Plikli CMS Changelog
- Fixed a security issue in the password recovery. Issue discovered by Kshitij Kumar, a longtime contributor to the community! Hats off, Kumar!
- Added more security to users requesting a forgotten password and validating it.
- Fixed XSS and SQL injection vulnerabilities, discovered by Edric Teo. Hats off, Edric!
Hats off to Mark Wakeling, a longtime contributor to the community, presented a complete solution to make the CMS fully compliant and working on SSL secure servers. It automatically detects if it HTTPS and if another than the default 80 port is used. His solution also fixed the solvemedia errors on https.
Migrating to MySQLI and replacing all Class Functions with Constructors
Thanks to Kshitij Kumar who contributed the migration from MySQL to MySQLI and replaced all Class Functions with Constructors!
Installation and Upgrade
- Updated the installation and upgrade files for version 4.0.0
- The upgrade system will upgrade:
Pligg 1.2.2; 200rc1; 200rc2; 2.0.0; 2.0.1; 2.0.2; 2.0.3
Kliqqi 3.0.0; 3.5.0; 3.5.2
- Enhanced the pre-install check for required files and permissions. Admins don’t have to manually rename the required files and apply the correct CHMOD to files and directories; the troubleshooter will dynamically rename the files and fix all files and permissions.
- Enhanced the troubleshooter for installation/upgrade; Provided an additional feature to select a language file and all the other 22 requirements are fixed by the script!
- Integrated two new Draft and Scheduled features in Plikli CMS.
- Fixed changing status to moderate in the submissions manage page.
- Reordered some HTML that were incorrectly positioned and appear when HTML tags are not allowed.
- Applied styling to the votes class in the the sidebar.
- Modified the preg_match to better grab the content of the title tag because we encountered a couple of sites that use non-standard HTML coding by having many title tag on the page and title that is coded with hard return on many lines.
- Added code to not link the title when description is empty.
- Accurately display the search term in the breadcrumb.
- Advanced Search, the search input box name was not included in the submitted search query; I added it! Also noticed that a “?” in the search term will break the search query and do not return any results. So, I stripped it before sending the query.
- Fixed the search Regular Expression to properly create the URL of the search for the term while in SEO URL method 2.
- Added Smarty assign for the length of the comment to be able to provide the relevant warning in the error template file.
- Modified code to allow HTML tags in comments.
- Reordered some HTML that were incorrectly positioned and appear when HTML tags are not allowed.
- Fixed the meta description, this condition applies when on the main page. The “PLIKLI_Visual_What_Is_PLIKLI_Text” contains HTML tag and htmelentities only converts the tags. We need to remove the tags from the description; I sanitized it.
- Made the Twitter card and Open Graph compliant with the standard.
- Fixed meta file to grab the default og:image.
Admin – Backup
- Modified the Admin backup feature. The new process was tested on a 390 MB database successfully, and in less than 1 minute! The backup process will also correct the CHMOD to the backup directory in case it was not correctly set.
Admin – Permissions
- Restricted moderators from changing the comment status where authors are Admins.
- Restricted moderators from changing the story status where authors are Admins.
- Added the case and action code for the level “moderated” that was missing in the Dashboard Manage Submissions.
- Added check for the size of user uploaded avatar (set in dashboard). Issue suggested by Adam Burton.
- Modified the user avatar dimensions to 32px instead of 16px in the story tools-bar, and corrected the font-size of many classes and elements that had 0.85em; this was incorrect because a < p > element set to 0.85em and its parent is also set to 0.85em will be rendered 85% of the parent , which will be 72% of the parent!
- Modified some template and PHP files to accurately reflect the HTML tag id to add a label tag to improve accessibility.
- Removed hard-coded sections and tabs titles and created Language definitions in the Language files.
- Removed obsolete code related to masonry.
- Added a tool-tip to explain the “discard” function used in the drop-down gear beside each article.
(all bugs reported on Kliqqi forum and some more)
- Corrected the CHMOD values
- Prevented the change password Form from loading if there was an error in the recovery.
SEO URL method 1 & 2
- Made both URL method 1 and 2 consistent by setting the return to the root.
- Fixed Wrong Markup on Categories.
- Added a hook to check for Captcha errors because it was not checking when Captcha is not solved, users were returned to the registration page without knowing why.
- Fixed Captcha error on submitting a story. It was bypassed.
- Fixed user Avatar URL redirection when changing the user avatar. Now it works in both SEO URL method 1 and 2.
- Fixed the create user in the dashboard. The Form was submitted with wrong or missing data and the Admin would not know what went wrong.
- Modified the delete story PHP file to accurately return to the page or category or group after deleting a story, in SEO URL method 1 and 2.
- Fixed the sidebar Statistics Widget that was not in sync with the data displayed in the widget in the Dashboard; it was including all users levels.
