OpenDocMan v1.3.0 includes security fixes, bug fixes, and code cleanup. PHP extension pdo-mysql is now used for all database queries. All users are highly encouraged to upgrade. This update includes database modifications.
- Fix potential XSS exploit
- Fix potential SQL injection exploits
- Fix issue #186 – Don’t create file records until file upload is verified
- Fix issue #128 – Move from mysql_query() to PDO for SQL queries
- Removed the “secure url” admin setting since it was mis-leading and ineffective
- General code cleanup and refactoring. Removed un-used code. Removed un-used files.
I have been playing with GIT today so that I can learn how to use it effectively. So far it seems to be a big improvement over subversion, and I am thinking that I might move the OpenDocMan SVN into GIT at some point. One thing that seems to be a big difference is the ease that others can contribute by using GIT since they can clone the entire repository easily and the merges would be much easier than an SVN merge which can sometimes be a nightmare. If using GIT will help to increase the amount of community participation in the project I would be super happy.
Anyone have any thoughts on the subject?