Version 6.3 Build 452.8
SPECIAL NOTES ABOUT THIS UPDATE:
Build 452.8 is plug and play update . It includes a few fixes, some significant cleanup and some new features. If you are up-to-date with Wildcat! versions, this is essentially a plug and play update.
Changes, Fixes, New Features and Enhancements by Wildcat! Component
- NEW: Added Print Button for printing messages. - NEW: Added new sysop client for Web Server Similar to the user's web-based Personal Properties (Your Settings), a new web-based sysop client menu for adding sysop related operations is now available. It will look like so:The Sysop Menu is disabled by default. The administrator and/or Sysop only security access should only be provided. To enable, perform the following: 1) Using Explorer or using the DOS window, create the "Clients\Sysop Client" sub-folder. cd \wc6 md "clients\Sysop Client" 2) Start WCCONFIG and go to the Access Profiles. You can do this for any access profile, but of course, we only recommend doing this for the Administrator and maybe the Sysop profiles. Edit the profile and go to the the Clients options. You should see an unchecked entry for "Sysop Client". It will only appear if the folder was created in step 1. Toggle it so it has an X and save your configuration. Now you can login via the web as the administator account, and you should see the goto client option "Sysop Menu" in the list. If you don't see it, either you were already logged in and need to log off and come back in, or the account does not have adminstrator access. Currently, the sysop menu offers a General display of information. All other items do not have any action assigned to them. They can be provided by 3rd party developers or SSI may provide them in the future, or you can add actions yourself by following the framework as an example. See the http\template\sysopmenu.ini file to change the options. The following templates or files were added to support the sysop menu: http\template\sysopclient.htm http\template\sysopclient.css http\template\sysop_page_general.htm http\template\sysopmenu.inc http\template\sysopmenu.ini http\template\sysopmenu3p.ini http\images\c-sysop.gif If you want to add a direct link, the url would be: /client?sysop.wcn This will run the internal stock html-sysop.wcx which will verify security access so it is safe to run directly via a url. - ENH: Enhanced the security against tag injections on various URLS. This security fixes helps protect IE browsers who are vulnerable to tag injections unlike other browsers. Note: This is not security issue with the Wildcat! Web Server. This change only helps protect IE browsers. The fix will help address malicious sites using your Wildcat web sites as a referrer to echo back arguments which may redisplayed by some of the templates. See WCT note regarding @SUB and @GET - FIX: Fixed minor bug with "/login" alias url for mixed authentication methods. Using "/login" without parameters is designed to redirect to the login template "/public/login.wct" when cookies are enabled on both ends. When both BASIC/DIGEST and COOKIE login authentications are enabled and the user's browser has cookies disable, the "/login" url was attempting to use cookies and the "Warning: No Cookies" window appeared. This is now fixed by making sure the redirection to login.wct only takes place when an actual cookie is passed to the server. The "/login" url should behave like the following too direct urls: /login?mode=html /login?mode=client where it will detect the user has cookies disabled, and the server will fallback and using BASIC/DIGEST authentication.
WCPOP3 (Wildcat! POP3 Server)
- FIX: Fixed enabled/disabled POP3 Trace Log in 452.7 update. An attempt was made to enable trace logs on a per user basis but that logic was broken because the user is not known until after he logs in, creating partial on/off and random logging. This user trace logic attempt was removed. A future version will re-attempt this using a IP approach where the sysop desired to trace a particular user on a known IP for diagnostic purposes but doesn't want the trace enabled for everyone else.
WCT (Wildcat! Templates)
- CHG: @SUB vs @GET The two macro commands @SUB or @GET were basically the same action, with no different. Just semantics. In this update, the two have one distinct difference: @SUB - return the template value escaping any '<' and '>' characters. @GET - return the template value with no escaping. @GET should be used for internal variables where there is no security concern regarding outside tag injections. @SUB should be used otherwise.
WCBASIC (Wildcat! BASIC)
- FIX: Fixed the implicit import prototype for GetEffectiveFileAreaCount() The C/C++ WCSDK API header has the prototype: DWORD GetEffectiveFileAreaCount(DWORD group, DWORD flags); This was incorrected mapped to WCBASIC without the 2nd flags parameter: Function GetEffectiveFileAreaCount(group as integer) as integer In order to maintain backward compatibility with older WCX applications who might be using this function, the SDK required flags parameter is now optional in WCX. So it will work either ways in WCX applications: total = GetEffectiveFileAreaCount(0) // old total = GetEffectiveFileAreaCount(0,0) // new This is useful to determine the type of areas a user has access to by using the OBJECTFLAGS_FILEAREA_xxxxx bit flags. For example, to determine how many upload areas the user has access to, you can use this: total = GetEffectiveFileAreaCount(0,OBJECTFLAGS_FILEAREA_UPLOAD)
- NEW: Added Optional Logoff hook modules Similar to config\logon-hooks.txt, you can add optional log off hooks to a config\logoff-hooks.txt file contain a list WCX to run when the user initiates the log off process and before the user is logged off. Note 1: The difference between log off hooks and the already existing optional "PostCall.wcx" hook is that Postcall.wcx, if available, is called after the user is logged off. Log off hooks are run before the actual hangup so the user is still logged on when a hook is run. This effectively means, the global host User record is still active. Note 2: Logon and logoff hooks apply only to console sessions (Dialup and telnet).
