Release Notes for uKnowva 2.4.4

  • Print

Less than a year after releasing uKnwova 2.4.3, Team uKnowva has now come up with uKnowva 2.4.4—Stallion. This new version is more user friendly and like all previous updates, has a long list of updates, bug fixes and new features. In fact, this is uKnowva’s largest release yet, and if you are a developer, you will love it. Read on for more details about the release.

New Features/Improvements

    • Admins can now set the video quality and video size from Global Configuration

    • Added the option of searching by email as well in uKnowva token inputs. For e.g, when you are providing access rights to folders or files in Documents, you can now search for users by their Email address as well
    • Admins can sort users by the Online column in User Manager

    • Document Versioning information has been added in the File Edit layout
    • Admins can select the user groups that can have access to the Instant Messenger from Global Configuration

    • Admins can select parent menus for menu items

    • Added an option for Admins to reset user passwords from their profile pages; this code was added in plugins/community/uknowva/uknowva.php

    • User Thumbnails will now be seen in notifications from Documents and Discussion Forum

    • Users can read all past notifications, mark notifications as read, and delete notifications

    • Admins can edit user profiles from the front end itself. Go to the user’s profile page and click “Edit Profile”

    • Text fields in the Edit Profile page now have the auto-complete feature
    • Admins have an option to export a list of users from User Manager

    • Removed the session-based cache from superior and sub-ordinates functions in convhelper.php
    • Group administrators can now add members to the group (in addition to uKnwova administrators)
    • Added the facility of showing the usernames of users that were skipped while importing users from a CSV file
    • Added tableinput type of user fields in community custom profiles
    • Added video statistics to the profile page along with tooltips


  • Added the feature of recursive permission selection while editing a folder; it has got 7 options:
    1. Yes, gracefully in folders and files
    2. Yes, gracefully in folders only
    3. Yes, gracefully in files only
    4. Yes, forcefully in folders and files
    5. Yes, forcefully in folders only
    6. Yes, forcefully in files only
    7. No
    • Gracefully means only the folders/files that had a similar access level like that of this folder earlier will be assigned the new permissions
    • Forcefully means, all underlying folders/files will be compulsorily assigned the above permissions
    • If no is selected, the above permissions will not be assigned to any of the underlying folders/files

  • Improved the look and feel of the Advanced Search page
  • Added the option of disabling user creation in LDAP plugin; LDAP plugins will now be used only for user authentication and not user account management
  • Now define which user group a user goes into when his account is created automatically
  • Added more options in mod_latestmembers configuration like sort by date, sort direction, no records text, days limit, etc. Admins can now sort the user list by register and last visited date and more fields
  • Admins can now reset passwords for users who are using a remote mode of authentication
  • Empty designations in the user upload file do not overwrite existing designations
  • Added tooltips to Block user and Report user option in the Profile page

  • Added Advanced Search in the Knowledge menu
  • Added a new Cache Manager; view more details and/or download it from here
  • Made multiple user groups for single user possible. Refer this link 
  • Removed blocked users from chat list
  • Added back button in file versions popup
  • Introduced onAvatarStatusOverlay for user and community plugin; check this link 
  • Added Created On and Last Visited On columns in User Manager export; also gave direct download link for files
  • Made a provision such that if Allowed IPs field to execute web services is kept blank in Global Configuration, then all hosts shall be allowed
  • Added notifications for forum replies as well, in case the topic is access protected
  • Added Root Directory Information under System Information

  • Chat disabled on tabletsd
  • Admins can access all menu types in Menu Manager
  • Added Root Directory Information under System Information

  • Events in the calendar can be filtered depending on the types of events displayed below the calendar

