missing (Mark)
 +  * Batch Admin interface did not keep settings when paging through results (Mark)
 +  * Calendar: auto tag was broken (Mark)
 +  * Do not include summary when contentlength = 0 in syndication (Mark)
 +  * Fixed issue where you could not delete blocks (Mark)
 +  * Forum: Fixed footer formatting issue (Mark)
 +  * Fixed daily digest issue where it did not honor the emailstorieslength configuration setting (Mark)
 +
 +**glFusion v1.2.0.pl4**
 +
 +  * Add patch level to version checker (Mark)
 +  * Plugin user preferences were not properly saved in admin user editor (Mark)
 +  * Fixed date calculation error (Mark)
 +  * Comment disclaimer displayed when no comments had been entered yet. (Mark)
 +  * htmlspecialchars_decode() is a PHP5 only function. Updated lib-common to load the compatible function when running PHP4. (Mark)
 +  * Forum: footer.thtml template did not work with custom/ directory (Mark)
 +  * Setting comment edit time to 0 did not allow unlimited time to edit comments - instead it prevented comments from being edited (Mark)
 +  * When story.admin user selects contribute, the redirect was broken that took them to the admin story editor (Mark)
 +  * Do not allow default blocks to be deleted (Mark)
 +  * linksrc: was not included in allowed autotag options for the MG media Browser (Mark)
 +
 +**glFusion v1.2.0.pl3**
 +
 +  * Forum: Smiley display did not wrap properly if using wide icons (Mark)
 +  * Demo mode tweaks - remove some advanced features from demo mode (i.e.; allow multiple logins from same userid) (Mark)
 +  * Forum: Use noreply email address for notifications (Mark)
 +  * Polls: Comment view did not default to user preferences (Mark)
 +  * Media Gallery: Comment view did not default to user preferences (Mark)
 +  * FileMgmt: Comment view did not default to user preferences (Mark)
 +  * Block Editor did not allow you to un-check allow auto tags (Mark)
 +  * Media Gallery: SWFUpload did not enforce user quotas (Mark)
 +  * Database backup would fail if password contained certain special characters (Mark)
 +  * Media Gallery: SWFUpload referenced SWFUpload Button in wrong directory if glFusion is installed in a sub-directory. (Mark).
 +  * Database backup would always fail with 0 byte file message on Windows hosts. (Mark)
 +  * Delete story from admin list did not work (result of a fix done in pl2) (Mark)
 +  * Plugin API bug - PLG_callFunctionForAllPlugins() did not cycle through all the plugins - returned after first hit. (Mark)
 +
 +**glFusion v1.2.0.pl2**
 +
 +  * When using embedded images in a story, if you select an image to delete and save, the story is deleted. (Mark)
 +  * Save button text disappears if submitting a story and it contains missing fields. (Mark)
 +  * Always use the title attribute in What's New (Mark)
 +  * Fixed issue with Gallery Remote2 not properly logging into the site (Mark)
 +
 +**glFusion v1.2.0.pl1**
 +
 +  * COM_checkWords() was trimming spaces when it should not. (Mark)
 +  * Links: Invalid multibyte string would cause crash. (Mark)
 +  * showblock: auto tag did not honor block permissions. (Mark)
 +  * COM_onFrontPage() and COM_whatsNew() had a global variable conflict with $newstories (Mark)
 +  * fs_multilanguage configuration field was misspelled in new install (Mark)
 +
 +
 +====== What's New Archives ======
 +
 +[[glfusion:​whatsnew:​v120|v1.2.0]]\\
 +[[glfusion:​whatsnew:​v118|v1.1.8]]\\
 +[[glfusion:​whatsnew:​v117|v1.1.7]]\\
 +[[glfusion:​whatsnew:​v116|v1.1.6]]\\
 +[[glfusion:​whatsnew:​v115|v1.1.5]]\\
 +[[glfusion:​whatsnew:​v114|v1.1.4]]\\
 +[[glfusion:​whatsnew:​v113|v1.1.3]]\\
 +[[glfusion:​whatsnew:​v112|v1.1.2]]\\
 +[[glfusion:​whatsnew:​v111|v1.1.1]]\\
 +[[glfusion:​whatsnew:​v110|v1.1.0]]\\
 +[[glfusion:​whatsnew:​v101|v1.0.1]]\\
 +[[glfusion:​whatsnew:​v100|v1.0.0]]\\