PmWiki 2.2.105
21 November 2017
PmWiki version 2.2.105 is now available.
Upgrading to PmWiki 2.2.105
PmWiki 2.2.105 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply PmWiki updates as new versions are released, or use Installatron's Clone feature to duplicate an existing PmWiki install to test the 2.2.105 upgrade prior to applying it live. Get started managing your PmWiki installations with Installatron
What's New in PmWiki 2.2.105
2.2.105 (2017-11-07)
- This version fixes a bug with the PQA() function causing invalid HTML with attributes glued together. The function HandleUpload() was refactored and UploadSetVars($pagename) was added to allow upload-managing add-ons to set variables more easily.
- If you upgrade from 2.2.98 or earlier, and you have custom markup rules relative to author signatures, please see note about change in 2.2.99 (documented November 2017).
2.2.104 (2017-10-11)
- This version fixes a bug with path WikiTrails reported today.
2.2.103 (2017-10-01)
- This version is a major upgrade on the internal processing of markups and patterns, all core scripts were updated to be compatible with PHP version 7.2. Whether you use that PHP version or another one, with any local configurations and custom add-ons, there should be no change for what you see, but if any problems please contact us immediately.
- Pagelists can now have optimized list=grouphomes and fmt=#grouphomes arguments to list only the home pages of your wiki groups, whether they are named Group.HomePage, Group.Group, or a custom Group.$DefaultName. Minor bugs in older xlpage scripts were fixed, the responsive skin is now compatible with even older PmWiki/PHP versions, web subtitles (*.vtt) were added as an allowed extension, input form fields can now have a "title" attribute (usually rendered as a tooltip/help balloon when the mouse cursor is over the input element), and a configuration variable $AuthLDAPReferrals was added for wikis running AuthUser over LDAP to force enable or disable referrals when needed.
- The documentation was updated.
2.2.102 (2017-08-05)
- This version reverts the patterns for text variables changed in 2.2.99, because we found that a longer text variable content may cause a blank page or an internal server error. In the page SiteAdmin.AuthList an input box was added to allow filtering of the groups or pages.
2.2.101 (2017-07-30)
- This version renames the internal constructor of the PageStore class to be compatible with both PHP 5 and PHP 7. Previously, the PageStore class had two constructors for PHP 4 and PHP 5 compatibility of which one was silently ignored, but recent PHP 7 versions display strict or deprecated notices when the PHP 4 constructor is used.
- If you must use PmWiki 2.2.101 or newer on a PHP 4 installation, please contact me so I can provide you with a workaround.
2.2.100 (2017-07-30)
- This version provides a workaround for an incompatibility with our Subversion version control system, where the $Author wiki variable was considered a Subversion variable. A fix for the responsive skin adds some spacing above the WikiText block. The documentation was updated.
2.2.99 (2017-06-26)
- This version fixes a bug where an incomplete text variable without a closing parenthesis like "(:Var:Value" could hide the remaining of the page.
- A bug was fixed where previewing a page didn't show changes to be done by replace-on-save patterns (the function ReplaceOnSave was refactored). Markup rules for previewing author signatures are no longer needed and were removed. Note that if you had custom markup rules processed before or after the ~~~ or ~~~~ author signatures may need to be set to '<[[~' (second argument of the Markup call).
- A bug and a warning for PHP 4 installations were fixed. Two minor bugs with the [[<<]] line break for the responsive skin and the $Version variable link in the documentation were fixed.
- The InterMap prefix to Wikipedia was corrected to use the secure HTTPS protocol and the documentation was updated.
2.2.98 (2017-05-31)
- This version adds a new skin that is better adaptable to both large and small screens, desktop and mobile devices (touchscreens). The new skin "pmwiki-responsive" is not enabled by default but available as an option, and as a base for customized copies. It requires a relatively modern browser (post-2009). The old skin is still available and enabled by default.
- The Vardoc links now use MakeLink() to allow a custom LinkPage function. The function ReplaceOnSave() was refactored to allow easier calling from recipes. Markup processing functions now can access besides $pagename, a $markupid variable that contains the "name" of the processed markup rule, allowing a single function to process multiple markup rules. The "*.mkv" video extension was added to the list of allowed uploads.
- A bug was fixed with the (:markup:) output where a leading space was lost. Note that the "markup" frame is now wrapped in a <pre> block with a "pre-wrap" style instead of <code>.
- A number of other (minor) bugs were fixed: see ChangeLog, and the documentation was updated.
2.2.97 (2017-04-07)
- This version fixes a bug concerning $ScriptUrl when $EnablePathInfo is set, introduced in 2.2.96 and reported by 3 users.
2.2.96 (2017-04-05)
- This version fixes a severe PHP code injection vulnerability, reported by Gabriel Margiani. PmWiki versions 2.2.56 to 2.2.95 are concerned.
- Only certain local customizations enable the vulnerability. Your website may be at risk if your local configuration or recipes call too early some core functions like CondAuth(), RetrievePageName() or FmtPageName(), before the $pagename variable is sanitized by ResolvePageName() in stdconfig.php. A specific URL launched by a malicious visitor may trigger the vulnerability.
- Most recipes call core functions from a $HandleActions function, or from a Markup expression rule, these do not appear to be affected by the current exploit.
- If your wiki may be at risk, it is recommended to upgrade to version 2.2.96 or most recent at the earliest opportunity. If you cannot immediately upgrade, you should place the following line in your local (farm)config.php file:
- $pagename = preg_replace('![${}\'"\\\\]+!', '', $pagename);
- Place this line near the top of the file but after you include scripts/xlpage-utf-8.php or other character encoding file.
- This version filters the $pagename variable to exclude certain characters. A new variable $pagename_unfiltered is added in case a recipe requires the previous behavior. The documentation was updated.
2.2.95 (2017-02-28)
- This is a documentation update version.
2.2.94 (2017-01-31)
- This version allows webmasters to configure and use both .html and .htm extensions. The cached information about whether a page exists or not will now be cleared when that page is created or deleted. The documentation was updated.
2.2.93 (2016-12-31)
- This is a documentation update version.
2.2.92 (2016-11-30)
- This version allows administrators to disable the "nopass" password by setting $AllowPassword to false. The function FmtPageName() will now expand PageVariables with asterisks like {*$FullName}. The documentation was updated.