5.6.3 Release Notes

Feature Updates

  • Languages with greater than 90% completion are now included in concrete5, meaning they can be installed immediately (thanks international team, included mlocati, hissy, Remo, patrickheck, more…)
  • Much Improved Stacks, including the following new features (thanks Mainio!)
    • Add block from clipboard
    • Rename the stack
    • Duplicate the stack
    • Reorder stacks
  • Added task permission to control who can export users from user search.
  • Added the ability to add one permission line or remove one permission line from pages in bulk.
  • User selector now has the ability to clear the user (thanks NazWeb)
  • Much improved user password hashing, security improvements and hardening (thanks bdsl!)
  • TinyMCE is now localized (thanks mlocati and tao-s)
  • You can now test your email settings from the email settings dashboard page. (thanks mlocati!)

Miscellaneous Improvements

  • Retain multibyte file titles when uploading files in other languages (thanks hissy).
  • Usernames can now contain periods in the middle (not at the beginning or end) (thanks mlocati.)
  • Page attributes are now listed by attribute set display order, if they happen to fall into one (thanks jordanlev)
  • Various localization fixes and additions (thanks mlocati, Remo, ojalehto, patrickheck)
  • Profile pages are now translateable (thanks Remo)
  • Can override Block assets from a package https://github.com/concrete5/concrete5/pull/1419 (ojalehto, remo)
  • Refactored generate sitemap job for better extensibility and readability (thanks Remo and mlocati.)
  • Package items are localized when uninstalling (thanks mlocati.)
  • Date picker is better localized, reducing bugs (thanks patrickheck)
  • Add version to installation screen https://github.com/concrete5/concrete5/pull/1424 (thanks mesuva)
  • Better support for mysqli in certain query situations (thanks NazWeb)
  • Area names now appear translated (thanks Remo and mlocati)
  • Additional CSS classes for core components now present (thanks Remo and mlocati)
  • Better localization of some displayed dates and times (thanks mlocati)
  • You can now clear alternate file storage locations.
  • We now use Imagick for image resizing if it happens to be installed (thanks JeffPaetkau!)
  • Defaulting session cookie to httpOnly (thanks Indrek Kõnnussaar)
  • Faster page publishing when using composer and publishing to a location of the site with a large number of peer pages (thanks hutbert)

