Version 6.3 Build 452.8
SPECIAL NOTES ABOUT THIS UPDATE:
Build 452.8 is plug and play update . It includes a few fixes, some
significant cleanup and some new features. If you are
up-to-date with Wildcat! versions, this is essentially a plug and play
update.
SEE SPECIAL UPGRADE NOTES
Changes, Fixes, New Features and Enhancements by Wildcat! Component
WCWEB (Wildcat! Web Server)
- NEW: Added Print Button for printing messages.
- NEW: Added new sysop client for Web Server
Similar to the user's web-based Personal Properties (Your Settings), a
new web-based sysop client menu for adding sysop related operations
is now available. It will look like so:
The Sysop Menu is disabled by default. The administrator and/or Sysop
only security access should only be provided.
To enable, perform the following:
1) Using Explorer or using the DOS window, create the
"Clients\Sysop Client" sub-folder.
cd \wc6
md "clients\Sysop Client"
2) Start WCCONFIG and go to the Access Profiles.
You can do this for any access profile, but of course, we only
recommend doing this for the Administrator and maybe the Sysop
profiles. Edit the profile and go to the the Clients options.
You should see an unchecked entry for "Sysop Client". It will
only appear if the folder was created in step 1.
Toggle it so it has an X and save your configuration.
Now you can login via the web as the administator account, and you
should see the goto client option "Sysop Menu" in the list. If you
don't see it, either you were already logged in and need to log off
and come back in, or the account does not have adminstrator access.
Currently, the sysop menu offers a General display of information. All
other items do not have any action assigned to them. They can be
provided by 3rd party developers or SSI may provide them in the
future, or you can add actions yourself by following the framework as
an example. See the http\template\sysopmenu.ini file to change the
options.
The following templates or files were added to support the sysop menu:
http\template\sysopclient.htm
http\template\sysopclient.css
http\template\sysop_page_general.htm
http\template\sysopmenu.inc
http\template\sysopmenu.ini
http\template\sysopmenu3p.ini
http\images\c-sysop.gif
If you want to add a direct link, the url would be:
/client?sysop.wcn
This will run the internal stock html-sysop.wcx which will verify
security access so it is safe to run directly via a url.
- ENH: Enhanced the security against tag injections on various URLS.
This security fixes helps protect IE browsers who are vulnerable to
tag injections unlike other browsers.
Note: This is not security issue with the Wildcat! Web Server. This
change only helps protect IE browsers. The fix will help address
malicious sites using your Wildcat web sites as a referrer to echo
back arguments which may redisplayed by some of the templates. See
WCT note regarding @SUB and @GET
- FIX: Fixed minor bug with "/login" alias url for mixed authentication methods.
Using "/login" without parameters is designed to redirect to the login
template "/public/login.wct" when cookies are enabled on both ends.
When both BASIC/DIGEST and COOKIE login authentications are enabled and the
user's browser has cookies disable, the "/login" url was attempting to use
cookies and the "Warning: No Cookies" window appeared. This is now fixed
by making sure the redirection to login.wct only takes place when an actual
cookie is passed to the server.
The "/login" url should behave like the following too direct urls:
/login?mode=html
/login?mode=client
where it will detect the user has cookies disabled, and the server will
fallback and using BASIC/DIGEST authentication.
WCPOP3 (Wildcat! POP3 Server)
- FIX: Fixed enabled/disabled POP3 Trace Log in 452.7 update.
An attempt was made to enable trace logs on a per user basis but
that logic was broken because the user is not known until after
he logs in, creating partial on/off and random logging. This
user trace logic attempt was removed. A future version will
re-attempt this using a IP approach where the sysop desired
to trace a particular user on a known IP for diagnostic purposes
but doesn't want the trace enabled for everyone else.
WCT (Wildcat! Templates)
- CHG: @SUB vs @GET
The two macro commands @SUB or @GET were basically the same action, with
no different. Just semantics.
In this update, the two have one distinct difference:
@SUB - return the template value escaping any '<' and '>' characters.
@GET - return the template value with no escaping.
@GET should be used for internal variables where there is no security concern
regarding outside tag injections. @SUB should be used otherwise.
WCBASIC (Wildcat! BASIC)
- FIX: Fixed the implicit import prototype for GetEffectiveFileAreaCount()
The C/C++ WCSDK API header has the prototype:
DWORD GetEffectiveFileAreaCount(DWORD group, DWORD flags);
This was incorrected mapped to WCBASIC without the 2nd flags parameter:
Function GetEffectiveFileAreaCount(group as integer) as integer
In order to maintain backward compatibility with older WCX
applications who might be using this function, the SDK required flags
parameter is now optional in WCX. So it will work either ways in WCX
applications:
total = GetEffectiveFileAreaCount(0) // old
total = GetEffectiveFileAreaCount(0,0) // new
This is useful to determine the type of areas a user has access to by
using the OBJECTFLAGS_FILEAREA_xxxxx bit flags. For example, to determine
how many upload areas the user has access to, you can use this:
total = GetEffectiveFileAreaCount(0,OBJECTFLAGS_FILEAREA_UPLOAD)
- NEW: Added Optional Logoff hook modules
Similar to config\logon-hooks.txt, you can add optional log off hooks
to a config\logoff-hooks.txt file contain a list WCX to run when the
user initiates the log off process and before the user is logged off.
