Home »
FUDforum »
FUDforum Announcements »
FUDforum 2.6.0RC4 Released
FUDforum 2.6.0RC4 Released [message #14231] |
Mon, 10 November 2003 15:33 |
Ilia
Messages: 13241 Registered: January 2002
Karma:
|
Senior Member Administrator Core Developer |
|
|
Various fixes that bring us another step closer to the final release. This release implements a major security hardening fix. Consequently I ask that anyone and everyone try this release and report bugs.
Changes:
- Fixed possible bug in sys_id tracking.
- Added missing include to iemail.inc that causes problems when SMTP is used.
- Updated German & Chinese translations.
- Fixed bug in template editor when editing sections with similar names.
- Added anti-cache code for forum pages in the form of 3 anti-cache headers.
- Added workaround in referrer check for proxies/browsers that mangle HTTP_REFERER.
- Make referrer checking optional (disabled by default).
- IP tracking workaround for AOL users, who use AOL browser.
- Sanitize login/alias names for 0-31 127-159 character ranges.
- Move admincp above the forum path on message view.
- Fixed pager in path_info template set.
- Added missing code bit to mark accounts unapproved on forums where admin needs to approve every new account.
- When user confirms account and it has not yet been validated by the admin give them a message to indicate why they cannot yet use their account.
- Incorrect sig options.
- Uploaded image insertion fix.
- Corrected possible // in path info URLs.
- Fix all/none links for private message selection for path_info themes.
- Show default theme 1st in profile editor.
- Make MySQL password a hidden field on admin control panel.
- Fixed bug in web message editor, when editing messages with similar names.
- Disallow non A-Za-z0-9_ characters in theme names.
- Switched from gif to png images for some icons.
- Fixed a bug during login when anon-user uses PATH_INFO theme and user uses non-PATH_INFO theme.
- HTML encode description so that it does not break the forum/category editor forms.
- Added missing continue in file attachment handling inside nntp.inc, which may result in an unterminated loop.
- Fix htaccess handler for non-apache sapis and add missing return inside installer & upgrade script.
- Fixed notice warnings inside installer & upgrade script.
- Better default WWW_ROOT selection for CGI & Fast-CGI installs.
- Sequence number security mechanism(read more below).
Sequence number security mechanism
To prevent unauthorized requests FUDforum now implements sequence number security mechanism. What this means is that every request is prefixed with a random number that changes every request. Every POST request and GET requests that modify things now validate this number before accepting input. If the sequence number does not equal that of a request prior to the current one, the input is rejected.
FUDforum Core Developer
|
|
|
Goto Forum:
Current Time: Sun Nov 24 19:18:37 GMT 2024
Total time taken to generate the page: 0.03999 seconds