January 2022 updates wrap-up

Permalink Email to the author Report to webmaster

It's been almost seven months since our last wrap-up announcement.

We've been making a lot of fixes and squashed dozens of bugs on most of our codebase, mostly on security.

All updates have been deployed progressively, but we couldn't find the time to announce them.

So, here we go:

Core updated to version

  • Added sanitization when setting a numeric value in an engine pref.
  • Added JS core function override options for controlling the behavior of submenus on the main menu.
  • Tuned submenu widths and positioning.
  • Added option to disable the mail sender.
  • Fixed unresponsive dialogs close button on the dialogs title bar.
  • Added extensible jQuery UI dialog defaults via template vars.
  • Added extension point on the notifications getter script.
  • Added extra check for IP logging dismissal in the `account` class.
  • Added extension points on the account class.
  • Added fallback to avoid duplicate tags exception.
  • Added checks to the SQL injection checker.
  • Added logging of new devices.
  • Added logging of sent emails.
  • Added changelog addition method to the accounts repository.
  • Improved caching on the account class.
  • Added sanitization of user agents for device strings.
  • Added restricted engine prefs collection to config class and helper method.
  • Added db errors log and simplified thrown exceptions.
  • Fixed warning thrown by the account session extender on specific circumstances.
  • Added quotes management on the set_engine_pref method of the account toolbox.
  • Added connection info to the db errors log.
  • Added extension point to the sql injection checker.
  • Added support for encrypted settings.
  • Changed encryption method for session cookies.
  • Added option for agressive IP tracking.
  • Input sanitization on multiple points.
  • Added debug info on the DB controller error handler.
  • Tuned filtering on the document handler.
  • Tuned SQL injection patterns.
  • Added extension points on the DB controller.
  • Added SQL injection check over cookies on the modules loader.
  • Enhanced IP detection algorithm.
  • Tuned IP change checks on the account class.
  • Added updatable keys to the engine prefs saver on the account toolbox.
  • Added SLQ injection prechecks on the bootstrap.
  • Tuned protection of data directory.
  • Added protection to logs directory.
  • Left strict IP change checks to admin accounts only.

Categories module updated to version 1.9.6:

  • Input sanitization on the get method of the repository class.
  • Removed bogus function declaration.

Categories forumizer module udpated to version 0.0.8:

  • Added check to hide the quick posts form.

Comments module updated to version 1.12.4:

  • Input sanitization on search by tag.

Contact module updated to version 2.4.6:

  • Added SQL injection check.

Media gallery module updated to version 1.13.8:

  • Added SQL injection checks.
  • Input sanitization on the "search by tag" builder extender.
  • Input sanitization on the "search by tag" script.

Accounts module updated to version 1.23.8:

  • Fixed wrong keys used when encrypting API keys before saving an account edited by an admin.
  • Added link to registration in the login dialog.
  • Tuned wrapping in the login dialog.
  • Added IP info to last activity and search by IP in the accounts browser.
  • Added admin action to remove 2FA from an account.
  • Fixed issue when deleting an unregistered device.
  • Tuned automatic purging script.
  • Fixed logging issues in the automatic purging script.
  • Added support for restricted engine prefs.
  • Relocated extension point for login/pre_validations.
  • Tuned 2FA enabling dialog.
  • Added group identifiers to the preferences editor.
  • Added trailing error checks before prefs saving to avoid saving incorrect settings.
  • Improvements on the user administration view.
  • Added quotes management on the users search function.
  • Added IPs whitelist support.
  • Added option for agressive IP tracking.
  • Added checks to the engine prefs setter.
  • Added warning for sessions closed by IP changes.
  • Added bruteforce checks to the login tool.
  • Added debug info to DB errors log.
  • Tuned SQL injection patterns.
  • Added checks to the user IP getter.
  • Added admin checks on the account prefs setter.
  • Added filter by admin granted accounts on the accounts browser.
  • Fixed annoyance on the notification about session being closed automatically.
  • Added support for restricted options when saving from the prefs editor.
  • Fixed visibility issue in security preferences.
  • Added workaround for checking bigint user ids.
  • Fixed wrong field passed to the IPs whitelist editor.

Settings manager updated to version 1.9.3:

  • Added tool to bump disk/memory caches.

Hardcoded pages module updated to version 1.3.2:

  • Removed hardcoded background color in the page renderer.
  • Added floating save button in the code editor.

Posts subsystem updated to version 1.34.16:

  • Added extension point on the posts saving script.
  • Added render_post_cards shortcode handler.
  • Tuned enforced expiration detection on save.
  • Added SQL injection checks.
  • Input sanitization on the posts repository.
  • Input sanitization on the "search by tag" builder extender.
  • Input sanitization on the "search by tag" script.

Search facility updated to version 1.4.8:

  • Tuned SQL injection checks.
  • Input sanitization on search by tag.
  • Input sanitization on the search history repository.

Single Sign-On module updated to version 0.1.5:

  • Added device registration enforcement.
  • Added check for existing accounts to avoid database error.

Mobile controller updated to version 0.1.1:

  • Added accounts extension points.
  • Added IPs whitelist support.

Enhanced Security module updated to version 2.6.19:

  • Added support for notifying failed login attempts by email with account «freezing» facility.
  • Added support for notifying IP address changes with account disabling facility.
  • Added change level debug info.
  • Added TTL for blockages caused by excess of failed logins (it was permanent before).
  • Added changelog info on accounts freezing/disabling.
  • Added offending IP info and confirmation page for disabling accounts with false positives.
  • Tuned initial comparison for IP change checks.
  • Added SQL injection checker extender.
  • Tuned SQL injection log entry.
  • Added notification before session autoclose.
  • Added automatic blockage of IPs when moderator+ account logins are attempted from non-whitelisted IPs.
  • Sanitized repository inputs.
  • Added missing sorting cases on the hosts browser.
  • Added option to block IPs with excess of db errors.
  • Tuned IP change checks.
  • Added notifications on account changes.
  • Fixed module name for the settings page (it was "Advanced security", changed to "Enhanced security").
  • Left strict IP change checks to admin accounts only.

Twitter cards module updated to version 1.3.7:

  • Added defaults to Twitter SEO tags.

BardCommerce updated to version 1.2.10:

  • Added support for ShareThis on the product page.
  • Allowed public visibility of product sale stats.
  • Added CSS identifiers to action buttons on order detail sections.
  • Added missing SEO tags on single product pages.
  • Tuned the is_purchasable method in the product record class.
  • Disabled the "add to cart" button on the product page when there are no units left for sale.
  • Fixed issue in selecting products for sale in the products repository.
  • Fixed issue in displaying formatted price on discounted products.
  • Added sale ending time on the product page for products that have a sales ending date defined.
  • Replaced main menu entry with submenu for users with shops.
  • Fixed errors caused by deleted products on order listings.
  • Added extendable method to the repository.
  • Added multiple extension points.
  • Rearranged call to styles and scripts.
  • Removed injected sections on the home when navigating the posts index.
  • Added support for the User Semaphores module.
  • Fixed selector for offers scroller.
  • Fixed name of Phillippine peso.
  • Input sanitization on multiple points.
  • Added cookie sanity check.

Fixer.io interface updated to version 1.0.2:

  • Fixed name of Phillippine peso.

Triklet core updated to version 1.28.4:

  • Added account status and level checks on the tickets browser and mini-profile in the conversation view.
  • Improved spam detection.
  • Added agent based stats for admins on the landing page.
  • Added option to send welcome emails.
    Note: previously, welcome emails were sent by default. This new option is turned off so no welcome emails will be sent unless turned on.
  • Tuned option to leave disabled account emails marked instead of deleting them or flagging them as read.
  • Added option to detect permanent errors on bounced emails and remove addresses from owner accounts.
  • Added subject fallback in the minimail client.
  • Refactored treatment of incoming messages from disabled accounts.
  • Added button to delete all bounces on the minimail client.
  • Fixed wrong comparison in autosetting.
  • Added extension point to the accounts browser columns extender.

User Labels module updated to version 0.2.4:

  • Fixed wrong labeler link on the consensus list.

Use Semaphores module updated to version 1.1.4:

  • Added extension points.
  • Tuned the report.
  • Added reports caching.
  • Reduced default reports/semaphore image timespan from 90 to 7 days.

Universe20 template updated to version 1.1.1:

  • Fixed issues in the FAQs section.
  • Fixed horizontal scrollbar showing on certain unwanted circumstances.

Comment likes module updated to version 0.5.2:

  • Added cookie sanity check.

Polls module updated to version 0.1.3:

  • Added cookie sanity check.

Post ratings module updated to version 0.5.3:

  • Added cookie sanity check.
  • Added input sanitization on the index page.

Log viewer updated to version 1.2.4:

  • Added output filtering.
  • Adde input sanitization.

Categories forumizer updated to version 0.0.9:

  • Added check to prevent warning when the comments module isn't enabled.


We keep going as always, and squash bugs as soon as they're spotted, optimizing things that can be improved and adding features that can help to better administration and enhance the user experience.

Please accept our apology for not announcing all these in due time, but then again, everything is pushed as soon as it is made and all websites using our engine are up to date.

Nobody has rated this post!
Vote now!
Cumulative results: 0 points • Rating: 0.000