Contao

Contao

Contao è un programma open source di gestione. Contao è stato precedentemente noto come TYPOlight.

Installazione in 1 clic Contao

Installazione in 1 clic

Aggiornamento facile Contao

Aggiornamento facile

Salvataggio e ripristino Contao

Salvataggio e ripristino

Informazione

Applicazione
cms
Categoria
Content Management Systems
Versione corrente
3.5.17
Ultimo aggiornamento
20 September 2016
Lingue
Italiano + 16 altre

Configurazione richiesta

Dimensione dell'installazione
43 Mo
Database
mysql
Licenza
open source
Veduta d'insieme
Novità

3.5.17


20 Settembre - 43MBThis bugfix release fixes several problems, including an issue with entering the password in the "close account" module and with the automatic indexing of a page. In addition, the list of countries and languages has been updated.

Changelog
  • Fixed: Handle special character passwords in the "close account" module (see #8455).
  • Fixed: Handle broken SVG files in the Image and File class (see #8470).
  • Fixed: Reduce the maximum field length by the file extension length (see #8472).
  • Fixed: Fall back to the field name if there is no label (see #8461).
  • Fixed: Do not assume NULL by default for binary fields (see #8477).
  • Fixed: Correctly render the diff view if not the latest version is active (see #8481).
  • Fixed: Update the list of countries and languages (see #8453).
  • Fixed: Correctly set up the MooTools CDN URL (see #8458).
  • Fixed: Also check the URL length when determining the search URL (see #8460).
  • Fixed: Only regenerate the session ID upon login.

Per saperne di più: http://contao.org/en/news/contao-3_5_17.html

3.5.16


7 Settembre - 43MBThis bugfix release fixes several problems, including issues with the display of repeated events and the simple tokens parser.

Changelog
  • Fixed: Check if a reader page is protected when generating a sitemap (see #8416).
  • Fixed: Support all characters but =! and whitespace in simple tokens (see #8436).
  • Fixed: Check the user's permission when generating links in the picker (see #8407).
  • Fixed: Handle forward pages without target in the navigation modules (see #8377).
  • Fixed: Stop the event recurrence if the upper boundary is reached (see #8445).
  • Fixed: Show upcoming events if the first occurrence is in the past (see #8447).
  • Updated: Update MooTools to version 1.5.2.
  • Fixed: Provide the same template variables for downloads and enclosures (see #8392).
  • Fixed: Handle %n when parsing date formats (see #8411).
  • Fixed: Fix the module wizard's accessibility (see #8391).
  • Fixed: Correctly initialize TinyMCE in sub-palettes in Firefox (see #3673).
  • Fixed: Validate form field names more accurately (see #8403).
  • Fixed: Correctly show the ctime, mtime and atime of a folder (see #8408).
  • Fixed: Correctly index changed pages (see #8439).
  • Fixed: Always store the UUID of an uploaded file (see #8421).

Per saperne di più: http://contao.org/en/news/contao-3_5_16.html

3.5.15


18 Luglio - 43MBThis bugfix release fixes an XSS security vulnerability in the mediaelement.js plugin.

Changelog
  • Fixed: Strip soft hyphens when indexing a page (see #8389).
  • Fixed: Update mediaelement.js to version 2.21.2 (fixes CVE-2016-4567).

Per saperne di più: http://contao.org/en/news/contao-3_5_15.html

3.5.14


21 Giugno - 43MBThis bugfix release fixes an issue with creating and renaming files in the file manager.

Changelog
  • Fixed: Validate the settings when loading a recurring event (see #8286).
  • Fixed: Also check for the back end cookie when loading from cache (see #8249).
  • Fixed: Unset "mode" and "pid" upon save and edit (see #8292).
  • Fixed: Always use the relative path in DC_Folder (see #8370).

Per saperne di più: http://contao.org/en/news/contao-3_5_14.html

visualizzare più versioni

3.5.13


16 Giugno - 43MBThis bugfix release improves the accessibility of the navigation and the multi-domain support. It also fixes several minor issues.

Changelog
  • Fixed: Use the correct empty value when resetting copied fields (see #8365).
  • Fixed: Remove the "required" attribute if a subpalette is closed (see #8192).
  • Fixed: Correctly generate the feed links in a multi-domain setup (see #8329).
  • Fixed: Correctly calculate the maximum file size for DropZone (see #8098).
  • Fixed: Do not adjust the start date of a multi-day event (see #8194).
  • Fixed: Versionize and show password changes (see #8301).
  • Fixed: Make File::$dirname an absolute path again (see #8325).
  • Fixed: Store the full URLs in the search index (see #491).
  • Fixed: Standardize the group names in the checkbox widget (see #8002).
  • Fixed: Prevent models from being registered twice (see #8224).
  • Fixed: Prevent horizontal scrolling in the ACE editor (see #8328).
  • Fixed: Correctly render the breadcrumb links in the template editor (see #8341).
  • Fixed: Remove the role attributes from the navigation templates (see #8343).
  • Fixed: Do not add role="tablist" to the accordion container (see #8344).
  • Fixed: Correctly handle files with uppercase file extensions (see #8317).
  • Fixed: Correctly pass the channel ID to the newsletter list template (see #8311).
  • Fixed: Do not encode the database password (see #8314).
  • Fixed: Fixed adding new folders in the file manager (see #8315).

Per saperne di più: http://contao.org/en/news/contao-3_5_13.html

3.5.10


20 Aprile - 43MBThis bugfix release fixes several issues, including issues with the search index, the book navigation and the back end user switching. In addition, the handling of IDNA e-mail addresses has been consolidated.

Changelog
  • Fixed: Always trigger the "isVisibleElement" hook (see #8312).
  • Fixed: Do not change all sessions when switching users (see #8158).
  • Fixed: Do not allow to close fieldsets with empty required fields (see #8300).
  • Fixed: Make the path related properties of the File class binary-safe (see #8295).
  • Fixed: Always allow to navigate to the current month in the calendar (see #8283).
  • Fixed: Correctly validate and decode IDNA e-mail addresses (see #8306).
  • Fixed: Do not add the debug bar resources if hideDebugBar is enabled (see #8307).
  • Fixed: Skip forward pages entirely in the book navigation module (see #5074).
  • Fixed: Do not add the X-Priority header in the Email class (see #8298).
  • Fixed: Fix an error message in the newsletter subscription module (see #7887).
  • Fixed: Determine the search index checksum in a more reliable way (see #7652).

Per saperne di più: http://contao.org/en/news/contao-3_5_10.html

3.5.9


22 Marzo - 43MBThis bugfix release fixes several issues, including the broken error page redirects and a problem when embedding SVG images.

Changelog
  • Fixed: Prevent the autofocus attribute from being added multiple times (see #8281).
  • Fixed: Respect the SSL settings of the root page when generating sitemaps (see #8270).
  • Fixed: Read from the temporary file if it has not been closed yet (see #8269).
  • Fixed: Always use HTTPS if the target server supports SSL connections (see #8183).
  • Fixed: Adjust the meta wizard field length to the column length (see #8277).
  • Fixed: Correctly handle custom mime icon paths (see #8275).
  • Fixed: Only log errors that have been configured to get logged (see #8267).
  • Fixed: Show the 404 error page if an unpublished article is requested (see #8264).
  • Fixed: Correctly count the URLs when rebuilding the search index (see #8262).
  • Fixed: Ensure that every image has a width and height attribute (see #8162).
  • Fixed: Set the correct mime type when embedding SVG images (see #8245).
  • Fixed: Handle the "float_left" and "float_right" classes in the back end (see #8239).
  • Fixed: Consider the fallback language if a page alias is ambiguous (see #8142).
  • Fixed: Fix the error 403/404 redirect (see contao/website#74).

Per saperne di più: http://contao.org/en/news/contao-3_5_9.html

3.5.8


1 Marzo - 43MBThis bugfix release fixes several minor issues, including a versioning issue and an issue with generating cross-domain and cross-language links.

Changelog
  • New: Added new versioning hooks (see #8168) - "oncreate_version_callback" (supersedes "onversion_callback") - "onrestore_version_callback" (supersedes "onrestore_callback")
  • Fixed: Re-add the $blnFixDomain argument to keep backwards compatibility.
  • Fixed: Always fix the domain and language when generating URLs (see #8238).
  • Fixed: Fix two issues with the flexible back end theme (see #8227).
  • Fixed: Correctly toggle custom page type icons (see #8236).
  • Fixed: Fix the domain in all article, news, event and FAQ insert tags (see #8204).
  • Fixed: Update mediaelement.js to version 2.19.0.1 (see #8217).
  • Fixed: Correctly render the links in the monthly/yearly event list menu (see #8140).
  • Fixed: Skip the registration related fields if a user is duplicated (see #8185).
  • Fixed: Correctly show the form field type help text (see #8200).
  • Fixed: Correctly create the initial version of a record (see #8141).
  • Fixed: Correctly show the "expand preview" buttons (see #8146).
  • Fixed: Correctly check that a password does not match the username (see #8209).
  • Fixed: Check if a directory exists before executing mkdir() (see #8150).
  • Fixed: Do not link to the maintenance module if the user cannot access it (see #8151).
  • Fixed: Show the "new folder" button in the template manager (see #8138).

Per saperne di più: http://contao.org/en/news/contao-3_5_8.html

3.5.6


1 Dicembre 2015 - 43MBContao version 3.5.6 is available. The bugfix release fixes the "An invalid form control with name='text' is not focusable" problem occurring in Firefox and Chrome.

Changelog
  • Fixed: Correctly determine the protocol delimiter in Idna::encodeUrl().
  • Fixed: Handle relative URLs when following redirects in the Request class (see #7799).
  • Fixed: Correctly handle empty UUIDs when comparing versions (see #7971).
  • Fixed: Remove the "required" attribute when setting up TinyMCE (see #8131).

Per saperne di più: http://contao.org/en/news/contao-3_5_6.html

3.5.5


1 Dicembre 2015 - 43MBThis bugfix release fixes several issues, including the wrong tag rendering and the synchronization of the file system when moving or copying files with the source or target folder being excluded from synchronization.

Changelog
  • Fixed: Fix the domain when forwarding in the page controllers (see #8123).
  • Fixed: Use the feed URL instead of the base URL for enclosures (see #8116).
  • Fixed: Fix the tags and standardize the event templates (see #8012).
  • Fixed: Handle empty href attributes in the book navigation (see #8104).
  • Fixed: Do not store e-mail addresses in the newsletter (un)subscription log.
  • Fixed: Correctly encrypt fields upon registration (see #8110).
  • Fixed: Correctly render required single checkboxes in the back end (see #7731).
  • Fixed: Correctly store multi select menus if no value is selected (see #7760).
  • Fixed: Prevent recursion when rendering 403/404 pages (see #8060).
  • Fixed: Map the FileTree widget to FormFileUpload in the front end (see #8091).
  • Fixed: Preserve the user input when loading image meta data (see #8108).
  • Fixed: Show the "toggle all" buttons in "edit multiple" mode (see #5622).
  • Fixed: Disable the gallery pagination if the images are sorted randomly (see #8033).
  • Fixed: Set the correct empty value when copying elements (see #8064).
  • Fixed: Correctly hide forward pages with no public subpages (see #8054).
  • Fixed: Correctly render the page picker if the value starts with # (see #8055).
  • Fixed: Correctly render the "group" option in the radio button and checkbox widgets.
  • Fixed: Correctly set the ID when toggling fields via Ajax (see #8043).
  • Fixed: Support call, sms and app hyperlinks when converting relative URLs (see #8102).
  • Fixed: Correctly check if a folder is protected when loading subfolders.
  • Fixed: Correctly check the synchronization status when copying or moving files.
  • Fixed: Adjust the code to be compatible with PHP7 (see #8018).
  • Fixed: Correctly show the UUID in the back end file manager popup (see #8058).

