We’re happy to announce the release of SocialEngine PHP 4.8.12. This release comes with a bunch of fixes that include some important security vulnerabilities, some warnings, notices and other small issues. Security of your websites is our responsibility and we take such issues very seriously. This is why we dedicated our technical team to get this release out as soon as possible. We’ve also added two important events to Sign-up process in this release that extend some possibilities. Here is the list of things included in 4.8.12:
- Added a new event
onCheckBannedEmailto Signup account creation form and is triggered just after the internal check for banned emails has occurred. This event would allow site admins to consult external services with the supplied email address to catch repeat spammers right before they sign up. (Suggested in #324)
- Added a new event
onFieldsValuesSaveBeforeto Signup profile information form and is triggered just before the values are saved. This event would allow applications to catch both old and new values for a field, and hence provides opportunity to enforce any business rules or customization depending on the changes in field values. (Suggested in #268)
- Fixed issue with invalid data error coming on ‘View All Updates’ page while accepting friend requests after 4.8.11 release. (Fixes #436 and #431)
- Fixed an issue with user getting a Token error after right clicking on Friend Request link appearing from user profile page. (Fixes #454)
- Fixed issue with Members’ display names being needlessly translated in activity feeds. (Fixes #351)
- Fixed a PHP notice ‘Undefined variable: user’ that was popping up at some places. (Fixes #325)
- Escaped parameters in output of blog search to fix some security vulnerabilities.
- Added striptags filter to Tags field in video and blog creation that fixed important security vulnerabilities.
- Fixes security issues in Events and Groups full text search by adding prepared statement in MySQL query.
- Fixed a security vulnerability that existed in event creation because of Host and Location fields not being sanitized.
- Fixed an issue with potential cross-site scripting (XSS) security vulnerability in Open Flash Chart. (Fixes #57)
- Added code for IP Validation by applying some filter. (Fixes #330)
- Fixed a “Duplicate column name” error that was appearing when editing a profile field just after its creation from admin panel.
How to Upgrade? You can now download the new SocialEngine PHP 4.8.12 files from your client area.
We’ve also upgraded Blogs, Events, Groups and Videos Plugins to 4.8.12. Please make sure that you do a complete backup of both files and database before performing this upgrade on your websites. If you’re not comfortable with the installation and backup process yourself, we offer upgrade services for $150 that you can purchase from here.
Thanks to our amazing community! This release includes 2 enhancements and 6 fixes reported by you. So, keep submitting any feature requests or bug reports for SocialEngine PHP to our public bugs and suggestions tracker. Thanks again for always being there and providing your continuous feedback & support!