| [ Index ] |
|
Code source de Joomla 1.0.13 |
1 <?php 2 /** 3 * @version $Id: CHANGELOG.php 8142 2007-07-21 09:20:01Z rmuilwijk $ 4 * @package Joomla 5 * @copyright Copyright (C) 2005 Open Source Matters. All rights reserved. 6 * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php 7 * Joomla! is free software. This version may have been modified pursuant 8 * to the GNU General Public License, and as distributed it includes or 9 * is derivative of works licensed under the GNU General Public License or 10 * other free or open source software licenses. 11 * See COPYRIGHT.php for copyright notices and details. 12 */ 13 14 // no direct access 15 defined( '_VALID_MOS' ) or die( 'Restricted access' ); 16 ?> 17 1. Copyright and disclaimer 18 --------------------------- 19 This application is opensource software released under the GPL. Please 20 see source code and the LICENSE file 21 22 23 2. Changelog 24 ------------ 25 This is a non-exhaustive (but still near complete) changelog for 26 Joomla! 1.0, including beta and release candidate versions. 27 Our thanks to all those people who've contributed bug reports and 28 code fixes. 29 30 31 3. Legend 32 --------- 33 * -> Security Fix 34 # -> Bug Fix 35 + -> Addition 36 ^ -> Change 37 - -> Removed 38 ! -> Note 39 40 21-Jul-2007 Robin Muilwijk 41 ^ (version.php) preparation for release 42 43 18-Jul-2007 Rob Schley 44 # Fixed admin session problems with immediate logout after login. 45 # Fixed a few misc. bugs. 46 47 48 11-Jul-2007 Sam Moffatt 49 ^ Removed assumption that a group exists for a user (may not actually be true) 50 51 52 04-Jul-2007 Rob Schley 53 # Fixed a bug in the administrator login system that prevented users from logging in 54 55 56 02-Jul-2007 Rob Schley 57 * SECURITY A6 [LOW Level]: Fixed [#5630] HRS attack on variable "url" 58 * SECURITY A1 [LOW Level]: Fixed [#5654] Multiple fields subjected to cross-site scripting vulnerabilities 59 * SECURITY A7 [LOW Level]: Fixed possible session fixation vulnerability in administrator application 60 61 62 29-Jun-2007 Louis Landry 63 ^ Hardened password storage mechanism to use a random salt 64 ! Remember Me cookies will be invalid and require a re-login 65 66 67 20-May-2007 Rob Schley 68 # Fixed key reference lookups to match whole results only 69 # Fixed two help screen naming issues. 70 ^ Changed RG_EMULATION warning message to refer to Global Configuration Setting 71 72 73 17-May-2007 Rob Schley 74 ^ Moved register globals emulation controls into Global Configuration 75 76 77 15-May-2007 Rob Schley 78 # Fixed [topic,170296] : Typos in Search Mambot configurations 79 80 81 14-May-2007 Rob Schley 82 # Fixed [topic,153233] : "Mail to Friend" parameter checks not checking content item setings 83 # Fixed [topic,126371] : IE7 left align problem 84 # Fixed [topic,167745] : Added JavaScript alert for empty category title 85 86 87 28-Apr-2007 Rob Schley 88 ^ Changed cookie naming conventions to not break when using HTTPS 89 # Fixed [topic,156116] : Optimzed queries for menu creation to improve performance. 90 * SECURITY A4 [ LOW Level ]: XSS issue in com_search and com_content 91 * SECURITY A4 [ LOW Level ]: XSS vulnerability in mod_login 92 93 94 16-Apr-2007 Enno Klasing 95 # Re-enabled Itemid behaviour of 1.0.11 (optional, default is behaviour of 1.0.12) 96 97 ---------------------------------------------------------------------------------------- 98 --------------- 1.0.12 Stable Released -- [25-December-2006 01:00 UTC] ----------------- 99 100 24-Dec-2006 Rob Schley 101 # Fixed two hard coded alt tags 102 + Added new language constant _BANNER_ALT 103 ^ Preparations for Stable packaging 104 # Removed local help screen content and replaced it with links to the online versions 105 106 107 19-Dec-2006 Rob Schley 108 + Added 119 help screen files. 109 ^ Changed 20 help screen titles. 110 # Fixed several grammar problems throughtout the Joomla! core 111 112 113 18-Dec-2006 Enno Klasing 114 # Fixed [artf5166] : Server Time offset issue, while submitting news 115 # Fixed [artf6439] : https switchover 116 117 118 18-Dec-2006 Rob Schley 119 # Fixed bug in offline.php when using the database class without a working database connection. 120 # Fixed spelling and grammar mistakes in english.php as per suggestions. 121 122 123 15-Dec-2006 Enno Klasing 124 # Fixed sample data: removed (nonexistent) RSS feed from OSM 125 # Fixed redirect to installation directory: removed need for lowercase directory names 126 127 128 13-Dec-2006 Rob Schley 129 # Fixed spelling and grammar errors in com_menus 130 # Fixed changelog formatting. 131 132 133 13-Dec-2006 Enno Klasing 134 + Added security warning message to the installer component 135 # Fixed [artf6522] : Quotes in User Name breaks checkedOut overlib 136 * SECURITY A1 [ Medium Level ] : Removed unneeded legacy functions 137 138 139 12-Dec-2006 Enno Klasing 140 # Fixed bug in TinyMCE: help screen disabled 141 # Fixed IE7 display bug with mosTabs 142 # Fixed [artf7028] : Two bugs in TinyMCE 143 144 145 11-Dec-2006 Enno Klasing 146 # Fixed [artf7021] : Bug with com_messages and message titles including a single quote 147 148 149 10-Dec-2006 Rob Schley 150 # Fixed grammar problems in SQL data. 151 # Fixed grammar problem in com_config. 152 # Fixed usages of "Joomla!" missing the exclamation point. 153 154 155 10-Dec-2006 Enno Klasing 156 # Fixed [artf6762] : mos_section showing unexpected behavior 157 # Fixed IE7 display bug in the toolbar of the polls component 158 159 160 07-Dec-2006 Rob Schley 161 # Fixed [artf6863] : Changed the include file from template_css.css to offline.css to avoid conflicting styles 162 163 164 07-Dec-2006 Enno Klasing 165 # Fixed [artf6296] : josSpoofCheck does not check arrays and generates php warning 166 167 168 06-Dec-2006 Marko Schmuck 169 # Fixed [artf6884] : mosimage align=right causes problems in IE6 170 # Fixed [artf6779] : Link-URL containing character ] breaks 171 172 173 06-Dec-2006 Enno Klasing 174 # Fixed [artf6922] : Registration not working as expected (JavaScript popups) 175 176 177 06-Dec-2006 Mateusz Krzeszowiec 178 # Fixed [artf6832] : getItemid() function in joomla.php will not return correct $Itemid 179 # Fixed [artf6522] : Quotes in User Name breaks checkedOut overlib, continued 180 # Fixed [artf6786] : sef.php and multilingual config 181 182 183 05-Dec-2006 Rastin Mehr 184 # Fixed [artf6751] : Banner upload target directory bug 185 # Fixed [artf6522] : Quotes in User Name breaks checkedOut overlib, fixed similiar bugs from another report 186 187 188 02-Dec-2006 Sam Moffatt 189 # Fixed [artf6484] : com_registration bug (removed SQL error message) 190 191 192 01-Dec-2006 Enno Klasing 193 # Fixed [artf6903] : Anchors to Frontpage in SEF-URLs 194 # Fixed [artf6901] : LIMIT in MySQL queries 195 # Fixed [artf6844] : Javascript escape bug for poll.php 196 # Fixed [artf5788] : Frontpage content item category links enable section links 197 198 199 30-Nov-2006 Rastin Mehr 200 # Fixed [artf6577] : Registration name, username & email cleanups: spaces not allowed 201 202 203 30-Nov-2006 Emir Sakic 204 # Fixed [artf6841] : Submit Contact Form doesn't work with deactivated cookies 205 # Fixed [artf6846] : Error with new document - without categories 206 207 208 30-Nov-2006 Mateusz Krzeszowiec 209 # Fixed [artf6786] : sef.php and multilingual config 210 211 212 30-Nov-2006 Marko Schmuck 213 # Fixed [artf6921] : [patch] fixing a bug on modules/mod_archive.php 214 # Fixed [artf6876] : Orphan user information in phpGACL tables after user was deleted 215 216 217 29-Nov-2006 Mateusz Krzeszowiec 218 # Fixed [artf6749] : bot mosloadposition stippes $ 219 # Fixed [artf1527] : "open_basedir restriction" warning 220 221 222 28-Nov-2006 Enno Klasing 223 # Fixed [artf6766] : Login form; you are not authorized... 224 # Fixed [artf6765] : Login form problem 225 # Fixed [artf6567] : Change error message for cookie test failure 226 227 228 27-Nov-2006 Enno Klasing 229 # Fixed [artf6860] : Admin Login and PHP's session.auto_start 230 231 232 27-Nov-2006 Emir Sakic 233 # Fixed [artf6865] : Relocate <script> element below <title> and <meta> elements for XHTML compliance 234 # Fixed [artf6863] : Extra CSS include for styling offline.php 235 # Fixed [artf6858] : Encoding/Template issues on backend 236 # Fixed [artf6859] : Bug in com_content security check for new content 237 238 239 25-Nov-2006 Rastin Mehr 240 # Fixed [artf6439] : https switchover not working (as did in mambo 4.5.2 and early joomla) 241 242 243 21-Nov-2006 Emir Sakic 244 # Fixed [artf6847] : XHTML syntax incompliance 245 # Fixed [artf6833] : Javascript alert messages on IE display without proper encoding in Internet Explorer 246 247 248 21-Nov-2006 Marko Schmuck 249 # Fixed [artf6828] : Poorly formed HTML in admin.contact.html.php 250 251 252 21-Nov-2006 Andrew Eddie 253 # Added 3 new language constants for systems errors (namely database issues) 254 255 256 20-Nov-2006 Marko Schmuck 257 # Fixed [artf6673] : Untranslated submit button, content component 258 259 260 20-Nov-2006 Enno Klasing 261 # Fixed [artf6816] : Hit counter not correct if caching is enabled 262 # Fixed [artf6753] : add banner client ID in admin view 263 264 265 19-Nov-2006 Enno Klasing 266 # Fixed [artf6764] : IE7 Table Alignment Bug 267 268 269 15-Nov-2006 Marko Schmuck 270 # Fixed [artf6763] : Joomla.php - build the multiple select list 271 # Fixed [artf6752] : mms:// not resolving in menus 272 273 274 15-Nov-2006 Enno Klasing 275 # Fixed [artf6613] : User rating, second rating, incorrect message 276 277 278 15-Nov-2006 Mateusz Krzeszowiec 279 # Fixed [artf5926] : Few other Itemid issues solved 280 281 282 14-Nov-2006 Marko Schmuck 283 # Fixed : css file handling in content backend preview 284 285 286 13-Nov-2006 Enno Klasing 287 # Fixed [artf5924] : JavaScript and HTML-Error in mod_wrapper 288 289 290 12-Nov-2006 Alex Kempkens 291 # Fixed [artf6713] : double title in the pathway 292 293 294 12-Nov-2006 Mateusz Krzeszowiec 295 # Fixed [artf6611] : Admin, copy section issues 296 297 298 11-Nov-2006 Enno Klasing 299 # Fixed [artf6720] : Wrong markup on com_media 300 301 302 10-Nov-2006 Emir Sakic 303 # Fixed [artf6709] : Media Manager Error for uploading a file, without select anything 304 305 306 09-Nov-2006 Enno Klasing 307 # Fixed [artf6058] : Apostrophes not stripslashed in Category names 308 309 310 09-Nov-2006 Emir Sakic 311 # Fixed [artf6175] : Javascript - Error in function previewImage() 312 313 314 08-Nov-2006 Rey Gigataras 315 # Fixed [artf6689] : TinyMCE updated to 2.0.8 316 # Fixed [artf6689] : TinyMCE GZip compressors updated to 1.0.9 317 318 319 08-Nov-2006 Enno Klasing 320 # Fixed [artf6528] : Wrong markup in two admin modules 321 # Fixed [artf6350] : overDiv not created in proper place 322 323 324 03-Nov-2006 Alex Kempkens 325 # Fixed [artf6415] : Tooltip or function is not correct in Global Configuration 326 # Fixed [artf6650] : Flyover help not translated in com_content 327 328 329 03-Nov-2006 Mateusz Krzeszowiec 330 # Fixed [artf6542] : Quotes in User Name lost when editing 331 # Fixed [artf6522] : Quotes in User Name breaks checkedOut overlib 332 333 334 03-Nov-2006 Enno Klasing 335 # Fixed [artf6589] : Missing index.html files 336 # Fixed [artf6500] : media manager too easily classifies a file as a mediafile 337 338 339 02-Nov-2006 Samuel Moffatt 340 # Fixed [artf6484] : com_registration bug 341 342 343 01-Nov-2006 Emir Sakic 344 ^ Changed new version and forum security links to universal ones with redirects on joomla.org 345 # Fixed [artf6131] : UNC support in Joomla 346 # Fixed wrong align of drop-down lists in admin content item manager 347 348 349 30-Oct-2006 Mateusz Krzeszowiec 350 # Fixed [artf6132] : Admin Session not completely emptied on logout, also removed some code (doublecheck) in administrator/logout.php continued 351 352 353 29-Oct-2006 Mateusz Krzeszowiec 354 # Fixed [artf6132] : Admin Session not completely emptied on logout, also removed some code (doublecheck) in administrator/logout.php 355 # Fixed templates/madeyourweb/images/indent1.png and indent2.png file size 356 # Fixed [artf6160] : Admin, copy category issues, changed message after copy 357 # Fixed : Admin, move category issues, changed message after move 358 # Fixed [artf6581] : #__poll_data install SQL incorrect 359 360 361 26-Oct-2006 Emir Sakic 362 ^ Removed version check - [artf6486] : Remove "Your Joomla! Installation is ... days old" messages 363 364 365 22-Oct-2006 Mateusz Krzeszowiec 366 # Fixed [artf6441] : Incorrect spelling Poll 367 # Fixed [artf6160] : Admin, copy category issues 368 # Fixed : Admin, move category issues 369 # Fixed : Small security issue in com_categories - no input validation 370 371 372 21-Oct-2006 Enno Klasing 373 # Fixed [artf6253] : Content Blog Section, several notices 374 # Fixed [artf6440] : Menu name htmlentitized when toggling published/unpublished 375 376 377 19-Oct-2006 Enno Klasing 378 # Fixed [artf6470] : pageNavigation/php - minor bug/improvement 379 # Fixed [artf5890] : Content item count incorrect (public/registered) 380 381 382 18-Oct-2006 Marko Schmuck 383 # Fixed [artf5229] : database.php: loadRowList($key) not working as expected 384 385 386 16-Oct-2006 Alex Kempkens 387 ^ little query issue for multilingual support (frontpage/search bot) 388 389 390 15-Oct-2006 Enno Klasing 391 # Fixed [artf6430] : htaccess tweak 392 393 394 15-Oct-2006 Emir Sakic 395 # Fixed [artf5760] : 'more' functionality in blogs showing links even though they shouldn't 396 # Fixed [artf6058] : Apostrophes not stripslashed in Category names 397 398 399 11-Oct-2006 Emir Sakic 400 # Fixed [artf6141] : check all in com_trash for menu items 401 402 403 10-Oct-2006 Emir Sakic 404 ^ Refactored admin trash manager to be consistent with other managers 405 # Fixed [artf6141] : com_trash administrative component navigation problem 406 407 408 04-Oct-2006 