Trace: • 1.0.1
Updating from Jelix 1.0
This release fix only some few little bugs and a vulnerability in phpMailer (jMailer). You don't have to do change in your source code. However, you must follow this instructions:
- You can replace safely the lib directory by the new one provided in the jelix 1.0.1 package.
- To improve security in existant applications :
- add a .htaccess file which contains “deny from all” in temp/ directory and in your applications directories.
- add a .htaccess file which contains “allow from all” in the www directories of your applications
- delete all files in the temp/ directories
- new jacldb module with a listener which allow to register automatically a user in jAclDb when the user is created (#412)
- new jacl plugin for the coordinator, to check rights on each actions (#413)
- new formdatas plugin for template, to only display datas of a form (#427)
- jForms: added some css class on some controls
- improvements on error messages and API documentation (#414, #422, #424)
- a vulnerability in phpMailer (jMailer) (#437).
- temp directory was not protected and content of compiled ini file was readable, when creating an application with createapp. Added some .htaccess files (#415).
- simple php tags should not be allowed in template (#426)
- sql error on dbAclDriver::getRight when a user is not in a group (#412)
- there was the same id on multiple submit (#430)
- jforms should have a workaround for a ie6 bug on multiple submit. submit button are replaced by submit input (#431)
- jControllerDaoCrud: datas of controls with multiple values are not loaded for the view action (#433)
- jDbTools, mysql driver : in some version of PHP/mysql, the default value on a field is not always an empty string or a null value (#432)
- calling jCoordinator::getController twice for the same controller generates an error (#416)
- problem with the cookie path in jAuth (#435)
- Generated scripts under windows should contain path with slashes (#419)
- error of context in junittests controller (#421)
- the INSTALL file was not updated (#411)