Pligg CMS 1.0.3 Release

Shortly after the 1.0.2 release we were alerted to a vulnerability reported by Secunia and third party researcher Russ McRee. We have resolved the security issues in a timely manner and Secunia will be publishing their report on December 2, 2009. We thank Secunia for notifying us of the problems and properly coordinating the disclosure of this security threat. We do our best to provide quality code to prevent such security issues, but no CMS is perfect.

In addition to the security update, this release includes a new “Spam Trigger” module. We will be providing a video demonstration of this module in the next few days.

Update: Wednesday, December 2, 07:15 PM We have replaced the 1.0.3 download in the forums with 1.0.3b. This update fixes a problem with the comment form so that it will now work with the new security measures put in place from the 1.0.3 release. We have also added another fix for deleting categories from the admin panel category manager and made improvements to the Spam Trigger module.

Pligg CMS 1.0.3 Changes

Below is an abbreviated changelog. To see the full list of changes please view our SVN logs.

  • Security fixes
  • Inline comment CAPTCHA fix
  • Added new Spam Trigger module
  • Deleting a comment now recalculates the story comment number
  • 404error.php URL Method 2 fix
  • Added Italian language
  • Fixed admin language module removing UTF characters
  • Fixed some RSS urls that had an extra forward slash at the end
  • Fix for using quotes within HTML tags in stories
  • Same name category fix
  • Fixed JS in multibox_admin
  • Removed /cache line from robots.txt to allow robots to crawl cached sitemap
  • Login cookie fix for previously untested server configurations
  • Fix for escape slashes in stories
  • Register invalid characters fix for servers where PCRE was compiled without UTF-8 support

1.0.3 Template Changes

Template upgrades will be required for users seeking to move from 1.0.2 and below to 1.0.3. The important changes are simple 1 line additions to add some new security measures to Pligg forms. A slightly more complex update is required for users who want to fix the problem with inline comment CAPTCHAs. The important security template changes apply to the following template files:

  • edit_group_center.tpl
  • editlink_edit_center.tpl
  • group_story_center.tpl
  • recommend_small.tpl
  • submit_groups.tpl
  • user_center.tpl

As usual, we highly recommend that you use a program like Winmerge to compare the Wistie template from 1.0.2 to the latest 1.0.3 version to see all of the template changes since the last release.

4 thoughts on “Pligg CMS 1.0.3 Release

  1. Modules should be fully compatible without any problems. Templates will need to make very small changes so that they will work with the security changes. I will post Arthemia and OneRoom template updates tomorrow along with instructions for others seeking to upgrade.

  2. Great news and nice fixes, thanks. Some questions before your upcoming upgrade instructions: if it is possible, please include the answers to these questions too.

    Using Winmerge is ok, but are there any changes in the database (since 1.0.2), do I have to modify something there too (names, values etc.)?

    If so, what is the normal order of the upgrade: first the database, then files, and at the end the template?

    And how can I put my site offline during the update? So that the users can’t reach any content, until I’ve finished and tested the upgrade?

    Thanks in advance.

Comments are closed.