| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Noted by David Holland, thanks much.
|
|
* Update "used by" in comments.
|
|
Security release.
Version 2.11.2 (2012-03-14)
---------------------------
### Fixed
Fixed an issue with the CSS3PIE url being incorrectly rewritten (see #4074).
### Fixed
Fixed a security vulnerability in the file manager which allowed back end users
to download files from the `tl_files` directory even if they were not mounted in
their profile (thanks to Marko Cupic).
### Fixed
Fixed a potential XSS vulnerability in the undo module (thanks to Oliver Klee).
The issue is not considered critical, because it requires the script tag to be
in the list of allowed HTML tags, which is not the case by default.
### Fixed
The IDNA convert class did not run under PHP 5.2 (see #4044).
|
|
Nothing would not change with binary package, no PKGREVISION change again.
|
|
|
|
|
|
|
|
|
|
|
|
Version 2.10.4 (2011-12-30)
---------------------------
- Fixed: the Environment class did not always return the correct script name
(#3603)
- Fixed: close the connection after sending a file to the browser (#3602)
- Fixed: the new Ajax cron trigger did not work in IE8 due to missing
Date.now() support (#3681)
- Fixed: do not block ressources required by the Google website preview in the
robots.txt file (#3688)
- Fixed: correctly update the cache after a new template has been created
(#3676)
- Fixed: correctly handle HTML comments in inline JavaScripts (#3696)
- Fixed: get the next autoincrement ID when importing a theme so deleted
themes can be restored (#3604)
- Fixed a few minor issues
|
|
Version 2.10.3 (2011-11-07)
---------------------------
- Fixed: the postLogin/Logout hooks broke the save() method of the model
(#3545)
- Fixed: the style sheet editor did not handle font-family/size:inherit
correctly (#3531)
- Fixed: MooTools changed the default wMode settings for Swiff (#3540)
- Fixed: the style sheet importer did not handle
border-color:transparent/inherit (#3480)
- Fixed: do not index empty news/event/FAQ/newsletter reader pages (#3511)
- Fixed: group labels were not always loaded correctly (#3591)
- Fixed: added a rename() workaround for Windows to the FileCache class (#3390)
- Fixed: the site structure was not ordered properly for non-admins (#3423)
- Fixed: custom layout sections were not displayed in "override all" mode
(#3460)
- Fixed a few minor issues
|
|
It is really fix the XSS problem.
Version 2.10.2 (2011-10-10)
---------------------------
- Updated: updated TinyMCE to version 3.4.6
- Fixed: do not remove slashes just because get_magic_quotes_gpc() exists
- Fixed: CSS units were not always applied when used with global variables
(#3464)
- Fixed: the task deadline field did not show the date picker (#3351)
- Fixed: do not return empty lines in the compileDefinition hook (#3440)
- Fixed: the TinyMCE spellchecker did not work anymore (#3487)
- Fixed: the regexp for validating phone numbers accepted invalid values
(#3493)
- Fixed: added the new HTML5 elements to the valid TinyMCE tags (#3479)
- Fixed: the style sheet generator did not support absolute URLs (#3512)
- Fixed: fixed a potential XSS vulnerability (thanks to sschurtz)
- Fixed a few minor issues
|
|
From release announce:
The maintenance release provides stability fixes for the version 2.10
branch and updates TinyMCE to version 3.4.4 (which fixes a few IE9
issues).
pkgsrc change:
Add a note to MESSAGE needs of www/php-tidy package when using minify
the HTML markup function of Contao 2.10.
|
|
|
|
|
|
|
|
|
|
|
