Elgg 1.8.14

If somebody didn't noticed yet, we have Elgg 1.8.14 version availible for download at http://elgg.org

Thanks to Cash for making this release.

Changes include:

  Security Fixes:
  •    Fixed a XSS vulnerability when accepting URLs on user profiles
  •    Fixed bug that exposed subject lines of messages in inbox
  •    Added requirement for CSRF token for login
 
  Bugfixes:
  •    Strip html tags from tag input
  •    Fixed several display issues for IE7
  •    Fixed several issues with blog drafts
  •    Fixed repeated token timeout errors
  •    Fixed JavaScript localization for non-English languages
 
  Enhancements:
  •    Web services fall back to json if the viewtype is invalid
 
Probably official blog post will show up eventually.
  • Yes, I did notice this around 10:30 am and upgraded. I have the 'Core version widget 1.0' installed, it lets me know through the admin panel when new releases come out.

  • upgraded here also, no issues so far. glad to have the token timeout boxes cleaned.

  • I have two sites, one running on 1.8.14 and one on 1.8.13.

    On the 1.8.14, when users enter profile information, they can ONLY select the privacy settings for the entire profile information. On the 1.8.13, they can select the privacy setting for each individual entry, which is great. For example. I want my date of birth visible only to friends but the rest of the profile info visible to logged in users.

    Were the profile privacy settings changed (for the worse) in 1.8.14 or is this because of another reason?

  • Are you using profile manager?  It has a setting that controls that.

  • Yes. Which setting is that? I don't see such a setting (a setting for the settings :)

  • Found it. It's the one that says, "Show just one access control dropdown on edit profile form". I've set it to "no". THX Matt!

  • Hi,

    Just upgraded from 1.8.6 to the latest version and now the plugins page in the admin doesn't load - I just get a Fatal Error http://www.domainname.co.uk/admin/plugins.

    Weirdly the front end seems to be working ok...

    Is this a plugin conflict? Do I need to delete some plugins?

    Any help appreciated.

  • I am also getting issue with elgg-1.8.14 below is the error..

     

    IOException Object
    (
    [message:protected] => Failed to load new ElggObject from GUID:44
    [string:Exception:private] => exception 'IOException' with message 'Failed to load new ElggObject from GUID:44' in C:\xampp\htdocs\elgg-1.8.14\engine\classes\ElggObject.php:85
    Stack trace:
    #0 C:\xampp\htdocs\elgg-1.8.14\engine\classes\ElggPlugin.php(78): ElggObject->__construct(44)
    #1 C:\xampp\htdocs\elgg-1.8.14\engine\lib\plugins.php(155): ElggPlugin->__construct('comment_tracker')
    #2 C:\xampp\htdocs\elgg-1.8.14\views\default\admin\plugins.php(14): elgg_generate_plugin_entities()
    #3 C:\xampp\htdocs\elgg-1.8.14\engine\lib\views.php(491): include('C:\xampp\htdocs...')
    #4 C:\xampp\htdocs\elgg-1.8.14\engine\lib\admin.php(488): elgg_view('admin/plugins', Array)
    #5 [internal function]: admin_page_handler(Array, 'admin')
    #6 C:\xampp\htdocs\elgg-1.8.14\engine\lib\pagehandler.php(53): call_user_func('admin_page_hand...', Array, 'admin')
    #7 C:\xampp\htdocs\elgg-1.8.14\engine\handlers\page_handler.php(46): page_handler('admin', 'plugins')
    #8 {main}
    [code:protected] => 0
    [file:protected] => C:\xampp\htdocs\elgg-1.8.14\engine\classes\ElggObject.php
    [line:protected] => 85
    [trace:Exception:private] => Array
    (
    [0] => Array
    (
    [file] => C:\xampp\htdocs\elgg-1.8.14\engine\classes\ElggPlugin.php
    [line] => 78
    [function] => __construct
    [class] => ElggObject
    [type] => ->
    [args] => Array
    (
    [0] => 44
    )

    )

    [1] => Array
    (
    [file] => C:\xampp\htdocs\elgg-1.8.14\engine\lib\plugins.php
    [line] => 155
    [function] => __construct
    [class] => ElggPlugin
    [type] => ->
    [args] => Array
    (
    [0] => comment_tracker
    )

    )

    [2] => Array
    (
    [file] => C:\xampp\htdocs\elgg-1.8.14\views\default\admin\plugins.php
    [line] => 14
    [function] => elgg_generate_plugin_entities
    [args] => Array
    (
    )

    )

    [3] => Array
    (
    [file] => C:\xampp\htdocs\elgg-1.8.14\engine\lib\views.php
    [line] => 491
    [args] => Array
    (
    [0] => C:\xampp\htdocs\elgg-1.8.14\views\default\admin\plugins.php
    )

    [function] => include
    )

    [4] => Array
    (
    [file] => C:\xampp\htdocs\elgg-1.8.14\engine\lib\admin.php
    [line] => 488
    [function] => elgg_view
    [args] => Array
    (
    [0] => admin/plugins
    [1] => Array
    (
    [page] => Array
    (
    [0] => plugins
    )

    )

    )

    )

    [5] => Array
    (
    [function] => admin_page_handler
    [args] => Array
    (
    [0] => Array
    (
    [0] => plugins
    )

    [1] => admin
    )

    )

    [6] => Array
    (
    [file] => C:\xampp\htdocs\elgg-1.8.14\engine\lib\pagehandler.php
    [line] => 53
    [function] => call_user_func
    [args] => Array
    (
    [0] => admin_page_handler
    [1] => Array
    (
    [0] => plugins
    )

    [2] => admin
    )

    )

    [7] => Array
    (
    [file] => C:\xampp\htdocs\elgg-1.8.14\engine\handlers\page_handler.php
    [line] => 46
    [function] => page_handler
    [args] => Array
    (
    [0] => admin
    [1] => plugins
    )

    )

    )

    [previous:Exception:private] =>
    )

  • I updated my test site and it was working just fint, but on my production site some plugin's fails to work properly :(. I have located the difference to the fact that simpleCache is disablet on my test site. When disabling SimpleCache om my production site, everything works just fine - but slow :(.

    The plugins not working properly are HypeAlive and HypeEvents. It seems like it's related to ajax/css and/or javascripting.

    Attempt to disable alle plugin's make's no difference.