GetSimple CMS
#1130 theme.php persistent xss injection SECURITY #1127 theme.php POST template persistent xss SECURITY #1111 page delete never fails on error #1103 Reflected XSS - Uploads section SECURITY #1131 Function createBak in 3.3.x always return false
FIX #1077 upload protection breaks on apache 1.3 FIX #1074 Stored XSS in the USER profile SECURITY FIX #1071 disabled select text color FIX #1067 Persistant/Stored XSS while creating page and also in backups SECURITY FIX #1065 uploadifybutton not themed FIX #1078 plugin api checks can crash plugins.php added GSNOPLUGINCHECK FIX #1081 x-frame can break stuff NEW #1089 format xml files
FIX #1029 page save never fails FIX #1028 gsnoframe applies to front end FIX #1048 definition check issues FIX #1043 install apache error is misleading FIX #1049 cke sperators are not visible FIX #1060 file upload security bypass, using whitelist and mime checking SECURITY FIX #1059 filebrowser arbitrary js injection SECURITY FIX #1058 thumb.php security bypass copy/move files SECURITY FIX #1057 theme-edit directory traversal SECURITY FIX #1050 Page 'Meta Description' contains Style/Script declarations FIX #1046 Persistent XSS - GetSimpleCMS 3.3.5 SECURITY NEW #1032 upload execution protection NEW #1042 new blacklist extensions NEW #1044 ckeditor keep some empty tags NEW #1051 strip shortcodes FIX #1064 plugins table has no highlight
Ensure uploads still work
FIX: #974 files does not show permissions on windows FIX: #973 image.php dir traversal SECURITY FIX: #972 log.php xss SECURITY FIX: #971 prevent backend in frames x-frame policy SECURITY FIX: #970 better cookie security SECURITY FIX: #969 backup-edit traversal SECURITY FIX: #966 Security vulns SECURITY FIX: #965 corrupt page fatal error FIX: #948 Fatal Error => zip-Backup FIX: #945 placeholder confusion FIX: #944 XML External Entity (XXE) Vulnerability in admin/api.php SECURITY FIX: #979 some debug info when uploading image FIX: #996 Reverse Proxy : url detection
#929 admin panel sidebar on Safari, weird transition #904 new page nonindex existing-url notices #903 fix undo for create new page #902 Missing argument 1 for getRegexUnicode() notices
https://github.com/GetSimpleCMS/GetSimpleCMS/issues?milestone=9&page=1&state=closed
FIX #894 component slugs case sensitive -sarnaiz FIX #891 Ckeditor toolbar newline issue -cnb FIX #867 pages cache (pages.xml) not updated after UNDO operation, in page edition FIX #866 GSSUPPRESSERRORS constant typo -flexphperia SUPRESSERRORS still works but is now deprecated FIX #825 setup form still showing on install error FIX #821 filetime uses ctime -lnickel FIX #818 scrolltofixed assets -mvlcek FIX #805 component xml corruption -emanwebdev FIX #623 Only Https for Admin issues
FIX #806 fix broken wiki links, using /docs rewrites now FIX #788 Update template.php validation issue -STudio26 FIX #797 numerous settings fields allow persistent xss FIX #793 GSUSECUSTOMSALT changes FIX #745 Formatted xml data files problems FIX #784 pagecache contains url in duplicate FIX #713 Slug matching root folder saveable -n00dles FIX #765 unable to upload jpeg (genStdThumb) -flexphperia FIX #728 no gd fatal errors -lnickel FIX #764 simplexml missing check FIX #771 upload filename cleaning @ -b3n FIX #776 json toolbar not working FIX #775 custom toolbar not working -Markus00000 FIX #524 no cache control FIX #773 add exist checks on unlink tmp files FIX #735 temp files are deleted FIX #774 uploadify does not error out FIX #772 file upload overwrite protection double encoding FIX #695 permalink not trimmed FIX #580 htaccess rewrite config FIX #812 reset password username leakage - nerdbox.it FIX #813 Ensure login logging issues do not break login
NEW #344 reset password issues NEW #790 get_Page_Excerpt refactor NEW #711 sidebar links to components, focus component content NEW #709 create component doesn't focus input NEW #750 debugLog improvements, accepts arrays as argument NEW #682 Compatibility with Apache v2.4 NEW #766 lang file loading protection NEW #770 Make installs more simple NEW #737 mb_internal_encoding not set NEW #767 Remove Yahoo ping sitemap function DEPRECATED NEW #653 header content-type utf-8 NEW #683 htaccess wrap rewrite
Patch release for v3.3.0 priority bugs.
FIX #753 support plugins that modify cke globals FIX #751 menu manager subsequent saves fail -apt FIX #744 left in debugging FIX #742 missing failedlogins.log issue
FIX #310 caching hooks unusable bug documentation Refactor FIX #363 Sitemap hooks broken, New filter added bug documentation FIX #466 Session expire redirects do not resume bug FIX #512 Install password not showing bug FIX #531 slug prefixed with dash if page title begins with a space bug FIX #576 anonymous data plugin sidemenu bug FIX #603 Edit / Pages not using page cache bug Refactor FIX #608 Install emails not received bug FIX #614 Curl init not being checked bug FIX #615 failure log corruption utf-8 cyrillic usernames bug FIX #617 backup-edit ckeditor config entities bug FIX #625 Long Site names overflow login form bug FIX #626 $EDOPTIONS comma safe bug FIX #631 cke globals are not actually global bug FIX #633 i18n_r called before lang loaded bug FIX #646 health check xml invalid if empty bug FIX #647 Logins broken by php notice/warnings bug FIX #648 Login cookie set twice bug FIX #661 admin styles are cached and old after upgrades bug FIX #667 Mail warning on install, breaks cookies bug FIX #673 ajax redirects not handled bug FIX #710 Plugins not sorted FIX #718 cannot redeclare in upload.php bug FIX #721 ck-editor IE10 fatal errors FIX #734 plugins updated js messages not translated FIX #686 setup shows the form again if there is a mail error
NEW #469 Always show component tags feature NEW #562 i18n fallback default language feature documentation NEW #589 cutting edge and betas feature NEW #605 Dynamic css classes in menus feature documentation NEW #609 Missing page cache implementations feature NEW #637 detect api timeouts for error handling feature NEW #641 better health check for disabled functions feature NEW #642 Better textarea tab spacing feature NEW #651 additional health check info feature NEW #653 header content-type utf-8 feature NEW #659 Increase cookie timeout feature NEW #664 update.php issues feature Refactor NEW #668 add page cache filter feature documentation NEW #669 add sitemap filter feature documentation NEW #674 cannot update or install from root NEW #688 lazy loading pagecache in caching functions -cnb feature NEW #711 component input focus on side nav -cnb feature NEW #705 invisible / phantom slug filters / hooks NEW #712 add editor link filter NEW #722 ckeditor upgraded to 3.6.6
Some plugins use their own ckeditor and make use of $EDOPTIONS globals, this allows them to continue without incompatabilities. $EDOPTIONS is now expected to not have commas, and will be trimmed for safety beforebeing used in edit.php
#626 $EDOPTIONS gets a , prefixed to it