Новые релизи связанные с безопасностью и рекомендуемые для обновления всем пользователям:
ExpressionEngine Version 1.7.1 Build 20110406
Version 1.7.1 is a security and maintenance release and is recommended for all users.
* Improved XSS filtering of input data to prevent an XSS vulnerability.
* Eliminated a vulnerability in the comment preview that occurred only when secure forms was turned off.
* Improved randomization of temporary template markers.
* Altered “Allow New Member Registrations?” to be ‘off’ by default on new installations.
* Added conversion of special characters to entities in comment name field.
* Modified the Moblog module to work with POP3 over SSL (including GMail).
* Fixed a bug where email subjects could have spaces replaced by underscores when displayed.
* Fixed a bug (#14471) in the Wiki Module where renaming could result in an improper title when namespaces were used.
* Fixed a bug (#14513) in the Wiki Module where page links were not created properly when HTML formatting was set to ‘Convert HTML into character entities’.
* Fixed a bug in the Wiki Module where Category names could inadvertently include a trailing space when created using a link with an alternate display text.
* Fixed a bug (#15249) in the typography class where a line consisting of a single character did not always have line breaks properly applied.
* Fixed an incompatibility with MySQL 5.5 (#15531).
* Fixed a bug (#14628) where the DATE_ISO8601 variable was returning an incorrectly formatted date string.
* Fixed a bug (#14737) where upload destinations in popup not sorted by name for non-super admins.
* Fixed a bug (#14870) where the module class name was displayed instead of the actual module name in member group module permissions.
* Fixed a bug (#14850) where disabling signatures and member photos did disable for existing members.
* Fixed a bug (#15221) where weblog previous/next entry tags did not properly convert special characters in the title tag, which could lead to HTML validation errors in some cases.
* Fixed a bug (#14620) where Gallery comment expiration was not properly set when a new entry was created.
* Fixed a bug (#12044) where embedded variables were not properly parsed within module or plugin tags.
* Fixed a bug (#14364) were the updater incorrectly linked to EE 2.x update instructions.
ExpressionEngine 2.1.3 Build 20110406
Important:
* Improved XSS filtering of input data to prevent an XSS vulnerability.
* Fixed a security issue that in certain circumstances could allow manipulation of the Email module’s recipients parameter.
* Eliminated a vulnerability in the comment preview that occurred only when secure forms was turned off.
* Improved randomization of temporary template markers.
Bug Fixes:
* Fixed a bug (#15416) in the template parser where nested tags could result in PHP errors.
* Fixed a bug (#15202) where saving an entry with a date in DST while you’re not in DST (or the opposite) caused the date to increase or decrease by an hour.
* Fixed a bug (#15199) where member registration in the control panel would cause a MySQL error when strict mode was enabled.
* Fixed a bug (#15199) in the installer where TYPE= is not supported by MySQL 5.5+.
* Fixed a bug (#15115) where plugins using PHP5 style constructors, would not properly parse in some circumstances.
* Fixed a bug (#14821) where the category tree would not properly sort by a custom order.
* Fixed a bug (#14708) where the control panel login did not redirect with a session ids, breaking access in some cases.
* Fixed a bug (#14417) in the Metaweblog API where categories were not properly entered when creating a new entry.
Developers:
* The security library has been moved to the CodeIgniter core. Loading it is deprecated and will result in PHP errors in future releases.
* Fixed a bug (#15383) where the Template Library could remove the wrong application package after parsing.
ExpressionEngine 2.1.4 Beta Build 20110406
Important:
* Improved XSS filtering of input data to prevent an XSS vulnerability.
* Fixed a security issue that in certain circumstances could allow manipulation of the Email module’s recipients parameter.
* Eliminated a vulnerability in the comment preview that occurred only when secure forms was turned off.
Bug Fixes:
* Fixed a bug (#15416) in the template parser where nested tags could result in PHP errors.
* Fixed a bug (#15202) where saving an entry with a date in DST while you’re not in DST (or the opposite) caused the date to increase or decrease by an hour.
* Fixed a bug (#15199) where member registration in the control panel would cause a MySQL error when strict mode was enabled.
* Fixed a bug (#15199) in the installer where TYPE= is not supported by MySQL 5.5+.
* Fixed a bug (#15115) where plugins using PHP5 style constructors, would not properly parse in some circumstances.
Developers:
* The security library has been moved to the CodeIgniter core. Loading it is deprecated and will result in PHP errors in future releases.
* Fixed a bug (#15383) where the Template Library could remove the wrong application package after parsing.
Пока заметил в ЕЕ 1.7.1 ошибку с обработкой if:else для устранения ищем в system/core/core.functions.php строчку:
$str = str_replace(LD.'if:else'.RD, 'c831adif9wel5ed9e', $str);
и заменяем на
$str = str_replace(LD.'if:else'.RD, $FNS->unique_marker('if_else_safety'), $str);