-
Notifications
You must be signed in to change notification settings - Fork 24
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
# Conflicts: # CHANGELOG.md # install/changes/2.4.1.txt
- Loading branch information
Showing
2,061 changed files
with
20,352 additions
and
7,183 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,81 @@ | ||
# Exponent Content Management System | ||
|
||
---------- | ||
|
||
Copyright (c) 2004-2017 OIC Group, Inc. | ||
|
||
This file contains details about optional features which are activated | ||
by the installation of 3rd party libraries which are not shipped with Exponent CMS. | ||
These optional features include: | ||
|
||
- PDF Export | ||
- Enhanced Debugging Output | ||
|
||
## PDF Export | ||
|
||
Exponent CMS includes no built-in PDF Exporter, but this feature can be activated by | ||
installing one or more of several PDF Output libraries. The package can be downloaded | ||
and must be extracted to the root folder, or installed from within Exponent | ||
(install extension) as a 'Patch' . Your choice of library will depend on the desired | ||
speed or accuracy of the output. You may choose to not activate this feature and | ||
simply require the user to locally create a PDF file on their end from printable output. | ||
|
||
#### mPDF | ||
|
||
**mPDF is the preferred library.** We currently support three (3) versions: | ||
|
||
v6.1.3 is the newest version | ||
- [mpdf61.zip](https://sourceforge.net/projects/exponentcms/files/Add-ons/mpdf61.zip/download) | ||
This requires Exponent CMS v2.4.1 or later. | ||
|
||
v6.0 is available | ||
- [mpdf60a.zip](https://sourceforge.net/projects/exponentcms/files/Add-ons/mpdf60a.zip/download) | ||
This uses the mPDF v6.0.0 library which has been customized for PHP v7 compatibility. This | ||
package requires Exponent CMS v2.3.3 or later. | ||
|
||
v5.7.4 is the oldest version we support | ||
- [mpdf57a.zip](https://sourceforge.net/projects/exponentcms/files/Add-ons/mpdf57a.zip/download) | ||
This uses the mPDF v5.7.4 library which has been customized for PHP v7 compatibility. This | ||
package requires Exponent CMS v2.2.3 or later. | ||
|
||
#### domPDF | ||
|
||
domPDF was the first supported PHP based library. We currently support two (2) versions: | ||
|
||
v0.7.0 is the newest version | ||
- [dompdf070.zip](https://sourceforge.net/projects/exponentcms/files/Add-ons/dompdf070.zip/download) | ||
This uses the domPDF v0.7.0 library which has been customized for Exponent with a fix for pdf | ||
invoices and thumbnails. This package requires Exponent CMS v2.4.1 and later. | ||
|
||
v0.6.2 is the older version, but the first library we supported | ||
- [dompdf62a.zip](https://sourceforge.net/projects/exponentcms/files/Add-ons/dompdf62a.zip/download) | ||
This uses the domPDF v0.6.2 library which has been customized for Exponent with a fix for pdf | ||
invoices and thumbnails. This package requires Exponent CMS v2.2.3 or later. | ||
|
||
#### HTML2PDF | ||
|
||
HTML2PDF differs from the previous two libraries in that is uses a second 3rd party | ||
library (TCPDF) to perform the actual PDF creation. | ||
|
||
v4.6.1 is the newest version, though it is possible that earlier versions back to v4.5.0 | ||
may also work if installed correctly. | ||
- [html2pdf-1.zip](https://sourceforge.net/projects/exponentcms/files/Add-ons/html2pdf-1.zip/download) | ||
This uses the HTML2PDF v4.6.1 library which has been customized for Exponent. It requires | ||
the TCPDF v6.2.13 PDF engine which is included in this package. This package requires | ||
Exponent CMS v2.3.8 or later. | ||
|
||
#### WKHTMLtoPDF | ||
|
||
WKHTMLtoPDF differs from all the other PDF Export libraries. While the other libraries | ||
are PHP scripts which are installed/extracted into the Exponent file structure, WKHTMLtoPDF | ||
requires installation of server specific binary files onto the server. In many cases | ||
