CMSMS | CMS Made Simple

This is a security release, with the bonus of having some feature and bug fixes as well. It’s recommended that you upgrade as soon as possible, since this flaw has been published and could possible be being exploited as we speak.

Thanks to Beenu Arora and 0×6a616d6573 for testing and pointing out the flaws.

Below is the full list of changes. Enjoy!

Version 1.6.7 – Teremba Bay
—————————–
- #3999 Upload a file with apostrophe make problem
- #4137 small text typo in admin/login.php
- #4192 Extra Page Attribute’s are listed in the wrong order
- #4208 Don’t show inactive template in the page 404
- #4431 UDT names not validated when being edited
- Improvements to XML module generation
- Fixes to prevent possible remote file inclusion vulnerabilities
- Minor improvements to the News module
- New version of TinyMCE
- Improvements to File Manager and Image Manager
- Improvements to Module Manager; upgrade now possible from the “Available Upgrades”-tab
- Adsense-plugin modified, to accept the ad_slot parameter

Bookmark to:

This release fixes a few rather important issues that have popped up since the 1.6 release. It is particularly applicable to those of us using some of the more advanced features of the content pages.

You are encouraged to upgrade your sites to CMSMS 1.6.4 as soon as possible, as we now only support CMSMS 1.6.3 and 1.6.4

Enjoy!

Changelog: Version 1.6.4 – Moindou
—————————–
- Fixes a problem with the showinmenu option not being available to other content types
- Fixes a problem with the lang stuff and a required reference operator
- Fixes a problem with checksum verification and generation
- Fixes a problem in filemanager where access time was shown and not creation time.
- Adds tabindex to the list of selectable properties in the site preferences.
- Fixes a problem with 404 errors if using internal pretty urls, and adding parameters to the URL
- Fixes a problem with the parent page property for restricted content editors.

Bookmark to:

IMPORTANT
This release fixes a rather important security issue in the printing module as reported by a very helpful user. We recommend you upgrade to this version of CMSMS as soon as possible.

Additionally, a couple of minor errors relating to deactivating and re-activating content in the content list… and to using {cms_selflink} to point to inactive pages have been fixed.

Please upgrade ASAP.

Thanks!

Bookmark to:

It never fails…. even though we have a lengthy beta cycle, and we try as hard as we can to get people to test there are always a few things that just don’t get tested. So though 1.5 was largely stable, we’ve fixed a handful of things (most of them were one line fixes), and fired out 1.5.1.

We had a minor emergency. We found another bug just minutes after we released the original 1.5.1, so we quickly took down the announcements, removed the files, fixed the bug, and started again. What a panic that was!!

Here’s a brief list of what has changed:
- News 2.9.1
– Fixes to permissions checks
– Additional help about the dateformat and formatpostdate stuff being removed
- Fix sql error in listcssassoc
- Fix missing username in admin header on login of new session.
- Fix to expand all/collapse all icons in listcontent.
- Fix to the edit tag.
- Fix to the cancel button in user preferences
- Minor adjustment to security key checks.
- Fix bug in stylesheet associations.

This release does include diff packages. Please use the base diff package if you downloaded and installed the base package. use the full-diff package if you downloaded and installed the full package. You are also encouraged to update the language packs that you may need (with the base version), as a few things have also been translated.

Even though there are no database changes in this release, as always, you are encouraged to do a full backup before you upgrade.

Enjoy!

Bookmark to:

I’m very happy to announce the release of CMS Made Simple 1.5. Calguy and crew have done an amazing job keeping the CMSMS core chugging along and getting more stable and feature rich. Unless you’re totally locked into an older version, I recommend upgrading your site as soon as possible.

Some key points from the changelog:

• A new notification system in the admin
• A new dashboard page in the admin
• The ability to copy content pages has been added
• More bulk actions have been added to the list content page
• Numerous improvements to the installer
• Apply buttons on GCB’s and UDT’s
• TinyMCE changes: Updated to latest Tiny-core
• Extensive modifications were made to add a session key to each and every
  URL in the admin console. This prevents a medium level cross site scripting
  vulnerability
• Much, much more

As always, check out the full changelog for details on what has changed.

