Skip to content
Snippets Groups Projects
  • Released date
  • Created date

Evidence collection

Collected 1 year ago

Release notes

[3.7.0-beta.2] - 2023-08-06

  • Fix Edit Menu not displaying menu item type details. #183
  • Fix SQL error in sorting of ListingAPI search results when first sort item is invalid.
  • Fix SQL error in sorting of ListingAPI search results due to strict SQL mode.#184
  • Add Integration Test For ListingAPI Sorting
  • Fix SQL error in sorting of UserApi search results when first sort item is invalid.
  • Fix SQL error in sorting of UserApi search results due to strict SQL mode.#184
  • Add Integration Test For UserApi Sorting
  • Fix SQL error in sorting of BlogApi search results when first sort item is invalid.
  • Fix SQL error in sorting of BlogApi search results due to strict SQL mode.#184
  • Add Integration Test For BlogApi Sorting
  • Fixed error redering edit member profile page. #185
  • Fix Member Signup Verification #186

Evidence collection

Collected 1 year ago

Release notes

[3.7.0-beta.1] - 2023-07-30

  • Improve .gitignore
  • Fix handling of closeModal() calls from add listing dialog when invoked from frontend admin bar. #178
  • Update node dependencies.
  • Update Docker Image to 0.0.14 to use node 18.
  • Update composer dependencies.
  • Fix search error in Listing API Causing filters to error. #180
  • Fix permission check on save leads.
  • Fix Filter on "My Leads"
  • Update Twitter API to use V2 API for creating tweets.
  • Fix handling of numberic types in pageUser tag replacement, which was casuing hitcount to not render.
  • Remove calls to betterserialize which was removed in a previous release.
  • Fix addon page and tag display, and add integration test for addons.

Evidence collection

Collected 1 year ago

Release notes

[3.7.0-alpha.2] - 2023-07-04

  • Update DAST Scanner for CI
  • Fix bug in prerelease script that linked the incorrect download file, and published old changelogs in release notes.
  • Fix autoloader to correctly find OpenRealty classes when not under src directory.
  • Remove references to common.dist.php in installer.
  • Add Integration Test For Add User Dialog
  • Fix UserManager not saving agent permission #168
  • Fix php error on insert propery class screen. #171
  • Handle null values for PageUser template tags. #169
  • Fix errors loading, template_listing_sections from DB instead of settings. #172
  • Fix logic in ajaxUpdateUserData for handling email updates. #170
  • Fix Add/Delete/Navigation of Leads.
  • Fix email address showing {field_name} when adding leads.
  • Fix Min/Max search in listing->search api
  • Fix text search in listing->search api
  • Fix ULREncoding of ints when building save search link for createSearchPage

Evidence collection

Collected 1 year ago

Release notes

[3.7.0-alpha.1] - 2023-06-25

  • PHP 8 is now minimal php version #147
  • Fix {pclass_link} returns relative url #146
  • Open-Realty Code Base is now namespaced. This will be a breaking change for addons, hooks, and any third party code that interacts with Open-Realty for it's API.
  • PHP is now using strict_types and Psalm Error Level 4 issues are all resolved.
  • Pslam Error Level 3 issues resolved
  • Deprecation & Removal of usage of global $misc variable.
  • Added BaseClass for all OpenRealty namespaced classes to use, to support Mocking.
  • Resolve level 2 psalm issues.
  • Add Settings Api
  • Setup PDO database connection
  • Add Integration Test for FieldsApi
  • Add Unit Test for addons
  • Phase 1 of removing Adodb complete. #149
  • Consolidate index.php, ajax.php, admin/index.php, admin/ajax.php, and pingback.php and handle with new Loader class.
  • Update Composer dependencies, include psalm to get a fix for psalm #9066.
  • Migrate FieldsAPI to use PDO
  • Fix menu Editor Not Saving. #157
  • Fix Listing & User Date fields in API to expect ISO8601 formated dates. This matches HTML5 date field values.
  • Add Integration Test for LogApi
  • Improve Safety on Field Names in FieldsApi Create
  • Convert ListingApi PDO
  • Convert MediaApi to PDO and improve testing
  • Covert MenuApi to PDO and add tests for MenuApi
  • Covert PageApi to PDO and add tests for PageApi
  • Fix codecoverage reports.
  • Convert PClassApi to PDO and add tests.
  • Convert UserApi to PDO and add tests.
  • Update all Yarn and Composer Dependencies
  • Split controlpanel table into multiple tables, to prevent need for 32k page sizes on MariaDB
  • Fix Tooltips on fields that showed "help_outline" instead of the tooltip icon and text.
  • Improve validation of agent email, mark it has html email field.
  • Fix bug that save user_name as email when creating user.
  • Fix bug in pclass parsing in Listing__search api.
  • Make Settings API fail gracefully when loading additional settings table, to prevent failures durring upgrades.
  • Fix Logs that logged wrong function name.
  • Fix CI release process for alpha & beta releases, gnu grep.

