PivotX development has ended

By Hans NordhaugWednesday 22 March 2017

This post is long, long, long overdue.

Most PivotX users already know this, but to make it clear: PivotX development has ended.

Read entire post

PivotX 2.3.11 released

By Bob den OtterSunday 21 June 2015

We've released a new maintenance update for PivotX. This release also fixes a few minor security-issues, so it is a recommended upgrade for all PivotX 2.x websites. For former security related issues and patches, see the page dedicated to Security issues.

These are the changes since PivotX 2.3.10:

  • Now calling htmlspecialchars with ENT_QUOTES.
  • Escaping some user controlled variables.
  • Escape usage of PHP_SELF in form action.
  • Bug- / security-fix in getPivotxURL().
  • Using absolute paths everywhere in the head.
  • Bug fix in check of allowed file extensions.
  • No longer restore PHP session via session-id passing in url as it is insecure. (Partly reverting rev 3179.)
  • Fixing some warnings / notices, for newer PHP versions.
  • Properly escape user-controlled variables in the file explorer.
  • Moblog fixes - debugging and handling of mails with images from the default iphone mail app.

The PivotX 2.3.11 release can be downloaded from this location: pivotx.net/files/pivotx_latest.zip (or pivotx.net/files/pivotx_latest.tgz, if you prefer.tgz files). For setup instructions, we point you to our documentation: Getting the files & installing. If you're having trouble downloading the files, you can also download them from our sourceforge mirror.

PivotX 2.3.10 released

By Bob den OtterMonday 25 August 2014

We've released a new maintenance update for PivotX. This release fixes a minor security-issue, so it is a recommended upgrade for all PivotX 2.x websites. For former security related issues and patches, see the page dedicated to Security issues.

These are the changes since PivotX 2.3.9:

  • Properly escape user-controlled variables in the file explorer. (XSS)
  • Moblog fixes - debugging and handling of mails with images from the default iphone mail app.
  • Updated TinyMCE to 3.5.11
  • Strip HTML tags the the request variable "px_message". Thx, Waledac Oxana!
  • Wrong domain for session cookie if the web server is running on a non-standard port.

The PivotX 2.3.10 release can be downloaded from this location: pivotx.net/files/pivotx_latest.zip (or pivotx.net/files/pivotx_latest.tgz, if you prefer.tgz files). For setup instructions, we point you to our documentation: Getting the files & installing. If you're having trouble downloading the files, you can also download them from our sourceforge mirror.

PivotX 2.3.9 released.

By Bob den OtterMonday 03 March 2014

We've released a new maintenance update for PivotX. Since this release fixes a security-issue, it is a recommended upgrade for all PivotX 2.x websites. For former security related issues and patches, see the page dedicated to Security issues.

These are the changes since PivotX 2.3.8:

Security issues:

  • A file upload vulnerability and various XSS issues on the admin pages. Mitigated by the fact that an attacker must have an PivotX account. All issues require that the attacker has a PivotX account/user, so for sites with multiple users, you will want these patched.

Other bug fixes:

  • For flatfile databases:
    • Adding excerpts to the output from getLatestPages so page excerpts are displayed on the dashboard.
    • 'read_entries' should not change the current entry (since read_entries is used for other things than creating subweblogs).
  • Bug fix in session cookie domain - any subdomain named "wwwX" (where X is any character) resulted in an invalid domain for the cookie.
  • Set UTF-8 for debug window (and also give it a title).

The PivotX 2.3.9 release can be downloaded from this location: pivotx.net/files/pivotx_latest.zip (or pivotx.net/files/pivotx_latest.tgz, if you prefer.tgz files). For setup instructions, we point you to our documentation: Getting the files & installing. If you're having trouble downloading the files, you can also download them from our sourceforge mirror.

PivotX 2.3.8 released.

By Bob den OtterWednesday 22 January 2014

We've just released a new maintenance update for PivotX. This is a recommended upgrade for all PivotX 2.x websites. For former security related issues and patches, see the page dedicated to Security issues.

These are the changes since PivotX 2.3.7:

  • Fixed bug that archive_list used more than once with a different type outputted the wrong number of links
  • New params for archive_list: 
    • amount (to limit the amount of output)
    • start and end (specify range so you can combine different types of output)
    • year (to specify what year should only be used)
  • Mobile theme updated
  • Added PivotX icon for not-found images.
  • Added PHP 5.5 compatibility fix.
  • Added Smarty security fix.
  • Minor update to mobile dashboard.
  • Fixed problem with more than 1 uploader in the editor.
  • Added delHook function.
  • Added file existence check before creating thumbnail to circumvent lots of unrelated warnings.
  • Introducing hidden setting 'email_start_text' to replace default text in notification mails.

The PivotX 2.3.8 release can be downloaded from this location: pivotx.net/files/pivotx_latest.zip (or pivotx.net/files/pivotx_latest.tgz, if you prefer.tgz files). For setup instructions, we point you to our documentation: Getting the files & installing. If you're having trouble downloading the files, you can also download them from our sourceforge mirror.