Per saperne di più: http://contao.org/en/news/contao-3_5_5.html

3.5.4


9 Ottobre 2015 - 43MBThis bugfix release fixes the issue with the event reader only displaying the teaser text and the issue with the home page no longer being marked as active. It also improves working with files which have been excluded from synchronization.

Changelog
  • Fixed: Do not add the back end language in the meta wizard (see #8056).
  • Fixed: Do not add excluded files to the DBAFS if they are edited in the file manager.
  • Fixed: Add the |flatten insert tag flag to handle arrays (see #8021).
  • Fixed: Check for excluded folders in the back end file popup (see #8003).
  • Fixed: Fixed a wrong option name when initializing sortables (see #8053).
  • Fixed: Translate UUIDs to paths in the parent view header fields.
  • Fixed: Trigger the options_callback for the parent view header fields (see #8031).
  • Fixed: Correctly create the initial version of a member without username (see #8037).
  • Fixed: Improve the performance of the debug bar (see #7839).
  • Fixed: Correctly output the event details in the event_list template (see #8041).
  • Fixed: Only modify empty href attributes in the nav_ template (see #8006, #8038).
  • Fixed: Correctly show the group headlines in the repository DB updater (see #8020).
  • Fixed: Improve the e-mail regex to also match the new TLDs (see #7984).
  • Fixed: Ensure that the database port is not empty (see #7950).
  • Fixed: Remove the left-over usages of $this->v2warning (see #8027).
  • Fixed: Support the hasDetails variable in the event reader (see #8011).

Per saperne di più: http://contao.org/en/news/contao-3_5_4.html

3.5.3


10 Settembre 2015 - 43MBThis bugfix release fixes a problem with the model registry, which noticeably affected the performance. It also improves the compatibility with Microsoft Edge and the Google pagespeed module.

Changelog
  • Fixed: Correctly handle dimensionless SVG images (see #7882).
  • Fixed: Correctly fill in the image meta data in news, events and FAQs (see #7907).
  • Fixed: Enable the strictMath option of the LESS parser (see #7985).
  • Fixed: Consider the pagination menu when inserting at the top (see #7895).
  • Fixed: Use en-dashes in event intervals (see #7978).
  • Fixed: Store the correct edit URL in the back end personal data module (see #7987).
  • Fixed: Adjust the breadcrumb trail when creating new folders (see #7980).
  • Fixed: Use $this->hasText in news and event templates (see #7993).
  • Fixed: Convert the HTML content to XHTML when generating Atom feeds (see #7996).
  • Fixed: Correctly link the items in the files breadcrumb menu (see #7965).
  • Fixed: Handle explicit collations matching the default collation (see #7979).
  • Fixed: Fix the duplicate content check in the front end controller (see #7661).
  • Fixed: Correctly parse dates in MooTools (see #7983).
  • Fixed: Register the related models in the registry (see contao/core-bundle#333).
  • Fixed: Correctly escape in the findMultipleFilesByFolder() method (see #7966).
  • Fixed: Override the tabindex handling of the accordion to ensure that the togglers are always focusable via keyboard (see #7963).
  • Fixed: Correctly generate the news and event menu URLs (see #7953).
  • Fixed: Check the script when storing the front end referer (see #7908).
  • Fixed: Fix the back end pagination menu (see #7956).
  • Fixed: Handle option callbacks in the back end help (see #7951).
  • Fixed: Fixed the external links in the text field help wizard (see #7954) and the keyboard shortcuts link on the back end start page (see #7935).
  • Fixed: Fixed the CSS group field explanations (see #7949).
  • Fixed: Use ./ instead of an empty href (see #7967).
  • Fixed: Correctly detect Microsoft Edge (see #7970).
  • Fixed: Respect the "order" parameter in the findMultipleByIds() method (see #7940).
  • Fixed: Always trigger the "parseDate" hook (see #4260).
  • Fixed: Allow to instantiate the InsertTags class (see #7946).
  • Fixed: Do not parse the image src attribute to determine the state of an element, because the image path might have been replaced with a data: string (e.g. by the Apache module "mod_pagespeed").

Per saperne di più: http://contao.org/en/news/contao-3_5_3.html

3.5.2


4 Agosto 2015 - 43MB
  • Fixed: Revert some of the PhpStorm code inspector changes (see #7937).
  • Fixed: Add a StringUtil class to restore PHP 7 compatibility (see contao/core-bundle#309).
  • Fixed: Fix the Validator::isEmail() method (see contao/core-bundle#313).
  • Fixed: Strip tags before auto-generating aliases (see #7857).
  • Fixed: Correctly encode the URLs in the popup file manager (see #7929).
  • Fixed: Check for the comments module when compiling the news meta fields (see #7901).
  • Fixed: Also sort the newsletter channels alphabetically in the front end (see #7864).
  • Fixed: Disable responsive images in the back end preview (see #7875).
  • Fixed: Overwrite the request string when generating news/event feeds (see #7756).
  • Fixed: Store the static URLs with the cached file (see #7914).
  • Fixed: Correctly check the subfolders in the hasAccess() method (see #7920).
  • Fixed: Updated the countries list (see #7918).
  • Fixed: Respect the notSortable flag in the parent (see #7902).
  • Fixed: Round the maximum upload size to an integer value (see #7880).
  • Fixed: Make the markup minification less aggressive (see #7734).
  • Fixed: Filter the indices in Database::getFieldNames() (see #7869).
  • Fixed: Back-ported two fixes from the upstream versions.

Per saperne di più: http://contao.org/en/news/contao-3_5_2.html

3.5.0

(versione principale)
5 Giugno 2015 - 43MB111 tickets and pull requests have been completed during the 4 months of development and the following testing period.

Long Term Support
  • Contao 3.5 is an LTS version, which is supported at least until November 2016.
  • It supersedes the current LTS version Contao 3.2, which now enters its 6 months transition phase during which only security related issues will still be fixed.

New Features
  • PHP 5.4: The minimum PHP version required to run Contao has been raised to PHP 5.4. In this course, all templates have been adjusted to use short open tags ( instead of ), which are available by default as of PHP 5.4.
  • Image meta data in themes: Theme exports now also contain the image meta data, which includes the name of the image, the image caption and the coordinates of the important part.
  • Select multiple checkboxes: You can now select multiple checkboxes at once in "edit multiple" mode by holding down the Shift key while clicking.
  • Windows compatibility: Contao now uses the DIRECTORY_SEPARATOR constant when replacing file paths with the PHP function str_replace() to ensure maximum compatibility with Windows systems.
  • Database key length: It is now possible to specify the length of a database key.
  • Initial versions: Contao now also shows initial versions in the "latest changes" section of the back end, which do not yet have an editing history.
  • Change password: The new front end module "change password" adds a form to the page, which members can use to change their password. Other than in the "personal data" module, the "change password" module will also ask for the old password.
  • Picture insert tag: Analogous to the {{image}} insert tag, there is now also a {{picture}} insert tag, which allows to insert responsive images.
  • Compare templates: Thanks to Yanick Witschi, there is now an option to compare customized templates with their original or another template of the same group.
  • Cache tuning: An additional lookup file now allows to map any request for the empty domain to a cached page, independent of which languages the visitor's browser accepts. In the past, only a limited mapping was possible.
  • Performance optimization: The performance of Contao when rendering websites with a lot of news or events could be notably improved by selectively tuning the database queries. In addition, lazy loading of the content elements by means of closures could decrease the RAM demand of the listing modules.
  • Newsletter recipients: It is now possible to move or copy newsletter recipients from one channel into another. At that, the stored double opt-in data will be deleted and the status will be set to "added manually".
  • Arrow brackets in user input: In Contao 3.5, we have adjusted the user input validation so arrow brackets are only removed if they are part of an HTML tag. A regular usage, e.g. as comparison operator, is now possible.
  • Improved error handling: The front end error handling has been standardized and now the 404 page is always generated if an event or a news item is not found or if an invalid page number or date is entered. This also applies if a page is called via its numeric ID instead of its alias (e.g. 44.html instead of home.html). Rendering the error page is meant to help avoid duplicate content in this case.
  • Duplicating multiple items: It is now possible to duplicate multiple items in the back end list view.
  • Hidden system files: The new release standardizes the handling of hidden system files beginning with a dot (e.g. .htaccess, .git or .svn). These files are now ignored everywhere in Contao.
  • New hooks: The following hooks were added: compileArticle, postAuthenticate, newsListCountItems, newsListFetchItems, getPageStatusIcon
  • Updated plugins: The following plugins were updated: Respimage to version 1.3.0, jQuery to version 1.11.2, jQuery UI to version 1.11.4, Mediaelement.js to version 2.16.4, Colorbox to version 1.6.0, HTML5Shiv to version 3.7.2, DropZone to version 3.12.0, ACE-Editor to version 1.1.8
  • IDE compatibility: The Contao source code has been highly optimized regarding its IDE compatibility, so now it is possible to click almost every class, method or property to directly jump to its declaration.

