NewsFeaturesDownloadsDevelopmentSupportAbout Us

Release notes Lifetype 1.2.9

From LifeType Wiki

Contents

Release notes for Lifetype 1.2.9

Description

Lifetype 1.2.9 is another security release in the 1.2 series. It was a big one originally, and it wore out a number of developers, so though all of the security issues were fixed early on, and users were encouraged to use one of the beta releases, we finally finished off the todo list for the official release.

Download

These are the links to the full Lifetype 1.2.9 packages:

Lifetype 1.2.9 (.tar.bz2)

Lifetype 1.2.9 (.tar.gz)

Lifetype 1.2.9 (.zip)

If upgrading from Lifetype 1.2.8, there are packages available which only include new or modified files and will allow you to upgrade from Lifetype 1.2.8 only. These packages can not be used to upgrade from 1.1.x or any other 1.2.x release:

Lifetype upgrade package from 1.2.8 (.tar.gz)

Lifetype upgrade package from 1.2.8 (.zip)

Important notes

Now that we are validating data more carefully if a user is currently using an invalid username (ftp, admin, www by default) that user won't be able to login after the upgrade, so if that is the case, you should modify your forbidden_usernames prior to upgrading.

Due to LifeType committing to supporting php4 through the end of the 1.2.x life cycle, we are not able to support both php4 AND php5, as the php developers themselves have given up on php4 years ago. Thus, LifeType 1.2.x releases will only be able to run on php5 up to 5.2.6 or so. You might be able to run higher than that, if you can disable certain coding warnings - the warnings that affect us relate to using static functions without the use of the "static" keyword (which doesn't exist in PHP4).

But, it turns out due to our trying to support both, we ended up with a problem with php4 releases too: If you are still running php4, make sure to check out this bug report to avoid a menutabs error in the administration section.

New features

Really fancy custom URLs, now fairly complex regular expressions can be used. This allows for multiple URLs to be accepted. This is primarily useful for people who are migrating from one site to another, and don't want to have to generate all of the ModRewrite rules to match the new URL scheme. You can also easily migrate to nicer URLs (perhaps removing the date numbers). Examples:

/archives/(?:{year}/{month}/{day}/)?{postname}$
/(?:post|archives)/(?:{year}/{month}/{day}/)?{postname}$

Anything in the (?:....) part will be matched on incoming URLs but not used in outgoing URLs (unless the | character is used, as in the second example, where the first term "post" will be used and "archives" will only be for incoming URLs).

Issues fixed

The most significant issue is that all data input is now validated through our validator system - previously, a number of inputs had been lazily skipped, allowing for various exploits to occur.

The rest of the bugs fixed are below - all sorts of small annoyances that affected some people, but not everybody.

The complete list of issues fixed in this release, extracted from the project's bug tracking system

0001584: [User Interface] Standard Album makes trouble: error_fetching_album (jondaley)

0001554: [Installation] Server error 500 after lifetype 1.2.x installation if tokenizer.so not loaded. Add check in wizard.php (jondaley)

0001018: [Core] time offset is back again. (jondaley)

0001292: [Core] javascript fault in submiting article to lifetype (jondaley)

0001610: [User Interface] New post page always shows current server time, whether or not there is a blog time offset. (jondaley)

0001609: [Core] If the time offset is non-zero, when setting the time on a new post, it always is set incorrectly. (jondaley)

0001600: [Documentation] Impossible to submit a long text at once (jondaley)

0001605: [Core] Autosave cookie is not erased properly once the post is successfully saved to the database (jondaley)

0001604: [Plugins] Hostblock-add feature to block any access to blog site (jondaley)

0001598: [Core] new post html is modified (pwestbro)

0001597: [Core] Invalid data can be entered into the database via the postUser parameter (jondaley)

0001596: [User Interface] IE7 (6?) has a bug in whitespace for lists: menus look kind of dumb (jondaley)

