OSClass 2.3.6

05March Juan Ramón

Release highlights:

  • PHP Warning in user profile when the description was empty #153
  • Added missing helper: osc_reset_resources #149 (thanks TurbineJesse!)
  • Contact publisher is working OK now #134
  • Database errors during the installation are caught correctly. Now if you don’t set well the database configuration, it warns you #133
  • Fixed redirect after wrong reCAPTCHA code after posting an item #132 (thanks again TurbineJesse!)
  • We’ve removed PHP warnings from HTMLPurifier library #130
  • Default currency is selected in item forms #129 (thanks trains58554!)
  • We’ve added more checks in image deletion

Special thanks to Filippo Cavallarin again for reporting a security vulnerability in combine.php file. If you’re using that file in your theme, I strongly recommend to update it. Please, remember to visit the wiki if you don’t know how to update OSClass.

Download

Changelog

Posted in Releases | 8 Comments

Downtime in all of our sites

23January Juan Ramón

During this morning our sites had been offline for some hours (starting at approximately 7 am UTC+1). All of this started with an overload of our server that had forced us to reboot the machine. After that, we saw that most of the files were gone. So, we download our backups from S3 and restored them. However, the last backups weren’t correct and we had to use a backup from October.

How it will affect you? All the attached files in the forum since October/November are missing. So, if you have attached files in the forum you should upload them again.

Please, contact us if you see something inusual. We’re still recovering: demo.osclass.org and download packages from geo.osclass.org/downloads Sorry for the inconvenience, we are going to improve our backup system and recovery from this kind of failures.

Update 23 January 2011 16:36 (UTC+1): demo sites and geo.osclass.org/downloads are working fine again.

Posted in Community | 10 Comments

OSClass 2.3.5

16January Juan Ramón

Release highlights:

  • Escape quotes in attr values of input tags using a new helper: osc_esc_html #105
  • PHP Warning if the user doesn’t have a description in his profile #108
  • PHP Warning in Search model #110
  • Modified behavior in add/edit form of custom fields #112
  • Style of radio buttons in custom fields #117
  • JS error in add/edit page in oc-admin #119
  • XSS vulnerabilities in search page
  • SQL injections in search page and AJAX request in oc-admin (need to be logged as an admin)

Special thanks to Filippo Cavallarin and High-tech Bridge for reporting discretely the security vulnerabilities until we’ve published a new version. Last week we uploaded a Romanian .sql file to geo.osclass.org/downloads (thanks to Eduard Mihai). During this week we’re going to upload Latvia (thanks to Edgars Burmistris). If you want to add or improve your country locations, please contact us to info@osclass.org.

Download

Changelog

UPDATE 17/01/2012: Upload again the version because a mistake in custom fields of a last minute change

Posted in Releases | 13 Comments

OSClass 2.3.4

03January desteban

This is a hotfix version, meaning that no new features were added, just bugs fixed.

Release highlights:

  • Deleting all admins bug fixed
  • Multiple installs bug fixed
  • Feeds url using permalinks
  • SQL error using picture only items bug fixed
  • Some hooks were added on admin
  • SQL optimized a little more

As a reminder, if you are upgrading from a version 2.3.2 or earlier and it’s not a clean installation, please, remove the following files:

  • oc-admin/themes/modern/tools/upgrade-plugins.php
  • oc-admin/upgrade-plugin.php
  • oc-admin/upgrade.php

It’s important to remove this files for security reasons. For security issues of OSClass you should send an e-mail with the details to security [at] osclass.org. Include as much detail as you can. Please, you should not publish the details.

Download

Posted in Releases | 1 Comment

OSClass 2.3.3

17December Juan Ramón

Release highlights:

  • Removed upgrade and upgrade-plugins files
  • Minor fix when editing the comments in oc-admin
  • Minor fix in the installation process if the config.php file exists

If you’re updating OSClass and it’s not a clean installation, please, remove the following files:

  • oc-admin/themes/modern/tools/upgrade-plugins.php
  • oc-admin/upgrade-plugin.php
  • oc-admin/upgrade.php

It’s important to remove this files for security reasons. For security issues of OSClass you should send an e-mail with the details to security [at] osclass.org. Include as much detail as you can. Please, you should not publish the details.

Download

Posted in Releases | 3 Comments