Navigate CMS v2.9.5 r1611 (2022/03) Sign up Sign in Your account Sign out

Navigate CMS Update: 2.8.6

Feb '19

The Navigate CMS team has just released a software update which includes the following highlighted features/bugfixes/improvements:

  • very important security improvements
  • fixed some bugs and made internal optimizations
  • shop functions still in development

We want to give special thanks to all who have helped resolving some possible security issues: Oleg (theappsec), André Calvinho, ELProfesor, and others.

Full changelog:

* templates: custom template properties could not update its helper text
* naviforms: pathfield and textfield functions now accept a placeholder text
* nv property link: now using pathfield and helper text moved to placeholder
+ layout: find products in nv link dialog
* layout: nv link dialog now displays the real assigned path of the selected object
* nvweb cart: on payment failed, allow choosing an alternative payment method and try again
* core: convert some special characters to HTML entities, to avoid XSS problems
* login: slightly improve security when using "remember me" login option
* files: improved upload security by filtering request parameters
* files: change new folder permissions to 744
* nv paths: nv paths resolver now accepts optional query strings (f.e. nv://element/123?action=test )
+ included mPDF v7.1.6 (and its dependencies) using composer
* core: core_decimal2string new parameter to force returning the requested number of decimals
* Tracy debugger: on error (bluescreen) do not show the list of internal constants and its values
* database.class: prevent fatal error on problematic query_single calls
* layout, naviforms, navitree, structure: apply source code standard formatting
+ core: identify and define NAVIGATE_URL constant through a function
* login.php, navigate.php: use core_define_navigate_url to detect and set the NAVIGATE_URL constant
+ nvweb core: return current used template in object "variable" <nv object="variable" name="template" />
* dashboard: protect displayed texts against XSS attacks
* structure, nvweb_objects, items: apply source code standard formatting
+ websites: new tab "Shop" for themes with attribute "shop: true"
+ orders: added extra option to generate and download a PDF document of the order
* items: the category column didn't truncate well on some cases
+ orders: option to add a comment to customer when changing order status
* database.class, brand.class, property.class, theme.class: improve code formatting
* grid_notes.class & webdictionary.class: fixed errors in prepared SQL statements
+ elements: in the list, display state for future published elements
+ nvweb list: allow returning processed html for custom sources
+ nvweb list: allow setting the name of the page parameter for a list
* nvweb product: improve code formatting

You can view the source code changes in our Bitbucket repository or in our shadow repository in Github.

To auto update your Navigate CMS instance, sign in as an Administrator and access the Configuration > Update function. You may also download the update package from SourceForge and apply it manually.