FUDforum 2.6.0 was released on 5 January 2004. This release is no longer supported. Please upgrade to FUDforum 3.0.0 ASAP.
After about 2 month of development FUDforum 2.6.0RC1 is finally out and hopefully it'll be followed by the final release shortly.
Here are the changes:
- Removed some unnecessary table locks, that make FUDforum operations faster. This should accelerate browsing for anonymous users quite significantly.
- Added few SQL engine specific tricks for MySQL & PostgreSQL to gain maximum performance in some complex situations like view rebuilding.
- Eliminated MySQL specific ENUMS and replaced them with much faster & neater bit masks.
- Big theme compiler optimization, it is now roughly 4 times faster. Compiling 1 theme on a Celeron 433 takes ~4 seconds versus 15+ seconds before.
- Updated FUDforum icons. The new icons come from the KDE project, kudos to the designers.
- Updated the layout to be more compact (thanks to all who helped make it better).
- Added a new permission setting SEARCH, which allows restriction of searching capabilities.
- Simplified FUDforum's CSS file, it is now a single file, without any extraneous code, meaning that you can just edit it inside any HTML/CSS editor. The new CSS file also gives you much greater control over the various forum elements.
- Greatly simplified the PATH_INFO code, the PATH_INFO template is now merely the changed URLs rather the entire copy of default template.
- Added functionality to the compiler allowing it to use partial templates & message files. Now you can create a theme and only put the changed sections inside it, rather then an entire copy of the theme.
- Various small bug fixes & tune-ups that did not make it to 2.5.3 release.
P.S. Due to this being a massive change and this being the 1st RC1, if you decide to upgrade an existing forum, be sure to make backups first.
This is a fairly small release as far as changes go, the main reason for the release being a fix in the upgrade script that resulted in failure of MySQL 4.0+ installations.
Beyond those changes, there are a number of template changes that remove just about all layout styling from .tmpl files and moving it into the forum.css.tmpl file (this file generated CSS to control FUDforum's layout). This change will empower users to alter the layout far easier and conviniently then before.
Beyond the layout the following fixes were made:
- Added .htaccess to protect tmp directory in the event is is web browse-able.
Yet another release candidate for the RC3 release. A few more fixes this time.
- Avoid unnecessary work when compiling default theme.
- Fixed custom theme upgrading.
- Fixed broken page, when user forces category option in the forum drop down.
- Check refer before allowing session through. When multi-host sessions are not used validate the session based on IP, Browser & any proxy routes.
- Added support for cookie sessions.
- Added the ability to disable message tree views.
- Implement pager for private messages.
- Various additional input validation patches.
- Fixed broken selmsg links in path_info theme.
- Prefix theme name to backed up files.
- Updated Chinese translation.
- Fixed glob() workaround for older PHPs.
Various fixes that bring us another step closer to the final release. This release implements a major security hardening fix. Consequently I ask that anyone and everyone try this release and report bugs.
- Fixed possible bug in sys_id tracking.
- Added missing include to iemail.inc that causes problems when SMTP is used.
- Updated German & Chinese translations.
- Fixed bug in template editor when editing sections with similar names.
- Added anti-cache code for forum pages in the form of 3 anti-cache headers.
- Added workaround in referrer check for proxies/browsers that mangle HTTP_REFERER.
- Make referrer checking optional (disabled by default).
- IP tracking workaround for AOL users, who use AOL browser.
- Sanitize login/alias names for 0-31 127-159 character ranges.
- Move admincp above the forum path on message view.
- Fixed pager in path_info template set.
- Added missing code bit to mark accounts unapproved on forums where admin needs to approve every new account.
- When user confirms account and it has not yet been validated by the admin give them a message to indicate why they cannot yet use their account.
- Incorrect sig options.
- Uploaded image insertion fix.
- Corrected possible // in path info URLs.
- Fix all/none links for private message selection for path_info themes.
- Show default theme 1st in profile editor.
- Make MySQL password a hidden field on admin control panel.
