Changelog 1.7.x
From ClaroDevel
This page aims to resume in a "comprehensive language" what has been changed or fixed between Claroline 1.7.0 and 1.7.x.
A lot of people in the forum asked to get such a list in case of a customized campus, this can be useful. If you need more technical informations about the changes (scripts concerned,... ) please refer directly to the Claroline CVS (http://cvs.claroline.net/cgi-bin/viewcvs.cgi/claroline/?only_with_tag=HEAD).
Table of contents |
Modification between claroline 1.7.7 and 1.7.8
Translations
- Japanese 35% complete by Naoto KIMURA at Takushoku University in Japan.
New features
- Add mail notification : to teacher on new submission, to student on new feedback
Security Fix
- Fix XSS in Wiki, MyAgenda, Documents and links, Forums and Tracking
- Remote file inclusion with register_globals to On. (zone-h (http://www.zone-h.fr/advisories/read/id=1524))
Bugs
- Export SCORM : Compatibility with php5
Modification between claroline 1.7.6 and 1.7.7
Claroline 1.7.7 released, Tue June 13 2006
Translations
- Greek fine tuning by Spiros Ioannou
- Fix charset of greek translation of wysiwyg editor
- Italian 100% complete (6 missing translations) by Stefano Crosatti
Security Fix
- Remote inclusion have been discovered in these scripts.
Platform in register_globals off and/or allow_url_open off are not vulnerable. * claroline/auth/extauth/driver/postnuke.inc.php * claroline/auth/extauth/driver/mambo.inc.php (THANKS TO ZONE-H Team)
- Improve Security : protect blindness all included file to prevent other injection.
Bugs
- Linker : Secure document configuration isn't loaded in linker tool.
- Documents and links : directory named 0 (zero) causes claro_delete_file to exit without deleting all files in a directory
- Wiki : now wiki page title is always case sensitive
- Wiki : fix some javascript warning
- Tracking questions details : Fix queries for mysql 5
Modification between claroline 1.7.5 and 1.7.6
Claroline 1.7.5 released, Wed May 17 2006
Translations
- Czech 100% by Zdenek Machek
- Claroline in Czech: http://www.claroline.cz (coming soon)
- Translated for: ZUS Police (http://www.zuspolice.cz)
- Dutch - fine tuning including the missing items by Klaas Kroeze.
- Italian - fine tuning by Fausto Barbarito (http://www.nosmet.com)
- Greek - fine tuning by Spiros Ioannou
New layouts
- 2 new Layouts :
- clarcomm.css, a new corporate CSS designed by Laurent Colet in the context of an internship at Cerdecam Research Center (Brussels)
- cupertino.css
Fixed bugs and improvements
Bug fix
- Course settings : Cannot enter URL of the department with the character - in it. (fixed by Marina from St-Etienne France)
- Create course : Error message, use $coursesRepositorySys instead of $coursesRepositories (<-- doesn't exist)
Security fix
Remote inclusion have been discovered in these scripts. Platform in register_globals off and/or allow_url_open off are not vulnerable.
claroline/admin/admin_class_register.php claroline/auth/extauth/casProcess.inc.php claroline/auth/extauth/driver/*.inc.php claroline/exercice/answer_admin.inc.php claroline/exercice/exercise_admin.inc.php claroline/exercice/question_admin.inc.php claroline/exercice/question_list_admin.inc.php claroline/exercice/statement_admin.inc.php claroline/inc/claro_init_local.inc.php claroline/inc/conf/auth.conf.php.dist -> Need a manual security hack claroline/inc/lib/add_course.lib.inc.php claroline/inc/lib/event/init_event_manager.inc.php claroline/inc/lib/export_exe_tracking.class.php
Modification between claroline 1.7.4 and 1.7.5
Claroline 1.7.5 released, Wed April 5 2006
Translations
- Slovenian 100% by Sergej Rinc - http://sergej.rinc.ws
New layouts
- 3 new Layouts : claroffice.css, caucase.css and netscape.css
Fixed bugs and improvements
Bug fix
- Add user : Deep redesign of the user addition workflow to fit something more usable and closer to the orginally defined workflow.
- Assigments : Don't update visibility when editing assignment settings.
- Forum : Change the way rank moving is done for forums and categories.
Security fix
- A security hole in the file editing. There was no process to prevent the view of file upside the course directory.
- A remote inclusion in scormExport.php
Modification between claroline 1.7.3 and 1.7.4
Claroline 1.7.4 released, Fri March 20 2006
Translations
- Complete Italian review by Fausto Barbarito <fausto@nosmet.com>
- Complete Greek review by Spiros Ioannou From School of Electrical & Computer Eng. of National Technical University of Athens
- Turkish 34.5% by fazli
Fixed bugs and improvements
Bug fix
- Pear path. The own Claroline Pear path was pushed to the end ot the include_path list. If another Pear path existed, the claroline pear path wasn't take into account.