- Fixed a bug (submitted by Kshitij Kumar) in the makeUrlFriendly function that was appending a number to the number of links with duplicate titles. In case one of the links, with duplicate title, was deleted, the function adds 1 to the count of duplicate titles and we might end up with a duplicate title again. Example:
if about-draft-feature-2 is deleted and another link is submitted with the same title, the function finds that we have $n = 2 duplicate titles and returns a new title: about-draft-feature-$n+1 which means about-draft-feature-3. And we end up with duplicate titles again!
- Escaped the link title in case it has an apostrophe or any other character that might generate an error in the MySQL query.
- Modified quotations in queries.
- Added a notice when URL is not required to submit to let users know that Editorial is set On.
- Fixed a bug that was displaying an empty link when the user profile “Homepage” field is empty.
- Chuckroast (work done after the release of kliqqi 3.5.2)
Moved the modules wrappers to /templates/bootstrap/default_modes/ to make it easier and friendly for template developers making the sidebar modules uniform with the rest of the CSS. Affected modules:
- Modified Admin Snippet module and introduced a new option where Admins can activate/deactivate a snippet without the need to deleting it if they don’t want to use it anymore!
- Created an Extra Fields editor in the Dashboard; no manual file editing to use the Extra Fields anymore. (see also the work done in Config & Dashboard)
- Removed the Field Validation Method and Field Validation Error Message, from Extra Fields, because the browser uses its own validation and message when a field is required. Tested in Chrome, Opera, Firefox, IE 11 and Edge!
- Enhanced the links module to also embed Facebook and YouTube videos and audio and images URLs.
- Reinstated the “nofollow” field to the Links module’s settings.
- Added converter to images for URLs with .png, ,jpg, .jpeg, .gif
- Added conversion to YouTube and Facebook video URLs to videos.
- Added conversion to certain audio files extensions: MP3; OGG; WAV.
- Fixed the XML Sitemap link to show in the left sidebar under modules; created templates folder to show the module’s settings link in the left sidebar of the dashboard.
- Added CHARACTER SET AND UTF-8 COLLATE TO THE CREATION OF TABLES.
- Fixed Upload Module, where “upload_fileplace” was defaulting to tpl_plikli_story_who_voted_start. The default now is upload_story_list_custom. Explanation is provided in the label of this field “Where to embed story file list”, the default is “upload_story_list_custom”, which means it is not set.
- Total Story Views: captures the views when a story is viewed in full view, on the story page.Its settings include:
Placement where you want the number of views displayed.
Sidebar display ON/OFF and the number of story to display.
- CKEditor: Modified to work with what HTML tags the Admins allows. It detects the allowed HTML and ONLY loads those.
- Scheduled Posts feature and Module: Admins can activate/deactivate this feature from the Dashboard settings. This feature allows users to submit scheduled posts and the Module will posts them in due date.
- Subscribe to Comments: users can now subscribe/unsubscribe to articles of interests.
- Globally by setting this option on in their profile settings to subscribe/unsubscribe them to receive notification on all the stories they submit.
- Individually subscribing to the stories of interest by clicking the subscribe/unsubscribe button placed above the comments form.
- RSS Import: I fixed few things to make work and also added/corrected few processes to create a CRON job and make it work properly.
- Modified the query to exclude members that are banned or flagged and inactive.
- Accurately get what a group member can share. the modifications will only pull the groups where a group member can share a story that has not been shared by the user or any other group member; a story will not be shared twice to the same group.
- Created get_group_shared_membered function to allow a group member who shared a story to unshare it. Group Admins also have the same privilege to unshare a story shared by group members.
- Fixed the group avatar display that was not displaying unless refreshing the page and generating a CSRF error when refreshing.
- Fixed the modal window not displaying the correct information upon uploading an avatar.
- Added check for size of group uploaded avatar (set in dashboard). Issue suggested by Adam Burton
Config & Dasboard
- Draft posts new settings in the Dashboard configuration.
- Modified the submit template file based on the Draft settings in the Dashboard.
- Scheduled Posts feature and Module.
- Enable/Disable Registration.
- Message to display when Registration is disabled.
- Enable/Disable Submitting articles.
- Message to display when submitting articles is disabled.
- Enable/Disable Comments.
- Message to display when Comments is disabled.
- Maximum Avatar image size allowed to upload.
- Allow Groups to upload own avatar.
- Maximum Group Avatar image size allowed to upload.
- rel=”nofollow”, true or false.
- Maintenance mode from the Dashboard, under Location Installed settings.
- Dashboard Editor to edit the Extra Fields file and activate the desired fields!
- Removed the “Submit Summary Allow Edit” from the settings, because it is obsolete after implementing the “Read more” feature.