XOOPS: Xoops 2.0.10 Beta 2 Released

Posted by: MithrandirOn 2005/3/27 20:06:58 7756 reads
Thank you goes out to everyone in the XOOPS community who have tried the first beta version of XOOPS 2.0.10

There were some bugs that weren't fixed and a couple of new ones introduced in this version that we try to remedy with the beta 2 release.

XOOPS version 2.0.10 beta 2 is a security-improving release that lessens the use of fopen with URLs and brings a completely new tool for securing modules against CSRF attacks: The XoopsSecurity class. See the first beta announcement for a description of the token system.

This is still a beta, since the token system still needs some testing, but provided we get enough positive feedback, a final 2.0.10 release should be released within 1-2 weeks.

This release contains files for the core-included versions of News and Newbb (1.1 and 1, respectively). If you use Newbb 2 and/or News 1.2 or later, you should not upload the files in modules/news and modules/newbb as they will mess up these modules.

Xoops 2.0.10 Beta 2 Full (.tar.gz)
Xoops 2.0.10 Beta 2 Full (.zip)
Xoops 2.0.9.2/2.0.9.3 to 2.0.10 Beta 2 Patch (.tar.gz)
Xoops 2.0.9.2/2.0.9.3 to 2.0.10 Beta 2 Patch (.zip)


Note to module developers using popup windows
Your module may show erratic behaviour when using the javascript function openWithSelfMain() in a HREF tag. This is because the popup window object is now returned from the function and can result in the main window being replaced with a white page with the words [Object Window]. If you encounter this, add "void " (without quotes) between "javascript:" and "openWithSelfMain" in the HREF tag.

(edit: Don't pay attention to that, it will be changed for the final version, so it doesn't impact on modules)

2005/03/27: Version 2.0.10 Beta 2
============================
- Fixed bug in header.php – assign $xoops_lblocks (Mithrandir/phppp)
- Fixed bug #1087786 Can"t assign to $this in PHP5 (Mithrandir)
- Fixed bug where blocks without templates were not showing content (Mithrandir)
- Fixed bug where redirect screen was showing HTML (Mithrandir/Wanikoo)
- Fixed bug - Image manager not storing categories (Mithrandir/StudioC)
- Fixed bug - Search not submitting (Mithrandir/Gruby)
- Fixed bug - Popup changes main window (Mithrandir/zimmi88)
- Added more vars to $bad_globals in XoopsSecurity::checkSuperglobals() (Mithrandir/Wanikoo)
- Deprecated xoops_refcheck() function (Mithrandir)
- Included 2.0.9.3 fixes in 2.0.10 patch for easy upgrade from 2.0.9.2 (Mithrandir/rowd)

2005/03/25: Version 2.0.10 Beta
============================
- Security fix to avoid the usage of fopen and unlink when previewing (Onokazu)
- Fixed bug #1157029 - Bug in include/checklogin.php (Onokazu/sudhaker)
- Fixed bug #1060061 - renderValidationJS showing htmlentities instead of intended characters (Onokazu/theCat)
- Implemented new token system for validating form origination and increased protection against CSRF (Mithrandir/Onokazu)