SocialEngine Blog

SocialEngine is the best way to create a unique community website. Let your friends, fans or customers geek out about anything you want.

SocialEngine PHP 4.8.12 is here!

se-php4.8.12-long

We’re happy to announce the release of SocialEngine PHP 4.8.12. This release comes with a bunch of fixes that include some important security vulnerabilities, some warnings, notices and other small issues. Security of your websites is our responsibility and we take such issues very seriously. This is why we dedicated our technical team to get this release out as soon as possible. We’ve also added two important events to Sign-up process in this release that extend some possibilities. Here is the list of things included in 4.8.12:

Enhancements:

  • Added a new event onCheckBannedEmail to Signup account creation form and is triggered just after the internal check for banned emails has occurred. This event would allow site admins to consult external services with the supplied email address to catch repeat spammers right before they sign up. (Suggested in #324)
  • Added a new event onFieldsValuesSaveBefore to Signup profile information form and is triggered just before the values are saved. This event would allow applications to catch both old and new values for a field, and hence provides opportunity to enforce any business rules or customization depending on the changes in field values. (Suggested in #268)

Bug Fixes:

  • Fixed issue with invalid data error coming on ‘View All Updates’ page while accepting friend requests after 4.8.11 release. (Fixes #436 and #431)
  • Fixed an issue with user getting a Token error after right clicking on Friend Request link appearing from user profile page. (Fixes #454)
  • Fixed issue with Members’ display names being needlessly translated in activity feeds. (Fixes #351)
  • Fixed a PHP notice ‘Undefined variable: user’ that was popping up at some places. (Fixes #325)
  • Escaped parameters in output of blog search to fix some security vulnerabilities.
  • Added striptags filter to Tags field in video and blog creation that fixed important security vulnerabilities.
  • Fixes security issues in Events and Groups full text search by adding prepared statement in MySQL query.
  • Fixed a security vulnerability that existed in event creation because of Host and Location fields not being sanitized.
  • Fixed an issue with potential cross-site scripting (XSS) security vulnerability in Open Flash Chart. (Fixes #57)
  • Added code for IP Validation by applying some filter. (Fixes #330)
  • Fixed a “Duplicate column name” error that was appearing when editing a profile field just after its creation from admin panel.

How to Upgrade? You can now download the new SocialEngine PHP 4.8.12 files from your client area.

We’ve also upgraded Blogs, Events, Groups and Videos Plugins to 4.8.12. Please make sure that you do a complete backup of both files and database before performing this upgrade on your websites. If you’re not comfortable with the installation and backup process yourself, we offer upgrade services for $150 that you can purchase from here.

Changelog: You can also browse the complete changelog file for more details about the enhancements and fixes implemented in this release, and contact us if you have any queries.

Thanks to our amazing community! This release includes 2 enhancements and 6 fixes reported by you. So, keep submitting any feature requests or bug reports for SocialEngine PHP to our public bugs and suggestions tracker. Thanks again for always being there and providing your continuous feedback & support!

12 Comments

  1. Posted July 15, 2016 at 1:16 am | Permalink

    Thanks!

  2. Posted July 15, 2016 at 1:17 am | Permalink

    We’re glad you’re happy to see these updates :)

  3. Posted July 15, 2016 at 1:48 am | Permalink

    Hi @screent:disqus, thanks for sharing your views. 4.8.12 was a minor release fixing some important security issues. We do understand your point but neither has SocialEngine PHP been abandoned nor dead. Infact, since last one year, we’re now more open to communicating with community about their suggestions and issues on a public Bug Tracker that you can check out here: https://github.com/SocialEngine/phpv4-issues/issues

    We do understand that the system continues to move forward and there are always fixes that need to be addressed. We’ve released 3 minor upgrades in the 1st half of this year and have plans to release a major feature upgrade soon. Stay tuned to our blog to get more updates on that. Thanks.

  4. Posted July 19, 2016 at 7:49 am | Permalink

    Kudos to SocialEngine team for this quick release! Security vulnerabilities fixed in this release were much needed and you guys got those fixed timely.

  5. Posted July 29, 2016 at 1:03 pm | Permalink

    Hi Guys, I updated and the ‘Add a Friend’ function seems to be broken again. Is anyone else experiencing this after upgrading SE to the latest version?

    • Posted July 30, 2016 at 8:07 am | Permalink

      Hi Mick, we’ve fixed this issue in this release and so you should not be facing this problem in SE PHP Core features. If you’re using some 3rd party theme or menu based plugin in which this issue is appearing on your site, I suggest you contacting the developer of that theme / addon to fix this for you. If you’re not using any 3rd party theme or addon and still facing this problem, please send your website’s details at support@socialengine.com and our team will help you with this. Thanks!

    • Posted July 31, 2016 at 2:10 pm | Permalink

      If you’re using a third party theme, try these steps:
      1) Put your site in development mode
      2) Switch to a default theme
      3) Flush the cache from Performance Settings
      4) Switch back to your 3rd party theme

  6. Ed Clarke
    Posted August 1, 2016 at 3:29 am | Permalink

    Hello, I have purchased 6 licences from SE but have a few questions to do with subscriptions.

    1. There appears to be a delay from when a user upgrades their account, to when the payment are received from Paypal. this can be several hours. Is there a way to make payments instant when a user creates a payment profile. I find even if I set the network to wait for a successful payment before activating the account does not work, and the account is upgraded as soon as the profile is created.

    2. When a user cancels a payment, or the payment fails. What is the correct course of action. Currently, I am going into paypal and cancelling the subscription, then going to the profile and setting them to a free member level, then going into Billing>subscriptions and setting status to “expired” and active to “no”

    I thought this would happen automatically but it doesn’t, is there a setting I am missing as I have this problem on all my sites and it can be very time consuming. Also spoke to paypal and they said it is to do with the script on social engine and to contact them..

    If anyone has any information or suggestions I would be really grateful.

  7. Posted August 9, 2016 at 3:30 am | Permalink

    After the update on our test environment, only default themes work. Our own theme is not loaded, the response for css.php is empty.

    • Posted August 9, 2016 at 8:02 am | Permalink

      Hi Angel, we’ve not faced such an issue after upgrade at our end. Please try switching your website’s mode from production to development and vice-versa from admin panel. It should fix the problem. If you still face any issues, please send an email to support@socialengine.com along with your website’s details and our team will assist you further. Thanks!

      • Posted August 25, 2016 at 2:50 am | Permalink

        Thank you, I’ve sent and email to support because only the default theme works after the update of both SE and Zend framework.

  8. Posted September 9, 2016 at 1:16 pm | Permalink

    Hi @hostile, we had fixed a major fatal error that was coming in SE PHP with PHP version 7 in last release i.e. 4.8.11, blog post of which can be checked here: http://blog.socialengine.com/2016/05/26/socialengine-php-4-8-11-is-released/
    So, as we’ve mentioned there that we’re still not at 100% compatibility PHP 7, but that fatal error was fixed.

Post a Comment

Your email is kept private. Required fields are marked *

*
*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>