Joomla 1.6.1

Разработчики объявили о выходе Joomla 1.6.1. В этой версии исправлено огромное количество ошибок, некоторые из которых относятся к безопасности. Рекомендую обновиться всем, кто уже начал работать с Joomla 1.6. Список ошибок исправленных в новой версии смотрите далее.

 

 

 

 

Список взят с официального сайта:

Security Moderate Priority - Core - SQL Injection / Interal Path Disclosure. Moderate Priority - Core - Path Disclosure. Moderate Priority - Core - XSS Vulnerabilities. Moderate Priority - Core - XSS Vulnerabilities. Low Priority - Core - Information Disclosure. Moderate Priority - Core - Redirect Vulnerabilities. Moderate Priority - Core - Information Disclosure. Low Priority - Core - Unauthorised Access. Moderate Priority - Core - CSRF Vulnerabilities. Moderate Priority - Core - DOS Vulnerabilities. Moderate Priority - Core - XSS Vulnerabilities. Moderate Priority - Core - CSRF Vulnerabilities.

Issues Fixed

Category

Issue Title

ACL

group perms list should be expand/collapsible at will

ACL

new user group assignement doesn't work

ACL

A registered user can change their user name

ACL

No save icon in article editor for new article with category level permission

ACL

Users with create permission in a category cannot see the image button below the editor

Administration

Fix background color in high contrast batch fieldsets

Administration

Refresh Cache in Extension Manager: Failed loading XML file

Administration

Inconsistent term for User Group

Administration

Multiple groups are a problem in the user manager

Administration

Improve the cpanel of admin templates + correting some errors

Administration

Language fixes and new warnings for com_installer

Administration

Templates filter searches all extensions

Administration

Improve the Directory Permissions in com_admin

Administration

3rd party components install in location "site" instead of "administrator"

Administration

*PHP warning in extension manger

Administration

Missing messages for some menu item types having no Basic Options

Administration

Problems with aliases when there is a menu alias menu type

Administration

Alternative Layout Not Implemented in com_search, com_users

Authentication & Login

*Issue in back-end login module with Languages not installed in db but present in the admin language folder

Authentication & Login

*Multilanguage on and site offline: loggin front-end gets in a loop

Authentication & Login

Login form does not use https

Code Style

PHP Strict Standards Message, Category Blog

Code Style

CRLF instead of LF in some files

Code Style

Systematic elimination of DS as directory separator - Round 2

Code Style

Wrong class in kategory list mode

Components

Unescaped value should be filtered.

Components

Getting 500 errors editing from category blog on front end with default sef on

Components

SQL Injection can result in information disclosure

Components

com_contact, wrong string is used in config.xml (COM_CONTACT_FIELD_PROFILE_SHOW_LABEL used twice)

Components

com_contact view contact links

Components

com_newsfeeds doesn't set default view in frontend

Components

com_mailto Spam Email Relay

Components

SQL error in com_contact if id not set

Components

Strict standards: Declaration of WeblinksModelCategory::getItems() should be compatible with that of JModelList::getItems() in

Components

Inconsistency in the Add new newsfeed screen

Components

Missing tooltip in Web Links Manager

Components

*menu items metadata not implemented

Components

Link Author option lacks in Archived Articles menu item

Components

com_menu not looking for component xml file

Components

Details of the components are in different orderings

Components

duplicate case in switch in ~/components/com_users/controller.php

Components

*Weblinks icon hardcoded

Components

*Contacts Category model tries to load params from menu even if no Itemid is set

Components

Clicks on a custom banner are not counted

Components

*Banners unique alias

Components

*Search lower and upper limit do not take into account localise.php settings

Components

*Accommodating for longer string value in Banners Edit page

Components

com_categories doesn't properly update paths of children categories when moved to a new parent

Components

Redirect component does not list 404 errors for missing child page when parent page does exist (patch supplied)

Components

Get error after save options for component

Components

duplicate code weblink .php

Components

*Category Save as Copy does not save with different title/alias

Components

*modal_contacts field type problems

Components

Joomla displaying error after uploading an image using Media Manager and the path does not stay where it is after the upload

Components

Double category strings in URLs

Components

A banner with limited impressions will never show

Components

Multiselect not implemented in all views

Components

Can't display teaser text in full article view.

