Rilasciata la versione 1.5.9 di Joomla!

Security

One low-level and one high-level security issue were fixed in this release:

• High Priority: Directory Traversal. A crafted request can allow an attacker to view directory trees on the server. Note: contents of files cannot be edited or deleted, just viewed. More information »
• Low Priority: SSL Session Token Disclosure. When running a site as SSL ONLY, if a non-SSL request is made, an attacker can obtain the session token. There is NO risk for Web sites that use both HTTP and HTTPS. More information »

For additional information, visit the Joomla Security Center.

Components

• Fixed Contact Page so that a blank page is not displayed when vCard is not enabled, but is selected in the Contact Parameters (10680)
• Resolved problem with Category View Table where filter did not work when cache was enabled (10840)
• vCard no longer displays excess spaces (11871)
• Small change in components/com_banners/models/banner.php (12577)
• Resolved invalid XHTML 1.0 Transitional issues introduced in 1.5.7 for the Contact form (12868)
• Fixed problem that resulted in erroneous '404 - Contact not found' page for dropdown in Contact View (12989)
• Fixed Contact Category URL problems (13045)
• Fulltext Search for Uncategorized and Archived Articles is now working (13490)
• onPrepareContent issue for non-com_content Components resulting in a warning message has been resolved (13505)
• 'Change Contact Details' link now loads correct page (13542)
• Contact image not displaying in front end (13643)
• Front-end article submission no longer auto-populates, finish publishing date with same date as start publishing (13673)
• Media Manager Javascript error: "Object doesn't support this property or method" that presented for IE has been fixed (13761)
• Space between meta keywords no longer removed when saving Articles (13794)
• com_installer Module View now correctly displays Author e-mail and URL (13942)
• Robots and Author meta retained when copying Articles (13949)
• Article Archive pagination fixed (14070)
• Correction so that unregistered site visitors can no longer access PDF for registered Articles (14196)
• Hits filter in Category List fixed (14390)
• Resolved problem where "Register to read more" incorrectly redirected to Front Page, rather than Article (14392)
• Poll error message resolved (14394)
• Resolved problem where Category List failed to retain Column Sort preference when navigating to a different page (14398)
• Resolved problem in Category List where changing Display # to All in page 2 of list would display no results (12932)
• Category List now correctly shows filtering option in use (14402)
• Corrected 404 error that resulted when menu access was set to Public and Contact Item is Registered (14412)

Modules

• New modules can now be added, even when there are no modules entries already defined (11874)
• Inconsistency removed for Login/Logout Redirection page of mod_login (13611)
• JMenu getMenu() doc error corrected (13617)
• Archive Module Count Parameter and Tool Tip corrections (13694)
• STRPOS error corrected when editing Alias Menu Item (13909)
• Toolbar Image now points to an existing image (14171)

Plugins

• OpenID upgraded to 2.0 protocol, now works with Yahoo (12217)
• plgSystemCache plugin now respect site and page language (12115)
• Page string in plugins/content/pagebreak.php is now properly externalized (12730)
• Legacy Plugin - Login Timeout resolved (13662)
• Access level for Plugins fixed (14106)
• Fixed OpenID Transition issues (14433)

Legacy

• No issues fixed for this release

Templates

• RTL feeds PARAM is now saved in database which corrects RTL feeds in Milkyway and Beez (11235)
• CSS and XHTML valid error in JA_Purity resolved, as was invalid CSS validator link (12887)
• JA_Purity default status for Modules defined for right position now collapse correctly, when unused (12925)
• Fixed CSS errors in rhuk_milkyway/css/template_rtl.css (13517)
• Missing H1 text-align in rhuk_milkyway/css/template_rtl.css fixed (13570)
• Beez template override for com_search now displays error messages correctly (13584)
• Corrected Last Updated date for Beez Template (13632)
• Resolved inconsistencies for Beez Template Override Page Titles (13634)
• Contact image changes for Beez override (13700)
• Incorrect File Reference corrected for Beez Template (13859)
• Short PHP Notation in Beez Windows hosting bug introduced in 12798 has been fixed (14313)
• en-GB.com_statistics.ini are now correctly deleted (14391)
• Removed unnecessary string in JA_Purity template (14414)
• Removed unnecessary strings in rhuk_Milkyway template (14415)

Language

• Language INI files that were incorrectly encoded using UTF-8 with BOM have been fixed (13499)
• Untranslated strings in en-GB.ini after SVN 11236 are fixed (13514)
• Fixed untranslated strings in com_weblinks (13608)
• Fixed untranslated strings in com_contact (13626)
• Fixed untranslated Strings in admin/mod_feed (13666)
• Spacer values are now translatable (14308)
• Fixed issue with JA_Purity spacer so that it is now translatable (14360)
• Resolved remaining English string hard-coded in mod_search (14374)
• String missing in en-GB.com_installer.ini (14389)
• Resolved untranslated language string for "Email a Friend" feature (14395)
• Tooltip language string in com_config corrected (13633)

Administrator

• Added better tooltip text for the Help Server Reset button in Global Configuration System Settings (12023)
• Toolbar & value fixed for Media Manager button (12841)
• JInstallerHelper Class Function description has been corrected (13574)
• Help screens made (13616)
• Remove default filter for Super Admininistrator and fix filter whitelist problem (13770)
• Corrected error where Editor deleted content for default filter; UTF-8 compatibility is now enforced with JInputFilter (13901)
• Removed old dev.joomla.org links (14227)

System

•  (12812)
• (13549)
• (13811)
• (14317)
•  (14408)
•  (14410)
• (14434)
• (12746)