Kunena 1.0.8 Read Me

De Kunena

Contenido 1 Release notes for Kunena 1.0.8 Security Release 2 Introduction 3 Security Fixes 4 What is new? 5 What has been fixed? 6 Known issues 6.1 PHP4 Compability Fix 6.2 MySQL Permissions 7 Promise of the Future 8 Downloading Kunena 9 Installing or Upgrading Kunena 10 Credits 11 Change Log

Release notes for Kunena 1.0.8 Security Release

Introduction

Approximately 1 month after the release of Kunena 1.0.7b to the public, some 1,000 registered users and over 11,000 downloads later, Kunena 1.0.8 goes stable.

We are proud to present to you the most advanced integrated Forum Solution for Joomla available. While we originally had no plans to release Kunena 1.0, the events surrounding the shutdown of FireBoard made us rethink our plans and with a gigantic effort the development team made the almost impossible happen. Less than 4 weeks after the initial start of www.kunena.com, after countless late nights that turned into early mornings, we are proud to call it done.

The vast majority of known issues has been fixed. This is the most secure, most stable, best integrated and most optimized version of Joomlaboard, FireBoard and now Kunena - EVER.

Due to the severity of critical Security vulnerabilities fixed, all prior users of FireBoard and Kunena are encouraged to upgrade!

Security Fixes

Kunena Forum 1.0.8 contains several high risk security fixes for FireBoard 1.0.4 and 1.0.5:

1.) Code injection vulnerability of [code] and [code:1] bbcode. It allows for raw html to be inserted into post.

2.) Denial of Service vulnerability by writing some illegal bbcode. It allows php process to run in a busy loop until it runs out of memory.

3.) Unlimited user subscriptions and favorites that can be used to overload the server and cause unlimited email to be sent from the server.

4.) Multiple code injection bugs, that allows a post to contain malicious code.

All users of FireBoard and Kunena beta releases are strongly encouraged to upgrade immediately.

What is new?

You may notice the first difference when you enter to the forum: it loads faster. We have removed almost 40KB of unused javascript and css files which were loaded for every default_ex page. In addition there are many new optimizations, which will make your forum faster and to be able to handle more visitors.

Themes have seen over 150 small fixes in their xhtml code. These changes will make Kunena templates XHTML 1.0 Transitional. Kunena Forum should also work better together with your favorite web browser. We have fixed several IE6/7 specific bugs and some others, which caused pages to behave wrong in many major browsers.

In default_ex theme you can also see the number of new messages for every thread and jump to first unread message by clicking on the new message indicator. And when you are reading the messages, you can see green topic icons, which indicate which messages are new. Because of the limits in our current session handling this feature isn't perfect yet, but it may be helpful when you are reading messages from your favorite threads.

Again in default_ex theme you may now see gray favorite stars. They are other users' favorite topics, which may help you to find interesting topics if you're not reading all the new messages.

Perhaps the most interesting new feature is our new JomSocial integration. In addition the existing Community Builder integration has been updated and optimized for CB1.2. Not all advanced integration features like event streams and user rating or karma have been implemented, but we are committed to tight integration in future releases.

This part or Release notes is still incomplete. Please take a look on more detailed Changelog below.

What has been fixed?

PDF display has been fixed.

Some private pages were shown to anonymous users. You couldn't use them to get or alter any private information, but they have been fixed anyway.

Forum Stats do not show up anymore if you have them disabled. Stats has also been optimized to have minimum performance impact on your site. Wrong thread and message counts have been fixed, as well as uncounted messages at midnight. In Front Page Stats logged in users are now shown in alphabetical order to help you find your friends faster.

jQuery conflicts with MooTools have been fixed. There may still be some js conflicts if you have published modules which use jQuery.

Broken threaded view has been removed. It will probably come back later, after it has been redesigned to be usable.

Moderated categories sent messages for all subscribers before messages had been approved. This is now fixed, but as a side effect you won't get any notification from moderated categories.

Avatar upload has been fixed for internal avatars.

This part or Release notes is still incomplete. Please take a look on more detailed Changelog below.

Known issues

Moderator tools are still incomplete.

There is no advanced search making search not very useful in large forums. Kunena is not yet optimized for large sites, either.