Bug Fixes

  • Better sanitization integer value in cID parameter so you can’t trigger an exception by passing an array as cID (Note: no SQL injection possible in this bug – just an ugly exception error display.)
  • Fix bug where custom templates applied to blocks weren’t always displayed on blocks in pages when those blocks used output caching.
  • Page Search Index content field is now larger (thanks mlocati.)
  • Fixed bug in advanced permissions where dragging an empty label or an un-saved label and then editing it could modify other permission rows.
  • Date Archive block threw error on some php installations due to case of loader call
  • Disable on_render_complete on upgrade
  • Package update improvements when downloading from concrete5.org
  • Fixed group related ID bug when using MySQL in a different auto increment setting (thanks chemett.) Related discussion here: http://www.concrete5.org/developers/bugs/5-6-2-1/install-fails-with-mysql-auto-increment-offset-set/
  • Resolved issues in OpenID authentication that broke OpenID on PHP 5.3, and resulted in other errors.
  • fixed http://www.concrete5.org/developers/bugs/5-6-2-1/copy-php-code-to-blogs-description-area-is-buggy/
  • Better implementation of the “remain logged in” cookie (thanks Indrek Kõnnussaar and others for pointing out the issues.)
  • Fixed potential sql vulnerability here: http://www.concrete5.org/developers/bugs/5-6-2-1/item-list-pagination-unsanitized-current-page/
  • Job installation message typo (thanks bluefuton)
  • CSRF Protection in Edit Profile Page (thanks Indrek Kõnnussaar)
  • XSS Flaw fixed in Public registration page (thanks Indrek Kõnnussaar)
  • Fix http://www.concrete5.org/developers/bugs/5-6-2-1/error-when-pasting-scrapbook-from-clipboard/
  • Fix http://www.concrete5.org/developers/bugs/5-6-1-2/overriding-single-pages-within-a-theme-package/
  • Stronger anti-session-fixation measures
  • Fix http://www.concrete5.org/developers/bugs/5-6-2-1/adding-datetime-user-attribute-required-on-registration-form-blo/
  • Fix area handles with special characters in block delete https://github.com/concrete5/concrete5/pull/1324
  • FileSet::populateFiles respects display order
  • Blog Entry date formatting for localization https://github.com/concrete5/concrete5/pull/1317
  • Blog Thumbnail data localization fix https://github.com/concrete5/concrete5/pull/1327
  • Profile date format for localization https://github.com/concrete5/concrete5/pull/1339
  • Prevent very high numbers in sitemap totals https://github.com/concrete5/concrete5/pull/1338
  • Improve export on some charsets https://github.com/concrete5/concrete5/pull/1335
  • Fix http://www.concrete5.org/developers/bugs/5-6-2-1/javascript-errors-when-adding-select-attribute-values/
  • Fixed bug “Custom block design / Collection Versions / design is lost after block reorder” - thanks mlocati.
  • Fixed http://www.concrete5.org/developers/bugs/5-6-2-1/adding-background-design-to-main-area-causes-all-stacks-placed-o/#discussionpost
  • Fixed http://www.concrete5.org/developers/bugs/5-6-2-1/non-translated-value-select-some-options/ (thanks mlocati)
  • Fixed bug with blocks being kicked out of layouts after move - thanks mlocati
  • Fixed http://www.concrete5.org/developers/bugs/5-6-2-1/unable-to-add-tags-block-to-a-stack (thanks mkly)
  • Fixed group enter/exit events not firing when a user is updated in the dashboard
  • Fix http://www.concrete5.org/developers/bugs/5-6-2-1/fatal-error-during-upgrade-due-to-missing-administrators-group/
  • Fix http://www.concrete5.org/developers/bugs/5-6-2-1/event-handlers-during-upgrade-process/
  • Prevent ccm.sitemap.js 404 in registration form https://github.com/concrete5/concrete5/pull/1357
  • Change job queue batch size to a 10 and added constant JOB_QUEUE_BATCH_SIZE
  • Fix error in sitemap index with blocks that no longer exists https://github.com/concrete5/concrete5/pull/1363 (thanks akodde)
  • Fix http://www.concrete5.org/developers/bugs/5-6-2-1/call-to-a-member-function-submit-on-a-non-object-on-backup-datab/
  • Fix http://www.concrete5.org/developers/bugs/5-6-2-1/error-messages-not-shown-in-backup-page/
  • Fix http://www.concrete5.org/developers/bugs/5-6-2-1/illegal-job-run-duration-causes-a-database-exception/
  • Fix http://www.concrete5.org/developers/bugs/5-6-2-1/cannot-save-versions-repost/ (thanks mkly)
  • Fixed http://www.concrete5.org/developers/bugs/5-6-2-1/form-date-field-xss-bug/#598679 (thanks patrickheck)
  • Fix http://www.concrete5.org/index.php?cID=574181 (thanks patrickheck)
  • Fix http://www.concrete5.org/developers/bugs/5-6-2-1/jobs-concrete5-5.6.2-dropped-api-support-for-jhandle/
  • Fixed some full path disclosure bugs in certain newer dashboard files (thanks Osanda)
  • Fix http://www.concrete5.org/developers/bugs/5-6-2-1/url-slug-suggestion-is-too-slow-when-adding-new-pages/
  • Fixed http://www.concrete5.org/developers/bugs/5-6-2-1/survey-details-does-not-include-anonimous-responses/ (thanks mlocati)
  • Fixed bug when editing page type defaults for page types that had an apostrophe in them.
  • Fix http://www.concrete5.org/developers/bugs/5-6-2-1/php-warning-on-add-blockadd-date-navigation-page/
  • Fix some package urls to all be relative https://github.com/concrete5/concrete5/pull/1348
  • Fixed http://www.concrete5.org/developers/bugs/5-6-2-1/search/#559776 (thanks mlocati)
  • Fix missing translation in Bulk SEO Tool https://github.com/concrete5/concrete5/pull/1409
  • Fixed http://www.concrete5.org/developers/bugs/5-6-2-1/form-block-file-upload-issues/ (thanks mlocati)
  • Fixed http://www.concrete5.org/developers/bugs/5-6-2-1/youtube-block-firefox-v.23-blocked-loading-mixed-active-content/ (thanks Remo)
  • Fixed redirect and XSS flaws in download file single page. (Thanks @OsandaMalith and Prem Kumar!)
  • Fixed http://www.concrete5.org/developers/bugs/5-6-2-1/unhandled-exception-when-downloading-invalid-files/ (thanks mlocati)
  • Fixed http://www.concrete5.org/developers/bugs/5-6-2-1/language-for-new-users-should-be-same-as-default-language-5.3.rc/ (thanks mlocati)
  • Fixed http://www.concrete5.org/developers/bugs/5-6-2-1/strings-break-from-getjavascriptstrings-to-ccm_t-if-they-include/ (thanks mlocati)
  • Fixed http://www.concrete5.org/developers/bugs/5-6-2-1/dashboardsitemap-deleting-fails-because-string-is-not-escaped/ (thanks remo)
  • Fixed http://www.concrete5.org/developers/bugs/5-6-2-1/mail-helper-reply-to-header-set-twice/ (thanks Remo)
  • Fixed http://www.concrete5.org/index.php?cID=554715&editmode= (thanks mlocati)
  • fixed http://www.concrete5.org/developers/bugs/5-6-2-1/ghost-execution-of-queuable-jobs/ (thanks JohnTheFish)
  • Fixed http://www.concrete5.org/developers/bugs/5-6-2-1/slices-of-many-queable-jobs-could-be-executed-together/ (thanks JohnTheFish)
  • Fix http://www.concrete5.org/developers/bugs/5-6-2-1/spaces-in-stateprovince-kill-js-on-user-edit-page./
  • Fixed http://www.concrete5.org/developers/bugs/5-6-2-1/blog-date-archive-block/#573700 (thanks mlocati and Guido)
  • Fixed “regular expression too large” error that could occur when using code that used the URLify library.
  • Moved on_page_view event to be process.php’s inclusion for improved multilingual support with the Multilingual Add-On (allowing for localization of the form block, etc…)
  • Fixed http://www.concrete5.org/developers/bugs/5-6-2-1/rss-link-broken-when-using-a-custom-template-for-page-list-block/#597918

Developer Updates

  • Some code cleanups for Strict and Notice
  • Code cleanups (thanks ojalehto)
  • URLify library updated to latest version.
  • Select attributes now allow users to add new values through code through setAttribute, if the attribute allows it.
  • New build process through Grunt should improve the PHP short tag to full tag conversion, automatically downloads nearly completed languages, and clarifies and simplifies our toolchain.