Sam Moffatt 409 # Fixed [artf5955] : get_group_parents() with default $recurse parameter 410 # Fixed [artf6181] : Search: Itemid in com_search also gets wrong Itemid's 411 # Fixed [artf6172] : (FRONTEND)mosPageNavigation::writeLeafsCounter doesn't diplay correct page numbers 412 # Fixed [artf6169] : showCategories produces non w3c valid list 413 414 415 03-Oct-2006 Mateusz Krzeszowiec 416 # Fixed [artf5926] : Incorrect determination of Itemid for content items links in Blog - Content Section, look in tracker for details 417 418 419 01-Oct-2006 Mateusz Krzeszowiec 420 # Fixed [artf6074] : Joomla! using trashed menu item permission level in some cases 421 # Fixed [artf6084] : com_content division by zero warning 422 # Fixed [artf6153] : Invalid constant in field description 423 424 425 23-Sep-2006 Mateusz Krzeszowiec 426 # Fixed [artf6004] : Search results include several hits for the same document 427 # Fixed [artf6041] : username when sending PM instead of name 428 # Fixed [artf5989] : not optimal mosMakePassword() 429 430 431 22-Sep-2006 Enno Klasing 432 # Fixed [artf5983] : Undefined variables in com_content 433 # Fixed [artf5985] : Missing htmlspecialchars for module title 434 # Fixed [artf5934] : Mail sent via "Email a friend" has bad link 435 # Fixed [artf6011] : HTML entities appearing in plain-text emails from com_content 436 # Fixed [artf5986] : mosMail and empty sender information 437 # Fixed [artf6075] : "CheckIn My Items" checks in all Items 438 439 440 22-Sep-2006 Marko Schmuck 441 # Fixed [artf5507] : "&" character in Global Site Meta Description field results in "&amp;" 442 # Fixed [artf5788] : Frontpage content item category links enable section links, and section links generate '&' and not '&' in their html 443 444 445 20-Sep-2006 Emir Sakic 446 # Fixed [artf5202] : administrator typed content search pagination problem 447 # Fixed [artf5908] : Menu Item in Pathway not linked when custom pathway appended 448 449 450 18-Sep-2006 Mateusz Krzeszowiec 451 # Fixed [artf5848] : Poll component not displaying info, XML file moved to proper directory 452 453 454 18-Sep-2006 Sam Moffatt 455 # Fixed [artf5887] : mosMakePath mkdir with trailing slash not working (when using hardened PHP) 456 457 458 17-Sep-2006 Enno Klasing 459 # Full scale audit of all database queries 460 # Altered mosArrayToInts to allow arrays with non-numeric indexes 461 # Added check to com_categories if requested table exists 462 # Fixed [artf5961] : mosMessage::send() uses noninitialized variables 463 464 465 14-Sep-2006 Marko Schmuck 466 # Fixed [artf5481] : Parameter values not made HTML safe in editing form input control 467 # Fixed [artf5906] : "New" icon missing in sections with categories but no content 468 # Fixed [artf5166] : Server Time offset issue, while submitting news 469 470 471 14-Sep-2006 Sam Moffatt 472 # Fixed [artf5476] : Template media import broken. Cannot import media files. 473 474 475 12-Sep-2006 Sam Moffatt 476 # Fixed [artf5866] : com_content uses corrupted global $id for page navigation 477 # Fixed [artf5719] : header_version.png right top 478 479 480 10-Sep-2006 Marko Schmuck 481 # Fixed [artf5761] : single quote in sitename formats incorrectly with massmail 482 # Fixed [artf5249] : Image align="center" command is Invalid - Should be align="middle" 483 484 485 09-Sep-2006 Marko Schmuck 486 # Fixed [artf5753] : ampersand in action URL of showArchiveCategory form should be an entity 487 # Fixed [artf5493][topic,81903] : Search error in PHP5 arraymerge - search for static content without a menulink 488 489 490 06-Sep-2006 Marko Schmuck 491 # Fixed [artf5367] : Better mysql statement in content.searchbot.php 492 # Fixed [artf5141] : image attribute name="image" breaks xhtml compliance when output multiple times 493 # Fixed [artf5811] : Search component generates invalid html 494 495 496 06-Sep-2006 Andrew Eddie 497 # Fixed [artf5799] : mysql_real_escape_string called incorrectly in database.php 498 # Fixed [artf5581] : canDelete method doesn't work 499 500 501 31-August-2006 Mateusz Krzeszowiec 502 # Fixed [artf5780] : lack of 'new' task in allowed tasks check 503 # Fixed [artf5779] : lack of 'com_typedcontent' option in allowed options check 504 505 506 31-August-2006 Marko Schmuck 507 # Fixed [artf5770] : $query variable not defined in functions in gacl.api.class.php 508 # Fixed [artf3978] : mosBindArrayToObject ignore bug 509 # Fixed [artf5169] : mosDBTable::publish hard coded key again 510 # Fixed [artf5280] : SEF drops anchors 511 # Fixed [topic,90725] : incorrect timezone values in config_offset_user dropdown 512 # Fixed [artf5766] : Bannerupload failt 513 # Fixed [artf5727] : mosTabs parent div class name error 514 # Fixed [artf5432] : slashes not stripped in WebLinks 515 # Fixed [artf5215][artf5412] : Successfully Saved Item: {title} ... slashes not stripped from title 516 517 518 ---------------------------------------------------------------------------------------- 519 ---------------- 1.0.11 Stable Released -- [28-August-2006 20:00 UTC] ------------------ 520 521 522 This Release Contains the following 26 Security Fixes 523 524 Joomla! utilizes the Open Web Application Security Project (OWASP) Top Ten Project to categorize security vunerabilities found within Joomla! 525 http://www.owasp.org/index.php/OWASP_Top_Ten_Project 526 527 --- - - - - - - - - --- 528 529 04 HIGH Level Threats fixed 530 531 A1 Unvalidated Input 532 * Secured mosMail() against unvalidated input 533 * Secured JosIsValidEmail() - in previous versions the existance of an email address somewhere in the string was sufficient 534 535 A6 Injection Flaws 536 * Fixed remote execution issue in PEAR.php 537 * Fixed Zend Hash Del Key Or Index Vulnerability 538 539 --- - - - - - - - - --- 540 541 04 MEDIUM Level Threats fixed 542 543 A1 Unvalidated Input 544 * globals.php not included in administrator/index.php 545 546 A2 Broken Access Control 547 * Added Missing defined( '_VALID_MOS' ) checks 548 * Limit Admin `Upload Image` from uploading below `/images/stories/` directory 549 * Fixed do_pdf command bypassing the user authentication 550 551 --- - - - - - - - - --- 552 553 18 LOW Level Threats fixed 554 555 A1 Unvalidated Input 556 * Hardened Admin `User Manager` 557 * Hardened poll module 558 * Fixed josSpoofValue function to ensure the hash is a string 559 560 A2 Broken Access Control 561 * Secured com_content to not allow the tasks 'emailform' and 'emailsend' if $mosConfig_hideEmail is set 562 * Fixed emailform com_content task bypassing the user authentication 563 * Limit access to Admin `Popups` functionality 564 565 A4 Cross Site Scripting 566 * Fixed XSS injection issue in Admin `Module Manager` 567 * Fixed XSS injection issue in Admin `Help` 568 * Fixed XSS injection issue in Search 569 570 A6 Injection Flaws 571 * Harden loading of globals.php by using require() instead of include_once(); 572 * Block potential misuse of $option variable 573 * Block against injection issue in Admin `Upload Image` 574 * Secured against possible injection attacks on ->load() 575 * Secured against injection attack on content submissions where frontpage is selected 576 * Secured against possible injection attack thru mosPageNav constructor 577 * Secured against possible injection attack thru saveOrder functions 578 * Add exploit blocking rules to htaccess 579 * Harden ACL from possible injection attacks 580 581 582 -- -- -- -- -- ---- -- ---- -- ---- -- ---- -- ---- -- ---- -- ---- -- ---- -- ---- -- ---- -- -- 583 584 585 28-Aug-2006 Rey Gigataras 586 # SECURITY A6 [ LOW Level ]: Block potential misuse of $option variable 587 588 589 28-Aug-2006 Andrew Eddie 590 # SECURITY A6 [ LOW Level ]: Harden ACL from possible injection attacks 591 592 593 24-Aug-2006 Rey Gigataras 594 # SECURITY A6 [ LOW Level ]: Add exploit blocking rules to htaccess 595 # SECURITY A6 [ LOW Level ]: Harden loading of globals.php by using require() instead of include_once(); 596 597 + Installation Security Warning check 598 + Admin & Installation Version age warning 599 600 601 23-Aug-2006 Rey Gigataras 602 # SECURITY A2 [ MEDIUM Level ]: Missing defined( '_VALID_MOS' ) checks 603 604 + Admin Security Warning check 605 606 607 21-Aug-2006 Rey Gigataras 608 # SECURITY A1 [ LOW Level ]: Hardened Admin `User Manager` 609 610 611 19-Aug-2006 Rey Gigataras 612 # SECURITY A2 [ MEDIUM Level ]: Limit Admin `Upload Image` from uploading below `/images/stories/` directory 613 # SECURITY A2 [ LOW Level ]: Limit access to Admin `Popups` functionality 614 # SECURITY A4 [ LOW Level ]: [topic,73761] : XSS injection issue in Admin `Module Manager` 615 # SECURITY A4 [ LOW Level ]: [topic,73761] : XSS injection issue in Admin `Help` 616 # SECURITY A4 [ LOW Level ]: [topic,73761] : XSS injection issue in Search 617 # SECURITY A6 [ LOW Level ]: [topic,73761] : Block against injection issue in Admin `Upload Image` 618 619 620 19-Aug-2006 Enno Klasing 621 # SECURITY A1 [ HIGH Level ]: Secured mosMail() against unvalidated input 622 # SECURITY A1 [ HIGH Level ]: Secured JosIsValidEmail() - in previous versions the existance of an email address somewhere in the string was sufficient 623 # SECURITY A2 [ LOW Level ]: Secured com_content to not allow the tasks 'emailform' and 'emailsend' if $mosConfig_hideEmail is set 624 625 # Fixed : Empty subject in com_content mail2friend no longer possible 626 # Fixed : Show error message if com_content mail2friend fails 627 # Fixed : Show error message if com_contact mail fails 628 ^ Moved all instances of is_email() amalgamated into JosIsValidEmail in /includes/joomla.php 629 630 631 18-Aug-2006 Rey Gigataras 632 # SECURITY A1 [ MEDIUM Level ]: globals.php not included in administrator/index.php 633 # SECURITY A2 [ MEDIUM Level ]: do_pdf command bypasses the user authentication 634 # SECURITY A2 [ LOW Level ]: emailform com_content task bypasses the user authentication 635 # SECURITY A1 [ LOW Level ]: harden poll module 636 637 # Fixed [topic,72209] : Mambots fired on Modules 638 + enable selective disabling of `Email Cloaking` bot via {emailcloak=off} 639 640 641 17-Aug-2006 Rey Gigataras 642 + PERFORMANCE : Cache handling expanded to com_content showItem 643 # Fixed [artf5266] : Blog-view shows "more..." even without intros 644 # Fixed [topic,81673] : frontend.php itemid issue 645 646 647 17-Aug-2006 Mateusz Krzeszowiec 648 # Fixed logging query before applying LIMIT 649 650 651 15-Aug-2006 Marko Schmuck 652 # SECURITY A6 [ LOW Level ]: possible injection attacks on ->load() 653 654 655 15-Aug-2006 Andrew Eddie 656 # SECURITY A6 [ HIGH Level ]: remote execution issue in PEAR.php 657 658 659 15-Aug-2006 Mateusz Krzeszowiec 660 # PERFORMANCE [topic,83325] : SQL LIMIT in com_content frontend 661 662 663 14-Aug-2006 Andrew Eddie 664 # SECURITY A6 [ LOW Level ]: Injection attack on content submissions where frontpage is selected 665 # SECURITY A6 [ LOW Level ]: possible injection attack thru mosPageNav constructor 666 # SECURITY A6 [ LOW Level ]: possible injection attack thru saveOrder functions 667 668 669 07-Aug-2006 Andrew Eddie 670 # SECURITY A6 [ HIGH Level ]: Zend Hash Del Key Or Index Vulnerability 671 # SECURITY A1 [ LOW Level ]: josSpoofValue function to ensure the hash is a string 672 673 674 28-July-2006 Robin Muilwijk 675 # Fixed [artf5291] : missing onChange javascript code for filter field 676 677 678 27-July-2006 Robin Muilwijk 679 # SECURITY A2 [ MEDIUM Level ]: [artf5335] : missing direct access line 680 681 # Fixed [artf5282] : missing table row tag and self closing tag 682 # Fixed [artf5297] : small html errors 683 684 685 17-July-2006 Robin Muilwijk 686 # Fixed [artf5157] : typo in media manager 687 # Fixed [artf5218] : duplicate entry of artf5157, typo in media manager 688 689 690 03-July-2006 Rey Gigataras 691 # Fixed [artf5181] : 5 step for unrecoverable admin-page crash. 692 # Fixed [artf5123] : Wrong name of function in joomla.cache.php 693 # Fixed [artf5126] : includes/database.php uses deprecated function 694 # Fixed [artf5171] : mosGetParam Default value issue 695 # Fixed [artf5112] : A mere mistake in the file contact.html.php 696 697 698 -------------------------------------------------------------------------------------- 699 ---------------- 1.0.10 Stable Released -- [26-June-2006 00:00 UTC] ------------------ 700 701 702 This Release Contains following Security Fixes 703 704 Joomla! utilizes the Open Web Application Security Project (OWASP) web application security system to categorize security vunerabilities found within Joomla! 705 http://www.owasp.org/index.php/OWASP_Top_Ten_Project 706 707 708 03 HIGH Level Threats fixed in 1.0.10 709 710 A1 Unvalidated Input 711 * A1 - Secured `Remember Me` functionality against SQL injection attacks 712 * A1 - Secured `Related Items` module against SQL injection attacks 713 * A1 - Secured `Weblinks` submission against SQL injection attacks 714 715 716 01 MEDIUM Level Threats fixed in 1.0.10 717 718 A4 Cross Site Scripting 719 * A4 - Secured SEF from XSS vulnerability 720 721 722 05 LOW Level Threats fixed in 1.0.10 723 724 A1 Unvalidated Input 725 * A1 - Hardened frontend submission forms against spoofing 726 * A1 - Secured mosmsg from misuse 727 * A1 - Hardened mosgetparam by setting variable type to integer if default value is detected as numeric 728 729 A4 Cross Site Scripting 730 * A4 - Secured com_messages from XSS vulnerability 731 * A4 - Secured getUserStateFromRequest() from XSS vulnerability 732 733 -- -- -- -- -- ---- -- ---- -- ---- -- ---- -- ---- -- ---- -- ---- -- ---- -- ---- -- ---- -- -- 734 735 736 25-June-2006 Rey Gigataras 737 # SECURITY A1 [ Low Level ]: mosgetparam sets variable type to integer if default value is detected as numeric 738 739 # Fixed [artf5091] : Missing closing "}" in one of PatFactory templates 740 # Fixed [topic,71858] : Content Archive issue when caching on 741 # Fixed [topic,71859] : Unable to login frontend 742 # Fixed [topic,67902] : SEF.php breaking community builder homepages 743 744 745 23-June-2006 Rey Gigataras 746 # SECURITY A1 [ Low Level ]: mosmsg hardened 747 748 # Fixed [artf5059] : Blog ordering, items by - most hits 749 # Fixed [artf4969] : Missing Itemid in readmore with multi category blog 750 # Fixed [artf5083] : Problem with Description/Description Image parameters of "List - Content Section" 751 # Fixed [topic,67719] : Email Cloaking Ads extra space after cloaked address 752 # Fixed [topic,66966] : E-mailing Cloaking Issue 753 # Fixed [topic,67141] : pathway empty when showing poll results 754 # Fixed [topic,67068] : Caching of Custom Heads still not working (not a full fix) 755 756 757 21-June-2006 Alex Kempkens 758 # Fixed [artf5051] : Making cache aware of different languages 759 ! Be aware that it is now important to include all parameters, even optional once, in the cached calls. 