Elgg

Contributors

• Jerôme Bakker (5)

Bug Fixes

• cache: correctly load simplecache from database (0f92673f)
• comments:
  • no longer add duplicate html ID in threaded comments (242d9a5d)
  • correctly remove threaded comments (65817a0e)
• discussions: correctly handle last comment (bfc1700c)

Contributors

• Jerôme Bakker (7)

Bug Fixes

• account: improved valid username detection (0115b714)
• developers: correctly show metadata boolean values (189370c3)
• icon: improved handling of multiple icon uploads on the same page (d7da537a)
• register: set correct middleware on registration action (39648e30)
• webservices: pass authentication failure message to api result (5d852205)

Contributors

• Jerôme Bakker (8)
• Jeroen Dalsem (2)

Bug Fixes

• groups: correctly detect default access based on input parameters (4a8a05c9)
• users: correctly redirect after user deletion (b5b35701)

Contributors

• Jerôme Bakker (3)

Bug Fixes

• db: correctly handle sort_by clauses on more tables (1c7d6392)
• session: show correct login error message for unvalidated accounts (713fde5d)

Contributors

• Jerôme Bakker (2)

This is a security update thanks to @vautia for reporting the issues on https://huntr.dev/repos/elgg/elgg

Contributors

• Jeroen Dalsem (1)

Bug Fixes

• output: allow mailto and tel scheme if used directly via output/url (bad4de81)

Contributors

• Jerôme Bakker (5)

Bug Fixes

• icons: correctly remove all icons (85f4ba0f)
• plugins: sanitize plugins path (66a066ab)

Contributors

• Jeroen Dalsem (7)
• Jerôme Bakker (7)
• Nikolai Shcherbin (1)

Features

• relationships: added \ElggEntity->getRelationship() (31a03961)

Bug Fixes

• cache: separated cache namespaces should not interfere (0a2e40ca)
• developers: gear settings popup works again (8ba956dc)
• navigation: correctly merge multiple link classes for menu items (3f94a30b)

Contributors

• Jeroen Dalsem (50)
• Jerôme Bakker (31)
• Ally Petitt (1)
• Nikolai Shcherbin (1)

Features

• admin: open recent cron log in lightbox instead of in widget (db25a973)
• ckeditor: updated to ckeditor v4.19.0 (d0e47c05)
• core:
  • add path sanitization function (c7abf151)
  • implement generic namespace of exceptions (0fd13f0e)
  • move the PAM handlers to a service (4cb55938)
• discussions: added group selection when starting a global topic (dfe38f67)
• forms: added class to fields that have been disabled (b95821f6)
• groups: moved group tool field into its own view (77ff14cc)
• html: added SRI validation to local scripts and stylesheets (516412e4)
• icons:
  • added config flag to enabled/disable webp icons (c2a78165)
  • added FontAwesome zip upload so admins can update icons (02a4030a)
• menus: added support for a custom tag name for section headers (a3c521c3)
• notifications:
  • allow to provide a notification actor (a314571f)
  • notification handlers can controll e-mail mute link (422019b9)
  • added triggers to track en/dequeue events (9569225e)
• registration: allow to register with a valid invitation code (04127336)
• system_log:
  • added event type to the event action logged (eb4273cf)
  • improved logbrowser features (4a7b350c)
• user: added internal cache for profile data (7be4ca64)
• users:
  • allow filtering of inactive users (6ca3d63a)
  • added confirmation form when deleting a user (2234de28)
• views:
  • added widget_more element to entity listings (6ca4c78a)
  • added html5 video support to the file plugin (d713749e)

Performance

• core: added config flag to disable file exist check in classloader (234e9891)

Documentation

• release: update core release documentation (600b7517)
• support: added 4.3 to the support page (9216020e)

Bug Fixes

• annotations: save/update annotations return false on null values (4947ede8)
• core: generate correct URLs in special request cases (8f602520)
• notifications: handle exceptions during notification processing (d94cb193)
• user: only show language completeness on user settings for admins (65205220)
• users: briefdescription icon should be false by default (f40750cc)

