XOOPS: XOOPS 2.5.6 正式版发布

发布者: Mamba在 2013/4/28 21:30:00 42713 阅读次数
XOOPS 开发团队 欣喜地宣布发布 Xoops 2.5.6 最终版。 本版本重点是使XOOPS 2.5.6与 PHP 5.4.x 兼容,加强安保,并更新外部库到最新版本: - Smarty 2.6.27 - TinyMCE 3.5.8 - jQuery 1.8.3 - jQueryUI 1.10 由于本版本包含安全修复,强烈建议尽快更新到本版本! 有关更多详细信息,请参阅变更日志。 重要提示: ----------------------------------- 由于安全性的变更,可能会发生某个或两个模块在管理员端权限保存不起作用的情况。我们正在完成基本模块包,其中所有模块都已在XOOPS 2.5.6上进行测试。请查看XOOPS网站上的特别公告,了解更新的模块,或在XOOPS论坛上提问。或者,您可以在/docs文件夹中的"fixing_permissions.txt"文件中找到有关如何自行修复的更详细的信息 请在本论坛发布并讨论与此版本相关的所有问题。 我们还需要帮助进行 使用Transifex进行翻译 系统要求 ----------------------------------- PHP: 任何PHP版本 >= 5.3.7 (强烈推荐PHP 5.4+) MySQL: MySQL服务器 5.0+ Web服务器: 支持所需PHP版本的任何服务器(强烈推荐Apache) 下载XOOPS ----------------------------------- 您可以从Sourceforge仓库获取此发布包。提供.zip和.gz存档。

在XOOPS中安装(新安装) ----------------------------------- 1. 复制 htdocs/ 目录的内容,以便您的服务器可以访问它 2. 确保主文件 mainfile.php 和 uploads/ 目录可由Web服务器写入 3. 考虑到安全因素,建议您将 "/xoops_lib"(XOOPS库)和 "/xoops_data"(XOOPS数据)目录从文档根目录移出,并更改文件夹名称。 4. 确保以下目录可由Web服务器写入:- uploads/、- uploads/avatars/、- uploads/images/、- uploads/ranks/、- uploads/smilies/ 和 xoops_lib/modules/protector/configs/,以及以下文件:- mainfile.php 和 - include/license.php 5. 使用您的Web浏览器访问安装htdocs/文件所在的文件夹,以启动安装向导 文档:请查阅 详细的安装指南操作指南 在XOOPS中安装Protector ----------------------------------- 我们还强烈建议安装 PROTECTOR 模块,它将为您的网站提供额外的安全保护功能。 从旧版本升级 ----------------------------------- 从2.5.5升级到2.5.6最终版: 1. 从SourceForge文件存储库获取正确的更新包。 2. 使用upgrade文件夹中的内容覆盖您服务器上的XOOPS目录 * 请确保将 上映地的佈督文件/xoops_lib的内容复制到服务器上您当前保留的任何目录(应该是您的当前XOOPS_TRUST_PATH目录),然后删除/xoops_lib目录。不能有两个包含/xoops_lib内容的目录。 3. 前往您的网站地址(URL),以管理员身份登录,并从这里运行升级。完成后,请删除/upgrade文件夹。 4. 如果未在上述升级过程中完成,请从模块管理界面运行“系统”模块的更新。其他模块,特别是“配置文件”、“站内信”和“Protector”,也建议进行更新。 从2.5.5之前的旧版本进行升级(完整更新): 0. 确认系统需求,特别是PHP的版本。备份您的XOOPS数据库和网站目录。(关于执行这些操作的几种方法已在其他地方讨论过。)关闭您的网站是可选的。将 mainfile.php 和 /include/license.php 的权限设置为可写入,例如:文件通常为升级 mainfile.php 400 700 /include/license.php 444 777 从SourceForge文件存储库获取XOOPS 2.5.6包。 1. 如果未在upgrade包文件夹中,将“upgrade”文件夹移动到“htdocs”文件夹内部。如果“htdocs”文件夹中有,请删除install文件夹以及mainfile.php文件。如果您已将xoops_data和xoops_lib文件夹移至网站上根目录之外,请将升级包文件夹中的“htdocs”文件夹内的这些文件夹移出。 2. 删除当前XOOPS网站上/modules/system目录(以删除任何旧的无用文件)。 3. 使用升级包的“htdocs”文件夹的内容覆盖当前XOOPS网站上XOOPS目录中的文件。(关于执行此操作的几种方法已在其他地方讨论过。)如上所述,如果已重新定位,请将当前xoops_data和xoops_lib中的文件用升级包中的内容覆盖。 4. 如果之前已安装Protector,请打开 mainfile.php 文件,并删除预检查和后检查行(如果存在): include XOOPS_TRUST_PATH.'/modules/protector/include/precheck.inc.php' ; include XOOPS_TRUST_PATH.'/modules/protector/include/postcheck.inc.php' ; 5. 登录到您的网站地址(URL),并以管理员身份访问/upgrade/ with a browser, and follow the instructions (and any for updating your XOOPS database). After all updates have been applied (green checkmarks), note the link in the Updater to update the "system" module, and do so. 6. Delete the "upgrade" folder from your site's "htdocs" directory. 7. Update (reload) other modules, especially "Profile", "PM", and "Protector," if necessary. 8. Change permissions on the files noted above back to their normal state. 