[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * @version $Id: CHANGELOG.php 10052 2008-02-21 16:04:13Z willebil $ 4 * @package Joomla 5 * @copyright Copyright (C) 2005 Open Source Matters. All rights reserved. 6 * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php 7 * Joomla! is free software. This version may have been modified pursuant 8 * to the GNU General Public License, and as distributed it includes or 9 * is derivative of works licensed under the GNU General Public License or 10 * other free or open source software licenses. 11 * See COPYRIGHT.php for copyright notices and details. 12 */ 13 14 // no direct access 15 defined( '_VALID_MOS' ) or die( 'Restricted access' ); 16 ?> 17 1. Copyright and disclaimer 18 --------------------------- 19 This application is opensource software released under the GPL. Please 20 see source code and the LICENSE file 21 22 23 2. Changelog 24 ------------ 25 This is a non-exhaustive (but still near complete) changelog for 26 Joomla! 1.0, including beta and release candidate versions. 27 Our thanks to all those people who've contributed bug reports and 28 code fixes. 29 30 31 3. Legend 32 --------- 33 * -> Security Fix 34 # -> Bug Fix 35 + -> Addition 36 ^ -> Change 37 - -> Removed 38 ! -> Note 39 40 41 --------------- 1.0.15 Stable Released -- [22-February-2008 23:00 UTC] --------------------- 42 43 06-Feb-2008 Andrew Eddie 44 * SECURITY [HIGH level]: Fixed remote file inclusion vulnerability 45 46 --------------- 1.0.14 Stable Released -- [11-February-2008 23:00 UTC] --------------------- 47 48 09-Feb-2008 Wilco Jansen 49 # Fixed [9249] Unable to delete mambots 50 # Fixed [6072] GPL url points to version "latest" (v3) instead of V2 in all files 51 # Fixed [9013] Missing $mainframe in popups 52 # Fixed [9413] Not authorized error in forced logout 53 # Fixed [9321] Menu Name at menu manager is missing 54 # Fixed [9250] Unable to uninstall Template and languages 55 ! Thanks Jens-Christian Skibakk for providing patches 56 57 07-Feb-2008 Andrew Eddie 58 # Fixed [#7276] mosMakePath sometimes leaves trailing / in the end of the path given to mkdir() 59 # Fixed [#8844] Unescaped special characters with database::getEscaped() 60 # Fixed [#7608] XSS attack with case sensitive flaw in input filter 61 # Fixed [#6122] mosGetParam numeric check bug 62 # Fixed [#6021] Backend full menu ACL corrections 63 # Fixed [#9197] Wrong variable name in admin.menus.php 64 # Fixed [#9198] Wrong variable name in admin.contact.php 65 66 --------------- 1.0.14 RC1 Released -- [13-January-2008 23:00 UTC] --------------------- 67 68 13-Jan-2008 Andrew Eddie 69 # Moved instantiation of frontend $my above login block 70 71 11-Jan-2008 Ian MacLennan 72 # Fixed bug in search where small words were not being filtered out properly 73 # Fixed problem in search with regex using too many resources (related to above) 74 # Fixed 1.0 version of [#8404] Incorrect highlighting of search terms (as a byproduct) 75 76 07-Jan-2008 Andrew Eddie 77 # Fixed where spoof values where same for anonymous and logged in users 78 + Added "preview" link in admin template (similar to what is in version 1.5) 79 80 04-Jan-2008 Andrew Eddie 81 * SECURITY [LOW level]: Fixed multiple typos in backend com_content making array integer check ineffective 82 * SECURITY: Fix XSS attack in search results pages 83 # Fixed bad &'s in wrapper.xml, mosimage.xml, mod_wrapper.xml and mospaging.xml 84 # Fixed minor bug in com_weblinks where link empty 85 # Fixed [#7650] Problem with if statement (?) in mod_related_items 86 # Fixed [#8381] too many argument in com_search page header parameter 87 # Fixed [#5318] mosPageNav::writePagesLinks adds trailing space to _PN_NEXT href 88 # Fixed [#8599] Invalid Redirect URL of content_item_link menu item 89 # Fixed [#7242] ACL: SQL errror when deleting user in joomla in backend (actually in mosUser::delete( $id ); ) 90 91 02-Jan-2008 Anthony Ferrara 92 # Fixed delete issue with com_media in backend spoof check 93 ^ added method param to josSpoofCheck to change checked variable 94 95 10-Aug-2007 Rob Schley 96 * SECURITY A4 [LOW Level]: XSS issue in com_search 97 # Fixed [topic,193707] Joomla! 1.0.13 Admin session dies for certain $task values 98 99 ---------------------------------------------------------------------------------------- 100 --------------- 1.0.13 Stable Released -- [21-July-2007 16:00 UTC] --------------------- 101 102 21-Jul-2007 Robin Muilwijk 103 ^ (version.php) preparation for release 104 105 106 18-Jul-2007 Rob Schley 107 # Fixed admin session problems with immediate logout after login. 108 # Fixed a few misc. bugs. 109 110 111 11-Jul-2007 Sam Moffatt 112 ^ Removed assumption that a group exists for a user (may not actually be true) 113 114 115 04-Jul-2007 Rob Schley 116 # Fixed a bug in the administrator login system that prevented users from logging in 117 118 119 02-Jul-2007 Rob Schley 120 * SECURITY A6 [LOW Level]: Fixed [#5630] HRS attack on variable "url" 121 * SECURITY A1 [LOW Level]: Fixed [#5654] Multiple fields subjected to cross-site scripting vulnerabilities 122 * SECURITY A7 [LOW Level]: Fixed possible session fixation vulnerability in administrator application 123 124 125 29-Jun-2007 Louis Landry 126 ^ Hardened password storage mechanism to use a random salt 127 ! Remember Me cookies will be invalid and require a re-login 128 129 130 20-May-2007 Rob Schley 131 # Fixed key reference lookups to match whole results only 132 # Fixed two help screen naming issues. 133 ^ Changed RG_EMULATION warning message to refer to Global Configuration Setting 134 135 136 17-May-2007 Rob Schley 137 ^ Moved register globals emulation controls into Global Configuration 138 139 140 15-May-2007 Rob Schley 141 # Fixed [topic,170296] : Typos in Search Mambot configurations 142 143 144 14-May-2007 Rob Schley 145 # Fixed [topic,153233] : "Mail to Friend" parameter checks not checking content item setings 146 # Fixed [topic,126371] : IE7 left align problem 147 # Fixed [topic,167745] : Added JavaScript alert for empty category title 148 149 150 28-Apr-2007 Rob Schley 151 ^ Changed cookie naming conventions to not break when using HTTPS 152 # Fixed [topic,156116] : Optimzed queries for menu creation to improve performance. 