Location: PHPKode > projects > YAXOO - Yet Another XOOps > XOOPS-2.0.13.2/docs/CHANGES.txt
XOOPS v2.0.x Changelog
============================
2005/10/28: Version 2.0.13.2
============================
- SECURITY: Fix to prevent mail headers injection (Skalpa/XOOPS Cube)
- SECURITY: Fix to prevent endless loop in PHPMailer (Skalpa/Minahito)
- SECURITY: Fix to prevent XSS in the textsanitizer (Skalpa/XOOPS Cube)
- SECURITY: Fix to prevent XSS in newbb and the comments system (Skalpa/Keigo Yamazaki of Little eArth Corporation Co., Ltd.)
- SECURITY: Vaporfix to prevent uploading of invalid images (Skalpa/XOOPS Cube)

============================
2005/08/15: Version 2.0.13.1
============================
- Fixed server path disclosure issues on systems with error_reporting enabled (Mithrandir/ajaxbr,Dave_l)

============================
2005/07/02: Version 2.0.13
============================
- Fixed security hole in XML-RPC for both magic_quotes_gpc on and off (Mithrandir/hide@address.com, Onokazu)
- Fixed sanitation in Criteria class for both magic_quotes_gcp on and off (Mithrandir/Onokazu)
- Fixed sanitation bug in include/checklogin.php (Mithrandir)

============================
2005/06/29: Version 2.0.12a
============================
- Fixed bug in comments, where editing a comment would post a new one
- Removed PHP parsing in Saxparser's handleProcessingInstruction() method (Thanks to GIJOE)
- Fixed parse error in modules/newbb/post.php

============================
2005/06/28: Version 2.0.12
============================
- Fixed sanitation bug in include/comment_form.php and include/comment_post.php (Mithrandir/hide@address.com)
- Fixed sanitation bug in class/xml/rpc/xmlrpcapi.php and class/criteria.php (Mithrandir/hide@address.com/XOOPS JP)
- Changed admin.php to fetch news from xoops.org via Snoopy (Mithrandir/XOOPS JP)
- Fixed possible XSS hole in redirect_header (Mithrandir/XOOPS JP)
- Security fixes in pda.php and misc.php (Mithrandir/XOOPS JP)
- Fixed typos in kernel/object.php (Mithrandir/brandycoke)

============================
2005/06/24: Version 2.0.11
============================
- Fixed bug where lostpass.php would not accept emails and send new password (Ackbarr)
- Fixed bug where search result links would be wrong if the item was in another module than the searched one (Ackbarr)
- Fixed bug in groups admin where it was impossible to add users to a group if the site had 200+ users (Ackbarr)
- Fixed bug with uploading smilies (Ackbarr)

============================
2005/04/23: Version 2.0.10
============================
- Fixed typo in newbb/post.php

============================
2005/04/03: Version 2.0.10 RC
============================
- Implemented new token system for validating form origination and increased protection against CSRF (Mithrandir/Onokazu)
- Security fix to avoid the usage of fopen and unlink when previewing (Onokazu)
- Fixed bug - Missing </a> in news/templates/blocks/news_block_bigstory.html (Mithrandir/blacKurd)
- Fixed bug in header.php – assign $xoops_lblocks (Mithrandir/phppp)
- Fixed bug #1087786 Can"t assign to $this in PHP5 (Mithrandir)
- Included 2.0.9.3 fixes in 2.0.10 patch for easy upgrade from 2.0.9.2 (Mithrandir/rowd)
- Fixed bug #1157029 - Bug in include/checklogin.php (Onokazu/sudhaker)
- Fixed bug #1060061 - renderValidationJS showing htmlentities instead of intended characters (Onokazu/theCat)

2005/03/20: Version 2.0.9.3
===============================
- Security fix to prevent uploading of executable files (pokleyzz, GIJOE and the JP XOOPS community)