PHP4 Compability Fix

Kunena 1.0.8 accidentally broke PHP4 compability. If you have PHP4, you should add these lines right after installation to get it work in your setup:

Add this to components/com_kunena/class.kunena.php, line 1275:

if (!function_exists("htmlspecialchars_decode")) {
    function htmlspecialchars_decode($string,$style=ENT_COMPAT) 
    {
        $translation = array_flip(get_html_translation_table(HTML_SPECIALCHARS,$style));
        if($style === ENT_QUOTES) { $translation['''] = '\''; }
        return strtr($string,$translation);
    }
}

MySQL Permissions

In order to be able to install and upgrade existing Kunena and FireBoard installations, the MySQL userid used to connect to the database must have the following permissions set:

CREATE TEMPORARY TABLES permission must be granted to the MySQL user id 

If this is not the case, the automatic installer will display a warning message but will continue and the result will be a successful install.

Promise of the Future

In addition to the release of Kunena 1.0.8 we are actively working with the development teams of Community Builder and JomSocial to quickly release integration plugins to enable the proper customization of forum user settings from within those components.

Kunena no longer need to export its settings data into 3rd party components. The plugin architecture of these community platforms allows Kunena to stay in control of the user settings data which has wide implications. ALL user settings will be available to all 3rd party components. The most prominent example are various user icons displayed at individual posts, that never worked for 3rd party integration in the past. The shift in integration architecture allows us to support all Kunena settings no matter what the profile provider is.

These plugins should become available shortly after the release of Kunena 1.0.8 stable.

The big goal for the next release is Joomla 1.5 nativity. We have a running pre-alpha version and will now focus on bringing this up to the level of Kunena 1.0.8 stable - and beyond. In parallel we have developed significant performance improvements to the underlying data design that will allow Kunena to handle the largest, most demanding workloads out there.

Downloading Kunena

We leverage JoomaCode as our single public repository for the public SVN as well as all.

You can find the SVN source code repository here: Kunena SVN

You can find the latest release tarballs here: Kunena Packages

Installing or Upgrading Kunena

Please make sure your target system matches the minimum Technical Requirements or the installer will stop the install or upgrade hard, before creating any tables or applying any changes to existing data structure.

In order to install Kunena please make sure you read our Installation Instructions before attempting any steps. In order to upgrade Kunena from previous versions including FireBoard please make sure you read our Upgrade Instructions.

The Kunena installer has been evolved and tested and handles installs as well as upgrades of existing installs without the need for user intervention or manual sql execution. I keeps a detail version log of all versions that have ever been installed on your site in order to be able to perform incremental upgrades as necessary.

It is NOT required to upgrade to Kunena 1.0.7b prior to running the latest upgrade. The installer has all deltas back to FireBoard 1.0.0 built in although older version of FireBoard prior to 1.0.4 can have various issues to to code quality and manual upgrade issues.

We would like to underscore the importance of backups before and after the upgrade. Never perform an install or upgrade without a valid backup.

Credits

• Lead Developers: fxstein, Matias
• Developers: Noel Hunter, Riba
• Bug Fixes: JoniJnm, Ryan and others
• Documentation: fxstein, johnnydement, Matias, Noel, severdia
• Lead Testing: Wayne

Translators, Testers, and all the others, who have helped us to make this happen...

Change Log

Legend:

* -> Security Fix

# -> Bug Fix

+ -> Addition

^ -> Change

- -> Removed

! -> Note

Usability/UI changes:

+ Kunena logos added to default and default_ex tamplates
# Huge amount of xhtml fixes making Kunena mostly valid xhtml
# Fixed jQuery conflicts caused by $() usage, which rendered some part of UI unusable
^ Use meaningful page titles, add missing page titles
# Removed extra extra slashes from almost everywhere (\ => \\, ' => \')
^ Category parent list: jump to Board Categories with "Go" button (nothing happened before)
^ Mark all forums read & Mark forum read - no more annoying popups!
# Mark all forums read: Fix broken link
# Stats: Visible even if they were disabled
# Stats: Wrong count in topics and messages
# Stats: Today/yesterday stats didn't include messages between 23:59 and 00:01.
^ Forum Stats: Show users in alphabetical order
^ Pathway: Use more general styling, allow better customization in css
# Pathway: Show every user only once, removed comma separator after last user
^ My Profile: Remove confusing link (upload avatar pointing to the same page) from avatar upload
- Show Forum: Removed unsusable threaded view option
# Show Forum: Fixed no ordering for child boards
# Show Forum: Removed number (1111) on top of the page that was sometimes showing up
# Thread View: Work around IE bug which prevented jump to last message
+ Thread View: Make images clickable and enable lightbox/slimbox if present in template
^ Thread View: Subscribe, Favorite, Sticky & Lock - no more useless information screen with timed redirect!
# Thread View: Remove centering from code tags in parser, to fix IE bug
# Thread View: Missing http:// on url codes for url that do not start with www
# Thread View: slashes '\' were removed from Windows paths making them useless
# Thread View: Do not add smiley if it is attached to a letter, for example TV:s, TV:seen
# Thread View: Reverse sort bug fix. Newest messages first now work in thread view
# Thread View: Correct last message link when reverse order is selected by the user
# Thread View: Fixed broken display with wide code
+ Thread View: Make new messages visible (green topic icon)
# Write Message: Fixed broken "more emoticons" pop up in IE7
- Write Message: Removed broken "Close all tags"
# Post Message: Notification page no longer redirects to wrong page after you click a link
# Moderator tools: Changed all "Hacking attempt!" messages to be less radical and not to die().
# My Profile / Forum Settings / Look and Layout fixed
# Search: Fix broken pagination (only page 1 worked in J!1.5)
# Top Menu: My Profile link was pointing to wrong page when using internal profile
^ Shadow (MOVED) messages will now show moderator as author (was nobody)

