The Nucleus CMS core development team has released Nucleus CMS v3.64. This release includes a major security fix and a few minor bug fixes. All users who allow comments from non-members should upgrade immediately (fixed in 3.64). All users who allow visitors to create member accounts (register) should upgrade immediately (fixed in 3.63). It is recommended that all users upgrade
If you are running 3.32 or ealier version, if you allow comments from non-members, or if you allow visitors to create member accounts, you should upgrade immediately. But we recommend all users to update so that your blog software is up to date and will work with all plugins.
List of all new features in Nucleus CMS 3.64:
- FIX: security issue in comments. Thanks Katsumi and John Leitch of AutoSec Tools.
- ADD: labels in the installation form
- FIX: minor problems with invalid XHTML in the installation form
- CHANGE: Clean up and improvements in comment handling.
List of all new features in Nucleus CMS 3.63:
- FIX: security issue in member creation. Thanks Katsumi.
- FIX: call of special skin parts using fancy url scheme like special/specialname was not working. Thanks slightlysome.
- FIX: extra params in generated links with fancy urls on were not using the designated keys. Thanks slightlysome.
- ADD: catiscurrent variable to Category List Header and Footer. Thanks slightlysome.
List of all new features in Nucleus CMS 3.62:
- CHANGE: add redundant safeguards against security issues caused by case where register_globals is on and the config.php file is missing (Rare!!!)
- CHANGE: make CONF variable, AdminCSS, to hold name of admin area style to use. default to original.
- FIX: use of strripos in cleanFileName() not PHP4 compatible, switched to use of strrpos() since no functionality lost.
- FIX: replace ereg* functions in remaining core files, including core plugins..
- FIX: multiple newlines in comment body being reduced to only one newline.
- FIX: highlight() function still using ereg* functions.
- CHANGE: cleanFileName() function simplified to replace all but a-z0-9-.
- FIX: install problem when only mysqli _* is available.
- FIX: fix comment body text not appearing on Edit Comment form.
List of all new features in Nucleus CMS 3.61:
- FIX: fix comment body being lost
- FIX: fix edit comment form formatting
- FIX: fix search title and body of items not displayed in search results
List of all new features in Nucleus CMS 3.60:
- ADD: MediaUploadFormExtras event to nucleus/media.php to allow plugin to add extra fields to media uploader form. See NP_ImageLimitSize (0.20+) for example of using event.
- CHANGE: use sql_real_escape_string() function in place of addslashes() in all but 2 places where sql_real_escape_string() doesn't make sense.
- ADD: mysql_real_escape_string() function to wrapper for mysqli (libs/mysql.php).
- FIX: globalfunctions.php. PostParseUrl event only firing when using urlmode=pathinfo (fancyurls).
- FIX: sql_affected_rows() function in nucleus/libs/sql/mysql.php. Was causing error in ban deletion.
- CHANGE: ACTIONS::_searchlink() to improve creation of next/prev link for index skin parts. Also, add $navigationItems global that can be set by plugin to affect next/prev link when plugin lists items on index page, see NP_Ordered 1.37.
- ADD: if-else-elseif-ifnot-ifelsenot-endif to the Item Body actions. Same as in Item Templates. see help.html for details.
- ADD: cleanFileName() function to globalfunctions.php and then use in nucleus/media and in MEDIA.php to clean up filenames of uploaded files to avoid problems with spaces and other characters. Thanks WillyP.
- ADD: global $currentcomentid and $currentcommentarray during item template processing so can get comment info in phpinclude called from comment template.
- ADD: if-else-elseif-ifnot-ifelsenot-endif to the comment field templates. see help.html for details.
- ADD: global $currentitemid during item template processing so can get item info in phpinclude called from item template.
- ADD: if-else-elseif-ifnot-ifelsenot-endif to the item field templates. see help.html for details.
- FIX: bug where categorylist with blogname parameter did not work on member, error, or special skin parts.
- FIX: bug in commentform skinvar where form showing to nonmembers when bpublic=0. Thanks WillyP.
- CHANGE: length of bnotify column in blog table to 128 characters to allow for longer lists of notification recipients.
- ADD: recount parameter to nextlink skinvar to force recalculation of iAmountOnPage for nextlink instead of using amountfound from last blog skinvar. Helpful in more advanced situations where multiple blog skinvars used on single page.
- FIX: tightened security around includes in PLUGINADMIN class.
- ADD: globalfunctions: include_libs() and include_plugins() to be used to safely include libs and plugins..
- REMOVE: config.php. rename to config.php.sample to avoid overwrite during upgrade. config.php created by build.xml during generation of full install package and modified by install.php.
- FIX: tune db tables in sqlinstall.
- ADD: yourprofileurl parameter value to member skinvar to produce url to logged on member's profile for use in link to member profile.
- FIX: Fixes to NP_SecurityEnforcer suggested by cacher at Japanese Forum.
- FIX: When changing settings for a member, call to PrePasswordSet event was happening even if password not being changed. Admin.php, action_changemembersettings() method.
- ADD: PostParseURL event to globalfunctions. Triggers right after url is fully parsed (by ParseURL in globalfunctions). Useful to tweak global variables before selector() runs or to set something based on path-related globals. Used by new version of NP_EventBlog (min 3.60) to display future posts (events) on item pages skin part.
- CHANGE: selector() itemid, change itemexists check to be aware of allowDrafts and allowFuture.
- ADD: $CONF settings for allowDrafts and allowFuture so can set selector to permit showing of these items if needed. Can be set in config.php or in plugin event (probably authentication related for timing).
- CHANGE: BLOG::readLogFromList() and BLOG::getSqlItemList() methods to add parameters permitting drafts or future items to be shown.
- FIX: unloaded ITEM class error casued by NP_Ping when creating new weblog. See here
- FIX: convert/livejournal.php set to use sql_table for prefixes. suggested by quandary (see here).
- FIX: improvements to isValidMailAddress() function as suggested by quandary here