Release 0.8

From Habari Project

(Difference between revisions)
Jump to: navigation, search
m (Upgrade Notes: Add pagination functions to the suggestions.)
(Upgrade Notes: link to the upgrading page instead of duplicating stuff.)
Line 39: Line 39:
=== Upgrade Notes ===
=== Upgrade Notes ===
-
* To protect your site from a potential path disclosure issue, please modify your <tt>config.php</tt> file and change the first line to look as follows:
+
Please read about [[Upgrading#Upgrading_from_Version_0.7.x_to_Version_0.8|upgrading to version 0.8]]. All users will be affected by the change in <strong>theme functions</strong> and many will want to remove a <strong>potential path disclosure issue</strong>. Now that it has been removed from the Habari installation, users of the <strong>k2 theme</strong> will need to manually include it.
-
 
+
-
<syntaxhighlight lang="php">
+
-
<?php if ( !defined( 'HABARI_PATH' ) ) { die( 'No direct access' ); }
+
-
</syntaxhighlight>
+
-
 
+
-
This is only necessary on Habari installations that are being upgraded. New installations will get this change automatically when the new <tt>config.php</tt> file is generated.
+
-
 
+
-
* Theme functions no longer echo by default. You will now need to echo the returned value. For example, all themes should call the <tt>header()</tt> function, which should be changed from this:
+
-
 
+
-
<syntaxhighlight lang="php">
+
-
<?php $theme->header(); ?>
+
-
</syntaxhighlight>
+
-
 
+
-
to this:
+
-
 
+
-
<syntaxhighlight lang="php">
+
-
<?php echo $theme->header(); ?>
+
-
</syntaxhighlight>
+
-
 
+
-
You should check your calls to at least <tt>header()</tt>, <tt>footer()</tt>, <tt>prev_page_link()</tt>, <tt>next_page_link()</tt>, <tt>page_selector()</tt>, and <tt>feed_alternate()</tt> in your theme.
+
== Known Bugs ==
== Known Bugs ==

Revision as of 22:01, 12 December 2011

Don't get too excited, 0.8 isn't out yet, but it has been frozen.

Contents

Introduction

Welcome to Habari Version 0.8!

This latest release of Habari contains security fixes, major improvements, and feature changes. You should read the Upgrading page before you upgrade.

This is also our first release from Github. Have a look at how to install Habari from Github.

Issues Addressed

Security

  • Don't let admin pages be loaded in an iframe d8a544eb85
  • Protect Habari Silo uploads from CSRF 04cd07adfc, 85940b8d8f
  • Filter the page string of requested admin pages to remove a non-persistent XSS hole a0f34009aa
  • Prevent direct loading of config files 5eb87a12ca

Thanks again to Mauro Gentile for working with us on these security issues, his contributions are greatly appreciated, as is his patience in waiting for this release before revealing these bugs!

Bugs

A complete list of all the bugs fixed is near impossible. Here are a selected few, and the rest can be found in the commit logs.

  • Remove a call to a PHP 5.3+ method on the admin logs page when filtering by date. r5125 fixes #1447.
  • Many strings that had translation values available but were not using them now will show localized text.
  • Fix errors displayed when using Charcoal. 9a18afb6 fixes #221.
  • Use signed values for moving taxonomy terms. 35735ae fixes #229.
  • Wrong date in entry dash module. 7041fc62 fixes #208.
  • Prevent direct access to files. 64089ee3.

Enhancements

  • Add initial support for child themes, wherein a child theme can use all of the templates of its parent, overriding only templates and styles that it intends to augment.
  • Improve the consistency of rewrite rule names, which may break plugins using those rules. The rule update_entries has been renamed update_posts.
  • Change the default behavior of theme functions from echo to return.
  • Add support for gzip and deflate compression to both SocketRequestProcessor and CurlRequestProcessor, so that any external HTTP requests will be seamlessly compressed to save bandwidth, 5e20c9f3b7 and 3687139d57

Other Changes

  • The k2 theme has been removed. It can now be found in habari-extras.

Upgrade Notes

Please read about upgrading to version 0.8. All users will be affected by the change in theme functions and many will want to remove a potential path disclosure issue. Now that it has been removed from the Habari installation, users of the k2 theme will need to manually include it.

Known Bugs

Many bug fixes and improvements have been made since the last release, but as with any piece of software issues and enhancement requests remain. For full details see Habari's change management system.

Credits

These release notes were compiled by the Habari Community.

On behalf of the community, we give our warmest thanks to the developers and contributors who made this Habari release possible.

Personal tools