Changes only for default template:

# Top Menu: No menu entry pointed to Categories if default Kunena page wasn't Categories
+ Thread View: Add titles to buttons (Reply etc)

Changes only for default_ex template:

^ Prevent inheritance of colors from joomla templates making text unreadable in dark themes
# Icons are now transparent
^ Change font sizes from px to relative sizes (small, medium, etc)
^ Expand user list in pathway for longer lists, reduce line height
^ Forum tools menu should work better
^ Improved pagination in Recent Discussions, Show Forum, Thread View & Search
^ Better looking pages with improved usability: Categories, Show Forum and Thread View
# Recent Discussions: You can now limit shown Categories by using backend Show Category setting
+ Show Forum: Show number of new messages (just like in category view).
+ Show Forum: Jump to first new message by clicking new message indicator.
+ Show forum: Added grey favorite icon for other peoples favorite threads
^ Thread View: All icons (Quick reply, Move, Lock etc) are now with a label
^ Thread View: Moved Thread specific moderator tools (Move, Sticky, Lock, Merge) to their own place
^ Thread View: You can now change Topic in Quick Reply
^ Thread View: Show 1-5 Favorite stars (# of favorites: 1, 3, 6, 10, 15)
+ Pathway: Added pathway to the bottom of the showcat & view pages

Backend:

^ Backend / User Profile: Removed bbcode editor, it didn't work
+ Added category id to display in backend forum administration


Email:

^ Improved email notifications sent to subscribed users and moderators
^ Improved email notification when someone reports message to moderators
# Fixed broken URLs in report moderator email
# Fixed sender in all emails. It's now "BOARD_TITLE Forum"


Installation:

+ Increase php timepout and memory setting once Kunena install starts
+ PHP and MYSQL version checks during install
^ Replace com_fireboard with com_kunena in all messages and signatures
+ Installer upgrade added for recent posts categories setting
# Fix broken viewtypes during upgrade and reset to flat
# Fix broken tables fb_favorites and fb_subscriptions


Broken features fixed:
# All new users gets PHP warning when they first enter to the forums
# Image and file attachments should now work in Windows too
# Fixed error when deleting message(s) with missing attachment files
# Fixed error when deleting message(s) written by anonymous user
# Fixed error in search when there are no categories
# Fix "Post a new message" form when email is mandatory
# Allow messages to be sent even if user has no email address
# Added default values for various user fields in backend save function
# Backend, Ranks: fixed bug when you had no ranks
# You may now have more than one announcement moderator
# htmlspecialchars_decode on 301 redirects to remove &amps from getting into the browser URL
# Fixed incorrect MyProfile link logic with various integration options
# Do not send email on new post if the category is moderated
# jquery Cookie error: Prevent JomSocial from loading their jquery library
# Avatar upload was broken if you didn't use profile integration
# Moderator tools: It's now possible to move messages outside moderated area
# RSS: Broken RSS feed in Joomla 1.0.x fixed
# Fixed broken PDF display
# Removing moved thread (or written by anonymous user) didn't work in showcat
^ Removed forced default size for bbcode img tag
# smile.class.php: parser references fixed
# Removed all short tags: < ?= as they do not work in all servers


Optimizations:
^ Stats: Optimized SQL queries for speed and saved 11-20 queries
^ showcat, latestx: Use faster query to find all messages in a thread.
^ Anonymous user cannot be admin, saves many SQL queries


Security:
* Removed hidden form fields which contained users name and email address once for every message in the view
* Require email address setting wasn't enforced when you posted a message
* Don't allow anonymous users to subscribe/favorite
* My Messages will redirect to Last Messages if user has logged out
* BBCode fix for legacy [code:1] support
* My Profile: My Avatar didn't have security check for anonymous users


Debugging, error handling:

