Welcome to the CuteNews

CuteNews is a FREE, powerful and easy-to-use news management system based on flat files as a storage with quick installation, search function, file upload management, backup & restore, IP banning, permission levels supporting, flood protection and many more. Moreover Cutenews is UTF-8 fully compatible system.

View project on GitHub Download Cute News 2.1.2 zip (2.06 Mb) 26.04.2018

Cutenews changelog

v2.1.2 (2018, April, 26)

ADD     New search order by field 'vcnt' (news views count)
FIX     Fix bootstrap fonts glyphicons
FIX     Improve warning message form
ADD     Add hook to echo headers links with guest mode for hook('core/headermenu')
FIX     Fix reassign PHP_SELF for rewrite module
FIX     Fix bug with overriding PHP_SELF
FIX     Fix problem was checking the Avatar when updating user data
ADD     Users can modify URL template for make custom query by returning modified data from hook('news/authorurl')
FIX     Fixes bootstrap templates

v2.1.1 (2018, March, 28)

ADD    Added the LOGIN button in the navigation menu
ADD    Was added a global variable $SiteTitle for the title of the site.
FIX    Assign a PHP_SELF constant using a user override $PHP_SELF
ADD    Added Localization for breadcrumbs in Dashboards
DEL    Removed the red button class for ReedMore.
FIX    Replaced the link of the (user's mail) to the Module.
FIX    Fixed URL direction. Replacement of index.php with PHP_SELF
ADD    Added "div" tag at the end of the capcha image
FIX    Replacing the link of comments authors on user's module, or email if it was a guest's
ADD    Added a bootstrap class for the delete comment button.
ADD    Added a bootstrap class for form
FIX    Fixed links in the breadcrumbs
FIX    Corrected directory name of for USERS on the way in zip-class
FIX    Fixed URL direction after deleting words in localization
ADD    Added links to news in the news manager for users without the right to edit news.
FIX    A few edited templates for the bootstrap

v2.1.0 (2017, December, 22)

ADD    A new interface of Dashboard based on bootstrap framework
FIX    Output of the maximum width of image in the news preview
       Filtering the output of links in the preview
       Output of images in TITLE is deleted
       Fixed a bug while unpacking backup from ZIP file
ADD    Action choice in the media gallery is added
       Added the opportunity to insert several images via popup in the media gallery
FIX    Corrected the message about empty archives when selecting the news listing
ADD    Added breadcrumbs in the news and the listing
UPDATE Updated the module interface for localization
FIX    Increased coverage of messages for localization (minor)
FIX    Fixed bug of category management (auto-incrementing id)
FIX    Fixed incorrect listing display when deleting a category

v2.0.4 (2016, June, 1)

Fixed the profile picture vulnerability and added an extra check on the type of an uploaded file from the Media Gallery and from the user profile.

v2.0.3 (2015, April, 21)

