XOOPS: XOOPS 2.2.4 Patch released

Posted by: Herkoon 2006/1/23 7:00:00 20448 reads
The XOOPS development team is pleased to announce the availability of the XOOPS 2.2.4 Patch release. This is a maintenance release that fixes many bugs and features some security enhancements. Thus, is it HIGHLY recommended to every XOOPS 2.2.x user to upgrade to this version as soon as possible.

Click here to get the latest Patch release.

UPGRADE INSTRUCTIONS
====================
Please read this part carefully. The contents of the xoops-2.2.3a-to-2.2.4/HTML/ folder need to be copied to your website's root folder, overwriting the original XOOPS 2.2.3a files. Do not upgrade with this patch when using an older version of XOOPS!
If you are not using this to upgrade the full XOOPS 2.2.3a package to XOOPS 2.2.4, you are advised to remove the install/ folder from your server for security reasons.

NOTE: Empty your cache folder or just delete the file "profilefields.tmp" from your cache folder when you apply the patch.

When you have uploaded the patched files, login to your website with your webmaster account and go to modules -> modules admin and click 'update' on the system, PM and profiles modules. This is not absolutely necessary, but will not harm your site.
NOTE: you will get a set of error messages about updating the fields, this is a minor bug in the update script where it provides the wrong output. It should say 'Update field *** skipped'. This message will be displayed only once, and will not display when the profilefields.tmp file is removed from the cache folder.

Please note that the RSS time in ROOT/language/english/local.php has been changed to take into account the time zone. You might want to change your own language file to fix the same bug.

Changelog:
==========
- Security fix: sanitizing $xoopsConfig["language"]: multiple files (phppp)
- Fixed reference-related issue, partially: multiple files (phppp)
- Fixed aged HTML tag errors: multiple files (phppp)(*)
- Fixed bug that not check verification password for user registration: ROOT/modules/profile/register.php (phppp/tester)
- Fixed Bug #1340925 - Mailing a selection doesn't work correctly (Mithrandir/pinchecl)
- Fixed Bug #1346904 - XMT theme - 404 message (Mithrandir/Peter777)
- Fixed profile field treatement error to allow XOBJ_DTYPE_URL clickable: ROOT/kernel/profilefield.php (phppp)
- Reduced file size for cached profile field data: ROOT/kernel/profilefield.php, profile.php (phppp)
- Added missing time offset for calculating time: ROOT/language/english/local.php (phppp)
- Changed rss time to take into account time zone: ROOT/language/english/local.php (phppp)
- Fixed bug that a user could read any message via message ID: ROOT/modules/pm/readmsg.php (phppp)
- Fixed url error: ROOT/modules/pm/templates/pm_viewmsg.html (phppp)
- Fixed bug that webmaster could not access inactive user info: ROOT/modules/profile/userinfo.php (phppp)
- Fixed bug that user could not change email: ROOT/modules/profile/edituser.php (phppp)
- Fixed bug that profile field value type couldn't be changed: ROOT/modules/profile/include/forms.php (phppp)
- Added rights for admin in user account check: ROOT/modules/profile/include/functions.php (phppp)
- Changed sort for user from name to uname: ROOT/modules/system/admin/groups/groups.php (phppp)
- Fixed bug for censor word update: ROOT/modules/system/admin/preferences/main.php (phppp)
- Fixed bug for template paths: ROOT/modules/system/admin/tplsets/main.php (phppp/wenmingpig)
- Added user profile default values update on system module update: ROOT/modules/system/include/update.php (phppp)
- Changed CSS for font color for user name and text in footer: themedefault (phppp/Steven)
- Fixed url bug: ROOT/modules/system/admin/templates/system_imagemanager2.html (phppp)
- Added single quote sanitizing: ROOT/pda.php (phppp)(*)
- Added charset setting: ROOT/header.php (phppp)
- Added URL sanitizing: ROOT/search.php (phppp)(*)
- Fixed error messages: ROOT/lostpass.php (phppp)
- Fixed user login redirect error: ROOT/user.php (phppp, reported by Anne)
- Forced disabling gzip_compression: ROOT/class/theme.php (phppp)
- Added sanitizing for meta footer: ROOT/class/theme.php (phppp)
- Added $xoopsModule check: ROOT/class/theme.php (phppp)
- Changed/Rolledback(partially) "makeclicable",changed censor string process : ROOT/class/module.textsanitizer.php (phppp)
- PHP 5 compatibility: ROOT/class/xml/saxparser.php (phppp)(*)
- Added meta data sanitizing in header: ROOT/include/functions.php (phppp)(*)
- Fixed typo for redirect time, added missing trimmaker for substr, changed userealname to false: ROOT/include/functions.php (phppp)(*)
(*): from XoopsCube