2004/12/30: Version 2.0.9.2
===============================
- Security fix to prevent session hijacking (thanks goes to GIJOE and the JP XOOPS community)
- Fixed duplicated blocks bug on module update
- phpmailer back to the version included in 2.0.7.3, as it is more stable (onokazu)


2004/12/25: Version 2.0.9
===============================
- Security fix in the newbb module for PHP version < 4.3.10 (GIJOE & onokazu)
- Security fix in the newbb module to prevent XSS attacks (minahito)
- Fixed various problems related to XoopsUser::isAdmin() and $xoops_isadmin patch in 2.0.7.1 (bugs #1014203/#1014403) (onokazu)
- Fixed incorrect parameters being passed to CriteriaCompo in modulesadmin.php (onokazu)
- Fixed incorrect parameters being passed to XoopsXmlRpcStruct::add() in BloggerApi::getUserInfo() (onokazu)
- Fixed Bug #1023022 - XoopsFormDhtmlTextArea and array_push() error (Mithrandir)
- Fixed Bug #1013989 - Inbox title shoud be plural "Private Messages" (Mithrandir)
- Fixed Bug #1004998 - readpmsg.php typo:</th> html tag of subject is nothing (Mithrandir)
- Fixed Bug #1035707 - Enable array type options in blocks (Mithrandir)
- Fixed a typo in include/comment_form.php, patch #1041993 (Dave_l)
- Fixed Bug #1044957 - xoopsmultimailer.php Username typo when SMTP-Auth (Mithrandir)
- Fixed RFE #900348 - Sort user list alphabetically in System -> Groups. Also changed the way it fetches the users in the group so it fetches all of them with 2 queries instead of 1 + (1 per user in the group) (Mithrandir
)
- Added patch #1048384 - mysql_field_name and others, added (Mithrandir)
- Fixed bug #1049017 - Blocks sharing a template are cached wrong (Mithrandir)
- Added patch #1048382 - Module onUpdate function (Mithrandir)
- Fixed bug #989462 - Handler object caching not working (Mithrandir)
- Added RFE #900345 - View/Edit group membership in Admin -> System -> Edit User (Mithrandir)
- Fixed Bug #1055901 - group.php(IN phrase is used ,query) (Mithrandir)
- Fixed bug #1052403 - block update in module update (Mithrandir)
- More fixes for register_globals off in the top 10 page of mylinks/mydownloads modules
- Fixed a typo in modules/xoopsheadline/admin/index.php (onokazu)
- Fixed bug where 2 headline forms were using the same form name/id, causing JS error (onokazu)
- Fixed some html problems in mylinks/mydownloads admin page (onokazu)
- Secured mainfile.dist.php from disclosing paths (Mithrandir)
- Fixed bug #1073029 (onokazu)
- Fixed bug #1073532 (onokazu)
- Fixed bug #1080791 (onokazu)
- Fixed lang phrase _NOT_ACTIVENOTIFICATIONS not being assing to template (onokazu)
- Some PHP5 fixes (Mithrandir)
- Updated Smarty to version 2.6.5
- Updated PHPMailer to version 1.72
 

2004/09/11: Version 2.0.7.3
===============================
!! SECURITY FIX !! fixed more bugs that allowed session hijacking under a certain circumstance (onokazu)


2004/09/10: Version 2.0.7.2
===============================
!! SECURITY FIX !! fixed bugs that allowed session hijacking under a certain circumstance (onokazu)