- Fixed bug in web message editor, when editing messages with similar names.
- Disallow non A-Za-z0-9_ characters in theme names.
- Switched from gif to png images for some icons.
- Fixed a bug during login when anon-user uses PATH_INFO theme and user uses non-PATH_INFO theme.
- HTML encode description so that it does not break the forum/category editor forms.
- Added missing continue in file attachment handling inside nntp.inc, which may result in an unterminated loop.
- Fix htaccess handler for non-apache sapis and add missing return inside installer & upgrade script.
- Fixed notice warnings inside installer & upgrade script.
- Better default WWW_ROOT selection for CGI & Fast-CGI installs.
- Sequence number security mechanism(read more below).
Sequence number security mechanism
To prevent unauthorized requests FUDforum now implements sequence number security mechanism. What this means is that every request is prefixed with a random number that changes every request. Every POST request and GET requests that modify things now validate this number before accepting input. If the sequence number does not equal that of a request prior to the current one, the input is rejected.
This is a mini release aimed at addressing several issues resulting directly (and indirectly) from the security hardening in RC4.
The changes are as follows:
- Make session IP checking optional. (off by default)
- Corrected admin links on find user page.
- Corrected links to admin control panels in path_info theme.
- Make Sequence Key be valid for up to 10 minutes. (this fixes many issues).
- Fixed category collapsing bug.
- Fixed download of file attachments where filename contains space(s).
- Added checks in logout code to prevent permission denied errors when logging out from within a secure forum.
- Fixed premature clearing of the data inside the sessions table (caused premature logouts).
- Added an option to allow NNTP e-mail obfuscation when synchronizing FUDforum posts to newsgroups.
Getting ever so closer to the final release here is RC6, which if all goes well will be final RC before 2.6.0 stable is released.
- Synchronize appearance of private messages & normal messages.
- Updated Russian & Chinese translations.
- Better memory limit handling for CGI installs.
- Permission fixes for CGI/Fast-CGI sapis.
- Make default category status 'Open'. Properly show Collapsed/Open status in the category list.
- Added missing session & sequence id to file deletion confirmation dialog.
- Fixed display of inherited permissions.
- Fixed IP check.
- Added missing hidden fields on login form.
- Fixed possible query failure in group cache rebuilding when there are no groups.
- Fixed possible bug in threaded topic view.
- Added time unit to sig length.
- Added missing sequence & session ids to forum manager.
- Document previously undocumented FUDcode tags (sub, sup, php, notag, spoiler) in the FAQ.
- Fixed last post link on profile page for admins on profile page.
- Added "Add to buddy list" link on profile page.
- Fixed possible E_NOTICE in path_info template.
- Remove useless database fields during upgrade.
- Secure files & messages directories against direct webaccess.
- Implement searching of multibyte languages, currently BIG-5, gb2312 are supported. More will be added as more multibyte localizations are added.
- Added WWWBoard conversion script.
Following the open source mantra of "release early,
release often" here is yet another RC.
- Do not show referrals tab, which referral tracking is disabled.
- Make insertion of FUDcode at cursor or around selected text work in Mozilla.
- Fixed query error (on update) in replace filter.
- More session tracking validation fixes.
- Fixed upgrade script when upgrading PostgreSQL forums.
- Fixed voting on polls when URL sessions are used.
- A few PATH_INFO theme fixes.
- Fixed separator between user names on logged-in list.
- Updated French & German translations and cleaned up English translation.
- Multi-host fixes.
- Updated phpbb2 conversion script. it works with FUDforum 2.6.0 and is confirmed to work with phpbb2 (2.0.4 and 2.0.6).
Here is RC8, more bug fixes hopefully the final set of the session authentication fixes which is the reason we are having all these RCs.
- Added Finnish translation by Jani Taskinen
- Updated French translation
- Fixed tag insertion with Mozilla & Opera browsers.
- Fixed various links & forms to work properly with PATH_INFO theme.
- Session validation fixes.
- Prevent query errors in the installer if user uses the back button and repeats certain steps.
