XOOPS: XOOPS 2.5.2 最终版发布

发布者: ForMusS 在 2011/10/3 11:40:00 阅读量: 9328
XOOPS 开发团队 高兴地宣布发布 XOOPS 2.5.2 最终版。

-------------------------
请注意:我们已发布 XOOPS 2.5.3,修复了XOOPS 2.5.2新安装中的bug

如果您有2.5.2的新安装,您应该重新安装它。

如果您只更新了现有的XOOPS安装,您只需使用更新包“xoops2.5.2-to-2.5.3”中的文件,并覆盖它们。
-------------------------

本版本着重解决先前版本中的bug和提高安全性,基于来自High-Tech Bridge安全研究实验室的报告。

请在这里 此论坛 发布并讨论与此发布相关的所有问题。

我们还需要帮助进行 翻译


系统要求
-----------------------------------

PHP
任何PHP版本 >= 5.2 (强烈推荐PHP 5.3+)

MySQL
MySQL服务器 5.0+

Web服务器
任何支持所需PHP版本的服务器(强烈推荐Apache)


下载XOOPS
-----------------------------------

您可以从 Sourceforge仓库 获取此版本软件包。
提供.zip和.gz归档。

安装XOOPS(新安装) ----------------------------------- 1. 将 htdocs/ 文件夹的内容复制到服务器可以访问的位置 2. 确保mainfile.php和uploads/对网络服务器是可写的 3. 考虑到安全性,建议将"/xoops_lib"(用于XOOPS库)和"/xoops_data"(用于XOOPS数据)目录移出Document Root,并更改文件夹名称 4. 使xoops_data/目录可写;如果尚未存在,创建并使xoops_data/caches/、xoops_data/caches/xoops_cache/、xoops_data/caches/smarty_cache/和xoops_data/caches/smarty_compile/目录可写。 5. 使用您的网络浏览器访问您安装了htdocs/文件的文件夹,以启动安装向导 您还可以查看详细的安装指南操作指南 在XOOPS中安装Protector ----------------------------------- 我们还强烈建议安装PROTECTOR模块,这将为您的网站提供额外的安全保护和日志记录功能。 从旧版本升级 ----------------------------------- 从2.5.1a升级到2.5.2: 1. 从sourceforge文件仓库下载正确的更新包 2. 用/htdocs的内容覆盖您服务器上的XOOPS目录上的文件 * 确保将/xoops_lib的内容复制到服务器上的任何您保持其内容的目录(应为当前的XOOPS_TRUST_PATH目录),然后删除/xoops_lib目录。不能有两个具有/xoops_lib内容的目录 3. 通过模块管理界面更新"系统"模块。建议更新其他模块,特别是"Profile"、"PM"和"Protector" 从比2.5.0旧的版本升级: 0. 验证系统要求,特别是PHP的版本。备份XOOPS数据库和网站目录。(有多种方法执行这些操作,其他地方有详细讨论。)关闭您的网站是可选的。将mainfile.php和/include/license.php的权限改为可写,例如: 文件 正常 用于升级 mainfile.php 400 700 /include/license.php 444 777 从SourceForge文件仓库获取正确的更新包。 1. 在升级包文件夹中,如果不在那里,将"upgrade"文件夹移到"htdocs"文件夹内。如果存在,从"htdocs"文件夹中删除install文件夹。如果存在,从"htdocs"文件夹中删除mainfile.php文件。如果您将xoops_data和xoops_lib文件夹移到网站根目录外,将这些文件夹从升级包文件夹中的"htdocs"文件夹移出。 2. 删除当前XOOPS网站上/modules/system目录(以删除任何旧的不再需要的文件)。 3. 用升级包的"htdocs"文件夹的内容覆盖当前XOOPS网站上XOOPS目录中的文件。(有几种方法执行此操作,其他地方有详细讨论。)如上所述,如果已重新定位,用升级包中的内容覆盖当前xoops_data和xoops_lib中的文件。 4. 如果以前已安装Protector,打开"mainfile.php"文件,并删除Pre-check和Post-check行(如果存在): include XOOPS_TRUST_PATH.'/modules/protector/include/precheck.inc.php' ; include XOOPS_TRUST_PATH.'/modules/protector/include/postcheck.inc.php' ; 5. 在您网站的地址(URL)上以管理员身份登录。访问/upgrade/ with a browser, and follow the instructions (and any for updating your XOOPS database). After all updates have been applied (green checkmarks), note the link in the Updater to update the "system" module, and do so. 6. Delete the "upgrade" folder from your site's "htdocs" directory. 7. Update (reload) other modules, especially "Profile", "PM", and "Protector," if necessary. 8. Change permissions on the files noted above back to their normal state. 9. Turn your site back on, if you turned it off earlier. Debug information display level ----------------------------------- Since XOOPS 2.3.1 debug information display level is enabled as a temporary solution for 2.3* to show debug information to different level of users: to all users, to members or to admins only. The configuration can be set in /xoops_data/configs/xoopsconfig.php As a default, the display level is set for Admin only. Files integrity check ----------------------------------- The full XOOPS package is released with a script able to check if all the system files have been correctly uploaded to the server. To use it, follow these instructions: 1. Upload the checksum.php and checksum.md5 files located in the XOOPS package root to your XOOPS server folder (putting them next to mainfile.php). 