Releases: bugfishtm/bugfish-framework
Releases Β· bugfishtm/bugfish-framework
Release list
Stable 4.12
Release 4.12
Changes
- Tokens: Replaced
mt_rand()with the CSPRNGrandom_int()for all
auth tokens (session, activation, password-reset, mail-change) in
x_class_user. Tokens are no longer predictable (CWE-338). - CSRF: CSRF tokens in
x_class_csrfand the login form now use
random_bytes()and are compared withhash_equals()(constant-time,
no type-juggling). Replaces predictablemt_rand()values. - API keys:
x_class_api::validateKey()now enforces thesection
scope, so a key issued for one section can no longer validate in another. - XSS: Comment author name and text are now HTML-escaped on output in
x_class_comment::comment_show(), preventing stored XSS from the public
comment form.
Stable 4.11
- Hotfix for x_class_user extrafield table creation error.
- Added user_status field to user table, unrelated to functionalitites.
Stable 4.10
Release 4.10
General Information
- The PHP Framework now requires PHP 8.4 as a mandatory prerequisite.
- Full code review to eliminate errors and ensure correct functionality.
- Unique php/mysql table identifier key names updated for improved conformity.
- Documentation thoroughly optimized and comprehensively updated to enhance clarity, accuracy, and usability.
- Some tables may have been changed, so it is recommended to check your old table structure before upgrading.
- In version 4.X, functions and classes remain consistent, with a focus on security improvements and optimizations as needed.
Documentation
- Documentation thoroughly optimized and comprehensively updated to enhance clarity, accuracy, and usability.
Framework: CSS
- Full code review to eliminate errors and ensure correct functionality.
Framework: JavaScript
- Full code review to eliminate errors and ensure correct functionality.
- xjs_library.js: Added functions: xjs_request_post, xjs_request_get.
Framework: PHP Functions
- Full code review to eliminate errors and ensure correct functionality.
- x_library.php: Moved folder functions to x_folder.php.
- x_library.php: Moved thumbnail functions to x_thumbnail.php.
- x_library.php: Moved RSS functions to x_rss.php.
- x_library.php: Moved captcha functions to x_captcha.php.
- x_library.php: Moved cookiebanner functions to x_cookiebanner.php.
- x_library.php: Moved eventbox functions to x_eventbox.php.
- x_search.php: Completely rewritten x_search functionality.
Framework: PHP Classes
- Full code review to eliminate errors and ensure correct functionality.
- Unique table identifier key names updated for improved conformity.
- x_class_var.php: Minor optimizations.
- x_class_table.php: Minor optimizations.
- x_class_lang.php: Minor optimizations.
- x_class_mail_template.php: Minor optimizations and fixes.
- x_class_api.php: Major optimizations and changes.
- x_class_version.php: Minor optimizations.
- x_class_version.php: Changed parameter "autor" to "author".
- x_class_user.php: Minor optimizations and fixes.
- x_class_user.php: Class table modifications.
Stable 3.39
- Fixes on x_class_var: Fixed double unclear parameter on simple form function
- Fixes on x_class_var: Optimizations for class
- Fixes on x_class_api: Additions to add notes
- License changed to LGPL2.1