1. Fixed the error of displaying pagination when filtering by nonexistent category.
2. Fixed the error of configuration conversion when migrating from version 1.5.3.
3. Fixed the error of generating links to news when mass changing category in news editing mode.
4. Adjusted the functioning of filters in the news list in EditNews, now filtering by category in All categories doesn't overwrite the filter specified via Change filters.
5. Adjusted the displaying of image options in Inline Media manager when adding icons to category.
6. Fixed the generation of the path to the first page in pagination when Rewrite is enabled.
7. Fixed the error of saving the contents of new user templates.
8. Fixed the error of settings the configuration for the global array $ _GET.
9. Fixed the error of filtering on the list of categories when setting variable $ category.
10. Removed support for bb-code [image], now all images can only be inserted via Media Manager.
11. Changed the principle of filter formation on the list of news Edit News, now several categories can be chosen for filtering.
12. Fixed the error of downloading files other than images in Media Manager.
13. Added utility for converting indexes, that fixes bugs after the removal or archiving of news.
14. Redesigned user authentication mechanism, now it runs based on phpsession, cookies are used only when the "Remember me" option is used.
15. Redesigned the mechanism of pagination and indexes conversion when uploading news.
16. Fixed authentication error when trying to leave comments.
17. Added the highlighting of newly downloaded files via URL.
18. Fixed display of pictures in Picture Manager.
19. Fixed the error when loading an incorrect URL in the media manager.
20. Removed some notices from the code.
21. Fixed the error when registering guests in the system.
22. Fixed errors when migrating news and users from 1.5.x and 2.0.x.
23. Fixed the errors in the template when Rewrite is enabled and the error when switching between news.
24. Fixed generation of thumbnails in Dashboard > Media manager.
25. Fixed error of storing thumbnails when deleting the original image file in Dashboard > Media manager.
26. Separated the functions of thumbnail generation and image resizing in Dashboard > Media manager.
27. Fixed bug with thumbnails not moving when the original image was moved in Media manager.
28. Fixed behavior of multiple files uploading form in Dashboard > Media manager, now the contents of previous file selection field is not reset when adding a new file selection field.
29. Adjusted pop-up message appearing when trying to download a file with a size larger than that specified in the option PHP upload_max_filesize in Dashboard> Media manager.
30. Fixed error with moving file groups to different folders in Dashboard > Media manager.
31. Added message 'No selected files for upload' to Dashboard > Media manager.
32. Corrected behavior of checkbox Move up when moving files to media Manager.
33. Fixed layout of messages displayed in inline Media manager.
34. Added avatars to Dashboard > Personal options and output avatars variable {avatar} to news  templates.
35. Fixed bug with saving flag 'Hide my e-mail from visitors' in Dashboard > Personal options.
36. Removed duplicate message 'Confirm new password' in Dashboard > Personal options.
37. Added preview of quick and full news according to their templates when editing / adding news.
38. Fixed bug of links generating in news preview block when editing / adding news.
39. Improved the conversion of diacritics when generating a page alias when editing / adding news.
40. Fixed the bug of resetting the date of publication when previewing news when editing / adding news.
41. Added protection against Clickjacking attacks in Dashboard.
42. Eliminated possibility of  XSS-attack via error when editing comments.
43. Fixed bug with access rights checking when deleting user comments.
44. Added message 'No data for update when editing the group' in Dashboard > Groups.
45. Fixed bug in Dashboard > Block IP, which was leading to users blocking themselves.
46. Added message 'No selected options for migration' in Dashboard > Maintenance> Migration.
47. Added option 'Overwrite current system settings' in Dashboard > Maintenance> Migration, allowing for overwriting configured settings.
48. Removed dot in news identifier in the link to comments.
49. Adjusted displaying of a list of recent comments in Dashboard > Comments.
50. Fixed bug with saving configurations during the installation of CuteNews, now CuteNews is not trying to save a configuration when the user doesn't have rights to write to cdata.
51. Improved the work of CuteNews with paths during file operations in Windows.
52. Improved overall stability of the system.

v2.0.2 (2014, August 21)

Main improvements and enhancements:

1. For additional security, all news, comments and configurations are coded in base64.
2. Added migration from version 2.0.1 to 2.0.2. 
3. Fixed bugs appearing during migration from version 1.5.3. 
4. Fixed the functioning of the Preview button in the migration section.
5. Added error messages during migration.
6. Added an option of automatic generation of Page Aliases when news is added.
7. Added an option of disabling the standard comment system.
8. Added an option of controlling the maximum width of loaded images in Media manager.
9. In Dashboard > Categories, the checkboxes for adding and deleting categories are replaced with buttons.
10. Prohibited creation of duplicate categories.
11. Changed the algorithm for calculating Id for category.
12. Fixed banning of users.
13. In Dashboard > Groups, the checkboxes for deleting, resetting the system groups to the default value are replaced with buttons. The functions of adding and editing of groups are applied to different buttons.
14. Prohibited editing of rights in the admin and ban system groups. 
15. Adjusted the layout of templates in Dashboard > Templates.
16. Fixed the functioning of the [cat] tag.
17. Fixed the display style of the [quote] tag.
18. The Preview checkbox in Add News is replaced with a button.
19. Fixed the layout displaying preview in Add News. 
20. In Edit News, error messages redirecting to another page are replaced with pop-ups.
21. Fixed adding of images to Media manager via links.
22. Fixed the display of thumbnails in Media manager. 
23. Fixed the error of displaying pagination.
24. Fixed processing of indexes on Windows based servers.
25. Adjusted the display of text on the Delete comments button according to the number of comments.
26. Adjusted the layout on the example.php webpage.
27. Fixed the behavior of comment form after adding/editing of comments.
28. Fixed user authentication when logging in via comment form.
29. Fixed the account of group rights when user is working with comments.
30. Improved overall system stability.

