3.5.0

Updated

• Updated TinyMCE to version 4.1.10.
• Updated respimage to version 1.4.0.
• Updated jQuery to version 1.11.3.
• Updated Colorbox to version 1.6.1.

Fixed

• Consistently sanitize the names of uploaded files (see #7852).
• Fixed loading cached pages with both a mobile and desktop layout (see #7859).
• Omit the index.php fragment if the request string is empty (see #7757).
• Adjust the edit URLs in the versions menu in "edit multiple" mode (see #7745).
• Do not cache the login module if there is an error (see #7824).
• Correctly handle encrypted rows (see #7815).
• Only create a new version in the personal data module if something actually changed (see #7415).
• Also fire the "modifyFrontendPage" hook when loading from cache (see #7457).
• Fixed several minor issues with the registration module (see #7816).
• Update the revision date if a member updates their personal data (see #7818).
• Do not allow to restore versions in the back end user settings (see #7713).
• Use the timestamp of an element to initialize its first version (see #7730).
• Hide the "edit header" button if there are no editable fields (see #7770).
• Make the "form_submit" templates overwritable again (see #7854).
• Correctly inherit empty page permissions (see #6782).
• Decode the GET parameters before setting them in the Input class (see #7829).
• Fixed the "specified value 't' is not a valid email address" error (see #7784).
• Correctly set data- or ng- attributes in the widgets (see #7772).
• Correctly display the headline in the template editor (see #7746).
• Make Validator::isValidUrl() RFC 3986 compliant (see #7790).
• Fixed switching between the page and file picker in the URL wizard (see #5863).
• Make the "the old password is incorrect" message translatable (see #7793).
• Fix copying multiple items in parent view (see #7776).
• Disable the "compare template" icon for folders (see #7802).
• Fix the field order in the template diff view (see #7808).
• Validate the coordinates in the Image::setImportantPart() method (see #7804).
• Only add order fields of binary fields in the DCA extractor (see #7785).

3.2.21

Fixed

Back-ported two security related changes from the upstream versions.

3.5.0-RC1

New

• Select multiple checkboxes by holding down the SHIFT key (see #7781).

Improved

• Support specifying the database key length (see #7771).
• Check for ASCII strings in the utf8_romanize() function (see #7748).
• Show the upload limits in the file manager (see #7389).
• Also export the image meta data when exporting themes (see #7480).
• Improve the model registry (see #7725).

Changed

• Show versions even if there is only one (see #7730).
• Controller::replaceInsertTags() is now public static.
• Moved the insert tag logic into a separate class.
• The templates now use short open tags.

Fixed

• Loosely check the suhosin.memory_limit setting (see #7696).
• Use DIRECTORY_SEPARATOR in conjunction with str_replace() (see #7769).
• Restore the removed attributes of the "picture_default" templates (see #7752).

3.5.0-beta1

New

• Add a front end module to change the password (see #7418).
• Added the "newsListCountItems" and "newsListFetchItems" hooks (see #7694).
• Added the "compileArticle" hook (see #7686).
• Added the "picture" insert tag (see #7635 and #7718).
• Support copying all records in the list view (see #7499).
• Make the calendar model available in the templates (see #7388).
• Prevent calling a page via ID if there is a page alias (see #7661).
• Add a diff view for custom templates (see #7599).
• Added the "postAuthenticate" hook (see #7493).
• Pass $arrFields as fourth argument in the "prepareFormData" hook (see #7693).
• Make count, page and keywords available in the search module (see #7577).
• Added the "getPageStatusIcon" hook (see #7556).

Improved

• Improved the IDE compatibility (see #7634).
• Also convert image links in TinyMCE to {{file}} insert tags (see #7581).
• Simplify the moo_mediabox templates (see #7521).
• Use closures to lazy-load content elements in the news/event list (see #7614).
• Optimized the database queries (see #7450 and #7710).
• Add a log entry if a back end user switches to another account (see #7441).
• Optionally use the ProxyRequest class in the automator (see #7681).

Changed

• Allow to copy and move newsletter recipients across channels (see #7570).
• Stop ignoring notices by defaut now that the error level is configurable.
• Always return the model in the File and Folder classes (see #7567).
• Render the 404 page if the request contains an invalid date format (see #7545).
• Always render the 404 page if a news/event/FAQ alias is invalid (see #7238).

Updated

• Updated respimage to version 1.3.0.
• Updated jQuery UI to version 1.11.4.
• Updated mediaelement.js to version 2.16.4.
• Updated Colorbox to version 1.6.0.
• Updated jQuery to version 1.11.2.
• Updated HTML5 Shiv to version 3.7.2.
• Updated DropZone to version 3.12.0.
• Updated the ACE editor to version 1.1.8.

Fixed

• Do not strip opening arrow brackets when stripping tags (see #3998).
• Consistently ignore hidden system files (see #7536).
• Add a unique index for member usernames, too (see #7701).
• Return a boolean value in the *User::authenticate() method (see #7497).
• Improve the cache handling for empty URLs (see #7618).

3.4.5

Updated

• Updated TinyMCE to version 4.1.9 (see #7690).

Fixed

• Consider the $blnCache flag when caching insert tags (see #7700).
• Correctly calculate the max upload size in the DropZone uploader (see #7633).
• Convert language codes to locales in the meta wizard (see #7667).
• Replace only the {{file}} insert tag in the back end preview (see #7647).
• Correctly convert date strings depending on their rgxp format (see #7721).
• Update news and calendar feeds from the content view (see #7679).
• Do not generally encode stand-alone ampersands (see #7684).
• Restore some globals when catching the unused argument exception (see #7659).
• Correctly set the CSS classes in the jQuery accordion and do not try to mess with its ARIA handling (see #7622).
• Handle language fragments without trailing slash when redirecting (see #7666).
• Trigger the load_callback upon saving in "override all" mode (see #7670).
• Ensure a unique language file array in the Automator class (see #7687).

3.2.20

Fixed

• Correctly convert date strings depending on their rgxp format (see #7721).
• Update news and calendar feeds from the content view (see #7679).
• Do not generally encode stand-alone ampersands (see #7684).
• Restore some globals when catching the unused argument exception (see #7659).
• Correctly set the CSS classes in the jQuery accordion and do not try to mess with its ARIA handling (see #7622).
• Handle language fragments without trailing slash when redirecting (see #7666).
• Trigger the load_callback upon saving in "override all" mode (see #7670).
• Ensure a unique language file array in the Automator class (see #7687).

3.4.4

Fixed

Fixed a directory traversal vulnerability discovered by Arnaud Buchoux. See CVE-2015-0269 for more information.

3.2.19

Fixed

Fixed a directory traversal vulnerability discovered by Arnaud Buchoux. See CVE-2015-0269 for more information.

3.4.3

Fixed

• Consider the error reporting level in the install tool (see #7593).
• Handle variables and functions when importing style sheets (see #7448).

3.2.18

Fixed

• Handle variables and functions when importing style sheets (see #7448).
• Fix an infinite recursion problem in the FilesModel class (see #7588).