NewsFeaturesDownloadsDevelopmentSupportAbout Us

Release notes Lifetype 1.2.10

From LifeType Wiki

Contents

Release notes for Lifetype 1.2.10

Description

Lifetype 1.2.10 is another security release in the 1.2 series. The most important part of this release is the fix that disallows uploads that have blacklisted extensions in the middle of the filename, ex. test.php.txt, or test.php;txt, as Apache and IIS allow those files (respectively) to be executed as php code(!).

We've also fixed support for PHP5 (the infamous static bug) as well as continuing to support PHP4 (hopefully that'll go away soon...)

There are other features and bug fixes that were added along the way.

See the complete changelog for full details.

Download

These are the links to the full Lifetype 1.2.10 packages:

Lifetype 1.2.10 (.tar.bz2)

Lifetype 1.2.10 (.tar.gz)

Lifetype 1.2.10 (.zip)

If upgrading from Lifetype 1.2.9, there are packages available which only include new or modified files and will allow you to upgrade from Lifetype 1.2.9 only. These packages can not be used to upgrade from 1.1.x or any other 1.2.x release:

Lifetype upgrade package from 1.2.9 (.tgz)

Lifetype upgrade package from 1.2.9 (.zip)

Important notes

Not much to say here for this release, just go ahead and download it, since it contains the previously mentioned important security fix, and also one XSS that slipped by in the last release.

NOTE: If you are still running php4, make sure to check out this bug report to avoid a menutabs error in the administration section.

New features

Title fixes: better SEO support and the page number is now included when on subsequent pages

New smarty plugins for easier coding: break and continue

Issues fixed

Audio file upload support was broken recently, and was fixed in this release.

The complete list of issues fixed in this release, extracted from the project's bug tracking system

Passive XSS in link adding section

Possible to upload php file in IIS

Possible to upload php file in Apache

Newer versions of PHP causes static vs. non-static issues

Change pageTitle for SEO reasons

Break and Continue for SMARTY

Problem with the <title> when using the pager

Divide by zero is possible in _calcProb of bayesiantokens.class

Full path disclosure

Cannot insert audio

The "EVENT_POST_RESOURCE_DELETE" is missing