Return to main site

Reporting

• Ruud van Melick in Weert, the Netherlands
• Sencer Yurdagül in Köln, Germany
• Robert Wetzlmayr in Lenzing, Austria

Search

Archive

RSS / Atom

Development

• 4.0.x/dev branch
• 4.1.x/crockery branch

Textpattern 4.0.6 released

After quite a while and lots of work from many, many people it’s finally here. Textpattern 4.0.6 is available as always on the download page.

We have fixed no less than six security issues. Because half of those can be used from the public side, updating is strongly recommended.

Updates should be seamless for the vast majority of people, otherwise make sure that all plugins are also updated to their most recent version, especially admin-side plugins. We’ll add entries to the FAQ specifically for 4.0.6 where questions may arise.

Changes in 4.0.6:

• Security (public side):
  • safer use of txp_login cookie + nonce (note: users are logged out after upgrading!)
  • fixed XSS vulnerability (thanks DSecRG) and input validation in setup script.
  • fixed XSS vulnerability and parameter value overflow in comments preview (thanks DSecRG)
• Security (admin side):
  • add missing escape in SQL query (admin side)
  • fixed local file include vulnerability (publisher only) in textpattern/index.php (thanks DSecRG and Victor)
  • escape request method as shown on logs tab (thanks Victor)
• New languages: Croatian, Korean, Português (Brasil), Serbian (Latin + Cyrillic), Turkish and Vietnamese
• New tags:
  • <txp:if_search_results> </txp:if_search_results>
  • <txp:search_term />
• Changed tags:
  • <txp:thumbnail /> allows non-JS links to the full-size image
  • <txp:article_custom /> allows comma-separated lists for category, section and author attributes (thanks Manfr
    e)
  • <txp:linklist /> allows comma-separated list for category attribute
  • <txp:file_download_list /> allows comma-separated list for category attribute
  • <txp:recent_articles /> allows comma-separated lists for category and section attribute
  • <txp:related_articles /> allows comma-separated list for section attribute
  • <txp:search_result_excerpt /> allows a custom “break” attribute defaulting to an ellipsis
• Several tags have been deprecated and will be replaced automatically during the upgrade: <txp:sitename />, <txp:request_uri />, <txp:s />, <txp:c />, <txp:q />, <txp:id />, <txp:pg /> (more info)
• Added ‘password reset’ functionality (with confirmation email) on the login screen
• Update to jQuery 1.2.2 as a default JavaScript library
• Fix textile list incompatibility with PHP 5.2.4 (and higher)
• Fix http-auth when using lighttpd or (mostly) apache+fcgi
• Fix HTTPS protocol check for ISAPI with IIS
• Fix use of article tags on a sticky article page
• Speed improvements (less SQL queries needed)
• Pages, sections and styles can no longer be accidentally deleted if they are used on other tabs.
• Corrections in the tag builder
• Refrain from showing sticky articles from non-frontpage sections in search results
• Enable separate search section for messy URL mode
• Plugin developers should note that using add_privs() for admin-side plugins is now required (used to be optional for publisher-only plugins) and the included HISTORY.txt contains other useful information.
• Many, many minor improvements, see SVN logs

Further reading:
FAQ-Entries specific to 4.0.6 (will be added when they arise)
Textpattern Contributors (will soon be updated to 4.0.6)
Forum-Thread for the announcement

Posted 3 February 2008, 00:30 by Ruud van Melick ·

Digg This

Comment

1. Stellar! Ultra sound project management.

   — Joe Hastings · Feb 4, 07:05 AM · #

2. I’m new to TXP, how does TXP 4.0.6 compare to Wordpress 2.3.2?

   Thanks in advance for any help.

   — Duncan · Feb 4, 05:43 PM · #

3. Duncan: for tha kind of cuestions it is better you visit de forum: forum.textpattern.com/

   — Jorge Hernández Añón · Feb 4, 09:39 PM · #

4. Ohh people you rocks…

   — vik407 · Feb 5, 06:30 PM · #

5. This update doesn’t seem to be as big as was the previous one, but nice job anyway! Thank you.

   — Petri · Feb 6, 08:29 AM · #

6. thank you!!

   just upgrade, all ok!

   — peppeg · Feb 6, 07:13 PM · #

7. always great stuff from txp, thank you

   — segamega · Feb 7, 09:53 AM · #

8. Thanks…

   — Viking KARWUR · Feb 7, 06:39 PM · #

9. I have been visiting this site for a long time, so i decided to show you my appreciation by making a comment.

   Thnaks,
   Jim Mirkalami

   — Jim Mirkalami · Feb 8, 03:38 AM · #

10. This is great. A big thanks and congrats to the TXP DEV team!

    Forgive me if this is the wrong place for it, but is anyone having troubles when posting from MarsEdit to Textpattern 4.0.6 with Textile formatting being ignored?

    — Terry Evans · Feb 11, 07:03 PM · #

11. Thanks for the great work..
    Sheru

    — Sheru · Feb 18, 08:34 AM · #

12. Everything works fine — you’ve done a great job, as allways!

    — goncourt · Mar 12, 06:35 PM · #

13. Wordless…
    Just a wonderful product, now a little bit better. Keep the good work going!

    — petrutz · Mar 12, 07:21 PM · #

Message (Required)

Textile Help

Name (Required)

E-mail (Required)

Website

Remember

Copyright 2001–2008 Team Textpattern · All Rights Reserved