Release Notes

We have prepared a Release Candidate of the next WIKINDX release: X.Y.Z. Note that this beta version is not for production use. However, we would appreciate the help of dedicated WIKINDX users in testing the beta version in order to ensure that the final 6.7.1 release is of the highest quality. A beta tester should be able to set up and manage a test WIKINDX environment, ideally populated with data from their production environment. We expect the beta release period to last two(?) weeks during which bugs will be reported and fixed. If you are able and willing to beta test with us, then please send an email to sirfragalot@users.sourceforge.net and we will contact you asap.

The current CHANGELOG for v6.12.0 is:

Version 6.12.0

Focus: bug fixes, maintenance, and security

Important information

  • This version supports PHP 8.1, 8.2, 8.3, 8.4. It’s the first offering PHP 8.4 support.

Bug fixes

  • SQL error when upgrading SoundExplorer plugin with MariaDB 11.5.
  • Fix translation loading in TinyMCE on OS with a case-sensitive filesystem.
  • In the resource form, don’t automatically fill in a series number value when selecting a series in the select box [#691].
  • In the resource form, fix an error in adding user Ids to the abstract and note fields [#692].
  • Fixes the name of languages ​​displayed by browse search to follow the user’s preferred language.
  • Fix zoom errors where the paging is less than the total resources in the database [#695].
  • Fix a blank front page when the list is set to display resources in the last x days [#697].
  • Don’t increment the view counter if a resource is missing (crash).
  • If the admin has set only the resource originator as able to edit/add attachments, another registered user can now (as should be the case) view those attachments. Along the way, improve checks on who can manipulate attachments.
  • Registered users not allowed to edit a resource can now add the resource to a user bibliography (as they can tag the resource with user tags).
  • Ensure that the resource originator of a quarantined resource has access to that resource for listing, viewing, and editing.
  • When importing a bibliography (if allowed by the admin), a user could tag the import but could not delete the import tag (and associated resources). This has been fixed with a menu option under Resources.
  • Don’t publish a sitemap when the website is not public.
  • Fix a few errors in Advanced Search: a) fields like publisher and collection were not available to search and b) the previous search fields were not stored correctly when reloading the search form.
  • Fix an empty innerHTML error in the advanced search form and its results (#697).
  • If browsing a user bibliography, the bibliography was not always used as the source for various operations.
  • File upload was blocked when memory_limit = -1 (infinity).
  • Accept URL of external images longer that 255 characters (8000 max).
  • Images containing special characters in their name such as a space were not exported in HTML/RTF documents.
  • Fix a small warning when the download of an image fails during RTF/DOCX export.
  • Fix base64 encoded media type in paper HTML exports.
  • If an image is included more than once in an RTF/HTML export, only the first temporary file was purged at the end of the export.
  • Fix missing rows in search_resources and search_abstractnotes. Code to write these rows was missing in the import code for bibtex and endnote (now fixed in this release).
  • Ensure, for proceedings and proceedings_article types, that conference organiser, conference name, and publisher are properly handled for display, import, and export.
  • When browsing, correct the resource counts for creators, system users, departments, and institutions.
  • Use the right mime-type when returning JSON.

Feature enhancements

  • Users can now export resources and word processor papers to DOCX (compatible with, for example, Word, Libre Office and OpenOffice). RTF exporting is still available because the DOCX export remains to be fully tested in the wild. At some point in the future RTF export will be removed in favour of DOCX export as the latter is a more modern format and easier to maintain. Note that, if you export to DOCX, your document has sections, and you specify a style using endnotes which restart at each section, results may be unexpected when the document is opened in Libre Office. This is because Libre Office does not yet handle DOCX sections at all well. Opening this DOCX in Word, will work as expected.
  • Implement publication lists. This means that research groups, for example, can embed a special URL to the publication list in an external site which then gives readOnly access and restricts all search, browse, etc. operations to that list. A list comprises one or more user or group bibliographies. The attachments in a publication list can be viewed, and the setting (Yes or No) will override the setting in the WIKINDX configuration (although attachments can still be embargoed). See management Admin|Bibliographies…|Publications for details.
  • Admins can now administer user/group bibliographies from the Admin|Bibliographies…|User/Group menu. This includes creating, editing, deleting, and (re-)assigning bibliographies to users.
  • In all search and list results, the user now has various filter and other options such as limiting results to user bibliographies, viewing only attachments, zipping attachments for download, and so on. See also IMPROVEMENTS:14.
  • With publication lists and filtering of search and list results, the concept of setting a user or group bibliography as the default browse bibliography has fallen by the wayside.
  • New translation: Arabic (with DeepL and Google Translate).

