Release 0.7-rc2

From Habari Project

Jump to: navigation, search



The 0.7 Release Candidate series is intended to provide a stable platform for users and developers to begin testing and migrating their sites to the 0.7 platform while flushing out bugs before a final release. It should be nearly as stable as a final release but generally should not be used in production environments.

Issues addressed

This section describes specific changes made since 0.7 Release Candidate 1. For full details of the changes between the 0.6 and 0.7 releases, please see the full 0.7 Release Notes.


  • A bug in the filtering of href attributes of <a> tags in comments could have allowed an XSS exploit. Fixed in r4912
  • The commenter's name field was not properly stripped of all HTML. When combined with the above issue this could have resulted in an XSS exploit. Fixed in r4193
  • <img> tags in comments were poorly sanitized, allowing a potential XSS exploit. Fixed in r4914 and r4915


  • An issue that could have resulted in data loss if you attempted to reinstall Habari with an existing SQLite database present was reported in #1412. A tentative fix was made in r4919.


  • The requirement introduced in RC1 that themes add a <class> declaration to their XML info files was removed, the class name should now be auto-detected in the same manner as that of plugins. Note that you still need to remove the THEME_CLASS declaration in your theme.php file. r4916

Known Bugs

As with any piece of software issues and enhancement requests remain. For full details see Habari's change management system.

Personal tools