September 23, 2008 at 15:49

Vanilla 1.1.5


    The Vanilla Forum version 1.1.5 was released yesterday. This release is dedicated to fixing vulnerabilities and bugs in the engine (in a previous post, many were interested in the issue of security), as well as some minor improvements.
    Here is the complete list of changes:

    Security

    • Fixed XSS vulnerability in forms on the user profile page.
    • Fixed XSS vulnerability in the registration form.
    • Now regenerating the remember-me cookie when a user changing password.
    • Fixed CSRF vulnerability in ajax / UpdateCheck.php.
    • Fixed CSRF vulnerability on exit page.
    • More reliable storage of user passwords.

    Mistakes

    • Fixed a bug that prevented the correct processing of some RemoveTab calls.
    • Fixed various bugs in the installer that appear when using your database prefixes.
    • Improved verification of the section indication for a newly created topic.
    • Fixed a bug in search results that link to multi-page topics.
    • Fixed TOS page encoding.
    • Fixed font declaration in CSS (quotation marks and default font added).
    • Added message about successful password change.
    • Added missing closing DIV on login page.
    • Fixed theme editing form.
    • Fixed a bug with assigning user permissions.
    • The names of the database tables and fields in the code are now taken from the configuration variables in many server Ajax files.
    • Typos in Head :: AddStyleSheet () are fixed.
    • Fixed various typos in the comparison and equalization signs (== instead of =).
    • Improved support for UTF-8 by the search engine.
    • Typo in AddDaysToTimeStamp () fixed.
    • Added support for SSL-hosted images and icons in profiles.
    • The return address is encoded in the login link.
    • A check is made for duplicate usernames when saving a profile.
    • Fixed some CSS bugs in IE6.
    • Fixed a bug preventing the use of numeric database prefixes.

    Features

    • The installer displays a warning when using an empty database password.
    • Added various permissions.
    • Added Discussion :: DiscussionPrefix ().
    • DiscussionManager :: GetDiscussionList () can now collect topics from multiple sections into one.
    • Simplified build for deployment (see lussumo.com/docs/doku.php?id=vanilla:installingfromsvn).
    • Added JS and CSS sources.
    • Added Session :: GetCsrfValidationKey () to get the CSRF key.
    • PHPdocumentor added - like comments on SqlBuilder.
    • Added new option SqlBuilder :: AddWhere () for combining OR and AND operators.
    • Integrity checker added (for debugging).
    • Chmod instructions fixed.
    • Added jQuery.js (version 1.2.6), in advance, for future use in Vanilla 1.2
    • Added links factory persistent objects.

    Instructions for updating the forum from version 1.1.4 to 1.1.5.
    An archive with the changed files for replacement can be downloaded from the Vanilla community homepage .
    Tags:

    Also popular now: