Concrete CMS 5.6.3

14 March 2014

Concrete CMS version 5.6.3 is now available (major release).

Upgrading to Concrete CMS 5.6.3

What's New in Concrete CMS 5.6.3

• Languages bundled with concrete5 can now be selected through Installatron.

• Languages with greater than 90% completion are now included in concrete5, meaning they can be installed immediately (thanks international team, included mlocati, hissy, Remo, patrickheck, more...)
• Much Improved Stacks, including the following new features (thanks Mainio!): Add block from clipboard, Rename the stack, Duplicate the stack, and Reorder stacks.
• Added task permission to control who can export users from user search.
• Added the ability to add one permission line or remove one permission line from pages in bulk.
• User selector now has the ability to clear the user (thanks NazWeb)
• Much improved user password hashing, security improvements and hardening (thanks bdsl!)
• TinyMCE is now localized (thanks mlocati and tao-s)
• You can now test your email settings from the email settings dashboard page. (thanks mlocati!)

• Retain multibyte file titles when uploading files in other languages (thanks hissy).
• Usernames can now contain periods in the middle (not at the beginning or end) (thanks mlocati.)
• Page attributes are now listed by attribute set display order, if they happen to fall into one (thanks jordanlev)
• Various localization fixes and additions (thanks mlocati, Remo, ojalehto, patrickheck)
• Profile pages are now translateable (thanks Remo)
• Can override Block assets from a package https://github.com/concrete5/concrete5/pull/1419 (ojalehto, remo)
• Refactored generate sitemap job for better extensibility and readability (thanks Remo and mlocati.)
• Package items are localized when uninstalling (thanks mlocati.)
• Date picker is better localized, reducing bugs (thanks patrickheck)
• Add version to installation screen https://github.com/concrete5/concrete5/pull/1424 (thanks mesuva)
• Better support for mysqli in certain query situations (thanks NazWeb)
• Area names now appear translated (thanks Remo and mlocati)
• Additional CSS classes for core components now present (thanks Remo and mlocati)
• Better localization of some displayed dates and times (thanks mlocati)
• You can now clear alternate file storage locations.
• We now use Imagick for image resizing if it happens to be installed (thanks JeffPaetkau!)
• Defaulting session cookie to httpOnly (thanks Indrek Kõnnussaar)
• Faster page publishing when using composer and publishing to a location of the site with a large number of peer pages (thanks hutbert)

