PivotX 2.3.11 released

By Bob den OtterSunday 21 June 2015

We've released a new maintenance update for PivotX. This release also fixes a few minor security-issues, so it is a recommended upgrade for all PivotX 2.x websites. For former security related issues and patches, see the page dedicated to Security issues.

These are the changes since PivotX 2.3.10:

  • Now calling htmlspecialchars with ENT_QUOTES.
  • Escaping some user controlled variables.
  • Escape usage of PHP_SELF in form action.
  • Bug- / security-fix in getPivotxURL().
  • Using absolute paths everywhere in the head.
  • Bug fix in check of allowed file extensions.
  • No longer restore PHP session via session-id passing in url as it is insecure. (Partly reverting rev 3179.)
  • Fixing some warnings / notices, for newer PHP versions.
  • Properly escape user-controlled variables in the file explorer.
  • Moblog fixes - debugging and handling of mails with images from the default iphone mail app.

The PivotX 2.3.11 release can be downloaded from this location: pivotx.net/files/pivotx_latest.zip (or pivotx.net/files/pivotx_latest.tgz, if you prefer.tgz files). For setup instructions, we point you to our documentation: Getting the files & installing. If you're having trouble downloading the files, you can also download them from our sourceforge mirror.

PivotX 2.3.10 released

By Bob den OtterMonday 25 August 2014

We've released a new maintenance update for PivotX. This release fixes a minor security-issue, so it is a recommended upgrade for all PivotX 2.x websites. For former security related issues and patches, see the page dedicated to Security issues.

These are the changes since PivotX 2.3.9:

  • Properly escape user-controlled variables in the file explorer. (XSS)
  • Moblog fixes - debugging and handling of mails with images from the default iphone mail app.
  • Updated TinyMCE to 3.5.11
  • Strip HTML tags the the request variable "px_message". Thx, Waledac Oxana!
  • Wrong domain for session cookie if the web server is running on a non-standard port.

The PivotX 2.3.10 release can be downloaded from this location: pivotx.net/files/pivotx_latest.zip (or pivotx.net/files/pivotx_latest.tgz, if you prefer.tgz files). For setup instructions, we point you to our documentation: Getting the files & installing. If you're having trouble downloading the files, you can also download them from our sourceforge mirror.

PivotX 2.3.9 released.

By Bob den OtterMonday 03 March 2014

We've released a new maintenance update for PivotX. Since this release fixes a security-issue, it is a recommended upgrade for all PivotX 2.x websites. For former security related issues and patches, see the page dedicated to Security issues.

These are the changes since PivotX 2.3.8:

Security issues:

  • A file upload vulnerability and various XSS issues on the admin pages. Mitigated by the fact that an attacker must have an PivotX account. All issues require that the attacker has a PivotX account/user, so for sites with multiple users, you will want these patched.

Other bug fixes:

  • For flatfile databases:
    • Adding excerpts to the output from getLatestPages so page excerpts are displayed on the dashboard.
    • 'read_entries' should not change the current entry (since read_entries is used for other things than creating subweblogs).
  • Bug fix in session cookie domain - any subdomain named "wwwX" (where X is any character) resulted in an invalid domain for the cookie.
  • Set UTF-8 for debug window (and also give it a title).

The PivotX 2.3.9 release can be downloaded from this location: pivotx.net/files/pivotx_latest.zip (or pivotx.net/files/pivotx_latest.tgz, if you prefer.tgz files). For setup instructions, we point you to our documentation: Getting the files & installing. If you're having trouble downloading the files, you can also download them from our sourceforge mirror.

PivotX 2.3.8 released.

By Bob den OtterWednesday 22 January 2014

We've just released a new maintenance update for PivotX. This is a recommended upgrade for all PivotX 2.x websites. For former security related issues and patches, see the page dedicated to Security issues.

These are the changes since PivotX 2.3.7:

  • Fixed bug that archive_list used more than once with a different type outputted the wrong number of links
  • New params for archive_list: 
    • amount (to limit the amount of output)
    • start and end (specify range so you can combine different types of output)
    • year (to specify what year should only be used)
  • Mobile theme updated
  • Added PivotX icon for not-found images.
  • Added PHP 5.5 compatibility fix.
  • Added Smarty security fix.
  • Minor update to mobile dashboard.
  • Fixed problem with more than 1 uploader in the editor.
  • Added delHook function.
  • Added file existence check before creating thumbnail to circumvent lots of unrelated warnings.
  • Introducing hidden setting 'email_start_text' to replace default text in notification mails.

The PivotX 2.3.8 release can be downloaded from this location: pivotx.net/files/pivotx_latest.zip (or pivotx.net/files/pivotx_latest.tgz, if you prefer.tgz files). For setup instructions, we point you to our documentation: Getting the files & installing. If you're having trouble downloading the files, you can also download them from our sourceforge mirror.

PivotX 2.3.7 released

By Bob den OtterTuesday 13 August 2013

It's been a while since the last release, but we've just put out a new update for some issues that popped up in PivotX. This is a recommended upgrade for all PivotX 2.x websites. This release contains no security fixes. For former security related issues and patches, see the page dedicated to Security issues.

These are the changes since PivotX 2.3.6:

  • Improved handling of multipart messages. (Avoiding calling parse_body multiple
    times on the same message)
  • Fixed: Disabling minifying of JavaScript to fix the problems with Minify in combination with jQuery
  • Faking the Magpie user agent so _getTagFeedHelper is able to get feeds from blogsearch.google.com and icerocket.com
  • Added: Completing support for tags on pages, MySQL only. (Thanks Coen Jeukens)
  • Bugfix: The query key for templates is "te", not "t" (which is used for tags).
  • Added: date option orddaysuffix_en that sets the ordinal day suffix. Only in English.
  • Bugfix: Don't use the server name when setting the cookie domain since we might be on an alias domain.
  • Added: new recovery option to keep PivotX from stopping working. (in case config gets broken for some reason)
  • Added: example web.config for Microsoft IIS (thanks Gishan)
  • Fixed: No longer output a canonical link when browsing a weblog, viewing a category,
    an archive or a search/tag/special page.
  • Added: Introducing setting email_morelink_position to position the more link either on top or on the bottom of the constructed mail text.

The PivotX 2.3.7 release can be downloaded from this location: pivotx.net/files/pivotx_latest.zip (or pivotx.net/files/pivotx_latest.tgz, if you prefer.tgz files). For setup instructions, we point you to our documentation: Getting the files & installing. If you're having trouble downloading the files, you can also download them from our sourceforge mirror.