@robiso robiso released this Jul 18, 2018 · 4 commits to master since this release

Assets 3

ZIP file SHA256: 692e87a8abbc8856cb95f660a6278f7ab6ccd955c1fbf05041a71197b538fc57

What's new

  • Fixed session fixation vulnerability.
  • Fixed mixed content warning for NGINX servers.
  • Improved main URL function and added multiple string case checks for the HTTPS protocol and port forwarding.

How to update

  • Login to your WonderCMS website and click Update. Always backup before updating!

Changelog

How to install WonderCMS for the first time

  • Unzip and upload the files wherever you wish WonderCMS to be installed at.

@robiso robiso released this May 3, 2018 · 8 commits to master since this release

Assets 3

ZIP file SHA256: b7cea41ca9d8aa1d8f3d3c77cf4bca48bf4b7171666682c37c3ebf888d8241b3

What's new

  • Fixed bug in better security function.
  • Improved function for password changing.
  • Added keyword and description for 404 pages (new installations only).
  • Improved function for installing themes and plugins.
  • Fixed bug with function for deleting files and folders.

How to update

  • Login to your WonderCMS website and click Update. Always backup before updating!

Changelog

How to install WonderCMS for the first time

  • Unzip and upload the files wherever you wish WonderCMS to be installed at.

@robiso robiso released this May 2, 2018 · 20 commits to master since this release

Assets 3

ZIP file SHA256: b312a271ed2ecf6220ee018dac9d13f40fdb50f3153ef3e5e3a89a665ecb741f

What's new

  • New feature (Apache only): better security mode and HTTPS redirect ON/OFF switch in Settings->Security.
  • New feature: view version number when updating. It's now easier to see to what WonderCMS version you're updating to next.
  • Minor text and style changes to the update notification and settings panel.
  • Upgraded logic when checking for directory traversal attacks. Other minor code fixes.
  • Moved location of backup action in index.php, this removes the "Delete backup files" notification bug when a backup file is removed.
  • Moved location of delete page action index.php, this remove the "Page deleted" notification when a corrupted database is recovered.
  • Changed most REQUEST['token'] checks to POST types.

How to update

  • Login to your WonderCMS website and click Update. Always backup before updating!

Changelog

How to install WonderCMS for the first time

  • Unzip and upload the files wherever you wish WonderCMS to be installed at.

@robiso robiso released this Feb 23, 2018 · 48 commits to master since this release

Assets 3

ZIP file SHA256: 97a2065e6d34f0dcee39474f6acbeba4c15d75b956e92d769188f0ad0854d861

What's new

  • Fixed bug with "double update" notification (patch).

How to update

  • Login to your WonderCMS website and click Update. Always backup before updating!

Changelog

How to install WonderCMS for the first time

  • Unzip and upload the files wherever you wish WonderCMS to be installed at.

@robiso robiso released this Feb 21, 2018 · 57 commits to master since this release

Assets 3

ZIP file SHA256: 766F8063175C8B17008AC17BE119DF6B993981BD38874874E11A56C065AF8C00

What's new

  • Fixed vulnerability - logged in admin could delete files from any directory.
  • Added SRI hashes to external JavaScript and CSS files: jquery.min.js, bootstrap.min.js, autosize.min.js, taboverride.min.js, jquery.taboverride.min.js, bootstrap.min.css).
  • Removed uneccessarry session unset.
  • Minor text changes.

1 theme (default) update available

Copy this link: https://github.com/robiso/wondercms-themes/releases/download/default-2/default.zip


How to update

  • Login to your WonderCMS website and click Update. Always backup before updating!

Changelog

How to install WonderCMS for the first time

  • Unzip and upload the files wherever you wish WonderCMS to be installed at.

