Tiki Wiki CMS Groupware 9.5
28 June 2013
Tiki Wiki CMS Groupware version 9.5 is now available.
Upgrading to Tiki Wiki CMS Groupware 9.5
Tiki Wiki CMS Groupware 9.5 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply Tiki Wiki CMS Groupware updates as new versions are released, or use Installatron's Clone feature to duplicate an existing Tiki Wiki CMS Groupware install to test the 9.5 upgrade prior to applying it live. Get started managing your Tiki Wiki CMS Groupware installations with Installatron
What's New in Tiki Wiki CMS Groupware 9.5
- Security: Validate email to prevent XSS
- Security: Use parameterized queries to avoid XSS
- Security: convertSortMode must always return a string which can follow "order by"
- Security: Always use parameters in queries to prevent XSS
- Security: Login passcode: Add option to show passcode on registration form. Together with r45367, helps avoid unauthorized user trackers from being created upon registration
- Security: Register passcode: If passcode fails, also prevent user tracker item from being created.
- Enhancement: More comprehensible check for how errors are reported by PHP, [ENH] More reliable check for ini_set
- Enhancement: Allow CSS styles to know which is the current perspective
- Enhancement: flash: Add new plugin param for an alternative image URL to display when Flash Player is not available.
- Fix: Support GD v2.1 as well (in PHP 5.4) (future versions of Tiki not affected)
- Fix: Fix error 500 due to bad parameter structure
- Fix: Make tracker location items work. Also backported parts of other commits from 11.x
- Fix: That did not work with category or object permissions
- Fix: Usability fix: wording was missleading, and fixed former non-English sentences.
- Fix: Usability fix based on feedback from training provided to experienced tiki users but newbie tiki admins (the wording might be improved). Thanks ricks99 and and jonnyb for feedback
- Fix: When blog is configured to let other authors post, let them view unpublished and private posts
- Fix: Add post in the correct blog
- Fix: When the website insist on being https, do not publish http canonical links
- Fix: Clearing Tiki caches finally cleans also folders from PluginR under temp/cache.
- Fix: Columns were not sortable, making tool hard to use with many groups
- Fix: partially revert r45878. the fatal error is produced only by the call time pass by reference. this param should remain being passed by reference.
- Fix: auto_save: Check the user doing the save or preview has permission and is the one currently editing the page. Thanks Marcela B?\195?\169n?\195?\169trix Also modernise library use and fix some missing and/or unset vars. Thanks jonnyb
- Fix: Restore pagination (thanks Torsten)
- Fix: The Id column is now also sortable
- Fix: Fix warnings which interfere with proper XML syntax in RSS feeds
- Fix: when a user is removed, remove it's reports preferences and cache. thks sampaioprimo
- Fix: Usability fix: count number next to numeric options (e.g. 1 to 5 in radio buttons, which can be quite common in surveys) and no column names is missleading for end users. Added a param to allow removing the count number, at least, since the user can display results in bars or percentages which is much less missleading. Not commited to 11.x but to trunk since there is no such file there (!)
- Fix: Usability fixes: calendarid param was lost after each new edition through the convene js interface, and the icon at the bottom to add the date to the calendar is nowadays only shown after a minimum number of votes have been cast, to prevent new users clicking at the icon when all dates have the icon (at the beginning) assuming that this is the way to indicate their choices (minvotes set to 3 by default, but overridable with a param)
- Fix: Call-time pass-by-reference has been deprecated in PHP 5, and in PHP 5.4, '&$watches' produced 'Fatal error'. Thanks lph and jonnyb for feedback on this issue.
- Fix: Use same default expiration date in profiles as for normal article creation
- Fix: Actually show newest articles on top
- Fix: trackerlist: export link fix when no sefurl (and add missing service dialog)
- Fix: Since the Jison Parser is only for programmers for now, removing from the admin panel. The problem is that end users tend to click everything to try stuff, but then, they report bugs and don't know they are Json Parser bugs
- Fix: jison parser: Disable feature_jison_wiki_parser in the systemConfiguration, which switches it off and disables the prefs needed to turn it back on. This is to reduce support issues resulting from people trying it out by mistake and running into trouble. Can be overridden by just commenting the line out, or adding it to a tiki.ini file, for development (thanks marclaporte)
- Fix: Various improvements and documentation to Registration Passcode to block automated spammers. Used double-quotes instead of single quotes, which is better for translations
- Fix: Display article type attributes in predictable order
- Fix: Backport/trunk 45600 - lucene issue with german locale in windows
- Fix: Option allowing to make freetags less invisible, like in Tiki3
- Fix: Don't show Slideshow button if feature not active
- Fix: ReCaptcha: Widget was disappearing when a wrong antibot code was entered and was displaying error messages when a correct one was entered. Also, just show error message once. Still disappears when a pretty registration tracker is used (smarty tpl variables don't seem to be recognized)
- Fix: Clean the pdf output generated by PluginR. Thanks jyhem
- Fix: If admin validation is on, and user has been approved, resend email does not go to user
- Fix: Translation: Disable full screen side-by-side translation for wysiwyg (messes up the page layout badly)
- Fix: pref permission_denied_login_box must take precedence over permission_denied_url
- Fix: Copyright generation needed to be modified because of allura migration
- Fix: If template is translated, use correct language version of template
- Fix: Don't show useless template drop-down when no choice available
- Fix: Make it possible to change single category selection more than once
- Fix: As per discussion at http://thread.gmane.org/gmane.comp.cms.tiki.devel/29609 and http://tiki.org/Profiles+Team, to have more robust default settings, changing the default for CodeMirror to off.
- Fix: Prevent adding relation to blank item as it causes fatal error on save
- Fix: Show realname with avatar instead of ID-card-number or other potentially sensitive information (from LDAP auth) when pref user_show_realnames is selected.
- Fix: menupage module: Add perms check on the wiki page (thanks marclaporte)
- Fix: menupage module: Add error message if no tiki_p_view on page
- Fix: Set playlist order in the standard default from youtube which allows users to fix a wrong order in publishing time (longer videos take longer to upload than shorter ones even if they were meant to be the first ones), allowing backwards compatibility by the addition of a param to choose previous sort order or any other of the available according to youtube. Thanks marclaporte for showing me this module, which I didn't know before your example with my first tutorial playlist.
- Fix: Time limits of 0 also mean unlimited in php.ini, [KIL] Duplicate code
- Fix: check: Add test for GD Freetype support (required for CAPTCHA image generation)
- Fix: check: Test for existence of GD functions before calling as they don't exist if the extension isn't there (thanks marclaporte)
- Fix: 44936 was a partial bp of 44893 to 10.x and creates a minimal fix for html tags being displayed for posts created in the wysiwyg editor (thanks jonny)
- Fix: print (wiki page): keep _all_ URL params - useful when you have e.g. TRACKERLIST plugin on a page and using tr_user=foo or other custom params to print the same content as displayed
- Fix: print: Add all auto_query_args to print icon link so itemId etc get carried through (thanks eromneg)
- Fix: entering and leaving category mail notifications: fix the links to the objects
- Fix: The entire way pagination is handled should be reviewed, but this prevents from loading as many entries as there are pages (and parsing those entries). Thanks lph, marclaporte and precarios.org