php-dotclear: update to 2.16
upstream changes: ----------------- Dotclear 2.16 - 2020-03-13 =========================================================== * 🐘 PHP 5.6+ is required, PHP 7.4 compliance * 🛡 Security: all requests from/to Dotclear and DotAddict servers use now HTTPS * jQuery upgraded to 3.4.1, older version will be removed, jQuery not anymore requested for "Remember me" feature * New "static" mode for home page * Media description may now be updated * Add <i [lang="…"]>…</i> support to Dotclear wiki, syntax: ££text[|lang]££ * Lib: Update Codemirror to 5.52.0 * Lib: Update CKEditor to 4.14.0 * Lib: Clearbricks now supports MySQL 8+ * 🐛 → Various bugs, a11y concerns and typos fixed * 🌼 → Some locales and cosmetic adjustments Dotclear 2.15.3 - 2019-11-28 =========================================================== * Fix: Avoid weird side-effect of JS minifier * Fix: insertion of default type media (non image/audio/video) in XHTML entries * Fix: Cope with old themes for 'remember me' string defined in JS Dotclear 2.15.2 - 2019-10-01 =========================================================== * Fix: Ajax saving of files in theme editor when using codemirror * Fix: Video insertion with CKEditor or LegacyEditor * Fix: Badge position for dashboard modules counters Dotclear 2.15.1 - 2019-08-29 =========================================================== * Fix: SQL request for CSP unsafe-inline setting * Fix: CKEditor configuration for foreign language (unabled to save post modifications) Dotclear 2.15 - 2019-08-13 =========================================================== * 🐘 PHP 5.6+ is required, PHP 7.3 compliance * Add drag'n'drop sorting system for dashboard blocks * Backend context is preserved on switching blog (as far as possible, depending on user's grants) * No more inline javascript, default/install CSP directive modified accordingly * Add settings (in maintenance plugin) for CSP system * Set correct lang attribute (useful for browser/editor spelling) for content (post/page) depending on entry setting, and CK editor UI in user language * Add spellcheck="true" attribute on input/textarea * Refactoring of notices/messages system on backend * Add undo/redo buttons to CKEditor toolbar * Add title/legend reminder on media popup insertion (1st tab) * Add font loading capabilities for ?pf= system - plugin are now able to load css fonts * Add WebP image format support to Dotclear (may depends on your server PHP capabilities) * Add <sub>…</sub> support in Dotclear wiki, syntax : _indice_ * Template system: Allow ?sub for category/categories attributes of tpl:EntryIf, and for url/urls attributes of tpl:CategoryIf * Responsive tables/lists (posts, pages, users, …) * Spams preview (administrative board) now shows HTML code rather than interpreted content * Fix: port used behind reverse proxy (Clearbricks) * Lib: Update Codemirror to 5.48.0 * Lib: Update CKEditor to 4.12.0 * 🗑 → No more flash players (flv,mp3) * 🐛 → Various bugs, a11y concerns and typos fixed * 🌼 → Some locales and cosmetic adjustments Dotclear 2.14.3 - 2018-09-26 =========================================================== * 🛡 Security: Avoid XML upload in media manager * Fix: Upgrade modification for media_exclusion default setting * Fix: cope with PHP.ini setting memory_limit set to -1 (unlimited) Dotclear 2.14.2 - 2018-09-04 =========================================================== * 🛡 Security: Authenticated cross-site scripting (XSS) was possible due to the .ahtml (or .bhtml, .chtml, …) file extension being allowed in the media manager. Thank's Josiah Pierce for report (CVE-2018-16358) * 🛡 Security: Unregister phar wrapper in order to avoid PHP Phar extension vulerability * Fix: Enter key in some input fields were not redirect to the parent form * Fix: Unable to save modified theme's files in theme editor, when Codemirror is used * Fix: Back to the original global_filters() template function (will be rewritten in the next 2.15) Dotclear 2.14.1 - 2018-08-17 =========================================================== * 🐘 PHP 5.6+ is required - PHP 5.5 is buggy with the 2.14 release * Fix: install wizzard was broken * Fix: smallest admin font size was set when saving user prefs * Fix: minifying JS scripts may cause problems with regular expressions * Fix: empty JS var was set for syntax coloration if disabled Dotclear 2.14 - 2018-08-13 =========================================================== * 🛡 Security: Fix potential reflective XSS, thank's Zekvan Arslan for report (via