Note 1: The difference between log off hooks and the already existing
optional "PostCall.wcx" hook is that Postcall.wcx, if available, is
called after the user is logged off. Log off hooks are run before the
actual hangup so the user is still logged on when a hook is run. This
effectively means, the global host User record is still active.
Note 2: Logon and logoff hooks apply only to console sessions (Dialup
and telnet).
- NEW: MP3 Information Extraction
When MP3 files are uploaded, Wildcat! will automatically check for and
extract the MP3 ID tag information and use this for the file short and
long description. This works with the new supplied MP3INFO.EXE
utility provided. It will be silently run after a MP3 file is
uploaded to extract the information. The first line (title) is used
for the short description. The first and remaining lines are used for
the long description. The following info is extracted:
Title:
Artist:
Album:
Year:
Genre:
Comment:
- NEW: Added new file upload notification hook: NewFileNotify.wcx
If this NewFileNotify.wcx exist, it will be called after the
successful upload and file posting into a file area with the
GlobalFileRecord containing the current file record successfully
uploaded. This will allow for custom file notification applications
to be developed. i.e, post a new file announcement in a particular
mail area or mailing list, RSS, page someone, etc.
The hook will work for the following hosting servers which offer
file uploading:
- Console Mode (Dialup or telnet) uploads
- Web Mode uploads
- Ftp Mode uplodas
Note:
This notification hook is different from the ScanFile WCX Hooks
currently available for file uploads.
With scanfile.wcx, it is called prior to posting the file record,
allowing a change for scanfile implementations to abort the file
process or make the file as failed.
With newfilenotify.wcx, it is called after the file is successfully
posted into the file areas.
Overall, the model is framed as so:
step 1: User begin to uploads a file.
step 2: Before final posting, the optional ScanFile.wcx is run.
Scanfile is only aware of the temporary file uploaded and
stored in the temporary directory. If ScanFile sets
GlobalResult=FALSE, the file record is marked FailedScan.
step 3: The file is posted or aborted if the temp file no longer
exist.
Step 4: The new optional NewFileNotify.wcx is run.
Example #1: Example of a NewFileNotify.wcx message post application:
The is a very simple example of a file notification messaging system
will most likely communicate with a network when the message conference
is shared using some networking protocol:
//
// post new file notification in sysop defined file area #36
//
#include "msgutil.wch"
dim msg as TMsgHeader
msg.conference = 36
if not GetSysopInfo(msg.conference, msg.From) then
msg.From.Name = "Wilcat! Notification"
end if
msg.to.name = "All"
Msg.Subject = "New File: "+ GlobalFileRecord.Name
msg.mailflags = mfNoDupeChecking
dim txt as string
txt = txt + "---------------------------------------\n"
txt = txt + "Date : @DATE@ @TIME.GMT@\n"
txt = txt + "File : @FILE.NAME@\n"
txt = txt + "Size : @FILE.SIZE@\n"
txt = txt + "Desc : @FILE.DESCRIPTION@\n"
txt = txt + "Area : @FILE.AREANAME@ (@FILE.AREANUMBER@)\n"
txt = txt + "Uploader: @FILE.UPLOADER@\n"
txt = txt + "---------------------------------------\n"
txt = txt + "\n"
txt = ExpandDisplayMacros(txt)
txt = subst(txt,"\n",chr(10))
AddMessage(msg,txt)
end
Example #2: Example of a NewFileNotify.wcx Mobile Page
The is a very simple example of a file notification mobile SMS page
to a specific mobile phone.
//
// Mobile page new file notification
// This works using the EMAIL TO SMS gateway most Mobile ISP
// support where the cell # and ISP domain is used together:
//
// example: your.cell.number@your.mobil.isp.domain
//
dim msg as TMsgHeader
msg.conference = 0
msg.From.Name = "Wilcat! Notification"
msg.to.name = 3051234567@txt.att.net
Msg.Subject = "New File: "+ GlobalFileRecord.Name
msg.mailflags = mfNoDupeChecking
AddMessage(msg,"")
end
Of course, for high volume upload systems, using a mobile page
notification like the above would be somewhat overwhelming. But the
basic idea is that it can be done via easily, and your custom logic
can be employed. i.e, only page for certain file uploads.
WCSERVER (Wildcat! Server)
- ENH: The server create directory WCSDK API function WcCreateDirectory()
will now recursively create the full path. This includes the
wcBASIC MakeDirectory() function:
Function MakeDirectory(byval dir as string) as Boolean