Symphony 2.7.0
Symphony 2.7.0 is a LTS release, with new features, bug fixes, performance and security improvements.
Closed CVE with this release (or earlier 2.6.x releases):
New Features
- 75a5056532 Added a grunt task to run phpcs
- aa22f69283 Added Default Value jQuery plugin
- fd4c0d3d96 Update Session class to PHP 7 specification
- 0ff9ffd55c splitted the DOMAIN constant to create the DIRROOT constant
- d79647d686 added DIRROOT as root-dir parameter
- 0b2fdded4e Add more random sources
- 525d302ec7 Add support for tag negation and filterable ops
- 01bc9dcbd8 Add delegate prior to checking a field's post data #2549
- 506aa7648d Lock/unlock tables when editing entries #2585
- 3e3c2809e0 Provide an extension point to $_SERVER reads
- 419fe79cc3 Tag list field: accept an array of tags #2602
- 0b6d1658a0 Make Configuration::__toString() support nested arrays #2609
- 28a8431c52 Added link to security bug disclosure procedure
- 28393e8803 Add the mb string strpos function call
- 54d6ead613 Enable the email core to ignore attachment errors #2662
- b4cd97ca98 Add sql: null and sql: not null filters #2666
- a6ed8a0e24 Replace url state with canonical url #2665
- 6cb0c94866 Add requiresTable perf optimization #2678
- 27d3351546 Perf: optimise loading of additional language files
- 198390ee46 Perf: further tweaks to language loading, allow for language dialects (eg. pt-br)
- c454a13d2f Add unattended installation process #2654
- 05ac9293db Add General::checkFile*able() API #2683
- 459c9ce8fa Add Custom Author Column delegates
- 31f5eb3694 Add AuthorPreCreate delegate
- c3d6a59b54 Unified the AuthorPreDelete parameters
- 951fb7a42d Add AuthorPostDelete delegate
- 5382e9284f Add NavigationPostBuild delegate
- 4f5543811a Add CanAccessPage delegate
- 6d456f81f3 Add missing 'author' paramter
- 85f30f3e4c Apply 'CanAccessPage' on navigation
- 69bee5fdd6 Add the possibility to run with E_ALL #2687
- 6e68409538 Push deprecated warnings to log #2701
- 00b3f9abc3 Add PreRenderHeaders delegate
- e5ecf3cbd3 Prevents data loss on save #2659
Bug Fixes
- fd4c0d3d96 Update Session class to PHP 7 specification
- b0f9adfc0b Made
generateNonce()
return value url safe - 057526a49d Prevent errors if EXTENSIONS is un readable
- 7ea69d0e1a mt_srand function argument must be an integer
- ccbe6936c5 Prevent cookie issues when running behind a proxy #2590
- e7b4b56ad7 Allow install in folders with special chars
- 5f2ecade0e Make sure user can delete the author #2572
- 27ea8968d0 Fix cookie safe url creation
- 09b4c04e8b Remove trailing slash from safe cookie path
- 3d1748d1b5 Fixing potential XSS
- f1d7b05a95 Sanitize error message
- 53f3ebfadd Output password and email even when auth == 0
- 02687ee307 Fix SQL problem with AND (+) operation
- 26067868ea Supress warning when chmod does not work
- ee5a4aef98 Return true in the error handler
- 6809b28cbd Make sure configuration is traversable
- 9bcb03048d Constructor with 1 parameter always = 'No error'
- a7a05368b7 Fix Association Drawer: problem when parent_section_field_id is null #2620
- b8c5014783 Refactor on DataSource::determineFilterType()'s
- e4b8e5aca4 Correct check for undefined variable #2623
- 5bde94fcd6 Fix for MySQL ANSI compliance issue with order by
- 4f8332b9be Fix for MySQL 5.7 Strict mode
- b5ce52e578 Prevent script and link injection on login page
- 2e31e6437c Fix $_fetchSortFieldidocumentation
- f742a3b171 Fix remote code execution by auth'd users
- b3a82da48b Make sure we call stripslashes on read
- 9f26a2e7dc Call stripslashes on index pages as well
- 2b774b4574 Fix unselectable element after a reorder
- 6201a2dd85 Fix broken filter suggestions in DS Editor
- 0a78172b98 Make sure Authors emails are always validated
- 2451c24112 Fix wrong entries-per-page when result is empty
- 0ddd49d402 Prevent XSS with section's name and nav group
- 257aab2deb Prevent acting on non existing tables #2664
- 0d86029304 Remove the attempt at fixing duplication of data
- b43397b41d Better fix for MySQL 5.7 Strict mode
- a5074dc2c5 EntryManager hotfix, field is not an instance of Field, it's an array of field data. RE: #2678
- 86240d361e Refactor General::limitWords so it actually makes sense...
- 31a4bf37c1 Sanitize section's name and nav group
- 5d6cc03ffc Fix not-regexp which leads to wrong results #2695
- dd5ae51b07 Properly sanitize the section`s name
- 64d1dd614d Fix the wrong count of associated entries #2697
- fe762bd15a Make sure we always have a date and time format #2705
- 8bce5797f0 Fix broken AND ( + ) filtering #2694
- 70f2a21988 Fix js error when no visible items exist
- a86bef00c9 Add default values for date columns
- d6c7303af3 Sanitize events and datasources' sources
Minor Updates
- 41018b6769 Set "Sections Index" as default area of default (first) author #2530
- 6f99eb49e6 Better php.ini overrides for insecure setups
- 0f525fe63d Use HTTP_HOST constant instead of reading $_SERVER
- 91e318bd97 Only request the needed schema in table view #2568
- 9ada23cac9 Add data-attributes to publish filtering interface #2577
- ebd698518d Use $_SERVER[] instead of getenv()
- d31ce5ebf7 Split out the http protocol logic into a constant
- 4a2701c4c3 Remove mcrypt as it is not maintained
- f9057b1569 Wrap exceptions xml message in CDATA
- c5c9eb3950 Delete __actionIndex from authors content page
- 64e3774268 Make pickable hidden forms elements readonly
- e2ca2335bc Make email prefs pane inputs readonly by default
- 1b19e689df Change default permission in uploadFile to 0644
- e1f61a3162 PHP 7: Refactor around Exception handlers
- 7084906dbf Remove gray border when row is selected
- 475c198acd Add non breaking space in transliteration.php #2631
- a850313d39 Update
pre_populate
when updating to 2.7.x - ff956d71ae Add link to installerpage to delete install folder
- 8b6ca80b02 Add link to delete install folder after update
- d21f3a6da0 Sort settings of associated sections in drawer #2608
- 979a8be3b5 Removed unused code #2613
- 83466e0394 Updated jQuery to 2.2.4
- 59484de609 Use HTML5 lang attribute instead of xml:lang
- e99618b4a8 Refactor edit() and add() to make them identical #2680
- c4d9ba3669 Add X-Content-Type-Options and X-XSS-Protection
- 2b60a28627 Remove unecessary call to clearstatcache() #2684
- 73a579900a Make Email::create() static #2691
- 3c1a65ab76 Eliminate code duplication in random order check #2689
- cb063cf192 Add Referrer-Policy: same-origin for backend pages #2700
- d00a06de27 Remove Access-Control-Allow-Origin header #2706
- 01b5e6114a Group 404 checkboxes and shorten their labels #2702
- c3ad3809e9 Improvements on Associations Drawer
- 5763872ba7 Better wording for the Error Conditions #2723
- a9c3d9b268 Do not show the count if it is zero
- 205a79fdd8 Add
composer.lock
to the repository - b5da71861e Add package-lock.json
- a45a9c3ca4 Add the timestamp as the checkbox value
- 798eb8eb43 Replace on with timestamp as the checkbox value