Wiki source for WikkaReleaseNotes1163


Show raw source

[[WikkaReleaseNotes | Wikka Changelog]]
----
===== [[WhatsNew | Wikka 1.1.6.3]] Release Notes =====
''Released on May 7, 2007''

>>===This is an archive page===
For the **{{color c="red" text="latest release"}}** news please refer to [[WhatsNew | this page]].

==See also:==
~-**[[WhatsNew1163 | What's new in 1.1.6.3?]]**
~-[[ThirdPartyInfo | Third-party bundled software]]
~-[[http://wush.net/trac/wikka/roadmap | Wikka development roadmap]]
>>::c::

==Security patches==
~-Sanitized UserSettings to prevent JS injection. Ticket:363 (thanks to Sakaru)
~-Secured ##""LoadRecentComments()""## and ##""LoadRecentlyCommented()""##. Ticket:383
~-Dropped use of ##""GetEnv()""## to retrieve Wikka configuration because of potential security issues on shared servers. It's still possible to point to load a configuration file stored outside the installation directory (and outside the webroot, for increased security) by editing wikka.php, uncommenting the definition of WAKKA_CONFIG, and defining it as the path to your configuration file. Ticket:98
~-Fixed bug that allowed information on revisions to private pages (page name, edit note and revision datetime) to show up in the RecentChanges feed. Ticket:305
~-Replaced every occurrence of ##$_REQUEST## with ##$_GET## or ##$_POST## to enforce security of user input. Ticket:312
~-Patched a native PHP vulnerability (HTML Entity Encoder Heap Overflow Vulnerability) affecting virtually //any//web application running on PHP<5.2. The security fix was also applied to GeSHi version 1.0.7.18. Ticket:427
==Bug fixes==
~-Fixed bug producing invalid XHTML in referrer handlers. Ticket:469
~-Added missing trailing slash that could result in invalid ##base_url## during installation. Ticket:438
~-Fixed bug in Onyx that could prevent correct feed parsing when using PHP<4.3.0. Ticket:420
~-Further minor fixes. Ticket:466, Ticket:437

----
CategoryEN
Valid XHTML :: Valid CSS: :: Powered by WikkaWiki