Age | Commit message (Collapse) | Author | Files | Lines |
|
translation files will be included in Contao core from next major release
(Contao 3.0).
|
|
Version 2.11.6 (2012-09-26)
---------------------------
### Fixed
Correctly handle root pages in `Controller::getPageDetails()` (see #4610).
### Fixed
Consider the page language when forwarding (see #4841).
### Fixed
URL encode the enclosure URLs in RSS/Atom feeds (see #4839).
### Fixed
Also create empty templates folders if a theme is imported (see #4793).
### Fixed
Decode Punycode domains when used via insert tag (see #4753).
### Fixed
Correctly handle open tags in `String::substrHtml()` (see #4773).
### Fixed
Correctly handle units when importing style sheets (see #4721).
### Fixed
The mediabox plugin did not play Vimeo videos (see #4770).
### Fixed
Correctly align stylect menus in the form generator in the back end (see #4557).
### Fixed
Add a link if a news item or event points to an internal page (see #4671).
### Fixed
Wrap the MooTools fallback into CDATA tags on XHTML pages (see #4680).
### Fixed
Do not add a default value to textareas (see #4722).
### Fixed
Do not override the comments array in case login is required to comment,
otherwise no commets will be shown (see #4064).
|
|
* Include contao/Makefile.common from contao/Makefile.example.
* Add code some fragment tward to Contao 3.0 support.
* Add CT_VERBASE to use COMMENT.
* Use CT_FILES to Contao's files directory name.
|
|
And now, use URL with language directory ("en") to surpress redirection.
|
|
* Utilize contao/options.translations.mk.
No functional change.
|
|
It also fixes a little security problem of permission check about undo
processing.
Quote from release announce: http://www.contao.org/en/news/contao-2_11_5.html
The bugfix release fixes a couple of issues, including the SOAP
compression problem in PHP 5.4, the IDNA URL converting issue and
the TinyMCE relative URLs problem.
|
|
|
|
|
|
contao/Makefile.translations.
|
|
|
|
Fixes a critical privilege escalation:
http://www.contao.org/en/news/contao-2_11_4.html
Version 2.11.4 (2012-06-12)
* Fixed
Fixed a critical privilege escalation vulnerability which allowed
regular users to make themselves administrators (see #4427).
* Fixed
Support insert tags as external redirect target (see #4373).
* Updated
Updated the CSS3PIE plugin to version 1.0.0 (see #4378).
* Fixed
Re-applied the "autofocus the first field" patch (see #4297).
* Fixed
The pagination menu fix was missing in the listing, search and RSS reader
modules (see #4292).
* Fixed
Added the "required" attribute to the captcha input field (see #4247).
* Fixed
Correctly tell Google Analytics to anonymize the visitor's IP (see
#4290). Heads up: Adjust your moo_analytics templates accordingly!
* Fixed
Correctly align stylect menus in Safari and Opera (see #4284).
|
|
Noted by David Holland, thanks much.
|
|
* Update "used by" in comments.
|
|
Security release.
Version 2.11.2 (2012-03-14)
---------------------------
### Fixed
Fixed an issue with the CSS3PIE url being incorrectly rewritten (see #4074).
### Fixed
Fixed a security vulnerability in the file manager which allowed back end users
to download files from the `tl_files` directory even if they were not mounted in
their profile (thanks to Marko Cupic).
### Fixed
Fixed a potential XSS vulnerability in the undo module (thanks to Oliver Klee).
The issue is not considered critical, because it requires the script tag to be
in the list of allowed HTML tags, which is not the case by default.
### Fixed
The IDNA convert class did not run under PHP 5.2 (see #4044).
|
|
Nothing would not change with binary package, no PKGREVISION change again.
|
|
|
|
|
|
|
|
|
|
|
|
Version 2.10.4 (2011-12-30)
---------------------------
- Fixed: the Environment class did not always return the correct script name
(#3603)
- Fixed: close the connection after sending a file to the browser (#3602)
- Fixed: the new Ajax cron trigger did not work in IE8 due to missing
Date.now() support (#3681)
- Fixed: do not block ressources required by the Google website preview in the
robots.txt file (#3688)
- Fixed: correctly update the cache after a new template has been created
(#3676)
- Fixed: correctly handle HTML comments in inline JavaScripts (#3696)
- Fixed: get the next autoincrement ID when importing a theme so deleted
themes can be restored (#3604)
- Fixed a few minor issues
|
|
Version 2.10.3 (2011-11-07)
---------------------------
- Fixed: the postLogin/Logout hooks broke the save() method of the model
(#3545)
- Fixed: the style sheet editor did not handle font-family/size:inherit
correctly (#3531)
- Fixed: MooTools changed the default wMode settings for Swiff (#3540)
- Fixed: the style sheet importer did not handle
border-color:transparent/inherit (#3480)
- Fixed: do not index empty news/event/FAQ/newsletter reader pages (#3511)
- Fixed: group labels were not always loaded correctly (#3591)
- Fixed: added a rename() workaround for Windows to the FileCache class (#3390)
- Fixed: the site structure was not ordered properly for non-admins (#3423)
- Fixed: custom layout sections were not displayed in "override all" mode
(#3460)
- Fixed a few minor issues
|
|
It is really fix the XSS problem.
Version 2.10.2 (2011-10-10)
---------------------------
- Updated: updated TinyMCE to version 3.4.6
- Fixed: do not remove slashes just because get_magic_quotes_gpc() exists
- Fixed: CSS units were not always applied when used with global variables
(#3464)
- Fixed: the task deadline field did not show the date picker (#3351)
- Fixed: do not return empty lines in the compileDefinition hook (#3440)
- Fixed: the TinyMCE spellchecker did not work anymore (#3487)
- Fixed: the regexp for validating phone numbers accepted invalid values
(#3493)
- Fixed: added the new HTML5 elements to the valid TinyMCE tags (#3479)
- Fixed: the style sheet generator did not support absolute URLs (#3512)
- Fixed: fixed a potential XSS vulnerability (thanks to sschurtz)
- Fixed a few minor issues
|
|
From release announce:
The maintenance release provides stability fixes for the version 2.10
branch and updates TinyMCE to version 3.4.4 (which fixes a few IE9
issues).
pkgsrc change:
Add a note to MESSAGE needs of www/php-tidy package when using minify
the HTML markup function of Contao 2.10.
|
|
|
|
|
|
|
|
|
|
|