Moodle 1.6.2 release notes

Jump to: navigation, search
Notice: Moodle Docs will be switched to read-only mode starting on Tuesday 17 October 14:00 UTC for server maintenance. The estimated read-only period should not take more than 24 hours.

Release date: 12th September 2006


Security

  • Fixed handling of uploaded files in Database module
  • Module instance id is now properly validated when creating course module object; developers should use get_coursemodule_from_id() to get valid $cm
  • Default error reporting level was lowered to 5, E_WARNINGs are no longer displayed on production sites with debug off.
  • Multiple problems leading to information leakage fixed in help.php file
  • Fixed information leakage from scheduled backups
  • Added basic detection of dataroot accessible from Internet, web installer now better suggests dataroot location outside of web file area
  • Swf is now disabled by default in Mediaplugin
  • forgot_password.php does not allow remote email or username enumeration by default, the old behavior can be enabled by setting protectusernames to No in site configuration
  • Undisclosed SQL injections fixed by automatic data conversions in adodb layer
  • Theoretical XSS problems fixed in doc/index.php and files/index.php scripts
  • Access to tex and algebra files is blocked when filters are disabled
  • Request for redirection in jumpto.php protected with sesskey

Bug Fixes

  • Fixed error when upgrading forum read tracking
  • Locales from language packs should finally work - please check your configuration variables and empty the locale field
  • Added missing link for course request
  • Fixed several glossary problems with non-ascii characters
  • Fixed bug where you could not regrade a quiz question where the teacher had added a comment with a ' character.
  • Quiz import of BlackBoard V6 files now much more reliable
  • Fixed scheduled backups - they were broken in 1.6 and 1.6.1
  • Fixed missing guest icons from course listing
  • Database sessions respect sessiontimeout setting
  • Fixed redirect problems during upgrade resulting in "Table xxx already exists"
  • Lesson module: the "(Continue)" no longer displays for 3 seconds after branch tables.
  • Lesson module: now properly checks import formats for support.
  • Lesson module: feedback is set properly during the import process.
  • and many other smaller fixes

New Features

  • Authorize.net Payment Gateway: Auto configures credit card types if the merchant does not accept some types of credit cards

Known Problems

  • Broken images in published question categories