2004/08/21: Version 2.0.7.1
===============================
Fixed bug #1006511 about $xoops_isadmin misuse (skalpa/the jp.xoops.org community):
- Changed XoopsUser::isAdmin() behavior to prevent problems with modules that misuse this function
- Fixed permission checking in user profile page, to only show admin links to people who are supposed to see them
- Fixed permission checking in the comments system, to only show admin links to people who are supposed to see them
Fixed incorrect escaping of configuration values in 2.0.7 (skalpa)
Changed db proxy class error message from "Action not allowed" to "Database update not allowed during a GET request" (skalpa)
Fixed bug #964084: if comment title is long multi-byte character.last byte loss (Mithrandir/domifara)
Fixed bug #977360: Wrong icon in comment bloc (Mithrandir/zoullou)
Fixed bug #976534: modules incompatibilities in 2.0.7 (Mithrandir/gijoe_peak)
Fixed bug #975803: Typo in class/pagenav.php (Mithrandir/Dave_l)
Fixed bug #974655: slogan variable with Xoops 2.0.7 (Mithrandir/brashquido)
Fixed bug #987171: typo in edituser.php (Mithrandir)
Applied patch #928503: Search results for modules with granted permissions optimised (Mithrandir/malanciault)
Applied patch #988715: cp_header.php language (Mithrandir/phppp)
Fixed MyTextSanitizer PHP notices (Mithrandir)
Fixed XoopsForm PHP Notices about an unset _extra property (Mithrandir)


2004/06/14: Version 2.0.7
===============================
!! SECURITY FIX !! preventing code injection in media uploader (skalpa)
!! SECURITY FIX !! preventing execution of external scripts in shared environments (skalpa/ackbarr)

Fixed bug #963937: Typo in modules/system/admin/findusers/main.php (mithrandir/tom_g3x)
Fixed typo in x2t theme css colteaser class definition (w4z004)
Set formButton class to Xoops popups buttons (w4z004)
Fixed bug #960970: Incorrect display of the graphical pagenav (w4z004)
Modified the Word Censoring fix (#962025) for MySQL 4.x compat (skalpa + quick thx 2 hervet 4 help)
Ensured page title and slogan are escaped for HTML (onokazu)
Fixed bug #961565: Search form keywords not checked by JS (mithrandir/tom_g3x)
Fixed bug #961118 in XoopsFormElementTray::getElements() (mithrandir/luckec)
Fixed bug #961311: Incorrect definition of headers var in XoopsMailer class (mithrandir/tom_g3x)
XoopsForm::assign() now indexes elements by name if possible (mithrandir/kerkness)
Fixed bug #963197: xoopsHiddenText is hardcoded in formdhtmlarea (mithrandir/tom_g3x)
Fixed bug #963301: XoopsMediaUploader checkMaxHeight() doesn't work (skalpa/onokazu)
Fixed bug #963327: XoopsImageHandler delete() keeps rows in imagebody table (skalpa/tom_g3x)
Fixed bug #962025: Word censoring can mess db config options up (skalpa/tom_g3x)
Fixed bug #961313: XoopsMailer custom headers are duplicated (skalpa/tom_g3x)
Fixed bug #960683: [code] wrong translation (skalpa/ryuji+gi_joe)
Fixed snoopy bug due to language specific characters (onokazu)
Fixed a bug preventing deletion of users from the admin user search results (onokazu)
Fixed a bug preventing deletion of admin users (onokazu)
Fixed bug #915976: module onInstall feature doesn't display module messages correctly (skalpa/feugy+dave_l)
Fixed bug #898776: Xoops module resolution for www.host.com and host.com (wulff_dk)
Fixed bug #906282: XoopsGroupPermForm::render() - throws Undefined variable (mithrandir)
Fixed bug #946621: Comments system extra_param not working with register_globals off (mithrandir/gstarrett)
Fixed bug #932200: Admin > Edit user shows wrong username :-(mithrandir)
Fixed bug #936753: $xoops_module_header not in all themes (w4z004)
Fixed bug #921930: SQL queries with leading whitespace don't work (mithrandir)
Fixed bug #920480: xoops_substr always adds three dots (skalpa)
Fixed bug #921448: Undefined variable in xoopscodes.php (skalpa/dave_l)
Applied patch #953063: js Calendar first popup date bug fix (mithrandir/venezia)
Applied patch #953060: xoopstree.php selbox - subcategories not ordered (mithrandir/venezia)
Applied patch #928503: Only show search results for modules with granted permissions (mithrandir/malanciault)
Fixed bug #922152 preventing notifications to work with some Windows configurations (skalpa/robekras)
Fixed bug #930351 preventing XoopsThemeForm::insertBreak() to work
Corrected the content of $xoopsRequestUri on IIS fixing bug #895984 (skalpa)