Components

Extra markup in some component views

Components

extra closing div in \components\com_weblinks\views\form\tmpl\edit.php

Database

Issue with MySQL compatibility in joomla.sql with params fields

Database

in sql file bug

Forms

Contact form typo - duplicate tag <label> for Email and Message

Forms

JHtml select.radiolist produces unnecessary label class suffix

Forms

The "Ordering" form field type defaults to "0", causing accidental changes to ordering of plugins, modules, banners, etc (with patch)

Front End

Cannot edit a weblink from the frontend

Front End

Wrong description language code for email1 field

Front End

*Submitting two articles in the same category with the same title but different aliases doesn't work on frontend

Installation

Sample data - Wrapper module issue

Installation

Installation IE fixes

Installation

J!1.6 lacks a remove installation folder screen

Installation

com_installer Admin XSS

Installation

Sample data links

Installation

Javascript error in installation

Installation

Internationalisation of sample data options list

Installation

*Localise xml default language is not highlighted in the drop down

Installation

*Languages not installed in db but present in the language folders in joomla issue

Installation

Enabling debug language mode in installation application

Installation

Add a button to the installation to remove the installation folder

Installation

Improve installation.js

Installation

bug: old extension version reported from cache after automatic extension update**

Installation

Plugins installed via discover are enabled

Installation

Sample Data Typo

Javascript

Error parameters formated in tinymce

Javascript

None of the JS files have been compressed.

Javascript

Don't use the $() function in JavaScript.

Javascript

Make some scripts compatible with Mootools 1.3

Joomla! Libraries

Some article code can send JFilterInput into an endless loop

Joomla! Libraries

Fatal error: Cannot use object of type stdClass as array in ../libraries/joomla/updater/updater.php on line 108

Joomla! Libraries

response headers show wrong joomla version

Joomla! Libraries

Manifest data is not being serialized as JSON during install and discovery install.

Joomla! Libraries

Joomla! Web Application Framework library is uninstallable

Joomla! Libraries

Library JURI has an optional parameter: it should be mandatory

Joomla! Libraries

Unused JDate code causing"Catchable fatal error"

Joomla! Libraries

JController class lacks a unregisterTask method

Joomla! Libraries

Abort during install of component and module fail due to rollback methods being protected instead of public.

Joomla! Libraries

typo in databasequery.php - udpate

Joomla! Libraries

Add support for defer/async to JDocument

Languages

Hathor status module jtext plurals

Languages

Missing Language string Cache Unwritable

Languages

MODULES_ERR_XML incorrectly called

Languages

Missing language string JLIB_INSTALLER_ABORT_PACK_INSTALLER_COPY_SETUP

Languages

Incomplete language strings in Mass Mail

Languages

missing translation for COM_WEBLINKS_DEFAULT_PAGE_TITLE

Languages

Incorrect language definition in 'List Contacts in a Category' menu item type

Languages

Incorrect tooltips in Articles Categories module

Languages

Incorrect tooltip in Module Manager

Languages

In Bluestork, longer labels are being cut off especially radio button labels

Languages

*Extra language definitions for icon tooltips in Messages component

Languages

*Incorrect error string after saving default menu item with set 'Default Page' radio button to 'no' value

Languages

*No translation of options (plugin names) in ordering field of plugins

Languages

Incorrect term in a tooltip in the Menu Items screen

Languages

*Incorrect tooltip for the Enabled column in Plug-In Manager

Languages

*Incorrect tooltip in News Feed Manager

Languages

Incosistency in the Link Author article option

Languages

Contact language is ignored in frontend

Languages

Untranslated strings TPL_BEEZ5_ISCLOSED and TPL_BEEZ5_LOGO

Languages

Debug Language showing up

Languages

The strings used for the display column in the module assignment slider are confusing