9. Turn your site back on, if you turned it off earlier. Debug information display level ----------------------------------- Since XOOPS 2.3.1 debug information display level is enabled as a temporary solution for 2.3* to show debug information to different level of users: to all users, to members or to admins only. The configuration can be set in /xoops_data/configs/xoopsconfig.php As a default, the display level is set for 2 (Admin only). Files integrity check ----------------------------------- The full XOOPS package is released with a script able to check if all the system files have been correctly uploaded to the server. To use it, follow these instructions: 1. Upload the checksum.php and checksum.md5 files located in the XOOPS package root to your XOOPS server folder (putting them next to mainfile.php). 2. Execute checksum.php with your browser 3. If necessary, re-upload the missing or corrupted system files 4. Remove checksum.php and checksum.md5 from your server Modules ----------------------------------- This release contains only the "system-related modules". You are invited to browse the XOOPS modules repository to if you need additional functionality. Note: as a new repository is being built, the current repository is not up-to-date, PLEASE VISIT INDIVIDUAL DEVELOPERS' WEBSITES TO MAKE SURE YOU ARE USING LATEST VERSION OF MODULES. How to contribute ----------------------------------- Bug report: http://sourceforge.net/tracker/?group_id=41586&atid=430840 Patch and enhancement: http://sourceforge.net/tracker/?group_id=41586&atid=430842 Feature design: http://sourceforge.net/tracker/?group_id=41586&atid=430843 Release announcement: https://lists.sourceforge.net/lists/listinfo/xoops-announcement We would like to thank all developers who contributed fixes to this release (Mage, ForMuss, Trabis, Mamba, DCrussader, XavierS, Cesag, Timgno, Culex, Luciorota, Geekwright, Tatane, PMartina, Paul, Alain091, Voltan, Xoobaru), and all our users who helped us with testing. XOOPS Development Team April 28, 2013 ========================== Change Log for XOOPS 2.5.6 Final ========================== Security fixes: - XSS/CSRF vulnerability in system/admin/groupperm.php (Dingjie Yang,Qualys/trabis) - XSS/CSRF vulnerability in system/modulesadmin/main.php (Dingjie Yang,Qualys/trabis) - XSS/CSRF vulnerability in system/admin/blocksadmin/main.php (Marcin,Ariko-Security Team/trabis) - LFI vulnerability in system/admin/tplsets/jquery.php (Marcin,Ariko-Security Team/trabis) Bugfixes: - updated English translations (Cesag,Mamba) - extra check for $noHtml in XoopsEditorHandler->get (luciorota) - fixing $GLOBAL typo in jquery.php (Zyspec) - Array to string conversion (geekwright/mamba) - issues with missing xoopscomments table (geekwright/sabahan/Mamba) - bug with using reference for non-variables (geekwright/mamba) - number of users when "all groups" selected was wrong (tatane/mamba) - fix for potential lack of rendering css and javascript in Installer on the last screen (culex) - fix for missing Protector logo under PHP 5.4 (mamba) - replacing ereg with preg_match in userutility.php (pmartina/paul) - #1219 dhtmltextarea editor accent not displayed (cesag/alain091) - added missing call for user language in /profile/index.php (xoobaru/zyspec) - errors related to static functions, so it works on PHP 5.4 (Mamba) - bug #1245 in class XoopsLoad.php (Alain91) Updated: - TinyMCE to 3.5.8 (mamba) - Smarty to 2.6.27 (mamba) - jQuery to 1.8.3 (mamba) - jQueryUI to version 1.10 (mamba) Added: - Fast Comment Hack (Voltan) Languages: ADDED/DELETED DEFINES - none