153 * SECURITY A4 [ LOW Level ]: XSS issue in com_search and com_content 154 * SECURITY A4 [ LOW Level ]: XSS vulnerability in mod_login 155 156 157 16-Apr-2007 Enno Klasing 158 # Re-enabled Itemid behaviour of 1.0.11 (optional, default is behaviour of 1.0.12) 159 160 ---------------------------------------------------------------------------------------- 161 --------------- 1.0.12 Stable Released -- [25-December-2006 01:00 UTC] ----------------- 162 163 24-Dec-2006 Rob Schley 164 # Fixed two hard coded alt tags 165 + Added new language constant _BANNER_ALT 166 ^ Preparations for Stable packaging 167 # Removed local help screen content and replaced it with links to the online versions 168 169 170 19-Dec-2006 Rob Schley 171 + Added 119 help screen files. 172 ^ Changed 20 help screen titles. 173 # Fixed several grammar problems throughtout the Joomla! core 174 175 176 18-Dec-2006 Enno Klasing 177 # Fixed [artf5166] : Server Time offset issue, while submitting news 178 # Fixed [artf6439] : https switchover 179 180 181 18-Dec-2006 Rob Schley 182 # Fixed bug in offline.php when using the database class without a working database connection. 183 # Fixed spelling and grammar mistakes in english.php as per suggestions. 184 185 186 15-Dec-2006 Enno Klasing 187 # Fixed sample data: removed (nonexistent) RSS feed from OSM 188 # Fixed redirect to installation directory: removed need for lowercase directory names 189 190 191 13-Dec-2006 Rob Schley 192 # Fixed spelling and grammar errors in com_menus 193 # Fixed changelog formatting. 194 195 196 13-Dec-2006 Enno Klasing 197 + Added security warning message to the installer component 198 # Fixed [artf6522] : Quotes in User Name breaks checkedOut overlib 199 * SECURITY A1 [ Medium Level ] : Removed unneeded legacy functions 200 201 202 12-Dec-2006 Enno Klasing 203 # Fixed bug in TinyMCE: help screen disabled 204 # Fixed IE7 display bug with mosTabs 205 # Fixed [artf7028] : Two bugs in TinyMCE 206 207 208 11-Dec-2006 Enno Klasing 209 # Fixed [artf7021] : Bug with com_messages and message titles including a single quote 210 211 212 10-Dec-2006 Rob Schley 213 # Fixed grammar problems in SQL data. 214 # Fixed grammar problem in com_config. 215 # Fixed usages of "Joomla!" missing the exclamation point. 216 217 218 10-Dec-2006 Enno Klasing 219 # Fixed [artf6762] : mos_section showing unexpected behavior 220 # Fixed IE7 display bug in the toolbar of the polls component 221 222 223 07-Dec-2006 Rob Schley 224 # Fixed [artf6863] : Changed the include file from template_css.css to offline.css to avoid conflicting styles 225 226 227 07-Dec-2006 Enno Klasing 228 # Fixed [artf6296] : josSpoofCheck does not check arrays and generates php warning 229 230 231 06-Dec-2006 Marko Schmuck 232 # Fixed [artf6884] : mosimage align=right causes problems in IE6 233 # Fixed [artf6779] : Link-URL containing character ] breaks 234 235 236 06-Dec-2006 Enno Klasing 237 # Fixed [artf6922] : Registration not working as expected (JavaScript popups) 238 239 240 06-Dec-2006 Mateusz Krzeszowiec 241 # Fixed [artf6832] : getItemid() function in joomla.php will not return correct $Itemid 242 # Fixed [artf6522] : Quotes in User Name breaks checkedOut overlib, continued 243 # Fixed [artf6786] : sef.php and multilingual config 244 245 246 05-Dec-2006 Rastin Mehr 247 # Fixed [artf6751] : Banner upload target directory bug 248 # Fixed [artf6522] : Quotes in User Name breaks checkedOut overlib, fixed similiar bugs from another report 249 250 251 02-Dec-2006 Sam Moffatt 252 # Fixed [artf6484] : com_registration bug (removed SQL error message) 253 254 255 01-Dec-2006 Enno Klasing 256 # Fixed [artf6903] : Anchors to Frontpage in SEF-URLs 257 # Fixed [artf6901] : LIMIT in MySQL queries 258 # Fixed [artf6844] : Javascript escape bug for poll.php 259 # Fixed [artf5788] : Frontpage content item category links enable section links 260 261 262 30-Nov-2006 Rastin Mehr 263 # Fixed [artf6577] : Registration name, username & email cleanups: spaces not allowed 264 265 266 30-Nov-2006 Emir Sakic 267 # Fixed [artf6841] : Submit Contact Form doesn't work with deactivated cookies 268 # Fixed [artf6846] : Error with new document - without categories 269 270 271 30-Nov-2006 Mateusz Krzeszowiec 272 # Fixed [artf6786] : sef.php and multilingual config 273 274 275 30-Nov-2006 Marko Schmuck 276 # Fixed [artf6921] : [patch] fixing a bug on modules/mod_archive.php 277 # Fixed [artf6876] : Orphan user information in phpGACL tables after user was deleted 278 279 280 29-Nov-2006 Mateusz Krzeszowiec 281 # Fixed [artf6749] : bot mosloadposition stippes $ 282 # Fixed [artf1527] : "open_basedir restriction" warning 283 284 285 28-Nov-2006 Enno Klasing 286 # Fixed [artf6766] : Login form; you are not authorized... 287 # Fixed [artf6765] : Login form problem 288 # Fixed [artf6567] : Change error message for cookie test failure 289 290 291 27-Nov-2006 Enno Klasing 292 # Fixed [artf6860] : Admin Login and PHP's session.auto_start 293 294 295 27-Nov-2006 Emir Sakic 296 # Fixed [artf6865] : Relocate <script> element below <title> and <meta> elements for XHTML compliance 297 # Fixed [artf6863] : Extra CSS include for styling offline.php 298 # Fixed [artf6858] : Encoding/Template issues on backend 299 # Fixed [artf6859] : Bug in com_content security check for new content 300 301 302 25-Nov-2006 Rastin Mehr 303 # Fixed [artf6439] : https switchover not working (as did in mambo 4.5.2 and early joomla) 304 305 306 21-Nov-2006 Emir Sakic 307 # Fixed [artf6847] : XHTML syntax incompliance 308 # Fixed [artf6833] : Javascript alert messages on IE display without proper encoding in Internet Explorer 309 310 311 21-Nov-2006 Marko Schmuck 312 # Fixed [artf6828] : Poorly formed HTML in admin.contact.html.php 