Path to this page:
Subject: CVS commit: pkgsrc/www/php-concrete5
From: Ryo ONODERA
Date: 2012-09-20 23:29:08
Message id: 20120920212908.2958F175DD@cvs.netbsd.org
Log Message:
Update to 5.6.0.1
* Fix security bug
Changelog:
Tar ball is not shipped with changelog...
5.6.0.1 Version History
Behavioral Improvements
Page Type names are sanitized better when created in the dashboard.
Multilingual controls in dashboard now display languages in their native \
language (for easier understanding. thanks patrickheck)
Better display when removing groups or users and having them show up in \
advanced permissions list.
Fixing bug where composer pages weren't being added to the bottom of the \
list. Fixing bug where moved pages weren't getting a rescanned display order
Fixing missing dashboard icons for Stacks and Block Types
Bug Fixes
Fixed inability to use Layout Presets
Fixed bug where blocks couldn¡Çt be copied out to child pages from page \
type defaults on upgraded sites.
Fixed form block bug where you¡Çd be unable to enter an email address in \
the form block for notification.
Fixed: \
http://www.concrete5.org/developers/bugs/5-6-0/getthemepath-prints-absolute-paths/
Blocks and packages can now insert header items into the 404 page correctly.
fixed: \
http://www.concrete5.org/developers/bugs/5-6-0/page-type-icons-incorrect-when-included-in-composer/
Fixed ¡ÈOut of range value for column 'uLastIP¡É error that would occur \
with certain IP addresses.
Bulk SEO Tool now shows DIR_REL constant within the URL slug properly.
Group sets now appear on the dashboard home page.
Fixed JavaScript error leading to aborted installation when installation \
routines have apostrophes in them (primarily for translated versions of \
concrete5.)
Theme assets no longer have two slashes in the URLs.
Fixed: \
http://www.concrete5.org/developers/bugs/5-6-0/fatal-error-call-to-a-member-function-isglobalarea-on-a-non-obje/ \
by hiding permissions options on the frontend (use the stacks interface \
instead.)
Fixed: \
http://www.concrete5.org/developers/bugs/5-6-0/global-area-update-issue-when-using-preview-my-edits/
Date Navigation block now honors the Pretty URLs settings.
Fixed: \
http://www.concrete5.org/developers/bugs/5-6-0/advanced-permissions-dont-work-after-translation/
Fixed: page_types/ directory was incorrectly excluded from overrides detection.
fixing 'Call to a member function getProxyBlock() on a non-object in \
/core/libraries/block_view.php on line 39' when calling an action URL on a \
non-object block
Developer Updates
Validation helpers didn¡Çt extend the core helpers properly. This has been \
fixed.
Clear override cache on adding a single page.
Refreshing overrides cache when installing a block type (fixes Designer \
Content add-on not working with the overrides cache turned on).
5.6.0 Release Notes
Feature Updates
Completely updated permissions system, including:
More granular permission control that maps directly to common concrete5 \
tasks.
Ability to control which users or groups CAN¡ÇT do something, as \
opposed to only allow those who CAN do something.
Ability to grant a permission to only those users in a particular \
combination of groups.
Ability to control which users and groups can add which types of block \
site-wide and in simple permissions mode.
Restrict permissions to various roles, including ¡Èuploader of the \
file¡É, ¡Èpage owner¡É, etc...
Shortcut for enabling guest view access on blocks.
Group Sets can group groups together for organizational purposes, \
permissions.
Fine-grained, granular controls on content types, permission types.
New user permissions to control who can edit which users, assign which \
groups, etc...
Complete new extendable workflow system, including basic workflow and \
waiting for me. Improved, normalized and rewrote a lot of old code for things \
like pending page actions to bring them into the workflow system.
Improved interface work, including bootstrap 2 integration.
Improved Mobile Support
Mobile theme switcher now integrated into core
Improved mobile performance of header on mobile devices.
Improved dashboard on mobile devices; fully responsive dashboard across \
all devices.
You can now choose an individual block or an entire stack when adding a \
stack on the front-end.
Added bulk actions to the user search
New SEO Manager in Dashboard > System & Settings gives you one place \
to modify SEO properties for your entire site.
Made page theme a versionable property.
Make page type a versionable property.
Ability to reorder block types globally (thanks jordanlev!)
You can now copy and paste a stack on the front-end.
Page URL Slugs now use the URLify library instead of our own solution (which \
wasn¡Çt as consistent or effective.)
Additional Features and Behavioral Improvements
When implicitly checking pages out (editing properties in sitemap, etc...) \
they will be checked back in when the dialog is closed. (New in 5.6.0b2)
Added an Add Group button to Groups page.
Rich text editor in dashboard now uses site theme for styles.
Color picker UI more consistent with 5.5 (thanks arcanepain.)
Add new page window no longer cut off on small monitors.
Search Block - Added page selector when posting search results to another page.
Form Block
added date and date time field types that allow a user to use a \
date/time picker to choose values.