Languages

Cannot Translate Option Values using JForm SQL Field Type**

Layouts

Extra div element in Category List for unpublished articles

Layouts

Missing class blog_children

Layouts

Missing class default_children

Modules

*Langswitcher module needed display improvement parameters

Modules

New Window without navigation

Modules

Backend mod_status private messages pluralisation

Modules

mod_articles_category creates wrong html code

Modules

Disabling modules on a page leaves error messages

Modules

Empty tooltips in module edit screens

Modules

Mod popular and latest article processing events in content plugins

Modules

*Don't show empty divs in mod_login

Modules

Module articles category - fatal error

Modules

Articles Category Module Gropu by Author error

Modules

Modules do not have Trashed state

Modules

Module Banners: "All categories" option does not include all categories

Modules

Incorrect ID attribute's value in backend menu

Modules

Stripped code in contents and custom html module

Modules

JNO/JYES instead JSHOW/JHIDE in mod_weblinks.xml

Modules

Missing "parent" css class if menu is collapsed

Modules

mod_articles_category generates a PHP warning when using language filter

Modules

Fatal error in mod_articles_category when showing readmore

Modules

*Duplicated module is published

Plugins

Language switcher broken by #24210

Plugins

*debug plugin does not display results if gzip is on

Plugins

Update GeSHI to 1.0.8.9

Plugins

If a system plugin tries to load its language file, Joomla! falls back to setting the default site language to English.

Plugins

PATCH: Change pagination pagelist

Plugins

plg_user_profile "Website" field XSS

Plugins

*Detect browser lang and cookie broken when using languagefilter

Plugins

*Redundant call to load language in tinymce causes lang load issue

Plugins

[#24767] *Detect browser lang and cookie broken when using languagefilter

Plugins

Improve the voting plugin

Plugins

* Menu manager Multilanguage Deactivate Home

Plugins

Alias URL does not work with Language filter plugin active - sef off

Plugins

Plugin User-Profile Birthday field alpha entry crashes Profile Fields in Admin

Plugins

Upgrade Geshi to 1.0.8.10

Plugins

Upgrade Codemirror to Version 0.94

Plugins

Codemirror update causes improper characters in template html/css editing

RTL

*Implementing RTL pagination in beez

RTL

*RTL/LTR issues in Beez2 and 5 (News feeds and debug)

RTL

breadcrumbs doesn't look good on rtl templates

RTL

uppear right toolbar on rtl template isn't align well

RTL

*Correcting icon message display in installation with rtl lang

RTL

modifying Beez 20 to compatibility with RTL

RTL

*modifying Beez5 to compatibility with RTL

Search Engine Friendly

Transliteration does not work in Category Manager

Search Engine Friendly

Send HTTP result code 503 for the offline page

Search Engine Friendly

404 errors when using pagebreak with sef enabled

Search Engine Friendly

Remove com_search SEF encoding of search term

Search Engine Friendly

Redirect is Not Working with SEF

Search Engine Friendly

sef plugin results in a blank page for large content

Templates

Missing image in Beez2 and Beez5

Templates

/templates status indicator in backend

Templates

Bluestork administrator template template.css typo

Templates

In Users, Mass Mail Users, the tooltips are not being styled.

Templates

beez template typo with position-15

Templates

Unstyled dialog when clicking 'new' in module manager

Templates

Error page styling forces error box to far left

Templates

Screens jumps when using the ACL widget

Templates

No rounded corners in Opera for Modal

Templates

New preview screenshots required for the admin templates

Templates

Removes references to non-existing stylesheet

Templates

Image j_button2_right.png missing from system template

Templates

Remove the border attribute

Templates

Typo in media/media/css/popup-imagelist.css (wrong color value for background)

Templates

*Debug position in beez 20 template doesn't work.

Templates

JS error notices default template in IE7+8

Templates

JS patch for Beez5 - IE issue hide.js

Templates

Beez_20 and Beez 5 xml patch

User Interface

* Adding a "Location" column in Language Manager

User Interface

Administration templates renders JForm "checkboxes" incorrectly in config

User Interface

Admin Trashed menu doesn't display - link error

User Interface

Trashed articles - no indication of being trashed , when viewed at front of site

User Interface

*Contact form in frontend does not display the star for required fields

User Interface

Message label incorect showed and inconsistency with coma after labels in Contact form

User Interface

*Banners Tracks export modal needs more height

User Interface

[patch] Enable editor-xtd buttons to have meaningful tooltips

User Interface

*Accommodating longer strings in bluestork page title

User Interface

Change "Templates Manager" to "Template Manage"

User Interface

* Different Alias fields tooltips

User Interface

*Normalise modals UI

User Interface

JTRASH instead JTRASHED in jgrid.publishedOptions

User Interface

Banner Manager: Banners - increase is needed for colspan of table's footer

User Interface

There is no featured button in the tool bar, so no way to make multiple articles featured

User Interface

Cannot allow a group to create in a single sub category

User Interface

PNG images are not optimized