313 314 315 21-Nov-2006 Andrew Eddie 316 # Added 3 new language constants for systems errors (namely database issues) 317 318 319 20-Nov-2006 Marko Schmuck 320 # Fixed [artf6673] : Untranslated submit button, content component 321 322 323 20-Nov-2006 Enno Klasing 324 # Fixed [artf6816] : Hit counter not correct if caching is enabled 325 # Fixed [artf6753] : add banner client ID in admin view 326 327 328 19-Nov-2006 Enno Klasing 329 # Fixed [artf6764] : IE7 Table Alignment Bug 330 331 332 15-Nov-2006 Marko Schmuck 333 # Fixed [artf6763] : Joomla.php - build the multiple select list 334 # Fixed [artf6752] : mms:// not resolving in menus 335 336 337 15-Nov-2006 Enno Klasing 338 # Fixed [artf6613] : User rating, second rating, incorrect message 339 340 341 15-Nov-2006 Mateusz Krzeszowiec 342 # Fixed [artf5926] : Few other Itemid issues solved 343 344 345 14-Nov-2006 Marko Schmuck 346 # Fixed : css file handling in content backend preview 347 348 349 13-Nov-2006 Enno Klasing 350 # Fixed [artf5924] : JavaScript and HTML-Error in mod_wrapper 351 352 353 12-Nov-2006 Alex Kempkens 354 # Fixed [artf6713] : double title in the pathway 355 356 357 12-Nov-2006 Mateusz Krzeszowiec 358 # Fixed [artf6611] : Admin, copy section issues 359 360 361 11-Nov-2006 Enno Klasing 362 # Fixed [artf6720] : Wrong markup on com_media 363 364 365 10-Nov-2006 Emir Sakic 366 # Fixed [artf6709] : Media Manager Error for uploading a file, without select anything 367 368 369 09-Nov-2006 Enno Klasing 370 # Fixed [artf6058] : Apostrophes not stripslashed in Category names 371 372 373 09-Nov-2006 Emir Sakic 374 # Fixed [artf6175] : Javascript - Error in function previewImage() 375 376 377 08-Nov-2006 Rey Gigataras 378 # Fixed [artf6689] : TinyMCE updated to 2.0.8 379 # Fixed [artf6689] : TinyMCE GZip compressors updated to 1.0.9 380 381 382 08-Nov-2006 Enno Klasing 383 # Fixed [artf6528] : Wrong markup in two admin modules 384 # Fixed [artf6350] : overDiv not created in proper place 385 386 387 03-Nov-2006 Alex Kempkens 388 # Fixed [artf6415] : Tooltip or function is not correct in Global Configuration 389 # Fixed [artf6650] : Flyover help not translated in com_content 390 391 392 03-Nov-2006 Mateusz Krzeszowiec 393 # Fixed [artf6542] : Quotes in User Name lost when editing 394 # Fixed [artf6522] : Quotes in User Name breaks checkedOut overlib 395 396 397 03-Nov-2006 Enno Klasing 398 # Fixed [artf6589] : Missing index.html files 399 # Fixed [artf6500] : media manager too easily classifies a file as a mediafile 400 401 402 02-Nov-2006 Samuel Moffatt 403 # Fixed [artf6484] : com_registration bug 404 405 406 01-Nov-2006 Emir Sakic 407 ^ Changed new version and forum security links to universal ones with redirects on joomla.org 408 # Fixed [artf6131] : UNC support in Joomla 409 # Fixed wrong align of drop-down lists in admin content item manager 410 411 412 30-Oct-2006 Mateusz Krzeszowiec 413 # Fixed [artf6132] : Admin Session not completely emptied on logout, also removed some code (doublecheck) in administrator/logout.php continued 414 415 416 29-Oct-2006 Mateusz Krzeszowiec 417 # Fixed [artf6132] : Admin Session not completely emptied on logout, also removed some code (doublecheck) in administrator/logout.php 418 # Fixed templates/madeyourweb/images/indent1.png and indent2.png file size 419 # Fixed [artf6160] : Admin, copy category issues, changed message after copy 420 # Fixed : Admin, move category issues, changed message after move 421 # Fixed [artf6581] : #__poll_data install SQL incorrect 422 423 424 26-Oct-2006 Emir Sakic 425 ^ Removed version check - [artf6486] : Remove "Your Joomla! Installation is ... days old" messages 426 427 428 22-Oct-2006 Mateusz Krzeszowiec 429 # Fixed [artf6441] : Incorrect spelling Poll 430 # Fixed [artf6160] : Admin, copy category issues 431 # Fixed : Admin, move category issues 432 # Fixed : Small security issue in com_categories - no input validation 433 434 435 21-Oct-2006 Enno Klasing 436 # Fixed [artf6253] : Content Blog Section, several notices 437 # Fixed [artf6440] : Menu name htmlentitized when toggling published/unpublished 438 439 440 19-Oct-2006 Enno Klasing 441 # Fixed [artf6470] : pageNavigation/php - minor bug/improvement 442 # Fixed [artf5890] : Content item count incorrect (public/registered) 443 444 445 18-Oct-2006 Marko Schmuck 446 # Fixed [artf5229] : database.php: loadRowList($key) not working as expected 447 448 449 16-Oct-2006 Alex Kempkens 450 ^ little query issue for multilingual support (frontpage/search bot) 451 452 453 15-Oct-2006 Enno Klasing 454 # Fixed [artf6430] : htaccess tweak 455 456 457 15-Oct-2006 Emir Sakic 458 # Fixed [artf5760] : 'more' functionality in blogs showing links even though they shouldn't 459 # Fixed [artf6058] : Apostrophes not stripslashed in Category names 460 461 462 11-Oct-2006 Emir Sakic 463 # Fixed [artf6141] : check all in com_trash for menu items 464 465 466 10-Oct-2006 Emir Sakic 467 ^ Refactored admin trash manager to be consistent with other managers 468 # Fixed [artf6141] : com_trash administrative component navigation problem 469 470 471 04-Oct-2006 Sam Moffatt 472 # Fixed [artf5955] : get_group_parents() with default $recurse parameter 473 # Fixed [artf6181] : Search: Itemid in com_search also gets wrong Itemid's 474 # Fixed [artf6172] : (FRONTEND)mosPageNavigation::writeLeafsCounter doesn't diplay correct page numbers 475 # Fixed [artf6169] : showCategories produces non w3c valid list 476 477 478 03-Oct-2006 Mateusz Krzeszowiec 479 # Fixed [artf5926] : Incorrect determination of Itemid for content items links in Blog - Content Section, look in tracker for details 480 481 482 01-Oct-2006 Mateusz Krzeszowiec 483 # Fixed [artf6074] : Joomla! using trashed menu item permission level in some cases 484 # Fixed [artf6084] : com_content division by zero warning 485 # Fixed [artf6153] : Invalid constant in field description 486 487 488 23-Sep-2006 Mateusz Krzeszowiec 489 # Fixed [artf6004] : Search results include several hits for