Email field now has ability to be set as the default reply-to so \
administrators can reply directly to the form submitter.
No more jumpiness on editing.
Added theme to Page Search.
Removed HTML diff python library (since it didn¡Çt work very well). \
Replaced with tab-based compare that lets you compare more than two versions.
Off-server requests can now be made with a proxy server, found in System \
& Settings (thanks garagan!)
Added copy to the version dialog box. Improved version dialog box appearance.
Improved quick nav experience, reworked dashboard dropdown to use favorites \
for adding. Favorites show up in the dashboard dropdown.
You can now select Gravatar as a fallback user avatar (thanks danklassen!) \
in the profiles section of the dashboard.
Add page can happen with submit.
More consistent sitemap/search overlay, with various searches only loaded \
when needed. Tabs remember last selected sitemap/search option.
Miscellaneous string translation and Internationalization improvements \
(thanks thuic)
Added getSearchableContent method to rss viewer block so it¡Çs content \
will show up in search results (thanks 12345j)
Built-in countries and state/provinces helpers now use Zend_Locale for \
easier management, more consistency and localization.
Added URL Slug in Composer.
Maintenance mode now lets you perform some sitemap and page operations while \
the site is down.
Zend_Translate can now be stored at a different path to fix Zend_Translate \
bug with period in directory. Added TRANSLATE_OPTIONS that can be specified in \
config/site.php (thanks ahukkanen).
Added user to the Log entries screen (thanks klompie!)
Internationalization improvement: Zend_Date now included. Dates are now \
localized into the proper language (thanks patrickheck.). DateHelper::date() \
manages localization.
Block limits set in templates are now updated in realtime without a page \
refresh (thanks bhcarpenter)
Now you can clear your page search index from the ¡ÈSearch Index¡É page \
in the dashboard (which will let you fully reindex it through the reindex pages \
job.)
Form block: Adding the ability to set an email address as the reply-to \
address when replying to the email (thanks danklassen.)
Blog RSS feed now includes categories (thanks stonier)
Complete rewrite of sitemap.xml generation job to improve performance, no \
longer show deleted pages, add new constants for sitemap starting point, default \
change frequency and priority (thanks mlocati.)
Nicer alignment on Next/Previous block (thanks thirdender.)
Using realpath() instead of ../ to fix some base_dir errors, make things nicer.
More consistent ordering of log entries when they happen in rapid succession \
(thanks Johnthefish).
Cleaned up javascript in the google map block (thanks Remo).
Edit in Composer now available in page search.
Installing in a particular language no longer sets that language as the \
default in config/site.php (which would render no other languages selectable.)
Added cookie check to installation preflight.
Added last IP to user detail screen in dashboard.
Forbidden shows up if user can¡Çt view a page but is logged in (thanks mnkras).
Performance Improvements
Added environment library to cache overrides for better performance. \
Overrides cache setting now available from the Cache System and Settings page.
New autod support for better performance with on-demand class loading.
Removing nivo slider from the core for better compatibility with third party \
sliders and smaller file sizes; removing cropzoom from ccm.app.js for smaller \
file sizes.
Rewrote portions used with large blogs (New in 5.6b2)
Additional Bug Fixes
Additional pagination now works in large sitemaps from the front-end (New in \
5.6.0b2)
Flat view pagination looks nicer (New in 5.6.0b2)
On some hosts, manual checking for concrete5 f were being added to the file \
manager.
Improved reliability when using composer with advanced permissions.* Bug \
Fix: events sort by priority (thanks arcanepain)
Fixed replace field in Firefox (width)
Tags and select options will only show \
usag-2-1/automatically-inclusion-of-additional-page-path-when-updating-ca/
data urls should work as background images in customizable stylesheets.
Fixed: \
http://www.concrete5.org/developers/bugs/5-5-2-1/registration-errors-when-no-user-attributes-are-selected-to-show/ \
(New in 5.6.0b2)
Fixed: \
http://www.concrete5.org/developers/bugs/5-4-2-2/wrong-path-to-block-template-when-embedded-a-block-element-in-th/
Fixed: \
http://www.concrete5.org/developers/bugs/5-5-2-1/url-replacement-in-theme-css-only-replaces-first-url-in-each-lin/#discussionpost
Fixed: \
http://www.concrete5.org/developers/bugs/5-5-2-1/user-edit-multiple-of-the-same-group-can-be-added-to-a-user-caus/#discussionpost
Fixed: \
http://www.concrete5.org/developers/bugs/5-5-2-1/dashboard-page-search-menu-overridden-if-working-with-overlay-fi/
Fixed: \
http://www.concrete5.org/developers/bugs/5-5-2-1/page-attributes-attributes-list-stealing-kepresses-for-up-and-do/
Fixing potential SQL vulnerability in Autonav Preview pane.
