Opus the Penguin
Opus

 Home
 An Introduction To Opus
 Content Management
 News
 Documentation
 FAQ
 Some Opus Web Sites
 Opus for Local Councils
 Downloading Opus
 Road Map
 Help and Support
 Users' mailing list
 About Us

Quick search

 

 

 

 

 

Printable version of this article

Copyright Information

Powered by Opus
 

Release 2.28

Written 06/07/08

Today sees a long delayed new release of Opus which includes a lot of enhancements and, more importantly, some security fixes. We therefore strongly recommending upgrading to this release.

Security fixes:

  1. In previous releases Opus required register_globals to be on. This is a classic way of opening up the code to hackers. Opus has now been rewritten to work with register_globals turned off and we recommend that having upgraded to this release you explicitly turn it off, either via .htaccess or whatever control you have of your vhost.
  2. A security hole in image uploading allowed a visitor who was not logged on to replace a previously uploaded image with one of their own by means of a cleverly crafted web form. (Thanks to Jez for identifying this one.)
  3. A related and less serious issue meant that a logged in author who didn't have permission to upload images could do so very easily.

It's a long time since the last formal release so there have been many enhancements, many of which are subtle and won't worry you but here's a selection of the more significant ones:

  1. Support for PayPal allowing Opus to be used for simple e-commerce applications.
  2. Support for Opus running under SSL/HTTPS.
  3. Auxiliary fields can now be enabled on a per section basis.
  4. Changes to mail form processing to stop malicious use.
  5. Attempts to hide the author login pages from search engines as it's an invitation to hackers to try to log in.
  6. If your web server supports it then you can rotate, resize and sharpen images when you are uploading them.
  7. The image browser in the author menu shows image thumbnails.
  8. Various enhancements to the search function to allow you set up searches which only search some parts of your database and to search on numbers.
  9. Default diary location now comes from OPUS_DEFAULT_LOCATION, if that's defined in ./cfg/config.inc.
  10. Datacards can now have a mapped url (enabled by a "mapurl" attribute for the <datacard> tag).
  11. New merge fields: datedated, released, papercode, sectioncode, articlecode, documentname, documenttype, documentsize, editlink
  12. Links to document articles show size and type in brackets after the link (you can disable this via your style sheet).
  13. The access array has been updated to allow you to decide whether or not authors can extract datacards.
  14. Various enhancements to blogging, all configurable on a section by section basis.
  15. The article browser in the author menu lets you browse by section.

<- Newer Older ->