Skip to content

Releases: bugfishtm/bugfish-framework

Stable 4.12

Choose a tag to compare

@bugfishtm bugfishtm released this 04 Jul 16:10

Release 4.12

Changes

  • Tokens: Replaced mt_rand() with the CSPRNG random_int() for all
    auth tokens (session, activation, password-reset, mail-change) in
    x_class_user. Tokens are no longer predictable (CWE-338).
  • CSRF: CSRF tokens in x_class_csrf and the login form now use
    random_bytes() and are compared with hash_equals() (constant-time,
    no type-juggling). Replaces predictable mt_rand() values.
  • API keys: x_class_api::validateKey() now enforces the section
    scope, so a key issued for one section can no longer validate in another.
  • XSS: Comment author name and text are now HTML-escaped on output in
    x_class_comment::comment_show(), preventing stored XSS from the public
    comment form.

Stable 4.11

Choose a tag to compare

@bugfishtm bugfishtm released this 05 May 21:12
  • Hotfix for x_class_user extrafield table creation error.
  • Added user_status field to user table, unrelated to functionalitites.

Stable 4.10

Choose a tag to compare

@bugfishtm bugfishtm released this 06 Oct 18:31

Release 4.10

General Information

  • The PHP Framework now requires PHP 8.4 as a mandatory prerequisite.
  • Full code review to eliminate errors and ensure correct functionality.
  • Unique php/mysql table identifier key names updated for improved conformity.
  • Documentation thoroughly optimized and comprehensively updated to enhance clarity, accuracy, and usability.
  • Some tables may have been changed, so it is recommended to check your old table structure before upgrading.
  • In version 4.X, functions and classes remain consistent, with a focus on security improvements and optimizations as needed.

Documentation

  • Documentation thoroughly optimized and comprehensively updated to enhance clarity, accuracy, and usability.

Framework: CSS

  • Full code review to eliminate errors and ensure correct functionality.

Framework: JavaScript

  • Full code review to eliminate errors and ensure correct functionality.
  • xjs_library.js: Added functions: xjs_request_post, xjs_request_get.

Framework: PHP Functions

  • Full code review to eliminate errors and ensure correct functionality.
  • x_library.php: Moved folder functions to x_folder.php.
  • x_library.php: Moved thumbnail functions to x_thumbnail.php.
  • x_library.php: Moved RSS functions to x_rss.php.
  • x_library.php: Moved captcha functions to x_captcha.php.
  • x_library.php: Moved cookiebanner functions to x_cookiebanner.php.
  • x_library.php: Moved eventbox functions to x_eventbox.php.
  • x_search.php: Completely rewritten x_search functionality.

Framework: PHP Classes

  • Full code review to eliminate errors and ensure correct functionality.
  • Unique table identifier key names updated for improved conformity.
  • x_class_var.php: Minor optimizations.
  • x_class_table.php: Minor optimizations.
  • x_class_lang.php: Minor optimizations.
  • x_class_mail_template.php: Minor optimizations and fixes.
  • x_class_api.php: Major optimizations and changes.
  • x_class_version.php: Minor optimizations.
  • x_class_version.php: Changed parameter "autor" to "author".
  • x_class_user.php: Minor optimizations and fixes.
  • x_class_user.php: Class table modifications.

Stable 3.39

Choose a tag to compare

@bugfishtm bugfishtm released this 06 Aug 21:47
  • Fixes on x_class_var: Fixed double unclear parameter on simple form function
  • Fixes on x_class_var: Optimizations for class
  • Fixes on x_class_api: Additions to add notes
  • License changed to LGPL2.1

Stable 3.38

Choose a tag to compare

@bugfishtm bugfishtm released this 16 Jun 01:05
  • Initial Release