Deprecations

• annotations: annotate event is deprecated (072ca669)
• config:
  • changed the way config variables are protected (3a53a6cd)
  • deprecated some more config variables (c8190587)
  • do not use config->elgg_settings_file (14b8073c)
• core:
  • renamed various user related lib functions (0f1d15fb)
  • prefix relationship functions with elgg_ (4467cb8b)
  • renamed various session related lib functions (82b6ffe4)
  • prefix core functions with elgg_ (517e9d25)
  • various lib functions and hooks deprecated (22fe011a)
• db:
  • old style database configuration (5c5d2394)
  • using order_by_[metadata|annotation] is deprecated (ae12730d)
• forms: clear a single sticky form value (d950a3d3)
• friends: Friends trait functions (1221d6ce)
• hooks: old or obsolete hooks have been deprecated (d46f320a)
• icons: replaced the 'classes', 'icon' hook (0acb87fc)
• js: toggle and popup now init with a class instead of rel (97ba1790)
• metadata: delete metadata by id (d7b3c1fb)
• views: (un)register external views (2aa22ba7)

Contributors

• Jeroen Dalsem (2)
• Jerôme Bakker (2)

Bug Fixes

• blogs: preview opens in blank window to prevent history issues (39a99376)
• forms: datepicker should show correct prev/next characters (48bff527)

Contributors

• Jeroen Dalsem (8)
• Jerôme Bakker (5)

Bug Fixes

• cache: make sure the CLI and webserver use the same cache path (fda6463e)
• db: support passing relationship guid when sorting by relationship (21b9f1e6)
• groups: groupprofile rss feed should show recent searchable content (54353859)
• icons: check filesize when checking if entity has icon (50989148)
• menus:
  • allow detecting selected sorting parent from view var (822ac99c)
  • sorting parent detection should respect menu item priority (19fbbcb7)
• search: improved search result presentation (8959c933)

Contributors

• Jeroen Dalsem (17)
• Jerôme Bakker (4)

Documentation

• entities: added info about singular sort_by options (0340ecea)

Bug Fixes

• bookmarks: always detect document title for bookmarks link (6b8e7cb3)
• ckeditor: replaced deprecated get_current_language js function (036c532d)
• db: ignore unsupported sort_by property types instead of crashing (9eb1e3ba)
• forms: do not draw container_guid subtext if empty (127352ee)
• groups:
  • enable cropper on group profile icon (a0a61cf8)
  • replaced deprecated sort options in owner transfer (5b787372)
• icons: only generate webp urls if server supports it (fbf76c11)
• js: unable to check for logged in user in javascript (72d89a96)
• menus: make sure title-menu-toggle is always available (f81a21e6)
• navigation: user hover menu was missing the admin toggle (06433212)
• pages:
  • allow saving with an empty description (3001a307)
  • check field config for all required fields on save (7f72d186)
• search: allow passing sort_by through query params (4104a828)
• site_notifications: prevent possible deadloops with seeded entities (8ea5e3ce)

Contributors

• Jerôme Bakker (16)

Performance

• batch: retain query cache during ElggBatch (8dcebb26)

Bug Fixes

• composer: postinstall script correctly creates /mod folder (f2568298)
• likes: use correct values to check likeable capability (74b43e15)
• session: make sure to cache the logged in user in the entity cache (9145183a)
• stats: correctly show the number of unvalidated users (cae13aa1)

Contributors

• Jeroen Dalsem (62)
• Jerôme Bakker (27)
• Nikolai Shcherbin (1)

