MODx is pleased to announce the denouement of its legacy code base with the release of MODx 0.9.6.2
. While the numbering scheme would imply a simple patch, it is in fact a substantial upgrade, especially in the areas of security and Manager functionality.
MODx 0.9.6.2 should really
be labelled as 0.9.7â€”but that would create confusion given to how Revolution (currently in Alpha) was formerly referred. But we digress ... itâ€™s a big
Please see the change log
, also in the install directory of the download, for the full details of the changes since 0.9.6.1. Some highlights amongst the hundreds of commits include:
[*] [#MODX-176] XSS vulnerability in MCPUCK resource browser; fixed problem in GET parameter "editorpath".
[*] [#MODX-206] Vulnerability with CSRF (Cross Site Request Forgery); added configurable http referer validation option (3871)
[*] Fix htcmime.php and local file inclusion vulnerabilities for certain server configs, reported at http://www.securityfocus.com/archive/1/485707/30/0/threaded
[*] Multiple languages, style fixes and overall improvements
[*] Updated versions of many "core components"
[*] [#MODX-185] SET NAMES vs SET CHARACTER SET issue resolved; preferred method can be specified at installation.
[*] [#MODX-246] Cannot create database with reserved MySQL characters (not properly escaped).
[*] [#MODX-141] Install mod to verify MySQL version + strict mode (3730)
[*] [FS#996] Update installer to detect register_globals being on during installation (3301)
Manager & Core Functionality
[*] Added RSS Feeds of the Security Announcements and Important News to the Manager Login Welcome Page.
[*] Added the ability to easily add custom help pages to the manager.
[*] TinyMCE 22.214.171.124a and MCPUCK file browser improvements
[*] [#MODX-178] Captcha fails when there is a non-TTF file in the /ttf folder.
[*] Implement Captcha workaround for imagettfbbox() error in Windows requiring absolute path in fontfile parameter.
[*] [#MODX-163] - Fix issue with context menu closing in FF3 on right click.
[*] Modified MAGPIE_CACHE_DIR to store RSS cache in assets/cache/rss (3893)
[*] Added plugin to show image previews in the manager for Image TVs
[*] [#MODX-124] Added a manager role for emptying the trash/permanently purging docs (rev 3682)
[*] Added a unique CSS ID to the form on multate_content_dyanamic.php to help with custom plugins (3646)
[*] Changing TVs no longer looses the sort order on templates to which theyâ€™re assigned (3622)
[*] [#MODX-101] Fix ability to make document Public after it has been assigned to one or more Document Groups
[*] [#MODX-50] stripAlias function converts named entities to their numeric equivalents and then further to their actual character. (3457)
[*] [#MODX-34] Document permissions are saved now when a document is saved. (3429)
[*] [#MODX-35] private_*group columns now fully implemented. (3429)
[*] [FS#997] Add database collation charset and database charset to System Info. (3403)
[*] Allow weblinks to have summary(introtext) fields (3390)
[*] Set the published status of duplicated documents to unpublished (3388)
[*] Migrated Mootools to 1.11 (3293, 3294)
[*] Fix for tree menu scrolling (credit smashingred ... thanks!). See http://modxcms.com/forums/index.php/topic,21735.msg134298.html#msg134298
[*] Updated @INHERIT TV command to see through un-published pages.
[*] [FS#991] addEventListener now works directly on the event array (3278)
[*] [FS#986] Removed hidden input box in manager menu, cleaned up whitespace, organized source file (3278)
[*] [FS#981] Moved "Page Source" section to a tab in document data viewer, cleaned and organized source file (3278)
[*] [FS#934] Fix use of join() in getDocuments() API function (3163)