Patch #3 Released for V2.3.7

Saturday, January 23, 2016 Tags: patch, release, bugs

This patch fixes several issues in the v2.3.7 release and v2.3.7 patch #1 and patch#2.  It also provides several tweaks and even some new features. The main fix is for a security vulnerability using malformed arrays.  It also provides some regression fixes to the text module inline-edit view(s). It must be noted that this patch will (again) break any custom text module view templates using in-place editing. This patch adds a couple new features to Twitter Bootstrap 3 based themes in the form of a new date/time picker widget, and a new photoalbum slideshow/carousel widget. There are a few other tweaks and fixes found in this patch. Unlike previous patches, this patch file also includes all the 'installation' files in the event you secured your site by deleting or renaming the /install folder. Patch #3 to v2.3.7 is found at

v237patch3 adds these features to v237, v237patch1, and v237patch2:
- a better 'read more' implementation for summarized text
- implements a twitter bootstrap 3 based date/time picker widget
- implements a new slideshow/carousel for bootstrap 3 photoalbum (Owl Carousel 2)
- now allows optional image and author selection per podcast/rss feed
- an autosave feature to wysiwyg editors to help recover from page crashes

v237patch3 fixes these issues in v237, v237patch1, and v237patch2:
!!! Security fix for vulnerability using malformed associative arrays
!!! Regression fix possible save/delete action permissions issue using text module inline edit view
- better implementation of setting (new) file/folder permissions (2 new optional upgrade scripts to assist)
- some faq module views and styles were broken
- simplifies .htaccess file

v237patch3 updates these 3rd party libraries in v237, v237patch1, and v237patch2:
- TimyMCE editor to v4.3.3
- easypost library to v3.0.1
- jQuery to v1.12.0 & v2.2.0, w/ migrate to v1.3.0
- bootstrap-dialog to v1.34.9
- elFinder to v2.1.6