Close
dadaIMC Auto-Update Announce
[dadaIMC Auto-Update] New update 24-Nov-2005
2005-11-24 15:13
----------------
#!# Configuration files can now be stored outside of the
web root. This includes "dt_dbinfo.php" as well as the
[site]_config, [site]_mods, and [site]_mod_prefs files
Path to an APACHE-WRITEABLE directory must be manually
specified in /dt_classes/dt_master_include.inc. Be sure
to include a trailing slash!
#!# Moved MySQL backups to path specified in $g_logdir rather
than the /docs/ directory
#!# New "closeperms.sh" shell script included in /docs/
directory. Make this file executable, and it will make
permissions as strict as possible for normal operation.
You will have to make executable and run the "changeperms.sh"
script before using the Auto-Update module, and after
updating you can run "closeperms.sh" again
Fixed javascript vulnerability in log searching function
Fixed bugs in on_update handler; e.g. Media requiring approval
that wasn't properly deleting objects
2005-11-19 15:13
----------------
Updated and improved batch options in stylesheet editor
dadaphp.log and php-error.log are now searchable
Added mod_pref for Auto-Update allowing a list of
non-dadaIMC directories to ignore
Fix security hole that would allow a custom POST to create
a user with "Admin" level
Fixed a bug in cleantext() that added extra line breaks
2005-11-12 19:01
----------------
Updated Feeder module for more consistent output
Updated RDFParser to handle more RSS 2.0/Atom syntactic elements
2005-11-12 11:34
----------------
Fixed table creation bug in List Archives module
Fixed double-parsing bug in parse_for_links that screwed up
URLs in plain text entries
Added ability to delete User photo
Fixed Javascript bug in stylesheet_edit that failed to
properly select module from popup menu
Fixed bug in Page Hits module when Oracle has two tables
Fixed security hole that allowed manually constructed POST
submissions to create posts with bogus author ID
Fixed bug in page links related to local/non-local
Show only "unavailable.gif" when media is deleted, to prevent
hijacking by direct link to media file
Media Gallery module can now upload thumbnails to remote server
Fixed bug that prevented deletion of media requiring approval
if posted by an anonymous user
Made titles clickable in Links module
When InfoDocs contain only one record, display immediately
rather than showing a one-item listing page
Fixed Javascript vulnerability when JS is passed instead of an ID
Added missing handler for make_otherpress in Comments module
Various fixes to stylesheet import code in Auto-Update module
Added optional parameter to make_link_args to insert current
timestamp to prevent page caching
Fixed Object undelete function to remove Objection entries
dt_cache_control() now properly parses If-Modified-Since
date formats and sets no-cache headers on Editorial pages
checkUser() function now sets default level to "User"
cleantext() augmented against hex and decimal encoded attacks
Cleaned up path-related vulnerabilities in cronmaster.php
/components/palette.php moved to root-level, restricted to Admins
Fixed accidental hard-coded link to dadaimc.org in cssmap.php
Minor CSS updates
-------------------------------------------------------------
a.h.s. boy
support-AT-dadaimc.org
dadaIMC support
www.dadaimc.org/
-------------------------------------------------------------
-------------
To unsubscribe, send blank email
to dadaIMC-autoupdate-off-AT-lists.dadaimc.org
----------------
#!# Configuration files can now be stored outside of the
web root. This includes "dt_dbinfo.php" as well as the
[site]_config, [site]_mods, and [site]_mod_prefs files
Path to an APACHE-WRITEABLE directory must be manually
specified in /dt_classes/dt_master_include.inc. Be sure
to include a trailing slash!
#!# Moved MySQL backups to path specified in $g_logdir rather
than the /docs/ directory
#!# New "closeperms.sh" shell script included in /docs/
directory. Make this file executable, and it will make
permissions as strict as possible for normal operation.
You will have to make executable and run the "changeperms.sh"
script before using the Auto-Update module, and after
updating you can run "closeperms.sh" again
Fixed javascript vulnerability in log searching function
Fixed bugs in on_update handler; e.g. Media requiring approval
that wasn't properly deleting objects
2005-11-19 15:13
----------------
Updated and improved batch options in stylesheet editor
dadaphp.log and php-error.log are now searchable
Added mod_pref for Auto-Update allowing a list of
non-dadaIMC directories to ignore
Fix security hole that would allow a custom POST to create
a user with "Admin" level
Fixed a bug in cleantext() that added extra line breaks
2005-11-12 19:01
----------------
Updated Feeder module for more consistent output
Updated RDFParser to handle more RSS 2.0/Atom syntactic elements
2005-11-12 11:34
----------------
Fixed table creation bug in List Archives module
Fixed double-parsing bug in parse_for_links that screwed up
URLs in plain text entries
Added ability to delete User photo
Fixed Javascript bug in stylesheet_edit that failed to
properly select module from popup menu
Fixed bug in Page Hits module when Oracle has two tables
Fixed security hole that allowed manually constructed POST
submissions to create posts with bogus author ID
Fixed bug in page links related to local/non-local
Show only "unavailable.gif" when media is deleted, to prevent
hijacking by direct link to media file
Media Gallery module can now upload thumbnails to remote server
Fixed bug that prevented deletion of media requiring approval
if posted by an anonymous user
Made titles clickable in Links module
When InfoDocs contain only one record, display immediately
rather than showing a one-item listing page
Fixed Javascript vulnerability when JS is passed instead of an ID
Added missing handler for make_otherpress in Comments module
Various fixes to stylesheet import code in Auto-Update module
Added optional parameter to make_link_args to insert current
timestamp to prevent page caching
Fixed Object undelete function to remove Objection entries
dt_cache_control() now properly parses If-Modified-Since
date formats and sets no-cache headers on Editorial pages
checkUser() function now sets default level to "User"
cleantext() augmented against hex and decimal encoded attacks
Cleaned up path-related vulnerabilities in cronmaster.php
/components/palette.php moved to root-level, restricted to Admins
Fixed accidental hard-coded link to dadaimc.org in cssmap.php
Minor CSS updates
-------------------------------------------------------------
a.h.s. boy
support-AT-dadaimc.org
dadaIMC support
www.dadaimc.org/
-------------------------------------------------------------
-------------
To unsubscribe, send blank email
to dadaIMC-autoupdate-off-AT-lists.dadaimc.org
Report Bugs
dadaIMC uses the Mantis bug-tracking system for bug reporting. Please use it! And check for existing reports of your bug before submitting a new one.
CVS
The current CVS version of dadaIMC is now browseable online. Be forewarned, though, that it is not always in a useable state as-is!
Donations
Support development!