2/6/2004: Version 2.0.6
===============================
- Removed calls to XoopsHandlerRegistry class (onokazu)
- Fixed loop problem after retrieving a lost password (onokazu)
- Changed all include() calls to include_once() for xoopscodes.php (onokazu)
- Added routines to remove users from the online member list when a user is deleted (onokazu)
- Added parameters to the Critreria class constructor to allow the use of DB functions in SQL criteria (skalpa)
- Added fetchBoth() method to the XoopsDatabase class (skalpa)
- Fixed typos in class/smarty/plugins/resource.db.php (skalpa)
- Refactoring in /class/xoopsform/form.php (skalpa)
- Added some methods to /class/xoopsform/formelement.php to allow the use of accesskey and class attributes in form element tags (skalpa)
- Fixed extra HTML tags not being displayed when using the XoopsThemeForm::insertBreak() method (Catzwolf)
- Changed the default HTTP method of the search form to GET (onokazu)
- Fixed notification constants not being included during installation (onokazu)
- Fixed session data not being properly escaped before inserting to the database (onokazu)
- Some useful changes to the group permission form (onokazu)
- Fixed the block cachetime selection being reset after preview (onokazu)
- Fixed invalid regex patterns used for username filtering, also added fix to allow the safe use of multi-byte characters in username (contributed by GIJOE)
- Fixed bug where some blocks were not being displayed in block admin page on certain occasions (onokazu)
- Fixed the problem of system admin icon disappearing on certain occasions (onokazu)
- Fixed the errorhandler class to check the current error_reporting level before handleing errors (onokazu)
- Re-activated the errorhandler class (onokazu)
- Updated class/Snoopy.php to the latest version, v1.01 (onokazu)
- Fixed a typo in kernel/online.php (onokazu)
- Added some useful functions to include/xoops.js (skalpa)
- Fix for Opera in include/xoops.js (onokazu)
- Fixed user bio and signature values causing corruption in the edit profile form on certain occasions (onokazu)
- Fixed the module name being reset to the default value after module update (onokazu)
- Fixed invalid regex patterns in xoopslists.php (onokazu)
- Fixed a few issues with register_globals setting
- Fix for the auto-login feature (not activated)
- Fixed image categories not being displayed in the order set by admin (onokazu)- Fixed a typo in kernel/config.php (onokazu)
- Fixed comments not being displayed in the order as requested (onokazu)
- Fixed the mailer class not setting some header values (onokazu)
- Fixed chmod problem in class/uploader.php
- Fixed magic_quotes related problems in class/uploader.php
- Fixed notification routines causing a fatal error while trying to notify non-existent users (onokazu)
- Added fix to convert &amp; to & within mail messages (onokazu)
- Fixed html special characters causing problem when submitting a new module name (onokazu)
- Fixed javascript error in mailuser form (onokazu)
- Fixed javascript error in calendar date select form
- Added a new Smarty function <{xoops_link}> (skalpa)
- Added check to prevent webmaster user/group from being removed completely (contributed by Ryuji)

newbb
- Security fix in modules/newbb/viewtopic.php (onokazu)
- Security fix in modules/newbb/viewforum.php (onokazu)
- Added register_globals related fix to topicmanager.php (onokazu)
- Fixed topic moderation icons not being displayed for moderators in templates/newbb_thread.html (onokazu)
- Fixed topic time not being displayed in recent posts block on certain occasions in blocks/newbb_new.php (onokazu)
- Added fix to correctly navigate to the requested post even when the post is not on the first page of flat view (contrib by GIJOE in class/forumpost.php, viewtopic.php, viewforum.php)