For a concise description on upgrading, take a look here.

Downloads for 1.5 can be found here.

Thanks again to all the CMSMS team: devs, translators and testers alike. You all seriously rock and here’s to another fine release.

Bookmark to:

Here it is…. This beta should encompass most of the bugs or issues found in the first beta, and a few more even.

We’ve cleaned up the Search module a bit, added some enhancements to assist people in dealing with the new template processing order, and tweaked the installer some more.

I expect this beta to last for about a week (or maybe till the 2nd of August). And I hope that this beta will be the last one in the 1.4 series. Then we can focus on 2.0 work for a while.

The first beta was downloaded in excess of 200 times (not including language packs or checksum files)… and I would really like for this beta to meet or exceed that total. The community has been doing great work with testing here, please keep up the good work.

I’d like to also thank the members of the dev team and the community that have put in considerable time in developing, testing, finding bugs, confirming them, then testing, and confirming the fixes, and sometimes even fixing the bugs themselves….. The community we have is growing stronger by the day, and everybody benefits from the active participation that these people give.

I’d like to thank these people (and I hope I didn’t leave anybody out, because this release has had contributions from a large amount of people.):
RonnyK, Reneh, Nuno, Silmilariion, Alby, _SjG_, tyman000, Cyberman, and of course Ted.

Now, another important note: A long standing issue with links in translatable strings appears to have been solved (many thanks to _SjG_)…. this means that people will have to go through and review all of their translations, and update any strings that have links in them… please, make the effort to go through everything in the core, CMSInstaller, and any core modules.

I still would not recommend using this beta (just because it is beta) on a production site, but if you are in the middle of a development project, or starting a new site… please feel free to use the beta. We are in feature cutoff (we have been since the first beta came out)… and plan that the changes from this point forward will be minimal.

Of course, you can download the files from here

Again, thanks to everybody…. what a fantastic community this is.

Bookmark to:

Read all about it in the forum announcement here:

Bookmark to:

Thanks to some fantastic effort by the development team, the translators, and testers, I’m pleased to announce CMS Made Simple 1.3

This was originally going to be just a marginal improvement to hold people over till CMS 2.0 comes out, but we just kinda got carried away.

There are new versions of the TinyMCE, ModuleManager, Search, MenuManager, News and FileManager modules, a massive improvement in translations, an automatic update notification mechanism, bugfixes, and lots of other tweaks to help you in your projects. For this reason, there will be no ‘diff’ packages.

Here’s a copy of the changelog for this version:

Version 1.3 “Cuba” — June 7, 2008
—————–
- Massive updates to translations
- Includes TinyMCE 2.4.0b5
(this should be a release version by the time 1.3 comes out)
Note: The wysiwyg editor is not called TinyMCE-Adv or TinyMCE-Basic anymore,
- Includes FileManager 0.3.0b2
(this should be a release version by the time 1.3 comes out)
- Includes News 2.8
– Fixes for pretty urls
– Adds news_extra and custom field support to the fesubmit action
– Uses cms_html_entity_decode for php4 compatibility
– Removes the News content type once and for all
- Includes Search 1.5
– Adds the ability to change the search output on a per module basis
– Adds an ability to track search words
– Better templating for News
– More
- Includes MenuManager 1.5
– Pass all parameters to the menumanager template for easier customization
– Fixes for has_children
– Minor fixes
- Includes ModuleManager 1.1.6
– Now indicates that a module available in the repository is incompatible
with the current CMS version
– A nice big notice on the top of the display about xml vs zip modules
– Cleanup on uninstall
- Includes a new admin theme generously donated by Nuno Costa
- All plugins are now translatable
- The title and sitename plugins now support the assign param
- Adds two new plugins (redirect_page and redirect_url)
- Debug mode now tweaks the display_errors and error levels
in the admin section as well as in the frontend
- Listcontent is now cleaned-up and has better security checks
- Minor improvements to listmodules
- Admin templates are now override-able by creating a matching file in
module_custom//templates/