Full Changelog
  • Updated: Updated TinyMCE to version 4.1.10.
  • Updated: Updated respimage to version 1.4.0.
  • Updated: Updated jQuery to version 1.11.3.
  • Updated: Updated Colorbox to version 1.6.1.
  • Fixed: Consistently sanitize the names of uploaded files (see #7852).
  • Fixed: Fixed loading cached pages with both a mobile and desktop layout (see #7859).
  • Fixed: Omit the index.php fragment if the request string is empty (see #7757).
  • Fixed: Adjust the edit URLs in the versions menu in "edit multiple" mode (see #7745).
  • Fixed: Do not cache the login module if there is an error (see #7824).
  • Fixed: Correctly handle encrypted rows (see #7815).
  • Fixed: Only create a new version in the personal data module if something actually changed (see #7415).
  • Fixed: Also fire the "modifyFrontendPage" hook when loading from cache (see #7457).
  • Fixed: Fixed several minor issues with the registration module (see #7816).
  • Fixed: Update the revision date if a member updates their personal data (see #7818).
  • Fixed: Do not allow to restore versions in the back end user settings (see #7713).
  • Fixed: Use the timestamp of an element to initialize its first version (see #7730).
  • Fixed: Hide the "edit header" button if there are no editable fields (see #7770).
  • Fixed: Make the "form_submit" templates overwritable again (see #7854).
  • Fixed: Correctly inherit empty page permissions (see #6782).
  • Fixed: Decode the GET parameters before setting them in the Input class (see #7829).
  • Fixed: Fixed the "specified value 't' is not a valid email address" error (see #7784).
  • Fixed: Correctly set data- or ng- attributes in the widgets (see #7772).
  • Fixed: Correctly display the headline in the template editor (see #7746).
  • Fixed: Make Validator::isValidUrl() RFC 3986 compliant (see #7790).
  • Fixed: Fixed switching between the page and file picker in the URL wizard (see #5863).
  • Fixed: Make the "the old password is incorrect" message translatable (see #7793).
  • Fixed: Fix copying multiple items in parent view (see #7776).
  • Fixed: Disable the "compare template" icon for folders (see #7802).
  • Fixed: Fix the field order in the template diff view (see #7808).
  • Fixed: Validate the coordinates in the Image::setImportantPart() method (see #7804).
  • Fixed: Only add order fields of binary fields in the DCA extractor (see #7785).
  • New: Select multiple checkboxes by holding down the SHIFT key (see #7781).
  • Changed: Show versions even if there is only one (see #7730).
  • Fixed: Loosely check the suhosin.memory_limit setting (see #7696).
  • Improved: Support specifying the database key length (see #7771).
  • Improved: Check for ASCII strings in the utf8_romanize() function (see #7748).
  • Changed: Controller::replaceInsertTags() is now public static.
  • Fixed: Restore the removed attributes of the "picture_default" templates (see #7752).
  • Changed: Moved the insert tag logic into a separate class.
  • Improved: Show the upload limits in the file manager (see #7389).
  • Improved: Also export the image meta data when exporting themes (see #7480).
  • Improved: Improve the model registry (see #7725).
  • Changed: The templates now use short open tags.
  • New: Add a front end module to change the password (see #7418).
  • Changed: Allow to copy and move newsletter recipients across channels (see #7570).
  • New: Added the "newsListCountItems" and "newsListFetchItems" hooks (see #7694).
  • New: Added the "compileArticle" hook (see #7686).
  • New: Added the "picture" insert tag (see #7635 and #7718).
  • Changed: Stop ignoring notices by defaut now that the error level is configurable.
  • Updated: Updated respimage to version 1.3.0.
  • Updated: Updated jQuery UI to version 1.11.4.
  • Updated: Updated mediaelement.js to version 2.16.4.
  • Updated: Updated Colorbox to version 1.6.0.
  • Updated: Updated jQuery to version 1.11.2.
  • Updated: Updated HTML5Shiv to version 3.7.2.
  • Updated: Updated DropZone to version 3.12.0.
  • Updated: Updated the ACE editor to version 1.1.8.
  • Improved: Also convert image links in TinyMCE to {{file}} insert tags (see #7581).
  • New: Support copying multiple records in the list view (see #7499).
  • Fixed: Do not strip opening arrow brackets when stripping tags (see #3998).
  • Improved: Simplify the moo_mediabox templates (see #7521).
  • Changed: Always return the model in the File and Folder classes (see #7567).
  • Fixed: Consistently ignore hidden system files (see #7536).
  • New: Make the calendar model available in the templates (see #7388).
  • Changed: Render the 404 page if the request contains an invalid date format (see #7545).
  • Changed: Always render the 404 page if a news/event/FAQ alias is invalid (see #7238).
  • New: Prevent calling a page via ID if there is a page alias (see #7661).
  • Improved: Use closures to lazy-load content elements in the news/event list (see #7614).
  • Improved: Optimized the database queries (see #7450 and #7710).
  • Improved: Add a log entry if a back end user switches to another account (see #7441).
  • Improved: Optionally use the ProxyRequest class in the automator (see #7681).
  • Fixed: Add a unique index for member usernames, too (see #7701).
  • New: Add a diff view for custom templates (see #7599).
  • New: Added the "postAuthenticate" hook (see #7493).
  • New: Pass $arrFields as fourth argument in the "prepareFormData" hook (see #7693).
  • Fixed: Return a boolean value in the *User::authenticate() method (see #7497).
  • New: Make count, page and keywords available in the search module (see #7577).
  • New: Added the "getPageStatusIcon" hook (see #7556).
  • Fixed: Improve the cache handling for empty URLs (see #7618).
  • Improved: Improved the IDE compatibility (see #7634).

Per saperne di più: http://contao.org/en/news/contao-3_5_0.html

3.4.5


27 Marzo 2015 - 43MBThis bugfix release fixes several minor issues and updates TinyMCE to version 4.1.19.

Changelog
  • Fixed: Consider the $blnCache flag when caching insert tags (see #7700).
  • Updated: Updated TinyMCE to version 4.1.9 (see #7690).
  • Fixed: Correctly calculate the max upload size in the DropZone uploader (see #7633).
  • Fixed: Convert language codes to locales in the meta wizard (see #7667).
  • Fixed: Replace only the {{file}} insert tag in the back end preview (see #7647).
  • Fixed: Correctly convert date strings depending on their rgxp format (see #7721).
  • Fixed: Update news and calendar feeds from the content view (see #7679).
  • Fixed: Do not generally encode stand-alone ampersands (see #7684).
  • Fixed: Restore some globals when catching the unused argument exception (see #7659).
  • Fixed: Correctly set the CSS classes in the jQuery accordion and do not try to mess with its ARIA handling (see #7622).
  • Fixed: Handle language fragments without trailing slash when redirecting (see #7666).
  • Fixed: Trigger the load_callback upon saving in "override all" mode (see #7670).
  • Fixed: Ensure a unique language file array in the Automator class (see #7687).

Per saperne di più: http://contao.org/en/news/contao-3_4_5.html

3.4.4

(release di sicurezza)
14 Febbraio 2015 - 43MBThis bugfix release fixes a directory traversal vulnerability discovered by Arnaud Buchoux of Orange Consulting (see CVE-2015-0269).

The vulnerability allows logged in back end users to view files which are outside their file mounts or the document root. It is, however, not possible to edit these files or to view their content. Upgrading is still highly recommended.

Changelog
  • Fixed a directory traversal vulnerability discovered by Arnaud Buchoux. See CVE-2015-0269 for more information.

Per saperne di più: http://contao.org/en/news/contao-3_4_4.html

3.4.3


30 Gennaio 2015 - 43MBThis bugfix release fixes an issue in the install tool which lead to PHP error messages being displayed.

Changelog
  • Fixed: Consider the error reporting level in the install tool (see #7593).
  • Fixed: Handle variables and functions when importing style sheets (see #7448).

Per saperne di più: http://contao.org/en/news/contao-3_4_3.html

3.4.2


23 Gennaio 2015 - 43MBThis bugfix release fixes several smaller issues including the wrong LESS import path in the Combiner class and the problem with the missing class_exists() call in the file and page picker.

Changelog
  • Fixed: Fix an infinite recursion problem in the FilesModel class (see #7588).
  • Fixed: Fix the position of the input field hints (see #7561).
  • Fixed: Do not apply the GDlib maximum dimensions to SVG images (see #7435).
  • Fixed: Do not show the diff icon if a record has been deleted (see #7429).
  • Fixed: Remove a left-over headline from the ce_text.xhtml template (see #7502).
  • Fixed: Preserve comments when exporting CSS files (see #7482).
  • Fixed: Fix the LESS import path in the Combiner (see #7533).
  • Fixed: Hide the width and height attributes if there is a sizes attribute (see #7500).
  • Fixed: Remove the hardcoded figcaption width (see #7549).
  • Fixed: Only load the model in the file/page picker if the class exists (see #7490).
  • Fixed: Romanize style sheet names (see #7526).
  • Fixed: Add the username to the "account has been locked" log entry (see #7551).
  • Fixed: Consider the suhosin.memory_limit when raising the PHP limits (see #7035).
  • Fixed: Added two missing exclude flags in the tl_page data container (see #7522).
  • Fixed: Send an UTF-8 charset header in the die_nicely() function (see #7519).
  • Fixed: Correctly validate dates in the Widget class (see #7498).
  • Fixed: Back port the fixes from #7475 and #7473.
  • Fixed: Send the same cache headers for cached and uncached pages (see #7455).
  • Fixed: Fix the current() expects parameter 1 to be array issue (see #6739).
  • Fixed: Correctly replace the *_teaser insert tags (see #7488).
  • Fixed: Adjust the last and previous login labels (see #7426).
  • Fixed: Unset the postUnsafeRaw cache in Input::setPost() (see #7481).

Per saperne di più: http://contao.org/en/news/contao-3_4_2.html

3.4.0

(versione principale)
26 Novembre 2014 - 43MBHighlights
  • SVG support: Thanks to Tristan Lins' initiative, Contao 3.4 supports SVG and SVGZ images. The images can not only be resized (thumbnails) but are also editable with the source editor in the file manager.
  • Responsive images: Martin Auswöger and Yanick Witschi have created the biggest pull request in the history of Contao to support new technologies like the 'picture' element as well as the sizes and the srcset attribute. In combination with the picturefill.js script, you can implement responsive images, which are sent to the client in different sizes depending on the device and resolution. As an additional highlight, the two have enhanced the automatic thumbnail generation so you can now mark any section of an image as "important part" in the file manager. Then, when cropped, the image will be focused on this part. An introduction to responsive images is available on responsiveimages.org.
  • Style sheet order: The order of the internal and external style sheets is now configurable in the page layout, so the internal style sheets can be injected after the external ones if needed. In addition, there is now an option to export internal style sheets.
  • Asynchronous JavaScript: Analogous to the |static flag, which allows to include JavaScripts and style sheets statically, an |async flag has been added in Contao 3.4, which allows to load JavaScript files asynchronously using the async attribute.
  • Image links in TinyMCE: It is now possible to switch between the page and file picker when needed, so you can not only link pages in TinyMCE but also files.
  • Active page in the navigation menu: The active page in the navigation menu is now always rendered as a link, if the URL contains query parameters (e.g. when reading a news article). If you e.g. open the page news/james-wilson-returns.html, it is now possible to click the link to the news.html page in the navigation menu.
  • Theme export with SQL files: It is possible in Contao 3.4 to store SQL files in the templates folder, which is associated with a theme. The SQL files will then be included in the export and the install tool will automatically find them after the theme import.
  • Timing attack prevention: In PHP 5.5, new functions to create and verify password hashes have been added to prevent timing attacks. We are using these functions in Contao 3.4, together with appropriate fallback routines for PHP 5.4 and 5.3.
  • Login to comment: If a visitor is not logged in and the "login to comment" option is enabled, the comment form will be hidden. Contao 3.4 will additionally display a "please log in to comment" message.
  • Skip images without meta data: There is now an option to skip images without meta data in an image gallery. This corresponds to the behavior of Contao 2.
  • Registration and password mails: The e-mail texts of the member registration and lost password modules now support simple tokens, which means that they can be personalized.
  • Insert tag link_name: The new insert tag {{link_name}} outputs the name of a page (in contrast to the {{link_title}} tag, which outputs the page title).
  • DCA flag "doNotTrim": With the "doNotTrim" flag of the DCA, you can suppress the automatic removal of whitespace at the beginning and end of the user input.
  • Non-negative natural numbers: A new regular expression to validate non-negative natural numbers has been added, which can be used in the DCA as 'rgxp'=>'natural'.
  • New hooks and callbacks: The following hooks have been added in Contao 3.4: compareThemeFiles, extractThemeFiles, exportTheme, sendNewsletter. The DCA now also triggers an "onundo_callback" when restoring a deleted record.

