Dotclear

Dotclear News » Archives » November 2016

2016 Nov 2

Dotclear 2.10.4

A tiny update which fixes a database connection problem for installation using PostgreSQL lower than 9.1

If you are not in this case, the automatic update will run as usual.

If you are in this case, in order to do this very next automatic update, you have to follow this procedure:

  1. Open the file /inc/libs/clearbricks/dblayer/class.pgsql.php
  2. Insert a new line before the line number 103 and put the following code in this line, then save the file:
return;

You should have something like that:

		/** @ignore */
		private function db_post_connect($handle,$database)
		{
return;
			$result = $this->db_query($handle,"SELECT * FROM pg_collation WHERE (collcollate LIKE '%.utf8')");
			if($this->db_num_rows($result) > 0) {
				$this->db_result_seek($result, 0);
				$row = $this->db_fetch_assoc($result);
				$this->utf8_unicode_ci = '"'.$row['collname'].'"';
			}
		}

This modification will give you again access to your installation.

In order to apply the automatic update, you will have, first, to install a specific plugin, FakeMeUp (available on the DotAddict website), which allow to bypass the control of modified files before update.

Once this plugin installed, make the update and when finished, disable or uninstall the FakeMeUp plugin, as you wish.

Your dashboard should also offer you to upgrade your installation today or tomorrow (depending on your settings). There's also a patch for the developers who prefer this method.


CHANGELOG of this release :

Dotclear 2.10.4 - 2016-11-02
===========================================================
* PostgreSQL < 9.1 fix

2016 Nov 1

Dotclear 2.10.3

A tiny update to fix two minor security vulnerabilities and to allow some specific proxy/ssl server configuration.

Your dashboard should also offer you to upgrade your installation today or tomorrow (depending on your settings). There's also a patch for the developers who prefer this method.


CHANGELOG of this release :

Dotclear 2.10.3 - 2016-11-01
===========================================================
* Security: Fix CVE-2016-7903: Password Reset Address Spoof — Thank's Hongkun Zeng for report
* Security: Fix CVE-2016-7902: Media Manager, unrestricted File Upload — Thank's Hongkun Zeng for report
* CSP: Cope with external sources used in editor's iframe to preview public external content
* Fix: Cope with post.post_position field during flat import
* Fix: Prevents precondition failed during currently activated theme update
* Fix: Remove unecessary header (cope by dotclear) in page plugin
* Fix: Let some proxies playing with standard http and https ports
* Fix: Let SSL runs through a proxy, it may be ok, sometimes
* 🐛 → Various bugs and typos fixed

Sites map