• Better sanitization integer value in cID parameter so you can't trigger an exception by passing an array as cID (Note: no SQL injection possible in this bug – just an ugly exception error display.)
• Fix bug where custom templates applied to blocks weren't always displayed on blocks in pages when those blocks used output caching.
• Page Search Index content field is now larger (thanks mlocati.)
• Fixed bug in advanced permissions where dragging an empty label or an un-saved label and then editing it could modify other permission rows.
• Date Archive block threw error on some php installations due to case of loader call
• Disable on_render_complete on upgrade
• Package update improvements when downloading from concrete5.org
• Fixed group related ID bug when using MySQL in a different auto increment setting (thanks chemett.) Related discussion here: http://www.concrete5.org/developers/bugs/5-6-2-1/install-fails-with-mysql-auto-increment-offset-set/
• Resolved issues in OpenID authentication that broke OpenID on PHP 5.3, and resulted in other errors.
• Fixed http://www.concrete5.org/developers/bugs/5-6-2-1/copy-php-code-to-blogs-description-area-is-buggy/
• Better implementation of the "remain logged in" cookie (thanks Indrek Kõnnussaar and others for pointing out the issues.)
• Fixed potential sql vulnerability here: http://www.concrete5.org/developers/bugs/5-6-2-1/item-list-pagination-unsanitized-current-page/
• Job installation message typo (thanks bluefuton)
• CSRF Protection in Edit Profile Page (thanks Indrek Kõnnussaar)
• XSS Flaw fixed in Public registration page (thanks Indrek Kõnnussaar)
• Fixed http://www.concrete5.org/developers/bugs/5-6-2-1/error-when-pasting-scrapbook-from-clipboard/
• Fixed http://www.concrete5.org/developers/bugs/5-6-1-2/overriding-single-pages-within-a-theme-package/
• Stronger anti-session-fixation measures
• Fixed http://www.concrete5.org/developers/bugs/5-6-2-1/adding-datetime-user-attribute-required-on-registration-form-blo/
• Fixed area handles with special characters in block delete https://github.com/concrete5/concrete5/pull/1324
• FileSet::populateFiles respects display order
• Blog Entry date formatting for localization https://github.com/concrete5/concrete5/pull/1317
• Blog Thumbnail data localization fix https://github.com/concrete5/concrete5/pull/1327
• Profile date format for localization https://github.com/concrete5/concrete5/pull/1339
• Prevent very high numbers in sitemap totals https://github.com/concrete5/concrete5/pull/1338
• Improve export on some charsets https://github.com/concrete5/concrete5/pull/1335
• Fixed http://www.concrete5.org/developers/bugs/5-6-2-1/javascript-errors-when-adding-select-attribute-values/
• Fixed bug "Custom block design / Collection Versions / design is lost after block reorder" - thanks mlocati.
• Fixed http://www.concrete5.org/developers/bugs/5-6-2-1/adding-background-design-to-main-area-causes-all-stacks-placed-o/#discussionpost
• Fixed http://www.concrete5.org/developers/bugs/5-6-2-1/non-translated-value-select-some-options/ (thanks mlocati)
• Fixed bug with blocks being kicked out of layouts after move - thanks mlocati
• Fixed http://www.concrete5.org/developers/bugs/5-6-2-1/unable-to-add-tags-block-to-a-stack (thanks mkly)
• Fixed group enter/exit events not firing when a user is updated in the dashboard
• Fixed http://www.concrete5.org/developers/bugs/5-6-2-1/fatal-error-during-upgrade-due-to-missing-administrators-group/
• Fixed http://www.concrete5.org/developers/bugs/5-6-2-1/event-handlers-during-upgrade-process/
• Prevented ccm.sitemap.js 404 in registration form https://github.com/concrete5/concrete5/pull/1357
• Changed job queue batch size to a 10 and added constant JOB_QUEUE_BATCH_SIZE
• Fixed error in sitemap index with blocks that no longer exists https://github.com/concrete5/concrete5/pull/1363 (thanks akodde)
• Fixed http://www.concrete5.org/developers/bugs/5-6-2-1/call-to-a-member-function-submit-on-a-non-object-on-backup-datab/
• Fixed http://www.concrete5.org/developers/bugs/5-6-2-1/error-messages-not-shown-in-backup-page/
• Fixed http://www.concrete5.org/developers/bugs/5-6-2-1/illegal-job-run-duration-causes-a-database-exception/
• Fixed http://www.concrete5.org/developers/bugs/5-6-2-1/cannot-save-versions-repost/ (thanks mkly)
• Fixed http://www.concrete5.org/developers/bugs/5-6-2-1/form-date-field-xss-bug/#598679 (thanks patrickheck)
• Fixed http://www.concrete5.org/index.php?cID=574181 (thanks patrickheck)
• Fixed http://www.concrete5.org/developers/bugs/5-6-2-1/jobs-concrete5-5.6.2-dropped-api-support-for-jhandle/
• Fixed some full path disclosure bugs in certain newer dashboard files (thanks Osanda)
• Fixed http://www.concrete5.org/developers/bugs/5-6-2-1/url-slug-suggestion-is-too-slow-when-adding-new-pages/
• Fixed http://www.concrete5.org/developers/bugs/5-6-2-1/survey-details-does-not-include-anonimous-responses/ (thanks mlocati)
• Fixed bug when editing page type defaults for page types that had an apostrophe in them.
• Fixed http://www.concrete5.org/developers/bugs/5-6-2-1/php-warning-on-add-blockadd-date-navigation-page/
• Fixed some package urls to all be relative https://github.com/concrete5/concrete5/pull/1348
• Fixed http://www.concrete5.org/developers/bugs/5-6-2-1/search/#559776 (thanks mlocati)
• Fixed missing translation in Bulk SEO Tool https://github.com/concrete5/concrete5/pull/1409
• Fixed http://www.concrete5.org/developers/bugs/5-6-2-1/form-block-file-upload-issues/ (thanks mlocati)
• Fixed http://www.concrete5.org/developers/bugs/5-6-2-1/youtube-block-firefox-v.23-blocked-loading-mixed-active-content/ (thanks Remo)
• Fixed redirect and XSS flaws in download file single page. (Thanks @OsandaMalith !)
• Fixed http://www.concrete5.org/developers/bugs/5-6-2-1/unhandled-exception-when-downloading-invalid-files/ (thanks mlocati)
• Fixed http://www.concrete5.org/developers/bugs/5-6-2-1/language-for-new-users-should-be-same-as-default-language-5.3.rc/ (thanks mlocati)
• Fixed http://www.concrete5.org/developers/bugs/5-6-2-1/strings-break-from-getjavascriptstrings-to-ccm_t-if-they-include/ (thanks mlocati)
• Fixed http://www.concrete5.org/developers/bugs/5-6-2-1/dashboardsitemap-deleting-fails-because-string-is-not-escaped/ (thanks remo)
• Fixed http://www.concrete5.org/developers/bugs/5-6-2-1/mail-helper-reply-to-header-set-twice/ (thanks Remo)
• Fixed http://www.concrete5.org/index.php?cID=554715&editmode= (thanks mlocati)
• Fixed http://www.concrete5.org/developers/bugs/5-6-2-1/ghost-execution-of-queuable-jobs/ (thanks JohnTheFish)
• Fixed http://www.concrete5.org/developers/bugs/5-6-2-1/slices-of-many-queable-jobs-could-be-executed-together/ (thanks JohnTheFish)
• Fixed http://www.concrete5.org/developers/bugs/5-6-2-1/spaces-in-stateprovince-kill-js-on-user-edit-page./
• Fixed http://www.concrete5.org/developers/bugs/5-6-2-1/blog-date-archive-block/#573700 (thanks mlocati and Guido)
• Fixed "regular expression too large" error that could occur when using code that used the URLify library.
• Moved on_page_view event to be process.php's inclusion for improved multilingual support with the Multilingual Add-On (allowing for localization of the form block, etc...)
• Fixed http://www.concrete5.org/developers/bugs/5-6-2-1/rss-link-broken-when-using-a-custom-template-for-page-list-block/#597918

• Some code cleanups for Strict and Notice
• Code cleanups (thanks ojalehto)
• URLify library updated to latest version.
• Select attributes now allow users to add new values through code through setAttribute, if the attribute allows it.
• New build process through Grunt should improve the PHP short tag to full tag conversion, automatically downloads nearly completed languages, and clarifies and simplifies our toolchain.