Evidence collection

Collected 2 years ago

Release notes

[3.6.3] - 2022-10-08

Changed

  • This is the last release to support PHP 7.4. All future release will require PHP 8+
  • Improved Display of Tabs on Edit Listing Template Field Dialog.
  • Fixed display of * on required fields on listing, agent, and lead field editor screens.
  • Fixed incorrect isplay of required status as no, even if it was yes on lead and listing field editor dialogs. #139
  • Fix php error in user__create api
  • Fix Admin Site Config Forms now displaying template tags.
  • Fix ability to collapse listing media widget image pane after initial load.
  • Fix ability to collapse user media widget image pane after initial load.
    • Media widget now loads thumbnail images instead of main images and acceptance test added for this.. [#144] (#144)
  • Google Auth was not calling set_session_vars() so login was failing to authorize user.
  • Improve permission checks in listing__delete api
  • Fix error handling in listing__delete api that caused api call to die() instead of returning an error.
  • Fix error in uploading images in media__create api.
  • Improve user__delete api, to remove userdb entry last, to ensure we do not orphan objects if errors occur.

Security

  • Install yarn updates, pull is security fix for node-sass
  • Set autocomplete and spellcheck attributes on all password and user_name fields.

Misc

  • Start Adding some more unit tests
  • Start adding User API Integration Test
  • Start adding Acceptance/Browser Test
  • Start Adding Listing API Integration tests
  • Get Acceptance Test w/ code coverage working in CI.
  • Add Acceptance test for media widget behavior in #143
  • Improve Setup/Teardown for Integration Test
  • Add user media widget acceptance test and fix flaky test for media widget listing & user.
  • Bundler should not package c3.php or tests for releases.
  • Start adding unit test for Login, and standardize our test setups and documentation.
  • Misc Code Documentation, Cleanup, adding unit tests.
  • Start adding User API Integration tests.
  • Improve Node Cache for Docker and CI

Evidence collection

Collected 2 years ago

Release notes

[3.6.2] - 2022-09-14

Chaged

  • Edit All Leads was missing in menu.
  • Fix display of all leads table, which was empty.
  • Fix Listing Template Editor duplicating fields when you edit an existing field.
  • Fix Listing Template Editor not setting yes/no fields, like required correctly. #125
  • Improved HTML Form Validation and fixes issues with validation of required checkboxes. #122
  • Fix PHP errors when manual addon form is submitted with file upload errors.
  • Make userfile field required for form submit on manual addon upload.
  • Admin,Agents, and Members can now login with Google OAuth.
  • Remove stray '] chars from site config listing tab.
  • If usering Google Auth and signup is enabled, user will be automatically signed up.
  • Fix error in listing__search api, when no limit was passed.
  • Fix error in user_manager, when deleting a user that prevent page from reloading.
  • Fix error in listing_update API that allowed an agent to change the listing agent when they did not have edit_all_listing. They could only change this for their current listing, but this is not correct behavior. #136
  • Fix update_listing function allowing a POST without an or_owner field set. #137
  • Fix edit_listings.html template should set a hidden field for or_owner when an agent without edit_all_listing is editing. #135

Security

  • Passwords are now hashed in database using modern password_hash() function instead of md5()
  • User passwords will be updated to new hash automatically on next user login.
  • Remember Me cookies update to use a more secure method, old cookies will not work forcing a new login.

Misc

  • Update PHP Dependencies (twitteroauth, qrcode, phpmailer, and others)

Languages Updates

  • Updates to Portuguese (br - brazilian) language. Thanks to ebmarques for contributing.
  • Additional language text for
    • checkbox_invalid
    • invalid_value
    • google_login
    • google_auth_invalid
    • site_config_google_authentication
    • google_client_secret
    • google_client_secret_desc
    • google_client_id
    • google_client_id_desc
    • listing_error_invalid_agent

Evidence collection

Collected 2 years ago

Release notes

[3.6.1] - 2022-09-03

Changed

  • Fix .htaccess RewriteCond that broke seo friendly urls.
  • Fix some HTML/JS validation warning in the admin template.
  • Fix undefined variable is listing__update api call #119
  • Fix baseurl tags in the material template.

Misc

  • Update gitpod settings, to have name & descriptions for ports.

