Show your support for Zikula! Sign up at Github account and watch the Core project!
- eledril created topic »Inserting Ads Into News Categories Pages« 07. Mar
- shaaz_khanz responded to »Linking a custom doctrine 2 based module with non-doctrine based module« 06. Mar
- espaan created topic »Creating Imagine plugin preset during installation of other module« 06. Mar
- MarcPare responded to »RSS Feed Broken« 05. Mar
- krator responded to »MOST table prefix« 04. Mar
- krator responded to »sitemap for zikula 1.3« 25. Feb
- shoshia responded to »CodeCogs and CKEditor« 24. Feb
When using Doctrine in a project it is always a security critical component because it talks directly to your database. As such security is very important to us. In security however, context is important and providing you with query capabilities we have to expose you to the risk of SQL injections.
Doctrine cannot prevent you from building SQL injections into your applications and so can no other DBAL, because it would require hiding SQL completely. But hiding SQL completly is not wanted, because it is such a powerful language.
Therefore it is still your responsibility to make sure that you are using Doctrine correctly when working with SQL.
Read the rest of the article on the Doctrine website. Additional information on security concerns when utilizing Doctrine is now available in the respective repository's
SECURITY.md and also here: DBAL Security and ORM Security.
Zikula Core 1.3.7 is released as of 17 February 2014. This is a security release for the Core 1.3.x series as well as a bug fix release. All users of Core 1.3.0 - 1.3.6 are recommended to update as soon as possible.
In addition to addressing the security issue, the release combines all the recent "patches" that have been floating about in the community which attempted to address certain deficiencies in the 1.3.5/1.3.6 releases. Please update to this official package and discontinue using code from non-official sources.
Installation/Upgrade: (from Core 1.3.6) Be sure to backup files and database before any upgrade is attempted. Simply overwrite the files in your current installation with the new files , add your DB credentials to the config.php file and run the upgrade.php routine.
This release addresses Secunia Advisory SA56274 (article to be updated with link when published).
A full Changelog is available
The main development was occurring in what was originally intended to be a minor release in the 1.3.x series but this has been taking too long. This has required a change in plans.
As of 15 February 2014 the following changes have been made in the Core repository
- The 1.3 branch is renamed to 1.4
- The release-1.3 branch is renamed to 1.3
- The master branch remains intact as is and is intended as a 2.0 branch
The intention is to release Core 1.3.7 soon with all of the minor patches that have been floating out in the community as well as a couple other minor corrections. QA testing should begin on this release soon.
Core 1.4.0 will include many other improvements and fixes over 1.3.x series and also include a Forward Compatibility layer pointing toward the Core 2.0.0 release. There should be very few (if any) Backward Compatibility breaks from the 1.3.x series.
Core 2.0.0 will drop all backward compatibility for the 1.x series and require new extension structures, reliance on only new core technologies (symfony, twig, etc).
Timelines for anything beyond Core 1.3.7 are of course unknown and should not be assumed based on this information.
I am happy and proud to show my very first module! Of course it is a simple one. But see yourself: VerySimpleDownload
This is made with ModuleStudio. I have to say it is really easy. A lot of community members know me as a user. And I am still only a user. But I can now create my own module .
How did I proceed with my module? First I made the model with the current version of ModuleStudio. It do have an outdated generator but the webgen is available to provide me actual code. So I generated my module there. This is my guarantee to have the latest code running for 1.3.6.
- The module is now fully jQuery based and uses HTML5 form validation with webshims polyfill validation fallback for browsers not supporting html5
- The forms templates now use the .tpl extension instead of .html - Update your own forms please
- More customization per form possible
- File attachments work again
Please see the closed tickets for a list of fixes and additions. And the project page for more on HTML5
Zikula Core 1.3.6 is released as of November 6, 2013. This is strictly a security release for the Core 1.3.x series. All users of Core 1.3.0 - 1.3.5 are recommended to update as soon as possible. This release does not contain any other bug fixes or features over Core 1.3.5.
Installation/Upgrade: (from Core 1.3.5) simply overwrite the files in your current installation with the new files run the upgrade.php routine.
The release that was to be version 1.3.6 has been renamed to 1.3.7 and is yet unreleased. Please adjust your development module dependencies accordingly.
Eternizer version 1.1.3 comes with some bugfixes and new features:
- On view page in the backend one is able now to edit several entries at the same time.
- For edit own entries in the frontend now one can set a period in hours.
- Simplecaptcha, known from the module Formicula, is implemented now.
The german community is announcing the next Camp Zikula. From 12-14 July 2013.
We will have two speeches about new development (Axel) and templating (Gabriel). But more important is meeting the others physically . It will be held in german language. Are you interested? Registration is possible via email@example.com.
More details can be seen at the german community site.
The most important improvement is a textual syntax which defines a new and more readable model file format. Also there is a migration function for converting your existing models to this new notation automatically.
- If multiple modules use TCPDF, there is an extra version of TCPDF in each module. That's 18,5MB per module!
- The TCPDF Plugin automatically includes the right config- and languagefiles
- The TCPDF version can be updated independently from the module.
Invitation is a module that allows your users to invite other users via email to your website. You can add some information to the module that is sent with each invitation email.
MUImage 1.0.0 is prepared for Zikula 1.3.4 or higher to download. MUImage is a classic gallery module you can organize pictures in albums and sub albums with. MUImage is conceptual developed with ModuleStudio. So it uses Doctrine 2 already. For the general user group it is possible to set the allowed number of albums, sub albums and pictures. MUImage contains a import function for Mediashare. So you can import albums and their pictures. Please read the Wiki of MUImage on Github.
My fellow web developers, the state of jQuery is strong.
For more about exciting happenings in the (near) future of jQuery, read the rest of the story...