Коротко о файле: Контент менеджер RUNCMS 1.6.1 (build 20071224) от 24 декабря 2007 (англоязычная версия)
Содержит большое количество баг-фиксови закрытых уязвимостей
RUNCMS 1.6.1 (build 20071224) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ BUGFIXES -------- [-] chmod in cache blocks after installing (Thanks for tatarin) [-] change theme in preferences [-] fix layout in mydownloads item [-] NEWBB_PLUS - missed & in urls of archive pages [-] HEADLINES - use SNOOPY from RunCMS and remove their own copy [-] NEWS - wrong month's detecting (Thanks for big_vyvorot) [-] error with edit/delete news on some new version of PHP
[!] For all developers - NEVER! NEVER use GET/POST vars as GLOBAL variable - use $_GET, $_POST or $_REQUEST arrays!!!
[-] Fatal error in userinfo.php if user not found (Tnx 2San for bug-report) [-] not highlighting of the IPs with .0. parts in MyTextsanitizer class [-] get blocks from handler instead dublicate creation of theirs in XoopsBlock::getAllBlocksByGroup() & XoopsBlock::getAllBlocks()
FIXED VULNERABILITIES --------------------- [-] Vulnerability in pagetype using (Thanks for Zormax)
[-] Blind SQL Injection in mydownloads [-] Linked XSS vulnerability in XoopsPageNav class [-] Vulnerability in XoopsGroup::isAccessible() [-] Image XSS vulnerability in page edituser.php (uploading avatar) [-] Site administrator can page make a PHP Injection in admin area in the some files
P.S. Special thanks to Alexandr Polyakov from Digital Security Research Group for bugs & vulnerabilities report
FEATURES -------- [+] New RCCachedPage & RCThumbnail classes [+] New EXPIREMENTAL feature - the compiled kernel, which should greatly increase speed of RunCMS sites by removing at least 6 queries on EVERY page
[!] Note that it could be UNSTABLE and please use it ONLY on fully installed & tuned site by open class/core.php and turn of $compiling = true;
If you would make some changes in groups, group memberships, blocks, modules, smileys you SHOULD 1) turn it off, 2) remove cache/compiled_kernel.php file 3) tune you RunCMS 4) and ONLY after all you changes should be done, turn the compiling on (new file should be created automatically)