it can be both the fastest and most accurate, yet the most difficult to install and configure. | ||
|
||
v0.12.4 is the newest version which can be downloaded from http://wkhtmltopdf.org/downloads.html | ||
|
||
## Enhanced Debugging Output | ||
|
||
Exponent CMS includes built-in Developer Debugging support, but this feature can be extended by | ||
installing the [Kint](https://github.com/raveren/kint) PHP library. Simply extract a release into | ||
the /external folder which creates an subfolder named 'kint'. The feature is auto-activated | ||
by this installation. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,115 @@ | ||
Version 2.4.1 - Specific changes from previous version | ||
------------------------------------------------------ | ||
|
||
#### v241 adds these features to v240 previous releases: | ||
- add optional syntax highlighting editor support for code snippet module (CodeMirror or Ace editors) | ||
- activates new ckeditor drag/drop file upload which allows instantly uploading a non-image file to insert the link | ||
|
||
#### v241 fixes these issues in v240 previous releases: | ||
- now prohibits .php5/.php7 uploaded files from being run, even if server allows | ||
- integrate class.upload to help process all file uploads and filter executable scripts; also filter uploads in elFinder to same mime types | ||
- regression fix traditional file manager changing folders action not working as expected | ||
- fix/handle possible fatal error/exception with event module external calendars | ||
- fix jquery/bs2 popupcalendar initial date issue | ||
- fixes a ckeditor drag/drop file/image upload issue when error reporting was turned on | ||
|
||
#### v241 updates these 3rd party libraries in v240 previous releases: | ||
- elFinder to v2.1.19 | ||
- easypost library to v3.2.1 | ||
- swiftmailer library to v5.4.5 | ||
- bootstrap-datetimepicker to v4.17.44 | ||
|
||
|
||
#### v240patch5 adds these features to v240 previous releases: | ||
- updates/adds/exposes support for mPDF v6.1 and DOMPDF v0.7.0, fixes html2pdf support | ||
- adds separate forms showall_portfolio custom view configuration in addition to show item custom view | ||
|
||
#### v240patch5 fixes these issues in v240 previous releases: | ||
- regression fix (v240) `<meta charset...>` tag wasn't properly closed with quote | ||
- regression fix event announcement view; edit/delete wasn't passing date_id; added copy command | ||
- regression fix (v240p2) 404 errors NOT being dispatched unless new optional page redirection support is turned on | ||
- fix making copies of module items doesn't initialize publish/unpublish dates | ||
|
||
#### v240patch5 updates these 3rd party libraries in v240 previous releases: | ||
- (optional) mPDF to v6.1.2 | ||
- (optional) DOMPDF to v0.7.0 | ||
- (optional) html2pdf to v4.6.1 and tcpdf to v6.2.13 | ||
- TinyMCE to v4.5.1 | ||
- CKEditor to v4.6.1 | ||
- moment.js to v2.17.1 | ||
- jquery.validate to v1.16.0 | ||
|
||
|
||
#### v240patch4 adds NO features to v240 previous releases: | ||
|
||
#### v240patch4 fixes these issues in v240 previous releases: | ||
- fix page redirection log styling issue with minimized styles/scripts | ||
- fix ckeditor add custom plugin from {control} to custom toolbar | ||
- regression fix (v240p2) listbuilder widgets are broken, won't save contents | ||
- regression fix (v240p2) YUI calendarcontrol and popupdatetimecontrol widgets are broken give warning | ||
- forms showall records command only displayed filtered records | ||
|
||
#### v240patch4 updates these 3rd party libraries in v240 previous releases: | ||
- elFinder to v2.1.18 | ||
- CKEditor to v4.6.0 | ||
- TinyMCE to v4.5.0 | ||
- PLUpload to v2.2.1 | ||
- Moment.js to 2.17.0 | ||
- SwiftMailer to v5.4.4 | ||
|
||
|
||
#### v240patch3 adds these features to v240 previous releases: | ||
- adds filtered records count to form showall views if filtered (already displayed total form records) | ||