760 761 762 21-June-2006 David Gal 763 # Fixed [topic,66858] : Can't set language 764 765 766 21-June-2006 Rey Gigataras 767 # SECURITY A4 [ Medium Level ]: XSS vulerability when using SEF 768 # SECURITY A4 [ Low Level ]: XSS vulerability in com_messages 769 # SECURITY A4 [ Low Level ]: XSS vulerability in getUserStateFromRequest() 770 771 # Fixed [artf4976] : htaccess file instructions confusing users 772 # Fixed [artf4917] : PHP getenv function fails in ISAPI mode 773 # Fixed [topic,69083] : mambots not being applied to `User` Module content 774 # Fixed [topic,69894] : Filter doesn't work when cache on 775 776 777 20-June-2006 Rey Gigataras 778 # Fixed [artf5025] : Category Titles with an Apostraphe leave a leading slash 779 # Fixed [artf4927] : blocked user receives wrong error message 780 # Fixed [topic,70612] : Very small text error in file sample_data.sql 781 # Fixed [topic,69871] : mossef notice 782 # Fixed [topic,68031] : Problems with banner.php 783 # Fixed [topic,67826] : content.html weblinks.html display issues in Opera 784 # Fixed [topic,67594] : Extra space in content.html.php 785 # Fixed [topic,67016] : ATOM 0.3 Always enable even I disable ATOM 0.3 in Administrator Panel 786 787 788 19-June-2006 Rey Gigataras 789 # SECURITY A1 [ High Level ]: `Remember Me` functionality SQL injection vulnerability 790 # SECURITY A1 [ High Level ]: `Related Items` module SQL injection vulnerability 791 # SECURITY A1 [ High Level ]: `weblinks` submission SQL injection vulnerability 792 # SECURITY A1 [ Low Level ]: frontend submission forms hardened against spoofing 793 794 # Fixed [artf5031] : Frontend Editing of Content Changes Start Publishing Time 795 # Fixed [artf4951] : author submitting content gets error message 796 # Fixed [artf5028] : Page navigation incorrect on pages viewed through archive module 797 798 799 16-June-2006 Rey Gigataras 800 # Fixed [artf5006] : Contact-item print button 801 # Fixed [artf4925] : alt="" not always output 1.0.9 802 # Fixed [artf4921] : anchor links break 803 # Fixed [artf4888] : too many columns in table layout of params 804 # Fixed [topic,66859] : Table views of content category in backend 805 # Fixed [topic,68201] : Permissions check page missing /mambots/system/ 806 # Fixed [topic,67115] : Error warning frontend.php 807 # Fixed [topic,67144] : Check for status of SEF in mossef incorrectly commented out 808 # Fixed [topic,67279] : Voting/Rating not working when disabled globally, but enabled locally for selected items 809 810 # PERFORMANCE [topic,63468] : mod_fullmenu unnecessary count of archived items in section query 811 812 813 12-June-2006 Rey Gigataras 814 # Fixed [artf4913] : Poll Module breaks "Add Article" 815 # Fixed [artf4929] : Finish date not shown 816 # Fixed [artf4881] : Extra space in English email text string 817 # Fixed [topic,68467] : If 2 polls published - voiting on second poll not work 818 819 820 10-June-2006 Robin Muilwijk 821 # Fixed [topic,68168] : Typo /administrator/components/com_content/admin.content.html.php - line 478 822 # Fixed [topic,68168] : Typo /administrator/components/com_typedcontent/admin.typedcontent.html.php - line 266 823 824 825 -------------------------------------------------------------------------------------- 826 ---------------- 1.0.9 Stable Released -- [05-June-2006 16:00 UTC] ------------------ 827 828 829 This Release Contains following Security Fixes 830 831 Joomla! utilizes the Open Web Application Security Project (OWASP) web application security system to categorize security vunerabilities found within Joomla! 832 http://www.owasp.org/index.php/OWASP_Top_Ten_Project 833 834 835 12 Low Level Threats fixed in 1.0.9 836 837 A1 Unvalidated Input 838 * A1 - Harden mosmsg 839 * A1 - Hardening of backend `User Manager` to stop 'Adminstrators' from being able to create 'Super Administrator' users 840 841 A2 Broken Access Control 842 * A2 - Breadcrumbs title visibility even when access restricted 843 * A2 - 'Edit Your Details' page now needs a published menu item to be accessible 844 * A2 - 'Check-In My Items' page now needs a published menu item to be accessible 845 * A2 - 'Submit News' page now needs a published menu item to be accessible 846 * A2 - 'Submit Weblink' page now needs a published menu item to be accessible 847 * A2 - Add ability to selectively disable certain types of syndicated feeds 848 * A2 - Ensure module caching does not inadvertently make special level modules visible to registered users 849 * A2 - Add ability to totally disable access to frontend login page 850 * A2 - Add ability to disable frontend user params 851 852 A3 - Broken Authentication and Session Management 853 * A3 - Changes to access level of user account will kill any active session for that user 854 855 -- -- -- -- -- ---- -- ---- -- ---- -- ---- -- ---- -- ---- -- ---- -- ---- -- ---- -- ---- -- -- 856 857 858 04-June-2006 Rey Gigataras 859 # Fixed [artf4878] : inlegal dates in mysqll tables 860 # Fixed : missing content cache clearing calls 861 862 863 03-June-2006 Rey Gigataras 864 # Fixed [artf4864] : /includes/frontend.php 865 # Fixed [topic,66138] : Invailid Session at Admin login 866 # Fixed [topic,66044] : Installation checks 867 # Fixed [topic,66276] : admin password ="0" 868 # Fixed : No ability to set Cache time for Syndication modules 869 # Fixed : `Remember Expired Admin page` functionality changed from 600 seconds to half the `Admin Session Lifetime` value 870 # Fixed : Admin session purge (to limit only one active session per account) deleting frontend logged in session 871 872 873 03-June-2006 Robin Muilwijk 874 # Fixed [topic,66360] : Fatal error com_contact/contact.php 875 876 877 01-June-2006 Rey Gigataras 878 # Fixed : New Global Config params (added in 1.0.9) not created on clean install 879 880 881 31-May-2006 Rey Gigataras 882 # SECURITY A2 [ Low Level ]: New `Global Config` param to allow disabling of Frontend Login 883 # SECURITY A2 [ Low Level ]: New `Global Config` param to allow disabling of Frontend User params 884 885 # Fixed [artf4844] : initial setup failure on IIS when installed in subdirectory 886 # Fixed [topic,65009] : "Email to Friend" Can Send Unusable URLs 887 # Fixed [topic,65604] : Notices when adding static content 888 # Fixed [topic,65485] : Bug with menu item selector 889 # Fixed : DB error when attempting a checkin action after cancelling from creating a New item 890 891 892 30-May-2006 Rey Gigataras 893 # Fixed [topic,65381] : Override Created Date 894 # Fixed [artf4830] : top menu items reversed in madeyourweb template 895 896 897 29-May-2006 Rey Gigataras 898 # SECURITY A2 [ Low Level ]: [artf4752] : caching makes modules assigned to special user visible to registered users 899 900 # Fixed [artf4812] : In footer.php (C) should be © 901 # Fixed [artf4806] : typo in mambots/search/contacts.searchbot.php causes sef errors 902 # Fixed [artf4752] : patTemplate strip comments problems 903 # Fixed [artf4752] : rss.php unnecessary logic code check 904 # Fixed [topic,64994] : problem with related items 905 # Fixed [topic,64046] : adding new content Frontend fails with Authorization Error 906 907 908 27-May-2006 Rey Gigataras 909 # Fixed [topic,64308] : cache and content items on frontpage 910 # Fixed [topic,63824] : Notice on com_contact 911 # Fixed [artf4801] : inputFilter::filterTags prints unexpected text 912 913 914 23-May-2006 Rey Gigataras 915 # Fixed [topic,63674] : MySQL 5 strict mode in Admin Backend 916 917 918 22-May-2006 Rey Gigataras 919 # PERFORMANCE [topic,63468] : slow auto-login because of new MD5 calculations on whole users DB 920 921 # Fixed [topic,63446] : Category and Section 922 923 924 21-May-2006 Rey Gigataras 925 # Fixed [artf4714] : Can't add Menu Item :: Link - Static Content 926 # Fixed : "Unique Itemid" handling for `Link - Content Item` 927 # Fixed : Add "Unique Itemid" handling for `Link - Static Content` 928 # Fixed [artf4714] : Can't add Menu Item :: Link - Static Content 929 # Fixed [topic,62056] : Copyright date 930 931 932 20-May-2006 Rey Gigataras 933 # Fixed [artf4733] : Module Manager reorder via save button broken 934 # Fixed [artf4736] : Quotation marks in Site Name 935 # Fixed [topic,63257] : Notice when creating new category 936 937 938 18-May-2006 Rey Gigataras 939 # Fixed [artf4700] : pathway ampReplaces item name twice 940 # Fixed [artf4712] : 'type' of $mosConfig_error_reporting does not match code 941 942 + Remember Expired Admin page functionality 943 944 945 17-May-2006 Rey Gigataras 946 # Fixed [artf4673] : setlocale 947 # Fixed [artf4685] : unhandled fragment identifier with core SEF enabled 948 # Fixed [artf4678] : Print, PDF and email buttons aren't accessible 949 # Fixed [topic,62124] : Hover for icons when editing content in front-end 950 # Fixed [topic,62165] : Canot login - admin_session_life not set 951 952 953 15-May-2006 Rey Gigataras 954 # Fixed [topic,61926] : Frontend static language text 955 # Fixed [topic,61971] : E-mail cloaking broken, TinyMCE `mce_href` problem 956 # Fixed : Frontend Content editing does not display correct publishing date/time 957 # Fixed : Frontend Content editing incorrect handling of 'Never' in `Finish Publishing` 958 # Fixed : Incorrect date/time values on `Content Items Manager` and `Static Content Manager` pages 959 960 961 14-May-2006 Rey Gigataras 962 * SECURITY A2 [ Low Level ]: add ability to selectively disable certain types of syndicated feeds 963 964 ^ Upgrade to TinyMCE 2.0.6.1 965 966 # Fixed [topic,61897] : Changing any parameter for logged user returns to login screen 967 968 969 13-May-2006 Rey Gigataras 970 * SECURITY A1 [ Low Level ]: [artf4529] : User with access to administration area can easly create super administrator. 971 972 # Fixed [artf4555] : Slight Bug in registration system 973 # Fixed [artf4641] : Module sites with one template - modules should not show up - itemid issue 974 # Fixed : `Itemid=99999999` appearing in next & prev navigation links 975 # Fixed : `Itemid=` appearing in `Blog` links items 976 977 978 13-May-2006 Andrew Eddie 979 # Fixed [artf3302] : PatTemplate custom Functions getpage() undefined 980 981 982 12-May-2006 Louis Landry 983 # Fixed [artf4284] : database::load() resets private properties 984 985 986 12-May-2006 Rey Gigataras 987 # Fixed [topic,60970] : Finish Publishing Time not working as expected 988 989 990 11-May-2006 Rey Gigataras 991 # Fixed [artf4614] : Warning in mosCreateGUID 992 # Fixed [artf4619] : task=category shows unpublished items 993 # Fixed [artf4621] : Media manager with long filenames = no button 994 # Fixed [artf4613] : Sub Menu Item deletion Security Bug 995 # Fixed [artf4613] : Restoring menu items without a valid parent 996 # Fixed [topic,59258] : bug when editing user profile 997 # Fixed [topic,61190] : Menu Item Inconsistency 998 999 1000 10-May-2006 Sam Moffatt 1001 # Fixed issue with login directly after activation causing error, now redirects to index.php 1002 1003 1004 09-May-2006 Rey Gigataras 1005 # Fixed [artf4577] : saveUser in com_user has incorrect escaping for password 1006 1007 1008 28-Apr-2006 Alex Kempkens 1009 # Fixed artf : Language loading incorrect in offline mode (related to Joom!Fish language changes) 1010 1011 1012 27-Apr-2006 Rey Gigataras 1013 + Support for restricting ability to access certain functionality for demo sites 1014 1015 # Fixed [artf4527] : incorrect style in function botNoEditorEditorArea 1016 # Fixed [topic,57926] : mod_poll.php Warning 1017 1018 1019 26-Apr-2006 Rey Gigataras 1020 # Fixed [artf3912] : Pear's cache lite and safe_mode 1021 # Fixed [artf3711] : mosemailcloak generates invalid XHTML 1022 # Fixed [artf3251] : Wrong file count in Media Manager 1023 # Fixed [artf3196] : com_media does not properly manage file names with simple quotes (') 1024 1025 1026 25-Apr-2006 Rey Gigataras 1027 ^ PERFORMANCE [topic,54215] : MOSimage array affects edit page load time 1028 1029 1030 24-Apr-2006 Rey Gigataras 1031 * SECURITY A3 [ Low Level ]: logged in user session are not affected by changes of user account 1032 1033 # Fixed [artf4503] : Hardcoded text in page navigation 1034 # Fixed [artf4473] : Bad char in search 1035 # Fixed [artf4499] : Editing Quotated Menu Item 1036 # Fixed [artf4472] : Creating New User system message only sends to superusers 1037 # Fixed : Unable to 'Delete' `Super Administrator` - with check to ensure at least one active `Super Administrator` still exists 1038 # Fixed : Unable to 'change' group of `Administrator` & `Super Administrator` - with check to ensure at least one active `Super Administrator` still exists 1039 1040 1041 20-Apr-2006 Rey Gigataras 1042 * SECURITY A3 [ Low Level ]: Allow only one session per user account in Admin Backend 1043 1044 + Allow `save` and `apply` actions to be completed before logging out expired sessions 1045 1046 1047 20-Apr-2006 Andrew Eddie 1048 # Fixed slow query in com_polls 1049 # Fixed return address errors in