Latest Release notes

Moodle 1.4.3 (17 December, 2004)

(Because this release contains important security fixes, we highly advise that sites using any previous version of Moodle upgrade to this version as soon as possible.)

Some important security fixes

• Better checking/cleaning of cookie data
• Preventative measures for session fixation
• Better checking/cleaning of parameters for RSS feeds, ip atlas parameters, glossary, forum, theme selection, SCORM module, document viewer
• Added protection in viewing of uploaded files
• Added protection against directory traversal
• Fix for variable $FULLME necessary for cron
• Prevention against internal libraries being called directly.
• Prevent viewing of glossary if it's a hidden activity
• Hidden sections hidden from students in recent activity
• Fixed problem with guest user being able to see events in the calendar
• Fixed encoding of TEX expressions

A few new things

• Enforced enrolment uniqueness, this is also a performance fix.
• Added transaction support for PostgreSQL
• Logging in and logging out are now logged
• Wiki and SCORM now both use new zipping code - this fixes reported SCORM issues
• New paging system for glossary
• User info from LDAP truncated for insertion into moodle to prevent data loss
• Updated pclzip to new version
• Memory_limit can be overriden by higher config settings from php.ini, commandline, httpd.conf, .htaccess
• New translations started: Maori, Kannada, Albanian and Vietnamese
• Many additions to other language packs
• Teachers can now always try quizzes, even if they're not open yet
• Glossary print view is now different for each format.
• Glossary search now also searches aliases
• Vastly improved multilang filter with more forgiving syntax

Performance improvements

• Better caching headers mean improved performance on all pages when using back button
• Database indexes added in many places to enhance performance in large scale deployments
• Performance improvements throughout moodle where courses were being listed.
• Various optimizations by removing unnecessary database retrievals and sorting.

Other bug fixes

• Fixed restoring into a new course generating duplicate course idnumbers
• Fixed many small Postgres issues
• Fixed unnecessary notices when debug mode on
• Fixed some more PHP5 Notices
• Fixed support for apostrophes, quotes and backslashes in LDAP user data
• Fix for pagination of search course results for Postgres
• Fixed bug with whitespace in user search
• Fixed chatroom bug where all chat users listed in multiple chatrooms
• Fix for installation script bug
• Case sensitive usernames in bulk user import fixed
• Fixed bug in redirection after rating forum post
• Fixed bug in quiz with matching questions
• Fixed bug in quiz preview
• Fixed bug in language editing
• Multiple small fixes in SCORM module
• SCORM module shows user pictures properly
• Activity names sorted by name in activity filter
• Glossary search will search aliases as well
• Any RSS errors will result in a valid RSS error file rather than invalid RSS.
• Fixed problem with SCORM package validation and PHP5
• Fixed problem with backup/restore and empty categories
• Better XHTML in wiki
• Bug fix in chat reports for first chat session
• Fixed a problem with SCORM when deleting a lot of files, or very large files
• Fixed some problems with encyclopedia format in glossary
• Fixed bug in SCORM integration with zipping code
• Fixed bug in dialogue plain text email notifications
• Fixed missing sesskey variables in social activity block
• Excess sections for a course are now hidden in the navmenu
• Added daylight savings time fixes for the calendar
• First quiz edit in a new course has a default category assigned
• Fixed bug in paypal module when accepting payment amount
• Fixed bug in course files with loss of choose mode

Moodle 1.4.2 (5th November, 2004)

(Because this release contains important security fixes, we highly advise that sites using any previous version of Moodle upgrade to this version as soon as possible.)

Some important security fixes

• Better checking/cleaning of script parameters used in quite a few areas throughout Moodle (a BIG thanks to Petr Skoda for his recent security audit!)
• Quoted some SQL parameters in the glossary module to prevent possible injection

A few small new things

• New PAM authentication module for direct authentication on Unix/Linux
• Course creators can now restore to new or existing courses
• Forum posts now include detailed headers to allow correct threading in mail clients

And a bunch of other bug fixes

• Backup is now more able to cope with errors (eg if backup is interrupted) and can clean up uncompleted files
• Fix for database authentication against a PostgreSQL database
• Fixes for some parts of installation to PostgreSQL
• Forum subject lines are now only broken up in recent activity display
• Database-based enrolments now actually work :-)
• SQL fixes for creation of RSS feeds from PostgreSQL
• Added rtsp to the list of allowed protocols in cleaned HTML text
• User profile and profile editing page can be called without parameters
• Upgraded xmlize library to latest version
• Upgraded phpmailer library to latest version
• Various small code-only cleanups
• Admin menu now allows backup/restore of the "site course" (front page)
• Fixed a display bug in the forums index which only showed in PHP5
• Highlighting function (eg after search) was stripping backslashes
• Info from LDAP is now decoded from utf8
• Course listings now work better with very large amounts of courses
• Two SCORM bugs fixed (a typo and a problem with onbeforeunload)
• Some cleanups when printing text, headers and variables in Lesson
• Calendar now functions as expected even when you login as someone else
• Fixed a few remaining short PHP tags
• Better randomness for random questions (fix for bug introduced in 1.4)
• When a teacher is removed from a course, they are now also removed from all groups in that course
• Fixed strip_pages bug in Wiki
• Fixes for charset detection in backups and multilang filter under PHP5

Moodle 1.4.1 (12th September, 2004)

A few little new things

• New "Email Protection" filter will obfuscate all email addresses within all texts (to help prevent automated address-harvesting)
• Allowed email addresses can now be restricted (see config-dist.php for details)
• Extra instructions for translators embedded in translation interface
• New help page for Directory Paths