the same document 490 # Fixed [artf6041] : username when sending PM instead of name 491 # Fixed [artf5989] : not optimal mosMakePassword() 492 493 494 22-Sep-2006 Enno Klasing 495 # Fixed [artf5983] : Undefined variables in com_content 496 # Fixed [artf5985] : Missing htmlspecialchars for module title 497 # Fixed [artf5934] : Mail sent via "Email a friend" has bad link 498 # Fixed [artf6011] : HTML entities appearing in plain-text emails from com_content 499 # Fixed [artf5986] : mosMail and empty sender information 500 # Fixed [artf6075] : "CheckIn My Items" checks in all Items 501 502 503 22-Sep-2006 Marko Schmuck 504 # Fixed [artf5507] : "&" character in Global Site Meta Description field results in "&amp;" 505 # Fixed [artf5788] : Frontpage content item category links enable section links, and section links generate '&' and not '&' in their html 506 507 508 20-Sep-2006 Emir Sakic 509 # Fixed [artf5202] : administrator typed content search pagination problem 510 # Fixed [artf5908] : Menu Item in Pathway not linked when custom pathway appended 511 512 513 18-Sep-2006 Mateusz Krzeszowiec 514 # Fixed [artf5848] : Poll component not displaying info, XML file moved to proper directory 515 516 517 18-Sep-2006 Sam Moffatt 518 # Fixed [artf5887] : mosMakePath mkdir with trailing slash not working (when using hardened PHP) 519 520 521 17-Sep-2006 Enno Klasing 522 # Full scale audit of all database queries 523 # Altered mosArrayToInts to allow arrays with non-numeric indexes 524 # Added check to com_categories if requested table exists 525 # Fixed [artf5961] : mosMessage::send() uses noninitialized variables 526 527 528 14-Sep-2006 Marko Schmuck 529 # Fixed [artf5481] : Parameter values not made HTML safe in editing form input control 530 # Fixed [artf5906] : "New" icon missing in sections with categories but no content 531 # Fixed [artf5166] : Server Time offset issue, while submitting news 532 533 534 14-Sep-2006 Sam Moffatt 535 # Fixed [artf5476] : Template media import broken. Cannot import media files. 536 537 538 12-Sep-2006 Sam Moffatt 539 # Fixed [artf5866] : com_content uses corrupted global $id for page navigation 540 # Fixed [artf5719] : header_version.png right top 541 542 543 10-Sep-2006 Marko Schmuck 544 # Fixed [artf5761] : single quote in sitename formats incorrectly with massmail 545 # Fixed [artf5249] : Image align="center" command is Invalid - Should be align="middle" 546 547 548 09-Sep-2006 Marko Schmuck 549 # Fixed [artf5753] : ampersand in action URL of showArchiveCategory form should be an entity 550 # Fixed [artf5493][topic,81903] : Search error in PHP5 arraymerge - search for static content without a menulink 551 552 553 06-Sep-2006 Marko Schmuck 554 # Fixed [artf5367] : Better mysql statement in content.searchbot.php 555 # Fixed [artf5141] : image attribute name="image" breaks xhtml compliance when output multiple times 556 # Fixed [artf5811] : Search component generates invalid html 557 558 559 06-Sep-2006 Andrew Eddie 560 # Fixed [artf5799] : mysql_real_escape_string called incorrectly in database.php 561 # Fixed [artf5581] : canDelete method doesn't work 562 563 564 31-August-2006 Mateusz Krzeszowiec 565 # Fixed [artf5780] : lack of 'new' task in allowed tasks check 566 # Fixed [artf5779] : lack of 'com_typedcontent' option in allowed options check 567 568 569 31-August-2006 Marko Schmuck 570 # Fixed [artf5770] : $query variable not defined in functions in gacl.api.class.php 571 # Fixed [artf3978] : mosBindArrayToObject ignore bug 572 # Fixed [artf5169] : mosDBTable::publish hard coded key again 573 # Fixed [artf5280] : SEF drops anchors 574 # Fixed [topic,90725] : incorrect timezone values in config_offset_user dropdown 575 # Fixed [artf5766] : Bannerupload failt 576 # Fixed [artf5727] : mosTabs parent div class name error 577 # Fixed [artf5432] : slashes not stripped in WebLinks 578 # Fixed [artf5215][artf5412] : Successfully Saved Item: {title} ... slashes not stripped from title 579 580 581 ---------------------------------------------------------------------------------------- 582 ---------------- 1.0.11 Stable Released -- [28-August-2006 20:00 UTC] ------------------ 583 584 585 This Release Contains the following 26 Security Fixes 586 587 Joomla! utilizes the Open Web Application Security Project (OWASP) Top Ten Project to categorize security vunerabilities found within Joomla! 588 http://www.owasp.org/index.php/OWASP_Top_Ten_Project 589 590 --- - - - - - - - - --- 591 592 04 HIGH Level Threats fixed 593 594 A1 Unvalidated Input 595 * Secured mosMail() against unvalidated input 596 * Secured JosIsValidEmail() - in previous versions the existance of an email address somewhere in the string was sufficient 597 598 A6 Injection Flaws 599 * Fixed remote execution issue in PEAR.php 600 * Fixed Zend Hash Del Key Or Index Vulnerability 601 602 --- - - - - - - - - --- 603 604 04 MEDIUM Level Threats fixed 605 606 A1 Unvalidated Input 607 * globals.php not included in administrator/index.php 608 609 A2 Broken Access Control 610 * Added Missing defined( '_VALID_MOS' ) checks 611 * Limit Admin `Upload Image` from uploading below `/images/stories/` directory 612 * Fixed do_pdf command bypassing the user authentication 613 614 --- - - - - - - - - --- 615 616 18 LOW Level Threats fixed 617 618 A1 Unvalidated Input 619 * Hardened Admin `User Manager` 620 * Hardened poll module 621 * Fixed josSpoofValue function to ensure the hash is a string 622 623 A2 Broken Access Control 624 * Secured com_content to not allow the tasks 'emailform' and 'emailsend' if $mosConfig_hideEmail is set 625 * Fixed emailform com_content task bypassing the user authentication 626 * Limit access to Admin `Popups` functionality 627 628 A4 Cross Site Scripting 629 * Fixed XSS injection issue in Admin `Module Manager` 630 * Fixed XSS injection issue in Admin `Help` 631 * Fixed XSS injection issue in Search 632 633 A6 Injection Flaws 634 * Harden loading of globals.php by using require() instead of include_once(); 