patErrorManager 1050 # Fixed MySQL 5 error when saving menu items 1051 1052 1053 18-Apr-2006 Rey Gigataras 1054 + Javascript validation checks to mod_poll 1055 1056 1057 16-Apr-2006 Rey Gigataras 1058 # Fixed [artf4424] : gethostbyaddr(): Address is not a valid IPv4 or IPv6 address 1059 # Fixed [artf4407] : Image preview doesn't work with custom directory 1060 # Fixed [topic,54741] : Who's Online guest count increments with RSS feed access 1061 1062 1063 14-Apr-2006 Rey Gigataras 1064 # Fixed [artf4400] : Search: Itemid in mod_search also finds trashed Itemid's 1065 # Fixed [artf4399] : Search title in com_search is never from language file 1066 1067 1068 12-Apr-2006 Rey Gigataras 1069 # Fixed [artf4346] : $mainframe->login($username,$pwd) compatibility broken 1070 # Fixed : `body` parameter for mailto tags 1071 1072 1073 11-Apr-2006 Rey Gigataras 1074 # Fixed [artf4340] : Itemid on menu - multiple links to same content 1075 # Fixed : cache support for `Blog - Content Section Archive` & `Blog - Content Category Archive` 1076 # Fixed : SEF.php incorrect handling of `mailto` & `javascript` links 1077 # Fixed : $shownoauth default value in `configuration.php-dist` 1078 # Fixed : `live_bookmarks` not being disbaled properly by security check; 1079 # Fixed : admin `contact` and `weblink` ordering 1080 1081 1082 08-Apr-2006 Rey Gigataras 1083 # Fixed [topic,45136.0] : stop Cache system from creating large amount of Cache files 1084 # Fixed [artf4302] : 'Read more' link is always displayed if 'Linked Titles' option enabled 1085 # Fixed [artf4304] : Bugs in search.html.php 1086 # Fixed : Content Popup page behaviour 1087 1088 1089 07-Apr-2006 Rey Gigataras 1090 # Fixed [artf4294] : InputFilter failed escaping string 1091 # Fixed [artf4050] : mod_mainmenu.php not setting id=active_menu 1092 1093 1094 06-Apr-2006 Rey Gigataras 1095 * SECURITY A2 [ Low Level ]: check for menu item added to 'Edit Your Details' page 1096 * SECURITY A2 [ Low Level ]: check for menu item added to 'Check-In My Items' page 1097 * SECURITY A2 [ Low Level ]: check for menu item added to 'Submit News' page 1098 * SECURITY A2 [ Low Level ]: check for menu item added to 'Submit Weblink' page 1099 1100 # Fixed [artf4282] : Extra Empty Menu Span Tags 1101 1102 1103 05-Apr-2006 Rey Gigataras 1104 # Fixed [artf4010] : When creating new module. Two modules are created when clicking save 1105 1106 1107 02-Apr-2006 Rey Gigataras 1108 # Fixed [artf3575] : Correction needed in stylesheet 1109 # Fixed [artf4089] : Problem with domit, extended characters and PHP 5.0.2 1110 1111 1112 01-Apr-2006 Rey Gigataras 1113 # Fixed [topic,50547.0.html] : Print statement left in class.inputfilter.php 1114 # Fixed [topic,48908.0.html] : Duplicate usernames / Length Checking 1115 1116 1117 31-Mar-2006 Rey Gigataras 1118 # Fixed [topic,46614.0.html] : mod_templatechooser not working when templates name has dashes 1119 1120 1121 30-Mar-2006 Rey Gigataras 1122 * SECURITY A1 [ Low Level ]: [artf3702] : breadcrumbs: information gathering possible by simple urlhacks 1123 1124 # Fixed [topic,47932.0.html] : 1.0.8 com_contact - incorrect URL? 1125 1126 ^ Upgrade to Geshi 1.0.7.8 1127 1128 1129 29-Mar-2006 Rey Gigataras 1130 # Fixed [artf4133] : Blog - Content Section Archive 1131 # Fixed [artf4093] : No parameter tool tip when ' is used in module.xml 1132 # Fixed [artf4028] : url to the site is added to the entered link in a menu item (SEF disabled) 1133 # Fixed [artf4102] : mosimage.php - Erroneous right alignment of images 1134 # Fixed [artf4131] : com_contact displays non-localized message 1135 1136 ^ Upgrade to TinyMCE 2.0.5.1 1137 ^ Upgrade to TinyMCE compressor 1.0.8 1138 ^ TinyMCE remove `Help` tab in help popup 1139 ^ TinyMCE 'word wrap' by default for html source mode 1140 1141 1142 27-Mar-2006 Alex Kempkens 1143 # corrcted searchbot; finding dynamic content while searching for static 1144 # updated core-SEF support for new multilingual_content config var 1145 1146 1147 24-Mar-2006 Alex Kempkens 1148 + Check for mambot/system directory in installer and installation dialogs 1149 # [artf4066] content sections not being translated 1150 1151 1152 16-Mar-2006 Rey Gigataras 1153 # Fixed [artf3913] : [artf3809]: Error with < AND > in tinymce - static content manager 1154 # Fixed : checked out lock icon visible for same user 1155 # Fixed : Global Config JS error when no session_type value yet set - issue only when upgrading 1156 # Fixed [topic,44206.0.html] : XML help files no longer supported 1157 1158 1159 15-Mar-2006 Rey Gigataras 1160 # Fixed [artf3927] : Typo in Installer Screen 1161 # Fixed [artf3940] : single quotes/apostrophes (') 1162 # Fixed [topic,46202.0.html] : Problem found in Session id function 1163 1164 1165 13-Mar-2006 Rey Gigataras 1166 ^ PERFORMANCE : com_content only add call to jos_content_rating where voting option activated 1167 1168 1169 12-Mar-2006 Rey Gigataras 1170 # Fixed [topic,44117.0.html] : com_menumanager can not handle simple quotes (') 1171 # Fixed [topic,34821.0.html] : Allow search on static contents not linked to a menu 1172 1173 ^ PERFORMANCE : com_statistics `Search Engine Text` page, results returned off by default as highly query intensive and can cause site lockup 1174 ^ `Page Hits` into `Content` sub-menu 1175 1176 1177 11-Mar-2006 Alex Kempkens 1178 # Fixed some queries missing primary key for translations (contact, newsfeed) 1179 1180 1181 11-Mar-2006 Rey Gigataras 1182 # Fixed [artf3873] : Invalid Itemid for com_content Category Link 1183 # Fixed [topic,45343.0.html] : Random image default behavoir 1184 1185 + PERFORMANCE : Auto purge of expired messages for com_messages [default of 7 days] 1186 1187 1188 10-Mar-2006 Rey Gigataras 1189 # Fixed [artf3885] : Remove the last hardcoded texts 1190 # Fixed [artf3713] : Joomla still doesn't work with SQL mode enabled 1191 1192 ^ Ensure showPathway is only called once 1193 1194 1195 09-Mar-2006 Rey Gigataras 1196 # Fixed [artf3863] : mod_whosonline double ONLINE 1197 # Fixed [topic,44644.0.html] : Miss spelled Position as Postition 1198 # Fixed [topic,41593.0.html] : Table - content section - filter works only for the first page 1199 1200 1201 08-Mar-2006 Rey Gigataras 1202 # Fixed [artf3847] : A mistake in joomla_admin template 1203 # Fixed [artf3748] : Archive - Access Denied 1204 # Fixed [artf3592] : Archive Pagination Problem 1205 # Fixed [topic,41627.0.html] : "Undefined variable: filter" 1206 # Fixed [topic,43315.0.html] : Static text in content.php 1207 # Fixed [topic,41466.0.html] : NullDate AND '0000-00-00 00:00:00' 1208 1209 ^ Global define of _CURRENT_SERVER_TIME 1210 ^ sef.php optimization 1211 1212 1213 07-Mar-2006 Rey Gigataras 1214 + Show whether Cache directory is writable where it is used - com_newsfeeds, com_syndicate, custom modules 1215 1216 # Fixed [artf3818] : Path error for agent_browser.php in joomla.php 1217 # Fixed ensure all require and include calls are using absolute paths 1218 1219 1220 06-Mar-2006 Rey Gigataras 1221 # Fixed [artf3756] : mossef bot rewrites javascript:void(0) in href 1222 # Fixed [artf3745] : includes/joomla.php on line 790 setSessionGarbageClean 1223 # Fixed [topic,41619.0.html] : mosimage caption problem 1224 # Fixed [topic,42023.0.html] : sample data error with Link - Static Content CID value 1225 1226 1227 02-Mar-2006 Rey Gigataras 1228 # Fixed [artf3728] : Error if change the "Syndicate" name in db table "jos_components" 1229 # Fixed [artf3731] : mod_newsflash shows errors when no items are available 1230 # Fixed [artf3733] : Site (frontend): url to the site is added to the entered link in a content item. 1231 # Fixed [artf3696] : Typo Site Mambot: Edit [ TinyMCE WYSIWYG Editor ] 1232 # Fixed [artf3658] : "New" Content Link/Image Showing With No Categories Present 1233 # Fixed [artf3697] : sefreltoabs error with links to other sites 1234 1235 1236 01-Mar-2006 Rey Gigataras 1237 * SECURITY A1 [ Low Level ]: Harden mosmsg 1238 1239 # Fixed [artf3656] : contact-component, dropdown 1240 1241 1242 28-Feb-2006 Rey Gigataras 1243 # Fixed [artf3655] : Login module error 1244 # Fixed [artf3668] : mosemailcloak bug with mailto: 1245 # Fixed [artf3681] : invalid markup in com_content showCategories() 1246 # Fixed [artf3688] : Hardcoded text in contact.html.php 1247 # Fixed [artf3664] : Image links gets preceeded by "Live Site" URL after v1.0.8 upgrade 1248 # Fixed [artf3703] : configuration.php-dist has a typo 1249 # Fixed [topic,41404.0.html] : configuration.php-dist missing `;` 1250 1251 1252 -------------------------------------------------------------------------------------- 1253 ---------------- 1.0.8 Stable Released -- [25-Feb-2006 04:00 UTC] ------------------ 1254 1255 This Release Contains following Security Fixes 1256 1257 Medium Level Threat 1258 * Hardening of Remember Me login functionality 1259 * Protect against real server path disclosure via syndication component 1260 * Limit arbitrary file creation via syndication component 1261 * Protect against real server path disclosure in mod_templatechooser 1262 1263 * Disallow `Weblink` item from being accessible when 'unpublished' 1264 * Disallow `Polls` item from being accessible when 'unpublished' 1265 1266 * Disallow `Newfeeds` item from being accessible when category 'unpublished' 1267 * Disallow `Weblinks` item from being accessible when category 'unpublished' 1268 1269 * Disallow `Content` item from being accessible despite section/category 'access level' 1270 * Disallow `Newsfeed` item from being accessible despite category 'access level' 1271 * Disallow `Weblink` item from being accessible despite category 'access level' 1272 1273 * Disallow `Content` item from being visible despite category 'access level' in `Content Section` view - `Blog - Content Section` & `Blog - Content Section Archive` 1274 1275 * Disallow `Content` items from being viewable when category/section 'unpublished' - mod_newsflash 1276 1277 1278 Low Level Threat 1279 * Harden frontend Session ID 1280 * Harden against multiple Admin SQL Injection Vulnerabilities 1281 * Disable ability to enter more than one email address in Contact Component contact form 1282 * Harden Contact Component with param option to check for existance of session cookie - enabled by default 1283 * Addiotnal check for correct Admin session name 1284 1285 * Disallow access to syndication functionality 1286 * Disallow `Newsfeeds` Categories from being accessible when 'unpublished' 1287 * Disallow `Contact` Categories from being accessible when 'unpublished' 1288 * Disallow `Weblink` Categories from being accessible when 'unpublished' 1289 * Disallow `Content Section` from being accessible when section 'unpublished' - `List - Content Section` 1290 * Disallow `Content Category` from being accessible when category/section 'unpublished' - `Table - Content Category` 1291 1292 * Disallow `Contact` Categories from being accessible as per category 'access level' 1293 * Disallow `Newsfeeds` Categories from being accessible as per category 'access level' 1294 * Disallow `Weblinks` Categories from being accessible as per category 'access level' 1295 * Disallow `Content Section` from being accessible as per section 'access level' - `List - Content Section` 1296 * Disallow `Content Category` from being accessible as per section/category 'access level' - `Table - Content Category` 1297 * Disallow `Content Category` from being accessible as per category 'access level' - `Blog - Content Category` & `Blog - Content Category Archive` 1298 1299 * Disallow `Content` item links from being visible as per category/section 'access level' - mod_newsflash, mod_latestnews, mod_mostread 1300 1301 * Disallow Category Search returning items despite section 'access level' & section 'state' 1302 * Disallow Contact Search returning items despite 'access level' & category 'state' 1303 * Disallow Content Search returning items despite section 'access level' 1304 * Disallow Newsfeed Search returnings items despite category 'state' 1305 * Disallow Weblink Search returning items despite category 'state' 1306 1307 -- -- -- -- -- ---- -- ---- -- ---- -- ---- -- ---- -- ---- -- ---- -- ---- -- ---- -- ---- -- -- 1308 1309 1310 25-Feb-2006 Rey Gigataras 1311 # Fixed [topic,40568.0.html] : Conversion of & to & when editing 'new' modules, breaking xhtml compliance 1312 # Fixed [topic,40568.0.html] : Itemid=99999999 visible when navigating polls 1313 # Fixed [artf3630] : Site name printed twice in the popup window title (print, email to friend) 1314 1315 ^ Upgraded to TinyMCE 2.0.4 1316 1317 - Depreciated Admin templates - mambo_admin & mambo_admin_blue 1318 1319 1320 24-Feb-2006 Rey Gigataras 1321 * SECURITY [ Low Level ]: Add check for correct Admin session name 1322 1323 # Fixed HTTP_ACCEPT_ENCODING problems 1324 # Fixed incorrect handling of external links with mossef 1325 1326 ^ Special Flag to allow different login behaviour of site for Production vs online Demo site 1327 1328 1329 23-Feb-2006 Robin Muilwijk 1330 # Fixed [topic,39449.0.html] : typo in menu manager 1331 1332 1333 23-Feb-2006 Rey Gigataras 1334 ^ Global Config session life only controls purging of frontend logged in sessions 1335 ^ Guests session separately purged at a hardcoded 900 seconds 1336 1337 1338 22-Feb-2006 Rey Gigataras 1339 # Fixed [artf3591] : Error if unpublish menu item 1340 # Fixed [topic,39295.0.html] : SEF handling of custom .htaccess reconfigured urls 1341 # Fixed [topic,39295.0.html] : mod_login return value incorrectly returning 'index.php?' if coming from site homepage 1342 1343 ^ Frontend Session Tracking cookie uses `Expire at End of Session`, rather than expiry by a set time to resolve issues with incorrect system clocks 1344 1345 1346 21-Feb-2006 Rey Gigataras 1347 * SECURITY [ Medium Level ]: Real server path disclosure in mod_templatechooser 1348 1349 # Fixed [topic,39295.0.html] : Incorrect favicon path in installer 1350 # Fixed [topic,39295.0.html] : Admin logout does not clear/delete session being logged out 1351 1352 ^ Remember Me Cookie amalgamated into a single cookie. 