Evidence collection

Collected 2 years ago

Release notes

[3.6.0] - 2022-08-13

Security

  • Fix CVE-2022-31129 Upgrade Moment JS, Inefficient Regular Expression Complexity
  • Improve DAST Scanning
  • Improve SAST Scanning (Disable some PHPCS rules)
  • Added Anti-CSRF protection on edit_listings form.
  • Added Anti-CSRF protection on media upload form.
  • Added Anti-CSRF protection on media edit form.
  • Security Patch Jquery UI 1.13.2 - CVE-2022-31160
  • Added Anti-CSRF protection on edit page form.
  • Added Anti-CSRF protection on edit_user form.
  • Added Anti-CSRF protection on email a friend form.
  • Added Anti-CSRF protection on add page form.
  • Added Anti-CSRF protection on insert property class form.
  • Added Anti-CSRF protection on site config forms.
  • Added Anti-CSRF protection on add blog form.
  • Added Anti-CSRF protection on the blog_wpinject form.
  • Added Anti-CSRF protection on the add_blog_category_form form.
  • Added Anti-CSRF protection on the add_blog_tag_form form.
  • Added Anti-CSRF protection on the send_forgot form.
  • Added Anti-CSRF protection on the edit_blog_tag_form form.
  • Added Anti-CSRF protection on the edit_blog_category_form form.
  • Added Anti-CSRF protection on the menu_selection_form form.
  • Added Anti-CSRF protection on the add_menu_form form.
  • Added Anti-CSRF protection on the add_item_form form.
  • Fix Code Injection Warning in FileManager
  • Added Anti-CSRF protection on the ajax_save_user_rank call.
  • Added Anti-CSRF protection on the modify_pclass_form form.
  • Added Anti-CSRF protection on the site_config_tracking form.
  • Added Anti-CSRF protection on the addon_manager manual upload form.
  • Added Anti-CSRF protection on the edit listing quick filter forms.
  • Added Anti-CSRF protection on the user manager quick filter forms.

Changed

  • Make js look for class copyright_year instead of ID, when inserting current year.
  • Upgrade abraham/twitteroauth to v4.
  • Fix SameSite setting on php session cookie, that broke twitter auth.
  • Fix pagination on edit_listings, so it returns 403 access denied if you exceed max cur_page
  • Fix pagination on user_manager, so it returns 403 access denied if you exceed max cur_page
  • Misc Yarn/Composer Updates
  • Improve .htaccess and admin/.htaccess
  • Fix pagination on edit_listings & user_manager to handle cur_page < 0
  • Removed some dead code from ckeditor filemanager.
  • Fixed duplicate JS calls on page editor, resulting in duplicate saves..
  • Removed Jquery Cookie library, which we no longer use.
  • Load JQuery on popup and printer friendly pages.
  • Fixed handling of wpinjectform and removed use of ajaxForm plugin
  • Fix switching menus in menu editor, selection didn't work after initial menu.
  • Fixed pagination but on edit listing and user manager when using filters.
  • Fixed wpinject php errors.
  • Remove use of ajaxform in media_upload and ckeditor filemanager.
  • Remove jquery form plugin

Template

  • admin/template/default/add_lead.html - Remove reference to {template_url}/images/ajax-loader.gif
  • Add missing blog_edit_comments.html template

[3.6.0-beta.1] - 2022-07-05

Fixed

  • Updated Composer Install
  • Update Composer Installer to handle composer version upgrades without breaking CI
  • Update Security Scanners for Gitlab 15.
  • Update dependencies
  • Enable load_js and load_js_last for admin, as we have addons that still use it.
  • Remove uneeded js from blog_editor.
  • The controlpanel_template field in site config, was readonly.
  • Fix duplicate DOM Ids on controlpanel form.
  • Improve autocomplete on login form.
  • Remove deprecated call to jqueryUI accordion() in lead editor.
  • Remove document.write call to clear Chrome warning.
  • Add CSP Headers for admin area to help improve security.
  • Removed console.dir() debug logs.
  • Fixed Generic Object Injection Sink vulnerability in lead editor.
  • Fix height of vertical navbar
  • Fix highlight of active page on vertical navbar.
  • Fix package command, that was not compiling CSS..
  • Fix text on page editor revert changes prompt.

Languages Updates

  • Add descriptions for lat/long fields.