v2.0.1 (2014, March 20)

Main improvements and enhancements:

1. Fixed HTML escaping;
2. Fixed date formatting (added the option to enter days of week in any language);
3. Updated the display of news items, improved pagination, fixed search form (the link to the news from the search is now working);
4. Fixed display of ID category in Integration Wizard;
5. Added the $ignore_rewrite option available for the news that doesn't require rewriting;
6. Added “smart” cutting of words via bb-tag [truncate=N]..[/truncate] (ignoring of HTML markup tags), counting of actual words;
7. XSS: tags from news are not cut out, except for "script" in various forms;
8. Fixed counting of active news items for pagination, old indexes are replaced with new ones, added sorting by tags;
9. Fixed CKFinder implementation, added a plug-in;
10. Added "Switch to html" mass action in News Listing;
11. Removed the "IP ban" counter in order for configuration not to return to its default value;
12. Fixed the Integration Wizard bug (which showed ")" at the end of the template);
13. Fixed the bug connected with the $template option which failed to work giving the default error;
14. Fixed thumbnails formation in the media gallery - now thumbs photos are displayed separately;
15. Added "anchor" in bb-tags to generate links in the format: id=<Id>#my_anchor ;
16. Added alphabetical sorting in the media gallery;
17. Removed "greed" of bb-tags capture ([link]...[/link] .... [link]...[/link] captured and formed only one link instead of two).

v2.0.0 (2013, May 12)

Main improvements and enhancements:
- The main difference between 2.0 and 1.5.x lies in the way of storing news items, users, and indexes.
  In 2.0, news items are accessed by indexes, since the indexes are stored in different files separated by date.
  News items are now stored in serialized form, which improves their security.
  
- The second important distinction of this version is that you can now create user groups, each of which can have its own set of
  permissions and can pass on those permissions to other groups.
  This means that when a user belongs to a group created by another user, they enjoy the privileges of the group they belong to.

- All system settings, including templates and categories, are stored in a single config file. All the settings stored in that file can be restored even if the file is deleted.
- Using REWRITE for URLs is now fully possible. Generation of human-readable URLs has now become one of the functions of the kernel.
- The media manager has been updated. It now supports subfolders and can do the following operations: delete, move, rename, create thumbnails.
- The administration panel has been redesigned. CKEditor has been updated. The inbuilt editor has been improved.
- The localization plug-in has been implemented. The user can now set the language manually, and there are separate language files.
- Cutenews 2.0 includes an experimental new plug-in (which can be accessed via 'include snippet.php'), which allows editing the website HTML code from the administration panel.
- The categories now have a hierarchical structure.
- There are now tags, and they can be used to filter content. There's also an inbuilt tag cloud.
- The plug-in for additional fields has been improved. You can now create fields of different type - for text, numbers, prices, and even files (images). Fields can also be grouped.

Other improvements:
- The overall efficiency of news output has been improved thanks to using indices and groups of indices.
- Backups are now saved in .zip format and can also be extracted from .zip archives.
- The plug-in for displaying latest comments in the administration panel has been added.
- User banning has been removed from the login form; however, to prevent password guessing, there's now a check for authorization frequency.
- The news listing now has a treelike structure, with selection by year and date. Also, category listing has been implemented.
- When editing news items, there's now an additional field called 'page alias', which is a unique field and is intended for the REWRITE plug-in.
- The button arrangement control for CkEditor has been updated in the system settings.
- The logging plug-in has been improved, and the system log is now separate from the user log.

v1.5.3 (2013, July 3)

