Now I upgrade this blog to MT 4.31. The release notes said some security issue and improvement.
Minor Security Issue with Entry / Archive Pagination in MT 4.3
With the addition of entry pagination via search, we introduced the possibility of a user viewing a template that might show PHP/ASP code that was not designed to be viewed by the end user and couldn't be executed. Although there are ways to run PHP under CGI, we put the following barriers in place:
1. Only allow the template_id parameter when the archive_type parameter exists.
2. Force the template being used to match the archive type (e.g. if you're trying to paginate category archives, the template you're using has to be one that is producing category archives).
3. Not allow the use of the template_id parameter when the extension is php or asp.
4. Created a config directive (SearchAlwaysAllowTemplateID) that would always allow the use of template_id.
Linked assets widget on edit entry screen not localized
Localized the text in the entry asset widget.
Error in Movable Type 4.3 on rebuild or comment submission "Metadata allow_anon_recommend on MT::Blog not found"
Fixed an issue where you would see the error "Metadata allow_anon_recommend on MT::Blog not found" in various points of the app.
Poor thumbnail image quality using GD
Improve quality of image thumbnails when using GD by creating them as 24-bit color images instead of 8-bit.
MTIfArchiveEnabled tag returns true for archive mappings set to "Do Not Publish"
The mt:IfArchiveTypeEnabled tag now does not return true for archive mappings set to "Do Not Publish"
Not all system templates set system_template MT variable
Fixed a bug where not all system templates set the the system_template variable.
non-superuser editing in system-wide Comments listing
Fixed an issue where non-superusers could see all of the blogs in the global comment listing. Now, only superusers can see them all.
Pagination of Entries includes Pages when viewing dynamically
When using the search-based entry pagination, MT Pages were being included. We've fixed this.
Image assets tags not working with custom fields or without it
When using custom fields in conjunction with entry assets in MT 4.3 Pro, you would lose the entry-asset association on entry save. This bug has been fixed.
MT4.3 mt.js does not respect the CommentScript config directive and causes the dynamic comment listing to fail
Removed some hard-coded references to mt-comments.cgi in mt.js. It now properly uses the CommentScript tag.
Registry corruption caused by MT::Worker::SummaryWatcher
Added a patch to avoid registry corruption caused by MT::Worker::SummaryWatcher. (Thanks Reed!)
Comment Author Link Returns 404 Instead of Linking To Author Page in Community Template Set
Fixed an issue where the profile_view_url variable was not being passed to any page of comments after the first one (in the Community template set).
Unsaved entry preview loses asset association
Fixed a bug where asset associations in an unsaved entry were lost after previewing and returning to edit the entry.
Leave a comment