Navigate CMS Update: 2.9.4
02
Jul '21
Jul '21
0
Comments
Comments
The Navigate CMS team has just released a software update which includes a collection of security fixes, bugs resolved and library upgrades. The most important vulnerabilities detected have been reported by the security researcher Duong Xuan Hiep - VNCERT/CC - Hydrasky. Thank you very much for your help!
Full changelog:
+ webusers: added column "e-mail" and adjusted column widths
* blocks: refresh tree link dialog button bindings when adding new rows
* themes: ignore window.postmessage event when the sent message is empty
* nvweb properties: properly load product properties by template
+ nvlist_conditional by="product" stock="true|false|{number}|{min-max}"
+ nvweb conditional by="product" stock="true|false|{number}|{min-max}"
* use query parameters when making a quick search in lists (prevents SQL injection attacks)
* layout.class: purify url request parameter "fid"
* purify "navigate-quicksearch" url request parameter to prevent reflected XSS attacks
- session: remove deprecated code supporting PHP versions before 7.3
* always use https url in application, if available
+ database.class: added function "first_value"
* media browser: improve search interface
* minor changes to improve code readability
+ files, properties: allow giving direct URL for videos (supporting MP4 and WEBM)
+ website cron: allow specifing frequency for a recurring task
+ update.class: allow returning an error on update pre check
+ properties: new property "webuser"
+ webuser_group.class: new attribute "code"
* naviforms.class: slightly modify tinymce load configuration and workaround for internal CSS file urls
* webusers: show email column in list
* items: additional checks to prevent Flot errors
+ nvweb list: categories attribute now allows passing the name of a property
+ nvweb list: requesting webuser "fullname" allows looking for the username
+ nvweb list: allow special list sources from themes and extensions
+ comments.class: added function "author_fullname" which looks for the full name of the user if he's the author of the comment
+ nvweb: nv conditionals can now be delayed like nv lists
- remove pixlr integration
+ nvweb list conditional: added "not" attribute to help negate any conditional
* interface: improve control in navigate cms actions menu
* orders: mute PHP errors when generating a PDF
* REF r(): custom script version for navigate cms
* blocks: refresh tree link dialog button bindings when adding new rows
* themes: ignore window.postmessage event when the sent message is empty
* nvweb properties: properly load product properties by template
+ nvlist_conditional by="product" stock="true|false|{number}|{min-max}"
+ nvweb conditional by="product" stock="true|false|{number}|{min-max}"
* use query parameters when making a quick search in lists (prevents SQL injection attacks)
* layout.class: purify url request parameter "fid"
* purify "navigate-quicksearch" url request parameter to prevent reflected XSS attacks
- session: remove deprecated code supporting PHP versions before 7.3
* always use https url in application, if available
+ database.class: added function "first_value"
* media browser: improve search interface
* minor changes to improve code readability
+ files, properties: allow giving direct URL for videos (supporting MP4 and WEBM)
+ website cron: allow specifing frequency for a recurring task
+ update.class: allow returning an error on update pre check
+ properties: new property "webuser"
+ webuser_group.class: new attribute "code"
* naviforms.class: slightly modify tinymce load configuration and workaround for internal CSS file urls
* webusers: show email column in list
* items: additional checks to prevent Flot errors
+ nvweb list: categories attribute now allows passing the name of a property
+ nvweb list: requesting webuser "fullname" allows looking for the username
+ nvweb list: allow special list sources from themes and extensions
+ comments.class: added function "author_fullname" which looks for the full name of the user if he's the author of the comment
+ nvweb: nv conditionals can now be delayed like nv lists
- remove pixlr integration
+ nvweb list conditional: added "not" attribute to help negate any conditional
* interface: improve control in navigate cms actions menu
* orders: mute PHP errors when generating a PDF
* REF r(): custom script version for navigate cms
You can view all source code changes in our Github repository.
To auto update your Navigate CMS instance, sign in as an Administrator and access the Configuration > Update function. You may also download the update package from SourceForge and apply it manually.
0 Comments