  • Added a Widget Manager in uKnowva Configuration

Bug Fixes

  • Resolved the Kunena bug of YouTube videos not playing over an HTTPS connection
  • Commented out all error_reporting on statements in certain widgets to not display unnecessary errors
  • Added a view-level check in Croute::_getViewItemid function to make sure URLs are cached separately for different types of users. Caching is now done according to User Group in JRoute and Croute
  • Fixed the issue of param_value not getting set properly due to some encoding issues in /media/conv/common.js
  • Fixed the reference of $this in non-object calls in com_community/libraries/profile.php in getFieldHTML()
  • Resolved the core bug of "Show all Notifications" not showing the latest notifications
  • “embed_link” added to getAttachmentinfo and getAttachments in file model of uvwdocs
  • Fixed a core Joomla! bug of scripts getting repeated in the head tag when caching is on. Refer this link for more info
  • Changed the Home icon link in toolbar.index.php to "JURI::root" from "/" so that it works in subfolders too
  • Fixed the issue of double ajax call when a folder is clicked. Made changes to refresh_mainarea function in com_uvwdocs/uvwdocs/views/tmpl=default.php (made it work with IE as well)
  • Fixed the issue of public_html permission changing to 777 after jomsocial photo upload by adding the following in JFile::delete()
    if(is_file($file))
    chmod($file, 0777);
  • Fixed the issue of target="_blank" not coming in toolbar menu by adding relevant code in com_community/models/toolbar.php and templates/uknowva/toolbar.index.php
  • Fixed the issue of refresh not working in subfolders by adding
    '#'+hash==window.location.hash
    in refresh_divarea function in uvwdocs/default.php
  • Fixed a silly bug of the same images being assigned to multiple users while importing from user manager. Simply changed the code
    $fileName = JUtility::getHash( time().$files[$i] );
    to
    $fileName = JUtility::getHash( time().$user->username );
  • Fixed the issue of notifications not going in case of folder/file share when a catid is entered in plugin param and file is uploaded in one of its subfolders
  • Fixed the issue of ePayload not working in IE as IE does not set HTTP_REFERER correctly. Basically we now check HTTP_REFERER and HTTP_UKNOWVA_ALT_REFERER, HTTP_UKNOWVA_ALT_REFERER will be set by plugins in their code
  • Rectified the issue of Kunena add the name of the current user when a guest posts; made changes to CKunenaLink::GetProfileLink () function
  • Fixed a bug of same images being assigned to multiple users while importing from User Manager. Changed the code
    $fileName = JUtility::getHash( time().$files[$i] );
    to
    $fileName = JUtility::getHash(time().$user->username)
  • Fixed the issue of notifications not going in case of folder/file share when a catid is entered in plugin param and file is uploaded in one of its subfolders
  • Removed the timeout option in uKnowva web service
  • Fixed the issue of users being able to vote on polls past their closing dates. Refer this link for more information
  • Fixed the issue where on clicking the photos in an album linked to the uploader’s profile. It was fixed by updating CRoute::_() and CRoute::_getViewItemid();
  • Fixed the issue in MyCalendar where after adding an event for a future month, the page would refresh to the current month. Added this code to correct the error:
    $conv('#uknowva_calendar').fullCalendar('refetchEvents'); 
  • Fixed the issue of Juser::load when photos are uploaded in group from share photo option
  • Added CURLOPT_SSL_VERIFYPEER in com_custom installextension when fetching ukv from uKnowva
  • Handled the date formatting issue for date type fields in community_fields in user mgr plugin
  • Fixed the bug in uvwdocs where the page would not scroll to the top on entering any folder
  • Resolved the error where a downloaded PDF document was getting saved as “document.pdf” instead of its actual name