sections
- Added missing global variable declarations to index.php (onokazu)

mydownloads
- Added register_globals related fix to modfile.php (onokazu)

news
- Added fix to always display published date in each article (onokazu)
- Added missing ?> at the end of file in xoops_version.php (onokazu)
- Some fixes in admin/index.php

xoopspolls
- Fixed color bar selections not working when creating/editing a new poll (onokazu)

xoopsmembers
- Fixed 'more than X posts' not working when set to 0 (onokazu)
- Added a new language constant to language/english/main.php (Catzwolf)
- Removed invalid HTML tags in templates/xoopsmembers_searchresults.html (Catzwolf)
 

1/5/2004: Version 2.0.5.2
===============================
- Security fix in modules/mylinks/myheader.php
- Security fix in modules/mylinks/visit.php
- Security fix in modules/mylinks/admin/index.php


11/22/2003: Version 2.0.5.1
===============================
- Added $option parameter to xoops_gethandler function (skalpa)
- Security fix in banners.php (onokazu)
- Security fix in modules/newss/include/forumform.inc.php (onokazu)
- Security fix in include/common.php (onokazu)
- Temporarily disabled XoopsErrorHandler class (onokazu)
- Security fix in include/functions.php (onokazu)
- Removed XoopsHandlerRegistry class (onokazu)
- Added fix for preventing users entering infinite loop when recovering a lost password (onokazu)


10/8/2003: Version 2.0.5
===============================
- Fixed template files not being updated even when the 'allow update from themes directory' option was enabled in preferences
- Fixed RSS channel title being cutoff at special characters
- Minor bug fix in pagenav.php
- Fixed blocks disappearing from the block admin page on certain occasion
- Additional fixes to work with register_globals off
- Fixed problem with XoopsCode Img button not working on certain occasion
- Added missing SQL query in kernel/avatar.php
- Fixed problem with the newbb module where users could post without a thread title on certain occasion
- Fixed problem in banner admin page where banner edit form not being displayed on certain occasion
- Fixed group selection option in the blocks admin page not being selected on certain occasion
- Fixed poll option textbox forms not displaying the correct values
- Fixed show all link in user profile page not working in 2.0.5RC
- Additional phrases in language/english/global.php(_NOTITLE), language/english/search.php(_SR_IGNOREDWORDS), install/language/english/install.php(_INSTALL_L128, _INSTALL_L200)
- Added check in install/index.php to read $HTTP_ACCEPT_LANGUAGE on initial load


9/30/2003: Version 2.0.5 RC
===============================
- Fixed email checking bug mentioned in http://www.xoops.org/modules/newbb/viewtopic.php?topic_id=12288&forum=2 (mvandam)
- Fixed a number of bugs in blocks admin page (onokazu)
- More usability fix in blocks admin page (onokazu)
- Fixed forum topic links to correctly use the # feature in url (onokazu)
- Fixed password checking bug mentioned in http://www.xoops.org/modules/newbb/viewtopic.php?topic_id=12301&post_id=49369&order=0&viewmode=flat&pid=49203&forum=21#forumpost49369
- Fixed database connection error when creating database during install (onokazu)
- Fixed mb_output_handler causing problems in backend.php/image.php/downloader (onokazu)
- Fixed search feature to use GET requests for prev/next/showall links (onokazu)
- Register_globals related fix in /include/comment_post.php (contrib by gstarrett)
- Added $xoopsUserIsAdmin global variable (onokazu)
- Added xoops_getLinkedUnameById function to /include/functions.php (Catzwolf)
- Fixed invalid Smarty tags in /modules/system/templates/system_siteclosed.html, /modules/system/templates/system_redirect.html, /modules/system/templates/system_imagemanager2.html (onokazu)