Daniel Bishtawi from https://www.netsparker.com/) * 🐘 PHP 7.2 compliance * Use specialized fields whenever it's possible (email, …) * Add definition list capabilities (dl, dt, dd) to wiki (= <term>, : <definition>) * Add <sup>…</sup> support in wiki, syntax : ^exponant^ * Add syntax property/method to dblayer driver * Replace some js oriented background fading by CSS3 animation * Enhance some visual focus indicators * Enhance key event management in popup (Esc, Enter, …) * Template filters may now be extended (or modified) by 3rd party plugins (via behaviors) * PSR-2 code formatting as far as possible (work in progress) * Add two new ways to order tags (by oldest or newest associated post publication date) * Update Codemirror to 5.38.0 * Update CKEditor to 4.9.2 * Update jQuery migrate plugin to 1.4.1 * Update jQuery UI (custom) 1.12.1 * Add a dark mode (via user preferences) for administration, CSS refactoring * Animate some counters on dashboard icons (nb of comments, spam comments and posts) * 🐛 → Various bugs and typos fixed * 🌼 → Some locales and cosmetic adjustments Dotclear 2.13.1 - 2018-01-27 =========================================================== * Fix: Weird behaviour of theme editor when typing any of "t", "r", "u" and "e" characters * Fix: Unable to save an entry with dcLegacyEditor in XHTML mode, visual pane Dotclear 2.13 - 2018-01-13 =========================================================== * 🐘 PHP 5.5+ is required * 🛡 Security: New password management system (including silent migration) * 🛡 Security: Add Referrer-Policy header in admin pages * 🛡 Security: Fix potential XSS - thank's Trí Chim Trích for report * Dotclear news are now displayed in async way by js * Dotclear core update check is now done by async js - a forced check may still be done on <admin>/update.php page * Add utf8mb4 driver (MySQL server 5.7.7+) * Add target="blank" option in simpleMenu * Update CKEditor from 4.6.2 to 4.7.3 * Update CodeMirror from 5.25.1 to 5.32.1 * Add required attribute for mandatory fields * Fix: Avoid horizontal scrolling table when longest comment's usernames in list of comments * Fix: Cope with MySQLi connection via socket * Fix: Error messages markup and styling * Fix: Set caret at the end of the inserted thing (img, url, blockquote, …) in Legacy editor if current selection is empty * Fix: Cope with query part only in SimpleMenu URLs * 🐛 → Various bugs and typos fixed * 🌼 → Some locales and cosmetic adjustments Dotclear 2.12.2 - merged in 2.13 =========================================================== * Fix: lang attribute was missing on entry alone contexts for currywurst and dotty templatesets * Fix: Add http:// protocol before media.dotaddict.org for csp_admin_img * Fix: tpl:sysIf blog_lang generated code * Fix: Duplicate auto-generated URI (entries) * Fix: Do not use border and background on select to use the system aspect of them in Firefox. * Fix: For select element, target Safari to cope with font-size select/option problem. * Fix: Error messages styling Dotclear 2.12.1 - 2017-08-13 =========================================================== * Fix: 3rd party filters for template tags (std filters are not more modifiable) * Fix: Media filename are now used without modification for media title on upload (advanced mode) Dotclear 2.12 - 2017-07-27 =========================================================== * 🛡 Security: Fix potential XSS * 🛡 Security: Enforce uniqness of the recovery key * 🛡 Security: Switch hash method from sha1 to sha512 (new installation only) * Two new values for base font size (37.5% and 87.5%) * Adaptive admin font size is now optional * Reduce base font size on very small devices * Refactor some functions to closures * No CSP directives in safe mode * Add current blog domain for script and style CSP directives * Backlinks: * Retrieving ping URLs, let trackback first, then pingback, then finally webmention * Get source post content to compose webmention excerpt and retrieve title * Use source post title as blog name if this one is unknown (Anonymous blog is used if neither title nor blog name are known) * Datepicker's look refreshed * Allow 3rd party additional headers (URL handler) * Dublin core metadata removed * Using theme\<theme_name> namespace for _public.php and _prepend.php, in order to simplify theme copy and hack * Temporary password will have to be changed at first login (after resetting password) * Add ukrainian language * French help updated for theme editor * Add an option to disable