@robiso robiso released this Jan 1, 2018 · 71 commits to master since this release

Assets 3

What's new

  • A clearer definition of public/private functions.
  • Corrected code logic in theme/plugin installer with an array check.
  • Added hash_equals checks to prevent CSRF timing attacks.
  • Added link to WonderCMS homepage in the Settings panel.
  • Prettified code fixes.
  • Minor text changes to the Settings panel and error messages.
  • Removed old version support compatibility (function called updateOtherFiles).
  • CSS fix, removed bottom border on the settings panel links. The border was visible only when designing a new theme/template from scratch.
  • Functions re-sorted alphabetically for easier overview.
  • Added 404 page editing support.
  • Added whitelist for allowed file type uploads.
  • Restructured function for deleting files, themes and plugins.
  • Updated to latest version of taboverride and autosize.
  • Minor settings panel design changes.
  • Updated Summernote plugin to latest version and added tables to the Summernote editor toolbar.
  • Updated autosize.js to latest version.

2 plugins need updating

NOTE 1: If you don't have these plugins, there is no need to update them.
NOTE 2: Update WonderCMS before updating plugins.

1. Update link for Summernote editor plugin

2. Update for Additonal contents plugin


  • Thanks to Vekien for the corrected code logic in the theme/plugin installer, helping implement hash_equals and restructuring the function for deleting files/themes/plugins.
  • Thanks to ayeshrajans for spotting the hash_equals improvement possibility.

How to update

  • Login to your WonderCMS website and click Update. Always backup before updating!

Changelog history

How to install WonderCMS for the first time

  • Unzip and upload the files wherever you wish WonderCMS to be installed at.

@robiso robiso released this Oct 10, 2017 · 85 commits to master since this release

Assets 3

What's new in WonderCMS 2.3.2

  • two additional ISSET checks to prevent PHP notices
  • changed HTTP 1.0 headers to HTTP 1.1
  • updated links to themes and plugins in the Settings panel (new links are: https://wondercms.com/themes and https://wondercms.com/plugins)
  • removed converted case for page titles
  • core code in WonderCMS prettified - providing a better level of readability
  • minor text changes

Thanks to Samrat Das (https://twitter.com/Samrat_Das93) for sparking up the following debate:

  • Should we limit the uploaded file types?
    • Share your opinion on this topic to ensure WonderCMS stays the way you, the user, wants to: #45

How to update

  • Login to your WonderCMS website and click Update. Always backup before updating!

News history

How to install WonderCMS for the first time

  • Unzip and upload the files wherever you wish WonderCMS to be installed at.

@robiso robiso released this Aug 23, 2017 · 95 commits to master since this release

Assets 3

What's new in WonderCMS 2.3.1

  • added two additional checks if the request for token is set
  • double space removal / converted to tabs

Thanks to Andreas Lenhardt (https://twitter.com/AndiLenhardt) for reporting and testing.

How to update

  • Login to your WonderCMS website and click Update.

Installation

  • Unzip and upload the files wherever you wish WonderCMS to be installed at.

What's new history

@robiso robiso released this Aug 22, 2017 · 105 commits to master since this release

Assets 3

What's new in WonderCMS 2.3.0

  • re-designed settings panel
  • theme installer + updater + remover
  • plugin installer + updater + remover
  • file uploader + remover
  • tab/indentation support
  • additional security token checks
  • "Visit page" link next to each page in menu
  • added success message when deleting a page
  • logout link moved to top right corner
  • fixed title case when creating new pages
  • files autosize.js, taboverride.min.js and taboverride.jquery.min.js are now loaded after the admin is logged in - resulting in faster website loading
  • additional token verifications
  • minor code logic fixes
  • minor text fixes

Thanks to:

  • Janez Čas from HttpMaster (httpmaster.net)
  • Davide Vago for a design inspiration (davidevago.com)
  • Robbie Alamantus (robbie.antenesse.net)

How to update

  • Login to your WonderCMS website and click Update.

Installation

  • Unzip and upload the files wherever you wish WonderCMS to be installed at.

What's new history

@robiso robiso released this Jun 23, 2017 · 113 commits to master since this release

Assets 3

What's new in WonderCMS 2.2.1

  • Custom port support. WonderCMS now works on non-standard HTTP ports - thanks to Grzegorz Kowalski.
  • JavaScript hook fix - thanks to Grzegorz Kowalski.
  • Show admin CSS only when logged in for faster website delivery.
  • Minor text/tab fixes.

Installation

  • Unzip and upload the files wherever you wish WonderCMS to be installed at.

How to update

  • Login to your WonderCMS website and click Update.

What's new history