- Fixed the issue of formatting an address from QUERY_STRING;
- Fixed the error with enable "rewrite module";
+ Added support of CuteNews-UTF8;
- Fixed compulsory conversion utf8 to html;
- Some deprecated functions are removed;
- Changed stripos to strpos;
- Function "set_error_handler" is supported by older versions of PHP;
- Changed the conversion table HTML_SPECIAL_CHARS to the codes UTF8 in html-entities;
- Fixed a bug with news previews;
- Fixed a bug with incorrect time set-up for postponed news and active news;
- While commenting there is a link to the commented news;
- Fixed an error in comments. An authorized user can't change own login;
+ Added some hook-places to the code;
+ Added the function of the testing of access for recording in files and folders (cn_selfcheck);
- Changed the design of System configurations, there are options radio-button/textarea/checkbox;
+ Added the migration script /migrate_to_latest.php, from the oldest to the recent versions;
- Fixed CAPTCHA code;
+ Added the code /cn_friendly_url that helps to use friendly url everywhere including url_slug instead of id;
+ Added Facebook like button and Twitter share button;
- Facebook comment / facebook like / twitter share are carried out to template variables {fb}, {fb-like}, {twitter};
- Fixed the checking of fields in the module Additional fields;
+ Added pagination disable option;
+ Added  forced width and height for news avatar;
- [link target=_blank]..[/link] и [full-link target=_blank]..[/full-link] is used for target in the tag <a>
- Fixed ID generation for active news and postponed date;
+ Added the module zip/unzip function for archives;
+ Improved the module /update_cutenews;
- CSRF is saved in /cdata/csrf.php;
- Control of social buttons through $soc_categories variable;
- Allowed image extensions and CKEditor panel setting are taken out to System Configuration.
- Fixed a bug of the checking of posponed id
+ Added the option of unlocking the CSRF checking

v1.5.2 (2013, January 29)

- Fixed XSS / PHP_SELF
- Executable PHP code in templates
- No input filter on backup name
- Faulty CSRF check in editnews
- Infinite loop of errors when ban file missing && Case-sensitive regexp for link check
- Escaping " for unban link && Input filter for | in IP ban
- Login Ban fixed
- Input filter in News Wizard
- News Preview: remove links
- Add preview function
- CSRF problem in image upload fixed
- Fixed image detection in image upload
- E-mails hidden by default
- Add checking "allow_url_fopen" option
- Improved install/update process

v1.5.1 (2013, January 24)

+ Added emoticon migration from emoticons folder
+ Added "Don't convert UTF8 symbols to HTML entities" field
+ Added user email change option
- Optimized database access speed, improved migration process
- Facebook localizations are now supported
- "Problem list" is now shown after migration completion
- Increased number of login attempts from IP
- Fixed several security issues: captcha, direct file access
- Improved Cutenews update process
- Fixed user search issue
- Existing email check during regsitration and editing
- Fixed post-migration issue with default configuration settings
- Fixed search issue

v1.5.0.7 beta (2012, September 25)

+ Add preview of news on add news in admin panel
+ Add hooks for Additional fields in template add/edit news
+ Add stripslashes for templates
+ Add more data for hook in core.php:template_replacer_news
+ Add "Deprecated message" at main panel
+ Add hook for bottom of active news
- Remove fv_serialize function
- Use user_add, user_update, user_search, user_delete insead b-tree operations with users file
- More compartible upgrade process from 1.4.7 version
- Wrap into hidden panel additional fields
- Function build_uri now uses $QUERY_STRING
- preg_split to explode: more stable splitting
- Fixed draft saving
- Fixed using PHP_SELF value
- Fixed pagination (also in archives)

v1.5.0.6 beta (2012, September 10)

+ Hook for CKEditor modification through plug-ins is added
+ The feature of changing the date of news publication is added
- Assortment of the news at the listing
- The news listing it's possible now to change a certain category by just a click
- Correction of mistakes while adding comments to the news
- Change of documentation and simplification of templates' editing
- Additional fields has become not obligatory field
- Fixed bug of the avatar from multi-category
- The bug that concerns editing the news category that is deleted has been fixed
- The XSS while editing additional fields for news is fixed
- There is a search by key words
+ Mod_rewrite is added for several section experimentally
+ The constructions {if $var}...{/if} and {if !$var}...{/if} are added to the template engine
+ After adding the news it is passed for editing

v1.5.0.5 beta (2012, August 28)