635 * Block potential misuse of $option variable 636 * Block against injection issue in Admin `Upload Image` 637 * Secured against possible injection attacks on ->load() 638 * Secured against injection attack on content submissions where frontpage is selected 639 * Secured against possible injection attack thru mosPageNav constructor 640 * Secured against possible injection attack thru saveOrder functions 641 * Add exploit blocking rules to htaccess 642 * Harden ACL from possible injection attacks 643 644 645 -- -- -- -- -- ---- -- ---- -- ---- -- ---- -- ---- -- ---- -- ---- -- ---- -- ---- -- ---- -- -- 646 647 648 28-Aug-2006 Rey Gigataras 649 # SECURITY A6 [ LOW Level ]: Block potential misuse of $option variable 650 651 652 28-Aug-2006 Andrew Eddie 653 # SECURITY A6 [ LOW Level ]: Harden ACL from possible injection attacks 654 655 656 24-Aug-2006 Rey Gigataras 657 # SECURITY A6 [ LOW Level ]: Add exploit blocking rules to htaccess 658 # SECURITY A6 [ LOW Level ]: Harden loading of globals.php by using require() instead of include_once(); 659 660 + Installation Security Warning check 661 + Admin & Installation Version age warning 662 663 664 23-Aug-2006 Rey Gigataras 665 # SECURITY A2 [ MEDIUM Level ]: Missing defined( '_VALID_MOS' ) checks 666 667 + Admin Security Warning check 668 669 670 21-Aug-2006 Rey Gigataras 671 # SECURITY A1 [ LOW Level ]: Hardened Admin `User Manager` 672 673 674 19-Aug-2006 Rey Gigataras 675 # SECURITY A2 [ MEDIUM Level ]: Limit Admin `Upload Image` from uploading below `/images/stories/` directory 676 # SECURITY A2 [ LOW Level ]: Limit access to Admin `Popups` functionality 677 # SECURITY A4 [ LOW Level ]: [topic,73761] : XSS injection issue in Admin `Module Manager` 678 # SECURITY A4 [ LOW Level ]: [topic,73761] : XSS injection issue in Admin `Help` 679 # SECURITY A4 [ LOW Level ]: [topic,73761] : XSS injection issue in Search 680 # SECURITY A6 [ LOW Level ]: [topic,73761] : Block against injection issue in Admin `Upload Image` 681 682 683 19-Aug-2006 Enno Klasing 684 # SECURITY A1 [ HIGH Level ]: Secured mosMail() against unvalidated input 685 # SECURITY A1 [ HIGH Level ]: Secured JosIsValidEmail() - in previous versions the existance of an email address somewhere in the string was sufficient 686 # SECURITY A2 [ LOW Level ]: Secured com_content to not allow the tasks 'emailform' and 'emailsend' if $mosConfig_hideEmail is set 687 688 # Fixed : Empty subject in com_content mail2friend no longer possible 689 # Fixed : Show error message if com_content mail2friend fails 690 # Fixed : Show error message if com_contact mail fails 691 ^ Moved all instances of is_email() amalgamated into JosIsValidEmail in /includes/joomla.php 692 693 694 18-Aug-2006 Rey Gigataras 695 # SECURITY A1 [ MEDIUM Level ]: globals.php not included in administrator/index.php 696 # SECURITY A2 [ MEDIUM Level ]: do_pdf command bypasses the user authentication 697 # SECURITY A2 [ LOW Level ]: emailform com_content task bypasses the user authentication 698 # SECURITY A1 [ LOW Level ]: harden poll module 699 700 # Fixed [topic,72209] : Mambots fired on Modules 701 + enable selective disabling of `Email Cloaking` bot via {emailcloak=off} 702 703 704 17-Aug-2006 Rey Gigataras 705 + PERFORMANCE : Cache handling expanded to com_content showItem 706 # Fixed [artf5266] : Blog-view shows "more..." even without intros 707 # Fixed [topic,81673] : frontend.php itemid issue 708 709 710 17-Aug-2006 Mateusz Krzeszowiec 711 # Fixed logging query before applying LIMIT 712 713 714 15-Aug-2006 Marko Schmuck 715 # SECURITY A6 [ LOW Level ]: possible injection attacks on ->load() 716 717 718 15-Aug-2006 Andrew Eddie 719 # SECURITY A6 [ HIGH Level ]: remote execution issue in PEAR.php 720 721 722 15-Aug-2006 Mateusz Krzeszowiec 723 # PERFORMANCE [topic,83325] : SQL LIMIT in com_content frontend 724 725 726 14-Aug-2006 Andrew Eddie 727 # SECURITY A6 [ LOW Level ]: Injection attack on content submissions where frontpage is selected 728 # SECURITY A6 [ LOW Level ]: possible injection attack thru mosPageNav constructor 729 # SECURITY A6 [ LOW Level ]: possible injection attack thru saveOrder functions 730 731 732 07-Aug-2006 Andrew Eddie 733 # SECURITY A6 [ HIGH Level ]: Zend Hash Del Key Or Index Vulnerability 734 # SECURITY A1 [ LOW Level ]: josSpoofValue function to ensure the hash is a string 735 736 737 28-July-2006 Robin Muilwijk 738 # Fixed [artf5291] : missing onChange javascript code for filter field 739 740 741 27-July-2006 Robin Muilwijk 742 # SECURITY A2 [ MEDIUM Level ]: [artf5335] : missing direct access line 743 744 # Fixed [artf5282] : missing table row tag and self closing tag 745 # Fixed [artf5297] : small html errors 746 747 748 17-July-2006 Robin Muilwijk 749 # Fixed [artf5157] : typo in media manager 750 # Fixed [artf5218] : duplicate entry of artf5157, typo in media manager 751 752 753 03-July-2006 Rey Gigataras 754 # Fixed [artf5181] : 5 step for unrecoverable admin-page crash. 755 # Fixed [artf5123] : Wrong name of function in joomla.cache.php 756 # Fixed [artf5126] : includes/database.php uses deprecated function 757 # Fixed [artf5171] : mosGetParam Default value issue 758 # Fixed [artf5112] : A mere mistake in the file contact.html.php 759 760 761 -------------------------------------------------------------------------------------- 762 ---------------- 1.0.10 Stable Released -- [26-June-2006 00:00 UTC] ------------------ 763 764 765 This Release Contains following Security Fixes 766 767 Joomla! utilizes the Open Web Application Security Project (OWASP) web application security system to categorize security vunerabilities found within Joomla! 