Blog v1.18 Release Notes

Release Date: 2019-12-22 // over 2 years ago
  • ๐Ÿ”‹ Features:

    • automatically fix images orientation from exif data.
    • custom bb tags: goal.
    • autocomplete attributes for nick & password.
    • ๐Ÿ“œ show loading while parsing page / uploading image.

    ๐Ÿ› Bugs:

    • ๐Ÿ›  csrf-token compatibity bug fixed.
    • in debug mode show php errors.
    • ๐Ÿ›  datepick bug fixed - when month starts with sunday.
    • autoresize textarea will expand immediatly.
    • drag & drop will accept only one file.
    • mcrypt_create_iv replaced by random_bytes.

    ๐Ÿ”’ Security issues:

    • image upload only using form data
    • ๐Ÿ”Š logs injection prevention.
    • filter data SQL parameters using prepared statements only.
    • == replaced by ===.
    • instad of md5 is used crc32 on server side session check.
    • session cookie is http only.
    • load jQuery only localy.
    • XSS prevention on clien side - JS will treat data from server as text, not as html.