Movable Type 5.02 Release Notes
This version of Movable Type was released May 11, 2010.
A patch for Movable Type 5.02
There is a patch released for Movable Type 5.02. Movable Type 5.02 has an error in Publish Queue for archive templates. This error occurs when you publish your archive templates via Publish Queue. Run-periodic-tasks doesn’t publish archive templates properly. Only index templates are published.
Please download the patched code from the release page, and follow the instructions to put it in place.
1e6f718b174decc285407af4f35f2663New and Updated in Movable Type 5.02
Security Fixes
Fix XSS vulnerabilities
Movable Type 5.02 fixed some of the parameters in the Content Management System (the Movable Type administrative user interface) to be escaped properly.
<div class="section">
<h4>Versions affected</h4>
<p>It is highly recommended to upgrade if you are using</p>
<ul class="bulletPoint">
<li>Movable Type Open Source 5.0 and 5.01</li>
<li>Movable Type 5.0 and 5.01 <span class="memo">( with Professional and Community Packs)</span></li>
</ul>
<p>to the corresponding latest versions.</p>
</div>
Disable mt-check.cgi after the installation
<p>As a result of security improvements at Movable Type 5.02, the direct access to mt-check.cgi is disabled after the installation. You can access to the system information by either of two processes.</p>
<ol>
<li>Sign-in as a system administrator, and access to [System Overview] > [Tools] > [System Information]</li>
<li>Rename "mt-check.cgi" to "mt-check-unsafe.cgi". This will allow you a direct access to the URL (mt-check-unsafe.cgi) for 10 minutes. Once having confirmed the system information, don't forget to rename it back to "mt-check.cgi" though it would be disabled automatically after 10 minutes.</li>
</ol>
<p>Related FogBugz cases : <a href="http://bugs.movabletype.org/default.asp?103363">103363</a>, <a href="http://bugs.movabletype.org/default.asp?103196">103196</a></p>
Other Changes
<ul>
<li>Remove Technorati from Web Services. <a href="http://bugs.movabletype.org/default.asp?103717">103717</a></li>
<li>Add new callback "build_dynamic" for dynamic publishing. Please refer to <a href="https://svn.sixapart.com/trac/eng/changeset/121908">Change set 121908</a> for the detail. <a href="http://bugs.movabletype.org/default.asp?103826"> 103826</a></li>
<li>Add "DefaultLanguage" to mt-config.cgi-original. <a href="http://bugs.movabletype.org/default.asp?103177">103177</a></li>
<li>Add "blog_id" attribute for mt:Link. <a href="http://bugs.movabletype.org/default.asp?103561">103561</a></li>
<li>Some of the modules in extlib folder have been updated.</li>
<li>New optional module Cache::File is added to mt-check.cgi and mt-wizard.cgi . <a href="http://bugs.movabletype.org/default.asp?103891">103891</a></li>
</ul>
Known Issues in Movable Type 5.02
- mt:ArchiveTitle removes and encodes html by default, use mt:CategoryLabel instead.103542
- Entries, Pages and Templates are not stored in the revision history. 103600
- 1. When you edit a template that is linked to a file.
- 2. When you create or edit an Entry/Page by XML-RPC or ATOM API.
- 3. When you create a new entry from mt-cp.cgi.