768 http://www.owasp.org/index.php/OWASP_Top_Ten_Project 769 770 771 03 HIGH Level Threats fixed in 1.0.10 772 773 A1 Unvalidated Input 774 * A1 - Secured `Remember Me` functionality against SQL injection attacks 775 * A1 - Secured `Related Items` module against SQL injection attacks 776 * A1 - Secured `Weblinks` submission against SQL injection attacks 777 778 779 01 MEDIUM Level Threats fixed in 1.0.10 780 781 A4 Cross Site Scripting 782 * A4 - Secured SEF from XSS vulnerability 783 784 785 05 LOW Level Threats fixed in 1.0.10 786 787 A1 Unvalidated Input 788 * A1 - Hardened frontend submission forms against spoofing 789 * A1 - Secured mosmsg from misuse 790 * A1 - Hardened mosgetparam by setting variable type to integer if default value is detected as numeric 791 792 A4 Cross Site Scripting 793 * A4 - Secured com_messages from XSS vulnerability 794 * A4 - Secured getUserStateFromRequest() from XSS vulnerability 795 796 -- -- -- -- -- ---- -- ---- -- ---- -- ---- -- ---- -- ---- -- ---- -- ---- -- ---- -- ---- -- -- 797 798 799 25-June-2006 Rey Gigataras 800 # SECURITY A1 [ Low Level ]: mosgetparam sets variable type to integer if default value is detected as numeric 801 802 # Fixed [artf5091] : Missing closing "}" in one of PatFactory templates 803 # Fixed [topic,71858] : Content Archive issue when caching on 804 # Fixed [topic,71859] : Unable to login frontend 805 # Fixed [topic,67902] : SEF.php breaking community builder homepages 806 807 808 23-June-2006 Rey Gigataras 809 # SECURITY A1 [ Low Level ]: mosmsg hardened 810 811 # Fixed [artf5059] : Blog ordering, items by - most hits 812 # Fixed [artf4969] : Missing Itemid in readmore with multi category blog 813 # Fixed [artf5083] : Problem with Description/Description Image parameters of "List - Content Section" 814 # Fixed [topic,67719] : Email Cloaking Ads extra space after cloaked address 815 # Fixed [topic,66966] : E-mailing Cloaking Issue 816 # Fixed [topic,67141] : pathway empty when showing poll results 817 # Fixed [topic,67068] : Caching of Custom Heads still not working (not a full fix) 818 819 820 21-June-2006 Alex Kempkens 821 # Fixed [artf5051] : Making cache aware of different languages 822 ! Be aware that it is now important to include all parameters, even optional once, in the cached calls. 823 824 825 21-June-2006 David Gal 826 # Fixed [topic,66858] : Can't set language 827 828 829 21-June-2006 Rey Gigataras 830 # SECURITY A4 [ Medium Level ]: XSS vulerability when using SEF 831 # SECURITY A4 [ Low Level ]: XSS vulerability in com_messages 832 # SECURITY A4 [ Low Level ]: XSS vulerability in getUserStateFromRequest() 833 834 # Fixed [artf4976] : htaccess file instructions confusing users 835 # Fixed [artf4917] : PHP getenv function fails in ISAPI mode 836 # Fixed [topic,69083] : mambots not being applied to `User` Module content 837 # Fixed [topic,69894] : Filter doesn't work when cache on 838 839 840 20-June-2006 Rey Gigataras 841 # Fixed [artf5025] : Category Titles with an Apostraphe leave a leading slash 842 # Fixed [artf4927] : blocked user receives wrong error message 843 # Fixed [topic,70612] : Very small text error in file sample_data.sql 844 # Fixed [topic,69871] : mossef notice 845 # Fixed [topic,68031] : Problems with banner.php 846 # Fixed [topic,67826] : content.html weblinks.html display issues in Opera 847 # Fixed [topic,67594] : Extra space in content.html.php 848 # Fixed [topic,67016] : ATOM 0.3 Always enable even I disable ATOM 0.3 in Administrator Panel 849 850 851 19-June-2006 Rey Gigataras 852 # SECURITY A1 [ High Level ]: `Remember Me` functionality SQL injection vulnerability 853 # SECURITY A1 [ High Level ]: `Related Items` module SQL injection vulnerability 854 # SECURITY A1 [ High Level ]: `weblinks` submission SQL injection vulnerability 855 # SECURITY A1 [ Low Level ]: frontend submission forms hardened against spoofing 856 857 # Fixed [artf5031] : Frontend Editing of Content Changes Start Publishing Time 858 # Fixed [artf4951] : author submitting content gets error message 859 # Fixed [artf5028] : Page navigation incorrect on pages viewed through archive module 860 861 862 16-June-2006 Rey Gigataras 863 # Fixed [artf5006] : Contact-item print button 864 # Fixed [artf4925] : alt="" not always output 1.0.9 865 # Fixed [artf4921] : anchor links break 866 # Fixed [artf4888] : too many columns in table layout of params 867 # Fixed [topic,66859] : Table views of content category in backend 868 # Fixed [topic,68201] : Permissions check page missing /mambots/system/ 869 # Fixed [topic,67115] : Error warning frontend.php 870 # Fixed [topic,67144] : Check for status of SEF in mossef incorrectly commented out 871 # Fixed [topic,67279] : Voting/Rating not working when disabled globally, but enabled locally for selected items 872 873 # PERFORMANCE [topic,63468] : mod_fullmenu unnecessary count of archived items in section query 874 875 876 12-June-2006 Rey Gigataras 877 # Fixed [artf4913] : Poll Module breaks "Add Article" 878 # Fixed [artf4929] : Finish date not shown 879 # Fixed [artf4881] : Extra space in English email text string 880 # Fixed [topic,68467] : If 2 polls published - voiting on second poll not work 881 882 883 10-June-2006 Robin Muilwijk 884 # Fixed [topic,68168] : Typo /administrator/components/com_content/admin.content.html.php - line 478 885 # Fixed [topic,68168] : Typo /administrator/components/com_typedcontent/admin.typedcontent.html.php - line 266 886 887 888 -------------------------------------------------------------------------------------- 889 ---------------- 1.0.9 Stable Released -- [05-June-2006 16:00 UTC] ------------------ 890 891 892 This Release Contains following Security Fixes 893 894 Joomla! utilizes the Open Web Application Security Project (OWASP) web application security system to categorize security vunerabilities found within Joomla! 