For Our Developers

  • Developers have help in creating system workflows using the newly pluginified ConvHelper::addNotification() function. The new event is onStoreGlobalNotification($notification). $notification is an array which has the following keys:
    • user_id: the id of the user
    • content: the HTML content of the notification
    • link: the link of the notification; basically, this is the link where the user should go after clicking on the notification
    • type: the type of the notification
    • icon: the icon for the notification; it is an image
    • readonlyonce: specify whether the notification is readonly once or not
  • Pluginified sendMessage too. Now, whenever a user sends a personal message, plugins of type user and community shall be fired. These plugins are currently used to trigger notifications to phones. The event is
    onSendMessage($message,$receipients,$isreply)
    • $message is an array with following keys:
      • id
      • from: user who sent the message
      • posted_on: date
      • from_name: name of the sender
      • subject
      • body
    • $receipients is an array of recipients’ user ids
    • $isreply is a Boolean, which is true in case of a reply and is false in case of a new message
  • Added functions: ConvHelper::isImmediateSuperior and uknowvaFactory::getUser()-->isImmediateSuperiorOf(). Both functions return Boolean values
  • Added the below code in com_community/libraries/core.php to make sure Croute looks into other menus as well instead of just the Apps toolbar for itemids (CRoute makes SEF URLs)
    if(empty($val)) /* if nothing found in the apps toolbar, get it from convhelper method
    $val = ConvHelper::getComponentItemid('com_community&view=' . $view);
  • Added metadata.xml in com_community/views/notification
  • Added a request cleaning script in the ajaxadd() function of sending message in inbox.php controller in com_community
  • Added functions for getting a user’s immediate subordinates in ConvHelper.php: ConvHelper::getImmediateSubordinates() and uKnowvaFactory::getUser()->getImmediateSubordinates()
    • When $groups is passed, only subordinates belonging to that group shall be returned
      public function getImmediateSubordinates($groups = array()){ 
      return ConvHelper::getImmediateSubordinates($this->id,$groups); 
      }
      
  • Added the code parent::__construct($id); in CUser constructor to make sure it calls its parent class constructor too. Same done for the JUser constructor as well
  • Added the function getDocsFolderPath() in convhelper that gives the root path of docs
  • Introduced the goBack function in JApplication class, it simply redirects to the last page
  • Added a new function for Silent Dump (sdump). This will add HTML comments to all var_dumps. It is called as follows:
    sdump($var1);
    sdump($var1,$var2,$var3);
  • Added the following code in uploading label in uknowvaui class. This was done for IE, as when files are getting uploaded the percentage is not displayed. A loader will be now displayed instead 
    <img src=\"/images/loader.gif\" />
  • Updated the following code in apps.php in com_comumunity/libraries (changed from $arrayParams to $user)
    $obj->data = $plgObj->onProfileDisplay();
  • Added two more functions getTimeZone and getTimeZoneOffset in user.php which has class JUSer
  • Added the getCompleteProfile() function in Cuser class. This function gives the complete profile of a user as an associative array with the fieldcode as key
  • Added the verifyPassword() function in JUser class. This function rechecks the current user’s password before carrying out sensitive tasks (for e.g., exporting user list)
  • Added the function pushFile() in uvwdocs file model. This function will push files created in other locations of uKnowva to the uKnwova Docs System. For e.g., if a user uploads a file in My Documents on his profile page, that file will be automatically moved to the Document Reporsitory
    • $filepath is the physical location of the file and options could have keys like title, cat_id, access_level, etc.
    • If self_destroy=true, the file located at $filepath will be deleted after copy
    • If replace_existing = true, then any existing file with same name will be deleted and the new file be replaced, else the file will be renamed and saved
      function pushFile($filepath,$options=array(),$userid=null,$self_destroy = true,$replace_existing = false){ 
  • Added an effective way of calling plugin functions securely from plugin themselves: The following functions have been written in class JPlugin ()
    • getHookKey()
    • getHookURL()
    • unsetHookKeysFor()
    • unsetAllHookKeys()
    • unsetHookKey
    • Also added its function in com_custom controller: triggerHook()
  • Introduced a new way to declare select lists—just give class="uselect" to get searchable and much user friendly select lists. You can specify the rel attribute as well like it is done in toolTip class
  • Added the option of numeric fields in type=text fields in com_community
  • Included juserhelper class by default in user.php of Joomla!
  • Added $this->item->created_by == JFactory::getUser()->id; in canedit property in com_content/article/default.php to make sure edit access is provided to the person who created the content
  • Introduced the function getGroupByID in JUserHelper class to get groups info by id
  • Added code such that only admin users will see failed cache deletion message. Refer this post for more info
  • Added the group filtering options in JUser's and ConvHelper's superior and subordinate functions. Developers can extract superiors and subordinates of users in a particular user group by passing group id
  • Added another param called @$check_referer in JRequest::checkToken function; if the $check_referer is false, then $_SERVER['HTTP_REFERER'] will not be checked
  • Set content-encoding as uknowva in reponse.php in function compress
  • Added the parameter of Allow resetting of passwords for remote authentication in com_users options
  • Added the strip_tags and substr in photo search of community search plugin
  • Since the dynamic setting of memory limit does not work in windows, added the windows check in convhelper::forceDownload function
    if(strtoupper(substr(PHP_OS, 0, 3)) !== 'WIN'){
  • Renamed Lock user to Disable user in com_community language filer
  • Added the register_shut_down function in loader.php to handle PHP fatal/parse errors. The error page is now displayed for fatal/parse errors
  • Added strip tags to title tag in fetchHead() of JDocumentRendererHead in /libraries/joomla/document/html/renderer/head.php
  • Added params in com_users to allow reset of name/email from frontend by users
  • Developers can now get the itemid of a component by entering its name. Added a parameter in convhelper::getcomponentitemid() called $return_current. It returns the itemid associated with a component if a link to this component is available in the menus table. Its function definition is:
    getComponentItemId($component_name,$strict = false,$return_current = true)

