Fork me on GitHub

Search

Donat-O-Meter

Make donations with PayPal!
Stats
Goal: $100.00
Due Date: Jun 30
Gross Amount: $105.00
Net Balance: $100.60
Surplus: $0.60

Donations
Anonymous ($105)Jun-2

Learn XOOPS Core

Local Support

Advertisement

XOOPS Code hosted on SourceForge

Cumulus Tag Cloud

- 2 2.5 2.6 4 6 admin Android AntiHarvesting AntiSpam API Apple Battlefield Blocks Bootstrap Captcha cell chronolabs Clicks Cloud content CĂN demo download Dresses facebook Fat floor Gateway giải Google Guide herre Home Honeypot html5 Human HỘ IP iPhone jQuery Language Law Legal List log Loss module modules Monster new newbb news nhiệt NHÀ online PARK Payment phone PHP Prevention profile project Protector publisher RESIDENCE responsive review Rights rmcommon Room security Sentry Signatures Signed site Smartphone Smarty Smoking Solution Spam stem Studio support tag tdmcreate The Theme themes tháp User userlog web weight xoops Xortify XPayment ZendFramework

New Users

Registering user

# 138871

duhochalo

Welcome to XOOPS!

Archives

News archives

XOOPS 2.5.8 Release Candidate 1 Available

Posted by geekwright on 2016/3/8 18:20:00 (3031 reads) | Posted on XOOPS
The XOOPS Development Team is pleased to announce the release of XOOPS 2.5.8 RC1.

This new version has numerous bug fixes and enhancements. You can download the XOOPS 2.5.8 RC1 release directly from XOOPS/XoopsCore25 on GitHub, or XOOPS Core (Beta Releases)/XOOPS_2.5.8_RC1 on SourceForge.

Please report any issues you encounter with this release so that we can make XOOPS better for everyone. If you are registered on GitHub, just open an issue. We will also monitor the XOOPS forums.


Fixes and Enhancements

Without the contributions of many, this release would not exist. A big "Thank you!" goes to everyone that has contributed. In alphabetical order, the list includes:

- Angelo Rocha
- Cédric MONTUY
- cesagonchu
- Dingjie Yang
- elpaksu
- hyp3rlinx
- luciorota
- mamba
- Peekay
- redheadedrod
- slider84
- timgno
- wppd
- xd9527
- zyspec

View the full change log here: https://github.com/XOOPS/XoopsCore25/b ... C1/docs/changelog.250.txt

Lots of effort has been put into making XOOPS better cleaner, safer and more compliant with current standards and best practices.


Security

This release includes fixes for multiple issues (CSRF, weak password hash, and directory traversal) reported by hyp3rlinx. Also, fixes for a potential privileged information disclosure issue reported by Cédric MONTUY.

Passwords are now hashed using PHP's password_hash() function. A library that brings compatibility to users with PHP versions earlier than 5.5 is included.

The new XMF library (see below) includes support for JWT, which can be very useful in securing AJAX and REST processing.


Ready for PHP 7 Testing

The world of PHP is in constant motion. The recent release of PHP 7 brings with it huge improvements, but also compatibility issues. While XOOPS 2.5.8 supports PHP 5.3.7 through the latest 5.6 release, PHP 7 support should still be considered experimental, and is released for public testing.

MySQL support using the mysql extension has been deprecated for quite a while, and PHP7 removes it completely. XOOPS 2.5.8 now uses the mysqli exclusively. Any database access using standard calls to the XoopsDatabase classes will use the newer mysqli extension. Some modules are using direct database calls through PHP mysql_* functions. These will continue to work under PHP 5, but it is recommended that module developers consider remediation of any such calls.

Another thing that changes in PHP 7 is "All of the E_STRICT notices have been reclassified to other levels." In previous XOOPS versions, E_STRICT warnings have been suppressed when using the debugging logger. These are no longer suppressed to give developers insight into what may need to be fixed. We've tried to make sure XoopsCore runs clean, but modules may produce debugging output you have not seen with earlier versions.

Custom administration themes may have issues due to a long existing bug in the XoopsSystemGui::validate() definition.


XMF Included

XOOPS Module Framework library, the XMF library, is now included, and is used in the core in several places. XMF is a library of standard classes useful in module development. It can be very useful in the near future, as all of its classes are forward compatible with the next generation of XOOPS.

