Download Tiki 1.9.10.1

Tiki is a web -based groupware and content management system and uses an environment with PHP, ADODB and Smarty. The program is also known under the catchy name Tikiwiki. The developers have released a new version in the Sirius series with 1.9.10.1 as the version number and have mainly focused on solving bugs from version 1.9.9, solving an XSS in Tiki-edit_article.php and improving The safety against future leaks. The corresponding list of changes is as follows:

Version 1.9.10.1:

Security:

• Improving input sanitizer. Thank you to Fortify softwareexternal link for reporting a cross-site scripting (XSS) vulnerability in tiki-edit_article.php.
  Note: Until You Upgrade, Workaround is to Not Permit Non-Trusted Users to Add/Edit Articles, or to Deactivate the Articles Feature Altogether.
• New preemptive securitycheck.php script. This check, which is now part of the release procedures, checks every single potentially dangerous file (.php, .sh, etc) to make sure it follows some basic checks (such as: a feature check, permission check, verify that it can it’s called directly if it shouldn’t, etc.). If you are not using feature X you will no longer potentially be affected in a security issue which is discovered in a feature using that file. If you are using that feature, you can turn it off until you upgrade.
• Adding feature and permission checks to all files to comply with the securitycheck.php script described above.
• Developer scripts now have extra protection to make sure they can’t be run from the web (on a badly configured server).
• Some useless files were deleted.

Fixes:

• Fix a username/password/registration bug issue which was introduced in 1.9.9.
• Image Gallery: Fixed the next-pres glitch which was introduced recent.
• Various fixes to live support feature.
• Various fixes to InterTiki feature
• Forums: Prevent forum pruning from removing comments as well, or from other forums.
• Fixes to “thumbnail” plugin

Enhancements:

• Better handling of usernames with special characters
• tiki-contact.php has anti-bot protection
• Some administrative fixes and enhancements to the release, security and developer scripts.
• New “Superscript” Plugin To Make Easy Superscript in Wiki Page, Without Using HTML, Like Subscript Plugin.

Version 1.9.9:

Release checks:

This new feature adds 2 Options in General Admin Panel, to Enable/Disable Remote Checks and to Setup the Frequecy of Those Checks. The checking of a new version is done with a simple http request on tikiwiki.org site, when some with admin perms displays any administration panel. When the check is done and a new version is found, a message is displayed in admin panels to warn there is something new, and then no further checks are performed anymore (Until upgrade). This feature is enabled by default, which is motivated by the fact that people dang’t usually follow the tikiwiki community activity and they take time to upgrade, just beause they don’t know they should (decurity for security).

Security fixes:

• Jesus Olmos Gonzalez found a possible problem of transversal path in tiki-listmovies.php
• Mesut Timur reported an XSS vulnerability in tiki-special_chars.php
• Redflo also the occasion to find other flaws, in tiki-edit_css.php, tiki-list_games.php, and tiki-admin_source.php.php

Quick Security Protection:

• Disable Deatures: Edit CSS, Games, Galaxia
• erase files tiki-listmovies.php (which is not used except very exceptionaly by people that know their stuff) and tiki-special_chars.php (which is used in quicktags to popup a small widget to input special characters with odd accents).

Changes:

• wikiplugin group backported from 1.10
• improvement of wiki help on editpage
• New Forum Import Feature (From Tiki to Tiki Forums)
• some galaxy improvement
• module tail moved to mods
• Fix in Tracker Ratings
• Start of a New Translation: Bulgarian (BG)
• more translation for portuguese brazilian (pt-br)
• Fixes in French (FR) Translation