- Cannot publish category archives when the category name contains "/" 103952
- Cannot exclude Custom fields when cloning a blog. 103647
- Cannot save pages on the batch editing mode with “Manage Page” privilege. 103967
- mt-search.cgi query containing bare word beginning with "not" does not return expected results. 103971
Resolved Issues in Movable Type 5.02
Template Tags
- mt:Assets with include_blog=”N” / tag=”foo” doesn’t work. 103385
- mt:AssetThumbnailURL doesn’t create a thumbnail when width or height is 75px. 102463
- mt:Authors with any_type=”1” include_blogs=”all” attribute doesn’t return all users. 103655
- mt:AuthorFollowersCount is not updated after deleting users. 103568
- mt:ArchiveLabel should respect blog’s language preference instead of user’s language preference (static publishing). 103804
- mt:ArchiveFile outputs index.html (IndexBasename) in Archive Context. 103698
- mt:ArchiveTitle for individual entry archive is garbled when entry title contains “<>”. 103564
- mt:CommentAuthorLink with no_redirect=”0” attribute doesn’t work. 103230
- mt:Entries with sort_by custom field doesn’t work on archive listings. 98025
- mt:EntryAuthorLink with “type” attribute doesn’t publish the correct url in category archives. 103300
- mt:Include and mt:SetVarBlock with “append” / “prepend” attribute doesn’t work. 103374
- mt:WidgetSet doesn’t display error message correctly.103720
Dynamic Publishing
- mt:ArchiveTypeLable behaves different in static and dynamic publishing. 103805
- mt:IfNonZero with “name” attribute doesn’t work at dynamic publishing. 103470
- mt:IfFolder doesn’t work in dynamic publishing. 103692
- mt:Pages with sort_by=”author_id” doesn’t work in dynamic publishing. 80047
- mt:PageIfTagged doesn’t work in dynamic publishing. 101093
- Pagination does not work in dynamic publishing. 103461, 101025
- Fileinfo records are not removed after the template map was deleted. 103786
- templates_c directory is not created properly for dynamic publishing. 103546
Themes and Templates
- Cannot save “GlobalJavaScript” template after editing it. 103471
- Author archive mappings say “Display Name” but use “Basename”. 103749
- Cannot apply a theme with default_prefs (Blog/Website preferences) in the theme.yaml. 103846, 103154
- Browser related issues in template editor. 103288
- SearchAltTemplate does not work correctly. 103443
- Some double-byte characters are displayed by character code on email templates. 103431
- Template preview shows error when the template doesn’t have a prior archive mapping.103518
- Module Caching doesn’t expire properly after creating or modifying Asset. 103834
- Cannot select “All websites and blogs in this system” and “All blogs in this website” after navigating MultiBlog Triggers. 103808
- Comment order preference is not respected on Pico blog. 103726
- Only index templates are re-published after changing site URL and path. 100570
- Cannot refresh a template with linked file. 103768
- Remove unnecessary templates from default themes. 103762
- Some backed up templates get rebuilded and failed to rebuild. 103508
- Theme author name should be optional. 103334
Entries and Pages
<ul>
<li>Tag auto-complete doesn't work on page and asset editing screen. <a href="http://bugs.movabletype.org/default.asp?103788">103788</a></li>
<li>mt_objectasset is not deleted after deleting the page.<a href="http://bugs.movabletype.org/default.asp?103792">103792</a> </li>
<li>Links in Calendar widget are broken when multiple scheduled posts are published at the same time. <a href="http://bugs.movabletype.org/default.asp?100747">100747</a></li>
<li>Rich Text Editor doesn't trigger auto saving. <a href="http://bugs.movabletype.org/default.asp?103285">103285 </a></li>
<li>Set "Preview" as a default enter key behavior on the posting screen. <a href="http://bugs.movabletype.org/default.asp?103223">103223</a></li>
<li>Category-Monthly archive doesn't display an entry published on 00:00:00. <a href="http://bugs.movabletype.org/default.asp?103218">103218</a></li>
<li>mt:PageBasename displays preview path on preview screen. <a href="http://bugs.movabletype.org/default.asp?103517">103517</a> </li>
</ul>
API
<ul>
<li>Bad Structure in XML-RPC wp.getPages response. <a href="http://bugs.movabletype.org/default.asp?102584">102584</a></li>
<li>System Admin cannot access MT by XMLRPC. <a href="http://bugs.movabletype.org/default.asp?103652">103652</a></li>
</ul>
Assets
<ul>
<li>Cannot upload some transparent gif files due to the security check. <a href="http://bugs.movabletype.org/default.asp?103602">103602</a></li>
<li>Cannot display some full-size images due to the file name. <a href="http://bugs.movabletype.org/default.asp?103596">103596</a></li>
</ul>
Search
<ul>
<li>Add "Remove" button on the users search result. <a href="http://bugs.movabletype.org/default.asp?103802">103802</a></li>
<li>Website level Search & Replace doesn't include pages and activity log in child blogs. <a href="http://bugs.movabletype.org/default.asp?103810">103810</a></li>
