Movable Type 4.31 Release Notes
This version of Movable Type was released August 20, 2009.
Minor Security Issue with Entry / Archive Pagination in MT 4.3
With the addition of entry pagination via search, we introduced the possibility of a user viewing a template that might show PHP/ASP code that was not designed to be viewed by the end user and couldn’t be executed. Although there are ways to run PHP under CGI, we put the following barriers in place:
- Only allow the templateid parameter when the archivetype parameter exists.
- Force the template being used to match the archive type (e.g. if you’re trying to paginate category archives, the template you’re using has to be one that is producing category archives).
- Not allow the use of the template_id parameter when the extension is php or asp.
- Created a config directive (SearchAlwaysAllowTemplateID)that would always allow the use of template_id.
Linked assets widget on edit entry screen not localized
Localized the text in the entry asset widget.
Error in Movable Type 4.3 on rebuild or comment submission "Metadata allow_anon_recommend on MT::Blog not found"
Fixed an issue where you would see the error "Metadata allow_anon_recommend on MT::Blog not found" in various points of the app.
Poor thumbnail image quality using GD
Improve quality of image thumbnails when using GD by creating them as 24-bit color images instead of 8-bit.
MTIfArchiveEnabled tag returns true for archive mappings set to "Do Not Publish"
The mt:IfArchiveTypeEnabled tag now does not return true for archive mappings set to "Do Not Publish"
Not all system templates set system_template MT variable
Fixed a bug where not all system templates set the the system_template variable.
non-superuser editing in system-wide Comments listing
Fixed an issue where non-superusers could see all of the blogs in the global comment listing. Now, only superusers can see them all.
Pagination of Entries includes Pages when viewing dynamically
When using the search-based entry pagination, MT Pages were being included. We’ve fixed this.
Image assets tags not working with custom fields or without it
When using custom fields in conjunction with entry assets in MT 4.3 Pro, you would lose the entry-asset association on entry save. This bug has been fixed.
MT4.3 mt.js does not respect the CommentScript config directive and causes the dynamic comment listing to fail
Removed some hard-coded references to mt-comments.cgi in mt.js. It now properly uses the CommentScript tag.
Registry corruption caused by MT::Worker::SummaryWatcher
Added a patch to avoid registry corruption caused by MT::Worker::SummaryWatcher. (Thanks Reed!)
Comment Author Link Returns 404 Instead of Linking To Author Page in Community Template Set
Fixed an issue where the profile_view_url variable was not being passed to any page of comments after the first one (in the Community template set).
Unsaved entry preview loses asset association
Fixed a bug where asset associations in an unsaved entry were lost after previewing and returning to edit the entry.
afinta on August 23, 2009, 1:08 p.m. Reply
Does this fix the search issue and tags issue?
“You used an ‘mtPageID’ tag outside of the context of a page; perhaps you mistakenly placed it outside of a ‘MTPages’ container?”
EverydayCitizen on August 26, 2009, 3:11 p.m. Reply
I’d also like to ask about the error that ‘afinta’ also asks about in her comment above. I have found this very distressing error to pop up sporadically when using the search function. Mind you, I am talking about a clean install of 4.3 at a website that is not yet visible to the public. The site is not cluttered with any template modifications, so this error is clearly a result of something that is not right with the 4.3 package, off the shelf.
The error message and page that is produced is kind of convuluted, but I concur with the commenter above that the basic message of the error is:
“You used an ‘mtPageID’ tag outside of the context of a page; perhaps you mistakenly placed it outside of a ‘MTPages’ container”
Are you fixing this?