Change Log
  • Fixed: Consider image size IDs when overriding the default image size (see #7470).
  • Fixed: Do not require to set a media query in the image sizes.
  • Fixed: Fixed a potential directory traversal vulnerability.
  • Fixed: Fixed a severe XSS vulnerability. In this context, the insert tag flags base64_encode and base64_decode have been removed.
  • Fixed: Also use simple tokens for the newsletter subscription modules (see #7446).
  • Fixed: Only show the root page languages in the meta wizard (see #7112).
  • Fixed: Correctly create the initial version in the personal data module (see #7415).
  • Fixed: Check if a DB driver has been configured in Config::isComplete() (see #7412).
  • Fixed: Correctly mark deleted versions in Versions::addToTemplate() (see #7442).
  • Fixed: Replace insert tags of RTE fields in the back end preview (see #7428).
  • Fixed: Handle nested insert tags in strip_insert_tags().
  • Fixed: Correctly store the model in Dbafs::addResource() (see #7440).
  • Fixed: Send the request token when toggling the visibility of an element (see #7406).
  • Fixed: Always apply the IE security fix in the Environment class (see #7453).
  • New: Added the CSS units vw, vh, vmin and vmax (see #7417).
  • Fixed: Replace leafo/lessphp with oyejorge/less.php (see 7012).
  • Fixed: Show the correct root icon in the page/file picker (see #7409).
  • Fixed: Add an empty option to the image size select menu (see #7436).
  • Fixed: Nest wrapper elements in the back end preview (see #7434).
  • Fixed: Correctly handle archives being part of multiple RSS feeds (see #7398).
  • Fixed: Correctly handle 0 in utf8_convert_encoding() (see #7403).
  • Fixed: Send a 301 redirect to forward to the language root page (see #7420).
  • Fixed: Handle SVG images in the default back end uploader.
  • New: Pass the parent ID of a page to the navigation template (see #7391).
  • Improved: Support the "min", "max" and "step" attributes on number fields (see #7363).
  • Improved: Show the database query duration in debug mode (see #7323).
  • New: Added the "executeResize" hook (see #7404).
  • Fixed: Handle disabled modules in the module loader.
  • New: Support responsive images and the element (see #7296).
  • New: Added the "compareThemeFiles", "extractThemeFiles" and "exportTheme" hooks.
  • Improved: Use the image meta data in Controller::addEnclosuresToTemplate() (see #6746).
  • New: Add the dir="rtl" attribute if the page language is RTL (see #7171).
  • Improved: Export .sql files in the theme folder and allow to reimport them (see #7048).
  • Changed: Do not mark pages as active if there are query parameters (see #7189).
  • Changed: Use addImageToTemplate() in the ContentHyperlink class (see #7296).
  • Changed: Removed the H2 sub-headlines in the back end (see #7248).
  • Improved: Only create one DcaExtractor instance per table (see #7324).
  • Improved: Add a CSS class indicating the number of columns in a gallery (see #7138).
  • Improved: Allow to switch between the page and file picker in TinyMCE (see #6974).
  • Improved: Show a message if logging in is required to comment (see #7031).
  • New: Added the "sendNewsletter" hook (see #7222).
  • Improved: Make the pagination template more flexible (see #7174).
  • Improved: Limit the selectable file types depending on the element type (see #7003).
  • New: Prevent timing attacks when verifying passwords (see #7115, #5853).
  • Changed: Hide the "start" and "stop" fields if an element is not published (see #7148).
  • New: Support the backlink configuration setting in the parent view (see #7083).
  • New: Added a regex to check for nonnegative natural numbers (see #4392). This also includes the "minval" and "maxval" flags to specify a miminum or maximum value.
  • Improved: Optionally hide files without matching meta data in downloads (see #6874).
  • New: Preserve the original CSS ID and classes in the alias elements (see #6638).
  • Improved: Do not directly query the INFORMATION_SCHEMA database (see #7302).
  • New: Added the "doNoTrim" flag to the Widget class (see #4287).
  • Improved: Support simple tokens in registration and lost password mails (see #7101).
  • Changes: Consider the options array in Model::countBy() (see #7033).
  • New: Support SVG and SVGZ images (see #7108, #5908).
  • Changed: Move the mime types array to a configuration file (see #6843).
  • New: Added the sort flag to the eval section of the DCA (see #4072).
  • New: Added the "onundo_callback" (see #7258).
  • Improved: Consider the values of referenced fields in the back end search (see #4376).
  • New: Add an option to export style sheets (see #7049).
  • New: Added widget-* CSS classes to front end form fields (see #7041).
  • Improved: Make the loading order of the style sheets configurable (see #6937).
  • Removed: Remove the rel="author support (see #7291).
  • New: Added $item['isTrail'] to the navigation menu templates (see #7096).
  • Improved: Handle data- and ng- attributes in Widget::addAttributes() (see #7095).
  • Changed: Add the class "tableless" to the member_ templates (see #7207).
  • Improved: Added the |async flag to $GLOBALS['TL_JAVASCRIPT'] (see #7172).
  • New: Added the "link_name" insert tag (see #7218).
  • Improved: Simplify the "member_grouped" template (see #7015).
  • Changed: Make the front controller classes overwritable.

Per saperne di più: http://contao.org/en/news/contao-3_4_0.html

4.4.0

(versione principale)
26 Novembre 2014 - 43MBHighlights
  • SVG support: Thanks to Tristan Lins' initiative, Contao 3.4 supports SVG and SVGZ images. The images can not only be resized (thumbnails) but are also editable with the source editor in the file manager.
  • Responsive images: Martin Auswöger and Yanick Witschi have created the biggest pull request in the history of Contao to support new technologies like the 'picture' element as well as the sizes and the srcset attribute. In combination with the picturefill.js script, you can implement responsive images, which are sent to the client in different sizes depending on the device and resolution. As an additional highlight, the two have enhanced the automatic thumbnail generation so you can now mark any section of an image as "important part" in the file manager. Then, when cropped, the image will be focused on this part. An introduction to responsive images is available on responsiveimages.org.
  • Style sheet order: The order of the internal and external style sheets is now configurable in the page layout, so the internal style sheets can be injected after the external ones if needed. In addition, there is now an option to export internal style sheets.
  • Asynchronous JavaScript: Analogous to the |static flag, which allows to include JavaScripts and style sheets statically, an |async flag has been added in Contao 3.4, which allows to load JavaScript files asynchronously using the async attribute.
  • Image links in TinyMCE: It is now possible to switch between the page and file picker when needed, so you can not only link pages in TinyMCE but also files.
  • Active page in the navigation menu: The active page in the navigation menu is now always rendered as a link, if the URL contains query parameters (e.g. when reading a news article). If you e.g. open the page news/james-wilson-returns.html, it is now possible to click the link to the news.html page in the navigation menu.
  • Theme export with SQL files: It is possible in Contao 3.4 to store SQL files in the templates folder, which is associated with a theme. The SQL files will then be included in the export and the install tool will automatically find them after the theme import.
  • Timing attack prevention: In PHP 5.5, new functions to create and verify password hashes have been added to prevent timing attacks. We are using these functions in Contao 3.4, together with appropriate fallback routines for PHP 5.4 and 5.3.
  • Login to comment: If a visitor is not logged in and the "login to comment" option is enabled, the comment form will be hidden. Contao 3.4 will additionally display a "please log in to comment" message.
  • Skip images without meta data: There is now an option to skip images without meta data in an image gallery. This corresponds to the behavior of Contao 2.
  • Registration and password mails: The e-mail texts of the member registration and lost password modules now support simple tokens, which means that they can be personalized.
  • Insert tag link_name: The new insert tag {{link_name}} outputs the name of a page (in contrast to the {{link_title}} tag, which outputs the page title).
  • DCA flag "doNotTrim": With the "doNotTrim" flag of the DCA, you can suppress the automatic removal of whitespace at the beginning and end of the user input.
  • Non-negative natural numbers: A new regular expression to validate non-negative natural numbers has been added, which can be used in the DCA as 'rgxp'=>'natural'.
  • New hooks and callbacks: The following hooks have been added in Contao 3.4: compareThemeFiles, extractThemeFiles, exportTheme, sendNewsletter. The DCA now also triggers an "onundo_callback" when restoring a deleted record.

Change Log
  • Fixed: Consider image size IDs when overriding the default image size (see #7470).
  • Fixed: Do not require to set a media query in the image sizes.
  • Fixed: Fixed a potential directory traversal vulnerability.
  • Fixed: Fixed a severe XSS vulnerability. In this context, the insert tag flags base64_encode and base64_decode have been removed.
  • Fixed: Also use simple tokens for the newsletter subscription modules (see #7446).
  • Fixed: Only show the root page languages in the meta wizard (see #7112).
  • Fixed: Correctly create the initial version in the personal data module (see #7415).
  • Fixed: Check if a DB driver has been configured in Config::isComplete() (see #7412).
  • Fixed: Correctly mark deleted versions in Versions::addToTemplate() (see #7442).
  • Fixed: Replace insert tags of RTE fields in the back end preview (see #7428).
  • Fixed: Handle nested insert tags in strip_insert_tags().
  • Fixed: Correctly store the model in Dbafs::addResource() (see #7440).
  • Fixed: Send the request token when toggling the visibility of an element (see #7406).
  • Fixed: Always apply the IE security fix in the Environment class (see #7453).
  • New: Added the CSS units vw, vh, vmin and vmax (see #7417).
  • Fixed: Replace leafo/lessphp with oyejorge/less.php (see 7012).
  • Fixed: Show the correct root icon in the page/file picker (see #7409).
  • Fixed: Add an empty option to the image size select menu (see #7436).
  • Fixed: Nest wrapper elements in the back end preview (see #7434).
  • Fixed: Correctly handle archives being part of multiple RSS feeds (see #7398).
  • Fixed: Correctly handle 0 in utf8_convert_encoding() (see #7403).
  • Fixed: Send a 301 redirect to forward to the language root page (see #7420).
  • Fixed: Handle SVG images in the default back end uploader.
  • New: Pass the parent ID of a page to the navigation template (see #7391).
  • Improved: Support the "min", "max" and "step" attributes on number fields (see #7363).
  • Improved: Show the database query duration in debug mode (see #7323).
  • New: Added the "executeResize" hook (see #7404).
  • Fixed: Handle disabled modules in the module loader.
  • New: Support responsive images and the element (see #7296).
  • New: Added the "compareThemeFiles", "extractThemeFiles" and "exportTheme" hooks.
  • Improved: Use the image meta data in Controller::addEnclosuresToTemplate() (see #6746).
  • New: Add the dir="rtl" attribute if the page language is RTL (see #7171).
  • Improved: Export .sql files in the theme folder and allow to reimport them (see #7048).
  • Changed: Do not mark pages as active if there are query parameters (see #7189).
  • Changed: Use addImageToTemplate() in the ContentHyperlink class (see #7296).
  • Changed: Removed the H2 sub-headlines in the back end (see #7248).
  • Improved: Only create one DcaExtractor instance per table (see #7324).
  • Improved: Add a CSS class indicating the number of columns in a gallery (see #7138).
  • Improved: Allow to switch between the page and file picker in TinyMCE (see #6974).
  • Improved: Show a message if logging in is required to comment (see #7031).
  • New: Added the "sendNewsletter" hook (see #7222).
  • Improved: Make the pagination template more flexible (see #7174).
  • Improved: Limit the selectable file types depending on the element type (see #7003).
  • New: Prevent timing attacks when verifying passwords (see #7115, #5853).
  • Changed: Hide the "start" and "stop" fields if an element is not published (see #7148).
  • New: Support the backlink configuration setting in the parent view (see #7083).
  • New: Added a regex to check for nonnegative natural numbers (see #4392). This also includes the "minval" and "maxval" flags to specify a miminum or maximum value.
  • Improved: Optionally hide files without matching meta data in downloads (see #6874).
  • New: Preserve the original CSS ID and classes in the alias elements (see #6638).
  • Improved: Do not directly query the INFORMATION_SCHEMA database (see #7302).
  • New: Added the "doNoTrim" flag to the Widget class (see #4287).
  • Improved: Support simple tokens in registration and lost password mails (see #7101).
  • Changes: Consider the options array in Model::countBy() (see #7033).
  • New: Support SVG and SVGZ images (see #7108, #5908).
  • Changed: Move the mime types array to a configuration file (see #6843).
  • New: Added the sort flag to the eval section of the DCA (see #4072).
  • New: Added the "onundo_callback" (see #7258).
  • Improved: Consider the values of referenced fields in the back end search (see #4376).
  • New: Add an option to export style sheets (see #7049).
  • New: Added widget-* CSS classes to front end form fields (see #7041).
  • Improved: Make the loading order of the style sheets configurable (see #6937).
  • Removed: Remove the rel="author support (see #7291).
  • New: Added $item['isTrail'] to the navigation menu templates (see #7096).
  • Improved: Handle data- and ng- attributes in Widget::addAttributes() (see #7095).
  • Changed: Add the class "tableless" to the member_ templates (see #7207).
  • Improved: Added the |async flag to $GLOBALS['TL_JAVASCRIPT'] (see #7172).
  • New: Added the "link_name" insert tag (see #7218).
  • Improved: Simplify the "member_grouped" template (see #7015).
  • Changed: Make the front controller classes overwritable.

