Chamilo 1.11.26
27 September 2023
Chamilo version 1.11.26 is now available (security release).
Upgrading to Chamilo 1.11.26
Chamilo 1.11.26 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply Chamilo updates as new versions are released, or use Installatron's Clone feature to duplicate an existing Chamilo install to test the 1.11.26 upgrade prior to applying it live. Get started managing your Chamilo installations with Installatron
What's New in Chamilo 1.11.26
Security
- System: Security: Add header rule to avoid MIME-sniffing
- Security: BigUpload: Remove unused method to upload file
- Remove unused big_upload files
- Security: sanitize file name when uploading chunks with bigUpload
- Learnpath: Security: sanitize params when executing converter
- System: Security: one more indication for a missing line on how to fix an apache problem present since version 2.4.38-3 with rediction of URL with spaces not working any more
- Fix "deny from all" statements in .htaccess files "Deny from all" statements do not work in Apache 2.4. They are replaced by "Require all denied". A check was added to make the .htaccess files work with both Apache 2.2 & 2.4.
- Security: Rename htaccess file by replacing case-insensitively See https://github.com/chamilo/chamilo-lms/commit/dc7bfce429fbd843a95a57c184b6992c4d709549#r127629622
- Use form element with html_filter when adding user
- Security: Avoid wrapping commands in double quotes as escapeshellarg() does not escape them from args
- Security: Add redirect to .htaccess to avoid direct access to bigupload temporary upload directory
- Security: Sanitize file name when uploading chunks with bigUpload (2)
For Developers and Sysadmins
- Admin: Add configuration setting 'lp_hide_copy_option' to add option to hide copy function in the LP authoring's options
For Users
- Plugin: BuyCourses: Improve display headers in sales reports
- Internal: Avoid notice by checking existence of variable in api_get_configuration_value()
- Internal: dropZone parameter was speficied incorrectly, assigning larger area to dropzone for multiple-upload
- Dropbox: Flash messages not shown after simple upload
- Dropbox: Fix "view" parameter check
- Survey: Fix start/end dates incorrectly formatted when editing meeting
- Survey: Fix multiplechoiceother results export
- Exercise: Fix missing initialization of speeds for reading comprehension test
- Internal: Bump PHP version to 7.4 in .scrutinizer.yml
- Exercise: fix issue of wrong registered answer count du to response with value '0'
- Exercise: Fix Fill in the blank answer presentation to show all the student answers every time but the response only on last attempt
- Session: Ensure session ID exists in subscribeUsersToSession() and unsubscribe_user_from_session()
- Admin: Add option to export last login in user export
- Admin: Fix "off by one" issue with user/course export optimization
- Course Progress: fix error when exporting progress when no thematic where set
- Catalogue: add pagination on top of course list
- Plugin: BuyCourses: Set default values to avoid notices
- Exercise: Refactor exercise url params
- Exercise: Fix set custom speeds
- Learnpath: fix scorm reimport functionnality broken by commit #7ca2c5eaa795de1010b7c6913619832ce1694b0d
- Session: fix problem with names containing quotes, that break the javascript
- Legal: redirect to terms and conditions after registration if enabled
- Group: delete all references to a group even if the reference is with another course (which should not happen but happens sometimes)
Web Services
- Webservice: Add error message to add_group_sub_user if user or group ID not defined
- Webservice: Add support service to get social groups/classes of a given user
Known Issues
- The Zoom plugin fails on one of the endpoints for reasons that seem to be on the Zoom side.