- adds 'clear page redirection log' command | ||
- change page redirect log to display entire redirection record on hover and add redirect' button instead of using linked name | ||
- allow 301,302,307, & 308 as page redirect code options | ||
- page redirection now also records the requested url to help determine what the user was trying to do | ||
|
||
#### v240patch3 fixes these issues in v240 previous releases: | ||
- regression fix (v237p1) new directories created with wrong/bad permissions in some cases (less to css, etc...) | ||
- regression fix (v240) new customers unable to create new account | ||
|
||
#### v240patch3 updates these 3rd party libraries in v240 previous releases: | ||
- yadcf to v0.9.1 | ||
- moment.js to v2.16.0 | ||
- webshims to v1.16.0 | ||
|
||
|
||
#### v240patch2 adds these features to v240 previous releases: | ||
- initial implementation of optional page redirection support; must be turned on in site configuration Error Messages, then managed by manage all pages | ||
|
||
#### v240patch2 fixes these issues in v240 previous releases: | ||
- prevent logged in users from viewing other user records and admins from super-admin records; thanks to pang0lin | ||
- fix sql injection issue in notfound controller; reported by pang0lin | ||
- fix db indexes removed during 'remove db unneeded columns' command | ||
- (regression) fix text accordion view (non-bs/bs3), may have never worked correctly | ||
|
||
#### v240patch2 updates NO 3rd party libraries in v240 previous releases: | ||
|
||
|
||
#### v240patch1 adds these features to v240: | ||
- adds form control description option to calendarcontrol, popupdatetimecontrol, and yuicalendarcontrol | ||
|
||
#### v240patch1 fixes these issues in v240: | ||
- fix unable to display multiple recaptcha widgets per page (multiple forms per page) | ||
- fix anomalies with event feedback email from announcement view | ||
- fix some issues with the new 'output as link' form control option and some form showall portfolio view issues | ||
- regression fix (v2.4.0) file upload logic error...would rename '_' to '..' | ||
- regression fix expPaginator would only return a single page if called with sql statement (total records was set to page limit) | ||
- fix security vulnerability to bypass permissions using method name in wrong case, reported by fyth | ||
- fix security vulnerability attempt to modify config.php (logic was incorrect), reported by xiaojunjie | ||
- fix security vulnerability to get user list, reported by pang0lin | ||
- fix security vulnerability in search method, reported by pang0lin | ||
- fix security vulnerability to editing addresses, countries, and regions; reported by pang0lin | ||
- fix security vulnerability to reranking pages; reported by kyohpc | ||
- fix security vulnerability update group; reported by DM_ | ||
- fix security vulnerability in order search and editor preview; reported by fyth | ||
- fix security vulnerability in ratings; reported by fyth | ||
- prevent swf/flash uploads in elFinder to prevent malicious code upload; reported by DM_ | ||
- fix many sql injection security vulnerabilities which failed to account for sef urls; reported by many people; CVE-2016-9272 | ||
- fix failure to output jquery addon stylesheets within ajax call | ||
- fix bs3 popupdatetimecontrol initial display if system date/time format is not default...now consistent with other bs3 date time widgets | ||
|
||
#### v240patch1 updates these 3rd party libraries in v240: | ||
- update jstree to v3.3.3 | ||
- update owl carousel to v2.2.0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,3 @@ | ||
# secure directory by disabling script execution | ||
AddHandler cgi-script .php .php3 .php4 .phtml .pl .py .jsp .asp .htm .html .shtml .sh .cgi | ||
AddHandler cgi-script .php .phps .php3 .php4 .php5 .php7 .phtml .pl .py .jsp .asp .htm .html .shtml .sh .cgi | ||
Options -ExecCGI |
Oops, something went wrong.