Per saperne di più: http://contao.org/en/news/contao-3_4_0.html

3.3.7

(release di sicurezza)
24 Novembre 2014 - 43MBThis release fixes a severe XSS vulnerability as well as a potential directory traversal vulnerability.

What's New
  • Fixed: Fixed a potential directory traversal vulnerability.
  • Fixed: Fixed a severe XSS vulnerability. In this context, the insert tag flags base64_encode and base64_decode have been removed.
  • Fixed: Handle nested insert tags in strip_insert_tags().
  • Fixed: Correctly store the model in Dbafs::addResource() (see #7440).
  • Fixed: Send the request token when toggling the visibility of an element (see #7406).
  • Fixed: Always apply the IE security fix in the Environment class (see #7453).
  • Fixed: Correctly handle archives being part of multiple RSS feeds (see #7398).
  • Fixed: Correctly handle 0 in utf8_convert_encoding() (see #7403).
  • Fixed: Send a 301 redirect to forward to the language root page (see #7420).

Per saperne di più: http://contao.org/en/news/contao-3_3_7.html

3.3.6


3 Novembre 2014 - 43MBThis release fixes the incomplete output of the submit button markup as well as the handling of insert tags in page names and titles. In addition, several JavaScript plugins have been updated.

What's New
  • Fixed: Always pass a DC object in the toggleVisibility callback (see #7314).
  • Fixed: Correctly render the "read more" and article navigation links (see #7300).
  • Fixed: Fix the markup of the form submit button (see #7396).
  • Fixed: Do not generally remove insert tags from page titles (see #7198).
  • Fixed: Consider the useSSL flag of the root page when generating URLs (see #7390).
  • Fixed: Correctly create the template object in BaseTemplate::insert() (see #7366).
  • Fixed: Fixed the FAQ sorting in the back end (see #7362).
  • Fixed: Added the Widget::__isset() method (see #7290).
  • Fixed: Correctly handle dynamic parent tables in the DC_Table driver (see #7335).
  • Fixed: Correctly shortend HTML strings in String::substrHtml() (see #7311).
  • Fixed: Updated swipe.js to version 2.0.1 (see #7307).
  • Fixed: Use an .invisible class which plays nicely with screen readers (see #7372).
  • Fixed: Handle disabled modules in the module loader (see #7380).
  • Fixed: Fixed the "link_target" insert tag.
  • Fixed: Correctly mark CAPTCHA fields as mandatory (see #7283).
  • Fixed: Fix the Database::list_fields() method (see #7277).
  • Fixed: Correctly assign "col_first" and "col_last" in the image gallery (see #7250).
  • Fixed: Set the correct path to TCPDF in system/config/tcpdf.php (see #7264).
  • Updated: Updated TinyMCE to version 4.1.6 and added the "lists" plugin (see #7349).
  • Updated: Updated MooTools to version 1.5.1 (see #7267).
  • Updated: Updated the ACE editor to version 1.1.6 (see #7278).

Per saperne di più: http://contao.org/en/news/contao-3_3_6.html

3.3.5

(versione principale)
8 Settembre 2014 - 43MB120 tickets and pull requests have been completed during the 4 months of development and the following 2 months of testing.

What's New:
  • Fixed: Correctly show the comments in the "comments" element (see #7040).
  • Fixed: Correctly store the file selection in "edit multiple" mode (see #7028).
  • Update: Update Compass to version 0.12.6.
  • Fixed: Improve the UUID validation to prevent false positives (see #7010).
  • Fixed: Correctly sort by date in the listing module (see #5609).
  • Fixed: Fix the back link in the "single article" view (see #6955).
  • Fixed: Never cache insert tags if the output is not used on the website (see #7018).
  • Fixed: Strip forbidden HTML tags in the markdown content element (see #7021).
  • Fixed: Prevent parallel execution of the new command line scripts.
  • Fixed: Also set the sql_mode in the MySQLi driver (see #6996).
  • Fixed: Purge the script cache if a style sheet is edited (see #7005).
  • Fixed: Disable the maintenance screen if a back end user is logged in (see #7009).
  • Fixed: Correctly set the textarea value in the template (see #6995).
  • Fixed: Make sure the security questions gets always generated (see #6990).
  • Fixed: Do not use date_default_timezone_get() in the configuration file (see #6989).
  • Fixed: Correctly generate absolute URIs in Controller::generateFrontendUrl().
  • Fixed: Fix the link button padding (a.tl_submit).
  • Update: Update TinyMCE to version 4.0.26.
  • Fixed: Correctly set and explain the page title field (see #6953).
  • Fixed: Correctly show the template sources (see #6875).
  • Fixed: Support input tags without a "type" attribute in the CSS framwork (see #6902).
  • Fixed: Import the tinymce.css style sheet in TinyMCE (see #6970).
  • Fixed: Catch Swift exceptions when sending form data via e-mail (see #6941).
  • Fixed: Try all locale variations when loading TinyMCE (see #6952).
  • Fixed: Correctly overwrite the article template (see #6938).
  • Fixed: Correctly wrap long labels in the tree view (see #6954).
  • Fixed: Correctly add the WAI-ARIA attributes (see #6217).
  • New: Allow to override the default form field template (see #4547).
  • Changed: Only pass the current form data to the "processFormData" hook (see #6705).
  • New: Add a DropZone-based file uploader (see #6064).
  • New: Add permissions to import and export themes (see #5835).
  • Improved: Make the fields of the meta wizard configurable in the DCA (see #4327).
  • Improved: Also show the preview image when editing multiple files (see #6643).
  • Improved: Show the file location below the "name" field in the file manager (see #6503).
  • Improved: Add some basic WAI-ARIA attributes to the navigation menu (see #6217).
  • Improved: Automatically convert file paths in TinyMCE into insert tags (see #5965).
  • Changed: Move the custom layout section markup into template files (see #6531).
  • Improved: Move the form field markup into the template files (see #6834).
  • New: Add template inheritance and template insertion (see #6508 and #6934).
  • New: Add a flexible back end theme.
  • Update: Update colorbox to version 1.5.8.
  • Update: Update mediaelement.js to version 2.14.2.
  • Update: Update jQuery to version 1.11.0 and jQuery UI to version 1.10.4.
  • Update: Update the color picker to version 1.4.
  • Changed: Use the "bootstrap" theme for the date picker (see #6692).
  • Update: Update the back end date picker to version 2.2.0.
  • Update: Update ACE to version 1.1.3.
  • Improved: Use the widget attributes instead of the DCA in the picker widgets (see #6881).
  • Improved: Enable the interlace bit when creating image thumbnails (see #6529).
  • Improved: Assign articles to layout sections with an article module only (see #6094).
  • New: Add the "parseDate" hook (see #4260).
  • New: Make the title tag configurable in the page layout (see #6783).
  • New: Add helper methods to generate markup depending on the output type: Template::generateStyleTag(), Template::generateInlineStyle(), Template::generateScriptTag(), Template::generateInlineScript(), Template::generateFeedTag()
  • New: Add the "customizeSearch" hook (see #5223).
  • New: Add a button to generate article aliases via "edit multiple" (see #6628).
  • New: Add a pagination menu at the listing bottom (see #6377).
  • Fixed: Only override element and module templates in the front end (see #6878).
  • Changed: Use the html5shiv-printshiv.js script in the front end (see #6293).
  • New: Added the "getLanguages" hook (see #6545).
  • Changed: Render the table summary as 'caption' tag in HTML5 (see #6295).
  • Changed: Also convert paths without delimiter in Combiner::fixPaths() (see #6417).
  • New: Add the "colorizeLogEntries" hook (see #5803).
  • New: Added an "oncut_callback" and "oncopy_callback" to DC_Folder (see #6814).
  • Improved: Support optional dependencies in the module loader (see #6835).
  • New: Mark the beginning and end of each template in debug mode (see #6841).
  • New: Added the insert tag flags "urlencode" and "rawurlencode" (see #6859).
  • Improved: Add files and folders to the database in details view (see #6880).
  • New: Add version control for editable files.
  • New: Add a configurable "viewport" field to the page layout (see #6251).
  • New: Split the layout builder CSS code into a static and a responsive style sheet, so the responsive behaviour can be disabled (see #6251).
  • New: Added more static convenience methods to the Config class: set(): temporarily set a configuration value, presist(): permanently store a configuration value, remove(): permanently remove a configuration value, A static get() method has been available already.
  • Update: Update TinyMCE to version 4.0.20 (see #1495).
  • New: Handle .scss and .less files in the Combiner. This also allows to add SCSS or LESS files as external style sheets to the page layout.
  • New: Allow to override the default module or content element template (see #4547).
  • Improved: Create a new version if a member changes their data in the front end.
  • Improved: Shorten the file paths in the FileTree widget (see #6488).
  • Improved: Hide the details page link in the listing module if the details page condition is not met (see #6332).
  • New: Make the file system synchronization available on the command line (see #6815).
  • New: Make the Automator methods available on the command line (see #6815).
  • Changed: Moved the asset version constants to $GLOBALS['TL_ASSETS'] (see #5759).
  • New: Added a "preview front end as member" button (see #6546).
  • Changed: Hide forward pages if they point to unpublished target pages (see #6376).
  • Changed: Only enable the debug mode in the FE if there is a BE user (see #6450).
  • Changed: Do not require MooTools or jQuery for the command scheduler (see #6755).
  • Changed: Use the new Google Universal Analytics code snippet (see #6103).
  • Improved: Add $parent as fourth parameter to the "compileDefinition" hook (see #6697).
  • Update: Update TCPDF to version 6.0.062.
  • Changed: Enable the maintanance mode by default (see #6758).
  • New: Added a markdown content element (see #6052).
  • Changed: Merged the "newsarchive" and "newsarchive_empty" templates (see #6647).
  • Changed: Make the following functions public static (see #6351): Controller::getArticle, Controller::getContentElement, Controller::getForm, Controller::getFrontendModule
  • New: Support editing the front end preview page via the "url" parameter (see #6471).
  • Improved: Do not combine .js and .css files when running in debug mode (see #6450).
  • New: Added a DcaLoader class to decouple the DCA loading process (see #5441). DCAs can now be loaded anywhere using Controller::loadDataContainer().
  • Changed: Convert slashes to hyphens in the standardize() function (see #6396).
  • Improved: Add a getModel() method to modules, elements and hybrids (see #6492).
  • Improved: Support the "HAVING" command in the Model\QueryBuilder class (see #6446).
  • Changed: Use class constants for BackendUser::isAllowed().