- Import user list : add mime type of cvs file made with OOo
- Fix a bug with iis and php : $_SERVER['HTTPS'] is 'off' when the scripts was queried through the HTTPS protocol.
- Linker crashes in group forums
- Put in comment the call to session_regenerate_id, error with php 4.3.2 && 4.4.2. Authentication failed.
Modification between claroline 1.7.2 and 1.7.3
Claroline 1.7.3 released, Fri February 17 2006
New feature
- Auth with Ldap : Add a case sentivity flag for username during the authentication process
Translations
- Spanish Latin 100% by Prof. Carlos Brys - Universidad Nacional de Misiones - Argentina
Fixed bugs and improvements
Bug fix
- Missing charset in mail (fix bug: 443)
- Fix wrong variable name in CAS configuration file
- Import csv user list : Remove the useless creation and use of a tmp directory of the uploaded file
- Wiki : double hex encode on e-mail addresses in wiki renderer
- SSO : Fix a tiny security hole in the internal SSO of Claroline
- Course settings : empty email address rejected even if optional
- Course creation : Cannot display course creation error. Syntax error
- Groups : Fix a bug concerning group registration when group are private
- Forum search : missing backtick in the FROM clause of the search query. They prevent the search command to work correctly on multi DB system.
- Learning Path : Fix a bug in sql strict mode ( View forum 4960 (http://www.claroline.net/forum/viewtopic.php?t=4960&highlight=parcours) )
- Wiki : relative url like './wiki.php' are interpreted like wiki link
- Upload File : change str_replace() to str_ireplace() in htaccess2txt() to increase security.
- Groups : SQL error when fill O group (View forum 4910 (http://www.claroline.net/forum/viewtopic.php?t=4910&highlight=group) )
- Import CSV in class : There is a bug in "inc/lib/user.lib.php" that prevents a student to be added to a class if he/she already added to another class. (View forum 4995 (http://www.claroline.net/forum/viewtopic.php?t=4995))
- Delete class : Deleting a class does not remove corresponding memberships in rel_class_user
Modification between claroline 1.7.1 and 1.7.2
Claroline 1.7.2 released, Fri January 13 2006
Translations
- Arabic translation 100% by Eng. Ali
- Polish 100% by Jacek Grudzien (bel2@bel.biz.pl)
- Bulgarian 97,1% by Alexander Simidchiev
- Greek by Lefteris Zacharia
- Persian by Elnaz Sarbar - Farsi Web
- Spanish Latin 99,1% by Prof. Carlos Brys - Universidad Nacional de Misiones - Argentina
- Romanian translation 99,3% by Antonio Apostoliu and Mr. CEO Ion Poiana of National Meteorology School from Romania
- Traditional Chinese 96.7 % by Kiang - Taiwan PHP User Group http://twpug.net/
Fixed bugs and improvements
Bug fix
- Assignments : Fix a bug when trying to download an accentuated filename when using internet explorer.
- Assignments : wrong sql with old mysql version
- Create a course : didn't use "Default course access" configuration
- Install : if port isn't 80, install add the port
- Create course : wrong sql with old mysql version
- Exercise : Add support of chars like [ ] < > :: in fill in blanks text and wrong answers
- Exercise : Add support of chars like [ ] < > :: in fill in blanks text and wrong answers; Compatibility with mysql 5
- Linker : correct bug #430 and bug #431 wrong url generated by document resolver
- Login : Fix a bug in the source Url building in the login process
- Tracking : trafic details, wrong library folder.
- Wiki : Fatal error when an anonymous user edit a page
- Wiki : access to any group wiki from a group (bug #421)
- Wiki : impossible to access a group Wiki when course Wiki is disabled (patch for bug #437)
- Wiki : fix relative url detection bugs (bugs #436, #438 and #439)
- Wiki : antispam not working on mailto urls (bug #440)
Modification between claroline 1.7.0 and 1.7.1
Claroline 1.7.1 released, Tue November 29 2005
Translation
- Arabic 100% by Eng.Ali Ismaeel
- Bulgarian 69% by Alex Simidchiev of Thorax-bg.com
- Croatian 86% by Karolj Skala and Bozo Jonic - Ruder Boskovic Institute http://www.irb.hr/en/
- Dutch 100% by Svenn d'hert - wmtown.com
- French small fine tuning by Hugues Peeters
- French review by Paul Muraille http://www.tictips.com
- Galician 100% by Gerardo Albela González - Bolseiro Servizo de Teledocencia (Edif. Fundición)
- Indonesian by Ery Atmodjo 35.6% --> 99,7%
- Persian 64.5% by Elnaz Sarbar - Farsi Web
- Polish 100% by Jacek Grudzien (bel2@bel.biz.pl)
- Spanish 100% by Gerardo Albela González - Bolseiro Servizo de Teledocencia (Edif. Fundición)
Fixed bugs and improvements
Major Features
- Add an enrolment key for course subscription.
