The following has changed in 5.0.0RC1.

  • Fixed SQL injection vulnerability in User Class
  • Fixed minor SQL injection vulnerabilities in Concrete helpers
  • Fix insert image/file in IE 7
  • Fixed potential major data loss bug when deleting pages that contain child pages which are aliased pages.
  • Made signing in with just an email address a configurable option.
  • Prettified the default registration form.
  • Moved registration form processing into a registration controller
  • Added logging to C5 with rudimentary ability to save email logs, define end-user logging, and view SQL within the context of a log.
  • Fixed javascript error that occurred when using firefox in the dashboard on the “defaults” button
  • Allow punctuation and dashes and things in passwords
  • The search block should alert you when trying to add a search form when no index has been created.
  • Search block should fail gracefully if no index is present.
  • AutoNav preview is now in a tabbed interface, more elegant code-wise, and more accurate.
  • Including new versions of Jquery, Jquery Form and Jquery UI to improve performance
  • Including new code for calculating display order of blocks, hopefully fixing some bugs in that department
  • Fixing the creation/deletion of external links when not logged in as super user
  • file_get_contents replaced with call to file handler’s getcontents, which uses allow_url_fopen to see whether we can use file_get_contents or curl
  • Simple Permissions Model Let’s you choose Groups for Reading at the individual page level (not the radio buttons anymore)
  • File block gets password option.
  • Dashboard cosmetic updates, including improved block type management, block type deletion, page type deletion
  • Generate Sitemap Job makes it easy to create simple sitemap.xml files.
  • Concrete5 can check for updates
  • Fixed a bug in which external links would turn into regular pages when being copied
  • Concrete5 should work with servers that have short_open_tag turned off (This is experimental.)
  • More graceful installation
  • Magic_Quotes_GPC no longer needs to be explicitly disabled. If it is not, magic_quotes_gpc_check.php will be run and quotes will be removed at runtime.
  • Fixed a weird potential bug where going directly to dispatcher.php shows the install screen.
  • The following blocks obtain user-supplied input. These blocks did not use to sanitize this input at all. They now do so, using the sanitize() method in the text helper. 
    • Form
    • Guestbook
  • Bug fixes when adding single pages through the dashboard
  • Improved Developer API

Comments:

You must be logged in to leave a reply.