Navigate CMS v2.9.5 r1611 (2022/03) Regístrate Identifícate Tu cuenta Cerrar sesión

Actualización de Navigate CMS: 2.9.5

mar '22
El equipo de Navigate CMS acaba de publicar una actualización que incluye una colección de correcciones de seguridad, problemas solucionados y actualizaciones de librerías. La vulnerabilidad más importante detectada han sido reportada por el investigador de seguridad Roberto Cruz. ¡Muchas gracias por tu ayuda!

Lista completa de cambios (en inglés):

+ nvweb list: support returning webuser vote value as a percentage "vote%"
+ nvweb list: return a product or element score as a percentage "score%"
* nvweb list: urlencode extra paginator url parameters
* nvweb list: fixed products retrieval query
+ nvweb list: added attribute "return" settable to "array" to retrieve the nvlist results as an array (useful in theme/plugin development)
+ nvweb nvlist_conditional by="product" offer="$url_parameter_name" (allows finding products by the offer flag depending on a user filter request)
+ nvweb nvlist conditional by="brand" image="true|false" (useful to display a placeholder image when a brand has no logo defined)
+ nvweb conditional: added by="request" value="x" to add content only when a url parameter is present
* nvweb cart: replaced some <p> elements for <div> with a class name
+ properties: new attribute "class" to be added into links when requesting properties of type "link"
* nvweb_prepare_link function now ignores URLs using "mailto:" and "javascript:" descriptors
* nvweb metatags: set a default title for "not_found" template
+ nvweb menu: added attribute to modify the submenu indicator when rendered as a select component
* files: removed unused code
+ structure: enabled cache for the tree hierarchy and renamed some internal functions
* debugger: rewritten "time elapsed" functions to avoid depending on a plugin
* comments: in the navigate "in reply to" field, the date of the parent comment must be before the one editing
+ websites: added option to define a whitelist of hosts where the website can connect to using cURL
+ added library "jycr753/ip-utils" via composer https://github.com/jycr753/ip-utils
+ added library "jalle19/php-whitelist-check" via composer https://github.com/Jalle19/php-whitelist-check
* core: in core_http_request require url to be a real http(s) request to prevent security issues
* files: small interface fixes
- files: remove adobe flash folder type option
* files: fix media browser pagination
* items, products, properties, blocks, structure: fixed code to prevent sql injection vulnerabilities (thanks github user @Paper-Submission-2021)
+ media browser: define a set of prioritary objects that will appear before any other (f.e. used when creating a new folder)
+ core_curl_post: added new parameter "referrer"
* nvweb breadcrumbs: allow passing separator=""
* nvweb breadcrumbs: added optional parameter "wrapper" which can be "li" or "div"
* nvweb_object_enabled: identify infinite html symbol as a valid date
* user.class: remove deprecated code in quicksearch function
* nvweb list comments: apply passed list filters instead of using the current page info
+ nvweb webuser: added new parameter sign_up="true" in mode "customer_account" to show a registration form next to the login form
* files: improve focal point interface and provide more accurate results
+ nvweb conditional now accepts the "not" attribute to negate any result
+ nvweb webuser: added styles and javascript for new sign_up interaction in mode "customer_account"
+ nvweb votes: added mode "percentage" (score from 0 to 100 with 2 decimals, based on score from 0 to 10)
+ products: added column "Brand" in navigate list (and enabled it for sorting)
+ nvweb conditional by="cart" value="empty"
+ nvweb product mode="add_to_cart" quantity_tag_id="input_id_where_to_find_the_quantity" (if different than 1)
+ nvweb menu: exclude="123,45" (IDs of the structure objects to exclude)
+ nvweb menu: active_class="menu_option_active" (class name for the current active object in the page)
+ nvweb menu: mode="select" select_tag_id="abc" (ID for the <select> tag) auto_jump="false" (do not auto redirect when selecting an option from a select menu)
+ nvlist_conditional by="position" positions="1,3,5" (declare specific numeric positions for the condition to be satisfied, first object is 1)
+ nvweb list: added filters for "brand", "brands", "price" and "offer"; example:[{'price':{'gte':'$price-min'}},{'brands':{'in':'$brands'}},{'offer': 'true'}]
* nvweb list: reorganize code (phase 1)
+ nvweb blocks: new parameter "icon_classes" (to add classes to every icon shown in a list of links block type)
* themes: prevent reflected XSS attack when requesting theme_info
* navigate_download: prevent arbitrary file read vulnerability
* nvweb list: reorganize code (phase 2)

Puedes ver todos los cambios en el código fuente de nuestro repositorio en Github.

Para auto actualizar tu instancia de Navigate CMS, identifícate como Administrator y accede a la función Configuración > Actualizar. También puedes descargar el paquete de actualización desde SourceForge y aplicarlo manualmente.