CuteNews is a FREE, powerful and easy-to-use news management system based on flat files as a storage with search function, file upload management, backup & restore, IP banning, flood protection and many more. Moreover Cutenews is UTF-8 fully compatible system.
View project on GitHub Download Cute News 1.5.3 zip (593 Kb)
- Fixed XSS / PHP_SELF - Executable PHP code in templates - No input filter on backup name - Faulty CSRF check in editnews - Infinite loop of errors when ban file missing && Case-sensitive regexp for link check - Escaping " for unban link && Input filter for | in IP ban - Login Ban fixed - Input filter in News Wizard - News Preview: remove links - Add preview function - CSRF problem in image upload fixed - Fixed image detection in image upload - E-mails hidden by default - Add checking "allow_url_fopen" option - Improved install/update process
+ Added emoticon migration from emoticons folder + Added "Don't convert UTF8 symbols to HTML entities" field + Added user email change option - Optimized database access speed, improved migration process - Facebook localizations are now supported - "Problem list" is now shown after migration completion - Increased number of login attempts from IP - Fixed several security issues: captcha, direct file access - Improved Cutenews update process - Fixed user search issue - Existing email check during regsitration and editing - Fixed post-migration issue with default configuration settings - Fixed search issue
+ Add preview of news on add news in admin panel + Add hooks for Additional fields in template add/edit news + Add stripslashes for templates + Add more data for hook in core.php:template_replacer_news + Add "Deprecated message" at main panel + Add hook for bottom of active news - Remove fv_serialize function - Use user_add, user_update, user_search, user_delete insead b-tree operations with users file - More compartible upgrade process from 1.4.7 version - Wrap into hidden panel additional fields - Function build_uri now uses $QUERY_STRING - preg_split to explode: more stable splitting - Fixed draft saving - Fixed using PHP_SELF value - Fixed pagination (also in archives)
+ Hook for CKEditor modification through plug-ins is added
+ The feature of changing the date of news publication is added
- Assortment of the news at the listing
- The news listing it's possible now to change a certain category by just a click
- Correction of mistakes while adding comments to the news
- Change of documentation and simplification of templates' editing
- Additional fields has become not obligatory field
- Fixed bug of the avatar from multi-category
- The bug that concerns editing the news category that is deleted has been fixed
- The XSS while editing additional fields for news is fixed
- There is a search by key words
+ Mod_rewrite is added for several section experimentally
+ The constructions {if $var}...{/if} and {if !$var}...{/if} are added to the template engine
+ After adding the news it is passed for editing
+ Modify Postponed news logic - EOL is always transformed into BR while saving without visual editing program - The tick 'Use html' is kept + Change of the appearance of administrative board: enlargement of the space on the left side - The check up of the empty comments while archiving was deleted + Users logs are sorted by decrease + Option of users logs turning up + Option of compulsory turning up of UTF-8 on the site + The migration script has been changed: copying of all files non registering codepage excepting users/ipban (they are separate) - Fix string truncation + Prospect posting
- Fix CSRF login window + Add IP checker for authenticated sessions - Fix [link] $template var - Fix bug showing list of news: users can view news which category is not allowed - Fix bug: editor can't delete news without category - Fix sort news bug + Security bug fix: anyone may delete users - Remove deprecated function:over_tpl + Add styling for button in default.skin.tpl + Add gradient panel for admin - Fix bug with table at editnews - Change logic to show authors in editnews listing: using real author names - Fix autologin, login cookies bug + Add safe redirects
+ Add print.php hack + Add Update function - Remove /skins/images/Thumbs.db - Remove db.fulltext.php - Remove deprecated template skins/base_skin/images/quick.tpl - Remove CKEditor unused language packets - Remove default search template + Add reorder news in admin panel - For authorized user disable enter passcode; for admin - disable captcha anyway + Add possibility to [edit]edit news[/edit] from news - Fix discus thread [link]...[/link] + Add backup for news - Refactor image module: fix wysiwyg insertion, fix preview - Fix some warnings + Add $config_push_users for user kicks - Fix user check existed status + Add version checker to main page + Add userlist imod - Fix path disclosure in options.php:do_template - Fix exit_cookies and send_cookies authorization + Use $GLOBALS in proc_tpl + Add to function proc_tpl language translation support + Add plugin manager - Fix migration/installation bug - Security fix for data section - Fix: show "No category" in add/edit news + Add "no cache" headers
+ Add CSRF checking in images, archives, backup, personal, xfiels, massactions, comments - Fix template error in backup - Change 'cellpading' to 'cellpadding' - Remove hooks.php from code, reason: unused - Increase performance by using encrypted login session, remove weak CSRF checking - Remove function check_login + Add .htaccess in installation process - Move 'more fields' at news.txt db - Shorten links
- Fix date formatting, add new fields {weekday}, {since}
+ Add the possibility of uploading images from server to CKEditor
- Fix bugs concerning removing comments, execution persmission status in admin panel, xss security: add allowed tags for iframe,object,param,embed
- Remove xss_strip deprecated function
+ Add [truncate=N]...[/truncate] possibility
+ Add linked categories hacks
+ Add possibility for adding options with plugins
- Don't allow posting urls in comments
- Fix UTF8 html encoding for comments only for the author/comment
- Fix bug concerning adding comment to broken link in comments.txt
- Fix installation bug
+ Added a field for selection of the XSS level
- Fix XSS in register.php
- Fix reflected cross site scripting in search.php, editnews, categories module
- Fix partial file disclosure $source in addnews, editnews, massaction
- Remove [link] bbcode from all cutenews codes
- Fix file Path Disclosure in search.php mktime in search.php
+ Add a XSS level "Total Filter" for disable all disallowed tags
- Fix CSRF with adding/editing users and categories: high vulnerable
- Fix PHP Code Injection for categories module
- Fix saving 'skin path' with invalid characters
