iCagenda / ChangeLog

Keep Connected!

3.5.18 Security Release [J! 2.5]

    Legend: !important +added -removed ~changed #fixed
    Info: access to the beta versions and pre-releases are reserved to users with a valid pro subscription.
    iCagenda™ is distributed under the terms of the GNU General Public License version 3 or later; see LICENSE.txt.

  iCagenda 3.5.18 (2016.06.19) Security Release [J! 2.5]

  • +
    Added : username of the user who has submitted event in frontend (event admin edition, Publishing tab).
  • ~
    Changed : a few minor code cleaning.
  • #
    [SECURITY][MEDIUM][Joomla 2.5.x ONLY!] Fixed : possible non-persistent (or reflected) cross-site scripting vulnerability (Note: if you have a Joomla 3 website, you DON'T have this security vulnerability. If you use iCagenda 3.6.0-alpha, NO ISSUE on both Joomla versions 2.5 and 3). A reflected attack is typically delivered via email or a neutral web site. The bait is an innocent-looking URL, pointing to a trusted site but containing the XSS vector. If the trusted site is vulnerable to the vector, clicking the link can cause the victim's browser to execute the injected script (your joomla 2.5 site is not directly compromised, but your visitor could be... please, update!). Again, it's recommended for all users still using Joomla 2.5, to upgrade to Joomla 3 as soon as possible! (Joomla 2.5 is not updated and end of life since December 2014. iCagenda will stop support Joomla 2.5 after iCagenda 3.6 release.)
  • #
    [LOW] Fixed : alias generation if unicode enabled in Joomla global configuration.
  • #
    [LOW] Fixed : user name display in list of events when created_by not set.
  • #
    [LOW] Fixed : possible issue on multiple clicks on submit button (frontend form) resulting in duplicated data.
  • #
    [LOW] Fixed : ordering by username in admin events list.
  • #
    [LOW] Fixed : white page in admin control panel on pdo-mysql database.
  • #
    [LOW] Fixed : issue with some date formats in en-US language.
  • #
    [LOW] Fixed : issue with quick icon plugin on iCagenda uninstall (Joomla admin control panel white page).
  • #
    [LOW] Fixed : 'Place' name translation with Falang.
  • #
    [LOW] Fixed & improved : Image name control (space replacement) and renaming if needed, in frontend 'Submit an Event' form.
  • #
    [LOW][MODULE][PRO] Fixed : missing events if date filter is set to display only past events.
  • Changed files in 3.5.18

  • ~
    admin/models/category.php
  • ~
    admin/models/event.php
  • ~
    admin/models/events.php
  • ~
    admin/models/forms/event.xml
  • ~
    admin/utilities/categories/categories.php
  • ~
    admin/utilities/events/data.php
  • ~
    admin/utilities/form/form.php
  • ~
    admin/views/event/tmpl/edit.php
  • ~
    admin/views/event/view.html.php
  • ~
    admin/views/events/tmpl/default.php
  • ~
    admin/views/icagenda/tmpl/default.php
  • ~
    admin/views/info/tmpl/default.php
  • ~
    [LIBRARY] libraries/ic_library/globalize/culture/en-US.php
  • ~
    [MODULE][PRO] modules/mod_ic_event_list/mod_ic_event_list.php
  • ~
    [PLUGIN] plugins/quickicon/icagendaupdate/icagendaupdate.php
  • ~
    site/helpers/ichelper.php
  • ~
    site/helpers/icmodel.php
  • ~
    site/models/list.php
  • ~
    site/models/submit.php
  • ~
    site/views/list/view.html.php
  • ~
    site/views/submit/tmpl/default.php

Follow Us

Search