895 http://www.owasp.org/index.php/OWASP_Top_Ten_Project 896 897 898 12 Low Level Threats fixed in 1.0.9 899 900 A1 Unvalidated Input 901 * A1 - Harden mosmsg 902 * A1 - Hardening of backend `User Manager` to stop 'Adminstrators' from being able to create 'Super Administrator' users 903 904 A2 Broken Access Control 905 * A2 - Breadcrumbs title visibility even when access restricted 906 * A2 - 'Edit Your Details' page now needs a published menu item to be accessible 907 * A2 - 'Check-In My Items' page now needs a published menu item to be accessible 908 * A2 - 'Submit News' page now needs a published menu item to be accessible 909 * A2 - 'Submit Weblink' page now needs a published menu item to be accessible 910 * A2 - Add ability to selectively disable certain types of syndicated feeds 911 * A2 - Ensure module caching does not inadvertently make special level modules visible to registered users 912 * A2 - Add ability to totally disable access to frontend login page 913 * A2 - Add ability to disable frontend user params 914 915 A3 - Broken Authentication and Session Management 916 * A3 - Changes to access level of user account will kill any active session for that user 917 918 -- -- -- -- -- ---- -- ---- -- ---- -- ---- -- ---- -- ---- -- ---- -- ---- -- ---- -- ---- -- -- 919 920 921 04-June-2006 Rey Gigataras 922 # Fixed [artf4878] : inlegal dates in mysqll tables 923 # Fixed : missing content cache clearing calls 924 925 926 03-June-2006 Rey Gigataras 927 # Fixed [artf4864] : /includes/frontend.php 928 # Fixed [topic,66138] : Invailid Session at Admin login 929 # Fixed [topic,66044] : Installation checks 930 # Fixed [topic,66276] : admin password ="0" 931 # Fixed : No ability to set Cache time for Syndication modules 932 # Fixed : `Remember Expired Admin page` functionality changed from 600 seconds to half the `Admin Session Lifetime` value 933 # Fixed : Admin session purge (to limit only one active session per account) deleting frontend logged in session 934 935 936 03-June-2006 Robin Muilwijk 937 # Fixed [topic,66360] : Fatal error com_contact/contact.php 938 939 940 01-June-2006 Rey Gigataras 941 # Fixed : New Global Config params (added in 1.0.9) not created on clean install 942 943 944 31-May-2006 Rey Gigataras 945 # SECURITY A2 [ Low Level ]: New `Global Config` param to allow disabling of Frontend Login 946 # SECURITY A2 [ Low Level ]: New `Global Config` param to allow disabling of Frontend User params 947 948 # Fixed [artf4844] : initial setup failure on IIS when installed in subdirectory 949 # Fixed [topic,65009] : "Email to Friend" Can Send Unusable URLs 950 # Fixed [topic,65604] : Notices when adding static content 951 # Fixed [topic,65485] : Bug with menu item selector 952 # Fixed : DB error when attempting a checkin action after cancelling from creating a New item 953 954 955 30-May-2006 Rey Gigataras 956 # Fixed [topic,65381] : Override Created Date 957 # Fixed [artf4830] : top menu items reversed in madeyourweb template 958 959 960 29-May-2006 Rey Gigataras 961 # SECURITY A2 [ Low Level ]: [artf4752] : caching makes modules assigned to special user visible to registered users 962 963 # Fixed [artf4812] : In footer.php (C) should be © 964 # Fixed [artf4806] : typo in mambots/search/contacts.searchbot.php causes sef errors 965 # Fixed [artf4752] : patTemplate strip comments problems 966 # Fixed [artf4752] : rss.php unnecessary logic code check 967 # Fixed [topic,64994] : problem with related items 968 # Fixed [topic,64046] : adding new content Frontend fails with Authorization Error 969 970 971 27-May-2006 Rey Gigataras 972 # Fixed [topic,64308] : cache and content items on frontpage 973 # Fixed [topic,63824] : Notice on com_contact 974 # Fixed [artf4801] : inputFilter::filterTags prints unexpected text 975 976 977 23-May-2006 Rey Gigataras 978 # Fixed [topic,63674] : MySQL 5 strict mode in Admin Backend 979 980 981 22-May-2006 Rey Gigataras 982 # PERFORMANCE [topic,63468] : slow auto-login because of new MD5 calculations on whole users DB 983 984 # Fixed [topic,63446] : Category and Section 985 986 987 21-May-2006 Rey Gigataras 988 # Fixed [artf4714] : Can't add Menu Item :: Link - Static Content 989 # Fixed : "Unique Itemid" handling for `Link - Content Item` 990 # Fixed : Add "Unique Itemid" handling for `Link - Static Content` 991 # Fixed [artf4714] : Can't add Menu Item :: Link - Static Content 992 # Fixed [topic,62056] : Copyright date 993 994 995 20-May-2006 Rey Gigataras 996 # Fixed [artf4733] : Module Manager reorder via save button broken 997 # Fixed [artf4736] : Quotation marks in Site Name 998 # Fixed [topic,63257] : Notice when creating new category 999 1000 1001 18-May-2006 Rey Gigataras 1002 # Fixed [artf4700] : pathway ampReplaces item name twice 1003 # Fixed [artf4712] : 'type' of $mosConfig_error_reporting does not match code 1004 1005 + Remember Expired Admin page functionality 1006 1007 1008 17-May-2006 Rey Gigataras 1009 # Fixed [artf4673] : setlocale 1010 # Fixed [artf4685] : unhandled fragment identifier with core SEF enabled 1011 # Fixed [artf4678] : Print, PDF and email buttons aren't accessible 1012 # Fixed [topic,62124] : Hover for icons when editing content in front-end 1013 # Fixed [topic,62165] : Canot login - admin_session_life not set 1014 1015 1016 15-May-2006 Rey Gigataras 1017 # Fixed [topic,61926] : Frontend static language text 1018 # Fixed [topic,61971] : E-mail cloaking broken, TinyMCE `mce_href` problem 1019 # Fixed : Frontend Content editing does not display correct publishing date/time 1020 # Fixed : Frontend Content editing incorrect handling of 'Never' in `Finish Publishing` 1021 # Fixed : Incorrect date/time values on `Content Items Manager` and `Static Content Manager` pages 1022 1023 1024 14-May-2006 Rey Gigataras 1025 * SECURITY A2 [ Low Level ]: add ability to selectively disable certain types of syndicated feeds 1026 1027 ^ Upgrade to TinyMCE 2.0.6.1 1028 1029 # Fixed [topic,61897] : Changing any parameter for logged user returns to login screen 1030 1031 1032 13-May-2006 Rey Gigataras 1033 * SECURITY A1 [ Low Level ]: [artf4529] : User with access to administration area can easly create super administrator. 