[3.6.0-alpha.2] - 2022-04-07

Fixed

  • Login Reset Form showed a SQL error, and always reported that reset link was invalid.
  • Login form now displays forgot password form. [#110])(#110_)
  • Add a check_allow_agent_signup tag for permissions checks.
  • Address Blog/Page autosave issues. #112
  • Update Addon Manager to use ZipArchive function instead of zip_open..
  • Fix tabs on addon_manager
  • Update OneClickUpgrade to use ZipArchive function instead of zip_open..
  • Removed support of "RSXM" format remote API. This removes usages of mcrype in api. Added "RSXM2" which is same format as "RSXM" without the built in encryption. Remove API should only be used on sites that use HTTPS to prevent secrets from being passed in clear.
  • Bump some dependencies with minor updates.
  • Add missing popup.html template files. #87
  • Fix handling of 'notfound' in magicuri parsing, to return admin index page.
  • Fix Undefined Languages on site config social.
  • Fix DAST Scanning
  • Address Generic Object Injection Sink vulnerability in template editor
  • Fix ESLint rule ID security/detect-non-literal-regexp in filemanager.js
  • Update Dependencies
  • Remove wysiwyg_execute_php setting, which was deprecated.
  • Remove apikey setting, which is not longer used.
  • Remove vtour_fovcontrolpanel_vtour_fov
  • Fix issue saving controlpanel_search_list_separator
  • Fix issue saving controlpanel fields that contained HTML

[3.6.0-alpha.1] - 2022-03-12

This is our first developer release Open-Realty 3.6.0. This is NOT a production-ready release. This release is intended to let developers start working to update addons and help test our new admin template.

Changed

  • New Bootstrap5 Admin Template Based on Material DashBoard by Creative Tim
  • Removed usage of ORBetterSerialze JQuery Plugin
  • Removed usage of Jquery UI in the admin area.
  • Removed usage of Jquery Validation Plugin in the admin area.
  • forms.inc.php now outputs Bootstrap styled forms
  • Removed cms_admin_integration template.
  • Added {check_action_(.*?)} and {!check_action_(.*?)} tags. This will let you display/hide content in a template based on the OR action being performed. Eg {check_action_index}I am an index{/check_action_index} will show I am an index if the index page is being loaded. Useful for controlling CSS, etc in menus.

Languages Updates

  • We are now managing language translations using Crowdin. Anyone interested in helping proofread translations can signup at https://translate.open-realty.org/
  • There were many new language variables added as part of the template work. The goal is to have 100% language coverage of the admin area for the 3.6.0 release.
  • Spanish, Brazilian Portuguese, and Portuguese languages now ship with 3.6.0-alpha.1

Template Changes

  • All Admin Templates Files (Old Templates will not work)

Evidence collection

Collected 2 years ago

Release notes

[3.6.0-beta.1] - 2022-07-05

Fixed

  • Updated Composer Install
  • Update Composer Installer to handle composer version upgrades without breaking CI
  • Update Security Scanners for Gitlab 15.
  • Update dependencies
  • Enable load_js and load_js_last for admin, as we have addons that still use it.
  • Remove uneeded js from blog_editor.
  • The controlpanel_template field in site config, was readonly.
  • Fix duplicate DOM Ids on controlpanel form.
  • Improve autocomplete on login form.
  • Remove deprecated call to jqueryUI accordion() in lead editor.
  • Remove document.write call to clear Chrome warning.
  • Add CSP Headers for admin area to help improve security.
  • Removed console.dir() debug logs.
  • Fixed Generic Object Injection Sink vulnerability in lead editor.
  • Fix height of vertical navbar
  • Fix highlight of active page on vertical navbar.
  • Fix package command, that was not compiling CSS..

Evidence collection

Collected 2 years ago

Release notes

[3.6.0-alpha.2] - 2022-04-07

Fixed

  • Login Reset Form showed a SQL error, and always reported that reset link was invalid.
  • Login form now displays forgot password form. [#110])(#110_)
  • Add a check_allow_agent_signup tag for permissions checks.
  • Address Blog/Page autosave issues. #112
  • Update Addon Manager to use ZipArchive function instead of zip_open..
  • Fix tabs on addon_manager
  • Update OneClickUpgrade to use ZipArchive function instead of zip_open..
  • Removed support of "RSXM" format remote API. This removes usages of mcrype in api. Added "RSXM2" which is same format as "RSXM" without the built in encryption. Remove API should only be used on sites that use HTTPS to prevent secrets from being passed in clear.
  • Bump some dependencies with minor updates.
  • Add missing popup.html template files. #87
  • Fix handling of 'notfound' in magicuri parsing, to return admin index page.
  • Fix Undefined Languages on site config social.
  • Fix DAST Scanning
  • Address Generic Object Injection Sink vulnerability in template editor
  • Fix ESLint rule ID security/detect-non-literal-regexp in filemanager.js
  • Update Dependencies
  • Remove wysiwyg_execute_php setting, which was deprecated.
  • Remove apikey setting, which is not longer used.
  • Remove vtour_fovcontrolpanel_vtour_fov
  • Fix issue saving controlpanel_search_list_separator
  • Fix issue saving controlpanel fields that contained HTML