- External Authentification : Rewrite the authentication part to permit to search on potential multi username (login name).
- External authentication : driver to Mambo (http://www.mamboserver.com/) & Joomla CMS (http://www.joomla.org/).
- Course tracking : Add details of user connected this day in the course.
- Forum : Internal search fonctionnality.
Minor Features
- Admin profile : add icons to some commands to clarify the user interface.
- Login : Add titular contact address when course enrollment is not allowed.
- Update pclzip to version 2.4.
- Group : Add a confirmation to delete a group.
- Manage course category : tool to repair a broken tree
- CAS : Improve the script and add the possibility to use CAS authentication and Claroline authentication.
- Home Page : New configuration to order course by : official code (default) or course title.
Bug fix
- Administration, add a user list : Impossible to acceed the script from administration.
- Administration, add a user list : Take account of config for secure password check.
- Announcements (Send it by email) : transformation allowing to capture and keep url's in the following case : click <a href="http://www.claroline.net">here</a>. This string is transfomed like this : click here [ http://www.claroline.net ].
- Announcements (Send it by email) : transformation html list in text list with '*'.
- Assignments : use function move_uploaded_file instead of function copy for upload of file
- Assignments : Display of assignments' description was broken.
- Assignments : Add mecanism to change the visibility of all submitted works when changing "default works visibility" in assignment edition. That mecanism is available using a configuration variable. ( 4156 (http://www.claroline.net/forum/viewtopic.php?t=4156))
- Assignments : Add a pager toolbar at the bottom of user list
- Authentication : Login & password not unquote in register_globals=On and magic_quotes=Off (login & password can now contain ')
- Chat : Set the charset of the page ( Forum 4405 (http://www.claroline.net/forum/viewtopic.php?t=4405) )
- Course settings : multi email are accepted.
- Display file size unit : add a space between value and units ( ie : 35,4 Mb instead of 35,4Mb ).
- Documents and links : Links with get parameters are wrong encoded.
- Documents and links : Notice messages when uploaded file is too bigger. (bug 371 (http://jupiter.cerdecam.be/bug/view.php?id=371))
- Documents and links : Add .pps mimetype (suggested by Marina from university of Saint-Etienne, France)
- Documents and links : Error with files with double '.'
- Edit zone file : Save also the text zone, if the content is only an image.
- Exercises : Display pager on questions pool page.
- Exercises : Attach a file, the name of temporary file was not correctly returned.
- Exercises, question pool : Pager was not using filter.
- Exercises: Cannot choose a question to import in a exercise if this question is not on the first page of the question pool
- External authentication : Adapt Package LDAP from PEAR to work like others drivers.
- External authentication : Patch fixing the #348 bug (Auth LDAP not retrieve user attributes)
- External authentication : Prevent username modification when the authentication source is not claroline.
- Forum : Add a cancel button to the form
- Forum : Fix some breadcrumb mistake
- Groups : Sql warning when we fill groups in a course with no users.
- Install : Check the minimum version of php ( 4.3.0 ).
- Learning Path, Import Scorm package : Check if item has an identifier before recording it. Learning Path : php session aren't saved with header location (redirection) on IIS server.
- Learning path, export : Impossible to create folder. (Fix open_basedir and safe_mode restriction with recursive use of claro_mkdir function)
- Linker : remove http://SERVER_HOST/ from javascript path function to avoid possible issue with https protocol
- Login Page : Don't display course select box if user isn't enroll to a course.
- Login Page : Registration link is wrong on login page. (Forum 4194 (http://www.claroline.net/forum/viewtopic.php?t=4194) )
- Manage course categories : Detect infinite loop if broken structure.
- Manage course categories : Fix a wrong SQL.
- RSS : Don't feed hidden entrie from aganda and announcements
- Send mail: Set the charset of email
- Tracking : Fix some error in documents tracking.
- Tracking : Correct breadcrump in login_details.php
- Tracking : Delete all course statistics, delete also learnpath progress.
- Upgrade : Don't set currentDbVersion in the script before test of version.
- Users profile : Password Too Easy : Add a correct message when password is too easy.
- Users tool : Display Lastname before firstname in users list.
- Users tool : Order search results of add a user.
Security fix
- A remote file inclusion vulnerabilities with register_globals on
Improve installation of claroline on mutualized hosting
- Fix some error with PHP open_basedir configuration.
- RSS configuration : Add a properties in configuration to enable or disable RSS. (Disabling is needed, if PEAR isn't available)
- Don't use ini_set function (jexiste.fr) use set_include_path and get_include_path
- MySQL queries : Fix some queries error with Mysql 5