And some bug fixes

• Improved performance when viewing site logs
• Improved paging and performance in glossary
• Glossary entries are now shown correctly if they belong to multiple categories
• Do not redeclare auth_user_login upon failed login
• Fixed two missing icons in the cordoroyblue theme
• Fixed missing "New event" button on Upcoming Events page
• Always addslashes on chat messages from daemon users before inserting into db.
• Fixes for handling of fixed enrollment periods when this is set for a course
• Site course ID (defined as SITEID) is no longer assumed to be always 1
• Default memory limits are increased beyond 16M, to help Moodle continue working even when there is some unplanned memory problem
• Smilies are now rendered as pictures in Markdown format texts
• Workshops work under Recent Activity again
• file.php can now only be used to access data within courses
• Improved behaviour of calendar blocks on home page
• Fixed quotes bug with PostgreSQL database specification produced by installer
• Fixed sometimes-missing display of correct answers during quiz review
• <tt> and <code> are now allowed tags
• Section summaries, course summaries and labels are again no longer cleaned of Javascript
• Fixed a rare LDAP bug that could cause new accounts not to be created

Moodle 1.4 (31st August, 2004)

Headlines

• Compatibility with PHP 5
• New easy installer wizard leads you through the creation of the initial config.php file
• Installation is now completely localised to your preferred language
• Completely revamped Resource module make it easier to add new resources and to send data to them.
• New Enrolment system featuring modules such as completely automated Paypal payments, flatfile scanning, or external database control.
• Blocks now work on the front page, plus you can put a topic section above the middle part
• Chat now includes a server-side daemon (in PHP) for scalable, instant chat
• New Wiki module!
• New support for editing text using the Markdown format
• Many bug fixes in all areas

Under the hood

• Resource module has its own Add menu now, and uses class-based submodules, making it much easier now to add new resource types to this menu
• Quiz module has been refactored into class-based questiontype plugins.
• Enrolment process has been refactored into class-based enrolment plugins.
• Glossary display formats are now name-based, and it's easier to plugin new ones.
• Improved behaviour of many modules when they are used on the site page.
• Revised Filter structure is faster and now compatible with Turck MMcache.
• Adding activities is now more forgiving of fields left empty
• We can now alter PostgreSQL columns at will using table_column()
• RSS generation has been sped up tremendously, putting much less load on cron
• Some bigger modules have split lib.php into locallib.php for less memory usage

Languages and localisation

• Updates to nearly every language pack
• Moodle can override the default character set in Apache, making languages more reliable
• Multibyte languages now wrap properly
• Better handling of locales and encodings on very multilingual sites (like moodle.org)
• New languages: Slovenian and Hebrew!

Security Fixes

• Fixed a number of possible XSS entry points and path disclosures
• Attributes of tags in HTML are now parsed even more thoroughly for naughty scripts
• User profile pages are no longer available by default to strangers
• All text is now cleaned on output (not just input)
• Email addresses are not used on outgoing mail if the user requests that
• New setting loginhttps will use secure https for the login, then switch back to http

Administration

• Spiffy new interfaces for adding/removing students, creators and admins
• Failed logins are now logged, and can be displayed to users upon a successful login
• Logs now support viewing by group, and by errors
• Modules now behave more consistently on the site front page
• Front page "students" can be all users on site, or all users in at least one course on the site
• Email-sending can now be enabled/disabled on any user's profile page

Authentication

• All authentication methods will now co-exist with internally-created accounts
• New support for authenticating against First Class servers
• Fixes for POP3 authentication

Navigation

• Visitors can be automatically logged in as guest
• Jump menu now always shows "Jump to" to help distribute clues about what it does
• Jump menu now has a much clearer way of grouping activities into sections

Blocks

• Block system can now cope with custom course formats and changes in format
• New login block allows login from site front page
• Online users block on home page shows users from the whole site

Editor

• New editor configuration screen for the admin
• New support for anchors within pages
• Spell-checking is now supported in the editor, it uses aspell on your server operating system

Chat

• Chat now includes a server-side daemon (in PHP) for scalable, instant chat

Choice

• Significantly revamped to make a lot more sense, with more option

Forum

• Several fixes when dealing with groups
• Users can choose to receive forum posts as daily digests of subject lines or whole posts.
• Discussion listing is now paged
• Teachers now have complete control over forum subscriptions, and can subscribe anyone at will
• "Last post" date is shortened and linked to the last post
• Forums now list RSS feeds on the index page
• Better-looking HTML mail using the full stylesheet
• Forum mail older than two days is never sent out (to prevent unwanted floods)
• Blocked mail is logged so that teachers can see it
• Discussion branches can be "split" from the main discussion, into a new discussion

Glossary

• Glossary entries can be defined as "always editable"
• Glossaries now list RSS feeds on the index page
• Many fixes throughout

Quiz

• New floating timer for timed quizzes
• Attempts may now be restricted to specific computers
• Quizzes can now require a special password
• New question type for Calculated Questions
• Numerical questions now support units
• Questions can be previewed in the editing pages
• Questions can now be exported in several formats
• More intelligent handling of category listing when editing questions
• New (and incomplete) XML export format, will eventually be quiz-feature-complete
• Shortanswers can now contain all sorts of strange characters

Resource

• Adding resources is now a one-step process with more control
• Web page, Web link, Uploaded file and Program resource all combined into one type!
• Program resources replaced by Parameters that allow a lot of of interesting interaction with external resources, both remote and uploaded into Moodle.
• Collapsible forms with memory to make forms less daunting for beginners without slowing down experienced users

SCORM

• Many fixes and improvements - works with an even wider variety of packages
• Optional extra verification of the manifest file

Moodle Documentation

Version: $Id$