- NEW: MP3 Information Extraction When MP3 files are uploaded, Wildcat! will automatically check for and extract the MP3 ID tag information and use this for the file short and long description. This works with the new supplied MP3INFO.EXE utility provided. It will be silently run after a MP3 file is uploaded to extract the information. The first line (title) is used for the short description. The first and remaining lines are used for the long description. The following info is extracted: Title: Artist: Album: Year: Genre: Comment:
- NEW: Added new file upload notification hook: NewFileNotify.wcx If this NewFileNotify.wcx exist, it will be called after the successful upload and file posting into a file area with the GlobalFileRecord containing the current file record successfully uploaded. This will allow for custom file notification applications to be developed. i.e, post a new file announcement in a particular mail area or mailing list, RSS, page someone, etc. The hook will work for the following hosting servers which offer file uploading: - Console Mode (Dialup or telnet) uploads - Web Mode uploads - Ftp Mode uplodas Note: This notification hook is different from the ScanFile WCX Hooks currently available for file uploads. With scanfile.wcx, it is called prior to posting the file record, allowing a change for scanfile implementations to abort the file process or make the file as failed. With newfilenotify.wcx, it is called after the file is successfully posted into the file areas. Overall, the model is framed as so: step 1: User begin to uploads a file. step 2: Before final posting, the optional ScanFile.wcx is run. Scanfile is only aware of the temporary file uploaded and stored in the temporary directory. If ScanFile sets GlobalResult=FALSE, the file record is marked FailedScan. step 3: The file is posted or aborted if the temp file no longer exist. Step 4: The new optional NewFileNotify.wcx is run.Example #1: Example of a NewFileNotify.wcx message post application:
The is a very simple example of a file notification messaging system
will most likely communicate with a network when the message conference
is shared using some networking protocol:
//
// post new file notification in sysop defined file area #36
//
#include "msgutil.wch"
dim msg as TMsgHeader
msg.conference = 36
if not GetSysopInfo(msg.conference, msg.From) then
msg.From.Name = "Wilcat! Notification"
end if
msg.to.name = "All"
Msg.Subject = "New File: "+ GlobalFileRecord.Name
msg.mailflags = mfNoDupeChecking
dim txt as string
txt = txt + "---------------------------------------\n"
txt = txt + "Date : @DATE@ @TIME.GMT@\n"
txt = txt + "File : @FILE.NAME@\n"
txt = txt + "Size : @FILE.SIZE@\n"
txt = txt + "Desc : @FILE.DESCRIPTION@\n"
txt = txt + "Area : @FILE.AREANAME@ (@FILE.AREANUMBER@)\n"
txt = txt + "Uploader: @FILE.UPLOADER@\n"
txt = txt + "---------------------------------------\n"
txt = txt + "\n"
txt = ExpandDisplayMacros(txt)
txt = subst(txt,"\n",chr(10))
AddMessage(msg,txt)
end
Example #2: Example of a NewFileNotify.wcx Mobile Page
The is a very simple example of a file notification mobile SMS page
to a specific mobile phone.
//
// Mobile page new file notification
// This works using the EMAIL TO SMS gateway most Mobile ISP
// support where the cell # and ISP domain is used together:
//
// example: your.cell.number@your.mobil.isp.domain
//
dim msg as TMsgHeader
msg.conference = 0
msg.From.Name = "Wilcat! Notification"
msg.to.name = 3051234567@txt.att.net
Msg.Subject = "New File: "+ GlobalFileRecord.Name
msg.mailflags = mfNoDupeChecking
AddMessage(msg,"")
end
Of course, for high volume upload systems, using a mobile page
notification like the above would be somewhat overwhelming. But the
basic idea is that it can be done via easily, and your custom logic
can be employed. i.e, only page for certain file uploads.
WCSERVER (Wildcat! Server)
- ENH: The server create directory WCSDK API function WcCreateDirectory() will now recursively create the full path. This includes the wcBASIC MakeDirectory() function: Function MakeDirectory(byval dir as string) as Boolean