0001595: [User Interface] tinymce doesn't work with IE6 or IE7 (jondaley)

0001518: [Core] Update html/javascript/etc filters? (jondaley)

0001594: [Core] Inserting resources with spaces causes javascript errors or otherwise fails in some cases

0001593: [Core] insertAudio tinymce plugin isn't working that well, and can fail in various ways (jondaley)

0001592: [Core] When creating an article with invalid information, the addArticle function will not report an error. (jondaley)

0001424: [Core] missed validation (jondaley)

0001591: [Installation] If you try to redo an installation over the top of a previous one, it will fail if you were logged into the previous installatio (jondaley)

0000441: [Core] RSS = bad (jondaley)

0001472: [Plugins] new dailymotion videos not running anymore (jondaley)

0001361: [Core] Error with photos after upgrade (jondaley)

0001579: [Core] charset problem (jondaley)

0001590: [Template] Smarty has a new version, and a forum user is having some troubles, so maybe it will fix his problem. (jondaley)

0001508: [Core] XSS in various fields (jondaley)

0001587: [Core] Due to 1.2.9's more secure filtering, a bug was added where post titles couldn't end with a space. (jondaley)

0001581: [Core] If slug is updated during post edit, the cache is not updated properly (jondaley)

0001583: [Core] Custom URL upgrade. Allow fancier regular expression matching for those people who want it (jondaley)

0001582: [Core] Removed phpsniff (jondaley)

0001561: [Template] remove domain from kubrick and green marine (jondaley)

0001565: [Plugins] Catalan locale for Template Editor Plugin (jondaley)

0001571: [User Interface] Problem inserting Goear sound resources. (jondaley)

0001569: [Core] if a validation error occurs during permissions update, a php error occurs (jondaley)

0001568: [Miscellaneous] vbb integration error (jondaley)

0001557: [Locale] Correct uno catalan string (jondaley)

0001552: [Core] New blog has comments enabled on "welcome" post, if not created via the administration panel (jondaley)

0001548: [Core] Search show result on future post ! (jondaley)

0001538: [Core] URL validator does not work under php5 (jondaley)

0001515: [Core] Search engine partially searches draft posts when not using the fulltext searches (jondaley)

0001534: [Core] .htaccess is missing the forcetype for "content" (jondaley)

0001535: [Plugins] bad-behavior has a couple upgrades (jondaley)

0001531: [Locale] Ukrainian localization created and can be commited to trunk now. (jondaley)

0001530: [Core] disable_javascript_calendar config setting breaks the save draft button (jondaley)

0001522: [Core] Including Youtube Links via TinyMCE does not work (r3t0)

0001527: [Core] Rewrite rule for paged view broken for pages containing 0 (r3t0)

0001520: [Core] purge blogs will sometimes die while purging due to too many things going on at once (jondaley)

0001463: [Core] Duplicate Post Categories (jondaley)

0001475: [Core] Auto-detection of trackback URLs fails in some cases. (jondaley)

0001134: [Summary page] properties of fieldset are repeated (jondaley)

0001374: [Plugins] Modified version (does not need blogId) (jondaley)

0001484: [Core] Referers table updating despite of referer_tracker_enabled set to No (jondaley)

0001494: [Core] .htaccess is missing ReWriteRule for Archives and Links Section. (jondaley)

0001516: [Core] Problem uploading files to gallery using the API (jondaley)

0001514: [User Interface] There is a new version of TinyMCE: 2.1.3 (jondaley)

0001513: [Core] Not changing the name of "general" category on link (jondaley)

0001501: [Core] Comment flooding (jondaley)

0001509: [User Interface] messy error on bmp upload attempt (jondaley)

0001611: [Documentation] max php version for 1.2.9 due to 0001578 (jondaley)

0001608: [Core] illegal user check for password reset needs modification (jondaley)

0001606: [Core] Plugin Error (namespace) in tidyoutput (jondaley)