1353 1354 1355 20-Feb-2006 Rey Gigataras 1356 # Fixed [topic,39295.0.html] : error in TinyMCE 2.0.3 (toggle fullscreen mode) 1357 1358 1359 20-Feb-2006 Andrew Eddie 1360 # Fixed filelist param - would always show list entries related to images for default and do not use 1361 1362 1363 19-Feb-2006 Rey Gigataras 1364 # Fixed [topic,36462.0.html] : time check incorrectly being based on local time - rather than server time 1365 # Fixed [topic,39103.0.html] : utf-8 encoded newsfeeds in a ISO-8559-1 site 1366 1367 1368 18-Feb-2006 Rey Gigataras 1369 # Fixed [topic,39101.0.html] : Newsfeeds do not display 1370 1371 ^ PERFORMANCE : General query reduction work 1372 ^ PERFORMANCE : Reduce queries used by search bots to load params 1373 ^ PERFORMANCE : 'editor-xtd' bot group loaded only once - affect = reduction in queries 1374 ^ Refactored session handling code for Admin sessions 1375 1376 + session.gc_maxlifetime setting for Admin Sessions 1377 1378 1379 17-Feb-2006 Rey Gigataras 1380 # Fixed [artf3543] : Rev 2393 Language Manager Error 1381 # Fixed [topic,22061.0.html] : Wrapper Autoheight ability set to off by default, as causes javascript errors when used on sites not on your domain 1382 # Fixed [topic,30542.0.html] : MySQL 5 support in strict mode 1383 # Fixed [artf3605] : Spelling error when saving content 1384 # Fixed [artf3576] : Javascript conflict in mod_wrapper 1385 1386 ^ PERFORMANCE : `dynamic` Itemid checks store previous query results - affect = reduction in queries 1387 ^ PERFORMANCE : `static` Itemid counters now loads only once - affect = reduction in queries 1388 ^ PERFORMANCE : 'content' bot group loaded only once instead of each time content is loaded - affect = reduction in queries 1389 ^ PERFORMANCE : individual 'content' bot query to pull params loaded only once instead of each time content is loaded - affect = reduction in queries 1390 1391 + new Admin Session Life Global Config param, allowing setting of admin session idle logout time 1392 + query debug mode to backend 1393 1394 1395 16-Feb-2006 Rey Gigataras 1396 # Fixed [artf3523] : mosemailcloak issue with mailto params 1397 # Fixed : disable mossef bot from working on mailto links 1398 # Fixed [topic,36637.0.html] : SEF deactivated relative & absolute url handling 1399 # Fixed [topic,36637.0.html] : Session username not correct for those coming from `Remember Me` cookie 1400 1401 + PERFORMANCE : Simple check for all bots to determine whether they should process further 1402 ^ PERFORMANCE : Reduce queries used by bots to load params - mosemailcloak, mosimage, mosloadposition, mospaging - affect = reduction in queries 1403 ^ PERFORMANCE : 'editor-xtd' bot group loaded only when needed - affect = reduction in queries 1404 1405 1406 15-Feb-2006 Rey Gigataras 1407 # Fixed [artf3527] : "New" Content Link and Image Not Present When Category Empty 1408 # Fixed [topic,36462.0.html] : Static Content Start/Finish publishing time is based on server time, not local time 1409 # Fixed : Publisher submission message for frontend content editing/submission 1410 1411 1412 14-Feb-2006 Rey Gigataras 1413 * SECURITY [ Low Level ]: Disable ability to enter more than one email address in Contact Component contact form 1414 1415 # Fixed [artf3144] : NULL values from SQL tables not loaded 1416 # Fixed [topic,31769.0.html] : $access variable conflict com_content 1417 # Fixed [topic,32201.0.html] : mod_related_items urls not xhtml compliant 1418 # Fixed [topic,31185.0.html] : heading in pagination not working 1419 # Fixed [topic,10947.0.html] : Add Prefix check to installer 1420 # Fixed [artf3082] : Template preview *still* not available 1421 # Fixed [artf2925] : mosGetParam has side affects 1422 # Fixed [topic,38017.0.html] : Content -> New -> Cancel 1423 1424 ^ Upgraded TinyMCE to 2.0.3 & TinyMCE GZip Compressor to 1.0.7 1425 1426 1427 13-Feb-2006 Rey Gigataras 1428 * SECURITY [ Medium Level ]: Hardening of Remember Me login functionality 1429 * SECURITY [ Low Level ]: Harden Contact Component with param option to check for existance of session cookie - enabled by default 1430 1431 1432 12-Feb-2006 Rey Gigataras 1433 * SECURITY [ Low Level ]: Multiple Admin SQL Injection Vulnerabilities 1434 * SECURITY [ Low Level ]: Category Search returns items despite section 'access level' & section 'state' 1435 * SECURITY [ Low Level ]: Contact Search returns items despite 'access level' & category 'state' 1436 * SECURITY [ Low Level ]: Content Search returns items despite section 'access level' 1437 * SECURITY [ Low Level ]: Newsfeed Search returns items despite category 'state' 1438 * SECURITY [ Low Level ]: Weblink Search returns items despite category 'state' 1439 1440 # Fixed [artf3391] : Aphostrophes in Category: Edit 1441 # Fixed [artf3291] : Alert() problem 1442 # Fixed [artf3188] : Unnecessary table cell in contact.html.php 1443 # Fixed [artf3121] : css errors in tiny_mce and rhuk_solarflare_ii template 1444 # Fixed [artf3181] : Task routing class 1445 # Fixed [artf3400] : showCalendar does not get value of date 1446 # Fixed [artf3348] : Bold tag overrides css in mod_poll.php 1447 # Fixed [artf3120] : &and & &link not defined in admin.categories.php 1448 # Fixed [artf3446] : Problems with mosimage with caption 1449 # Fixed [artf3100] : Incorrect Response Headers for Missing Pages 1450 # Fixed [artf3220] : Search bug: No way to update referenced search component 1451 # Fixed [artf3438] : RSS Feed Created it not base on the same encoding of the content 1452 # Fixed [artf3108] : Joomla 1.0.7 core SEF bug gives 404 on homepage 1453 # Fixed [artf3169] : RSS feeds does not work with SEF disabled 1454 1455 1456 11-Feb-2006 Rey Gigataras 1457 * SECURITY [ Medium Level ]: Protect against real server path disclosure via syndication component 1458 * SECURITY [ Medium Level ]: Limit arbitrary file creation via syndication component 1459 1460 # Fixed [artf3397] : link to menu and loss of images list 1461 # Fixed [artf3109] : 1.0.7 "The XML page cannot be displayed ERROR" ob_gzhandler issue 1462 # Fixed [artf3447] : TinyMCE and relative urls 1463 # Fixed [artf3183] : Sub-menu items of separators not showing in module menu selection list 1464 # Fixed [artf3103] : $mosConfig_cachepath not used everywhere 1465 # Fixed [artf3114] : mod_related_items outputs nothing 1466 # Fixed [artf3234] : mod_related_items unitialized mosConfig_offset variable 1467 # Fixed [artf3402] : Missing param in module 1468 # Fixed [artf3067] : Reopen: Unhandled fragment identifier with core SEF enabled 1469 # Fixed [topic,31813.0.html] : new .htaccess gives proper 404s [Steve Graham] 1470 1471 + Disable session.use_trans_sid to .htaccess 1472 1473 1474 10-Feb-2006 Rey Gigataras 1475 * SECURITY [ Low Level ]: Harden frontend Session ID 1476 1477 # Fixed [artf3421] : Session cleanup relies on administrator login 1478 # Fixed [artf3307] : Error in code - non critical, but logout setcookie not working 1479 # Fixed [artf3126] : Short open PHP tag in pathway.php 1480 # Fixed [artf3126] : [artf3413] : small problem with variable in xml_domit_lite_parser.php 1481 # Fixed [topic,34620.0.html] : Excessive Joomla Sessions, and AOL Login Problem [Steve Graham] 1482 # Fixed mosWarning() $title error 1483 1484 + New Session Type Global Config param 1485 1486 08-Feb-2006 Rey Gigataras 1487 * SECURITY [ Medium Level ]: # Fixed : `Content` items viewable when category/section 'unpublished' - mod_newsflash 1488 * SECURITY [ Low Level ]: # Fixed : `Content` item links visible despite category/section 'access level' - mod_newsflash, mod_latestnews, mod_mostread 1489 1490 # Fixed [artf3393] : Latestnews doesn't show static content 1491 1492 1493 07-Feb-2006 Robin Muilwijk 1494 # Fixed [artf3328], 1.0.7 EN Installation Typo - Step 1 1495 # Fixed [artf3401] : Spelling errors in two modules 1496 1497 1498 31-Jan-2006 Rey Gigataras 1499 + Additional Contact Component hardening 1500 1501 1502 30-Jan-2006 Rey Gigataras 1503 * SECURITY [ Medium Level ]: # Fixed : `Content` item accessible despite section/category 'access level' 1504 * SECURITY [ Medium Level ]: # Fixed : `Content Section` view `Content` items visible despite category 'access level' - `Blog - Content Section` & `Blog - Content Section Archive` 1505 * SECURITY [ Medium Level ]: # Fixed : `Newsfeed` item accessible despite category 'access level' 1506 * SECURITY [ Medium Level ]: # Fixed : `Weblink` item accessible despite category 'access level' 1507 * SECURITY [ Low Level ]: # Fixed : `Contact` Categories accessible despite category 'access level' 1508 * SECURITY [ Low Level ]: # Fixed : `Newsfeeds` Categories accessible despite category 'access level' 1509 * SECURITY [ Low Level ]: # Fixed : `Weblinks` Categories accessible despite category 'access level' 1510 * SECURITY [ Low Level ]: # Fixed : `Content Category` view accessible despite section/category 'access level' - `Table - Content Category` 1511 * SECURITY [ Low Level ]: # Fixed : `Content Category` view accessible despite category 'access level' - `Blog - Content Category` & `Blog - Content Category Archive` 1512 * SECURITY [ Low Level ]: # Fixed : `Content Section` view accessible despite section 'access level' - `Table - Content Section` 1513 1514 ^ Contact Items display Authorization block text if category 'access level' denies access 1515 ^ Blog pages display Authorization block text if section/category 'access level' denies access 1516 1517 1518 29-Jan-2006 Rey Gigataras 1519 * SECURITY [ Medium Level ]: # Fixed : `Weblinks` item accessible when category 'unpublished' 1520 1521 ^ Blog pages display Authorization block text if section/category being unpublished 1522 1523 1524 25-Jan-2006 Rey Gigataras 1525 * SECURITY [ Low Level ]: # Fixed : No way to disable access to syndication functionality 1526 1527 1528 17-Jan-2006 Rey Gigataras 1529 * SECURITY [ Medium Level ]: # Fixed : `Weblink` item accessible when 'unpublished' 1530 * SECURITY [ Medium Level ]: # Fixed : `Polls` item accessible when 'unpublished' 1531 * SECURITY [ Medium Level ]: # Fixed : `Newfeeds` item accessible when category 'unpublished' 1532 * SECURITY [ Low Level ]: # Fixed : 'unpublished' `Newfeeds` Categories accessible 1533 * SECURITY [ Low Level ]: # Fixed : 'unpublished' `Contact` Categories accessible 1534 * SECURITY [ Low Level ]: # Fixed : 'unpublished' `Weblink` Categories accessible 1535 * SECURITY [ Low Level ]: # Fixed : `Content Section` accessible when section 'unpublished' - `List - Content Section` 1536 * SECURITY [ Low Level ]: # Fixed : `Content Category` view accessible when category/section 'unpublished' - `Table - Content Category` 1537 1538 1539 -------------------------------------------------------------------------------------- 1540 ---------------- 1.0.7 Released -- [15-Jan-2006 20:00 UTC] ------------------ 1541 1542 1543 15-Jan-2006 Rey Gigataras 1544 # Fixed : database password being incorrectly overwritten with a blank 1545 1546 1547 -------------------------------------------------------------------------------------- 1548 ---------------- 1.0.6 Released -- [15-Jan-2006 15:00 UTC] ------------------ 1549 1550 This Release Contains following Security Fixes 1551 1552 Low Level Threat 1553 * Disallow Author from publishing items or changing publish state 1554 * Hardened Contact Component against misuse 1555 * Added simple filtering control ability to Contact Component 1556 * Hardened misuse of Contact Component `email copy` ability when not activated 1557 * Hardened misuse of Contact Component `VCard` ability when not activated 1558 * `VCard` & `Email Copy` options set to hide by default 1559 * Multiple Vulnerabilities in TinyMCE Compressor 1560 * Hardened Itemid against misuse 1561 * Hide database password in Global Configuration 1562 1563 -- -- -- -- -- ---- -- ---- -- ---- -- ---- -- ---- -- ---- -- ---- -- ---- -- ---- -- ---- -- -- 1564 1565 15-Jan-2006 Rey Gigataras 1566 * SECURITY [ Low Level ]: Hide database password in Global Configuration 1567 # Fixed [artf3064] : Warning: Invalid argument supplied mod_fullmenu Line 57 1568 # Fixed [artf3063] : Poll Component Output Display Error 1569 1570 14-Jan-2006 Louis Landry 1571 # Fixed Caching `Blog` pagination problem 1572 1573 14-Jan-2006 Rey Gigataras 1574 * SECURITY [ Low Level ]: disallow Author from publishing items or changing publish state [identified Max Dymond] 1575 # Fixed [artf3055] : Weblink submit, no email to admin 1576 # Fixed [artf3045] : Unhandled fragment identifier with core SEF enabled 1577 # Fixed [artf3032] : 1783: Can't get custom CSS in Tiny MCE 1578 # Fixed [artf3052] : Contact Component Re-Direct Issue 1579 # Fixed [artf3043] : Login & Logout redirecting to $mosConfig_live_site 1580 # Fixed [artf3040] : Site Modules | Display can be duplicated on Pages 1581 # Fixed problem with display mod_rssfeed twice on a page 1582 ^ Contact Component confirmation now uses mosredireect msg, rather than JS 1583 1584 13-Jan-2005 Andrew Eddie 1585 # Fixed bug in database::loadRowList that reutrn assoc and not numerical array 1586 # Fixed bug in index2.php where joomlajavascript.js is not included 1587 1588 13-Jan-2006 Rey Gigataras 1589 * SECURITY [ Low Level ]: + simple filter check to Contact Component 1590 # Fixed [artf3038] : Warning: array_search(): Wrong datatype for second argument in 1591 # Fixed [artf3037] : New 404 tags aren't translated 1592 # Fixed [artf3035] : Bug with mod_newsflash 1593 1594 12-Jan-2006 Alex Kempkens 1595 # Fixed mosFormateDate, handling offset's with value 0 1596 1597 12-Jan-2006 Rey Gigataras 1598 * SECURITY [ Low Level ]: changed `Email Copy` param option for new Contacts now set to `hide` 1599 # Fixed [artf2070] : mosHTML:encoding_converter() breaks with ö 1600 # Fixed missing <li> tag in newsfeed component 1601 # Fixed [artf1487] : Media Manager breaks when illegal characters in uploaded file name 1602 # Fixed [artf2108] : Saving a parent inside of a child 1603 + caching support to `Frontpage` component 1604 + missing param for `Table - Weblink Category` 1605 - sef handling in mod_search.php as SEF 1606 - unnecessary `checked out` check in mod_latestnews.php and mod_mostread.php 1607 - unnecessary param variable in mod_latestnews.php 1608 1609 10-Jan-2006 Rey Gigataras 1610 * SECURITY [ Low Level ]: Fixed [artf2386] : Preventing Spambots through com_contact 1611 # Fixed [artf2622] : admin.users.php session_start called when a session is already open 1612 # Fixed [artf2789] : invalid xhtml 1613 # Fixed [artf2989] : User WYSIWYG editor setting resets after adding new user from backend 1614 # Fixed [artf2986] : Wrong link to image-icon in weblinks 1615 1616 08-Jan-2006 Johan Janssens 1617 * SECURITY [ Low Level ]: Fixed Security Vulnerability in TinyMCE Compressor 1618 1619 08-Jan-2006 Rey Gigataras 1620 * SECURITY [ Low Level ]: Fixed [artf2950] : Information leak with Vcard hide function 1621 * SECURITY [ Low Level ]: changed `VCard` param option for new Contacts now set to `hide` 1622 # Fixed DOMIT bugs [identified by sarahk] http://sarahk.pcpropertymanager.com/blog/using-domit-rss/225/ 1623 # Fixed [artf2793] : New user confirmation link warning on login 1624 # Fixed [artf2732] : Pagination in the Blog section/category doesnt work 1625 # Fixed [artf2943] : Incorrect Redirect for Weblinks 1626 # Fixed [artf2945] : Undefined constant in php_http_exceptions.php 1627 1628 07-Jan-2006 Rey Gigataras 1629 # Fixed [artf2933] : Pathway problem on Windows 1630 1631 06-Jan-2006 Rey Gigataras 1632 ^ changed mod_archive so that no Itemid is assigned, meaning it uses the default Itemid=99999999 1633 # Fixed [artf2738] : Incorrect SEF links for archive com_content links 1634 # Fixed [artf1809] : mospagebreak problem with "Special Characters" 1635 # Fixed [artf2861] : article_seperator glitch 1636 1637 05-Jan-2006 Rey Gigataras 1638 # Fixed [artf2825] : RSS module SEF urls 1639 1640 04-Jan-2006 Rey Gigataras 1641 * SECURITY [ Low Level ]: Fixed [artf2050] : Itemid in index2.php 1642 # Fixed Related items Module shows Expired items - Mambo Tracker [#7590] 1643 # Fixed [artf2185] : Changing weblinks possible for everyone 1644 1645 03-Jan-2006 Andy Miller 1646 ^ Updated copyright information for iCandy Junior icons 1647 1648 03-Jan-2005 Rey Gigataras 1649 # Fixed XHTML validation error in `Blog` view with decmimal value widths 1650 # Fixed XHTML validation error in `Table - Content Category` 1651 # Fixed [artf2791] : RSS item links not SEF'd 1652 # Fixed [artf2791] : RSS items have no category 1653 # Fixed [artf2813] : Media Manager doesn't support ICO files 1654 1655 02-Jan-2006 Rey Gigataras 1656 # Fixed [artf2802] : All content made bold for Rss module published on the frontpage 1657 # Fixed [artf2780] : Newsflash Read More bad link 1658 # Fixed [artf2786] : Newsflash module not picking up "linked title" global setting 1659 # Fixed [artf2810] : 1.0.x changelog incorrectly states release date of 1.0.5 1660 1661 30-Dec-2005 Rey Gigataras 1662 # Fixed `Unlimited` banner impressions option 1663 # Fixed [artf2776] : Multiple banners not possible 1664 # Fixed [artf2788] : admin template css errors 1665 1666 29-Dec-2005 Rey Gigataras 1667 # Fixed [artf2646] : name="" not valid XHTML 1668 # Fixed [artf2747] : title_alias is missing in mambots 1669 # Fixed `Reset Clicks` button not working in admin component `Banner Manager` 1670 # Fixed [artf2712] : Clicks reset on save 1671 1672 29-Dec-2005 Andrew Eddie 1673 ^ SEF error handling throws to new /templates/404.php file 1674 # Rolled back changes to database::insertObject 1675 + New prototype MySQL 5 driver 1676 1677 24-Dec-2005 Emir Sakic 1678 # Fixed a bug with 404 header being returned for homepage when SEF activated 1679 # Fixed a bug with all items on frontpage returning Itemid=1 (duplicate content) 1680 1681 1682 -------------------------------------------------------------------------------------- 1683 ---------------- 1.0.5 Released -- [24-Dec-2005 10:00 UTC] ------------------ 1684 1685 1686 This Release Contains following Security Fixes 1687 1688 Medium Level Threats 1689 * Hardened ability to use the contact component to proliferate spam 1690 1691 -- -- -- -- -- ---- -- ---- -- ---- -- ---- -- ---- -- ---- -- ---- -- ---- -- ---- -- ---- -- -- 1692 1693 21-Dec-2005 Andrew Eddie 1694 # Fixed slow query in com_content (Author text in a content item is now set to Written By) 1695 # Fixed bug in backend poll entry with ' is in option name 1696 # Fixed bug where content modified date is not updated on a bluck publish/archive operation 1697 + Added TEMPLATEURL to patTemplate preloaded variables 1698 ^ patTemplate Translate now recognises 1.0 version language constants 1699 1700 20-Dec-2005 Emir Sakic 1701 # Fixed [artf2432] : Apostrophe in paths isn't escaped properly 1702 1703 20-Dec-2005 Johan Janssens 1704 # Fixed [artf2389] : gzip compression not operational 1705 # Fixed [artf2599] : loosing Itemid afet submitting "ask for new password" 1706 # Fixed [artf1712] : Search Mambots return duplicate results 1707 # Fixed [artf2534] : Template chooser no longer able to manage SEF urls / XHTML validation 1708 # Fixed [artf1410] : 'Special' access menu locks out 'public' menu's articles "read more" content 1709 # Fixed [artf2595] : Deleted "mass mail" item menu in component menu 1710 # Fixed [artf2518] : mod_latestnews problem 1711 # Fixed [artf2591] : mosMakePath problem with mkdir on strato 1712 # Fixed [artf2665] : Most Read module generates incorrect class for <li> statement 1713 # Fixed [artf2666] : Pagination Error in Category Manager 1714 # Fixed [artf2407] : parameter type=mos_category show only "- Select Content Category -" 1715 1716 16-Dec-2005 Andy Miller 1717 # Fixed mod_whosonline not rendering list properly 1718 1719 07-Dec-2005 Andrew Eddie 1720 + Added database::getAffectedRows to db connectors 1721 1722 10-Dec-2005 Emir Sakic 1723 # Fixed [artf2517] : "Cancel" the editing of content after "apply" not possible 1724 1725 09-Dec-2005 Emir Sakic 1726 # Fixed [artf2324] : SEF for components assumes option is always first part of query 1727 # Fixed [artf1955] : Search results bug 1728 1729 07-Dec-2005 Andrew Eddie 1730 # Fixed unitialised array in mosHTML::MenuSelect method 1731 + Added mosBackTrace debugging function 1732 # Fixed bug in mosDBTable::load where null table values don't overwrite properly 1733 1734 07-Dec-2005 Johan Janssens 1735 # Fixed [artf2430] : invalid values in tabpane.css 1736 # Fixed [artf2457] : VCard bug IS a bug 1737 # Fixed [artf2218] : RSS Newsfeed module generates wrong rendering output 1738 # Fixed [artf2453] : Random Image Module 1739 # Fixed [artf2251] : Poll title error 1740 # Fixed [artf2393] : Original editor cannot open content item if checked out 1741 # Fixed [artf2323] : overlib_hideform_mini.js parse error 1742 # Fixed [artf2248] : Incorrect hits count on multipage articles 1743 # Fixed [artf2342] : getBlogCategoryCount 1744 # Fixed [artf2464] : Contacts Component image path error 1745 # Fixed [artf2404] : Contact detail html bug 1746 ^ Replaced install.png with transparent image - contributed by joomlashack 1747 # Fixed [artf2245] : RSS not showing enclosure tags 1748 # Fixed [artf2247] : RSS newsfeed on Frontend missing link 1749 # Fixed bug in Domit lite parser 1750 # Fixed mosMail() is missing "ReplyTo:" field to avoid anti-spam rules (SPF) 1751 # Fixed Small typo in mosBindArrayToObject 1752 1753 06-Dec-2005 Alex Kempkens 1754 # Fixed [artf2434]: Typo in database.php checkout function line 1050 1755 # Fixed [artf2398] : Parameter Text Area field name 1756 1757 06-Dec-2005 Johan Janssens 1758 # Fixed [artf2418] : Banners Client Manager Next Page Issue: Joomla 1.04 1759 # Fixed [artf2156] : memory exhastion error in joomla.xml.php 1760 # Fixed [artf2378] : mosCommonHTML::CheckedOutProcessing not checking if the current user 1761 has checked out the document 1762 # Fixed [artf1948] : Pagination problem still exists 1763 ^ Upgraded TinyMCE Compressor [1.0.4] 1764 ^ Upgraded TinyMCE [2.0.1] 1765 1766 01-Dec-2005 Andrew Eddie 1767 # Fixed nullDate error in mosDBTable::checkin method 1768 # Removed $migrate global in mosDBTable::store method 1769 # Fixed some MySQL 5 issues (still very unreliable) 1770 + Component may force frontend application to include joomla.javascript.js by: 1771 $mainframe->set( 'joomlaJavascript', 1 ); 1772 1773 01-Dec-2005 Andrew Eddie 1774 # Fixed limit error in sections search bot 1775 # Bug in gacl_api::add_group query [c/o Mambo bug #8199] 1776 # Search highlighting fails when a "?" is entered [c/o Mambo bug #8260] 1777 1778 30-Nov-2005 Emir Sakic 1779 + Added 404 handling for missing content and components 1780 + Added 404 handling to SEF for unknown files 1781 1782 30-Nov-2005 Andrew Eddie 1783 # Site templates allowed to have custom index2.php (fixes problems where custom code is required in index2) 1784 1785 29-Nov-2005 Andrew Eddie 1786 # Fixed [artf2258] : Parameter tooltips missing in 1.0.4 1787 1788 28-Nov-2005 Andrew Eddie 1789 # Fixed [artf2329] : mosMainFrame::getBasePath refers to non-existant JFile class. 1790 # Fixed [artf2246] : Error in frontend.html.php 1791 # Fixed [artf2190] : mod_poll.php modification 1792 # Fixed [artf2292] : [WITH FIX] Sql query missing hits 1793 1794 24-Nov-2005 Emir Sakic 1795 # Fixed [artf2225] : Email / Print redirects to homepage 1796 # Fixed [artf1705] : Not same URL for same item : duplicate content 1797 1798 23-Nov-2005 Johan Janssens 1799 # Fixed : Content Finish Publishing & not authorized 1800 1801 22-Nov-2005 Marko Schmuck 1802 # Fixed [artf2240] : 1.0.4 URL encoding entire frontend? 1803 # Fixed [artf2222] : ampReplace in content.html.php 1804 + Versioncheck for new_link parameter for mysql_connect. 1805 1806 22-Nov-2005 Levis Bisson 1807 # Fixed [artf2221] : 1.0.4: includes/database.php faulty on PHP < 4.2.0 1808 # Fixed [artf2219] : Bug in pageNavigation.php - added "if not define _PN_LT or _PN_RT" 1809 1810 22-Nov-2005 Johan Janssens 1811 # Fixed [artf2224] : Problem with Media Manager 1812 # Fixed : Can't create new folders in media manager 1813 1814 1815 -------------------------------------------------------------------------------------- 1816 ---------------- 1.0.4 Released -- [21-Nov-2005 10:00 UTC] ------------------ 1817 1818 1819 This Release Contains following Security Fixes 1820 1821 Critical Level Threat 1822 * Potentional XSS injection through GET and other variables 1823 * Hardened SEF against XSS injection 1824 1825 Low Level Threat 1826 * Potential SQL injection in Polls modules through the Itemid variable 1827 * Potential SQL injection in several methods in mosDBTable class 1828 * Potential misuse of Media component file management functions 1829 * Add search limit param (default of 50) to `Search` Mambots to prevent search flooding 1830 1831 -- -- -- -- -- ---- -- ---- -- ---- -- ---- -- ---- -- ---- -- ---- -- ---- -- ---- -- ---- -- -- 1832 1833 20-Nov-2005 Levis Bisson 1834 # Fixed Artifact [artf1967] displays with an escaped apostrophe in both title and TOC. 1835 1836 20-Nov-2005 Emir Sakic 1837 * SECURITY [ Critical Level ]: Hardened SEF against XSS injection 1838 1839 19-Nov-2005 Levis Bisson 1840 # replaced charset=utf-8 to charset=iso-8859-1 in language file 1841 1842 19-Nov-2005 Andrew Eddie 1843 * SECURITY [ Critical Level ]: Fixed XSS injection of global variable through the _GET array 1844 1845 17-Nov-2005 Johan Janssens 1846 ^ Replaced install.png with new image 1847 - Reverted [artf2139] : admin menu xhtml 1848 + Added clone function for PHP5 backwards compatibility 1849 1850 16-Nov-2005 Rey Gigataras 1851 # Fixed [artf2137] : editorArea xhtml 1852 # Fixed [artf2139] : admin menu xhtml 1853 # Fixed [artf2136] : Admin menubar valid xhtml 1854 # Fixed [artf2135] : Admin invalid xhtml 1855 # Fixed [artf2140] : mosMenuBar::publishList 1856 # Fixed [artf2027] : uploading images from custom component 1857 1858 13-Nov-2005 Rey Gigataras 1859 # PERFORMANCE: Fixed [artf1993] : Inefficient queries in com_content 1860 # Fixed [artf2021] : [artf1791] : Failed Login results in redirect to referring page 1861 # Fixed [artf2021] : appendMetaTag() prepends instead of appends 1862 # Fixed [artf1981] : incorrect url's at next/previous links at content items 1863 # Fixed [artf2079] : SQL error in category manager thru contact manager 1864 # Fixed [artf1586] : .htaccess - RewriteEngine problem 1865 # Fixed [artf1976] : Check for custom icon in mod_quickicon.php 1866 1867 11-Nov-2005 Andy Miller 1868 # Fixed issue with RSS module not displaying inside module rendering wrapper 1869 1870 10-Nov-2005 Rey Gigataras 1871 # Fixed contact component dropdown select category bug 1872 1873 07-Nov-2005 Rey Gigataras 1874 # Fixed mod_quickicon `redeclaration of function` error possibilities 1875 1876 07-Nov-2005 Johan Janssens 1877 # Fixed [artf1648] : tinyMCE BR and P elements 1878 # Fixed [artf1700] : TinyMCE doesn't support relative URL's for images 1879 1880 07-Nov-2005 Andrew Eddie 1881 * SECURITY [ Low Level ]: Fixed [artf1978] : mod_poll SQL Injection Vulnerability 1882 * SECURITY [ Low Level ]: Fixed SQL injection possibility in several mosDBTable methods 1883 * SECURITY [ Low Level ]: Fixed malicious injection into filename variables in com_media 1884 ^ mosDBTable::publish_array renamed to publish 1885 ^ mosDBTable::save no longer updates the ordering (must now be done separately) 1886 1887 06-Nov-2005 Rey Gigataras 1888 * SECURITY [ Low Level ]: Add search limit param (default of 50) to `Search` Mambots to prevent search flooding 1889 # Fixed custom() & customX() functions in menu.html.php no checking for image in /administrator/images/ 1890 1891 