2. Execute checksum.php with your browser 3. If necessary, re-upload the missing or corrupted system files 4. Remove checksum.php and checksum.md5 from your server Modules ----------------------------------- This release contains only the "system-related modules". You are invited to browse the XOOPS modules repository to if you need additional functionality. Note: as a new repository is being built, the current repository is not up-to-date, PLEASE VISIT INDIVIDUAL DEVELOPERS' WEBSITES TO MAKE SURE YOU ARE USING LATEST VERSION OF MODULES. How to contribute ----------------------------------- Bug report: http://sourceforge.net/tracker/?group_id=41586&atid=430840 Patch and enhancement: http://sourceforge.net/tracker/?group_id=41586&atid=430842 Feature design: http://sourceforge.net/tracker/?group_id=41586&atid=430843 Release announcement: https://lists.sourceforge.net/lists/listinfo/xoops-announcement We would like to thank all developers who contributed fixes (ForMuss, Trabis, Zyspec, Mamba, Mage), and our users who helped us with testing, especially Sabahan. XOOPS Development Team October 2nd, 2011 ================ Change Log ================ Security fixes: - Removed support for script driven images!!! (High-Tech Bridge Security Research Lab/trabis) - Fixed XSS (Cross Site Scripting) vulnerability in /include/formdhtmltextarea_preview.php (High-Tech Bridge Security Research Lab/trabis) Bugfixes: - ID: 3416069 - avatars upload problem (cesag/trabis) - MyTextSanitizer::htmlSpecialChars() using UTF-8 by default (trabis) - System Waiting block produces queries for inactive modules (trabis) - 'Selected modules does not exist' if using inactive module on startpage (trabis) - Protector Module - Added stopforumspam option (trabis) - Modules admin does not show update warning for modules that have no main. (trabis) - ID: 3411696 custom avatar is not deleted after user change avatar (sabahan) - XoopsCaptcha does not load captcha configs correctly (trabis) - XoopsCaptcha is not allowing the use of Frameworks folder (trabis) - XoopsCaptcha(Method) is not extensible enough, can't add new captcha methods without hacking (trabis) - ID: 2909799 Unbalanced [quote] introduces unbalanced "< div >" tag (ghia/trabis) - ID: 2704039 backend.php does not work in 2.3.3 (drieben/trabis) - ID: 3026492 Xoops Forms using Single Quotes For Html tags (catzwolf/trabis) - ID: 3000518 Required fields for registration are not always enforced(csware/trabis) - ID: 2795050 user profile Bug (zaza123/trabis) - ID: 3014493 SQL structure duplicates wrongly PM module table (ghia/mamba) - ID: 3139081 xoops_error displays array dump (madreus/trabis) - ID: 2937966 Reusing loop variable in preferences (ghia/trabis) - ID: 2843028 Bug fonction "checkRight" class XoopsGroupPerm (mageg/trabis) - ID: 2827946 Required list message doesn't appear (daviddu54/trabis) - cleanVars() does not enforce array() on vars of type 'array' (trabis) - XoopsUserUtility::validate() {$uid} not set in query (trabis) - ID: 3410742 Broken Message Icon Image for core pm. (sabahan/Mamba) - ID: 2672723 Changed the code in Install to omits the SQL command: "ALTER DATABASE ... CHARACTER SET ..." if it's not needed. (bs_php) - ID: 1988039 does not accept some valid email addresses (anderssk/trabis) - ID: 1889743 Installation of module fails if SQL file ends with a comment (ojobazos/trabis) - ID: 1811479 Showing the right block in the wrong place: Top page wrong d (nachenko/trabis) - ID: 3409728 PM Module : Missing message icon in readpmsg.php (sabahan/Mamba) - ID: 3409391 From module condition check error in pmlite.php (zyspec) - ID: 2959764 Path with spaces causes bad login redirect (bhardie/trabis) - ID: 2843027 Bug class criteria GroupBy (mageg/trabis) - $block = new XoopsBlock($id); not assigning block vars. (trabis) - ID: 3403521 System Block Class, getContent var case inconsistency (zyspec/trabis) - ID: 2956172 Internet Explorer 8 and