- Security: Fix several vulnerabilites. Updates are absolutely recommended for sites running any older version. Thanks, Neal Poole.
- Passwords are case-sensitive.
- Hotlink protection for files: Downloads from a web-accessible
/files
directory are inhibited. The/file_download/$id/example.foo
route is the only valid way to access downloadable files. Requires an Apache webserver and usage of the sample.htaccess
file. - Empty
<txp:variable></txp:variable>
container sets a variable's value to""
. - WordPress import tool fixed for WP 3.x.
- Context bug in messy mode fixed.
get_pref()
now honours per-user prefs in all cases.- Developer:
txp_validate()
accepts a$log
parameter to discern between 'real user login' vs. 'just validating credentials' usage. - Developer:
sendAsyncEvent()
accepts parameter$format
. - Developer: Introducing
escape_js()
andsend_script_response()
. - Developer: Taghandler functions must not contain upper case letters.
- Developer: Taghandler functions must not be defined within a
<txp:php>
element. - Developer: phpass 0.3 / genuine for password portability, hashing, stretching, and salting. Old-style passwords will be migrated upon a user's first login. Persistent hash values in database are incompatible with previous versions.
- jQuery 1.5.1.