A file path disclosure in *.tpl.php was fixed. A change was made to the default behavior when adding a new image to an existing listing, the listing is now set back to pending. A change to the Smarty core was made; it was updated to 2.6.26 from 2.6.18. A version check in the admin section was added. Spanish language files for admin and main site have been added. French language files for admin and main site have been added. Some other fixes have been made as well.
This release patches security exploits with severity ranging from low to critical. The four main issues that have been patched are an insecure file upload vulnerability, a file path disclosure, a possible blind SQL exploit that could lead to working out the hashed password, and an improper int check that could lead to unauthorized data exposure. Also fixed was an installer issue which would lead to the installer failing on import of the data, forcing the end user to manually load the SQL file to complete installation.
The FILES array was stripping slashes and caused improper path names in Windows environments; this has been fixed. A typo in the admin section was fixed. An improper thumbnail image was displayed when not using the lightbox feature; this has been fixed. The correct language defines have been added for the useredit page. The ability to edit a user's country via a dynamic list in the useredit and admin list user pages has been added. The default home page text has been changed. Admins now have the ability to quickly approve a full listing.
This is mainly a minor bugfix release with a few changes and additions to the core codebase. The most important additions are the changes made for better international currency support. Users can now edit the decimal and thousands separators from the global.php language file. Another addition geared more towards the international user base was the addition of an auto drop-down when selecting your country. A bunch of other fixes and changes were made.
Incorrect error reporting of image deletion in editlistings was fixed. An admin can now delete a user's picture. The speed of the search and display function was greatly increased. Better error handling was added for image uploads in addlistings.php. A new Web based installer with an upgrade option was added. An XML site feed page (xml_site_feed.php) was added. Many many other updates and changes were made.