+ Modify Postponed news logic
- EOL is always transformed into BR while saving without visual editing program
- The tick 'Use html' is kept
+ Change of the appearance of administrative board: enlargement of the space on the left side
- The check up of the empty comments while archiving was deleted
+ Users logs are sorted by decrease
+ Option of users logs turning up
+ Option of compulsory turning up of UTF-8 on the site
+ The migration script has been changed: copying of all files non registering codepage excepting users/ipban (they are separate)
- Fix string truncation
+ Prospect posting

v1.5.0.4 beta (2012, August 24)

- Fix CSRF login window
+ Add IP checker for authenticated sessions
- Fix [link] $template var
- Fix bug showing list of news: users can view news which category is not allowed
- Fix bug: editor can't delete news without category
- Fix sort news bug
+ Security bug fix: anyone may delete users
- Remove deprecated function:over_tpl
+ Add styling for button in default.skin.tpl
+ Add gradient panel for admin
- Fix bug with table at editnews
- Change logic to show authors in editnews listing: using real author names
- Fix autologin, login cookies bug
+ Add safe redirects

v1.5.0.3 beta (2012, August 21)

+ Add print.php hack
+ Add Update function
- Remove /skins/images/Thumbs.db
- Remove db.fulltext.php
- Remove deprecated template skins/base_skin/images/quick.tpl
- Remove CKEditor unused language packets
- Remove default search template
+ Add reorder news in admin panel
- For authorized user disable enter passcode; for admin - disable captcha anyway
+ Add possibility to [edit]edit news[/edit] from news
- Fix discus thread [link]...[/link]
+ Add backup for news
- Refactor image module: fix wysiwyg insertion, fix preview
- Fix some warnings
+ Add $config_push_users for user kicks
- Fix user check existed status
+ Add version checker to main page
+ Add userlist imod
- Fix path disclosure in options.php:do_template
- Fix exit_cookies and send_cookies authorization
+ Use $GLOBALS in proc_tpl
+ Add to function proc_tpl language translation support
+ Add plugin manager
- Fix migration/installation bug
- Security fix for data section
- Fix: show "No category" in add/edit news
+ Add "no cache" headers

v1.5.0.2 beta (2012, August 20)

+ Add CSRF checking in images, archives, backup, personal, xfiels, massactions, comments
- Fix template error in backup
- Change 'cellpading' to 'cellpadding'
- Remove hooks.php from code, reason: unused
- Increase performance by using encrypted login session, remove weak CSRF checking
- Remove function check_login
+ Add .htaccess in installation process
- Move 'more fields' at news.txt db
- Shorten links

v1.5.0.1 beta (2012, August 16)

- Fix date formatting, add new fields {weekday}, {since}
+ Add the possibility of uploading images from server to CKEditor
- Fix bugs concerning removing comments, execution persmission status in admin panel, xss security: add allowed tags for iframe,object,param,embed
- Remove xss_strip deprecated function
+ Add [truncate=N]...[/truncate] possibility
+ Add linked categories hacks
+ Add possibility for adding options with plugins
- Don't allow posting urls in comments
- Fix UTF8 html encoding for comments only for the author/comment
- Fix bug concerning adding comment to broken link in comments.txt
- Fix installation bug
+ Added a field for selection of the XSS level
- Fix XSS in register.php
- Fix reflected cross site scripting in search.php, editnews, categories module
- Fix partial file disclosure $source in addnews, editnews, massaction
- Remove [link] bbcode from all cutenews codes
- Fix file Path Disclosure in search.php mktime in search.php
+ Add a XSS level "Total Filter" for disable all disallowed tags
- Fix CSRF with adding/editing users and categories: high vulnerable
- Fix PHP Code Injection for categories module
- Fix saving 'skin path' with invalid characters