sNews Verson: 1.7.1 Patches Log - Official Download ================================ Date: October 22, 2010 By: Keyrocks, sNews Dude History: ---------- Several minor bugs were reported in various locations and patched over the period from when sNews 1.7 was released up to October 2010. While most of these patches were made to the Official Download package up to July 14, 2010, the version of this package remained as 1.7. As well, some important patches had been overlooked as they were not located in the Patches/Fixes Board - http://snewscms.com/forum/index.php?board=92.0 where they were easier to keep track of. Versioning for Better Tracking ------------------------------- This package, as released on October 22, 2010 is now officially referred to as sNews version 1.7.1. Each time the Official Download receives a number of revisions, it will be re-numbered as a new version. The next package release will be 1.7.2 and the next one after that as 1.7.3... and so on. All versions within the sNews 1.7 series will only include patches and fixes to correct bugs or improve performance. They will not include new (or improvements to) system functionality. When there is a need to include new (or improvements to) system functionality, we will then change to a new version as 1.8.0, and minor patches & fixes to that version will be sub-numbered with each release as 1.8.1... 1.8.2... and so on. sNews 1.7.1 - Patches and Fixes List ------------------------------------- This file contains the detailed references for all patches made to the Official sNews 1.7.1 package as of this date. All patch locations can be found by searching for the patch number in the affected files as noted for each patch reference. ============================================================================================ Patch #1 --------- Reported on: Nov.02.2008 Issue: New comments and comments pagination Reference: http://snewscms.com/forum/index.php?topic=7839.0 File affected: snews.php Search words: Patch #1 - 1.7.1 Patch #2 --------- Reported on: Nov.02.2008 Issue: ID assigned to text field and check-box Reference: http://snewscms.com/forum/index.php?topic=7840.0 File affected: snews.php Search words: Patch #2 - 1.7.1 Patch #3 --------- Reported on: Nov.03.2008 Issue: Deleting files Reference: http://snewscms.com/forum/index.php?topic=7849.0 File affected: snews.php Search words: Patch #3 - 1.7.1 Patch #4 --------- Reported on: Nov.08.2008 Issue: Upgrade SQL - missing items Reference: http://snewscms.com/forum/index.php?topic=7882.0 File affected: SQL/snews16-17.sql Search words: none Patch #5 --------- Reported on: Nov.18.2008 Issue: Future Posting - SQL error Reference: http://snewscms.com/forum/index.php?topic=7959.0 File affected: snews.php Search words: Patch #5 - 1.7.1 Patch #6 --------- Reported on: Jan.04.2009 Issue: extra character in admin.js - removed a redundant semi-colon. Reference: http://snewscms.com/forum/index.php?topic=8092.0 File affected: js/admin.js Search words: none Patch #7 --------- Reported on: Jan.07.2009 Issue: 404 Errors fix Reference: http://snewscms.com/forum/index.php?topic=8105.0 File affected: snews.php - in 3 locations Search words: Patch #7 - 1.7.1 Patch #8 --------- Reported on: Jan.03.2009 & Jan.23.2009 Issue: Freeze comments - in administration settings Reference: http://snewscms.com/forum/index.php?topic=8091.0 File affected: snews.php - in 2 locations Search words: Patch #8 - 1.7.1 Patch #9 --------- Reported on: Feb.23.2009 Issue: \r\n bug when article saving error occurs Reference: http://snewscms.com/forum/index.php?topic=8256.0 File affected: snews.php - 3 strings replaced Search words: Patch #9 - 1.7.1 Patch #10 ---------- Reported on: Mar.26.2009 Issue: double // on links to comments on extra pages Reference: http://snewscms.com/forum/index.php?topic=8344.0 File affected: snews.php Search words: Patch #10 - 1.7.1 Patch #11 ---------- Reported on: Dec.21.2009 Issue: Save/Edit button - a tiny fix Reference: http://snewscms.com/forum/index.php?topic=8847.0 File affected: snews.php (3 locations) and lang/EN.php (1 location) Search words: Patch #11 - 1.7.1 Patch #12 ---------- Reported on: Feb.20.2010 Issue: Function Contact - security patch Reference: http://snewscms.com/forum/index.php?topic=8939.0 File affected: snews.php - at // CONTACT FORM Search words: Patch #12 - 1.7.1 Patch #13 ---------- Reported on: April.13.2010 Issue: Admin's Extra VIEW link for All & Page Only results in 404 Error Reference: http://snewscms.com/forum/index.php?topic=9040.0 File affected: snews.php Search words: Patch #13 - 1.7.1 Patch #14 ---------- Reported on: Oct.18.2009 Issue: RSS Comment feed incorrectly linked paginated comments Reference: http://snewscms.com/forum/index.php?topic=8719 File affected: snews.php - in: // RSS FEED - ARTICLES/PAGES/COMMENTS function Search words: Patch #14 - 1.7.1 Patch #15 ---------- Reported on: May.30.2010 Issue: XSS vulnerability in Comment posting Reference: http://snewscms.com/forum/index.php?topic=9124 File affected: snews.php - 3 locations within the // COMMENTS function Search words: Patch #15 - 1.7.1 Patch #16 ---------- Reported on: Sept.09.2010 Issue: Page link shows in Sitemap when set as the Home page Reference: http://snewscms.com/forum/index.php?topic=9375.0 Solution used: by Skian - http://snewscms.com/forum/index.php?topic=8896.msg65884#msg65884 File affected: snews.php - 1 location in the // SITEMAP function Search words: Patch #16 - 1.7.1 Patch #17A ----------- Reported on: Jan.23.2009 Issue: Removed redundant variables in function rss_contents Reference: 2a in - http://snewscms.com/forum/index.php?topic=8896.0 File affected: snews.php - 2 locations Search words: Patch #17A - 1.7.1 Patch #17B ----------- Reported on: Jan.23.2009 Issue: Removed redundant variables in function rss_links() Reference: 4. BUGin - http://snewscms.com/forum/index.php?topic=8896.0 Solution used: Improved function - http://snewscms.com/forum/index.php?topic=8391.msg62954#msg62954 File affected: snews.php - replaced function withimproved function, Eliminates need for global variables and replaced 3 queries with one. Search words: Patch #17B - 1.7.1 Patch #18 ---------- Reported on: April 29, 2009 Issue: Login problem when using IE8 Reference: http://snewscms.com/forum/index.php?topic=8416.0 Solution used: by KikkoMax - http://snewscms.com/forum/index.php?topic=8416.msg60771#msg60771 Files affected: snews.php - 2 locations: 1 in // STARTUP section, 1 in the // MATH CAPTCHA function. Search words: Patch #18 - 1.7.1 Patch #19 ---------- Added on: Oct.19.2010 Issue: none Purpose: minor, corrective styling changes to administration panels Replaced remaining fieldsest tags with css classes in several admin functions. File affected: snews.php and css/style.css Search words: Patch #19 - 1.7.1 Patch #404 ----------- Added on: Oct.17.2010 Issue: Viewer not re-directed anywhere when 404 errors occur Reference: http://snewscms.com/forum/index.php?topic=9457.msg65890#msg65890 - 404 now redirects to Sitemap with a custom message block above it. File affected: snews.php - 3 locations: 1 near the end of function center(), 1 in lang/EN.php, and .warning declaration added to the css/style.css file. Search words: Patch #404 - 1.7.1 =============================================================================================== To-Do List -------------- 1. Block URL access to server files ---------------------------------- Anyone can access a core file on the host server by pointing to it in the browser. Example: http://www.yoursite.com/css/style.css allows one to open or download the file on his/her computer. Example: http://www.yoursite.com/images/logo.gif allows one to view and copy the image. Solution Needed: ----------------- A way of blocking access to all core files and folders without affecting general site operation and performance. ===============================================================================================