Close
dadaIMC Auto-Update Announce
[dadaIMC Auto-Update]Auto-Update 14 Nov 2005
Another new Auto-Update release, covering security patches, bug
fixes, and various cosmetic improvements. Since this release contains
patches to close security holes, all .99 users are encouraged to
upgrade as soon as possible.
Highlights:
Better handling of Feeder updates and display
Added support for thumbnails in Remote Distribution (see Admin->Site
Prefs->Misc:Media Gallery->Distribute Thumbs)
Numerous obscure but vulnerable Javascript-related security holes
have been closed
Improved parse_for_links() code that turns URLs into clickable links
Improved cache-control headers
Minor tweaks to the new Stylesheet editor
Again, and in general, the best strategy for updates is to update any
files in /dt_classes/ and /mods/autoupdates/ by themselves, then
update the rest of the files in a separate step. This is because
changes in dt_classes and autoupdates can affect the functionality of
automatically-executed update.inc files in other modules.
Two files: /components/palette.php and /componenets/thispalette.php
are now obsolete, and should be deleted from your distribution.
Don't forget to add a line containing the word "Modified" in any file
that you customize on your site, to allow the Auto-Update module to
recognize it as a customized file!
The most recent entries from the Change Log appear below:
2005-11-12 19:01
----------------
Updated Feeder module for more consistent output
Updated RDFParser to handle more RSS 2.0/Atom syntactic elements
2005-11-12 11:34
----------------
Fixed table creation bug in List Archives module
Fixed double-parsing bug in parse_for_links that screwed up
URLs in plain text entries
Added ability to delete User photo
Fixed Javascript bug in stylesheet_edit that failed to
properly select module from popup menu
Fixed bug in Page Hits module when Oracle has two tables
Fixed security hole that allowed manually constructed POST
submissions to create posts with bogus author ID
Fixed bug in page links related to local/non-local
Show only "unavailable.gif" when media is deleted, to prevent
hijacking by direct link to media file
Media Gallery module can now upload thumbnails to remote server
Fixed bug that prevented deletion of media requiring approval
if posted by an anonymous user
Made titles clickable in Links module
When InfoDocs contain only one record, display immediately
rather than showing a one-item listing page
Fixed Javascript vulnerability when JS is passed instead of an ID
Added missing handler for make_otherpress in Comments module
Various fixes to stylesheet import code in Auto-Update module
Added optional parameter to make_link_args to insert current
timestamp to prevent page caching
Fixed Object undelete function to remove Objection entries
dt_cache_control() now properly parses If-Modified-Since
date formats and sets no-cache headers on Editorial pages
checkUser() function now sets default level to "User"
cleantext() augmented against hex and decimal encoded attacks
Cleaned up path-related vulnerabilities in cronmaster.php
/components/palette.php moved to root-level, restricted to Admins
Fixed accidental hard-coded link to dadaimc.org in cssmap.php
Minor CSS updates
2005-10-25 12:43
----------------
#!# It is HIGHLY RECOMMENDED THAT YOU UPDATE IN THE FOLLOWING
MANNER:
1) Remove any obsolete stylesheet records from your site
2) Use Auto-Update to update ONLY the files in /dt_classes/
and any files in /mods/autoupdate/
3) Auto-Update the rest of the site
Added Ajax interface for stylesheet editing. Sweet!
Reworked stylesheets to group by TITLE
Fixed XSS Vulnerability in pageheader
Fixed XSS Vulnerability in hackfiles
Fixed XSS Vulnerabilities in /admin/ section
Updated dt_cache_control for better handling of
IF_MODIFIED_SINCE requests
Added optional upload/serving of thumbnails when using
remote distribution
Fixed bug in comment options for make_otherpress()
Closed SQL revelation and JS vulnerabilities in debugging comments
Restructed cronmaster.php to prevent file vulnerabilities
2005-10-18 14:23
----------------
Added Ajax code to prevent arbitrary names from matching
registered user account names
Fixed problem with Polls allowing multiple votes from anonymous users
Set autostart=false for streaming audio/video to prevent multiple
files from streaming all at once
2005-10-11 18:11
----------------
Remove strtolower() in cleanphpself()
Tweaked default.css for Razorwire
Removed unwanted HTML comments from ArbitrarySidebar
Removed superfluous server name from dadaphp.log entries
2005-10-10 22:33
----------------
Added new debugging statistics logging to Error Logs page
Added per-feed count and sort_order fields to Feeder module
Patched XSS vulnerability in editor.inc and admin.inc related
to PHP_SELF variable and obscure ActiveX parameters
Put debugging info on index.php in toggleable hidden DIV
Fixed uncaching of newswire column on sites with subsites
Updated module stylesheets with mod-specific selectors
-------------------------------------------------------------
a.h.s. boy
support-AT-dadaimc.org
dadaIMC support
www.dadaimc.org/
-------------------------------------------------------------
-------------
To unsubscribe, send blank email
to dadaIMC-autoupdate-off-AT-lists.dadaimc.org
fixes, and various cosmetic improvements. Since this release contains
patches to close security holes, all .99 users are encouraged to
upgrade as soon as possible.