Bugs fixed since 3.3.0:
  • Fixed: Convert insert tags before assigning the page title to the template (see #7097).
  • Fixed: Correctly render images in TinyMCE in the newsletter module (see #7089).
  • Fixed: Add the media query to the style sheets in debug mode (see #7070).
  • Fixed: Disable the debug mode in the extension creator (see #7068).
  • Fixed: Convert image source insert tags in the back end preview (see #7065).
  • Fixed: Render all root nodes in the page and file picker (see #6844).
  • Fixed: Add the "scssphp-compass" library to support Compass functions.
  • Fixed: Support adding multiple TinyMCE instances to the same page (see #7061).
  • Fixed: Grant access to static files inside the vendor folder.
  • Fixed: Do not make the FormRadioButton options an array (see #7060).
  • Fixed: Support adding ACE and TinyMCE in subpalettes (see #7056).
  • Fixed: Only use the DropZone uploader where Ajax uploads can be processed (see #7046).
  • Fixed: Make the viewport field 255 characters long (see #7050).
  • Fixed: Restore the "submit_container" class in the FormSubmit widget (see #7055).
  • Fixed: Correctly generate the CSS classes of the FormSelectMenu widget (see #7045).
  • Fixed: Use a more precise UUID detection in the FilesModel class (see #7054).
  • Fixed: Use pack() instead of hex2bin() to be compatible with PHP 5.3 (see #7010).
  • Fixed: Restore permission to delete root pages for admin users (see #7135).
  • Fixed: Pass the file IDs instead of their UUIDs to the file picker (see #7139).
  • Fixed: Correctly handle double quotes in comments (see #7102).
  • Fixed: Ignore hidden files when building the internal cache (see #7098).
  • Fixed: Correctly pass the insert ID of the undo record (see #6234).
  • Fixed: Update the vendor libraries (fixes various issues).
  • Fixed: Do not output an empty label tag (see #7249).
  • Fixed: Allow floating point numbers in "number" input fields (see #7257).
  • Fixed: Do not adjust the start time of past events (see #7121).
  • Fixed: Reset the image margins if it exceeds the maximum image size (see #7245).
  • Fixed: Reset $blnPreventSaving when a model is cloned (see #7243).
  • Fixed: Do not reload after storing CURRENT_ID in the session (see #7240).
  • Fixed: Correctly validate the page number of the versions menu (see #7235).
  • Fixed: Handle underscores in the Google+ vanity name (see #7241).
  • Fixed: Correctly handle the rem unit when importing style sheets (see #7220).
  • Fixed: Fix two issues with the extension repository theme.

Applications:
  • Contao 3.3.5 has passed all tests. Earlier 3.3.x versions were not released due to failures upgrading from earlier versions.

Per saperne di più: http://contao.org/en/news/contao-3_3_5.html

3.2.21

(release di sicurezza)
5 Giugno 2015 - 50MBThis bugfix release contains two security-related changes from the upstream versions.

Changelog
  • Fixed: Back-ported two security related changes from the upstream versions.

Per saperne di più: http://contao.org/en/news/contao-3_2_21.html

3.2.20


27 Marzo 2015 - 50MBThis bugfix release fixes several minor issues.

Changelog
  • Fixed: Correctly convert date strings depending on their rgxp format (see #7721).
  • Fixed: Update news and calendar feeds from the content view (see #7679).
  • Fixed: Do not generally encode stand-alone ampersands (see #7684).
  • Fixed: Restore some globals when catching the unused argument exception (see #7659).
  • Fixed: Correctly set the CSS classes in the jQuery accordion and do not try to mess with its ARIA handling (see #7622).
  • Fixed: Handle language fragments without trailing slash when redirecting (see #7666).
  • Fixed: Trigger the load_callback upon saving in "override all" mode (see #7670).
  • Fixed: Ensure a unique language file array in the Automator class (see #7687).

Per saperne di più: http://contao.org/en/news/contao-3_2_20.html

3.2.19

(release di sicurezza)
14 Febbraio 2015 - 50MBThis bugfix release fixes a directory traversal vulnerability discovered by Arnaud Buchoux of Orange Consulting (see CVE-2015-0269).

The vulnerability allows logged in back end users to view files which are outside their file mounts or the document root. It is, however, not possible to edit these files or to view their content. Upgrading is still highly recommended.

Changelog
  • Fixed a directory traversal vulnerability discovered by Arnaud Buchoux. See CVE-2015-0269 for more information.

Per saperne di più: http://contao.org/en/news/contao-3_2_19.html

3.2.18


30 Gennaio 2015 - 50MBThis bugfix release fixes the infinite recursion issue in the FilesModel class, which lead to an "out of memory" error.

Changelog
  • Fixed: Handle variables and functions when importing style sheets (see #7448).
  • Fixed: Fix an infinite recursion problem in the FilesModel class (see #7588).

Per saperne di più: http://contao.org/en/news/contao-3_2_18.html

3.2.17


23 Gennaio 2015 - 50MBThis bugfix release fixes several smaller issues including a date validation problem in the Widget class and a problem with a PHP warning in the front end in multi-domain mode.

Changelog
  • Fixed: Romanize style sheet names (see #7526).
  • Fixed: Add the username to the "account has been locked" log entry (see #7551).
  • Fixed: Consider the suhosin.memory_limit when raising the PHP limits (see #7035).
  • Fixed: Added two missing exclude flags in the tl_page data container (see #7522).
  • Fixed: Send an UTF-8 charset header in the die_nicely() function (see #7519).
  • Fixed: Correctly validate dates in the Widget class (see #7498).
  • Fixed: Back port the fixes from #7475 and #7473.
  • Fixed: Send the same cache headers for cached and uncached pages (see #7455).
  • Fixed: Fix the current() expects parameter 1 to be array issue (see #6739).
  • Fixed: Correctly replace the *_teaser insert tags (see #7488).
  • Fixed: Adjust the last and previous login labels (see #7426).
  • Fixed: Unset the postUnsafeRaw cache in Input::setPost() (see #7481).

Per saperne di più: http://contao.org/en/news/contao-3_2_17.html

3.2.16

(release di sicurezza)
24 Novembre 2014 - 50MBThis release fixes a severe XSS vulnerability as well as a potential directory traversal vulnerability.

What's New
  • Fixed: Fixed a potential directory traversal vulnerability.
  • Fixed: Fixed a severe XSS vulnerability. In this context, the insert tag flags base64_encode and base64_decode have been removed.
  • Fixed: Handle nested insert tags in strip_insert_tags().
  • Fixed: Correctly store the model in Dbafs::addResource() (see #7440).
  • Fixed: Send the request token when toggling the visibility of an element (see #7406).
  • Fixed: Always apply the IE security fix in the Environment class (see #7453).
  • Fixed: Correctly handle archives being part of multiple RSS feeds (see #7398).
  • Fixed: Correctly handle 0 in utf8_convert_encoding() (see #7403).
  • Fixed: Send a 301 redirect to forward to the language root page (see #7420).

Per saperne di più: http://contao.org/en/news/contao-3_2_16.html

3.2.15


3 Novembre 2014 - 50MBThis release release fixes several issues, including a problem with the HTTPS URL generation and the display of the filter menus for tables with dynamic parent table. In addition, several JavaScript plugins have been updated.

What's New
  • Fixed: Always pass a DC object in the toggleVisibility callback (see #7314).
  • Fixed: Correctly render the "read more" and article navigation links (see #7300).
  • Fixed: Consider the useSSL flag of the root page when generating URLs (see #7390).
  • Fixed: Fixed the FAQ sorting in the back end (see #7362).
  • Fixed: Added the Widget::__isset() method (see #7290).
  • Fixed: Correctly handle dynamic parent tables in the DC_Table driver (see #7335).
  • Fixed: Correctly shortend HTML strings in String::substrHtml() (see #7311).
  • Fixed: Updated swipe.js to version 2.0.1 (see #7307).
  • Fixed: Use an .invisible class which plays nicely with screen readers (see #7372).
  • Fixed: Handle disabled modules in the module loader (see #7380).
  • Fixed: Fixed the "link_target" insert tag.
  • Fixed: Fix the Database::list_fields() method (see #7277).
  • Fixed: Correctly assign "col_first" and "col_last" in the image gallery (see #7250).
  • Updated: Updated MooTools to version 1.5.1 (see #7267).
  • Updated: Updated the ACE editor to version 1.1.6 (see #7278).

Per saperne di più: http://contao.org/en/news/contao-3_2_15.html

3.2.14


29 Agosto 2014 - 50MBThis bugfix release fixes several issues, including a problem with displaying recurring events and a problem with importing style sheets that use the "rem" unit.

Bugs Fixed:
  • Fixed: Allow floating point numbers in "number" input fields (see #7257).
  • Fixed: Do not adjust the start time of past events (see #7121).
  • Fixed: Reset the image margins if it exceeds the maximum image size (see #7245).
  • Fixed: Reset $blnPreventSaving when a model is cloned (see #7243).
  • Fixed: Do not reload after storing CURRENT_ID in the session (see #7240).
  • Fixed: Correctly validate the page number of the versions menu (see #7235).
  • Fixed: Handle underscores in the Google+ vanity name (see #7241).
  • Fixed: Correctly handle the rem unit when importing style sheets (see #7220).
  • Fixed: Fix two issues with the extension repository theme.

Per saperne di più: http://contao.org/en/news/contao-3_2_14.html

3.2.13


31 Luglio 2014 - 50MBThis bugfix release fixes a range of smaller issues, including a problem with the CSS grid, which added too much margin to articles with offset.

Bugs Fixed:
  • Fixed: Use DOMDocument::loadXML() instead of DOMDocument::load() (see 7192).
  • Fixed: Specify the font size in rem for modern browsers (see #7209).
  • Fixed: Make sure the default language file is loaded in the DCA extractor (see #7202).
  • Fixed: Do not add unpublished FAQs to the XML sitemap (see #7210).
  • Fixed: Preserve new lines when replacing simple tokens (see #7178).
  • Fixed: Always prevent saving if PageModel::loadDetails() is executed (see #7199).
  • Fixed: Use === to compare password hashes (see #7175).
  • Fixed: Correctly mark GET parameters as used (see #7185).
  • Fixed: Correctly apply the "disabled" attribute to input unit fields (see #7147).
  • Fixed: Correctly check the permission to edit multiple files (see #7157).
  • Fixed: Correctly handle other MySQL character sets (see #7140).
  • Fixed: Correctly recognize Opera Mobile in the Environment class (see #5869).
  • Fixed: Fix the grid offset for articles (see #7166).
  • Fixed: Restore the basic entities in the source editor (see #7170).
  • Fixed: Correctly build the breadcrumb trail in the style sheets module (see #7132).
  • Fixed: Do not associate the "use SSL" option with sitemaps only (see #7163).
  • Fixed: URL encode the pipe character in the Google web font URL (see #7120).
  • Fixed: Handle double quotes in the title attribute of the element (see #7124).
  • Fixed: Use the save_callback when generating multiple aliases (see #7114).
  • Update: Update SwiftMailer to version 5.2.1 (see #7110).
  • Fixed: Correctly handle double quotes in comments (see #7102).
  • Fixed: Ignore hidden files when building the internal cache (see #7098).
  • Fixed: Correctly pass the insert ID of the undo record (see #6234).

Per saperne di più: http://contao.org/en/news/contao-3_2_13.html

3.2.12


2 Luglio 2014 - 50MBThis bugfix release restores the PHP 5.3 compatibility of the listing module, fixes an issue with exporting binary data in the themes module and corrects the cursor display in the ACE editor.