  • Added a new configuration setting in com_uvwdocs. This can be used to set version upload access to users with upload or edit rights
    • Parameter name: Enable users with upload access to create new versions
    • Description: If set to no, the document creator and the users having edit access to the document will have the rights to create new versions of any document, else users with upload access to the folder shall also have access to do so
  • Warnings will now be displayed only to Admins. Added the following code in Juser::load function to implement this:
    if(uKnowvaFactory::getUser()->isSuperAdmin())
  • In authentication user function of com_custom, we have made provision to send the username and password in u and p variables, respectively, in the request; the values will be base64 encoded here
  • Added default class as inputbox to password fields in libraries/joomla/form/fields/password.php
  • Added the code of automatically subscribing users to uKnowva mailing list on save
  • Added enable_mailinglist_subscription in Global Configuration Admin setting plugin
  • Added REFERER & UKNOWVA_ALT_REFERER check in JRequest::checkToken function itself
  • Added uknowva-app as a mobile/tablet user agent
  • Added code in modal-uncompressed.js and modal.js to make modal popups responsive, as defined here
  • Compressed the JS of media/system/js/modal.js
  • Added the following code in com_community/helpers/access/groups.php groupsMemberRemove() function to allow group admins to remove members from a group
    $group->isAdmin($userId) 
  • Made the com_community popups responsive by adding js code in window-1.0.js and some css in style.css
  • Added getProfileAnchor() in JUser as explained here
  • Created a $db object in uknowvatable::__construct if the $db is not passed
  • Added description as input in field types as spacer (to override layouts of plugins)

Security Enhancements

  • Added strip_tags in templates/color.php to avoid cross site scripting
  • Strengthened the security by adding a referrer restriction in JRequest::checkToken to prevent almost all kinds of CSRF/phishing attacks. For each request the URL of the previous page is now checked so that attacks can be prevented
  • Removed the jsoc include statements from error.php and made error message details visible only to logged in users
  • Made the Profile edit form safe from CSRF attack by adding the checkToken code in _saveProfile function of profile controller in /components/com_community/controllers/profile.php
  • Made chatrooms.js handle injection attacks by changing the /chat/modules/chatrooms/chatrooms.php and chat/modules/chatrooms/chatrooms.js
  • Added a check of view access as well in case of upload/edit/delete access in category/file model of com_uvwdocs
  • Added the following new options in php.ini of online installers for better security:
     session.name = UKNOWVASESSID //now php sessions cookie will be stored in this name
     session.cookie_httponly = 1
     session.use_only_cookies = 1
    
  • Added the following in .htaccess to prevent SQL files from being downloaded via URL:
    Files ~ "\.sql$">
    Order allow,deny
    Deny from all
    Satisfy all
    </Files> (sec)