9/19/2003: Version 2.0.4
===============================
- XOOPS_CACHE_PATH, XOOPS_UPLOAD_PATH, XOOPS_THEME_PATH", XOOPS_COMPILE_PATH, XOOPS_THEME_URL, XOOPS_UPLOAD_URL are now set in include/common.php (onokazu)
- Added [siteurl][/siteurl] tag to XoopsCode (mvandam)
- Fixed a typo in class/uploader.php (onokazu)
- Fixed some redirect problems after login (onokazu)
- registre_globals fix in include/comment_view.php (onokazu)
- Xoops.org news is disabled by default in the admin section (onokazu)
- Added a new error handler class (class/errorhandler.php) (mvandam)
- Fixed XoopsGroupPermHandler returning duplicate permissions (onokazu)
- Fixed block-disappearing problem in blocks admin (onokazu)
- Fixed typo in kernel/notification.php (mvandam)
- Added XoopsGuestUser class in kernel/user.php (onokazu)
- Fixed newbb module to correctly use the # feature in URL (onokazu)
- Improved usability in blocks admin section
- Reduced number of users to display in group/edituser page to max 200 users (onokazu)
- Fixed bug where admins could add users with a existing username (onokazu)
- Added files for module developers to easily add group permisson feature (modules/system/groupperm.php, class/xoopsform/groupperm.php) (onokazu)
- Fixed typo in register.php (onokazu)


6/17/2003: Version 2.0.3
===============================
- fixed CSS related bug in global search page
- register_globals bug fix in comments
- Smarty updated to 2.5.0
- fixed typo in kernel/object.php
- fixed group permission bug
- fixed bug where image categories were deleted after group permission update
- fixed bug where user votes could not be deleted in the mylinks module
- fixed some language typos
- changed XoopsGroupPermHandler::getItemIds to accept an array fot the second parameter (gperm_groupid), which was required in certain places..
- removed avatar image files


4/25/2003: Version 2.0.2
===============================
- security fix to prevent malicious cross site scripting attacks (onokazu)
- fixed character encoding problem for some languages when using the mailer class (onokazu)
- fixed some major bugs in the xoopsheadline module (onokazu)
- fixed some cookie related problems in the forums module (mvandam)


4/18/2003: Version 2.0.1
===============================
- fixed bug where notification feature could not be turned on
- fixed character encoding problem for some languages when using the mailer class (onokazu)
- fixed the theme selection block to work again
- fixed typo in kernel/module.php
- fixed incorrect table name in xoops_version.php of the new headline module
- changed max limit size of some columns in the configoption table
- fixed image manager bug when using db store method
- xoops.org can now be disabled by adding nonews=1


4/16/2003: Version 2.0.0
===============================
- xoopsheadlines module replaced with xoopsheadline module to fix character encoding problems
- numerous bug fixes


3/19/2003: Version 2.0.0 RC3
===============================
- a major change in the handling of theme files, the detail of which you can read in this [url=http://www.xoops.org/modules/news/article.php?storyid=677]article[/url] (onokazu)
- a new global notification feature that can easily be incorporated into modules (that use Smarty) by only modifying xoops_version.php and template files (mvandam)
- SMTP support using phpMailer (bunny)
- group permission tables merged into one table (onokazu)
- code refactoring


2/9/2003: Version 2.0.0 RC2
===============================
A bug fix release..
- avatar upload bug
- themeset image upload bug
- register_globals fix
- recommend us block error
- error message displayed upon submit of news article
- page navigation bug in some modules
- blank page bug on some servers
- SQL displayed in blocks admin


1/31/2003: Version 2.0.0 RC1
===============================
The first public release of 2.0 series.
For new features that have been added from 1.3.x, please refer to 
the articles listed below:
http://www.xoops.org/modules/news/article.php?storyid=486
http://www.xoops.org/modules/news/article.php?storyid=549
http://www.xoops.org/modules/xoopsdocs/index.php?cat_id=6
Return current item: YAXOO - Yet Another XOOps