YACS version 5.3: Security, Files, and more
As usual, it is highly recommended to ask YACS to smoothly upgrade your server. For further information check How to achieve incremental upgrades of a YACS server?.
Here is a list of new or updated features coming with this release:
We have identified that some impersonation attacks could be related to invalid cache of answers containing
Also, code to protect from cookie fixation attacks has been moved to users/login.php.
YACS now supports shadow files items. Instead of actually pushing files to your server, you can use external references. For example, you may have some files available at an anonymous FTP server, and still handle them at your YACS server like if they were local to the server. See files/edit.php. This means you can reference huge files, even if your web server does not allow for more than 2M uploads...
Also, alternate href can be provided with files. For example, you can add an eMule or .torrent reference to complement a straightforward reference. See files/files.php and files/view.php. We are intended to better support peer-to-peer protocols, as being an efficient way of sharing heavy files.
The fetching page now displays the target URL used for download, at files/fetch.php. Like Source Forge or other reference public servers, YACS politely indicates what it is doing on upload.
Authorized file extensions have been centralised and extended in files/files.php. New extensions have been added as well. Can someone document me on Open Office extensions?
Sections can now be listed as gadget or as extra boxes at the home page. This is similar to what you could already do with categories, when a streamlined approach is requested. See index.php.
Polls have been enhanced to show results at the home page, and to enable votes at permalinks. See overlays/poll.php.
A link to the index of smileys has been added to many web forms, to let contributors know about the richness of YACS in emoticons.
The handling of sections and articles at the home page now relies on separate and indexed MySQL fields. This solution is by far more efficient than the regular expression in SQL statements we had previously.
The script that sends newsletter, letters/new.php, is now based on the shared/mailer.php library. This one has been dramatically extended, by the way.
Several tables of the database have been added to the Control Panel, at control/index.php: referrals, counters, profiles, members. Previously this information was hidden.
While closing a YACS server you have now the option to indicate an address to redirect to. You can also add some contact information if you wish. See control/closed.php and control/switch.php. YACS even helps you to move your server around...
Remember that we created many new scripts related to items layout in the previous version? This effort has been extended to images, links, locations, servers and tables.
If CURL is available, it is used to fetch remote web objects, passing proxies and handling https: if required. Else the legacy code applies, but it is dumber. See links/link.php.
Tables rendering has been enhanced, as shown in tables/tables.php. The XML download properly renders in Firefox, even with initial weird field names.
The function
The function that store new articles in the database,
The session watchdog has been activated from heartbit.php.
The backup script can now be restricted to the current table prefix. If one database hosts content for several YACS instances, you can backup each instance separately. Also, unsigned integers are now saved correctly. See control/backup.php.
Several bugs have been fixed, including the incorrect boxesandarrows layout for sections at the home page (index.php). Also, images with links are now correctly rendered (codes/codes.php). Minor bugs have been fixed in scripts/validate.php.
phpDoc comments have been added to articles/articles.php, to articles/edit.php
This page has been prepared while listening to Radio Paradise, using Winamp with the Abacast plugin. Very good eclectic music, HiFi quality, requiring only 48kbps. Amazing!
Here is a list of new or updated features coming with this release:
We have identified that some impersonation attacks could be related to invalid cache of answers containing Set-Cookie:. A header Vary: has been added as a standard counter-measure specified by IETF RFCs. Also, code to protect from cookie fixation attacks has been moved to users/login.php. YACS now supports shadow files items. Instead of actually pushing files to your server, you can use external references. For example, you may have some files available at an anonymous FTP server, and still handle them at your YACS server like if they were local to the server. See files/edit.php. This means you can reference huge files, even if your web server does not allow for more than 2M uploads... Also, alternate href can be provided with files. For example, you can add an eMule or .torrent reference to complement a straightforward reference. See files/files.php and files/view.php. We are intended to better support peer-to-peer protocols, as being an efficient way of sharing heavy files. The fetching page now displays the target URL used for download, at files/fetch.php. Like Source Forge or other reference public servers, YACS politely indicates what it is doing on upload. Authorized file extensions have been centralised and extended in files/files.php. New extensions have been added as well. Can someone document me on Open Office extensions? Sections can now be listed as gadget or as extra boxes at the home page. This is similar to what you could already do with categories, when a streamlined approach is requested. See index.php. Polls have been enhanced to show results at the home page, and to enable votes at permalinks. See overlays/poll.php. A link to the index of smileys has been added to many web forms, to let contributors know about the richness of YACS in emoticons. The handling of sections and articles at the home page now relies on separate and indexed MySQL fields. This solution is by far more efficient than the regular expression in SQL statements we had previously. The script that sends newsletter, letters/new.php, is now based on the shared/mailer.php library. This one has been dramatically extended, by the way. Several tables of the database have been added to the Control Panel, at control/index.php: referrals, counters, profiles, members. Previously this information was hidden. While closing a YACS server you have now the option to indicate an address to redirect to. You can also add some contact information if you wish. See control/closed.php and control/switch.php. YACS even helps you to move your server around... Remember that we created many new scripts related to items layout in the previous version? This effort has been extended to images, links, locations, servers and tables. If CURL is available, it is used to fetch remote web objects, passing proxies and handling https: if required. Else the legacy code applies, but it is dumber. See links/link.php. Tables rendering has been enhanced, as shown in tables/tables.php. The XML download properly renders in Firefox, even with initial weird field names. The function Skin::build_box() now generates XHTML ids, to save on Articles::post() now returns the id of the posted page. See articles/articles.php. Error messages, if any, are appended directly to $context['error']. Many scripts have been streamlined thanks to this change. The session watchdog has been activated from heartbit.php. The backup script can now be restricted to the current table prefix. If one database hosts content for several YACS instances, you can backup each instance separately. Also, unsigned integers are now saved correctly. See control/backup.php. Several bugs have been fixed, including the incorrect boxesandarrows layout for sections at the home page (index.php). Also, images with links are now correctly rendered (codes/codes.php). Minor bugs have been fixed in scripts/validate.php. phpDoc comments have been added to articles/articles.php, to articles/edit.phpThis page has been prepared while listening to Radio Paradise, using Winamp with the Abacast plugin. Very good eclectic music, HiFi quality, requiring only 48kbps. Amazing!
Rate this page
Posted by Bernard on Mar. 31 2005, (popular)