04-Nov-2005 Rey Gigataras 1892 # Fixed [artf1953] : Page Class Suffix in Contacts component 1893 # Fixed [artf1945] : mosToolTip not generating valid xhtml 1894 1895 03-Nov-2005 Rey Gigataras 1896 + modduleclass_sfx support to mod_poll 1897 # Fixed [artf1902] : Incorrect number of table cells in mod_poll 1898 1899 03-Nov-2005 Samuel Moffatt 1900 # Fixed bug which prevented component uninstall if another XML file was in the directory 1901 1902 01-Nov-2005 Rey Gigataras 1903 # Fixed [artf1888] : linkable [category|section] URL incorrect 1904 # Fixed [artf1620] : Hardcoded words in pdf.php 1905 # Fixed [artf1887] : Content: Bug in creation date generation 1906 1907 31-Oct-2005 Johan Janssens 1908 # Fixed [artf1277] : News Feed Display Bad Accent character 1909 1910 31-Oct-2005 Rey Gigataras 1911 # Fixed [artf1739] : Problem with the menuitem type url and assigned templates and modules 1912 # Fixed [artf1574] : Who is online after update to Joomla 1.0.3 no more work correctly 1913 # Fixed [artf1666] : Notice: on component installation 1914 # Fixed [artf1573] : Manage Banners | Error in Field Name 1915 # Fixed [artf1597] : Small bug in loadAssocList function in database.php 1916 # Fixed [artf1832] : Logout problem 1917 # Fixed [artf1769] : Undefined index: 2 in includes/joomla.php on line 2721 1918 # Fixed [artf1749] : Email-to-friend is NOT actually from friend 1919 # Fixed [artf1591] : page is expired at installation 1920 # Fixed [artf1851] : 1.0.2 copy content has error 1921 # Fixed [artf1569] : Display of mouseover in IE gives a problem with a dropdown-box 1922 # Fixed [artf1869] : Poll produces MySQL-Error when accessed via Component Link 1923 # Fixed [artf1694] : 1.0.3 undefined indexes filter_sectionid and catid on "Add New Content" 1924 # Fixed [artf1834] : English Localisation 1925 # Fixed [artf1771] : Wrong mosmsg 1926 # Fixed [artf1792] : "Receive Submission Emails" label is misleading 1927 # Fixed [artf1770] : Undefined index: HTTP_USER_AGENT 1928 1929 30-Oct-2005 Rey Gigataras 1930 ^ Upgraded TinyMCE Compressor [1.02] 1931 ^ Upgraded TinyMCE [2.0 RC4] 1932 1933 27-Oct-2005 Johan Janssens 1934 # Fixed [artf1671] : Media Manager 1935 # Fixed [artf1814] : Tab Class wrong 1936 # Fixed [artf1086] : Icons at the control panel fall apart 1937 1938 26-Oct-2005 Samuel Moffatt 1939 # Fixed bug where a new database object with the same username, password and host but different database name would kill Joomla! 1940 1941 25-Oct-2005 Johan Janssens 1942 # Fixed [artf1733] : $contact->id used instead of $Itemid 1943 # Fixed [artf1654] : base url above title tag 1944 # Fixed [artf1738] : Registration - javascript alert 1945 1946 23-Oct-2005 Rey Gigataras 1947 # Fixed [artf1695] : Show Empty Categories in Section does not work 1948 # Fixed [artf1710] : Unnecessary queries (optimization) 1949 # Fixed [artf1711] : Missing whitespace in search results 1950 # Fixed [artf1706] : Mambo logo not removed from admin images 1951 # Fixed [artf1708] : Search CMT: Hardcoded date format 1952 # Fixed [artf1689] : Joomla! Installer - Wording still not correct 1953 # Fixed [artf1692] : email and print buttons (maybe also the PDF) does not validate 1954 1955 19-Oct-2005 Andrew Eddie 1956 # Fixed missing autoclear in "list-item" stock template 1957 1958 19-Oct-2005 Rey Gigataras 1959 # Fixed [artf1577] : MenuLink Blog section error 1960 1961 19-Oct-2005 Levis Bisson 1962 Applyed Feature Requests: 1963 ^ Artifact [artf1282] : Easier sorting of static content in creating menu links 1964 ^ Artifact [artf1162] : Remove hardcoding of <<, <, > and >> in pageNavigation.php 1965 1966 1967 -------------------------------------------------------------------------------------- 1968 ---------------- 1.0.3 Released -- [14-Oct-2005 10:00 UTC] ------------------ 1969 1970 1971 Contains following Security Fixes 1972 Medium Level Threat 1973 * Fixed SQL injection bug in content submission (thanks Dead Krolik) 1974 1975 Low Level Threat 1976 * Fixed securitybug in admin.content.html.php when 2 logged in and try to edit the same content 1977 * Fixed Search Component flooding, by limiting searching to between 3 and 20 characters 1978 * Fixed [artf1405] : Joomla shows Items to unauthorized users 1979 1980 -- -- -- -- -- ---- -- ---- -- ---- -- ---- -- ---- -- ---- -- ---- -- ---- -- ---- -- ---- -- -- 1981 1982 14-Oct-2005 Rey Gigataras 1983 # Fixed edit icon not showing on frontpage 1984 # Fixed [artf1553] : database.php fails to pass resource id into mysql_get_server_info() call 1985 # Fixed [artf1560] : Install1.php doesn't enforce rule against old_ table prefix 1986 1987 13-Oct-2005 Andy Miller 1988 # Fixed [artf1504] : rhuk_solarflare_ii Template | Menus with " not displaying correctly 1989 1990 13-Oct-2005 Rey Gigataras 1991 # Fixed duplicated module creation in install 1992 # Fixed XHTML issue in rss feed module 1993 # Fixed XHTML issue in com_search 1994 # Fixed [artf1550] : Properly SEFify com_registration links 1995 # Fixed [artf1533] : rhuk_solarflare_ii 2.2 active_menu 1996 # Fixed [artf1354] : Can't create new user 1997 # Fixed [artf1433] : Images in Templates 1998 # Fixed [artf1531] : RSS Feed showing wrong livesite URL 1999 2000 12-Oct-2005 Marko Schmuck 2001 * SECURITY [ Low Level ]: Fixed security bug in admin.content.html.php when 2 logged in and try to edit the same content 2002 2003 12-Oct-2005 Johan Janssens 2004 # Fixed [artf1266] : gzip compression conflict 2005 # Fixed [artf1453] : Weblink item missing approved parameter 2006 # Fixed [artf1452] : Error deleting Language file 2007 # Fixed [artf1373] : Pagination error 2008 2009 12-Oct-2005 Rey Gigataras 2010 ^ Core now automatically calculates the offset between yourself and the server 2011 # Fixed bug in Global Config param `Time Offset` 2012 # Fixed [artf1414] : Missing images in HTML_toolbar 2013 # Fixed [artf1513] : PDF format does not work at version 1.0.2 2014 2015 11-Oct-2005 Rey Gigataras 2016 * SECURITY [ Low Level ]: Fixed Search Component flooding, by limiting searching to between 3 and 20 characters 2017 ^ Blog - Content Category Archive will no longer show dropdown selector when coming from Archive Module 2018 # Fixed [artf1470] : Archives not working in the front end 2019 # Fixed [artf1495] : Frontend Archive blog display 2020 # Fixed [artf1364] : TinyMCE loads wrong template styles 2021 # Fixed [artf1494] : Template fault in offline preview 2022 # Fixed [artf1497] : mosemailcloak adds trailing space 2023 # Fixed [artf1493] : mod_whosonline.php 2024 2025 09-Oct-2005 Rey Gigataras 2026 * SECURITY [ Medium Level ]: Fixed SQL injection bug in content submission 2027 * SECURITY [ Low Level ]: Fixed [artf1405] : Joomla shows Items to unauthorized users 2028 # Fixed [artf1454] : After update email_cloacking bot is always on 2029 # Fixed [artf1447] : Bug in mosloadposition mambot 2030 # Fixed [artf1483] : SEF default .htaccess file settings are too lax 2031 # Fixed [artf1480] : Administrator type user can loggof Super Adminstrator 2032 # Fixed [artf1422] : PDF Icon is set to on when it should be off 2033 # Fixed [artf1476] : Error at "number of Trashed Items" in sections 2034 # Fixed [artf1415] : Wrong image in editList() function of mosToolBar class 2035 2036 08-Oct-2005 Johan Janssens 2037 # Fixed [artf1384] : tinyMCE doesnt save converted entities 2038 2039 07-Oct-2005 Andy Miller 2040 # Fixed tabpane css font issue 2041 2042 07-Oct-2005 Johan Janssens 2043 # Fixed [artf1421] : unneeded file includes\domit\testing_domit.php 2044 2045 07-Oct-2005 Andy Stewart 2046 # Fixed [artf1382] : Added installation check to ensure "//" is not generated via PHP_SELF 2047 # Fixed [artf1439] : Used correct ErrorMsg function and updated javascript redirect to remove POSTDATA message 2048 # Fixed [artf1400] : Added a check of $other within com_categories to skip section exists check if set to "other" 2049 2050 05-Oct-2005 Robin Muilwijk 2051 # Fixed [artf1366] : Typo in admin, Adding a new menu item - Blog Content Category 2052 2053 2054 -------------------------------------------------------------------------------------- 2055 ---------------- 1.0.2 Released -- [02-Oct-2005 16:00 UTC] ------------------ 2056 2057 2058 02-Oct-2005 Rey Gigataras 2059 ^ Added check to mosCommonHTML::loadOverlib(); function that will stop it from being loaded twice on a page 2060 # Fixed Content display not honouring Section or Category publish state 2061 # Fixed [artf1344] : Link to menu shows wrong menu type 2062 # Fixed [artf1189] : Long menu names get truncated, duplicate menus made 2063 # Fixed [artf1192] : Unpublished Bots 2064 # Fixed [artf1223] : Error with Edit items in categories and sections 2065 # Fixed [artf1219] : Joomla Component Module displays Error! 2066 # Fixed [artf1183] : Section module: Still "no items to display" 2067 # Fixed [artf1241] : Editing content fails with MySQL 5.0.12b 2068 # Fixed [artf1306] : modules - parameters of type text not stored correctly 2069 2070 01-Oct-2005 Andy Miller 2071 # Fixed base href in Content Preview for broken images 2072 2073 01-Oct-2005 Johan Janssens 2074 ^ Updated TinyMCE editor to version RC 3 2075 # Fixed [artf1221] : Unable to Submit Content (still not working post-patch) 2076 # Fixed [artf1108] : Tooltips on mouseover causes parameter panel to widen 2077 # Fixed [artf1217] : WYSIWYG-Editor and mospagebreak with 2 parameters 2078 2079 01-Oct-2005 Andy Stewart 2080 # Fixed [artf1305] - Added a check within mosimage mambot for introtext being hidden 2081 # Fixes [artf1343] - Removed xml declaration at top of gpl.html 2082 2083 01-Oct-2005 Arno Zijlstra 2084 ^ Changed OSM banner 2 a little to show banner changing 2085 2086 01-Oct-2005 Levis Bisson 2087 # Fixed [artf1311] : Banners not showing / returning PHP error 2088 # Fixed [artf1319] : Banners not showing in frontend / admin 2089 2090 30-Sep-2005 Andy Miller 2091 # Fixed poor rendering of fieldset with solarflare2 2092 ^ Updated solarflare2 template with new colors and logos 2093 ^ Moved modules to divs, and shuffled pathway to give more button room 2094 ^ Updated favicon and other Joomla! logos for admin 2095 # Fixed alignment of footer in admin for safari/opera 2096 2097 30-Sep-2005 Andy Stewart 2098 + Updated installation routine to recognise port numbers other than 80 2099 # Fixed [artf1293] : added $op=mosGetParam so sendmail is called when running globals.php-off 2100 2101 30-Sep-2005 Rey Gigataras 2102 ^ Module Manager `position` dropdown ordering alphabetically 2103 ^ Ability to Hide feed title for `New` modules used to display feeds 2104 ^ Content Items `New` button sensitive to dropdown filters 2105 # Fixed Seach Module not using Itemid of existng `Seach` component menu item 2106 # Fixed `Link to Menu` problem with Sections menu ordering 2107 # Fixed `Link to Menu` problem with Category = `Content Category` 2108 # Fixed [artf1300] : PDF shows Author name despite setting content item 2109 2110 30-Sep-2005 Levis Bisson 2111 + Added UTF-8 support 2112 # Fixed tooltips empty links 2113 # Fixed [artf1265] : url in 'edit-menue-item' of submenues is wrong 2114 # Fixed [artf1277] : News Feed Display Bad Accent character 2115 2116 29-Sep-2005 Arno Zijlstra 2117 # Fixed publish/unpublish select check in contacts 2118 2119 29-Sep-2005 Rey Gigataras 2120 # Fixed [artf1276] : tiny mce background 2121 # Fixed [artf1281] : Bad name of XML file 2122 # Fixed [artf1180] : Call-by-reference warning when editing menu 2123 # Fixed [artf1188] : includes/vcard.class.php uses short open tags 2124 2125 29-Sep-2005 Levis Bisson 2126 # Fixed [artf1274] : Module display bug when using register/forgot password links 2127 # Fixed [artf1238] : header("Location: $url")- some servers require an absolute URI 2128 2129 28-Sep-2005 Levis Bisson 2130 # Fixed [artf1250] : Order is no use when many pages 2131 # Fixed [artf1254] : Unable to delete when count > 1 2132 # Fixed [artf1248] : Invalid argument supplied for 3P modules 2133 2134 27-Sep-2005 Arno Zijlstra 2135 # Fixed [artf1253] : Apply button image path 2136 # Fixed [artf1240] : WITH FIX: banners component - undefined var task 2137 # Fixed [artf1242] : Problem with "Who's online" 2138 # Fixed [artf1218] : 'Search' does not include weblinks? 2139 2140 25-Sep-2005 Emir Sakic 2141 # Fixed [artf1185] : globals.php-off breaks pathway 2142 # Fixed [artf1196] : undefined constant categoryid 2143 # Fixed [artf1216] : madeyourweb no </head> TAG 2144 2145 24-Sep-2005 Rey Gigataras 2146 ^ [artf1214] : pastarchives.jpg seems unintuitive. 2147 2148 22-Sep-2005 Rey Gigataras 2149 + Added Version Information to bottom of joomla_admin template, with link to 'Joomla! 