Highlights:
Better handling of Feeder updates and display
Added support for thumbnails in Remote Distribution (see Admin->Site
Prefs->Misc:Media Gallery->Distribute Thumbs)
Numerous obscure but vulnerable Javascript-related security holes
have been closed
Improved parse_for_links() code that turns URLs into clickable links
Improved cache-control headers
Minor tweaks to the new Stylesheet editor
Again, and in general, the best strategy for updates is to update any
files in /dt_classes/ and /mods/autoupdates/ by themselves, then
update the rest of the files in a separate step. This is because
changes in dt_classes and autoupdates can affect the functionality of
automatically-executed update.inc files in other modules.
Two files: /components/palette.php and /componenets/thispalette.php
are now obsolete, and should be deleted from your distribution.
Don't forget to add a line containing the word "Modified" in any file
that you customize on your site, to allow the Auto-Update module to
recognize it as a customized file!
The most recent entries from the Change Log appear below:
2005-11-12 19:01
----------------
Updated Feeder module for more consistent output
Updated RDFParser to handle more RSS 2.0/Atom syntactic elements
2005-11-12 11:34
----------------
Fixed table creation bug in List Archives module
Fixed double-parsing bug in parse_for_links that screwed up
URLs in plain text entries
Added ability to delete User photo
Fixed Javascript bug in stylesheet_edit that failed to
properly select module from popup menu
Fixed bug in Page Hits module when Oracle has two tables
Fixed security hole that allowed manually constructed POST
submissions to create posts with bogus author ID
Fixed bug in page links related to local/non-local
Show only "unavailable.gif" when media is deleted, to prevent
hijacking by direct link to media file
Media Gallery module can now upload thumbnails to remote server
Fixed bug that prevented deletion of media requiring approval
if posted by an anonymous user
Made titles clickable in Links module
When InfoDocs contain only one record, display immediately
rather than showing a one-item listing page
Fixed Javascript vulnerability when JS is passed instead of an ID
Added missing handler for make_otherpress in Comments module
Various fixes to stylesheet import code in Auto-Update module
Added optional parameter to make_link_args to insert current
timestamp to prevent page caching
Fixed Object undelete function to remove Objection entries
dt_cache_control() now properly parses If-Modified-Since
date formats and sets no-cache headers on Editorial pages
checkUser() function now sets default level to "User"
cleantext() augmented against hex and decimal encoded attacks
Cleaned up path-related vulnerabilities in cronmaster.php
/components/palette.php moved to root-level, restricted to Admins
Fixed accidental hard-coded link to dadaimc.org in cssmap.php
Minor CSS updates
2005-10-25 12:43
----------------
#!# It is HIGHLY RECOMMENDED THAT YOU UPDATE IN THE FOLLOWING
MANNER:
1) Remove any obsolete stylesheet records from your site
2) Use Auto-Update to update ONLY the files in /dt_classes/
and any files in /mods/autoupdate/
3) Auto-Update the rest of the site
Added Ajax interface for stylesheet editing. Sweet!
Reworked stylesheets to group by TITLE
Fixed XSS Vulnerability in pageheader
Fixed XSS Vulnerability in hackfiles
Fixed XSS Vulnerabilities in /admin/ section
Updated dt_cache_control for better handling of
IF_MODIFIED_SINCE requests
Added optional upload/serving of thumbnails when using
remote distribution
Fixed bug in comment options for make_otherpress()
Closed SQL revelation and JS vulnerabilities in debugging comments
Restructed cronmaster.php to prevent file vulnerabilities
2005-10-18 14:23
----------------
Added Ajax code to prevent arbitrary names from matching
registered user account names
Fixed problem with Polls allowing multiple votes from anonymous users
Set autostart=false for streaming audio/video to prevent multiple
files from streaming all at once
2005-10-11 18:11
----------------
Remove strtolower() in cleanphpself()
Tweaked default.css for Razorwire
Removed unwanted HTML comments from ArbitrarySidebar
Removed superfluous server name from dadaphp.log entries
2005-10-10 22:33
----------------
Added new debugging statistics logging to Error Logs page
Added per-feed count and sort_order fields to Feeder module
Patched XSS vulnerability in editor.inc and admin.inc related
to PHP_SELF variable and obscure ActiveX parameters
Put debugging info on index.php in toggleable hidden DIV
Fixed uncaching of newswire column on sites with subsites
Updated module stylesheets with mod-specific selectors
-------------------------------------------------------------
a.h.s. boy
support-AT-dadaimc.org
dadaIMC support
www.dadaimc.org/
-------------------------------------------------------------
-------------
To unsubscribe, send blank email
to dadaIMC-autoupdate-off-AT-lists.dadaimc.org
Report Bugs
dadaIMC uses the Mantis bug-tracking system for bug reporting. Please use it! And check for existing reports of your bug before submitting a new one.
CVS
The current CVS version of dadaIMC is now browseable online. Be forewarned, though, that it is not always in a useable state as-is!
Donations
Support development!