Developers can learn more in the XMF Cookbook, and may want to look at the Xmfdemo module on GitHub.


Upgrade Required

There are database changes with this version. There are no new requirements for a fresh installation, but for updating an existing system, follow the recommended upgrade process. In a nut shell:

- Make a full backup of site files and database. (We've done lots of testing, but it is always best to be safe.)

- Copy the contents of the distribution htdocs directory into your web root directory.

- Copy the contents of htdocs/xoops_lib to your relocated/renamed xoops_lib as applicable.

- Copy the distribution upgrade directory into your web root directory.

- Point your browser to http://your-site-url/upgrade/ and follow the prompts.

- Log in and step through any needed updates.

- At the end, follow the link to upgrade the system module.

- Also update pm, profile and protector modules if installed.

- Remove the install and upgrade directories from your web root.

Your site should be ready to use.


--------------------------------------------------------

NOTE: Work continues on our next major release of XOOPS! To see what's coming, please check out our GitHub code repositories:

- XOOPS 2.6.0 Core

- XOOPS 2.6.0 Modules

- XOOPS 2.6.0 Roadmap


and especially the great work Eduardo (bitcero) is doing on:

- XOOPS 2.6.0 Enhanced Admin GUI


Please also check out our other Github repositories:

- XOOPS Documentation

- XOOPS current Themes

- XOOPS 2.5.x Modules

- XOOPS 2.0.14+ Themes, 3 columns

- XOOPS 2.0.14+ Themes (2 columns)

- XOOPS Theme Archive (Themes for XOOPS < 2.0.14)

- XOOPS Modules Archive



Printer friendly page Send this story to a friend Create a PDF from the article
Bookmark Me
Bookmark to Google Plus
The comments are owned by the author. We aren't responsible for their content.

Thanks, Richard for all your hard work on this!

As always great work, and I'll be testing in the next days and weeks, and hopefully others will do the same, so we can ensure that we have a very solid XOOPS 2.5.8
Published: 2016/3/8 20:21 • Updated: 2016/3/8 20:21
Wow!
"XMF Included": this is an important step!
Published: 2016/3/9 3:28 • Updated: 2016/3/9 3:28
Quote:
"XMF Included": this is an important step!

Yes, it is!

Richard did a great job building upon the awesome work done by Trabis. We'll be using XMF to migrate our current modules to XOOPS 2.6.0

Once there, we'll start converting them to RMC GUI that Eduardo is working on..

The nice thing is that slowly all the pieces of the puzzle are starting to fall in the right places!!!
Published: 2016/3/9 4:44 • Updated: 2016/3/9 4:44
thanks for the upgrade but

After updating from the latest 2.5.7.2 to this the famous white page :P

I can reach the admin panel by user.php and admin.php but main page left blank, i can reach some modules but publisher, exgallery,newbb and some other gives a white page, nothing in the errorlog of apache so im lost

Using php 5.3 (i want to upgrade to 5.5 but xoops give me problems with some Turkish caracters so update to 5.5 is not a option now)

EDIT:
Also see protector module error:
Configuration Check
Minimum PHP required: 5.5 (your version is 5.4.45)
Minimum XOOPS required: 2.5.8 (your version is 2.5.8.0_RC1)
Published: 2016/3/9 14:37 • Updated: 2016/3/9 15:31
Sorry this happened. Based on your first report, I did some digging and think I've found an issue that could be a likely cause. I need a little more digging to be sure. I'll post again as soon as I am sure of the findings and impact.

I suspect the protector version requirement is in error. I know it runs in 5.3 and up. I'll check on that, too.

Again, sorry you had these issues, but thanks for testing and reporting!
Published: 2016/3/9 17:46 • Updated: 2016/3/9 17:46
This is an issue I found. It may be the same as your issue.

The symptom is a lock up on white screen (no page returned for extended period of time.)

The system under test had the latest release of publisher 1.02 Final installed. (It is possible that other modules could trigger this same issue. But the very latest publisher is the only one I have found so far.)

If you can look at the server resources during the white screen lock up, you will see high cpu usage until the task is terminated due to excess resource use. Not good

If this sounds like it could be your situation, the fix is in the master branch on GitHub. You can grab a zip file version version here, or use git to clone the repository.