Bugs Fixed:
  • Fixed: Replace insert tags in external redirect targets (see #6765).
  • Fixed: Also apply the font settings to the ACE element (see #7103).
  • Fixed: Show the placeholder image in the "edit file" dialog if the original image exceeds the maximum dimensions supported by the GD library (see #7032).
  • Fixed: Preserve whitespace before 'textarea' tags when minifying code (see #7087).
  • Fixed: Restore the PHP 5.3 compatibility of the listing module (see #7078).
  • Fixed: Do not offer to drop tables or fields if the safe mode is active (see #7085).
  • Fixed: Correctly detect binary fields during theme export (see #7079).
  • Fixed: Make $this->locationLabel available in the event list (see #7030).
  • Fixed: Correctly set the root page title (see #7023).
  • Fixed: Only show the sort hint if there is more than one element (see #6935).
  • Fixed: Try to raise the PHP limits upon file synchronization (see #7035).

Per saperne di più: http://contao.org/en/news/contao-3_2_12.html

3.2.10


21 Maggio 2014 - 43MBThis bugfix release fixes issues with file names containing special characters and improves the file synchronization and the handling of binary fields during theme import. Also, the following plugins have been updates: Swipe, ACE, Datepicker, MooTools

Bugs Fixed:
  • Fixed: Correctly urlencode folder names in the file manager (see #6925).
  • Fixed: Allow for up to 13 characters in Validator::isEmail() (see #6950).
  • Fixed: Only fall back to the default option if there is no POST data (see #6899).
  • Fixed: Do not override the event start time in Events::addEvent() (see #6701).
  • Fixed: Correctly detect binary fields during theme import (see #6852).
  • Fixed: Do not urldecode twice in DC_Folder (see #6840).
  • Fixed: Standardize the fallback behavior of the downloads/gallery element (see #6662).
  • Fixed: Correctly hide duplicated elements in the module wizard (see #6826).
  • Fixed: Fix the mediabox "imgBackground" option (see #6866).
  • Fixed: Strip double quotes in the options wizard (see #6919).
  • Fixed: Strip the insert tag flags before passing the tag name to the hooks (see #6860).
  • Fixed: Catch Swift exceptions when sending form data via e-mail (see #6941).
  • Fixed: Check for reserved article aliases before validating the alias name (see #6978).
  • Fixed: Store the UUID of uploaded files in the session (see #6986).
  • Fixed: Only assume a moved file or folder for new resources (see #6907).
  • Fixed: Correctly strip the file extension in the File class (see #6968).
  • Fixed: Remove the menu when Swipe.kill() is executed (see #6861).
  • Fixed: Consider the protocol when embedding YouTube videos (see #6900).

Changes:
  • Update: Update the back end date picker to version 2.2.0.
  • Update: Update MooTools to version 1.5.0 (see #6924).
  • Update: Update ACE to version 1.1.3.

Per saperne di più: http://contao.org/en/news/contao-3_2_10.html

3.2.9

(release di sicurezza)
7 Aprile 2014 - 43MBThis bugfix release fixes a critical security hole in the install tool, which allows to execute arbitrary code on the server.

Bugs Fixed:
  • Fixed a critical vulnerability of the install tool (see #6855).
  • Filter disabled groups in the registration module in the front end (see #6757).
  • Work around a bug in SimplePie with the "skip items" option (see #6107).
  • Fix the Swipe "continuous" option if there are exactly two slides (see #6812).
  • Apply addslashes() to strings in the Config class (see #6808).
  • Do not empty all fallback fields in sorting mode 4 (see #6498).
  • Do not allow template names to be longer than the DB fields (see #6819).
  • Correctly set the start time of a multi-day event (see #6802).
  • Correctly handle OR queries in the listing module (see #6344).
  • Use a monospaced font for the plain text newsletter preview (see #6790).
  • Adjust the vScrollTo() offset if the paste hint is visible (see #6478).

Per saperne di più: http://contao.org/en/news/contao-3_2_9.html

3.2.8


12 Marzo 2014 - 43MBThis bugfix release fixes several minor problems, e.g. the broken "continuous" support of the content element slider or the sorting of the elements of the page/filetree widget in "edit multiple" mode.

Bugs Fixed:
  • Fixed: Add the "href" values for active breadcrumb menus to the template (see #6796).
  • Fixed: The file/page tree widget did not work properly in "edit multiple" mode (#6788).
  • Fixed: Preserve the referer ID when clicking the "switch to edit" button (see #6127).
  • Fixed: Encode e-mail addresses in the "explanation" form field (see #6771).
  • Fixed: Use a placeholder image if no thumbnail can be created (see #6754).
  • Fixed: Pass additional arguments to the "replaceInsertTags" hook (see #6672).
  • Fixed: Correctly initialize the Session class (see #6747).
  • Fixed: Do not use Input::setGet() in the event modules (see #6733).
  • Fixed: Correctly shorten the CSS background property (see #6709).
  • Fixed: Do not use UNION SELECT when searching for parent pages (see #6704).
  • Fixed: Disable zlib.output_compression when sending files to the browser (see #6717).
  • Fixed: Consider the event time in the event list module (see #6719).
  • Fixed: Make the newsletter recipient address available in the template (see #5782).
  • Fixed: Correctly handle Unicode characters in Validator::isGooglePlusId (see #6707).
  • Fixed: Fixed the arguments of two CalendarEventsModel methods (see #6781).
  • Fixed: Pass the "tableless" flag to the "form_message" template (see #6772).
  • Fixed: Update the swipe.js script so the "continuous" option works (see #6762).
  • Fixed: Improve the Search::removeEntry() method (see #6785).
  • Fixed: Correctly set the cookie path in the front mode in debug mode (see #6723).
  • Fixed: Point to Frontend::addToUrl() in front end templates (see #6736).
  • Fixed: Do not stop the cron job execution after the first interval.

Per saperne di più: http://contao.org/en/news/contao-3_2_8.html

3.2.7

(release di sicurezza)
13 Febbraio 2014 - 43MBThis bugfix release fixes more security holes related to the PHP object injection vulnerability.

Bugs Fixed:
  • Fix another weakness in the `Input` class and further harden the `deserialize()` function.

Per saperne di più: http://contao.org/en/news/contao-3_2_7.html

3.2.6

(release di sicurezza)
13 Febbraio 2014 - 43MBThis bugfix release fixes another security hole related to the PHP object injection vulnerability, which was still exploitable in the Contao back end in version 3.2.5.

Bugs Fixed:
  • Further harden the deserialize() function and the Input class (see #6724).

Per saperne di più: http://contao.org/en/news/contao-3_2_6.html

3.2.5

(release di sicurezza)
3 Febbraio 2014 - 43MBThis bugfix release fixes a potential PHP object injection vulnerability (thanks to Pedro Ribeiro). The vulnerability exists, because POST data is passed to the deserialize() function, which was the case in the core multiple times. However, we were not able to exploit the vulnerability if the POST data was accessed via the Contao Input class. This does not mean that it cannot be accomplished though.

Bugs Fixed:
  • Correctly load the parent pages in the navigation modules (see #6696).
  • Correctly encode URLs with GET parameters in the syndication links (see #6683).
  • Do not pass POST data to the deserialize() function, so it is not vulnerable to PHP object injection. Thanks to Pedro Ribeiro for his input (see #6695).
  • Allow any character in passwords, especially the less-than symbol (see #6447).
  • Purge the image cache if a file is being renamed (see #6641).
  • Preserve tags in custom CSS definitions (see #6667).
  • Make the swipe CSS selectors more specific (see #6666).
  • Correctly optimize floating-point numbers in style sheets (see #6674).

Per saperne di più: http://contao.org/en/news/contao-3_2_5.html

3.2.4


20 Gennaio 2014 - 43MBThis bugfix release fixes an issue with resolving module dependencies and a problem with assigning articles to layout sections. Also, the Environment class now correctly detects Android tablet devices.

Bugs Fixed:
  • Updated the Russian translation of the TinyMCE "typolinks" plugins (see #6224).
  • Do not create multiple stylect layers upon Ajax changes.
  • Some DCAs were missing the "rem" unit (see #6634).
  • Correctly trim the SQL statements in the Database class (see #6623).
  • Fix some broken back end icons (see #6214).
  • Show a hint in the news archive menu if there are no items (see #5888).
  • Prevent the back end tool tips from exceeding the screen width (see #6639).
  • Support the Google+ vanity name in addition to the numeric ID (see #6454).
  • Correctly detect Android tablets in the Environment class (see #5869).
  • Correctly resolve the module dependencies (see #6606).
  • Correctly unset the PHP session cookie depending on its parameters.
  • Fixed the XHTML variant of the comments form (see #5675).
  • Correctly assign articles to columns (see #6595).
  • Correctly merge the CSS classes in the Hybrid class (see #6601).

Per saperne di più: http://contao.org/en/news/contao-3_2_4.html

3.2.3

(versione principale)
20 Dicembre 2013 - 43MB140 tickets and pull requests have been completed during the 4 months of development and the following 2 months of testing.
Per saperne di più: http://contao.org/en/news/contao-3_2_0.html

3.1.5


8 Novembre 2013 - 43MBThis bugfix release fixes an issue with the PDF export and with duplicating members.

Changelog:
  • Fixed: Correctly handle shorthand byte values (see #6345).
  • Fixed: Also update the sitemap if a news/event feed is updated (see #5727).
  • Fixed: Correctly sort by date in the listing module (see #5609).
  • Fixed: Correctly handle the autologin key if a member is duplicated (see #5945).
  • Fixed: Correctly export pages as PDF (see #6317).

Per saperne di più: http://contao.org/en/news/contao-3_1_5.html

3.1.4


14 Ottobre 2013 - 43MBThis bugfix release fixes an issue with upgrading the accordion fields as well as with using special characters in page aliases.

Changelog:
  • Removed: Removed the TinyMCE spell checker (see #6247).
  • Updated: Updated TCPDF to version 3.0.38 (see #6268).
  • Fixed: Do not show the debug bar in the modal dialog (see #6302).
  • Fixed: Ignore the "maxlength" setting in certain form fields (see #6283).
  • Fixed: Correctly show the "toggle page status" icon (see #6282).
  • Fixed: Correctly render the pages breadcrumb menu for non-admin users (see #6067).
  • Fixed: Correctly handle the accordion fields during the version 3.1 update (see #6229).
  • Fixed: Correctly handle special characters in page aliases (see #6232).

Per saperne di più: http://contao.org/en/news/contao-3_1_4.html

3.1.3


28 Settembre 2013 - 43MBThe bugfix release fixes a potential data inconsistency issue when using models, which can be caused by the result cache.

The result cache has been removed entirely to fix the issue, which renders the methods executeUncached() and executeCached() deprecated. They only remain available as alias for the execute() method for reasons of backwards compatibility.

Changelog:
  • Changed: Drop the database query cache (see #6070). This renders executeUncached() and executeCached() deprecated. Use execute() instead.
  • Fixed: Consider the additional arguments in Frontend::jumpToOrReload() (see #5734).
  • Fixed: Prevent article aliases from using reserved names (see #6066).
  • Fixed: Correctly update the RSS feeds if a news item or event changes (see #6102).
  • Fixed: Correctly link to news and calendar feeds via insert tag (see #6164).
  • Fixed: Make the CSS ID available in the custom navigation module (see #6129).
  • Fixed: Do not cache the "toggle_view" insert tag (see #6172).
  • Fixed: Unset the primary key if a model is deleted (see #6162).
  • Fixed: Support tel: and sms: upon IDNA conversion (see #6148).
  • Fixed: Apply the width and height to the audio player as well (see #6114).
  • Fixed: Do not exit after a template has been output (see #5570).
  • Fixed: Handle all possible errors when uploading files (see #5934).

