Version 6.3 Build 452.8


Build 452.8 is plug and play update . It includes a few fixes, some significant cleanup and some new features.  If you are up-to-date with Wildcat! versions, this is essentially a plug and play update.


Changes, Fixes, New Features and Enhancements by Wildcat! Component  

WCWEB (Wildcat! Web Server)

- NEW: Added Print Button for printing messages.

- NEW: Added new sysop client for Web Server

  Similar to the user's web-based Personal Properties (Your Settings), a
  new web-based sysop client menu for adding sysop related operations
  is now available.  It will look like so:


  The Sysop Menu is disabled by default. The administrator and/or Sysop
  only security access should only be provided.

  To enable, perform the following:

  1) Using Explorer or using the DOS window, create the
     "Clients\Sysop Client" sub-folder.

     cd \wc6
     md "clients\Sysop Client"

  2) Start WCCONFIG and go to the Access Profiles.

     You can do this for any access profile, but of course, we only
     recommend doing this for the Administrator and maybe the Sysop
     profiles. Edit the profile and go to the the Clients options.

     You should see an unchecked entry for "Sysop Client".  It will
     only appear if the folder was created in step 1.

     Toggle it so it has an X and save your configuration.

  Now you can login via the web as the administator account, and you
  should see the goto client option "Sysop Menu" in the list.  If you
  don't see it, either you were already logged in and need to log off
  and come back in, or the account does not have adminstrator access.

  Currently, the sysop menu offers a General display of information. All
  other items do not have any action assigned to them.  They can be
  provided by 3rd party developers or SSI may provide them in the
  future, or you can add actions yourself by following the framework as
  an example.  See the http\template\sysopmenu.ini file to change the

  The following templates or files were added to support the sysop menu:


  If you want to add a direct link, the url would be:


  This will run the internal stock html-sysop.wcx which will verify
  security access so it is safe to run directly via a url.

- ENH: Enhanced the security against tag injections on various URLS.

  This security fixes helps protect IE browsers who are vulnerable to
  tag injections unlike other browsers.

  Note: This is not security issue with the Wildcat! Web Server. This
  change only helps protect IE browsers. The fix will help address
  malicious sites using your Wildcat web sites as a referrer to echo
  back arguments which may redisplayed by some of the templates.  See
  WCT note regarding @SUB and @GET

- FIX: Fixed minor bug with "/login" alias url for mixed authentication methods.

  Using "/login" without parameters is designed to redirect to the login
  template "/public/login.wct" when cookies are enabled on both ends.

  When both BASIC/DIGEST and COOKIE login authentications are enabled and the
  user's browser has cookies disable, the "/login" url was attempting to use
  cookies and the "Warning: No Cookies" window appeared.  This is now fixed
  by making sure the redirection to login.wct only takes place when an actual
  cookie is passed to the server.

  The "/login" url should behave like the following too direct urls:


  where it will detect the user has cookies disabled, and the server will
  fallback and using BASIC/DIGEST authentication.

WCPOP3 (Wildcat! POP3 Server)

- FIX: Fixed enabled/disabled POP3 Trace Log in 452.7 update.

  An attempt was made to enable trace logs on a per user basis but
  that logic was broken because the user is not known until after
  he logs in, creating partial on/off and random logging.  This
  user trace logic attempt was removed.  A future version will
  re-attempt this using a IP approach where the sysop desired
  to trace a particular user on a known IP for diagnostic purposes
  but doesn't want the trace enabled for everyone else.

WCT (Wildcat! Templates)

- CHG: @SUB vs @GET

  The two macro commands @SUB or @GET were basically the same action, with
  no different. Just semantics.

  In this update, the two have one distinct difference:

      @SUB  - return the template value escaping any '<' and '>' characters.
      @GET  - return the template value with no escaping.

  @GET should be used for internal variables where there is no security concern
  regarding outside tag injections.  @SUB should be used otherwise.


- FIX: Fixed the implicit import prototype for GetEffectiveFileAreaCount()

  The C/C++ WCSDK API header has the prototype:

     DWORD GetEffectiveFileAreaCount(DWORD group, DWORD flags);

  This was incorrected mapped to WCBASIC without the 2nd flags parameter:

     Function GetEffectiveFileAreaCount(group as integer) as integer

  In order to maintain backward compatibility with older WCX
  applications who might be using this function, the SDK required flags
  parameter is now optional in WCX. So it will work either ways in WCX

      total = GetEffectiveFileAreaCount(0)     // old
      total = GetEffectiveFileAreaCount(0,0)   // new

  This is useful to determine the type of areas a user has access to by
  using the OBJECTFLAGS_FILEAREA_xxxxx bit flags. For example, to determine
  how many upload areas the user has access to, you can use this:

      total = GetEffectiveFileAreaCount(0,OBJECTFLAGS_FILEAREA_UPLOAD)

- NEW: Added Optional Logoff hook modules

  Similar to config\logon-hooks.txt, you can add optional log off hooks
  to a config\logoff-hooks.txt file contain a list WCX to run when the
  user initiates the log off process and before the user is logged off.

