MODx is pleased to announce the denouement of its legacy code base with the release of MODx 0.9.6.2
. While the numbering scheme would imply a simple patch, it is in fact a substantial upgrade, especially in the areas of security and Manager functionality.
MODx 0.9.6.2 should really
be labelled as 0.9.7—but that would create confusion given to how Revolution (currently in Alpha) was formerly referred. But we digress ... it’s a big
Please see the change log
, also in the install directory of the download, for the full details of the changes since 0.9.6.1. Some highlights amongst the hundreds of commits include:
[*] [#MODX-176] XSS vulnerability in MCPUCK resource browser; fixed problem in GET parameter "editorpath".
[*] [#MODX-206] Vulnerability with CSRF (Cross Site Request Forgery); added configurable http referer validation option (3871)
[*] Fix htcmime.php and local file inclusion vulnerabilities for certain server configs, reported at http://www.securityfocus.com/archive/1/485707/30/0/threaded
[*] Multiple languages, style fixes and overall improvements
[*] Updated versions of many "core components"
[*] [#MODX-185] SET NAMES vs SET CHARACTER SET issue resolved; preferred method can be specified at installation.
[*] [#MODX-246] Cannot create database with reserved MySQL characters (not properly escaped).
[*] [#MODX-141] Install mod to verify MySQL version + strict mode (3730)
[*] [FS#996] Update installer to detect register_globals being on during installation (3301)
Manager & Core Functionality
[*] Added RSS Feeds of the Security Announcements and Important News to the Manager Login Welcome Page.
[*] Added the ability to easily add custom help pages to the manager.
[*] TinyMCE 220.127.116.11a and MCPUCK file browser improvements
[*] [#MODX-178] Captcha fails when there is a non-TTF file in the /ttf folder.
[*] Implement Captcha workaround for imagettfbbox() error in Windows requiring absolute path in fontfile parameter.
[*] [#MODX-163] - Fix issue with context menu closing in FF3 on right click.
[*] Modified MAGPIE_CACHE_DIR to store RSS cache in assets/cache/rss (3893)
[*] Added plugin to show image previews in the manager for Image TVs
[*] [#MODX-124] Added a manager role for emptying the trash/permanently purging docs (rev 3682)
[*] Added a unique CSS ID to the form on multate_content_dyanamic.php to help with custom plugins (3646)
[*] Changing TVs no longer looses the sort order on templates to which they’re assigned (3622)
[*] [#MODX-101] Fix ability to make document Public after it has been assigned to one or more Document Groups
[*] [#MODX-50] stripAlias function converts named entities to their numeric equivalents and then further to their actual character. (3457)
[*] [#MODX-34] Document permissions are saved now when a document is saved. (3429)
[*] [#MODX-35] private_*group columns now fully implemented. (3429)
[*] [FS#997] Add database collation charset and database charset to System Info. (3403)
[*] Allow weblinks to have summary(introtext) fields (3390)
[*] Set the published status of duplicated documents to unpublished (3388)
[*] Migrated Mootools to 1.11 (3293, 3294)
[*] Fix for tree menu scrolling (credit smashingred ... thanks!). See http://modxcms.com/forums/index.php/topic,21735.msg134298.html#msg134298
[*] Updated @INHERIT TV command to see through un-published pages.
[*] [FS#991] addEventListener now works directly on the event array (3278)
[*] [FS#986] Removed hidden input box in manager menu, cleaned up whitespace, organized source file (3278)
[*] [FS#981] Moved "Page Source" section to a tab in document data viewer, cleaned and organized source file (3278)
[*] [FS#934] Fix use of join() in getDocuments() API function (3163)