It this doesn't match your circumstance, we need to do more investigation. Probably starting with a full list of what modules are installed, with versions if possible.

----------------------------------------------------------------------

For the technically curious, here it the root cause of the issue described above.

Certain mysqli_fetch_* calls and their corresponding mysql_fetch_* calls return different values when the end of data is reached. The first set returns null, while the latter returns false.

Callers which check for the explicit return value of a boolean false, do not recognize the return value of null as the end, and keep going.

Checking the return by type and value is strongly recommended by the experts, precisely to prevent this kind of issue. Unfortunately, most XOOPS code is checking these return values loosely. The values of false, 0, 0.0, null, '', '0', and array () all will evaluate to false if not checked by type. This allows errors such as this to slide through lots of testing, but fail in other situations.

The fetch methods in XoopsMySQLDatabase were modified to always return false on reaching the end of cursor. False is our choice and intention in that case, and it is now documented as such in the code.

We are steadily improving XOOPS, but it is a long process. Ironically making things stronger sometimes breaks them, but only for a little while. That is why we need help testing.

Thanks!
Published: 2016/3/9 21:54 • Updated: 2016/3/9 21:54
Hi Geekwright thanks for explaining, the problem persist, i can reach publisher by going directly to /modules/publisher but exgallery , newbb , orbutairis en so still not reachable also main page gives white page
Published: 2016/3/10 17:36 • Updated: 2016/3/10 17:36
I did some testing of XOOPS 2.5.8, and installing blocks in step 10 when inserting data, timeout and white page. some tables are filled (groups) the other not (users).
By refreshing the page it looks to pass, but it's not reassuring, but the table "users" is finally busy. It can be held in my config.

I use uniformserveur (php 7.0.4, mysql
uniformserver

Important on Windows: to use this server you also need to install
Vc_redist_x64/x86.exe
and not the 64bit x86 version

In an initial survey, I have not encountered abnormality, the interface is virtually identical to the previous, but with the disappearance of shortcut icons that were right under the blindfold.

I created a group, but not create a user.

Installing XoopsFaq v 3.01 module.
Installation ok, but not add categories or questions, error message:
[Code] Error: Exception: Call to undefined method XoopsfaqCategory :: XoopsObject () [/code]

He will probably have to adapt once again the modules.
So much for my first investigations
JJDai (Sorry for my gogogle translated )
Published: 2016/3/11 3:01 • Updated: 2016/3/11 5:50
Thanks for the report.

Quote:

I did some testing of XOOPS 2.5.8, and installing blocks in step 10 when inserting data, timeout and white page. some tables are filled (groups) the other not (users). By refreshing the page it looks to pass, but it's not reassuring, but the table "users" is finally busy. It can be held in my config.

I use uniformserveur (php 7.0.4, mysql


Every test I've done so far suggests this is an issue with your stack. The step has not had a significant increase in complexity over the previous version, and it consistently runs in a short time in multiple stacks. There could be some unusual load on the windows system, or some mis-configuration. I'll try and take a look at uniformserver when I get a chance. But it is likely going to require changes to the uniformserver setup or the host.

The module issues you mentioned should be fixed in the RC2 release that you can now download from
XOOPS/XoopsCore25 on GitHub, or XOOPS Core (Beta Releases)/XOOPS_2.5.8_RC2 on SourceForge.
Published: 2016/3/12 0:04 • Updated: 2016/3/12 0:04
Ok thanks, JJDai
Published: 2016/3/12 12:57 • Updated: 2016/3/12 12:57
I did a little testing today on uniformserver.

It timed out on step 10 of the install as you said, after maybe two minutes (I didn't measure precisely.) It appears that it stopped for me part way through inserting the system config values. That would leave the system in a pretty unstable state.

I shut down uniformserver, and installed WAMP. A fresh install completed without problems. The same step 10 finished in less than 5 seconds, from clicking button until the next page completely displayed. This was using PHP 7 and MySQL 5.7.

This leads me to conclude there seems to be a terrible issue with uniformserver itself.

Thanks again for reporting your findings.
Published: 2016/3/12 14:16 • Updated: 2016/3/12 14:16