  Note 1: The difference between log off hooks and the already existing
  optional "PostCall.wcx" hook is that Postcall.wcx, if available, is
  called after the user is logged off. Log off hooks are run before the
  actual hangup so the user is still logged on when a hook is run.  This
  effectively means, the global host User record is still active.

  Note 2: Logon and logoff hooks apply only to console sessions (Dialup
  and telnet).

- NEW: MP3 Information Extraction

  When MP3 files are uploaded, Wildcat! will automatically check for and
  extract the MP3 ID tag information and use this for the file short and
  long description.  This works with the new supplied MP3INFO.EXE
  utility provided.  It will be silently run after a MP3 file is
  uploaded to extract the information.  The first line (title) is used
  for the short description.  The first and remaining lines are used for
  the long description.  The following info is extracted:


- NEW: Added new file upload notification hook: NewFileNotify.wcx

  If this NewFileNotify.wcx exist, it will be called after the
  successful upload and file posting into a file area with the
  GlobalFileRecord containing the current file record successfully
  uploaded.   This will allow for custom file notification applications
  to be developed. i.e, post a new file announcement in a particular
  mail area or mailing list, RSS, page someone, etc.

  The hook will work for the following hosting servers which offer
  file uploading:

  - Console Mode (Dialup or telnet) uploads
  - Web Mode uploads
  - Ftp Mode uplodas


  This notification hook is different from the ScanFile WCX Hooks
  currently available for file uploads.

  With scanfile.wcx, it is called prior to posting the file record,
  allowing a change for scanfile implementations to abort the file
  process or make the file as failed.

  With newfilenotify.wcx, it is called after the file is successfully
  posted into the file areas.

  Overall, the model is framed as so:

  step 1: User begin to uploads a file.

  step 2: Before final posting, the optional ScanFile.wcx is run.

          Scanfile is only aware of the temporary file uploaded and
          stored in the temporary directory.  If ScanFile sets
          GlobalResult=FALSE, the file record is marked FailedScan.

  step 3: The file is posted or aborted if the temp file no longer

  Step 4: The new optional NewFileNotify.wcx is run.

Example #1: Example of a NewFileNotify.wcx message post application:

   The is a very simple example of a file notification messaging system
   will most likely communicate with a network when the message conference
   is shared using some networking protocol:

   // post new file notification in sysop defined file area #36

   #include "msgutil.wch"

   dim msg as TMsgHeader
   msg.conference = 36
   if not GetSysopInfo(msg.conference, msg.From) then
      msg.From.Name  = "Wilcat! Notification"
   end if    = "All"
   Msg.Subject    = "New File: "+ GlobalFileRecord.Name
   msg.mailflags  = mfNoDupeChecking

   dim txt as string

   txt = txt + "---------------------------------------\n"
   txt = txt + "Date    : @DATE@ @TIME.GMT@\n"
   txt = txt + "File    : @FILE.NAME@\n"
   txt = txt + "Size    : @FILE.SIZE@\n"
   txt = txt + "Desc    : @FILE.DESCRIPTION@\n"
   txt = txt + "Area    : @FILE.AREANAME@ (@FILE.AREANUMBER@)\n"
   txt = txt + "Uploader: @FILE.UPLOADER@\n"
   txt = txt + "---------------------------------------\n"
   txt = txt + "\n"

   txt = ExpandDisplayMacros(txt)
   txt = subst(txt,"\n",chr(10))


Example #2: Example of a NewFileNotify.wcx Mobile Page

   The is a very simple example of a file notification mobile SMS page
   to a specific mobile phone.

   // Mobile page new file notification
   // This works using the EMAIL TO SMS gateway most Mobile ISP
   // support where the cell # and ISP domain is used together:
   // example:  your.cell.number@your.mobil.isp.domain

   dim msg as TMsgHeader
   msg.conference = 0
   msg.From.Name  = "Wilcat! Notification"    =
   Msg.Subject    = "New File: "+ GlobalFileRecord.Name
   msg.mailflags  = mfNoDupeChecking

   Of course, for high volume upload systems, using a mobile page
   notification like the above would be somewhat overwhelming. But the
   basic idea is that it can be done via easily, and your custom logic
   can be employed.  i.e, only page for certain file uploads.

WCSERVER (Wildcat! Server)

- ENH: The server create directory WCSDK API function WcCreateDirectory()
       will now recursively create the full path. This includes the
       wcBASIC MakeDirectory() function:

       Function MakeDirectory(byval dir as string) as Boolean