XOOPS: [UPDATED] XOOPS 2.2.3 Final Released

Posted by: MithrandirOn 2005/10/30 8:50:00 53381 reads

============================
2005/10/30: Version 2.2.3 Final
============================
- SECURITY: Fix to prevent mail headers injection (Skalpa/XOOPS Cube)
- SECURITY: Fix to prevent endless loop in PHPMailer (Skalpa/Minahito)
- SECURITY: Fix to prevent XSS in the textsanitizer (Skalpa/XOOPS Cube)
- SECURITY: Fix to prevent XSS in newbb and the comments system (Skalpa/Keigo Yamazaki of Little eArth Corporation Co., Ltd.)
- SECURITY: Vaporfix to prevent uploading of invalid images (Skalpa/XOOPS Cube)

- Added fallback in Authfactory to use XOOPS auth in case of the selected method's class file is inaccessible (phppp)
- Changed quoteString() to put ' on all non-integers instead of just all strings (Mithrandir)
- Changed XTheme::display() to use caching correctly and set page title and module header from $xoopsOption (phppp)
- Fixed typo in XTheme::addCSS where <script> was used instead of <style> (phppp)
- Added explanatory comments in XTheme::loadTheme and fixed $xoopsRequestUri to the correct $_SERVER['REQUEST_URI'] (phppp)
- Added missing global declaration of $xoopsLogger in XTheme::checkCache() (phppp)
- Fixed typos in class/xml/xmlatomparser.php and modules/profile/search.php (phppp/ymbo @ Xoops China)
- Added patch #1267386 - Group perm form improvement (phppp/zoullou)
- Added {LOGINNAME} to mailer string-replace routine (Mithrandir)
- Fixed bug #1285967 - bug withhttp://IP:PORT/ configured sites, XoopsSecurity::checkReferer now takes the port into consideration (phppp)
- Added global declaration of $xoopsTpl in footer.php (phppp)
- Changed include/checklogin.php to disallow everyone with a level below 1 instead of equalling zero (disabled users have level -1) (Mithrandir)
- Cosmetic changes in xoops_confirm() function in include/functions.php (phppp)
- Fixed bug/typo in include/functions.php function xoops_array_diff_assoc() (phppp)
- Fixed bug in system installation where login, main menu and user menu blocks were not created correctly (Mithrandir)
- Added pre-selected modules for the step of module selection and language files for the step of module installation (phppp)
- Block bid assignment added so both block and instance has the right value for bid in XoopsBlockInstanceHandler::getLinkedObjects() (phppp)
- Modified kernel/module.php regexp for page detection in getCurrentPage() (phppp)
- Changed order of error messages in module installation (phppp)
- Fixed bug in kernel/module.php where config unused options would not be removed if a config has no options any more (phppp)
- Fixed bug in kernel/object.php where whereclause is wrongly generated for multiple keyname (phppp)
- Fixed missing language definition for profile edit by adding multi-languge processing for profile fields in kernel/profilefield.php (phppp)
- Added missing process for forcing update profile data in kernel/profilefield.php "function loadFields" (phppp)
- Changed custom time computation in XoopsLocal class language/english/local.php (phppp)
- Fixed lostpass.php to properly set new password when clicking on e-mailed link (Mithrandir)
- Fixed bug #1276917 - 2.2.3: Edit User won't save Group change
- Fixed bug #1262813 - Add User, some fields are reset when error occur (Mithrandir/marook)
- Added password length check in modules/profile/register.php (phppp/Aries)
- Modified error message rendering in modules/profile/register.php (phppp)
- Fixed bug #1250347 - search in profiles doesnt work properly (Mithrandir/irmtfan)
- Fixed bug #1247398 - Error in modules/profile/search.php (Mithrandir/edomch)
- Added button to change password in user profile (phppp)
- Fixed bug in system/admin/banners/main.php where it was impossible to edit banner clients (Mithrandir/Peekay)
- Fixed bug #1253289 - Can't make blocks invisible (Mithrandir/barrycooper)
- Added safety in blocks administration for blocks that come from modules that no longer exist (database inconsistency) (Mithrandir)
- Added safety in template administration for templates that come from modules that no longer exist (database inconsistency) (Mithrandir)
- XHTML Fix in XMT theme (phppp)
- Added overflow treatment for xoopsCode/xoopsQuote (phppp)
- Added update procedure to System module update, where blocks and templates without corresponding modules will be removed (Mithrandir)
- Fixed deprecated variable ("name" => "uname") in system/blocks/system_blocks.php function b_system_info_show() (phppp)
- Added Patch #1281295 - wrong error_reporting in smilies administration (phppp/birdseed)
- Fixed bug in system/admin/modulesadmin/modulesadmin.php where configuration categories were not removed on module uninstallation (Mithrandir)
- Fixed bug in system/admin/modulesadmin/modulesadmin.php where block templates could remain in the database after module uninstall (Mithrandir)
- Interface improvements in module installation (phppp)
- Changed XoopsFormSelectUser constructor signature to follow convention from XOOPS 2.0.x (Mithrandir)
- Moved hidden fields from bottom of <form> tag to the top in XoopsThemeForm::render() for backwards compatibility and XHTML compliance (Mithrandir)
- Changed XOOPS_URL detection and checking during installation to require an absolute URI and not a relative one (Mithrandir)
- Fixed the mysql class quoteString() so it unconditionnally quotes the parameter again (back to 2.0.x behavior) (Skalpa)
- Fixed handling of array vars in XPOH insert and insertAll (Skalpa)
- Fixed bad references use in XoopsObject and XOPH classes (Skalpa)
- Fixed bad references use in sanitizer (Skalpa)
- Fixed bad references use in installer sanitizer (Skalpa)
- Fixed user search in Extended Profile module, when searching for values in select and radio type fields (Mithrandir/miscellone)
- Fixed Bug #1294569 - Magic Quote Issue when registering users, additional slashes were added (Mithrandir/Monique)
- Fixed bug where profiles would not be deleted on user deletion (Mithrandir)
- Added routine to System Module update to set default values for comments, timezone and theme fields to system values (phppp)
- Fixed Bug #1298674 - Block caching isn't running (Mithrandir/mcleines)
- Fixed Bug #1303864 - Delete user account frontside(Mithrandir/MarcoFr)
- Fixed Bug #1303810 - Main admin account deletion control 2.2.3RC2 (Mithrandir/MarcoFr)
- Fixed Bug #1262806 - 2.2.x: Default TZ is not used in Add User (Mithrandir/Marook)
- Fixed Bug #1306176 - 2.2.3RC2 - User update fails (Mithrandir/rlinfoot)
- Changed module installation and update routine so it now halts, when xoops_module_pre_xxx function fails (Mithrandir)
- Fixed security problem in Koivi editor (phppp/Marijuana)