sNews Forum

Previous sNews versions => sNews 1.5 Final => Patches/fixes => Topic started by: Mika on February 02, 2007, 07:05:23 pm

Title: [CHANGELOG] sNews CMS version 1.5.31
Post by: Mika on February 02, 2007, 07:05:23 pm
Changelog 02.02.07

MANDATORY CHANGE:
- MySQL database update (run this code in your MySQL editor such as phpmyadmin or similar tool)
Quote
--- begin MySQL code
UPDATE `settings`
SET `value` = '098f6bcd4621d373cade4e832627b4f6'
WHERE `settings`.`name`= 'username'
LIMIT 1;
- end MySQL code
- if using database prefix (example: PREFIX_)
Quote
-- begin MySQL code
UPDATE `PREFIX_settings`
SET `value` = '098f6bcd4621d373cade4e832627b4f6'
WHERE `PREFIX_settings`.`name`= 'username'
LIMIT 1;
-- end MySQL code
- this will reset your username to test

- added new db variables:
   $db['secretWord'] = '287saqiz3'; // Default session password (make it hard to guess and change it often - 287saqiz3 is an example)
- added new language variables:
   - $l['err_Login'] = 'Wrong username and/or password.';
   - $l['no_comments'] = 'No comments at the moment';
     - $l['login_limit'] = 'User/pass limitations: 4-8 alphanumeric characters only';
- added new functions:
   - checkUserPass() added to sanitize login routine (more info inside function)
   - token() added to prevent session hijacking (more info inside function)
     - mathCaptcha() function: added to comment, contact and login forms
     - decode() function: control comments() and new_comments() output
- other changes:
    - removed zero category display limitation because it was too confusing for numerous users
    - html_form() function: <form> tag has been expanded with accept-charset attribute
   - error_reporting lowered to null (when developing turn back E_ALL ^ E_NOTICE reporting level)
   - snews_startup(): added checkUserPass() sanitation, added token() to admin session
   - cleanXSS(): removed <a> and <img> tags, function redesigned
   - all occurances of
      isset($_SESSION[db('website').'Logged_In'])
   and
      $_SESSION[db('website').'Logged_In'] == 'True'
   have been replaced with
      $_SESSION[db('website').'Logged_In'] == token()
   - get_id($parameter): aded clean() and cleanXSS() cleaning routines
   - center(): rearranged initial switches at the top and cleaned $GLOBALS in it, added db('loginLink') to public switch
   - notification($error, $errNote, $link): echo removed and added return instead
   - clean($query): added magic quotes check (all other magic quotes check from 1.5.30 have been removed)
   - comment($freeze_status) and contact(): expanded $GLOBALS check (more info inside each function)
   - processing():
      - all $_REQUEST globals replaced with $_GET and cleaned
      - both username and password are hashed with md5()
      - new_comments($number, $stringlen): added 'no comments' notification and fixed empty <ul> validation issue
      - html_input(): fixed textarea validation (previous fixes from 1.5.30 have been removed)
Title: [CHANGELOG] sNews CMS version 1.5.31
Post by: Keyrocks on February 02, 2007, 08:26:28 pm
Mika... a couple of short questions...

1. Is this topic meant to list of all changes... from the 1.5.30 stable release... to the new 1.5.31 ZIP release now available?

2. Does the new 1.5.31 contain the security mods as they were in your snews_1531DE.php file, or were they further refined for this release?
Title: [CHANGELOG] sNews CMS version 1.5.31
Post by: Mika on February 02, 2007, 11:44:27 pm
As you've noticed, this changelog differs from DE; some elements have been removed, math captcha has been added, and some security refinments have been applied.. This should be complete changelog from .30 to .31

p.s. I forgot to add one minor thing into changelog :/ (lame excuse but - it's rather late here)
- Inside html_form() function
tag has been expanded with accept-charset attribute

Changelog is updated now.
Title: [CHANGELOG] sNews CMS version 1.5.31
Post by: Keyrocks on February 03, 2007, 02:38:30 am
Another question... Does the new mathCaptcha() function replace bramsyuur's anti-spam captcha mod? I have been using it up to now... and realized while adding my mods to the file that I don't seem to need it. :)
Title: [CHANGELOG] sNews CMS version 1.5.31
Post by: bramsyuur on February 03, 2007, 01:41:28 pm
A lot of javascript was removed, right?
Title: [CHANGELOG] sNews CMS version 1.5.31
Post by: Luka on February 03, 2007, 01:45:27 pm
Key: You can use both capthas if you want but I don't think there's need for that. Math captcha is a great way to try and stop robots from the future and to be able to use by those who can't afford GD library. Enabling modules like GD or mod rewrite have a price just as anything else. Just like a barrel of oil.

Bram: We rearranged xss functions to try and stop people who devote their lives into destructions of sites. I don't think js fuctions have been changed.