1034 1035 # Fixed [artf4555] : Slight Bug in registration system 1036 # Fixed [artf4641] : Module sites with one template - modules should not show up - itemid issue 1037 # Fixed : `Itemid=99999999` appearing in next & prev navigation links 1038 # Fixed : `Itemid=` appearing in `Blog` links items 1039 1040 1041 13-May-2006 Andrew Eddie 1042 # Fixed [artf3302] : PatTemplate custom Functions getpage() undefined 1043 1044 1045 12-May-2006 Louis Landry 1046 # Fixed [artf4284] : database::load() resets private properties 1047 1048 1049 12-May-2006 Rey Gigataras 1050 # Fixed [topic,60970] : Finish Publishing Time not working as expected 1051 1052 1053 11-May-2006 Rey Gigataras 1054 # Fixed [artf4614] : Warning in mosCreateGUID 1055 # Fixed [artf4619] : task=category shows unpublished items 1056 # Fixed [artf4621] : Media manager with long filenames = no button 1057 # Fixed [artf4613] : Sub Menu Item deletion Security Bug 1058 # Fixed [artf4613] : Restoring menu items without a valid parent 1059 # Fixed [topic,59258] : bug when editing user profile 1060 # Fixed [topic,61190] : Menu Item Inconsistency 1061 1062 1063 10-May-2006 Sam Moffatt 1064 # Fixed issue with login directly after activation causing error, now redirects to index.php 1065 1066 1067 09-May-2006 Rey Gigataras 1068 # Fixed [artf4577] : saveUser in com_user has incorrect escaping for password 1069 1070 1071 28-Apr-2006 Alex Kempkens 1072 # Fixed artf : Language loading incorrect in offline mode (related to Joom!Fish language changes) 1073 1074 1075 27-Apr-2006 Rey Gigataras 1076 + Support for restricting ability to access certain functionality for demo sites 1077 1078 # Fixed [artf4527] : incorrect style in function botNoEditorEditorArea 1079 # Fixed [topic,57926] : mod_poll.php Warning 1080 1081 1082 26-Apr-2006 Rey Gigataras 1083 # Fixed [artf3912] : Pear's cache lite and safe_mode 1084 # Fixed [artf3711] : mosemailcloak generates invalid XHTML 1085 # Fixed [artf3251] : Wrong file count in Media Manager 1086 # Fixed [artf3196] : com_media does not properly manage file names with simple quotes (') 1087 1088 1089 25-Apr-2006 Rey Gigataras 1090 ^ PERFORMANCE [topic,54215] : MOSimage array affects edit page load time 1091 1092 1093 24-Apr-2006 Rey Gigataras 1094 * SECURITY A3 [ Low Level ]: logged in user session are not affected by changes of user account 1095 1096 # Fixed [artf4503] : Hardcoded text in page navigation 1097 # Fixed [artf4473] : Bad char in search 1098 # Fixed [artf4499] : Editing Quotated Menu Item 1099 # Fixed [artf4472] : Creating New User system message only sends to superusers 1100 # Fixed : Unable to 'Delete' `Super Administrator` - with check to ensure at least one active `Super Administrator` still exists 1101 # Fixed : Unable to 'change' group of `Administrator` & `Super Administrator` - with check to ensure at least one active `Super Administrator` still exists 1102 1103 1104 20-Apr-2006 Rey Gigataras 1105 * SECURITY A3 [ Low Level ]: Allow only one session per user account in Admin Backend 1106 1107 + Allow `save` and `apply` actions to be completed before logging out expired sessions 1108 1109 1110 20-Apr-2006 Andrew Eddie 1111 # Fixed slow query in com_polls 1112 # Fixed return address errors in patErrorManager 1113 # Fixed MySQL 5 error when saving menu items 1114 1115 1116 18-Apr-2006 Rey Gigataras 1117 + Javascript validation checks to mod_poll 1118 1119 1120 16-Apr-2006 Rey Gigataras 1121 # Fixed [artf4424] : gethostbyaddr(): Address is not a valid IPv4 or IPv6 address 1122 # Fixed [artf4407] : Image preview doesn't work with custom directory 1123 # Fixed [topic,54741] : Who's Online guest count increments with RSS feed access 1124 1125 1126 14-Apr-2006 Rey Gigataras 1127 # Fixed [artf4400] : Search: Itemid in mod_search also finds trashed Itemid's 1128 # Fixed [artf4399] : Search title in com_search is never from language file 1129 1130 1131 12-Apr-2006 Rey Gigataras 1132 # Fixed [artf4346] : $mainframe->login($username,$pwd) compatibility broken 1133 # Fixed : `body` parameter for mailto tags 1134 1135 1136 11-Apr-2006 Rey Gigataras 1137 # Fixed [artf4340] : Itemid on menu - multiple links to same content 1138 # Fixed : cache support for `Blog - Content Section Archive` & `Blog - Content Category Archive` 1139 # Fixed : SEF.php incorrect handling of `mailto` & `javascript` links 1140 # Fixed : $shownoauth default value in `configuration.php-dist` 1141 # Fixed : `live_bookmarks` not being disbaled properly by security check; 1142 # Fixed : admin `contact` and `weblink` ordering 1143 1144 1145 08-Apr-2006 Rey Gigataras 1146 # Fixed [topic,45136.0] : stop Cache system from creating large amount of Cache files 1147 # Fixed [artf4302] : 'Read more' link is always displayed if 'Linked Titles' option enabled 1148 # Fixed [artf4304] : Bugs in search.html.php 1149 # Fixed : Content Popup page behaviour 1150 1151 1152 07-Apr-2006 Rey Gigataras 1153 # Fixed [artf4294] : InputFilter failed escaping string 1154 # Fixed [artf4050] : mod_mainmenu.php not setting id=active_menu 1155 1156 1157 06-Apr-2006 Rey Gigataras 1158 * SECURITY A2 [ Low Level ]: check for menu item added to 'Edit Your Details' page 1159 * SECURITY A2 [ Low Level ]: check for menu item added to 'Check-In My Items' page 1160 * SECURITY A2 [ Low Level ]: check for menu item added to 'Submit News' page 1161 * SECURITY A2 [ Low Level ]: check for menu item added to 'Submit Weblink' page 1162 1163 # Fixed [artf4282] : Extra Empty Menu Span Tags 1164 1165 1166 05-Apr-2006 Rey Gigataras 1167 # Fixed [artf4010] : When creating new module. Two modules are created when clicking save 1168 1169 1170 02-Apr-2006 Rey Gigataras 1171 # Fixed [artf3575] : Correction needed in stylesheet 1172 # Fixed [artf4089] : Problem with domit, extended characters and PHP 5.0.2 1173 1174 1175 01-Apr-2006 Rey Gigataras 1176 # Fixed [topic,50547.0.html] : Print statement left in class.inputfilter.php 1177 # Fixed [topic,48908.0.html] : Duplicate usernames / Length Checking 1178 1179 1180 31-Mar-2006 Rey Gigataras 1181 # Fixed [topic,46614.0.html] : mod_templatechooser not working when templates name has dashes 1182 1183 1184 30-Mar-2006 Rey Gigataras 1185 * SECURITY A1 [ Low Level ]: [artf3702] : breadcrumbs: information gathering possible by simple urlhacks 1186