5.4.2.2 Release Notes

Bug Fixes & Security Improvements

  • Fixed SQL security bug in ItemList::sortBy
  • Fixed path disclosure bug in RSS tools in page list block
  • Fixed path disclosure bug in block passthrough.
  • Fixed XSS bug in RCID value on login page.
  • Fixed minor XSS bugs in the guestbook block view after post
  • Fixed minor XSS bugs in Add/Edit Page Types (Dashboard)
  • Fixed minor XSS bugs in Single Pages (Dashboard)
  • Fixed minor XSS bugs in Dashboard Groups (Dashboard)
  • Fixed minor XSS bugs in User Create
  • Make it so that blocks can be loaded from core packages (thanks Mnkras)
  • Fixed Attribute Type tool so an invalid action doesn't result in an error
  • Localization fixes (thanks concrete5russia)
  • Made package tools overrideable in the root level tools folder
  • Updated JavaScript ccm_addHeaderItem() to be more reliable with CSS in Internet Explorer (thanks Shotster)
  • Fixed bug where a packaged block couldn't be refreshed if it was overridden in the core (thanks Shotster)
  • Fixed missing quotation in form block that could cause nesting problems on post (Thanks arcanepain)
  • jQuery UI datepicker uses LANGUAGE instead of ACTIVE_LOCALE (thanks concrete5japan)
  • Removed second type attribute in form block edit interface (thanks Christiaan)
  • Fixed default date format retention bug in rss_displayer block (thanks janscarton)
  • Fixed bug in file properties dialog that would cause the properties to become un-editable if a user was deleted and there was a statistic record for that user and file
  • Fix bug where setting email address as user name in login form when logging in via email would strip certain characters (pull request by Mnkras)

Behavioral Improvements

  • Added index / db schema change to: Pages and CollectionVersionBlocks to speed up Block::getOriginalCollection() method
  • Setting LANGUAGE constant in the default core themes (pull request by patrickheck)
  • Allow any header item to be added to JavaScript addHeaderItem function.
  • Automatically populate additional URL with old URL (only used in JavaScript when editing page paths through the UI) (thanks xenyz)
  • Added site URL before page path (thanks melat0nin)
  • If a page is edited by a user, that information is present in the edited by overlay now (thanks 12345j and Mnkras)
  • Change attribute "Searchable" checkbox labels to be more informative (thanks jordanlev)
  • Added youtubeBlock class to the YouTube video block so it can be styled by CSS (thanks christiaan)
  • Added max username validation length to the concrete5 User validation helper. (thanks Mnkras)
  • Zend_Locale data will now be stored with the default cache files (pull request by stefangr)
  • Fixes occasional issue when downloading files via any web browser. File size was showing up as unknown and the progress bar wouldn't work. (pull request by hi-voltage)

Developer Updates

  • Added View::addFooterItems() support (Pull Request from jdmill)
  • Added priority and sorting by priority to site events so developers can manage the order of execution for different site events.
  • Added default log type (Pull request by mnkras)
  • Added new events (pull request by Mnkras):
    • on_file_set_password
    • on_file_add
    • on_file_version_add
    • on_file_download
    • on_file_version_duplicate
    • on_file_version_update_title
    • on_file_version_update_tags
    • on_file_version_update_description
    • on_file_version_approve
    • on_file_version_deny
    • on_user_enter_group
    • on_user_exit_group
    • on_user_friend_add
    • on_user_friend_remove
  • Modified all helper classes that stored local data to call a reset method when retrieved with Loader::helper()
  • Added shortenTextWord() to Text Helper (pull request by patrickheck)
  • Improved documentation for Text Helper (pull request by Mnkras)