Per saperne di più: http://contao.org/en/news/contao-3_1_3.html

3.1.2


28 Agosto 2013 - 43MBThis bugfix release fixes issues with the output of IDNA domain names as well as two issues with the back end user interface (referer management and file picker). Also, the HTML5 form types "date", "time" and "datetime" are no longer used.

Changelog:
  • New: Added the Czech typolinks translations (thanks to ShiraNai7) (see #6051).
  • Fixed: Add the global date format in PageModel::loadDetails() (see #6104).
  • Fixed: Do not override the referer upon Ajax requests (see #5956).
  • Fixed: Fixed the content slider in IE < 9 (see #5878).
  • Fixed: Do not set a database driver by default (see #6088).
  • Fixed: Decode punycode domains in the listing module (see #5946).
  • Fixed: Show all themes a template is defined in (see #6071).
  • Fixed: Do not add the domain name twice in redirectToFrontendPage() (see #6076).
  • Fixed: Use the currentLogin field to sort users by their last login (see #5949).
  • Fixed: Fix the offset handling in the CSS grid (see #5943).
  • Fixed: Do not use the date, time and datetime input types (see #5918).
  • Fixed: Show tooltips for selected single images in the file picker (see #6031).
  • Fixed: Correctly synchronize if a sub folder is selected (see #5979).
  • Fixed: Correctly handle password which are longer than 64 characters (see #6015).
  • Fixed: Added missing Vietnamese characters to the UFT8 mapper (see #6010).
  • Fixed: Decode entities in the page and file pickers (see #5989).
  • Fixed: Ensure that the default user and group are integer values (see #6017).
  • Fixed: Added an option to purge the search cache (see #6041).
  • Fixed: Preserve the repository tables when importing a theme (see #6037).
  • Fixed: Pass the module to getAttributesFromDca() in the registration and personal data module classes (see #6002).
  • Fixed: Validate the e-mail address when creating an admin user (see #6003).
  • Fixed: Fix the newslist pagination count (see #5997).
  • Fixed: Make the GD image max width and height parameters mandatory (see #5940).
  • Fixed: Replace all insert tags when exporting a page as PDF (see #5990).
  • Fixed: Correctly validate the options in Widget::isValidOption() (see #5951).
  • Fixed: Decode IDNA domains in any system mail (see #5932).
  • Fixed: Store integers bigger than PHP_INT_MAX as string (see #5939).
  • Fixed: Fix the alignment of the versions menu in IE (see #5962).
  • Fixed: Do not cache the result of Model::count*() (see #5973).
  • Fixed: Added some missing office file extensions to the configuration (see #6021).
  • Fixed: Fixed the "indexPage" hook (see #5967).
  • Fixed: Do not copy the autologin hash when duplicating members (see #5945).
  • Fixed: Added .svgz support to the default .htaccess file (see #5938).

Per saperne di più: http://contao.org/en/news/contao-3_1_2.html

3.1.1

(appendice 1)
1 Agosto 2013 - 43MBApplications:
  • Install: Fixed the "Content" option to install correctly on newer versions of PHP. Blank installs and older versions of PHP were not affected.

3.1.1


25 Giugno 2013 - 43MBThis bugfix release fixes several plugin issues, including the missing slider support in IE8, the wrong generation of the CSS3PIE file path and the wrong assignment of the dollar function to jQuery instead of MooTools.

In addition, the subscribable newsletter channels when editing users (back end) and members (front end) are now displayed correctly again.
Per saperne di più: http://contao.org/en/news/contao-3_1_1.html

3.1.0

(versione principale)
21 Maggio 2013 - 43MBAccording to the new time-based release schedule, the first minor update of Contao 3 has been published today. 217 tickets and pull requests have been completed during the four months development phase and the following two months testing phase.

There is one thing which you have to change manually: if your website uses sortable tables, you have to add the moo_tablesort or j_tablesort template in the page layout, so the JavaScript sorting continues to work.
Per saperne di più: https://contao.org/en/changelog/versions/3.1.html

3.0.6


21 Marzo 2013 - 43MBThis bugfix release fixes several issues, including the users' page and file mounts not being set correctly and the members' home directories not being created upon registration.

The relative path to the website (websitePath) is now stored separately in the system/config/pathconfig.php file instead of the local configuration file for technical reasons.

The local configuration file is now loaded twice again, before and after the module configuration files are loaded. This corresponds to the Contao 2.11 behaviour.
  • Fixed: Do not add links to news, events, FAQs or newsletters to the sitemap if the target page has not been published (see #5520).
  • Fixed: Include the local configuration file twice, once before and once after the module configuration files are parsed (see #5490). This will make settings like the debug or safe mode work properly.
  • Fixed: Correctly set the RSS feed self-reference (see #5478).
  • Fixed: Remove ­ and from RSS and Atom feeds (see #5473).
  • Fixed: Do not remove the grid column margin on mobile devices (see #5475).
  • Fixed: Store the relative path to the installation in the pathconfig.php (see #5339).
  • Fixed: Correctly send the comment moderation mails (see #5443).
  • Fixed: Correctly create the user home directory upon registration (see #5437).
  • Improved: Made the .htaccess files Apache 2.4 ready (see #5032).
  • Fixed: Also truncate opened files in File::truncate() (see #5459).
  • Fixed: Added the "allowTransparency" attribute to the mediabox script (see #5077).
  • Fixed: The submit button label was not shown in the FormSubmit widget (see #5434).
  • Fixed: Show invisible elements in the back end preview (see #5449).
  • Fixed: Allow to create forward pages without a specific target (see #5453).
  • Fixed: Updated the TinyMCE typolinks plugin (see #5329).
  • Fixed: Correctly initialize the user's pagemounts (see #5454).
  • Fixed: Support loading static JavaScripts in the config.php files (see #4890).
  • Fixed: Show all articles if the article list module is in the same column (see #5373).
  • Fixed: Do not show mail_ templates from theme folders (see #5379).
  • Fixed: Consider only published events when finding the calendar boundaries and only render the previous and next links if there are events (see #5426).
  • Fixed: Do not override the header and footer height in the layout builder (see #5368).
  • Fixed: Correctly reset fallback, default and "do not copy" fields (see #5252).

Per saperne di più: https://contao.org/en/news/contao-3_0_6.html

3.0.5


19 Febbraio 2013 - 33MBThis bugfix release fixes the issue with duplicating elements with their child elements, adds the missing .ogg support and improves the stability of the database-assisted file system. Also, all vendor libraries have been updated.

This bugfix release also fixes the issue with the language files not being loaded correctly in 3.0.4.

Uncached model relations
  • Analogous to the option to load models uncached, you can now load model relations uncached, too.

Per saperne di più: https://contao.org/en/news/contao-3_0_5.html

3.0.3


8 Gennaio 2013 - 33MBThis bugfix release includes a fix for the issue with the inadvertently duplicated content elements and improved the compatibility of the database-assisted file system. This bugfix release also fixes the install routine which did not work on fresh installations in Contao 3.0.2.

Database-assisted file system
  • Image galleries and download elements can now use the user's home directory as source again
  • Newsletter attachments are sent correctly again
  • The database is updated if a file is uploaded in a front end form

Content element visibility
  • Modules and forms included via content element now consider the visibility settings of the content element. Before version 3.0.2, those resources were always visible.

Enclosure download
  • If a page contains multiple elements with enclosures, these enclosures could not be downloaded under certain circumstances. This issue has been fixed in Contao 3.0.2.

Per saperne di più: https://contao.org/en/news/contao-3_0_3.html

3.0.1


29 Novembre 2012 - 33MBThis bugfix release fixed a couple of issues, including that page alias names could not contain Unicode characters anymore.

Also, with version 3.0.1 we have removed the automatic copyright notice in the front end according to the announcement of November 8th, 2012 and replaced it with a meta generator tag.
Per saperne di più: https://contao.org/en/news/contao-3_0_1.html

3.0.0

(versione principale)
31 Ottobre 2012 - 33MB

2.11.13


19 Novembre 2013 - 32MBThis bugfix release fixes the issue with extensions not being sorted correctly on some file systems.
  • Fixed: Sort the list of available modules (see #6391).
  • Fixed: Decode entities in passwords (see #6252).
  • Fixed: Replace insert tags in the details view of the listing module (see #6120).

Per saperne di più: https://contao.org/en/news/contao-2_11_13.html

2.11.12


28 Settembre 2013 - 32MBThe bugfix release includes updates of TCPDF and SimplePie and fixes a few uncritical issues.
Per saperne di più: https://contao.org/en/news/contao-2_11_12.html

2.11.10


21 Marzo 2013 - 32MBThis bugfix release fixes the issue with cookies having the wrong path and includes a TinyMCE update, so the editor works on IE7/8 again.
  • Fixed: Cast varchar date fields to int when selecting from the database (see #5503).
  • Fixed: Only unset POST variables if Widget::submitInput() returns true (see #5474).
  • Fixed: Strictly compare values when determining whether to save or not (see #5471).
  • Updated: Updated TinyMCE to version 3.5.8 (see #5329).
  • Fixed: Correctly show the "invalid date and time" error message (see #5480).
  • Fixed: Correctly split the words when adding to the search index (see #5363).
  • Fixed: Correctly load TinyMCE in IE7 and IE8 (see #5346).
  • Fixed: Send the correct cache headers in "client cache only" mode (see #5358).
  • Fixed: Remove the session of deleted or disabled users (see #5353).
  • Fixed: Correctly set the cookie paths (see #5339).

Per saperne di più: https://contao.org/en/news/contao-2_11_10.html

2.11.9


14 Febbraio 2013 - 32MB

2.11.8


8 Gennaio 2013 - 32MB

2.11.7


29 Novembre 2012 - 32MB

2.11.6


26 Settembre 2012 - 32MB

2.11.5


26 Luglio 2012 - 32MB

2.11.4


12 Giugno 2012 - 32MB

2.11.3


4 Maggio 2012 - 32MB

2.11.2


14 Marzo 2012 - 32MB

2.11.1


10 Marzo 2012 - 32MB

2.11.0


16 Febbraio 2012 - 32MB

2.10.4


30 Dicembre 2011 - 48MB

2.10.3


7 Novembre 2011 - 30MB

2.10.2


11 Ottobre 2011 - 30MB

2.10.1


28 Settembre 2011 - 30MB

I nostri hosting Web compatibili con
Contao

Web

Solo l'hosting Web

Hosting Web 100% SSD
100 GB e +
Gestione multisito
Certificati SSL gratuiti
Protezione Anti-DDoS
10 GB di VOD


Per maggiori informazioni

a partire da 5.75 €/mese

Classic

L'offerta completa Web+Mail

Hosting Web 100% SSD
100 GB e +
Gestione multisito
Certificati SSL gratuiti
Protezione Anti-DDoS
10 GB di VOD


Posta professionale
25 indirizzi e-mail con spazio illimitato


WorkSpace
Messaggistica online
Messaggistica istantanea
Sincronizzazione dei contatti e agende


Per maggiori informazioni

a partire da 7.42 €/mese

Server Cloud

Gestito

Hosting Web 100% SSD
100 GB e +
Multi-hosting e multisito
Certificati SSL gratuiti
Protezione Anti-DDoS
10 GB di VOD


Potenza
2 CPU e +
6 GB di RAM e +
100% SSD
Risorse 100% dedicate


Gestione
Infomaniak gestisce il suo server


Per maggiori informazioni

a partire da 29 €/mese

Prezzo in EUR Tasse incluse