Improvements

  • Display time zone in footer [#162].
  • Compress the output with Gzip or deflate if the client accepts it.
  • If the resource no longer exists or never did, correctly respond with a 404 error to the visitor and search engines.
  • Browse: also allows you to find resources without language.
  • Return an HTTP error 410 on display if a resource has been deleted [#699].
  • In addition to more stringently checking user access for various view and write operations, the user access to viewing and manipulating resources and associated metadata has been overhauled. If the configuration allows the adding, editing, or deletion of resources this includes not only the resource itself but also associated fields such as categories, keywords, custom fields, and similar, and the abstract and notes. Unless the metadata subsystem is disabled, registered users can always add quotes, paraphrases, comments, and musings to a resource. Registered users can only edit and delete their own contributions—an admin can do anything.
  • Ensure admins (other than the superadmin) cannot operate on other admins. Only the superadmin can annoint or demote admins when editing user data.
  • Improve the management of user bibliographies in the My Wikindx interface for registered users: a user bibliography can be converted to a group bibliography and vice-versa.
  • Prevent search engines to browse almost all links (direct access to resources is already provided by the sitemap.xml file).
  • In textareas for e.g., abstract, quotations, etc., add a tool to remove line breaks from selected text. Useful when pasting from e.g., PDF.
  • For plugin configuration, add another level to $authorize: ‘3’ for superAdmin. The existing level ‘2’, which previously was for the superAdmin only, is now for any admin. If you wish to ensure that your plugin, previously set to $authorize = 2, remains available to superAdmin only, you should update the plugin config to $authorize - Otherwise, it is not necessary to change anything.
  • Improved the method of deleting users: there is now the option to transfer much of the deleted user’s data to any other user.
  • ReadOnly users cannot export metadata with resource lists.
  • Substantially rewritten the code for quick search and advanced search. For both searches, the SQL has been reformulated as has the logic dealing with AND, OR, and NOT parts: in the new code, all AND, OR, and NOT search fragments are each grouped together. This improves the precision of search results returned, particularly from advanced search (and thus some bugs have been squished), and makes the construction of complex SQL queries simpler—it is no longer necessary to think about the order in which you assemble AND, OR, and NOT searches. The advanced search form has also been rationalised with regard to the operation of the radio buttons.
  • Reduction in number of SQL statements required for startup and initial configuration.
  • Added a ‘return’ navigation icon (to the first stage) for various pages where there is a second stage in the process.
  • When deleting import tags (in the Resources menu), there is now the option to remove the import tag without deleting resources. See also BUGS:13.
  • Improve the operation of the General category. Any resource is part of the General category unless it is part of another category—a resource cannot belong to the General category and another category.
  • When editing their user details in MyWikindx, ensure a superadmin can declare themselves to be a creator in the WIKINDX and a member of a department and institution.
  • Allow the owner of a resource to embargo attachments.

Maintenance

  • Unicode 16.0 support [#689].
  • Update FakerPHP library (v1.24.1).
  • Update PHPWord library (v1.3.0).
  • Update PHPMailer (v6.10.0).
  • Update Smarty (v5.5.2).
  • Remove forced UTF-8 configuration as it has become the default since PHP 7.0 and PHP 5.6 usage has dropped to zero since 2022.
  • Limits the change of encoding detection of read data to the specific case of BibTeX.
  • Add support for MariaDB 11.5 [#690].
  • Fix Year 2038 problem of MySQL/MariaDB [#492].
  • Update Adminer to version 5.4.0 (PHP 8.3 support).
  • Update XpdftoText component with version 4.05 of XpdfReader command line tools.
  • Removed collation forcing during search and sort (configuring collation on login is sufficient for debugging since the default collation of MySQL and MariaDB servers uses utf8mb4 in debugging situations).

Security

  • Enable strict session ID mode which validates session ID sent by the browser and forces the ID to be regenerated if it is unknown [#542].
  • Forbid direct access to config.php file during the upgrade [#687].
  • Provides predefined .htaccess files for Apache web server [#197].
  • Guard against IFRAME and link injections when using browserTabID feature.
  • Add an option to set Session Cookies Secure Attribute [#688].
  • Add X-Content-Type-Options header (blocks browsers’MIME type sniffing) [#688].
  • Turn off misguided X-XSS-Protection browser feature [#688].
  • Set Referrer-Policy header to strict-origin-when-cross-origin [#688].
  • Add an option to set Strict-Transport-Security policy. If a client tries to access the site via HTTP they will be blocked for 3 minutes (non-configurable duration) [#686].
  • Set X-Permitted-Cross-Domain-Policies header to none [#688].
  • Set X-Download-Options header to noopen [#688].
  • Set X-Frame-Options header to SAMEORIGIN [#688].
  • Block Tabnabbing.
  • Use robots.txt only to advertise the sitemap [#688].
  • Set Permissions-Policy header. Disable not used major features of browsers (bluetooth, geolocation, camera, microphone, payment).
  • Set Access-Control-Allow-Origin header to * [#685].
  • Set Cross-Origin-Opener-Policy header to same-origin [#685].
  • DDOS attacks: recent attacks noticed by us give a wikindx URL with a random browserTabID and this leads to excessive writing of rows to temp_storage. The writing of rows to temp_storage in this case has now been blocked, a 404 (not available) message is returned in the headers and the ‘user’ is redirected to the logon page.