Habari 0.8 正式发布

正式发布的时间应该是在12月13号。http://wiki.habariproject.org/en/Release_0.8

下载地址:http://habariproject.org/en/download
PS:发现翻译是个费时间的事情,翻译了几个字后,决定不翻译了。。。浪费时间。

这里先挑重要的说几点,其它的全部copy自habari wiki:
一、Theme Functions的改变:返回值,而不是直接输出。
如原来你可以这样:

1
<?php $theme->header(); ?>

现在你要这样:

1
<?php echo $theme->header(); ?>

你应该检查一下你的主题中的:
header(), footer(), prev_page_link(), next_page_link(), page_selector(), 和 feed_alternate() 调用是否做了如上修改。
二、k2 Theme 由于某种原因被从官方版本中移除,不过可以自己手动下载安装。
三、修复路径暴露漏洞(其实,这个漏洞在各版本的WordPress里面均存在)
config.php文件默认已经加上了如下这条防止路径暴露:

1
<?php if ( !defined( 'HABARI_PATH' ) ) { die( 'No direct access' ); } ?>

其实我看到其它核心文件它并没有加这一条,这一点和WP一样,倒是国内一些程序在这点上做得比较好。


 

Introduction

Welcome to Habari Version 0.8!

这个版本的Habari主要包含一些安全更新、核心的改进和一些功能的改变. 在你升级之前,你应该阅读一下 升级指导.

这也是我们源码托管到Github后发布的第一个新版本. 到这里看看 如何从Github安装Habari.

Issues Addressed

Security

  • 防止admin页面在iframe中加载 d8a544eb85
  • 保护Habari Silo uploads 免受CSRF攻击 04cd07adfc85940b8d8f
  • 过滤了请求admin页面的page字符串以修复一个非持久的漏洞a0f34009aa
  • Prevent direct loading of config files 5eb87a12ca

Thanks again to Mauro Gentile for working with us on these security issues, his contributions are greatly appreciated, as is his patience in waiting for this release before revealing these bugs!

Bugs

A complete list of all the bugs fixed is near impossible. Here are a selected few, and the rest can be found in the commit logs.

  • Remove a call to a PHP 5.3+ method on the admin logs page when filtering by date. r5125 fixes #1447.
  • Many strings that had translation values available but were not using them now will show localized text.
  • Fix errors displayed when using Charcoal. 9a18afb6 fixes #221.
  • Use signed values for moving taxonomy terms. 35735ae fixes #229.
  • Wrong date in entry dash module. 7041fc62 fixes #208.
  • Prevent direct access to files. 64089ee3.

Enhancements

  • Add initial support for child themes, wherein a child theme can use all of the templates of its parent, overriding only templates and styles that it intends to augment.
  • Improve the consistency of rewrite rule names, which may break plugins using those rules. The rule update_entries has been renamed update_posts.
  • Change the default behavior of theme functions from echo to return.
  • Add support for gzip and deflate compression to both SocketRequestProcessor and CurlRequestProcessor, so that any external HTTP requests will be seamlessly compressed to save bandwidth,5e20c9f3b7 and 3687139d57

Other Changes

  • The k2 theme has been removed. It can now be found in habari-extras.

Upgrade Notes

Please read about upgrading to version 0.8. All users will be affected by the change in theme functions and many will want to remove a potential path disclosure issue. Now that it has been removed from the Habari installation, users of the k2 theme will need to manually include it.

Known Bugs

Many bug fixes and improvements have been made since the last release, but as with any piece of software issues and enhancement requests remain. For full details see Habari’s change management system.

更多
No Responses Post a comment

Leave a Reply

Note: You may use basic HTML in your comments. Your email address will not be published.

Subscribe to this comment feed via RSS