New versions SPIP 2.1.1 and SPIP 2.0.12

Monde en
1

Hi,

A new version has been released.

You can download the version 2.1.1. here :
http://www.spip.net/en_download

For the 2.0 branch, the new version can be downloaded here :
http://files.spip.org/spip/archives/SPIP-v2-0-12.zip

These versions correct a serious XSS security bug. Several corrections and some
additional functionalities also come with these releases :

The precise list is detailed in the CHANGELOG file that can be found at
the root directory :
http://trac.rezo.net/trac/spip/browser/branches/spip-2.1/CHANGELOG.txt
http://trac.rezo.net/trac/spip/browser/branches/spip-2.0/CHANGELOG.txt

Here is a brief extract of the original announce (for SPIP 2.1.1) :

  • The treatment of the errors is the same in the virtual SQL server whatever
    the DBMS used.

  • Multiple SQL databases and Multi-servers queries are now more coherent and
    intuitive

  • Concerning the interaction with the plugins, some tags and functions have been
    corrected and completed :

  • #PLUGIN{xxx,tout} returns all the information contained in plugin.xml

  • #URL_ECRIRE returns an empty chain if it’s argument is an unavailable script

  • The default value of the first argument of #ACTION_FORMULAIRE is now #ENV{action}

  • The function plugins_afficher_plugin_dist() returns a link to the script or
    template configurer_NOM_DU_PLUGIN when it exists.

  • The function maj_while() can now update the tables of a plugin

  • The functions lire_meta(), ecrire_meta(), and effacer_meta(), can be applied on
    tables other that the default meta table.

  • The tag #INTRODUCTION now works with the directories like with the articles (the
    field #DESCRIPTIF is taken into account)

  • Every tags #LOGO_xxx now work the same way :

  • #LOGO_xxx{200, 0} returns the equivalent of [(#LOGO_xxx|image_reduire{200, 0})] ;

  • #LOGO_DOCUMENT** returns the path of the file icon

  • A document can be attached to several objects (articles, directories, …)

  • A bug on complex CVT forms has been corrected

  • The statistics work with CSV

  • When the SQL connection isn’t available, the cached version is used with gunzip.

  • json_encode() is used when it’s available

  • Correction of a big bug on
    header(‹ HTTP/1.1 404 Not Found ›);

  • A TEST status can disable the tweets and email notifications

  • Accents can be used in the passwords

  • Admins can change their email address without any confirmation mail

  • var2js is compatible with json_encode

  • the filter direction_css can be used with css generated by templates (if the
    template has the extension .css.html)

  • A new PHP function charger_filtre() can search and load a filter

  • And many more corrections

You can follow the SPIP team on
twitter : http://twitter.com/spipeau
Facebook : http://www.facebook.com/pages/SPIP/174695777822
identica : http://spip.org

.Gilles