Features

• accounts: admins can set duplicate email addresses for other users (4e6f7803)
• actions: added logged_out access level to action registration (29679c37)
• activity: added link to activity widget title (54b2c580)
• admin:
  • improved user management (084a57cc)
  • added queue statistics (2a34737a)
  • added database row count statistics (a7cc7b23)
• bookmarks: added link to bookmarks widget title (d5ab59a2)
• cache:
  • added option to system cache to set TTL for an item (45e2f2c7)
  • replaced stash with phpfastcache (6637015f)
• config: added a setting to control the system message delay (289fb2ba)
• db: metadata and annotation boolean values keep their type (c6775bd3)
• discussions:
  • added a discussions widget for profile and dashboard (8d2ccea0)
  • added a group setting to control topic notifications (72c2674c)
• entities: add generic sort options (2216bb01)
• friends: added link to friends_of widget (09ad7dae)
• groups: added imprint to indicate group owner/membership (b84f4535)
• icons: serve webp icons if accepted by the browser (b0188aba)
• js: updated jquery-ui to v1.13.1 (f1874a90)
• menu: ability to set the output view of a menu item (5a210df5)
• messageboard: added link to messageboard widget title (ffad7512)
• plugins: login as features are now part of core (55a0c0f9)
• reportedcontent:
  • site admins get notification about new reports (0536f60e)
  • separate active/archive listing (451fce64)
• tests: added testing and support for MariaDB (29b3ec2a)
• user: if unvalidated allow a user to update email address (aa43b04b)
• users: automatically remove unvalidated users (3eeed1f9)
• view: url input will auto prepend http protocol if missing (771a1847)
• views:
  • added placeholder support for autocomplete fields (889882f2)
  • added more features to the system messages (000b92ba)
  • entity imprint now shows time updated if appropriate (049fb14c)
  • login form title indicates forward from protected page (0946daf9)

Bug Fixes

• composer: updated imagine for PHP 8.1 compatibility (33d1c594)
• db: prevent entity subtype queries without a type provided (3f63e4f9)
• developers: do not disable display errors if enabled from htaccess (929806c9)
• entity: prevent deadloops during recursive entity delete (139998f5)
• forms: corectly ignore empty form body (4cdb56fa)
• groups: correctly report failure when inviting users (85814c0b)
• js: user picker should respect if default event is prevented (ce6dab00)
• plugins: don't show plugin (user)settings form if no content (bee2f1e2)
• views: limit long entity titles in url and page titles (02ed01c3)

Deprecations

• js:
  • introduced elgg/i18n module for js translations (e5e67955)
  • ElggUser and ElggEntity classes have been deprecated (bcd6a515)
  • elgg.security related functions moved to AMD (c7c9a44b)
  • elgg.system_message related functions moved to AMD (f0781727)
  • unused and unwanted javascript lib functions (1982af30)

Removed

• js: no longer need the prototypes.js helper functions (09fca863)
• tests: TestSeeder class (e1ca7c84)

Contributors

• Jeroen Dalsem (2)
• Jerôme Bakker (2)

Performance

• input: only filter input params once (66107ced)

Bug Fixes

• custom_index: added missing activity module content (ed4575bd)
• js: security tokens are refreshed automatically (26fc2206)

Contributors

• Jerôme Bakker (3)
• Jeroen Dalsem (1)

Bug Fixes

• di: fetch timer from the correct DiContainer (abc25bd9)
• pages: prevent warning when trying to access guid on bool (8ff80f9e)

Contributors

• Jeroen Dalsem (1)
• Jerôme Bakker (1)

Contributors

• Jerôme Bakker (14)
• Jeroen Dalsem (1)

Performance

• site_notifications: cleanup speed-up on large databases (baf9f0b0)

Bug Fixes

• account: user settings form is no longer ajax based (22b41305)
• core: correctly suppress notices when asked (b5ef29c7)
• forms: styling of horizontal aligned fields not always correct (8ca0872f)
• i18n: double translation (36bbf27d)
• route: detect page owner with ignored access (d7f5d35b)
• session: correctly apply session garbage collection (d14350c8)

Contributors

• Jerôme Bakker (8)
• Jeroen Dalsem (1)

Bug Fixes

• composer: install symfony/mime (bd2832c5)
• core: correctly compare urls with array query params (f94d3290)
• database: return documented return type (75d08731)

Contributors

• Jerôme Bakker (4)

Bug Fixes

• cache: improved cache path parsing (fb18efb1)