^ Use default_ex if current template is missing (no more white screen)
+ additional db check in class.kunena.php
+ basic version info on credits page
+ enhanced version info including php and mysql on debug screen
# modified logic to detect Kunena user profiles to avoid forum crash in rare cases


Misc changes:

- Load and remove sample data has been removed
- Removal of legacy CB integration for profile fields. New functionality through plugin for all 3rd party profile providers
# English: Leading and trailing spaces replaced with   to avoid inadvertant omission in translation
# English: Spelling & grammar corrected
# README.txt: Spelling & grammar corrected


Component integration:

+ Community Builder 1.2 basic integration
+ Basic JomSocial Integration


API / Code changes:

- Remove old unused legacy code
^ default_ex jscript and image cleanup (for faster page loads, smaller zip)
^ Moved jquery.chili jscripts to load at the bottom of the page for faster pageloads
^ Updated jquery to latest 1.3.1 minimized
^ Updated jquery.chili libraries from 1.9 to 2.2
+ Added CKunenaUser(s) class
+ new CKunenaConfig class functionality to support user specific settings


Directory Layout changes:

com_fireboard/ => com_kunena/
com_fireboard/class.fireboard.php => com_kunena/class.kunena.php
com_fireboard/fireboard.php => com_kunena/kunena.php
com_fireboard/sources/fb_auth.php => com_kunena/lib/kunena.authentication.php
com_fireboard/sources/fb_bb.js.php => com_kunena/lib/kunena.bbcode.js.php
com_fireboard/sources/fb_category.class.php => com_kunena/lib/kunena.category.class.php
com_fireboard/sources/fb_config.class.php => com_kunena/lib/kunena.config.class.php
com_fireboard/sources/fb_credits.php => com_kunena/lib/kunena.credits.php
com_fireboard/sources/fb_db_iterator.class.php => com_kunena/lib/kunena.db.iterator.class.php
com_fireboard/sources/fb_debug.php => com_kunena/lib/kunena.debug.php
com_fireboard/sources/fb_file_upload.php => com_kunena/lib/kunena.file.upload.php
com_fireboard/sources/fb_forumjump.php => com_kunena/lib/kunena.forumjump.php
com_fireboard/sources/fb_helpers.php => com_kunena/lib/kunena.helpers.php
com_fireboard/sources/fb_image_upload.php => com_kunena/lib/kunena.image.upload.php
com_fireboard/sources/fb_karma.php => com_kunena/lib/kunena.karma.php
com_fireboard/sources/fb_link.class.php => com_kunena/lib/kunena.link.class.php
com_fireboard/sources/fb_mail.php => com_kunena/lib/kunena.mail.php
com_fireboard/sources/fb_pathway_old.php => com_kunena/lib/kunena.pathway.old.php
com_fireboard/sources/fb_pdf.php => com_kunena/lib/kunena.pdf.php
com_fireboard/sources/fb_permissions.php => com_kunena/lib/kunena.permissions.php
com_fireboard/sources/fb_rss.php => com_kunena/lib/kunena.rss.php
com_fireboard/sources/fb_rules.php => com_kunena/lib/kunena.rules.php
com_fireboard/sources/fb_search.class.php => com_kunena/lib/kunena.search.class.php
com_fireboard/sources/fb_statsbar.php => com_kunena/lib/kunena.statsbar.php
com_fireboard/sources/fb_timeformat.class.php => com_kunena/lib/kunena.timeformat.class.php
com_fireboard/sources/fb_version.php => com_kunena/lib/kunena.version.php
com_fireboard/sources/interpreter.bbcode.inc.php => com_kunena/lib/kunena.parser.bbcode.php
com_fireboard/sources/interpreter.fireboard.inc.php => com_kunena/lib/kunena.parser.php
com_fireboard/sources/parser.inc.php => com_kunena/lib/kunena.parser.base.php


Naming changes:

class boj_Config => CKunenaConfigBase
class fb_authetication => CKunenaAuthentication
class fb_link => CKunenaLinks
class fb_Config => CKunenaConfig
class FBTools => CKunenaTools
class jbSearch => CKunenaSearch
class TOOLBAR_simpleBoard => CKunenaToolbar
variable $fbversion => $KunenaDbVersion
variable $obj_fb_search => $KunenaSearch
FB_ => KUNENA_ (case sensitive)
JB_ => KUNENA_ (case sensitive)


Module positions:

* kunena_profilebox, kunena_announcement, kunena_bottom
* After every message in view: kunena_msg_1 ... kunena_msg_n, where n = number of messages in a page


Template changes:

+ If kunena.forum.css is present in the current Joomla template css directory, load it instead of Kunena

Rename forum.css => kunena.forum.css