Dotclear updates check (super-admin only) * Fix: Blogs’ admin (ie not super-admin) got back their blogs’ list but only super-admin may do actions * Fix: Post/page edition layout on different screen sizes * Fix: x-frame-options URL in admin * Fix: Cope with several copies of a same smiley in content * Fix: Allow 3rd party filters for template tags * Fix: Use getURLFor instead of old getBase function for breadcrumb * Fix: Give mysql/mysqli driver choice for DC 1.2 import * Clearbricks lib update from 0.9 to 1.0 * jQuery lib update from 2.2.0 to 2.2.4 (last release of jQuery 2.n branch) * CKEditor lib update from 4.6.1 to 4.6.2 * CodeMirror lib update from 5.15.3 to 5.25.1 * 🐛 → Various bugs and typos fixed * 🌼 → Some locales and cosmetic adjustments * 📣 Warning: Next major release (2.13) will require PHP 5.5+ Dotclear 2.11.2 - 2016-12-29 =========================================================== * Fix: Ensure compatibility with old version of PHP (5.3, 5.4) * Fix: New path of CSP report for maintenance deletion task * Fix: Broken entry preview * Fix: Avoid outgoing link on images in media manager * 🌼 → Do not include empty div as it disrupts CSS flexbox system Dotclear 2.11.1 - 2016-12-28 =========================================================== * Fix: admin menu not visible and some plugin admin not accessible with PHP < 5.5 Dotclear 2.11 - 2016-12-28 =========================================================== * 🐘 PHP 5.3+ is required * 🛡 Security : Prevents XSS injection in media title, thanks smarterbitbybit for report * Cope with locale for sorting order if possible (work in progress) * Rich-text-editor (xhtml) may be disabled for Blog/Category description, widget's textareas, … * Add direct access to module's settings from plugins management page (depends on _define.php of modules) * Menus (except favorites) are now lexically sorted (except "new post" item) * Add Entry date as sort order in comments list * Switch admin CSS to Sass/Compass (work in progress) * Add 'l' and 'm' accesskey for editor toolbars, respectively for 'insert link' and 'select media' buttons * Add new categories attribute to EntryIf template tag * Remove Dublin-core metadata from <head> in template-sets * ToolMan (js) not more used, thank's Tim Taylor for all this years together! * Soft redesign of administration pages using responsive font-size and OS system fonts (IE 10+) * Add a user preference to hide additional/secondary information * Add actions on blog list, new sort order: blog status * Update CKEditor to 4.6.1 * Open trackbacks with behaviors and add basic Webmention support * Add First Publication mecanism and an option to auto-ping when fired * Berlin theme is now based on Dotty template-set * Move advanced and plugins blog’s prefs in two separate foldable sections * Add legend and title insertion option for image insertion in entry * Some notices and messages may be hidden * Add urls attribute to CategoryIf template tag * CSP: Move admin CSP admin/csp_report.txt to DC_VAR/csp/csp_report.json * CSP: Violations are now stored only once in report if repeated * a11y: Remove empty link (href=#) from admin * Fix: Proxies may use standard HTTP(S) ports and SSL may now run through a proxy * Fix: Prevents precondition failed during activated theme update * 🐛 → Various bugs and typos fixed * 🌼 → A lot of locales and cosmetic adjustments * 🚽 → Housecleaning of no more used scripts, images, resources, IE 9- :-) Dotclear 2.10.4 - 2016-11-02 =========================================================== * PostgreSQL < 9.1 fix Dotclear 2.10.3 - 2016-11-01 =========================================================== * Security: Fix CVE-2016-7903: Password Reset Address Spoof — Thank's Hongkun Zeng for report * Security: Fix CVE-2016-7902: Media Manager, unrestricted File Upload — Thank's Hongkun Zeng for report * CSP: Cope with external sources used in editor's iframe to preview public external content * Fix: Cope with post.post_position field during flat import * Fix: Prevents precondition failed during currently activated theme update * Fix: Remove unecessary header (cope by dotclear) in page plugin * Fix: Let some proxies playing with standard http and https ports * Fix: Let SSL runs through a proxy, it may be ok, sometimes * 🐛 → Various bugs and typos fixed Dotclear 2.10.2 - 2016-08-17 =========================================================== * Update fails with PostgreSQL db support → fixed Dotclear 2.10.1 - 2016-08-15 =========================================================== * CSP (Content-Security-Policies) : * Fix default directive for new installation * Cope with media public URL for media manager * Cope with blog public URL for post/page preview * Codemirror lib is now packed as the other Javascript lib are Dotclear 2.10 - 2016-08-13 =========================================================== * Security: Prevents .htaccess upload, thanks wiswat * Security: Prevents download of a zip media folder outside root media folder, thanks wiswat * Security: Prevents sort of SSRF/XSPA vulnerability in feed import, thanks wiswat * Security: Prevents reflected XSS in meda manager, thanks Chen Ruiqi * Security: Fix somes vulnerabilities in blogroll plugin, thanks Onur Yılmaz - Netsparker (https://www.netsparker.com) * Fix mix-content preview * Pure CSS3 sticky footer for admin pages (aka « footer de merde ») * Add missing breadcrumb styles for blowup theme * Currently logged super-admin may now change it's id wihtout loosing access at next login * The favorites icons may now be hidden from dashboard in user preferences * Number of posts/pages/comments are now displayed at top of lists, including quick filters depending on their status * Search widget has now a placeholder option (HTML5 only) * Add Apache 2.4+ directives in .htaccess * New favorites media folders (displayed at the top of recent folder list) in media manager * New pure HTML5 template set named dotty cloned from currywurst templateset * Codemirror lib updated (2.35.0 → 5.15.2) and moved to core: * 40+ Codemirror themes are available — set in user preferences * Fullscreen mode has been added (F11 switching key) * 3rd party plugins may now load and run it with dcPage::jsLoadCodeMirror() and dcPage::jsRunCodeMirror(), see themeEditor plugin for example * New mark button for legacy editor (HTML5 only) * New with_category attribute for tpl:Entries * Add a /var directory: * Set with DC_VAR constant in inc/config.php * Admin URL of a var file should be retrieve with dcPage::getVF() * Public URL of a var file should be retrieve with dcBlog::getVF() * 3rd party plugins should create their own folder inside /var (aka DC_VAR) to keep it correctly organized * Emails and web site have been added to the comments filters' list * Some columns for posts and pages lists are now optional — set in user preferences * Add Post URL sample in blog parameters * CKEditor lib update (4.5.8 → 4.6.0) * Wiki syntax: new ") <text>" mark to generate aside blocks * CSP (Content Security Policies) have been implemented on admin pages: * settings may be adjusted in system settings / about:config → system (see csp_admin… values) * violation reports will be stored in admin/csp_report.txt (PHP 5.4+ only) * new behaviour adminPageHTTPHeaderCSP may be used by 3rd party to adjust CSP directives * New behaviour adminPageHTTPheaders * New "Go Top" button displayed for long admin pages * 🐛 → Various bugs and typos fixed * 🌼 → Some locales and cosmetic adjustments
This commit is contained in:
parent
22435f7841
commit
912dfdf862
|
@ -1,6 +1,6 @@
|
|||
# $NetBSD$
|
||||
|
||||
DISTNAME= dotclear-2.9.1
|
||||
DISTNAME= dotclear-2.16
|
||||
PKGNAME= ${PHP_PKG_PREFIX}-${DISTNAME}
|
||||
CATEGORIES= www
|
||||
MASTER_SITES= https://download.dotclear.org/latest/ \
|
||||
|
|
|
@ -1,2 +0,0 @@
|
|||
Please investigate and try to address the following security vulnerabilites:
|
||||
CVE-2018-5689, CVE-2018-5690, CVE-2018-16358
|
|
@ -1,9 +1,9 @@
|
|||
$NetBSD$
|
||||
|
||||
SHA1 (dotclear-2.9.1.tar.gz) = 8fd53e04a8fb8d482047224dcf78eca485c3b69e
|
||||
RMD160 (dotclear-2.9.1.tar.gz) = f427e5d164c6cf3b743758e461a5972ada71621b
|
||||
SHA512 (dotclear-2.9.1.tar.gz) = 09630bf45a51ab986cbdb83aceb74b1c48c4406d5fcad7f8c49dff60cdbe55d96ad6f041cacb7e2df4dc7e83f3dac77f722774c720792145782a2b68a576d9d4
|
||||
Size (dotclear-2.9.1.tar.gz) = 2664581 bytes
|
||||
SHA1 (dotclear-2.16.tar.gz) = cabff2922b11dd2f486148cce5716b075874a39f
|
||||
RMD160 (dotclear-2.16.tar.gz) = 86c6c701b71a7823f49688e8283ec4010a651946
|
||||
SHA512 (dotclear-2.16.tar.gz) = 604e28c20a59d381c243fe89e41872f2a94a32aa7af95a954e95bef6a935b65e88f7731182a4f510db96142665468c61061022b055bfd65fd7e6e209acc6fbf8
|
||||
Size (dotclear-2.16.tar.gz) = 3759792 bytes
|
||||
SHA1 (patch-admin_install_index.php) = 7abbb34e307f2eb17a243feaca7d1cdee5948afa
|
||||
SHA1 (patch-admin_install_wizard.php) = dedc2135305ea8dd6e7282ee0957ca43917abf17
|
||||
SHA1 (patch-inc_config.php.in) = cd5b8f5693089c3c319c4755f7b86f7e80970bd1
|
||||
|
|
Loading…
Reference in New Issue