1.0.x Series Information' 2150 # Fixed [artf1175] : Create catagory with selection of Section 2151 # Fixed [artf1179] : Custom RSS Newsfeed Module has nested <TR> 2152 2153 2154 -------------------------------------------------------------------------------------- 2155 ---------------- 1.0.1 Released -- [21-Sep-2005 16:30 UTC] ------------------ 2156 2157 2158 21-Sep-2005 Rey Gigataras 2159 # Fixed [artf1157] : Section module: Content not displayed, wrong header 2160 # Fixed [artf1159] : Can't cancel "Submit - Content" menu item type form 2161 # Fixed [artf1172] : "Help" link in Administration links to Mamboserver.com 2162 # Fixed [artf1171] : mod_related_items shows all items twice 2163 # Fixed [artf1167] : Component - Search 2164 # Fixed [RC] incorrect redirect when cancelling from Frontend 'Submit - Content' 2165 # Fixed undefined variable in Trash Manager 2166 # Fixed [RC] `Trash` button when no item selected 2167 # Fixed [RC] `New` Menu Item Type `Next` button bug 2168 2169 20-Sep-2005 Levis Bisson 2170 ^ added a chmod to the install unlink function 2171 # Fixed [artf1150] : the created_by on initial creation of Static Content Item 2172 2173 20-Sep-2005 Marko Schmuck 2174 ^ Changed Time Offsets to hardcoded list with country/city names 2175 2176 20-Sep-2005 Rey Gigataras 2177 # Fixed /installation/ folder check 2178 # Fixed [artf1153] : Quote appears in com_poll error 2179 # Fixed [artf1151] : empty span 2180 # Fixed [artf1089] : multile select image insert reverses list order 2181 # Fixed [artf1138] : Joomla allows creation of double used username 2182 # Fixed [artf1133] : There is no install request to make /mambot/editor writeable 2183 2184 19-Sep-2005 Andrew Eddie 2185 # Fixed incorrect js function in patTemplate sticky and ordering templates/links 2186 2187 19-Sep-2005 Rey Gigataras 2188 ^ Changed Overlib styling when creating new menu items 2189 ^ Additional Overlib info for non-image files and directories 2190 ^ 'Cancel' button for Media Manager 2191 ^ Option to run TinyMCE in compressed mode - off by default 2192 # Fixed [artf1111] : mosShowHead and the order of headers 2193 # Fixed [artf1117] : database.php - bcc 2194 # Fixed [artf1114] : database.php _nullDate 2195 # Fixed TinyMCE errors caused by use of compressed tinymce_gzip.php [[artf1088]||[artf1034]||[artf1090]||[artf1044]] 2196 # Installed Editor Mambots are now published by default 2197 # Fixed error in RSS module 2198 # Fixed [artf1106] : Default Editor Will Not Take Codes Like Java Script 2199 # Fixed delete file in Media Manager 2200 2201 18-Sep-2005 Arno Zijlstra 2202 # Fixed [artf1084] : <br> stays in empty content 2203 # Fixed [artf1101]: Typo in Global Config 2204 2205 18-Sep-2005 Andrew Eddie 2206 # Fixed issues in patTemplate Translate Function and Modifier 2207 # Fixed issue with patTemplate variable for Tabs graphics 2208 2209 18-Sep-2005 Rey Gigataras 2210 # Fixed [artf1046] : Menu Manager Item Publishing 2211 # Fixed [artf1036] : newsflash error when logged in in frontend 2212 # Fixed [artf1033] : madeyourweb template logo path 2213 # Fixed [artf1039] : & to & translation in menu and contenttitle 2214 # Fixed PHP5 passed by reference error in admin.content.php 2215 # Fixed [artf1068] : live bookmark link is wrong 2216 # Fixed [artf1030] : Bug Joomla 1.0.0 Stable (un)publishing News Feeds 2217 # Fixed [artf1048] : Custom Module Bug 2218 # Fixed [artf1080] : Joomla! Installer 2219 # Fixed [artf1050] : error in sql - database update 2220 # Fixed [artf1081] : com_categories can't edit category when clicking hyperlink 2221 # Fixed [artf1053] : Can not unassign template 2222 # Fixed [artf1079] : com_weblinks can't edit links 2223 # Fixed [artf1029] : Site -> Global Configuration = greyed out top menu 2224 # Fixed [artf1064] : Deletion of Modules and Fix 2225 # Fixed [artf1052] : Double Installer Locations 2226 # Fixed [artf1051] : Copyright bumped to the right of the site 2227 # Fixed [artf1059] : component editor bug 2228 # Fixed [artf1041] : mod_mainmenu.xml: escape character for apostrophe missing 2229 # Fixed [artf1040] : category manager not in content-menu 2230 2231 17-Sep-2005 Levis Bisson 2232 # Fixed [artf1037]: Media Manager not uploading 2233 # Fixed [artf1025]: Registration admin notification 2234 # Fixed [artf1043]: Template Chooser doesn't work 2235 # Fixed [artf1042]: Template Chooser shows rogue entry 2236 2237 2238 -------------------------------------------------------------------------------------- 2239 ---------------- 1.0.0 Released -- [17-Sep-2005 00:30 UTC] ------------------ 2240 2241 2242 Contains following Security Fixes 2243 Medium Level Threat 2244 * Fixed SQL injection bugs in user activation (thanks Enno Klasing) 2245 2246 Low Level Threat 2247 * Fixed [#6775] Display of static content without Itemid 2248 2249 -- -- -- -- -- ---- -- ---- -- ---- -- ---- -- ---- -- ---- -- ---- -- ---- -- ---- -- ---- -- -- 2250 2251 16-Sep-2005 Andrew Eddie 2252 # Fixed: 1014 : & amp ; in pathway 2253 # Fixed: Missing space in mosimage IMG tags 2254 # Fixed: Incomplete function call - mysql_insert_id() 2255 + Added nullDate handling to database class 2256 + Added database::NameQuote function for quoting field names 2257 # Fixed: com_checkin to properly use database class 2258 # Fixed: Missed stripslashes in`global configuration - site` 2259 + Added admin menu item to clear all caches (for 3rd party addons) 2260 2261 16-Sep-2005 Emir Sakic 2262 # Fixed sorting by author on frontend category listing 2263 + Added time offset to copyright year in footer 2264 # Fixed spelling in sam 2265 # Reflected some file name changes in installer CHMOD 2266 # Fixed bugs in paged search component 2267 2268 16-Sep-2005 Alex Kempkens 2269 + template contest winner 'MadeYourWeb' added 2270 2271 16-Sep-2005 Rey Gigataras 2272 + Pagination Support for Search Component 2273 ^ Ordering of Toolbar Icons/buttons now more consistent 2274 ^ Frontend Edit, status info moved to an overlib 2275 ^ Search Component converted to GET method 2276 # Fixed [artf1018] : Warning Backend Statistic 2277 # Fixed [artf1016] : Notice: RSS undefined constant 2278 # Fixed [artf1020] : Hide mosimages in blogview doesn't work 2279 # Various Search Component Fixes 2280 # Fixed Search Component not honouring Show/Hide Date Global Config setting 2281 # Fixed [#6668] No static content edit icon for frontend logged in author 2282 # Fixed [#6710] `Link to menu` function from components Category not working 2283 # Fixed [#7011] Subtle bug in saveUser() - admin.users.php 2284 # Fixed [#7120] Articles with `publish_up` today after noon are shown with status `pending` 2285 # Fixed [#6669] mosmail BCC not working, send as CC 2286 # Fixed [#7422] Weblink submission emails 2287 # Fixed [#7196] mosRedirect and Input Filter CGI Error 2288 # Fixed [#6814] com_wrapper Iframe Name tag / relative url modifications 2289 # Fixed [#6844] rss version is wrong in the Live Bookmark feeds 2290 # Fixed [#7120] Articles with `publish_up` today after noon are shown with status `pending` 2291 # Fixed [#7161] Apparently unncessary code in sendNewPass - registration.php 2292 2293 15-Sep-2005 Andy Miller 2294 ^ Fixed some width issues with Admin template in IE 2295 ^ Fixed some UI issues with Banners Component 2296 ^ Added a default header image for components that don't specify one 2297 2298 15-Sep-2005 Andrew Eddie 2299 - Removed unused globals from joomla.php 2300 + Added mosAbstractLog class 2301 2302 15-Sep-2005 Rey Gigataras 2303 + added `Apply` button to frontend Content editing 2304 ^ Added publish date to syndicated feeds output [credit: gharding] 2305 ^ Added RSS Enclosure support to feedcreator [credit: Joseph L. LeBlanc] 2306 ^ Added Google Sitemap support to feedcreator 2307 ^ Modified layout of Media Manager 2308 ^ Added Media Manager support for XCF, ODG, ODT, ODS, ODP file formats 2309 # Fixed use of 302 redirect instead of 301 2310 # Content frontend `Save` Content redirects to full content view 2311 # Fixed Wrapper auto-height problem 2312 # Queries cleaned of incorrect encapsulation of integer values 2313 # Fixed Login Component redirection [credit: David Gal] 2314 2315 15-Sep-2005 Arno Zijlstra 2316 ^ changed tab images to fit new color 2317 ^ changed overlib colors 2318 2319 14-Sep-2005 Rey Gigataras 2320 ^ Ugraded TinyMCE [2.0 RC2] 2321 ^ Param tip style change to dashed underline 2322 # Queries cleaned of incorrect encapsulation of integer values 2323 2324 14-Sep-2005 Andrew Eddie 2325 # Added PHP 5 compatibility functions file_put_contents and file_get_contents 2326 + Added new version of js calendar 2327 + mosAbstractTasker::setAccessControl method 2328 + mosUser::getUserListFromGroup 2329 + mosParameters::toObject and mosParameters::toArray 2330 2331 13-Sep-2005 Andrew Eddie 2332 ^ Rationalised global configuration handling 2333 # Fixed polls access bug 2334 # Fixed module positions preview to show positions regardless of module count 2335 ^ Modified database:setQuery method to take offset and record limit 2336 + Added alternative version of globals.php that emulates register_globals=off 2337 # Added missing parent_id field from mosCategory class 2338 2339 12-Sep-2005 Rey Gigataras 2340 + Per User Editor selection 2341 # Module styling applied to custom/new modules 2342 # Fixed Agent Browser bug 2343 2344 12-Sep-2005 Andrew Eddie 2345 + New onAfterMainframe event added to site index.php 2346 + Added dtree javascript library 2347 + Added some extra useful toolbar icons 2348 + Added css for fieldsets and legends and some 1.1 admin style formating 2349 + Added mosDBTable::isCheckedOut() method, applied to components 2350 # fixed bug in typedcontent edit - checked out is done before object load and always passes 2351 ^ Updated Help toolbar button to accept component based help files 2352 ^ Updated version class with new methods 2353 + Added support for params file to have <mosparams> root tag 2354 2355 12-Sep-2005 Andy Stewart 2356 # Fixed issue with new content where Categories weren't displayed for sections 2357 2358 12-Sep-2005 Andrew Eddie 2359 ^ Upgrade DOMIT! and DOMIT!RSS (fixes issues in PHP 4.4.x) 2360 + Added database.mysqli.php, a MySQL 4.1.x compatible version 2361 + Added [Check Again] button to installation check screen 2362 ^ Changed web installer to always use the database connector 2363 # Fixed PHP 4.4 issues with new objects returning by reference 2364 2365 11-Sep-2005 Rey Gigataras 2366 + Output Buffering for Admin [pulled from Johan's work in 1.1] 2367 + Loading of WYSIWYG Editor only when `editorArea` is present [pulled from Johan's work in 1.1] 2368 ^ Upgraded JSCookMenu [1.4.3] 2369 ^ Upgraded wz_tooltip [3.34] 2370 ^ Upgraded Overlib [4.21] 2371 ^ editor-xtd mosimage & mospagebreak button hidden on category, section & module pages 2372 # Poll class $this-> bug 2373 # Fixed change creator dropdown to exclude registered users (who do not have author rights) 2374 2375 11-sep-2005 Arno Zijlstra 2376 + Added offlinebar.php 2377 ^ Changed site offline check 2378 ^ Cosmetic change to offline.php 2379 2380 11-Sep-2005 Andrew Eddie 2381 + Added sort up and down icons 2382 + Added mosPageNav::setTemplateVars method 2383 2384 10-Sep-2005 Rey Gigataras 2385 + `Submit - Content` menu type [credit: Jason Murpy] 2386 2387 09-Sep-2005 Andy Miller 2388 ^ made changes to new joomla admin template 2389 ^ changed login lnf to match new admin template 2390 ^ removed border and width, set padding on div.main in admin 2391 ^ changed Force Logout text 2392 2393 09-Sep-2005 Alex Kempkens 2394 ^ changed mosHTML::makeOption to handle different coulmn names 2395 ^ corrected several calls from makeOption in order to become multi lingual compatible 2396 ^ corrected little fixes in query handling in order to get multi lingual compatible 2397 + Added system bot's for better integration of ml support, ssl & multi sites 2398 2399 08-Sep-2005 Rey Gigataras 2400 + Added back Sys Info link in menubar 2401 + Added Changelog link to Help area 2402 ^ Cosmetic change to Toolbar Icon appearance 2403 ^ Cosmetic change to QuickIcon appearance 2404 ^ Toolbar icons now 'coloured' no longer 'greyed out' 2405 ^ Dropdown menu now shows on edit pages but is inactive 2406 # Fixed Newsfeed component generates image tag instead of img tag 2407 # Fixed Joomlaxml: tooltips need to use label instead of name 2408 # Fixed One parameter too many in orderModule call in admin.modules.php 2409 # Fixed inabiility to show/hide VCard 2410 # Fixed Mambot Manager filtering 2411 2412 08-Sep-2005 Alex Kempkens 2413 + mosParameter::_mos_filelist for xml parameters 2414 ^ mos_ table prefix to jos_ in installation and in some other files. 2415 + added category handling for contact component 2416 + added color adapted joomla_admin template 2417 2418 07-Sep-2005 Andrew Eddie 2419 # Added label tags to mod_login (WCAG compliance) 2420 # Added label tags to com_contact (WCAG compliance) 2421 # Added label tags to com_search (WCAG compliance) 2422 # Added label tag support to mosHTML::selectList (WCAG compliance) 2423 # Added label tag support to mosHTML::radioList (WCAG compliance) 2424 2425 01-Sep-2005 Andrew Eddie 2426 + Added article_separator span after a content item 2427 * SECURITY [ Critical Level ]: Hardened mosGetParam by using phpInputFilter for NO_HTML mode 2428 + Added new mosHash function to produce secure keys 2429 * SECURITY [ Low Level ]: Hardened Email to Friend form 2430 2431 31-Aug-2005 Andrew Eddie 2432 + Added setTemplateVars method to admin pageNavigation class 2433 ^ Added auto mapping function to mosAbstractTasker constructor 2434 + Added patHTML class for patTemplate utility methods 2435 ^ Upgraded patTemplate library 2436 ! patTemplate::createTemplate has changed parameters 2437 - Removed requirement to accept GPL on installation 2438 # Fixed bug in Send New Password function - mail from not defined 2439 # Fixed undefined $row variable in wrapper component 2440 # Fixed undefined $params in contacts component 2441 - Removed unused getids.php 2442 - Removed redundant whitespace 2443 ^ Convert 4xSpace to tab 2444 2445 08-Aug-2005 Andrew Eddie 2446 * SECURITY [ Medium Level ]: Fixed SQL injection bugs in user activation (thanks Enno Klasing) 2447 ^ Encased text files in PHP wrapper to help obsfucate version info 2448 # Changed admin session name to hash of live_site to allow you to log into more than one Joomla! on the same host 2449 # Fixed hardcoded (c) character in web installer files 2450 # Fixed slow query in admin User Manager list screen 2451 # Fixed bug in poll stats calculation 2452 # Updated bug fixes in phpMailer class 2453 # Fixed login bug for nested Joomla! sites on the same domain 2454 2455 02-Aug-2005 Alex Kempkens 2456 * SECURITY [ Low Level ]: Fixed [#6775] Display of static content without Itemid 2457 # Fixed [#6330] Corrected default value of field 2458 2459 2460 ----- Derived from Mambo 4.5.2.3 circa. 17 Aug 12005 ----- 2461 -------------------------------------------------------------------------------------- 2462
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
| Généré le : Wed Nov 21 14:43:32 2007 | par Balluche grâce à PHPXref 0.7 |
|
|