Please login or register.

Login with username, password and session length
Advanced search  

News:

You need/want an older version of sNews ? Download an older/unsupported version here.

Author Topic: [CHANGELOG] sNews CMS version 1.5.31  (Read 6097 times)

Mika

  • Hero Member
  • *****
  • Karma: 9
  • Posts: 1377
    • http://www.ni5ni6.com/
[CHANGELOG] sNews CMS version 1.5.31
« on: February 02, 2007, 07:05:23 PM »

Changelog 02.02.07

MANDATORY CHANGE:
- MySQL database update (run this code in your MySQL editor such as phpmyadmin or similar tool)
Quote
--- begin MySQL code
UPDATE `settings`
SET `value` = '098f6bcd4621d373cade4e832627b4f6'
WHERE `settings`.`name`= 'username'
LIMIT 1;
- end MySQL code
- if using database prefix (example: PREFIX_)
Quote
-- begin MySQL code
UPDATE `PREFIX_settings`
SET `value` = '098f6bcd4621d373cade4e832627b4f6'
WHERE `PREFIX_settings`.`name`= 'username'
LIMIT 1;
-- end MySQL code
- this will reset your username to test

- added new db variables:
   $db['secretWord'] = '287saqiz3'; // Default session password (make it hard to guess and change it often - 287saqiz3 is an example)
- added new language variables:
   - $l['err_Login'] = 'Wrong username and/or password.';
   - $l['no_comments'] = 'No comments at the moment';
     - $l['login_limit'] = 'User/pass limitations: 4-8 alphanumeric characters only';
- added new functions:
   - checkUserPass() added to sanitize login routine (more info inside function)
   - token() added to prevent session hijacking (more info inside function)
     - mathCaptcha() function: added to comment, contact and login forms
     - decode() function: control comments() and new_comments() output
- other changes:
    - removed zero category display limitation because it was too confusing for numerous users
    - html_form() function: <form> tag has been expanded with accept-charset attribute
   - error_reporting lowered to null (when developing turn back E_ALL ^ E_NOTICE reporting level)
   - snews_startup(): added checkUserPass() sanitation, added token() to admin session
   - cleanXSS(): removed <a> and <img> tags, function redesigned
   - all occurances of
      isset($_SESSION[db('website').'Logged_In'])
   and
      $_SESSION[db('website').'Logged_In'] == 'True'
   have been replaced with
      $_SESSION[db('website').'Logged_In'] == token()
   - get_id($parameter): aded clean() and cleanXSS() cleaning routines
   - center(): rearranged initial switches at the top and cleaned $GLOBALS in it, added db('loginLink') to public switch
   - notification($error, $errNote, $link): echo removed and added return instead
   - clean($query): added magic quotes check (all other magic quotes check from 1.5.30 have been removed)
   - comment($freeze_status) and contact(): expanded $GLOBALS check (more info inside each function)
   - processing():
      - all $_REQUEST globals replaced with $_GET and cleaned
      - both username and password are hashed with md5()
      - new_comments($number, $stringlen): added 'no comments' notification and fixed empty <ul> validation issue
      - html_input(): fixed textarea validation (previous fixes from 1.5.30 have been removed)
« Last Edit: April 22, 2009, 02:46:51 PM by Keyrocks »
Logged
http://www.ni5ni6.com/ - Tutorials, Mods and How-To's about sNews CMS
sNews 1.6 Developers Edition - commented sNews 1.6 version

Keyrocks

  • Doug
  • ULTIMATE member
  • ******
  • Karma: 449
  • Posts: 6019
  • Semantically Challenged
    • snews.ca
[CHANGELOG] sNews CMS version 1.5.31
« Reply #1 on: February 02, 2007, 08:26:28 PM »

Mika... a couple of short questions...

1. Is this topic meant to list of all changes... from the 1.5.30 stable release... to the new 1.5.31 ZIP release now available?

2. Does the new 1.5.31 contain the security mods as they were in your snews_1531DE.php file, or were they further refined for this release?
Logged
Do it now... later may not come.
-------------------------------------------------------------------------------------------------
sNews 1.6 MESU | sNews 1.6 MEMU

Mika

  • Hero Member
  • *****
  • Karma: 9
  • Posts: 1377
    • http://www.ni5ni6.com/
[CHANGELOG] sNews CMS version 1.5.31
« Reply #2 on: February 02, 2007, 11:44:27 PM »

As you've noticed, this changelog differs from DE; some elements have been removed, math captcha has been added, and some security refinments have been applied.. This should be complete changelog from .30 to .31

p.s. I forgot to add one minor thing into changelog :/ (lame excuse but - it's rather late here)
- Inside html_form() function tag has been expanded with accept-charset attribute

Changelog is updated now.
Logged
http://www.ni5ni6.com/ - Tutorials, Mods and How-To's about sNews CMS
sNews 1.6 Developers Edition - commented sNews 1.6 version

Keyrocks

  • Doug
  • ULTIMATE member
  • ******
  • Karma: 449
  • Posts: 6019
  • Semantically Challenged
    • snews.ca
[CHANGELOG] sNews CMS version 1.5.31
« Reply #3 on: February 03, 2007, 02:38:30 AM »

Another question... Does the new mathCaptcha() function replace bramsyuur's anti-spam captcha mod? I have been using it up to now... and realized while adding my mods to the file that I don't seem to need it. :)
Logged
Do it now... later may not come.
-------------------------------------------------------------------------------------------------
sNews 1.6 MESU | sNews 1.6 MEMU

bramsyuur

  • Hero Member
  • *****
  • Karma: 23
  • Posts: 873
    • http://snews.vietbee.net
[CHANGELOG] sNews CMS version 1.5.31
« Reply #4 on: February 03, 2007, 01:41:28 PM »

A lot of javascript was removed, right?
Logged
La comunidad sNews en tu idioma!
Comunidad sNews en Espaņol

Luka

  • Administrator
  • ULTIMATE member
  • ******
  • Karma: 36
  • Posts: 1716
    • http://www.snewscms.com
[CHANGELOG] sNews CMS version 1.5.31
« Reply #5 on: February 03, 2007, 01:45:27 PM »

Key: You can use both capthas if you want but I don't think there's need for that. Math captcha is a great way to try and stop robots from the future and to be able to use by those who can't afford GD library. Enabling modules like GD or mod rewrite have a price just as anything else. Just like a barrel of oil.

Bram: We rearranged xss functions to try and stop people who devote their lives into destructions of sites. I don't think js fuctions have been changed.
Logged