La version 4.1.6 de W-Agora vient d'être publiée il y a quelques instant. Le site officiel n'en fait pas encore référence. Cette version est la première depuis près d'un an, elle est donc la bienvenue.

On y retrouve les principales modifications suivantes :
- nouvelles traductions,
- editeur WYSIWYG,
- meilleure gestion des documents attachés (images, vidéos etc.),
- gestion de plusieurs sites,
- modifications multiplesdans la gestion des emails,
- ajout d'une authentification HTTP basique,
- réécriture complète du backend RSS,
- [...]
- Correction d'anomalies et fixes de sécurité.

Je vous encourage à lire le volumineux changelog pour plus de détails (nous l'avons copié en fin de message car il n'est pour le moment accessible uniquement dans l'archive).

Rappelons rapidement que W-Agora est l'un des systèmes de forums les plus sérieux dévéloppé en PHP sous licence open source.

La news
Téléchargement
Le site officiel



========================
W-Agora 4 : Change Log
========================

(+ : security fixes)

2003 December 10 - Version 4.1.6
================================

o Enhancements / new features :
-------------------------------
* New translations packages
- Czech (user part) (Tomas Kruta )
- Dutch (Joke Bekkering )
- Catalan (mac rac )
- Russian - Swedish (Ulf )

* WYSIWYG editor (htmlarea component) integration in post/edit form
* Better attachments handling (see code changes) :
- Handle PHP code highlighting for PHP files.
- Dynamic resizing of embedded images (Emanuele )
- more embedded mime-types (video, sound) support
- Use PATH_INFO in attachments URLs :/getfile.php/myforum/101/image.gif instead
of getfile.php?bn=myforum&att_id=101
* Several enhancements in emails management (see code changes)
* Added HTTP Basic authentication module
* Added "shared authentication" module (in extras/shared_user.php3) :
allow a site to share the same user database than another site. see usage instructions in
extras/shared_user.php3.
* Multi-site handling:
- added $default_site variable in globals.inc :
- Don't display the site list if only one active site is configured
* users ranking
* more options in user admin page :
- ability to subscribe, register and send emails to selected users
- Can change the password while editing user profile
- added missing fields in edit form
* Add threads sorting order feature (currently only mysql and postgres are supported) :
ability to sort threads by creation date | topic starter | subject | last updated date ...
Supported only with mysql & postgres
* tools/load_users.php3: interactive form added, users File can now be uploaded, forums registration
* simplified setup process (with 2 modes : basic / advanced)
* ability to move/copy notes between threads/forums (Emanuele )
* complete rewrite of rss backend (tools/rss.php, contrib. from David Horwitz

o Fixes, code changes :
-----------------------
+ XSS & PHP include security fixes :
- include/auth.php3
- editform.php3
- modules.php3
- index.php3
- insert.php3
- update.php3
- browse.php3
+ Removed tags in .htaccess because they potentially allowed POST or other requests
to activate scripts. Now all requests to this must be authorized (tbannist)
- bug fixes in default 'agorabb' and 'phorum' templates
- set bn_title if no forum selected (init.inc)
- Italian translations updates
- Gianni Pezzarini
- Emanuele
- Several fixes in tools/update_*.php3
- set user profile variables in preview mode (insert.php3, update.php3)
- login.php, logout.php : ability to redirect to an URL after login in/out
- display a message and exit program if cookie cannot be set in authenticate()
- moved wa_info() to wa_info.php (new).
- almost full rewriting of admin_subscribed_user.php3
- allow new TLD domains (eg .info) in email validation
- fix undefined variables in include/register_globals.php3
- create_site.php3: insert the owner (ie: if logged in as sys-admin but not 'admin') in the newly
created site
- attachements:
- determine mimetype from extension (if known) rather than browser setting
- added att_icon_multiple in mimetypes.php
- open default HTML link into a blank window
- message id (key) is no longer needed to access attachment from getfile.php (only att_id is required)
- mail management:
- send an email to the list when note is validated (switch from hidden to visible)
- set the recipient in the 'To:' header (rather than Bcc:) if there's only one user in the list
- set the recipients in the "To:" header (rather than Bcc:) if $bn_mail_to is not set.
- Remove possible extras Line feeds in headers.
- handle error if mail is sent to an empty moderators list
- mail template was not handled properly
- Fix some warnings in statistics pages
- Fix language detection bug (HTTP_ACCEPT_LANGUAGE not used properly)
- Fix language detection bug in setup/admin panel if no locale file exists for the selected language
- Fix before_access inclusion in various scripts
- do not show email in user list & profiles
- include/auth.php3: add last Visit timestamp in current session
- change_password.php3: fix header handling bug
- include/form.php3: don't set $mail_reply_box if replies are not allowed [Laurent A.]
- init.inc:
- added $logout_url, $logout_string, $logout_text in display_header()
- don't set {post_link} & {reply_link} if forum in readonly/inactive state.
- delete.php3: do not allow user to delete a note with replies
- update.php3: better password management in the the post/edit form
- Fix bugs with hidden notes handling from moderation page
- insert.php3: Handle redirection by form if header(Location) doesn't work for some reason.
- globals.inc: adjust some PHP settings, fix problems with some configurations (yahoo hosting)
- browse.php3: Use mime-type icons in directory listings + display directories before files list
- include/viewnote.php3: display GUESTUSER_USERNAME properly
- include/viewnote.php3: set delete_link / edit_link according to user rights on the note
- profile.php3, register.php3:
- show private forums in register_forums_list, thus, allowing users
to register in a private forum. Just edit the variable $show_forums (in register.php3)
in order to restrict registration in private forums
- field $name was overwritten : fixed
- code cleanup
- allow registration even if a private forum is selected
- New/changed functions in misc_func.php
- getDBaccess() pass $site as argument instead of config. filename (RFU)
- beginForm() : add enctype parameter
- getPasswordField()
- getTextArea()
- customMenu(), getCustomMenu()
- getRadioButton(), getCheckBox() : add id +