Gmane -- Mail To News And Back Again

From: Joel Palmius <joel.palmius <at> mh.se>
Subject: New releases
Newsgroups: gmane.comp.apache.mod-survey.general
Date: 2004-03-21 16:36:13 GMT (4 years, 24 weeks, 1 day, 15 hours and 55 minutes ago)
I'll announce two new releases as soon as I get confirmation that this 
mailing list is working again. I haven't got through since friday, but as 
the university's mail infrastructure is based on microsoft products, I 
will not be surprised if they simply need to reboot a couple of machines 
come monday morning.

The changelogs are:

Pre-release 3.0.16-pre2
-----------------------
* Added german translation by Michael Waider.
* Added a security update for avoiding script injection. Note that
  this involved prohibiting the characters <, >, ', $ and \. Also
  legitimate uses of these characters have been blocked, which might
  cause some problems. This is a temporary solution for the immediate
  problem, and it will likely be reworked before 3.0.16 proper is
  released.
* Changed strategy for multi-page submitting, to work around bug where
  their sizes were limited by the maximum length of the GET string.
  This was inspired by a patch received from Matthias Helletzgruber
  ages ago.

and 

Development release 3.2.0-pre4
------------------------------
* Applied patch from Matthew Buckett for fixing erronous error
  messages about MULTICHOICE (this tag has been merged into CHOICE)
* Applied patch from Matthew Buckett for better error messages
  when Session directory isn't properly setup.
* Fixed bug where multipaging would not work when client refused
  cookies (especially IE)
* Fixed a bug where variable-carrying CUSTOM blocks would not save
  data when in a multipage context.
* Added MAILCOPY tag for sending a mail with data to a specified
  address.
* Added outline for new CATI tag. Functionality will be added
  later.
* Applied patch from BugAnt for basics of IMPORT tag (tag able to
  import values as variables from database fields)
* Applied patch from Buckett for backwards-compatibility with older
  survey.conf files
* Applied patch from BugAnt for working around script injection in
  HTML tables export. (replace html tags with escape sequences)
* Corresponding for SQL export
* Corresponding for XML export
* Script injection detection code for action parameter
* Sanity parse in DBI save method.
* Added german translation by Michael Waider.
* Added option in installer for setting PerlSendHeader to on or off.
  This should ensure better Apache2 compatibility.
* Applied patch from Matthew Buckett for better layouting of SQL
  export and addition of GRANT clause.
* Applied patch from Matthew Buckett for better XML export.
* Changed a lot of "print content-type to $r->content_type()".

I'm pushing off documentation updates and CSS updates to get these out 
through the door. Also, I'll publish a security advisory separately on 
this list and on bugtraq as soon as the releases are online. 

  // Joel

Skickat av Joel Palmius <joel.palmius <at> mh.se>
till survey-discussion