---------------- 1.0.4 Released -- [21-Nov-2005 10:00 UTC] ------------------ This Release Contains following Security Fixes Critical Level Threat * Potentional XSS injection through GET and other variables * Hardened SEF against XSS injection Low Level Threat * Potential SQL injection in Polls modules through the Itemid variable * Potential SQL injection in several methods in mosDBTable class * Potential misuse of Media component file management functions * Add search limit param (default of 50) to `Search` Mambots to prevent search flooding -- -- -- -- -- ---- -- ---- -- ---- -- ---- -- ---- -- ---- -- ---- -- ---- -- ---- -- ---- -- -- 20-Nov-2005 Levis Bisson # Fixed Artifact [artf1967] displays with an escaped apostrophe in both title and TOC. 20-Nov-2005 Emir Sakic * SECURITY [ Critical Level ]: Hardened SEF against XSS injection 19-Nov-2005 Levis Bisson # replaced charset=utf-8 to charset=iso-8859-1 in language file 19-Nov-2005 Andrew Eddie * SECURITY [ Critical Level ]: Fixed XSS injection of global variable through the _GET array 17-Nov-2005 Johan Janssens ^ Replaced install.png with new image - Reverted [artf2139] : admin menu xhtml + Added clone function for PHP5 backwards compatibility 16-Nov-2005 Rey Gigataras # Fixed [artf2137] : editorArea xhtml # Fixed [artf2139] : admin menu xhtml # Fixed [artf2136] : Admin menubar valid xhtml # Fixed [artf2135] : Admin invalid xhtml # Fixed [artf2140] : mosMenuBar::publishList # Fixed [artf2027] : uploading images from custom component 13-Nov-2005 Rey Gigataras # PERFORMANCE: Fixed [artf1993] : Inefficient queries in com_content # Fixed [artf2021] : [artf1791] : Failed Login results in redirect to referring page # Fixed [artf2021] : appendMetaTag() prepends instead of appends # Fixed [artf1981] : incorrect url's at next/previous links at content items # Fixed [artf2079] : SQL error in category manager thru contact manager # Fixed [artf1586] : .htaccess - RewriteEngine problem # Fixed [artf1976] : Check for custom icon in mod_quickicon.php 11-Nov-2005 Andy Miller # Fixed issue with RSS module not displaying inside module rendering wrapper 10-Nov-2005 Rey Gigataras # Fixed contact component dropdown select category bug 07-Nov-2005 Rey Gigataras # Fixed mod_quickicon `redeclaration of function` error possibilities 07-Nov-2005 Johan Janssens # Fixed [artf1648] : tinyMCE BR and P elements # Fixed [artf1700] : TinyMCE doesn't support relative URL's for images 07-Nov-2005 Andrew Eddie * SECURITY [ Low Level ]: Fixed [artf1978] : mod_poll SQL Injection Vulnerability * SECURITY [ Low Level ]: Fixed SQL injection possibility in several mosDBTable methods * SECURITY [ Low Level ]: Fixed malicious injection into filename variables in com_media ^ mosDBTable::publish_array renamed to publish ^ mosDBTable::save no longer updates the ordering (must now be done separately) 06-Nov-2005 Rey Gigataras * SECURITY [ Low Level ]: Add search limit param (default of 50) to `Search` Mambots to prevent search flooding # Fixed custom() & customX() functions in menu.html.php no checking for image in /administrator/images/ 04-Nov-2005 Rey Gigataras # Fixed [artf1953] : Page Class Suffix in Contacts component # Fixed [artf1945] : mosToolTip not generating valid xhtml 03-Nov-2005 Rey Gigataras + modduleclass_sfx support to mod_poll # Fixed [artf1902] : Incorrect number of table cells in mod_poll 03-Nov-2005 Samuel Moffatt # Fixed bug which prevented component uninstall if another XML file was in the directory 01-Nov-2005 Rey Gigataras # Fixed [artf1888] : linkable [category|section] URL incorrect # Fixed [artf1620] : Hardcoded words in pdf.php # Fixed [artf1887] : Content: Bug in creation date generation 31-Oct-2005 Johan Janssens # Fixed [artf1277] : News Feed Display Bad Accent character 31-Oct-2005 Rey Gigataras # Fixed [artf1739] : Problem with the menuitem type url and assigned templates and modules # Fixed [artf1574] : Who is online after update to Joomla 1.0.3 no more work correctly # Fixed [artf1666] : Notice: on component installation # Fixed [artf1573] : Manage Banners | Error in Field Name # Fixed [artf1597] : Small bug in loadAssocList function in database.php # Fixed [artf1832] : Logout problem # Fixed [artf1769] : Undefined index: 2 in includes/joomla.php on line 2721 # Fixed [artf1749] : Email-to-friend is NOT actually from friend # Fixed [artf1591] : page is expired at installation # Fixed [artf1851] : 1.0.2 copy content has error # Fixed [artf1569] : Display of mouseover in IE gives a problem with a dropdown-box # Fixed [artf1869] : Poll produces MySQL-Error when accessed via Component Link # Fixed [artf1694] : 1.0.3 undefined indexes filter_sectionid and catid on "Add New Content" # Fixed [artf1834] : English Localisation # Fixed [artf1771] : Wrong mosmsg # Fixed [artf1792] : "Receive Submission Emails" label is misleading # Fixed [artf1770] : Undefined index: HTTP_USER_AGENT 30-Oct-2005 Rey Gigataras ^ Upgraded TinyMCE Compressor [1.02] ^ Upgraded TinyMCE [2.0 RC4] 27-Oct-2005 Johan Janssens # Fixed [artf1671] : Media Manager # Fixed [artf1814] : Tab Class wrong # Fixed [artf1086] : Icons at the control panel fall apart 26-Oct-2005 Samuel Moffatt # Fixed bug where a new database object with the same username, password and host but different database name would kill Joomla! 25-Oct-2005 Johan Janssens # Fixed [artf1733] : $contact->id used instead of $Itemid # Fixed [artf1654] : base url above title tag # Fixed [artf1738] : Registration - javascript alert 23-Oct-2005 Rey Gigataras # Fixed [artf1695] : Show Empty Categories in Section does not work # Fixed [artf1710] : Unnecessary queries (optimization) # Fixed [artf1711] : Missing whitespace in search results # Fixed [artf1706] : Mambo logo not removed from admin images # Fixed [artf1708] : Search CMT: Hardcoded date format # Fixed [artf1689] : Joomla! Installer - Wording still not correct # Fixed [artf1692] : email and print buttons (maybe also the PDF) does not validate 19-Oct-2005 Andrew Eddie # Fixed missing autoclear in "list-item" stock template 19-Oct-2005 Rey Gigataras # Fixed [artf1577] : MenuLink Blog section error 19-Oct-2005 Levis Bisson Applyed Feature Requests: ^ Artifact [artf1282] : Easier sorting of static content in creating menu links ^ Artifact [artf1162] : Remove hardcoding of <<, <, > and >> in pageNavigation.php