<li>Add blog search on the website lever search. <a href="http://bugs.movabletype.org/default.asp?103736">103736</a></li>
<li>Display parent-website name on system level blog search. <a href="http://bugs.movabletype.org/default.asp?103767">103767</a></li>
<li>User search doesn't work on the website/blog dashboard. <a href="http://bugs.movabletype.org/default.asp?103411">103411</a></li>
<li>Alternative template is not always used for paginated search results. <a href="http://bugs.movabletype.org/default.asp?103679">103679</a></li>
<li>List order of the Search & Replace result. <a href="http://bugs.movabletype.org/default.asp?103484">103484</a>, <a href="http://bugs.movabletype.org/default.asp?103730">103730</a></li>
</ul>
Comments and Sign-in
- Move to “Manage Comment” after replying a comment. 103580
- Publish All Files after changing “Comment Settings”. 103837
- SpamLookup - Junk setting is not displayed properly. 103816
- Cannot sign in for commenting using OpenID authentication of AIM and yahoo.co.jp. 103885
- Replied comments are not associate to the cloned blog. 103540
- Mixi OpenID comment doesn’t work with a multi-byte mixi Nick Name. 103447
- Comment reply is not saved with proper HTML escape.103210
- Remove Action menu on Edit Trackback. 103751
Websites and Blogs
<ul>
<li>Cannot save blog URL as blank.<a href="http://bugs.movabletype.org/default.asp?103496">103496</a></li>
<li>Blog is not listed when a user has only "Manage Templates" system permission.<a href="http://bugs.movabletype.org/default.asp?103526">103526</a></li>
<li>Cannot delete spam comments from the website comment list. <a href="http://bugs.movabletype.org/default.asp?103619">103619</a></li>
<li>Cannot create a new website only with "Create Websites" permission. <a href="http://bugs.movabletype.org/default.asp?103323">103323</a></li>
</ul>
Professional and Community packs
<ul>
<li>Cannot remove "Favorites" on a Community forum and blog. <a href="http://bugs.movabletype.org/default.asp?103425">103425</a></li>
<li>Invalid commenter link with a comment pagination. <a href="http://bugs.movabletype.org/default.asp?103472">103472</a></li>
<li>CustomFields::Util::field_loop doesn't make field's list correctly. <a href="http://bugs.movabletype.org/default.asp?93664">93664</a></li>
<li>Custom Field Basename uniqueness is per site/blog, not installation. <a href="http://bugs.movabletype.org/default.asp?103354">103354</a></li>
</ul>
CMS and Core
<ul>
<li>Fix the pagination in CMS. <a href="http://bugs.movabletype.org/default.asp?103735">103735</a>, <a href="http://bugs.movabletype.org/default.asp?103744">103744</a></li>
<li>Cannot restore a backup by uploading a manifest file from CMS when it contains assets . <a href="http://bugs.movabletype.org/default.asp?103317">103317</a></li>
<li>Entry Export ignores Private tags. <a href="http://bugs.movabletype.org/default.asp?103194">103194</a></li>
<li>BlogStats's doesn't work for the tag cloud with double quote character.<a href="http://bugs.movabletype.org/default.asp?103160">103160</a></li>
<li>Export theme doesn't work if the MT had been upgraded from MT3.38 to MT5.0. <a href="http://bugs.movabletype.org/default.asp?103329">103329 </a></li>
<li>User search doesn't work within a grant permissions modal dialog. <a href="http://bugs.movabletype.org/default.asp?103710">103710</a></li>
<li>Better pagination for the comment list on the published entries. <a href="http://bugs.movabletype.org/default.asp?103356">103356</a></li>
<li>mt-check.cgi cannot recognize Crypt::DSA 0.16. <a href="http://bugs.movabletype.org/default.asp?103394">103394</a></li>
<li>mt-wizard.cgi doesn't work without LWP::UserAgent (added to extlib). <a href="http://bugs.movabletype.org/default.asp?103553">103553 </a></li>
<li>Missing ?> in function.mtentrycommentcount.php file. <a href="http://bugs.movabletype.org/default.asp?100620">100620</a></li>
<li>Component.pm does not honor plugin_template_path in template_paths sub. <a href="http://bugs.movabletype.org/default.asp?103492">103492</a></li>
<li>The string "Internal callback" is not localized. <a href="http://bugs.movabletype.org/default.asp?103307">103307</a></li>
</ul>
Patches and Reports from our community
This release included patches and contributions from our community. Thank you very much for all of your help to make Movable Type better !
Patches
- Taku Amano (103210, 103154, 103154, 93664)
- Hajime Fujimoto (103846)
- RVR (103307)
- Makoto Kawasaki (101025)
Reports
- Mark Carey (100620, 103786)
- Sarah Hughes(103698, 102463)
- Bill George (103771)
- Chad Everett (103749)
- Clint Pells (102584)
- Hajime Fujimoto (103720)
- Mihai Bocsaru (103568)
- Mike Thomsen (102463)
- Shu M. (103461)
- Su (102463)
We’d also like to say thank you who have posted reports from the feedback form and our online forums. Though your name is not identified here, your contribution was vital for this release.