---------------- 1.0.6 Released -- [15-Jan-2006 15:00 UTC] ------------------ This Release Contains following Security Fixes Low Level Threat * Disallow Author from publishing items or changing publish state * Hardened Contact Component against misuse * Added simple filtering control ability to Contact Component * Hardened misuse of Contact Component `email copy` ability when not activated * Hardened misuse of Contact Component `VCard` ability when not activated * `VCard` & `Email Copy` options set to hide by default * Multiple Vulnerabilities in TinyMCE Compressor * Hardened Itemid against misuse * Hide database password in Global Configuration -- -- -- -- -- ---- -- ---- -- ---- -- ---- -- ---- -- ---- -- ---- -- ---- -- ---- -- ---- -- -- 15-Jan-2006 Rey Gigataras * SECURITY [ Low Level ]: Hide database password in Global Configuration # Fixed [artf3064] : Warning: Invalid argument supplied mod_fullmenu Line 57 # Fixed [artf3063] : Poll Component Output Display Error 14-Jan-2006 Louis Landry # Fixed Caching `Blog` pagination problem 14-Jan-2006 Rey Gigataras * SECURITY [ Low Level ]: disallow Author from publishing items or changing publish state [identified Max Dymond] # Fixed [artf3055] : Weblink submit, no email to admin # Fixed [artf3045] : Unhandled fragment identifier with core SEF enabled # Fixed [artf3032] : 1783: Can't get custom CSS in Tiny MCE # Fixed [artf3052] : Contact Component Re-Direct Issue # Fixed [artf3043] : Login & Logout redirecting to $mosConfig_live_site # Fixed [artf3040] : Site Modules | Display can be duplicated on Pages # Fixed problem with display mod_rssfeed twice on a page ^ Contact Component confirmation now uses mosredireect msg, rather than JS 13-Jan-2005 Andrew Eddie # Fixed bug in database::loadRowList that reutrn assoc and not numerical array # Fixed bug in index2.php where joomlajavascript.js is not included 13-Jan-2006 Rey Gigataras * SECURITY [ Low Level ]: + simple filter check to Contact Component # Fixed [artf3038] : Warning: array_search(): Wrong datatype for second argument in # Fixed [artf3037] : New 404 tags aren't translated # Fixed [artf3035] : Bug with mod_newsflash 12-Jan-2006 Alex Kempkens # Fixed mosFormateDate, handling offset's with value 0 12-Jan-2006 Rey Gigataras * SECURITY [ Low Level ]: changed `Email Copy` param option for new Contacts now set to `hide` # Fixed [artf2070] : mosHTML:encoding_converter() breaks with ö # Fixed missing
  • tag in newsfeed component # Fixed [artf1487] : Media Manager breaks when illegal characters in uploaded file name # Fixed [artf2108] : Saving a parent inside of a child + caching support to `Frontpage` component + missing param for `Table - Weblink Category` - sef handling in mod_search.php as SEF - unnecessary `checked out` check in mod_latestnews.php and mod_mostread.php - unnecessary param variable in mod_latestnews.php 10-Jan-2006 Rey Gigataras * SECURITY [ Low Level ]: Fixed [artf2386] : Preventing Spambots through com_contact # Fixed [artf2622] : admin.users.php session_start called when a session is already open # Fixed [artf2789] : invalid xhtml # Fixed [artf2989] : User WYSIWYG editor setting resets after adding new user from backend # Fixed [artf2986] : Wrong link to image-icon in weblinks 08-Jan-2006 Johan Janssens * SECURITY [ Low Level ]: Fixed Security Vulnerability in TinyMCE Compressor 08-Jan-2006 Rey Gigataras * SECURITY [ Low Level ]: Fixed [artf2950] : Information leak with Vcard hide function * SECURITY [ Low Level ]: changed `VCard` param option for new Contacts now set to `hide` # Fixed DOMIT bugs [identified by sarahk] http://sarahk.pcpropertymanager.com/blog/using-domit-rss/225/ # Fixed [artf2793] : New user confirmation link warning on login # Fixed [artf2732] : Pagination in the Blog section/category doesnt work # Fixed [artf2943] : Incorrect Redirect for Weblinks # Fixed [artf2945] : Undefined constant in php_http_exceptions.php 07-Jan-2006 Rey Gigataras # Fixed [artf2933] : Pathway problem on Windows 06-Jan-2006 Rey Gigataras ^ changed mod_archive so that no Itemid is assigned, meaning it uses the default Itemid=99999999 # Fixed [artf2738] : Incorrect SEF links for archive com_content links # Fixed [artf1809] : mospagebreak problem with "Special Characters" # Fixed [artf2861] : article_seperator glitch 05-Jan-2006 Rey Gigataras # Fixed [artf2825] : RSS module SEF urls 04-Jan-2006 Rey Gigataras * SECURITY [ Low Level ]: Fixed [artf2050] : Itemid in index2.php # Fixed Related items Module shows Expired items - Mambo Tracker [#7590] # Fixed [artf2185] : Changing weblinks possible for everyone 03-Jan-2006 Andy Miller ^ Updated copyright information for iCandy Junior icons 03-Jan-2005 Rey Gigataras # Fixed XHTML validation error in `Blog` view with decmimal value widths # Fixed XHTML validation error in `Table - Content Category` # Fixed [artf2791] : RSS item links not SEF'd # Fixed [artf2791] : RSS items have no category # Fixed [artf2813] : Media Manager doesn't support ICO files 02-Jan-2006 Rey Gigataras # Fixed [artf2802] : All content made bold for Rss module published on the frontpage # Fixed [artf2780] : Newsflash Read More bad link # Fixed [artf2786] : Newsflash module not picking up "linked title" global setting # Fixed [artf2810] : 1.0.x changelog incorrectly states release date of 1.0.5 30-Dec-2005 Rey Gigataras # Fixed `Unlimited` banner impressions option # Fixed [artf2776] : Multiple banners not possible # Fixed [artf2788] : admin template css errors 29-Dec-2005 Rey Gigataras # Fixed [artf2646] : name="" not valid XHTML # Fixed [artf2747] : title_alias is missing in mambots # Fixed `Reset Clicks` button not working in admin component `Banner Manager` # Fixed [artf2712] : Clicks reset on save 29-Dec-2005 Andrew Eddie ^ SEF error handling throws to new /templates/404.php file # Rolled back changes to database::insertObject + New prototype MySQL 5 driver 24-Dec-2005 Emir Sakic # Fixed a bug with 404 header being returned for homepage when SEF activated # Fixed a bug with all items on frontpage returning Itemid=1 (duplicate content)