Alt-attribute (drieben/mamba) - ID: 3408962 theme set during install & register (sabahan/formuss) - ID: 3408955 comment display mode standardization (sabahan/formuss) - ID: 3288975 javascript calendar date format localization (ianez/formuss) - ID: 3059263 Word Censoring Options not work (trabis) - ID: 3408572 zetadigme admin gui - top banner bug (sabahan) - ID: 3090520 class xoopsform default date (philou_themes) - ID: 3408236 PM Module - Missing Message Icon selector (sabahan/Mamba) - ID: 2340215 Not possible to use URL link in images (marcoxoops/Mamba) - ID: 3406494 Geshi support in textsanitizer, syntaxhighlight incomplete (zyspec/trabis) - ID: 3074089 XoopsModelSync, synchronization method always returns true (zyspec/Formuss) - ID: 3404935 Avatar for new users is set to 'blank.gif' (trabis/Formuss) - ID: 3407347 Somewhat weird for the xoops_data, xoops_lib directory (trabis) - ID: 3404306 message is delete directly no confirmation yes or no (trabis) - ID: 3383092 Cache problems with Stylesheets (trabis) - ID: 3406326 Setting of Message image not implemented in Core pmlite.php (Mamba) - ID: 3406244 Read/Unread PM Module indicator in Core (sabahan/Mamba) - ID: 3197093 formcheckbox.php validation not working in xoops 2.5.1a (Satrebil/trabis) - ID: 2952506 Read/Unread PM Module indicator (sarahmx/Mamba) - ID: 3404307 read and unread pm icon (Sabahan/Mamba) - ID: 3404000 display of empty profile field (sabahan/trabis) - ID: 3403568 avatar problem (sabahan/Formuss) - ID: 3291912 multilanguage Language Issue (sabahan/Formuss) - ID: 3241757 Module Update Error Messages (zyspec/Formuss) - ID: 3400039 When module is deactivated, blocks are still active (Mamba/Formuss) - ID: 3252445 Setting avatar display "off" in System Avatar has no effect (Mamba/Formuss) - ID: 2482129 Huge number of files created in /smarty_cache (trabis) - ID: 3109230 Cloned template are not accessible (Drieben/Formuss) - ID: 3288284 Uninitialized variable in gui.php (Mamba/Formuss) - ID: 3252474 Missing "Delete" action icon on Custom Avatars (Mamba/Formuss) - Fix an error for display admin template (Mage/Formuss) - Activate/Deactivate module was not updating xoops_active_modules cache file(trabis) - ID: 3273466 Banner : Add new advertiser (Tatane/Formuss) Added: - ModuleAdmin class to /Frameworks (mage,mamba) - Added renderValidationJS() for captcha (trabis) - Recaptcha catpcha support (ghia/DhSoft/trabis) - Preview button for blocks (trabis) - "admin_warnings_enable" option in xoops_data/configs/xoopsconfig.php (trabis) - Preload event 'checkcache' on header.php to allow disable caching on specific conditions (trabis) - XoopsObject::getVar() case 'n' for XOBJ_DTYPE_ARRAY/XOBJ_DTYPE_UNICODE_ARRAY to allow getting raw value (trabis) Improved: - Changed "debugLevel" default option to 2(admins only) in xoops_data/configs/xoopsconfig.php(trabis) - XoopsGroupPermHandler::getRight() as new parameter $trueifadmin to allow modules to set admin permissions (trabis) - subject icons in private messages to be set by sender and not by the system (mamba) - Blocks admin using cookies to save select boxes status (trabis) - Moved js and css from xo_scripts template into gui class(using $xoTheme) to avoid module conflicts - require class/xoopslocal.php causing problems with RMCommon (mamba/trabis) Language: - added language\english\misc.php _MSC_CLICK_TO_OPEN_IMAGE, _MSC_RESIZED_IMAGE, _MSC_ORIGINAL_IMAGE - added language\english\pmsg.php _PM_SURE_TO_DELETE - modules\system\language\english\admin\tplsets.php _AM_SYSTEM_TEMPLATES_SET - removed modules/system/themes/default/language/english/admin/admin.php _OXYGEN_XOOPSENGINE - removed modules/system/language/english/admin/blocksadmin.php _AM_SYSTEM_BLOCKS_SAVE