Fixed: \
http://www.concrete5.org/developers/bugs/5-5-2-1/cant-use-and-in-select-attribute-values/ \
(thanks arcanepain)
Fixed: \
http://www.concrete5.org/developers/bugs/5-5-2-1/customize-result-in-user-search-retains-deleted-attribute-column/
Checking for invalid cookie length when starting a session.
RSS Displayer block now only cached for one hour.
http://www.concrete5.org/developers/bugs/5-5-2-1/bug-in-page-search-table/ \
(Fixed in 5.6.0b2)
Fixed: \
http://www.concrete5.org/developers/bugs/5-5-2-1/jobs-play-button-url-contains-the-wrong-parameter-to-run-a-singl/
Fixed bug where editing an initial version of a page wouldn¡Çt create a \
new version of the page, until the second edit.
Fixed: \
http://www.concrete5.org/developers/bugs/5-5-2-1/numbers-in-version-comments-still-arent-increased-correctly/ \
(thanks remo)
Fixed bug checking for captcha options form in the wrong place.
Fixed bug where custom style elements on blocks in stacks wouldn¡Çt show \
up in page (thanks acliss19xx)
Minor XSS fixes in edit mode.
Fixed: \
http://www.concrete5.org/developers/bugs/5-5-2-1/object-doesnt-support-property-or-method-stoppropagation-in-ie8/
Fixed bug in FileList (which would show up in Slideshow blocks or anywhere \
that would filter by set) where selecting a file set and then deleting it would \
cause a SQL error (thanks remo)
Included updated SWFUpload to fix XSS issue.
Fixed bug where file set display order would appear random if files were in \
multiple sets.
Fixed: \
http://www.concrete5.org/developers/bugs/5-5-2-1/deleting-composer-publish-location-page-results-mysql-1064-error/
Fix bug where defining LOCALE in config/site.php and then trying to save \
multilingual settings could override the default locale with a null locale.
Fixed potential SQL problems when an admin tried to pass nefarious \
parameters through to the file manager, page search, or metadata/version \
editing.
No longer will you get the ¡Èchecking for updates¡É spinner infinitely \
when in maintenance mode.
Forms/External Forms/Other Items that have been copied and pasted into \
another page will now work from that page.
Forms can now be edited properly when pasted from a clipboard.
More reliable permissions checking on dashboard dropdown for news, add \
functionality and system & settings (thanks arcanepain)
Progress status during installation should now be displayed in proper language.
Fixed pagination in blog index thumbnail (page list custom template.)
FIXED: If images or files were used in content block instances in content \
importer an error would be thrown.
Environment info no longer incorrectly reports all max_execution_time \
settings at 5.
Fixed: \
http://www.concrete5.org/developers/bugs/5-5-2-1/insert-link-to-page-with-ie8/
replaced m/d/y with DATE_APP_GENERIC_MDY to jquery date pickers in date time \
helper (thx melat0nin)
Security Fix: Closed Redirect Loophole on Form block
Attempting to resolve this: \
http://www.concrete5.org/developers/bugs/5-5-2-1/fatal-error-call-to-a-member-function-getblocktypehandle/#discussionpost
Proper 404 headers should be sent when browsing to a method that doesn¡Çt \
exist under a single page.
Fixed some bugs and finicky behavior with search paging in file manager, \
page search, other search.
When editing page properties while checking out a page, approval fields will \
now be shown post update (rather than forcing you to refresh the page or exit \
edit mode and then approve the page.)
Fixed bug in block move() method that would copy all blocks from an area... \
(thanks herent)
Fixed: \
http://www.concrete5.org/developers/bugs/5-5-2-1/error-on-package-uninstall/ \
(New in 5.6.0b2)
Fixed: Copy to clipboard from editable area then pasting to global area \
causes fatal error (New in 5.6.0b2)
Fixed: \
http://www.concrete5.org/developers/bugs/5-5-2-1/default-date_archive-block-controller-caches-its-active-state/ \
(New in 5.6.0b2)
Developer Updates
You can now pass an optional third parameter to the css() and javascript() \
functions which will be checked for uniqueness. This array contains \
¡Æhandle¡Ç and ¡Æversion¡Ç and can be used to force only the right \
libraries loading at the right time (thanks jordanlev).
Added support for BASE_URL_SSL constant.
If a __call method is present in a controller, it will be used for any tasks \
that don¡Çt exist (thanks remo).
Packaged themes can now be overridden in the root themes directory. This is \
true for included elements (using inc()) and page types/single pages.
You can now add elements/dashboard/install_post.php to your package and it \
will be displayed in a dialog post install.
Updated auto-nav templates to be much nicer to edit.
Moved jQuery.Cookie library into ccm.app.js
Including t2() function for plural localization/translation (thanks mlocati.)
New Events
on_composer_publish
on_composer_save_draft
on_composer_delete_draft
on_block_load (New in 5.6b2)
Better block validation error messages on installation (thanks jordanlev)
Updated simplepie RSS and ATOM parsing library to 1.3 (thanks ahukkanen)
Added closures support to events for PHP 5.3 and greater (just specify an \
anonymous function.
Files: