Fixed a potential directory traversal vulnerability.
Fixed a severe XSS vulnerability. In this context, the insert tag flags
base64_encode
and base64_decode
have been removed.
Handle nested insert tags in strip_insert_tags().
Correctly store the model in Dbafs::addResource() (see #7440).
Send the request token when toggling the visibility of an element (see #7406).
Always apply the IE security fix in the Environment class (see #7453).
Correctly handle archives being part of multiple RSS feeds (see #7398).
Correctly handle 0
in utf8_convert_encoding() (see #7403).
Send a 301 redirect to forward to the language root page (see #7420).
Always pass a DC object in the toggleVisibility
callback (see #7314).
Correctly render the "read more" and article navigation links (see #7300).
Fix the markup of the form submit button (see #7396).
Do not generally remove insert tags from page titles (see #7198).
Consider the useSSL
flag of the root page when generating URLs (see #7390).
Correctly create the template object in BaseTemplate::insert()
(see #7366).
Updated TinyMCE to version 4.1.6 and added the "lists" plugin (see #7349).
Fixed the FAQ sorting in the back end (see #7362).
Added the Widget::__isset()
method (see #7290).
Correctly handle dynamic parent tables in the DC_Table
driver (see #7335).
Correctly shortend HTML strings in String::substrHtml()
(see #7311).
Updated MooTools to version 1.5.1 (see #7267).
Updated swipe.js to version 2.0.1 (see #7307).
Use an .invisible
class which plays nicely with screen readers (see #7372).
Handle disabled modules in the module loader (see #7380).
Fixed the "link_target" insert tag.
Correctly mark CAPTCHA fields as mandatory (see #7283).
Updated the ACE editor to version 1.1.6 (see #7278).
Fix the Database::list_fields()
method (see #7277).
Correctly assign "col_first" and "col_last" in the image gallery (see #7250).
Set the correct path to TCPDF in system/config/tcpdf.php
(see #7264).
Do not output an empty label
tag (see #7249).
Allow floating point numbers in "number" input fields (see #7257).
Do not adjust the start time of past events (see #7121).
Reset the image margins if it exceeds the maximum image size (see #7245).
Reset $blnPreventSaving
when a model is cloned (see #7243).
Do not reload after storing CURRENT_ID
in the session (see #7240).
Correctly validate the page number of the versions menu (see #7235).
Handle underscores in the Google+ vanity name (see #7241).
Correctly handle the rem
unit when importing style sheets (see #7220).
Fix two issues with the extension repository theme.
Restore permission to delete root pages for admin users (see #7135).
Pass the file IDs instead of their UUIDs to the file picker (see #7139).
Correctly handle double quotes in comments (see #7102).
Ignore hidden files when building the internal cache (see #7098).
Correctly pass the insert ID of the undo record (see #6234).
Update the vendor libraries (fixes various issues).
Convert insert tags before assigning the page title to the template (see #7097).
Correctly render images in TinyMCE in the newsletter module (see #7089).
Add the media query to the style sheets in debug mode (see #7070).
Disable the debug mode in the extension creator (see #7068).
Convert image source insert tags in the back end preview (see #7065).
Render all root nodes in the page and file picker (see #6844).
Add the "scssphp-compass" library to support Compass functions.
Support adding multiple TinyMCE instances to the same page (see #7061).
Grant access to static files inside the vendor
folder.
Do not make the FormRadioButton
options an array (see #7060).
Support adding ACE and TinyMCE in subpalettes (see #7056).
Only use the DropZone uploader where Ajax uploads can be processed (see #7046).
Make the viewport field 255 characters long (see #7050).
Restore the "submit_container" class in the FormSubmit
widget (see #7055).
Correctly generate the CSS classes of the FormSelectMenu
widget (see #7045).
Use a more precise UUID detection in the FilesModel
class (see #7054).
Use pack()
instead of hex2bin()
to be compatible with PHP 5.3 (see #7010).
Correctly show the comments in the "comments" element (see #7040).
Correctly store the file selection in "edit multiple" mode (see #7028).
Update Compass to version 0.12.6.
Improve the UUID validation to prevent false positives (see #7010).
Correctly sort by date in the listing module (see #5609).
Fix the back link in the "single article" view (see #6955).
Never cache insert tags if the output is not used on the website (see #7018).
Strip forbidden HTML tags in the markdown content element (see #7021).
Prevent parallel execution of the new command line scripts.
Also set the sql_mode
in the MySQLi driver (see #6996).
Purge the script cache if a style sheet is edited (see #7005).
Disable the maintenance screen if a back end user is logged in (see #7009).
Correctly set the textarea value in the template (see #6995).
Make sure the security questions gets always generated (see #6990).
Do not use date_default_timezone_get()
in the configuration file (see #6989).
Correctly generate absolute URIs in Controller::generateFrontendUrl()
.
Fix the link button padding (a.tl_submit
).
Update TinyMCE to version 4.0.26.
Correctly set and explain the page title field (see #6953).
Correctly show the template sources (see #6875).
Support input tags without a "type" attribute in the CSS framwork (see #6902).
Import the tinymce.css
style sheet in TinyMCE (see #6970).
Catch Swift exceptions when sending form data via e-mail (see #6941).
Try all locale variations when loading TinyMCE (see #6952).
Correctly overwrite the article template (see #6938).
Correctly wrap long labels in the tree view (see #6954).
Correctly add the WAI-ARIA attributes (see #6217).
Allow to override the default form field template (see #4547).
Only pass the current form data to the "processFormData" hook (see #6705).
Add a DropZone-based file uploader (see #6064).
Add permissions to import and export themes (see #5835).
Make the fields of the meta wizard configurable in the DCA (see #4327).
Also show the preview image when editing multiple files (see #6643).
Show the file location below the "name" field in the file manager (see #6503).
Add some basic WAI-ARIA attributes to the navigation menu (see #6217).
Automatically convert file paths in TinyMCE into insert tags (see #5965).
Move the custom layout section markup into template files (see #6531).
Move the form field markup into the template files (see #6834).
Add template inheritance and template insertion (see #6508 and #6934).
Add a flexible back end theme.
Update colorbox to version 1.5.8.
Update mediaelement.js to version 2.14.2.
Update jQuery to version 1.11.0 and jQuery UI to version 1.10.4.
Update the color picker to version 1.4.
Use the "bootstrap" theme for the date picker (see #6692).
Update the back end date picker to version 2.2.0.
Update ACE to version 1.1.3.
Use the widget attributes instead of the DCA in the picker widgets (see #6881).
Enable the interlace bit when creating image thumbnails (see #6529).
Assign articles to layout sections with an article module only (see #6094).
Add the "parseDate" hook (see #4260).
Make the title tag configurable in the page layout (see #6783).
Add helper methods to generate markup depending on the output type:
Template::generateStyleTag()
Template::generateInlineStyle()
Template::generateScriptTag()
Template::generateInlineScript()
Template::generateFeedTag()
Add the "customizeSearch" hook (see #5223).
Add a button to generate article aliases via "edit multiple" (see #6628).
Add a pagination menu at the listing bottom (see #6377).
Only override element and module templates in the front end (see #6878).
Use the html5shiv-printshiv.js
script in the front end (see #6293).
Added the "getLanguages" hook (see #6545).
Render the table summary as <caption>
in HTML5 (see #6295).
Also convert paths without delimiter in Combiner::fixPaths()
(see #6417).
Add the "colorizeLogEntries" hook (see #5803).
Added an "oncut_callback" and "oncopy_callback" to DC_Folder
(see #6814).
Support optional dependencies in the module loader (see #6835).
Mark the beginning and end of each template in debug mode (see #6841).
Added the insert tag flags "urlencode" and "rawurlencode" (see #6859).
Add files and folders to the database in details view (see #6880).
Add version control for editable files.
Add a configurable "viewport" field to the page layout (see #6251).
Split the layout builder CSS code into a static and a responsive style sheet, so the responsive behaviour can be disabled (see #6251).
Added more static convenience methods to the Config
class:
set()
: temporarily set a configuration valuepresist()
: permanently store a configuration valueremove()
: permanently remove a configuration value
A static get()
method has been available already.
Update TinyMCE to version 4.0.20 (see #1495).
Handle .scss
and .less
files in the Combiner
. This also allows to add SCSS
or LESS files as external style sheets to the page layout.
Allow to override the default module or content element template (see #4547).
Create a new version if a member changes their data in the front end.
Shorten the file paths in the FileTree
widget (see #6488).
Hide the details page link in the listing module if the details page condition is not met (see #6332).
Make the file system synchronization available on the command line (see #6815).
Make the Automator
methods available on the command line (see #6815).
Moved the asset version constants to $GLOBALS['TL_ASSETS']
(see #5759).
Added a "preview front end as member" button (see #6546).
Hide forward pages if they point to unpublished target pages (see #6376).
Only enable the debug mode in the FE if there is a BE user (see #6450).
Do not require MooTools or jQuery for the command scheduler (see #6755).
Use the new Google Universal Analytics code snippet (see #6103).
Add $parent
as fourth parameter to the "compileDefinition" hook (see #6697).
Update TCPDF to version 6.0.062.
Enable the maintanance mode by default (see #6758).
Added a markdown content element (see #6052).
Merged the "newsarchive" and "newsarchive_empty" templates (see #6647).
Make the following functions public static (see #6351):
Controller::getArticle
Controller::getContentElement
Controller::getForm
Controller::getFrontendModule
Support editing the front end preview page via the "url" parameter (see #6471).
Do not combine .js and .css files when running in debug mode (see #6450).
Added a DcaLoader
class to decouple the DCA loading process (see #5441). DCAs
can now be loaded anywhere using Controller::loadDataContainer()
.
Convert slashes to hyphens in the standardize()
function (see #6396).
Add a getModel()
method to modules, elements and hybrids (see #6492).
Support the "HAVING" command in the Model\QueryBuilder
class (see #6446).
Use class constants for BackendUser::isAllowed()
.