We've released a new maintenance update for PivotX. This release fixes a minor security-issue, so it is a recommended upgrade for all PivotX 2.x websites. For former security related issues and patches, see the page dedicated to Security issues.
These are the changes since PivotX 2.3.9:
- Properly escape user-controlled variables in the file explorer. (XSS)
- Moblog fixes - debugging and handling of mails with images from the default iphone mail app.
- Updated TinyMCE to 3.5.11
- Strip HTML tags the the request variable "px_message". Thx, Waledac Oxana!
- Wrong domain for session cookie if the web server is running on a non-standard port.
The PivotX 2.3.10 release can be downloaded from this location: pivotx.net/files/pivotx_latest.zip (or pivotx.net/files/pivotx_latest.tgz, if you prefer.tgz files). For setup instructions, we point you to our documentation: Getting the files & installing. If you're having trouble downloading the files, you can also download them from our sourceforge mirror.
We've released a new maintenance update for PivotX. Since this release fixes a security-issue, it is a recommended upgrade for all PivotX 2.x websites. For former security related issues and patches, see the page dedicated to Security issues.
These are the changes since PivotX 2.3.8:
Security issues:
- A file upload vulnerability and various XSS issues on the admin pages. Mitigated by the fact that an attacker must have an PivotX account. All issues require that the attacker has a PivotX account/user, so for sites with multiple users, you will want these patched.
Other bug fixes:
- For flatfile databases:
- Adding excerpts to the output from getLatestPages so page excerpts are displayed on the dashboard.
- 'read_entries' should not change the current entry (since read_entries is used for other things than creating subweblogs).
- Bug fix in session cookie domain - any subdomain named "wwwX" (where X is any character) resulted in an invalid domain for the cookie.
- Set UTF-8 for debug window (and also give it a title).
The PivotX 2.3.9 release can be downloaded from this location: pivotx.net/files/pivotx_latest.zip (or pivotx.net/files/pivotx_latest.tgz, if you prefer.tgz files). For setup instructions, we point you to our documentation: Getting the files & installing. If you're having trouble downloading the files, you can also download them from our sourceforge mirror.
We've just released a new maintenance update for PivotX. This is a recommended upgrade for all PivotX 2.x websites. For former security related issues and patches, see the page dedicated to Security issues.
These are the changes since PivotX 2.3.7:
- Fixed bug that archive_list used more than once with a different type outputted the wrong number of links
- New params for archive_list:
- amount (to limit the amount of output)
- start and end (specify range so you can combine different types of output)
- year (to specify what year should only be used)
- Mobile theme updated
- Added PivotX icon for not-found images.
- Added PHP 5.5 compatibility fix.
- Added Smarty security fix.
- Minor update to mobile dashboard.
- Fixed problem with more than 1 uploader in the editor.
- Added delHook function.
- Added file existence check before creating thumbnail to circumvent lots of unrelated warnings.
- Introducing hidden setting 'email_start_text' to replace default text in notification mails.
The PivotX 2.3.8 release can be downloaded from this location: pivotx.net/files/pivotx_latest.zip (or pivotx.net/files/pivotx_latest.tgz, if you prefer.tgz files). For setup instructions, we point you to our documentation: Getting the files & installing. If you're having trouble downloading the files, you can also download them from our sourceforge mirror.
It's been a while since the last release, but we've just put out a new update for some issues that popped up in PivotX. This is a recommended upgrade for all PivotX 2.x websites. This release contains no security fixes. For former security related issues and patches, see the page dedicated to Security issues.
These are the changes since PivotX 2.3.6:
- Improved handling of multipart messages. (Avoiding calling parse_body multiple
times on the same message)
- Fixed: Disabling minifying of JavaScript to fix the problems with Minify in combination with jQuery
- Faking the Magpie user agent so _getTagFeedHelper is able to get feeds from blogsearch.google.com and icerocket.com
- Added: Completing support for tags on pages, MySQL only. (Thanks Coen Jeukens)
- Bugfix: The query key for templates is "te", not "t" (which is used for tags).
- Added: date option orddaysuffix_en that sets the ordinal day suffix. Only in English.
- Bugfix: Don't use the server name when setting the cookie domain since we might be on an alias domain.
- Added: new recovery option to keep PivotX from stopping working. (in case config gets broken for some reason)
- Added: example web.config for Microsoft IIS (thanks Gishan)
- Fixed: No longer output a canonical link when browsing a weblog, viewing a category,
an archive or a search/tag/special page.
- Added: Introducing setting email_morelink_position to position the more link either on top or on the bottom of the constructed mail text.
The PivotX 2.3.7 release can be downloaded from this location: pivotx.net/files/pivotx_latest.zip (or pivotx.net/files/pivotx_latest.tgz, if you prefer.tgz files). For setup instructions, we point you to our documentation: Getting the files & installing. If you're having trouble downloading the files, you can also download them from our sourceforge mirror.
It's only a few days since we released PivotX 2.3.5, but an unfortunate error crept into the build: We had updated Jquery to the latest version, but that introduced an incompatibility with the version of jQuery UI that we were using. We've released version 2.3.6, which has an updated version of jQuery UI, that fixes the incompatibility. Other than that, this release is an incremental update for PivotX 2.3. It contains minor updates and fixes, that were recently fixed. This is a recommended upgrade for all PivotX 2.x websites. This release contains no security fixes. For former security related issues and patches, see the page dedicated to Security issues.
These are the changes since PivotX 2.3.3:
- jQuery UI updated to version 1.9.1.
- Fixed compatibility issue with PHP 5.4.
- Bug fix in relativeToAbsoluteURLS. Improving regexp so all relative URLs are modified. (Important for feeds).
- Lifestream version 1.0.1: Fixed Twitter issue - updated URL to RSS feed.
- Updated jQuery to 1.8.2.
- Fixing issue with initial entries not showing up after installation. (Flat file database only.)
- Replacing "mktime()" with "time()" since "As of PHP 5.1, when called with no arguments, mktime() throws an E_STRICT notice".
- Various bug fixes for comments feeds: No output if weblog parameter was present / Fixed wrong id.
- Minor fix in getFiles so it works correctly on Windows servers.
- Most templates are rewritten to use a more consistent naming scheme.
- Fixed: Wrong detection of safe_mode in PHP.
- Added: Extrafields support in the 'orderby' parameter for subweblogs.
- Fixed: Orphan page and next/previouspage template resulted in never ending loop.
- Changed: Disregarding number of entries for the pager count when subweblog is called 'archive'.
- Added: support for separate icons when running in multisite mode - looking for "images/favicon.ico".
The PivotX 2.3.6 release can be downloaded from this location: pivotx.net/files/pivotx_latest.zip (or pivotx.net/files/pivotx_latest.tgz, if you prefer.tgz files). For setup instructions, we point you to our documentation: Getting the files & installing. If you're having trouble downloading the files, you can also download them from our sourceforge mirror.