- Few corrections to the English translation.
- Trim message before writing in message editor.
- Fixed last post calculation in the consistency checker.
- Allow Admins & Moderators to bypass edit time limit.
- Do not overwrite .htaccess if one already exists.
- Better handling of [code] tag.
- Fixed missing include needed for poll voting on certain forms.
- Use translated text for labels on the group manager.
- Added missing hidden fields for several admin control panels.
- Fixed layout of private message display form.
- Added prefix to reset messages that informs the user who requested the reset and how to reach the admin.
- Set default text color in CSS
- Possible fix for bug when using SMTP to send e-mail to a mailing list.
Here goes RC9 few more fixes, the major things seems pretty solid now and most of the fixes handle small noncritical bugs so I'd say we're are no more then 1-2 weeks away from the final release.
- Some CSS fixes pertaining to default colors.
- Fixed last_post_id calculation for the forum.
- BIG optimization in consistency checker for users of MySQL 4.0.4+.
- New & improved pseudo-random sequence ID generation coupled with a shorter lifetime of each sequence key.
- Fixed poll view results links.
- Opera & Konqueror workarounds for 'change focus to message' code.
- Fixed a bug that prevented clearing of the image field in the user profile.
- Fixed possible query failure with the RDF code.
- Fixed pager in private messages.
- A number of fixes for the import/dump process.
- Make custom tags be ordered by name.
- Fixed admin toggle & moderation manager.
- Prepend http:// to URLs inside [url] tag if it's missing.
- Fixed unconfirmed user removal query.
- Fixed deletion of users from a group.
- Fixed post & topic calculation on the front page.
- Few small optimizations of FUDcode parser.
Getting closer to the finish line, this release is mostly tidying and there are very few bugs that needed fixing.
- Allow control over smilies per-row via templating system.
- Few small optimizations.
- Drop umask usage in installer/upgrade script as they don't seem to work as expected on some systems.
- Optimize FUDcode <-> HTML process
- Fixed query counting in import script & added recovery mode.
- Reinstated support for ../ and / URLs.
- Change [code] background color.
- Added [pre] tag.
- Updated Turkish translation.
- Fixed 'unread' link on tree view.
RC11 is out and it looks like it may be the last RC before the final release. There were a few bug fixes and I am happy to say that no critical bugs were found.
- Several FUDcode parsing fixes.
- Improved styling of admin control panels.
- Added Lithuanian translation.
- Make ICQ static image to prevent slowdowns due to intermitent web.icq.com service.
- Check anon user's IP against IP filter prior to allowing posting.
- Fix display of IM links containing special characters.
- Moved common db functions into core.
The long awaited 2.6.0 release is finally out after an extended release process, which hopefully makes it a very stable release.
Beyond the RC11 there were a few minor changes that went into 2.6.0
- Updated Icons
- Fixed editing of primary groups.
- Fixed group validation in consistency checker.
- More checks for user deletion to prevent deletion of a user with an id of 1.
- Safari & Konqueror browser workarounds.
- Better error detection for MySQL dbs, where indexes may have different keys.
- Fixed a bug that prevented signature from being appended to message posted to mailing lists & NNTP via the forum.
- Proper conversion of HTML [quote] tags to plain text version for e-mail.
- Added "Last Visited" to the user information page.
- A much faster way for making PNGs Alpha transparent on IE.
- Send Content-Length header for attachment downloads so that browsers can show proper progress indicator.
- Better symlink wrapper for php < 4.3.2 for windows.
- Fixed message navigator link in PATH_INFO theme.
- Increased default font sizes.
- Removed hard coded image sizes to allow for easier customization.
- Slight optimization to message displaying code for topics with large numbers of messages.
- Fixed handling of no filters on selmsg page.
- Be more strict with URL parsing.
- Increased SQ expiry
- Fixed handling of attachments in private messages.
- Make action field TEXT rather then VARCHAR
- Make spell checker avoid numbers.
- Fixed avg post calc for locales where decimal separator is a ','.