XOOPS: XOOPS 2.0.18 Released

Posted by: phpppon 2007/12/30 17:25:06 21103 reads The XOOPS development team is pleased to announce the release of XOOPS 2.0.18.

This is mainly a security fix release. Some main changes include:
- Added sanitizing to integer parameters before being used in DB query to avoid SQL injection
- Added sanitizing to XOOPS form elements to avoid XSS
- Added theme "zetagenesis" as experimental step towards XOOPS 3.0 theme engine
- Improved permission check in comments

Read the full changelog for details.

Get XOOPS 2.0.18 from xoops.org:
https://xoops.org/modules/core/


NOTE: Upon irmob's report, the upgrade packages have been modified. Check details inside.


System requirements
-----------------------------------

PHP
Any PHP version >= 4.3 (PHP 4.2.x may work but is not officially supported)
MySQL
MySQL server 3.23+
Web server
Any server supporting the required PHP version (Apache highly recommended)


Downloading XOOPS
-----------------------------------

Your can get this release package from the sourceforge.net file repository.
Both .zip and .gz archives are provided.


Installing XOOPS
-----------------------------------

1. Copy the content of the htdocs/ folder where it can be accessed by your server
2. Ensure mainfile.php, cache, templates_c and uploads are writable by the webserver
3. Access the folder where you installed the htdocs/ files using your web browser to launch the installation wizard


Upgrading from a previous version
-----------------------------------

Upgrading from XOOPS 2.0.17.1 (easy way)
1. Get the update package from the sourceforge file repository
2. Overwrite your existing files with the new ones

Upgrading from XOOPS 2.0.14/2.0.15/2.0.16/2.0.17.* (using the full package)
1. Move the "upgrade" folder inside the "htdocs" folder (it's been kept out as it's not needed for full installs)
2. Delete htdocs/mainfile.php, htdocs/install/, htdocs/cache/, htdocs/extras/, htdocs/template_c/, htdocs/themes/ and htdocs/uploads/
3. Upload the content of the htdocs folder over your existing files
4. Access /upgrade/ with a browser, and follow the instructions
5. Follow the instructions to update your database
6. Delete the upgrade folder

Upgrading from any XOOPS ranging from 2.0.7 to 2.0.13.2 (using the full package):
1. Move the "upgrade" folder inside the "htdocs" folder (it's been kept out as it's not needed for full installs)
2. Delete htdocs/mainfile.php, htdocs/install/, htdocs/cache/, htdocs/template_c/, htdocs/themes/ and htdocs/uploads/
3. Upload the content of the htdocs folder over your existing files
4. Delete the following folders and files from your server (they belong to an old version):
* class/smarty/core
* class/smarty/plugins/resource.db.php
5. Empty the templates_c folder (except index.html)
6. Ensure the server can write to mainfile.php
7. Access /upgrade/ with a browser, and follow the instructions
8. Write-protect mainfile.php again
9. Delete the upgrade folder
10. Update the "system" module from the modules administration interface


Files integrity check
-----------------------------------

The full XOOPS package is released with a script able to check if all the system files were correctly uploaded to the server. To use it, follow these instructions:

1. Upload the checksum.php and checksum.md5 files located in the XOOPS package root to your XOOPS server folder (putting them next to mainfile.php).
2. Execute checksum.php with your browser
3. If necessary, re-upload the missing or corrupted system files
4. Remove checksum.php and checksum.md5 from your server


NOTE:
Reported by irmob, mainfile.php was included in upgrade package of xoops-2.0.17.1-to-2.0.18.tar.gz and xoops-2.0.17.1-to-2.0.18.zip, which should be removed. The upgrade packages have been corrected.
We are sorry for the mistake.